[ANN] Net::LDAP 0.0.3 released, adds TLS encryption

[Francis Cianfrocca]

We're pleased to announce version 0.0.3 of Net::LDAP, the first
pure-Ruby LDAP library. Net::LDAP intends to be a feature-complete
LDAP client which can access as much as possible of the functionality
of the most-used LDAP server implementations. This library does
not wrap any existing native-code LDAP libraries, creates no
Ruby extensions, and has no dependencies external to Ruby.

Version 0.0.3 adds support for encrypted communications to LDAP servers.
There is a new optional parameter for Net::LDAP#new and Net::LDAP#open
that allows you to specify encryption characteristics. Here's a quick
example:

require 'net/ldap'
ldap = Net::LDAP.new(
:host => "an_ip_address",
ort => 636,
:auth => {:method => :simple, :username => "mickey", assword => "mouse" },
:encryption => {:method => :simple_tls}
)
ldap.bind or raise "bind failed"
ldap.search( ... )
# etc, etc.

This release supports simple TLS encryption with no client or server
validation. Future versions will add support for the STARTTLS control,
and for certificate validation. Additional parameters will appear to
support these options.

Net::LDAP encryption requires Ruby's openssl library. We're not
quite sure what happens when this library is present but the underlying
OpenSSL libraries are missing or not configured appropriately,
especially on back versions of Ruby. If anyone encounters problems
using encryption in Net::LDAP, please let us know and give us the
details of your platform and Ruby build info.

Thanks to Garett Shulman for helping to test the new code.

If anyone wants to contribute suggestions, insights or (especially)
code, please email me at garbagecat10 .. .. gmail.com.

 

[Andre Nathan]

We're pleased to announce version 0.0.3 of Net::LDAP

Thanks for that, Francis.

Have you thought about that issue we discussed some time ago, about
which characters are allowed in the regex for the LDAP attribute values?

Currently in #parse_filter_branch the code is

if value = scanner.scan( /[\w\*\.]+/ )

I'm editing it to look like

if value = scanner.scan( /[\w\*\.\+-@=#\$%&!\(\)]+/ )

This works for everything I've needed so far, but it's not complete, and
maybe there's a better solution.

Best regards,
Andre

 

[Francis Cianfrocca]

Thanks Andre, still haven't thought that all the way through. Is that
the complete set of characters you need, or are there others? Does
anyone else have additional requirements?

We're pleased to announce version 0.0.3 of Net::LDAP

Thanks for that, Francis.

Have you thought about that issue we discussed some time ago, about
which characters are allowed in the regex for the LDAP attribute values?

Currently in #parse_filter_branch the code is

if value = scanner.scan( /[\w\*\.]+/ )

I'm editing it to look like

if value = scanner.scan( /[\w\*\.\+-@=#\$%&!\(\)]+/ )

This works for everything I've needed so far, but it's not complete, and
maybe there's a better solution.

Best regards,
Andre

 

[Andre Nathan]

Thanks Andre, still haven't thought that all the way through. Is that
the complete set of characters you need, or are there others? Does
anyone else have additional requirements?

That's all I need here. I guess the LDAP RFC doesn't make any
restrictions on the values though (it just says "octet string"), but
probably a regex that allows anything wouldn't be a good idea...

Andre

 

[Francis Cianfrocca]

IIRC, I had to write a recursive-descent parser to handle those
filter-strings, and I wouldn't change it without a lot of testing!
I'll let you know when I get around to it.

 

[Andre Nathan]

IIRC, I had to write a recursive-descent parser to handle those
filter-strings, and I wouldn't change it without a lot of testing!
I'll let you know when I get around to it.

Thanks. In fact the regex I posted breaks it because of the parenthesis.
I'm using just

/[\w\*\.\+-@=#\$%&!]+/

now. Do you think you could add this list of charaters for a next
release?

Andre