Problem with LDAP::SSLConn.new

D

Daniel Berger

Hi all,

Solaris 10
Ruby 1.8.2
ruby-ldap 0.9.2
openldap 2.1.3

I built ruby-ldap successfully on my solaris box, and I can do regular
connections just fine. However, I can't seem to do secure connections using
LDAP::SSLConn.new.

If I just try to pass the server name, and no other arguments, it dies with an
"unknown error", stemming from these lines in sslconn.c:

/* line 108 ff */
else
{
int opt = LDAP_OPT_X_TLS_HARD;
ldapdata->err = ldap_set_option (cldap, LDAP_OPT_X_TLS, &opt);
Check_LDAP_Result (ldapdata->err);
}

I also tried passing an explicit port, and 'true' for the 'start_tls' option
like so:

ldap = LDAP::SSLConn.new(ldap_server, 389, true)

That resulted in this rather odd error:

Assertion failed: SOCKBUF_VALID( sb ), file sockbuf.c, line 82
Abort (core dumped)

Any ideas?

Thanks,

Dan
 
D

Dick Davies

Doesn't ring a bell.
Maybe your (C) LDAP library is the problem.
Can you do other starttls ldap sessions outside ruby?
 
D

Daniel Berger

Dick said:
Doesn't ring a bell.
Maybe your (C) LDAP library is the problem.
Can you do other starttls ldap sessions outside ruby?
Click to expand...

I'm afraid I don't know ldap that well, so I'm not even sure what you mean.

Upon further review, it appears that I build against the ldap.h that comes with
Solaris 10, not the ldap.h that comes with OpenLDAP.

So, I rebuilt it and explicitly set the "--with-ldap-dir" option to point to
openldap. It built fine, and standard connections seem to work alright. When
I try a secure connection now I get:

Can't contact LDAP server (LDAP::ResultError)

I tried a couple different ports, but no luck. Is it possible our ldap server
doesn't accept secure connections? I'll investigate further and post a
followup if I find out anything.

Anyway, it's better than a core dump. :)

Regards,

Dan
 
S

Steven Jenkins

Daniel said:
So, I rebuilt it and explicitly set the "--with-ldap-dir" option to
point to openldap. It built fine, and standard connections seem to work
alright. When I try a secure connection now I get:

Can't contact LDAP server (LDAP::ResultError)
Click to expand...

Is your server cert self-signed? As of version 2.1, OpenLDAP rejects
self-signed certs. You can override this by adding

TLS_REQCERT never

to your ldap.conf file (on the OpenLDAP client). If that works, then
you'll have to consider the security implications.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Net::LDAP vs ruby/ldap 3
ruby-ldap 0.9.7 build failure 0
No such object errors with Ruby-LDAP... 0
Webrick, ldap segfault on Linux 0
libldap-ruby with TLS connection 0
Problem with 1.8 / optparse.rb from within debugger 0
Problem with Net::FTP#mtime 1
Problem getting user input 5

Members online

No members online now.
Total: 31 (members: 1, guests: 30)
Robots: 453

Forum statistics

Threads
473,770
Messages
2,569,583
Members
45,074
Latest member
StanleyFra

Latest Threads

Top