Thread: NET::LDAP Help

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2007
    Location
    Denver, Colorado
    Posts
    3
    Rep Power
    0

    NET::LDAP Help


    Greetings all:

    I am dealing with a weird requirement on our company's LDAP server (which is OpenLDAP). I need to get ruby to authenticate a user through the server and here it is a 2 part process.

    From the Linux command line you would do the following:

    Code:
    ldapsearch -x -h <hostname> -b "<groups>" mail=<email_address>
    This will yeild info and the actual DN of the user. Then we run a second query as follows:

    Code:
    ldapsearch -x -h bluepages.ibm.com -D "uid=<dn_from_other_search>, c=us, <groups>" -W
    which is what you would authenicate with.

    I have been looking at quite a few examples of code and tried this... but of course, we get an error 50 (insufficient access rights) with the following code. I need to figure out how to basically do these two commands in my program. Help is appreciated.

    So here is what I have tried:

    Code:
    #!~/.rbenv/shims/ruby  
    require 'net/ldap'  
    $uid = "<email_address" 
    $pass = "<password>" 
    $host = "<hostname>" 
    $port = 636 
    $base = "<groups>" 
    $user_attr = "mail"  
    
    puts "Checking LDAP...\n"  
    
    def authenicate()  
    ldap = Net::LDAP.new(:host => $host, :auth => {:method => :anonymous})   result = ldap.bind_as(:base => $base,      
     :filter => "#{$user_attr}=#{$uid}",      
     :password => $pass,      
     :encryption => :simple_tls,      
     :port => $port)  
    
     if result    
       puts "Authenticated #{result.first.dn}\n"    
       puts "Message: #{ldap.get_operation_result.message}\n"  
     else    
       puts "Authentication Failed!\n"    
       puts "Message: #{ldap.get_operation_result.message}\n"  
     end 
    end  
    authenicate
    Last edited by iainnitro; April 24th, 2013 at 09:28 AM. Reason: clean up code
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    7
    Rep Power
    0
    I can show you how we did it.

    First we created our LDAP object
    Code:
    ldap = Net::LDAP.new( :host => Settings.ADSettings.host, :port => Settings.ADSettings.port, :encryption => :simple_tls)
    Then we called the authenticate method on that object
    Code:
    ldap.authenticate Settings.ADSettings.username, Settings.ADSettings.password
    We then applied our filter (what attributes we are looking for), in this case it was
    Code:
    filter = Net::LDAP::Filter.eq( "sAMAccountName", "#{user.userLogin}" )
    Finally perform our search
    Code:
      ldap.search( :base => Settings.ADSettings.treebase, :filter => filter, :attributes => Settings.ADSettings.attributes, :return_result => false ) do |entry|
     
     # do whatever work
    end
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2007
    Location
    Denver, Colorado
    Posts
    3
    Rep Power
    0
    Thanks for the help. I finally have my test file working, now to find out how to modify the main app to do it with our server, which is GitLab. If anyone knows off the bat what file does the actual LDAP is performed, could use a heads up.
  6. #4
  7. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2013
    Posts
    5
    Rep Power
    0

    Rubby


    What is Rubby..? Is it programming

IMN logo majestic logo threadwatch logo seochat tools logo