Hi all,
Anybody tried net/ldap gem to authenticate your rails app with
active directory under windows server?
I have been trying it but something is missing and i am not able to
figure it out...

here is my code in the console to establish a connection and
authenticate.


1.9.2p290 :001 > require 'net/ldap'
=> true
1.9.2p290 :002 > ldap = Net::LDAP.new
=> #<Net::LDAP:0x000000019bd650 @host="127.0.0.1", @port=389,
@verbose=false, @auth={:method=>:anonymous}, @base="dc=com",
@encryption=nil, @open_connection=nil>
1.9.2p290 :003 > ldap.host = "myserveripcomeshere"
=> "myserveripcomeshere"
1.9.2p290 :004 > ldap.port = 389
=> 389
1.9.2p290 :005 > ldap.auth "my_user_name_here","my_password_here"
=>
{:method=>:simple, :username=>"my_user_name_here", :password=>"my_password_here"}
1.9.2p290 :006 > if ldap.bind
1.9.2p290 :007?> puts "Authentication successful"
1.9.2p290 :008?> else
1.9.2p290 :009 > puts "Authentication failed"
1.9.2p290 :010?> end
Authentication failed
=> nil


and when i tried to see what's the operation result. below is what
happened..

1.9.2p290 :011 > unless ldap.bind
1.9.2p290 :012?> puts "Result: #{ldap.get_operation_result.code}"
1.9.2p290 :013?> puts "Message:
#{ldap.get_operation_result.message}"
1.9.2p290 :014?> end
Result: 49
Message: Invalid Credentials
=> nil

con't figure out why is happening like that, though i given the
correct credentials.
Any ideas?


Thanks in Advance.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Search Discussions

  • Craig White at Dec 29, 2011 at 2:09 am

    On Tue, 2011-12-27 at 22:57 -0800, venkata reddy wrote:
    Hi all,
    Anybody tried net/ldap gem to authenticate your rails app with
    active directory under windows server?
    I have been trying it but something is missing and i am not able to
    figure it out...

    here is my code in the console to establish a connection and
    authenticate.


    1.9.2p290 :001 > require 'net/ldap'
    => true
    1.9.2p290 :002 > ldap = Net::LDAP.new
    => #<Net::LDAP:0x000000019bd650 @host="127.0.0.1", @port=389,
    @verbose=false, @auth={:method=>:anonymous}, @base="dc=com",
    @encryption=nil, @open_connection=nil>
    1.9.2p290 :003 > ldap.host = "myserveripcomeshere"
    => "myserveripcomeshere"
    1.9.2p290 :004 > ldap.port = 389
    => 389
    1.9.2p290 :005 > ldap.auth "my_user_name_here","my_password_here"
    =>
    {:method=>:simple, :username=>"my_user_name_here", :password=>"my_password_here"}
    1.9.2p290 :006 > if ldap.bind
    1.9.2p290 :007?> puts "Authentication successful"
    1.9.2p290 :008?> else
    1.9.2p290 :009 > puts "Authentication failed"
    1.9.2p290 :010?> end
    Authentication failed
    => nil


    and when i tried to see what's the operation result. below is what
    happened..

    1.9.2p290 :011 > unless ldap.bind
    1.9.2p290 :012?> puts "Result: #{ldap.get_operation_result.code}"
    1.9.2p290 :013?> puts "Message:
    #{ldap.get_operation_result.message}"
    1.9.2p290 :014?> end
    Result: 49
    Message: Invalid Credentials
    => nil

    con't figure out why is happening like that, though i given the
    correct credentials.
    Any ideas?
    ----
    I use LDAP auth but not AD. I seem to recall that it's not possible to
    use anonymous binds to AD and you probably want to use SSL. Thus you
    might want to try adding...

    :method => :ssl
    :encryption => :simple_tls
    :port => 636

    or in your usage, ldap.method = 'ssl', ldap.encryption = 'simple_tls',
    ldap.port = 636

    Also, I'm not entirely certain of the usage for 'encryption', whether
    it's required (or even useful) or not for AD.

    I would suspect that the error 49 (Invalid credentials) probably comes
    from the anonymous bind but one of the surest way to speed the
    troubleshooting process is to view the logs on the LDAP server (not that
    I know how to do that on AD but I'm sure that there's a way).

    Craig


    --
    This message has been scanned for viruses and
    dangerous content by MailScanner, and is
    believed to be clean.

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedDec 28, '11 at 6:58a
activeDec 29, '11 at 2:09a
posts2
users2
websiterubyonrails.org
irc#RubyOnRails

2 users in discussion

Venkata reddy: 1 post Craig White: 1 post

People

Translate

site design / logo © 2021 Grokbase