Net::LDAP

casper_the_ghost · September 5, 2006, 11:48pm

Im having difficulties setting up my controller to connect to our ldap
server. I’ve searched around in google and found wikis of snippets of
some code to set ruby ldap. Below is what I currently have but Im
getting “uninitialized constant LDAP” when I try to access the login.
Im not what what Im missing or how to debug this. Any suggestions or
tips is appreciated.

class LoginController < ApplicationController

#Bind with the main credential and query the full DN of the email
address
#given to us as a parameter, then unbind and rebind as the user.
def self.authenticate(username,password)
logger.debug("username = " + username)

ldap_con = initialize_ldap_con(username,password)
treebase = "DC=domain,DC=domainext"
mail_filter = Net::LDAP::Filter.eq( "mail", '[email protected]' )
op_filter = Net::LDAP::Filter.eq( "objectClass",

“organizationalPerson” )
dn = String.new
ldap_con.search( :base => treebase, :filter => op_filter &
mail_filter, :attributes=> ‘dn’) do |entry|
dn = entry.dn
end
login_succeeded = false
unless dn.empty?
ldap_con = initialize_ldap_con(dn,password)
login_succeeded = true if ldap_con.bind
end
logger.debug("login_succeeded = " + login_succeeded)
login_succeeded
end

private
def self.initialize_ldap_con(user_name, password)
Net::LDAP.new( {:host => ‘hostnamehere’, :port => 389, :auth => {
:method => :simple, :username => user_name, :password => password }} )
end

def index
case @request.method
when :post
if @session[‘user’] =
LoginController.authenticate(@params[‘user_login’],
@params[‘user_password’])

      flash['notice']  = "Login successful"
      redirect_back_or_default :action => "overview"
    else
      @login    = @params['user_login']
      @message  = "Login unsuccessful"
  end
end

end
end

casper_the_ghost · September 6, 2006, 5:49am

[email protected] wrote:

Im having difficulties setting up my controller to connect to our ldap
server. I’ve searched around in google and found wikis of snippets of

Jadeler, did you ever figure it out?

casper_the_ghost · September 6, 2006, 12:30am

[email protected] wrote:

Im having difficulties setting up my controller to connect to our ldap
server. I’ve searched around in google and found wikis of snippets of
some code to set ruby ldap. Below is what I currently have but Im
getting “uninitialized constant LDAP” when I try to access the login.
Im not what what Im missing or how to debug this. Any suggestions or
tips is appreciated.

This may sound like a dumb question but did you require ‘net/ldap’? And
did you actually install the library?

casper_the_ghost · September 6, 2006, 2:35pm

Jadeler Amin wrote:

Hi Francis, yes, it was missing the require ‘net/ldap’, thanks for the
tip. I tried it in irb but forgot to put it in the controller. I have
to read up alittle bit about net::ldap as Im not getting the
appropriate credentials. Im getting results below in irb. Is there an
example I can use to test out an example to test out a schema?

Net::LDAP has an extensive Rdoc that should tell you what you need to
know. In particular I would look at Net::LDAP#bind and
Net::LDAP#bind_as.

I assume from your sample code that you’re trying to contact your LDAP
server in order to authenticate users (and not to search attributes or
perform authorization). This is a very simple case and the docs should
help you. I don’t know what you googled for but I’m aware that Simon
Claret wrote up a wiki page somewhere, with code that looks very much
like what you’ve posted. He used a standard pattern (bind as admin/query
user DN/re-bind as user) which subsequently got added to Net::LDAP as
the Net::LDAP#bind_as method. If you are able to use #bind_as, then
you’ll get away with a lot less code than you’ve already written.

LDAP does tend to confuse people (you don’t mention whether you are new
to LDAP or not), especially people who are used to relational data. LDAP
is a pretty different animal.

casper_the_ghost · September 6, 2006, 7:24pm

Im new to LDAP and Ruby. Trying to tackle both is hard. I originally
got the login to work in rails using database and the login generator
but was going towards more of a single sign-on using ldap. I will
continue to try to tackle this and will look at the rdocs. If you
happen to know the url to the wiki, that you point me to the right
direction. Thanks.

casper_the_ghost · September 6, 2006, 10:27am

Hi Francis, yes, it was missing the require ‘net/ldap’, thanks for the
tip. I tried it in irb but forgot to put it in the controller. I have
to read up alittle bit about net::ldap as Im not getting the
appropriate credentials. Im getting results below in irb. Is there an
example I can use to test out an example to test out a schema?

irb(main):023:0> require ‘net/ldap’
=> true
irb(main):024:0> ldap = Net::LDAP.new :host => ‘solar’,
irb(main):025:0* :port => 389,
irb(main):026:0* :auth => {
irb(main):027:1* :method => :simple,
irb(main):028:1* :username =>
“cn=manager,dc=example,dc=com”,
irb(main):029:1* :password => “opensesame”
irb(main):030:1> }
=> #<Net::LDAP:0x2c35148 @base=“dc=com”, @open_connection=nil,
@auth={:username=

“cn=manager,dc=example,dc=com”, :password=>“opensesame”, :method=>:simple}, @en
cryption=nil, @verbose=false, @port=389, @host=“solar”>
irb(main):031:0>
irb(main):032:0* filter = Net::LDAP::Filter.eq( “cn”, “George*” )
=> #<Net::LDAP::Filter:0x2c265bc @left=“cn”, @op=:eq, @right=“George*”>
irb(main):033:0> treebase = “dc=example,dc=com”
=> “dc=example,dc=com”
irb(main):034:0>
irb(main):035:0* ldap.search( :base => treebase, :filter => filter )
do |entry|

irb(main):036:1* puts “DN: #{entry.dn}”
irb(main):037:1> entry.each do |attribute, values|
irb(main):038:2* puts " #{attribute}:"
irb(main):039:2> values.each do |value|
irb(main):040:3* puts " —>#{value}"
irb(main):041:3> end
irb(main):042:2> end
irb(main):043:1> end
=> false
irb(main):044:0>
irb(main):045:0* p ldap.get_operation_result
#<OpenStruct message=“Invalid Credentials”, code=49>

casper_the_ghost · January 9, 2008, 8:09pm

Hi,

apologies for hijacking this thread but it’s the simplest way for me
to get to your email address, Google is having problems displaying
CAPTCHAs at the moment!

I am trying to get ruby-net-ldap to work, using the Rails console.

Anyway, I can create LDAP objects and bind anonymously but as soon as
I try to bind using an auth something like:

ldap_user = (ldap.search :filter => “uid=acochran”).first
auth = {:method => :simple, :username => ldap_user, :password =>
“xxxxxx”}

So LDAP can find me, but I get when using the auth variable above:

ldap = Net::LDAP.new(:host => ‘ldap.company.com’,:base =>
‘dc=company,dc=com’, :auth => auth)
puts ldap.bind
NoMethodError: undefined method ‘to_ber’
from /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/
ldap/entry.rb:152:in method_missing' from /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/ ldap.rb:1100:in bind’
from /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/
ldap.rb:701:in `bind’
from (irb):16

Have you seen this before? If so, is there a patch?

Thanks,

Allan

casper_the_ghost · September 6, 2006, 8:00pm

From the error you posted change:

ldap.search( :base => treebase, :filter => filter )

to this:

ldap.search( :base => treebase, :filter => filter ,:auth => {:method =>
:anonymous})

or if you want

ldap.search(:base => treebase, :filter => filter, :auth => {:method =>
:simple, :username => username, :password => password})

–
Andrew S.