Asp Forum - LDAP authentication in Windows 2003 AD

Damjan Rems

10/24/2008 10:30:00 AM

I am trying to authenticate user against Windows 2003 AD. This is what I
have found so far, but what ever I do I get error:
#<LDAP::ResultError: Invalid credentials>

This is my source code, which I picked sowhere on net:
-------------------------------------
require "ldap"
# Provides access to authenticate user from LDAP using the user provided
# user name and password
class MyLDAP < LDAP::Conn
BASE_DN = "dc=mydomain,dc=com"
PEOPLE_DN = "ou=users,dc=mydomain,dc=com"
LDAP_HOST = "mydc"
LDAP_PORT = 389
PROTOCOL_VERSION = 3
# sets up connection to LDAP server
def initialize (host = LDAP_HOST, version = PROTOCOL_VERSION)
super( host, LDAP_PORT )
set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, version )
return self
end
# Bind with the user supplied information
def bind(mydn, pass)
dn = "uid=" + mydn + "," + PEOPLE_DN
super( dn, pass )
end
end

#** user.rb **
# Takes user login name and password and connects to LDAP
def login(login, password)
if password == ''
return false
end
begin
conn = MyLDAP.new.bind(login, password)
rescue => e
puts e.inspect
return false
end
return conn.bound?
conn.unbind
end

puts login('myusr','mypwd')
---------------------------------

Is there anything that needs to bo be set on Windows server?

Help please.

by
TheR
--
Posted via http://www.ruby-....

15 Answers

Brian Candler

10/24/2008 11:03:00 AM

Suggestion: first eliminate Ruby from the equation, by getting an
"ldapsearch" command line to bind successfully to your Windows LDAP
server.

If you have problems here, you will be able to go to a
Windows/AD-specific forum, who will know about LDAP but not about Ruby.

Once you have this working, it should be straightforward to port the
ldapsearch command line to the corresponding Ruby API calls.
--
Posted via http://www.ruby-....

Damjan Rems

10/24/2008 11:53:00 AM

Brian Candler wrote:
> Suggestion: first eliminate Ruby from the equation, by getting an
> "ldapsearch" command line to bind successfully to your Windows LDAP
> server.

Could you post some simple quick query how to do it. Net is full of very
complicated examples.

by
TheR
--
Posted via http://www.ruby-....

F. Senault

10/24/2008 12:14:00 PM

Le 24 octobre à 13:53, Damjan Rems a écrit :

> Brian Candler wrote:
>> Suggestion: first eliminate Ruby from the equation, by getting an
>> "ldapsearch" command line to bind successfully to your Windows LDAP
>> server.
>
> Could you post some simple quick query how to do it. Net is full of very
> complicated examples.

Well, it's not always simple. With an OpenLDAP setup :

ldapsearch -x # simple bind
-W # ask for pwd
-P3 # LDAPv3
-H'ldap://vodka/' # ldap url
-b'dc=mims,dc=be' # root
-D'cn=fred,ou=users,ou=liege,dc=mims,dc=be' # bind user
-s'subtree' # scope
cn=fred # search string
cn # attributes

You may have to tweak the authentification options, though.

(I believe you can install OpenLDAP ldapsearch on windows boxen,
probably with cygwin.)

Fred
--
I remember when everybody posted to Usenet with their real, deliverable
e-mail address. Of all the sins committed by the spammers, destroying
the viability of the open Internet was the worst.
(Shmuel (Seymour J.) Metz in NANAE)

Glen Holcomb

10/24/2008 1:27:00 PM

On Fri, Oct 24, 2008 at 6:15 AM, F. Senault <fred@lacave.net> wrote:

> Le 24 octobre =E0 13:53, Damjan Rems a =E9crit :
>
> > Brian Candler wrote:
> >> Suggestion: first eliminate Ruby from the equation, by getting an
> >> "ldapsearch" command line to bind successfully to your Windows LDAP
> >> server.
> >
> > Could you post some simple quick query how to do it. Net is full of ver=
y
> > complicated examples.
>
> Well, it's not always simple. With an OpenLDAP setup :
>
> ldapsearch -x # simple bind
> -W # ask for pwd
> -P3 # LDAPv3
> -H'ldap://vodka/' # ldap url
> -b'dc=3Dmims,dc=3Dbe' # root
> -D'cn=3Dfred,ou=3Dusers,ou=3Dliege,dc=3Dmims,dc=3Dbe' # bind us=
er
> -s'subtree' # scope
> cn=3Dfred # search string
> cn # attributes
>
> You may have to tweak the authentification options, though.
>
> (I believe you can install OpenLDAP ldapsearch on windows boxen,
> probably with cygwin.)
>
> Fred
> --
> I remember when everybody posted to Usenet with their real, deliverable
> e-mail address. Of all the sins committed by the spammers, destroying
> the viability of the open Internet was the worst.
> (Shmuel (Seymour J.) Metz in NANAE)
>
>
I was having trouble authenticating against 2003 in the past. I fixed it b=
y
submitting the full email address for the account as the login. I believe
it has to be in the form of username@full.dc.list

--=20
"Hey brother Christian with your high and mighty errand, Your actions speak
so loud, I can't hear a word you're saying."

