Net::LDAP Issue

Rails
1

Hi all,
Anybody tried net/ldap gem to authenticate your rails app with
active directory under windows server?
I have been trying it but something is missing and i am not able to
figure it out…

here is my code in the console to establish a connection and
authenticate.

1.9.2p290 :001 > require ‘net/ldap’
=> true
1.9.2p290 :002 > ldap = Net::LDAP.new
=> #<Net::LDAP:0x000000019bd650 @host=“127.0.0.1”, @port=389,
@verbose=false, @auth={:method=>:anonymous}, @base=“dc=com”,
@encryption=nil, @open_connection=nil>
1.9.2p290 :003 > ldap.host = “myserveripcomeshere”
=> “myserveripcomeshere”
1.9.2p290 :004 > ldap.port = 389
=> 389
1.9.2p290 :005 > ldap.auth “my_user_name_here”,“my_password_here”
=>
{:method=>:simple, :username=>“my_user_name_here”,
:password=>“my_password_here”}
1.9.2p290 :006 > if ldap.bind
1.9.2p290 :007?> puts “Authentication successful”
1.9.2p290 :008?> else
1.9.2p290 :009 > puts “Authentication failed”
1.9.2p290 :010?> end
Authentication failed
=> nil

and when i tried to see what’s the operation result. below is what
happened…

1.9.2p290 :011 > unless ldap.bind
1.9.2p290 :012?> puts “Result: #{ldap.get_operation_result.code}”
1.9.2p290 :013?> puts “Message:
#{ldap.get_operation_result.message}”
1.9.2p290 :014?> end
Result: 49
Message: Invalid Credentials
=> nil

con’t figure out why is happening like that, though i given the
correct credentials.
Any ideas?

Thanks in Advance.

2

On Tue, 2011-12-27 at 22:57 -0800, venkata reddy wrote:

1.9.2p290 :001 > require ‘net/ldap’
=>
and when i tried to see what’s the operation result. below is what

con’t figure out why is happening like that, though i given the
correct credentials.
Any ideas?

I use LDAP auth but not AD. I seem to recall that it’s not possible to
use anonymous binds to AD and you probably want to use SSL. Thus you
might want to try adding…

:method => :ssl
:encryption => :simple_tls
:port => 636

or in your usage, ldap.method = ‘ssl’, ldap.encryption = ‘simple_tls’,
ldap.port = 636

Also, I’m not entirely certain of the usage for ‘encryption’, whether
it’s required (or even useful) or not for AD.

I would suspect that the error 49 (Invalid credentials) probably comes
from the anonymous bind but one of the surest way to speed the
troubleshooting process is to view the logs on the LDAP server (not that
I know how to do that on AD but I’m sure that there’s a way).

Craig


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.