I am trying to get LDAP authentication working with SSL encryption. I
have
finally figured out how to authenticate against our central LDAP server
with
SSL (simple authentication, no SASL). To get OpenLDAP’s ldapsearch
client
program to work, I had to add some configuration information to
/etc/openldap/ldap.conf. After those changes were in place, then I could
use
ruby/ldap to authenticate via irb using conn = LDAP::SSLConn.new(host,
port)
(no TLS). However, I can’t authenticate over LDAPS from within Rails. I
am
using the Acts_as_LDAP_Authenticated plugin from
http://www.noitulove.ch/ldap-authentication-plugin-for-rails/ If I
configure
my server not to use SSL, then I can authenticate just fine. If,
however, I
request ssl, I get the error below.
LDAP::ResultError (Operations error):
/app/models/ldap_server.rb:86:in initialize' /app/models/ldap_server.rb:86:in
connect’
/app/models/ldap_server.rb:70:in authenticated?' /app/models/user.rb:39:in
authenticated?’
/app/models/user.rb:22:in authenticate' /app/controllers/account_controller.rb:75:in
login’
/software/stow/ruby-1.8.4/lib/ruby/gems/1.8/gems/actionpack-1.13.3/lib/action_controller/base.rb:1095:in
`perform_action_without_filters’ …
The line in question looks a lot like what I can do from irb. I have
even
tried changing it so it is exactly what I use from irb. But I still get
the
same error message. The connect method is:
def connect
conn = nil
if self.ssl?
conn = LDAP::SSLConn.new self.host, self.port
else
conn = LDAP::Conn.new self.host, self.port
end
conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
conn
end
I suspect the issue may be that from within the Rails context, the
configuration options from my ldap.conf file are not being honored.
-
Does anyone know how to make ruby/ldap give more informative error
messages? I would like more detail on the operations error that appears
to
be in some initialize function somewhere. I am assuming it is failing at
the
same point where ldapsearch was having trouble - but I can’t figure out
how
to confirm that. -
Does anyone know how to pass options directly to ruby/ldap? There are
tantilizing methods like conn.set_option but I am having trouble
figuring
out legal options and how they relate to configuration options that I
set in
ldap.conf.
–
Cynthia K.
[email protected]