-Greg Graffin (Bad Religion)

brabuhr

10/24/2008 2:26:00 PM

On Fri, Oct 24, 2008 at 9:26 AM, Glen Holcomb <damnbigman@gmail.com> wrote:
> I was having trouble authenticating against 2003 in the past. I fixed it by
> submitting the full email address for the account as the login. I believe
> it has to be in the form of username@full.dc.list

(Technically not email address, but UPN; which is generally what I use
instead of DN when working in AD-land.) I don't have the net-ldap
code I am currently using handy, but here was an older example with
ruby-ldap:

http://www.nabble.com/Re:-Rails-and-Windows-Active-Directory-Authentication--p30...

In that code, it was expected that the username was the user's AD UPN.

Damjan Rems

10/28/2008 1:44:00 PM

And then in a desperate attempt (when I was searching for something
completly different) I stumbelt upon this:

------------------------------------------
gem install ruby-net-ldap

require 'rubygems'
require 'net/ldap'

ldap = Net::LDAP.new
ldap.host = 'mydc'
ldap.port = 389
ldap.auth "usr@domain.com", "pwd"
if ldap.bind
p 'authentication succeeded'
else
p ' authentication failed'
end
-------------------------------------------

and it works.

by
TheR
--
Posted via http://www.ruby-....

Glen Holcomb

10/28/2008 1:56:00 PM

[Note: parts of this message were removed to make it a legal post.]

Sorry Damjan, I didn't read your first message closely enough. Had I
noticed you weren't using net-ldap I would have suggested you do so. It
works great for me with all things AD and LDAP (all things I've done
anyway).

On Tue, Oct 28, 2008 at 7:43 AM, Damjan Rems <d_rems@yahoo.com> wrote:

>
> And then in a desperate attempt (when I was searching for something
> completly different) I stumbelt upon this:
>
> ------------------------------------------
> gem install ruby-net-ldap
>
>
> require 'rubygems'
> require 'net/ldap'
>
> ldap = Net::LDAP.new
> ldap.host = 'mydc'
> ldap.port = 389
> ldap.auth "usr@domain.com", "pwd"
> if ldap.bind
> p 'authentication succeeded'
> else
> p ' authentication failed'
> end
> -------------------------------------------
>
> and it works.
>
>
> by
> TheR
> --
> Posted via http://www.ruby-....
>
>

--
"Hey brother Christian with your high and mighty errand, Your actions speak
so loud, I can't hear a word you're saying."

-Greg Graffin (Bad Religion)

Craig C

12/20/2010 7:37:00 PM

It doesn't really help describe what was there.

-c

On Dec 20, 8:24 am, JimB <jl...@hotmail.com> wrote:
> http://groups.google.com/group/rec.games.pinball/browse_thr......

Pinballed

12/20/2010 7:41:00 PM

On Dec 20, 2:37 pm, Craig C <pinballamo...@gmail.com> wrote:
> It doesn't really help describe what was there.
>
> -c
>
> On Dec 20, 8:24 am, JimB <jl...@hotmail.com> wrote:
>
>
>
> >http://groups.google.com/group/rec.games.pinball/browse_thread/... Hide quoted text -
>
> - Show quoted text -

Ray said there were 10(?) prototypes at the factory. Is that true?
With the NZ the original way? One would think if that were true,
SOMEBODY here on rgp would have one and be able to show us a better
look.

Stan

theefxman

12/20/2010 8:15:00 PM

On Dec 20, 1:40 pm, Pinballed <probass...@live.ca> wrote:
> On Dec 20, 2:37 pm, Craig C <pinballamo...@gmail.com> wrote:
>
> > It doesn't really help describe what was there.
>
> > -c
>
> > On Dec 20, 8:24 am, JimB <jl...@hotmail.com> wrote:
>
> > >http://groups.google.com/group/rec.games.pinball/browse_thread/thre... quoted text -
>
> > - Show quoted text -
>
> Ray said there were 10(?) prototypes at the factory. Is that true?
> With the NZ the original way? One would think if that were true,
> SOMEBODY here on rgp would have one and be able to show us a better
> look.
>
> Stan

If I had to speculate.. I would say it was a rotating NZ target, that
would glide left and right making it a moving target to hit to start
the NZ loaded feature.

Either a up and down motion or a side to side, from the video it looks
like that NZ has a reflective surface which reflects the 2 stand up
targets, so the only option for movement would be up and down at least
from that shot..

Thoughts?

Rob

comp.lang.ruby

LDAP authentication in Windows 2003 AD

Damjan Rems

Brian Candler

Damjan Rems

F. Senault

Glen Holcomb

brabuhr

Damjan Rems

Glen Holcomb

Craig C

Pinballed

theefxman

x Login to ForumsZone