LDAP Issues

Rory_McKinley · April 23, 2008, 2:41pm

Hi All

I am at wits end trying to get LDAP to work in Rails running on ubuntu
(yes, I’m a noob!). I have version 0.9.7 of ruby-ldap installed. Every
thing seems fine, until I test in the console:

require ‘ldap’
=> [“LDAP”]
l = LDAP::Conn.new(‘xxxx.xxxx.xxxx.net’, 389)
=> #LDAP::Conn:0xb74a4a40
l.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
=> #LDAP::Conn:0xb74a4a40
l.bind(‘cn=xxxx,dc=xxxx,dc=xxxx,dc=xxxx’, ‘xxxxxxx’)
LDAP::ResultError: Can’t contact LDAP server
from (irb):4:in `bind’
from (irb):4

Now, it appears that a connection object is created, but yet it says
that it can’t contact the server. I can telnet to the relevant server so
there is connectivity but further than that, I have no idea.

Any clues as to what might be causing this?

All help appreciated.

Rory

Rory_McKinley · April 23, 2008, 7:42pm

On Wed, 2008-04-23 at 14:40 +0200, Rory McKinley wrote:

l.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
Any clues as to what might be causing this?

All help appreciated.

Rory

here’s how I do it using ruby-ldap

** my_ldap.rb **
require “ldap”

Provides access to authenticate user from LDAP using the user provided

user name and password
class MyLDAP < LDAP::Conn
BASE_DN = “dc=example,dc=com”
PEOPLE_DN = “ou=people,dc=example,dc=com”
LDAP_HOST = “server.example.com”
LDAP_PORT = 389
PROTOCOL_VERSION = 3

sets up connection to LDAP server

def initialize (host = LDAP_HOST, version = PROTOCOL_VERSION)
super( host, LDAP_PORT )
set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, version )
return self
end

Bind with the user supplied information

def bind(mydn, pass)
dn = “uid=” + mydn + “,” + PEOPLE_DN
super( dn, pass )
end
end

** user.rb **

Takes user login name and password and connects to LDAP

def self.login(login, password)
if password == ‘’
return false
end
begin
conn = MyLDAP.new.bind(login, password)
rescue
return false
end
return conn.bound?
conn.unbind
end

Forces user login screen

def try_to_login
User.login(self.login, self.password)
end

and then finally, in my ‘login_controller.rb’

@user = User.new(params[:user])
logged_in_user = @user.try_to_login
if logged_in_user
@authuser=User.find(:first,
:conditions => [“login = ?”, @user[:login] ])
if @authuser == nil
flash[:notice] = “You are not authorized to use this system”
else
session[:user_id] = @authuser.id
session[:user_name] = @authuser.name
if session[:direct_to]
redirect_to (session[:direct_to])
else
redirect_to(:controller => “main_tabnav” )
end
end

So I think you should have enough information to make it work.

Craig

Rory_McKinley · April 23, 2008, 7:59pm

An LDAP object doesn’t try to connect when it’s created, so don’t be
surprised that succeeded. When you say you can telnet, was that to the
standard port 23 or did you test 389.

On Wed, Apr 23, 2008 at 8:40 AM, Rory McKinley

Rory_McKinley · April 23, 2008, 9:13pm

Mack Earnhardt wrote:

An LDAP object doesn’t try to connect when it’s created, so don’t be
surprised that succeeded. When you say you can telnet, was that to the
standard port 23 or did you test 389.

Hi

It was port 389. I also, at the suggestion of one of my colleagues,
tried setting up Thunderbird to use the LDAP server for an address book.
This worked perfectly, so, in terms of connectivity it seems to be
working.

Does Rails store any debugging/error info that could help pinpoint a
reason for this lack of connectivity?

Regards

Rory

Rory_McKinley · April 24, 2008, 6:49am

On Thu, 2008-04-24 at 06:24 +0200, Rory McKinley wrote:

BASE_DN = “dc=example,dc=com”

Bind with the user supplied information

the method definitions?

It was years ago when I wrote this and I think I got it off the wiki
(http://wiki.rubyonrails.org) - I honestly don’t remember but it worked
really nicely.

Craig

Rory_McKinley · April 24, 2008, 6:25am

Craig W. wrote:

LDAP_HOST = “server.example.com”
dn = “uid=” + mydn + “,” + PEOPLE_DN
super( dn, pass )
end
end

Hi Craig

I will give this a try. Can you perhaps tell me why you use “super” in
the method definitions?

Rory

Rory_McKinley · April 24, 2008, 6:06pm

On Wed, 2008-04-23 at 21:48 -0700, Craig W. wrote:

class MyLDAP < LDAP::Conn
end
I will give this a try. Can you perhaps tell me why you use “super” in
the method definitions?

It was years ago when I wrote this and I think I got it off the wiki
(http://wiki.rubyonrails.org) - I honestly don’t remember but it worked
really nicely.

OK - I’m at work now and I have my pickaxe book and it appears that the
reason to use ‘super’ is to to invoke the parent’s initializer.

Specifically, “within the body of a method, a call to super acts just
like a call to that original method, except that the search for a method
body starts in the superclass of the object that was found to contain
the original method.”

Craig