NET::LDAP Problems

Just wondering if anyone knows anything about this project?

A couple of things that I recently discovered…

1 - the bind and bind_as methods will return results if you provide a
empty password…
2 - The search does not work when searching against DN’s.

Maybe I’m missing how to do this or something. Anyone who may know
how to correct these problems please share the wealth.

Is this project still alive or should I try the alternative? I think
this library is the most functional I have seen but still some bumps.

Thanks,
Phill

On 2/22/07, bluengreen [email protected] wrote:

Is this project still alive or should I try the alternative? I think
this library is the most functional I have seen but still some bumps.

Net::LDAP is alive and well. The current source tree includes some
SNMP-oriented functionality that is not yet in the released packages,
but
otherwise the library is essentially at production level.

Do you have any feature requests?

Just in case anybody else is struggling with these issues here is what
I did for work arounds, but after comparing with ldapsearch and
various RFC’s I’m not sure they are work arounds for NET::LDAP as much
as just the way the spec is defined…

For the password issue I wrapped the bind with a condition that the
password length be greater than 1.

unless password.to_s.size < 1
result = ldap.bind_as(
:base => “dc=net,dc=com”,
:filter => “(cn=#{username})”,
:password => “#{password}”
)
end

For the DN search issue, it seems this is appropriate behavior, as
verified by ldapsearch at the commandline. The appropriate read method
is to set the tree base to your DN that you want and set scope to
base.

So do this if you want to return a specific DN using NET::LDAP

set your dn

treebase = “cn=pnovess,dc=net,dc=com”

query ldap - set scope to base

ldap.search( :base => treebase, :scope =>
Net::LDAP::SearchScope_BaseObject ) do |entry|
… do stuff here …
end

Hope this helps saves someone the several hours of research I spent.

Thanks,
Phill

On 3/11/07, [email protected] [email protected] wrote:

                :auth => @auth) do |conn|

i think this information is exported by the ldap server right?

There are standard response codes in the RFC, most of which have
corresponding strings in Net::LDAP, but I’ve always found LDAP servers
to be
remarkably inconsistent with the responses they send in different
situations. I’m pretty sure there are methods in Net::LDAP now that
access
these strings. If they’re not good enough, let me know or suggest a
patch.

Someone long ago requested support for LDAP controls, which are needed
to
access special features of some directories (like IBM’s TDS). This is a
good
idea but I haven’t gotten around to it and no else asked. Any need for
this
feature among whoever is reading this thread?

I wrote a Ruby-scriptable LDAP server based on the Net::LDAP protocol
implementation and have used it for special purpose attribute servers,
directory aggregators, etc. Works quite well. If there is enough
interest in
this, I can publish it as well.

Hi Francis,

I wrote a Ruby-scriptable LDAP server based on the Net::LDAP protocol
implementation and have used it for special purpose attribute servers,
directory aggregators, etc. Works quite well. If there is enough interest in
this, I can publish it as well.

i for one would love to see such a thing. I could not say that i will
use it for any project for sure but i would love to play with it and try
some things. So if it is not way too much work to package this, go for
it! :smiley:

Cheers,

Steph.

PS: Net::LDAP rocks!

On Sun, 11 Mar 2007, Francis C. wrote:

otherwise the library is essentially at production level.
we just taught a class last week on ruby and i had a friend come in and
present on net::ldap. he runs the peoplesoft db which employs a
federated
authentication system for the university of colorado and has been using
net::ldap for a year or two in production with no issues.

Do you have any feature requests?

perhaps exporting the information on the cause of exit codes. eg:

determining reason for exit code == 49

if @ldap.get_operation_result.code == 49
Net::LDAP.open(:host => @ldap.host,
:port => @ldap.port,
:auth => @auth) do |conn|
@entry = conn.search(:base => @account_base,
:filter => “uid=#{ uid }”,
:attributes => [“userpassword”])
if test_sha_password(pw, @entry[0].userpassword[0])
retval = [false, “Password good, but expired.”]
else
retval = [false, “Invalid credentials, please try again.”]
end
end
end

i think this information is exported by the ldap server right?

-a

I’d like to see it

On 3/11/07, [email protected] [email protected] wrote:
#

determining reason for exit code == 49

49? are you alright Ara ? :wink:

Robert

On Mar 11, 8:17 am, [email protected] wrote:

we just taught a class last week on ruby and i had a friend come in and

     retval = [false, "Invalid credentials, please try again."]
   end
 end

end

i think this information is exported by the ldap server right?

-a

be kind whenever possible… it is always possible.

  • the dalai lama

Thanks those are good suggestions. I too am in Coloraodo. I’m in
Fort Collins. I’ve been wanting to get down that way for user group
meetings but lately my development schedule has not permitted.

Do you ever attend those? If so maybe I’ll see you there.

Thanks,
Phill

On Tue, Mar 13, 2007 at 04:03:44AM +0900, Stephan M. wrote:

use it for any project for sure but i would love to play with it and try
some things. So if it is not way too much work to package this, go for
it! :smiley:

I wrote a ruby-ldapserver a while back and stuck it on rubyforge. It
doesn’t
depend on Net::LDAP, except for its test cases I think.

Anyway, it may be of interest in itself or as a comparison.

http://rubyforge.org/projects/ruby-ldapserver

Regards,

Brian.