B
Bedo Sandor
Hi,
Has anybody any experience with libldap-ruby? There's an
example file, how to make connections with TLS, but it
does'n work to me. The error message is similar to the
prbleme if I use ldapsearch at a unix prompt and forget
to include CA certificate file to the ldap.conf:
ssage:~$ irb1.8
irb(main):001:0> require 'ldap'
=> true
irb(main):002:0> LDAP::LDAP_VENDOR_NAME
=> "OpenLDAP"
irb(main):003:0> conn = LDAP::SSLConn.new("10.3.130.61", 3892, true)
LDAP::ResultError: Connect error
from (irb):3:in `initialize'
from (irb):3:in `new'
from (irb):3
irb(main):004:0> _
Yes, "10.3.130.61" and port 3892 is correct. Certs are OK, ldapsearch
with -ZZ is ready. The TLS example in the package:
| # -*- ruby -*- ### bind-ssl.rb ###
| # This file is a part of test scripts of LDAP extension module.
|
| $test = File.dirname($0)
| require "#{$test}/conf"
|| # -*- ruby -*- ### conf.rb ###
||
|| require 'ldap'
||
|| $HOST = 'localhost'
|| begin
|| $PORT = ARGV[0].to_i || LDAP::LDAP_PORT
|| $SSLPORT = ARGV[1].to_i || LDAP::LDAPS_PORT
|| rescue
|| $PORT = LDAP::LDAP_PORT
|| $SSLPORT = LDAP::LDAPS_PORT
|| end
| require "ldap"
|
| case LDAP::LDAP_VENDOR_NAME
| when /^OpenLDAP/i
| # true means we use start_tls extension.
| conn = LDAP::SSLConn.new($HOST, $PORT, true)
| when /^Netscape/i
| conn = LDAP::SSLConn.new($HOST, $SSLPORT,
| false, File.expand_path("~/.netscape/cert7.db"))
| conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
| else
| raise(RuntimeError, "unknown vendor")
| end
|
| v = conn.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION)
| printf("protocol version = #{v}\n")
|
| conn.bind{
| conn.perror("bind")
| }
My questions are:
- How to create TLS connections in Ruby?
- If client library verifies the servers certificate, where
can I put the CA's certificate? ldap.conf is ok?
- Is there any documentation about libruby-ldap except the
few examples in the package itself? Where?
Has anybody any experience with libldap-ruby? There's an
example file, how to make connections with TLS, but it
does'n work to me. The error message is similar to the
prbleme if I use ldapsearch at a unix prompt and forget
to include CA certificate file to the ldap.conf:
ssage:~$ irb1.8
irb(main):001:0> require 'ldap'
=> true
irb(main):002:0> LDAP::LDAP_VENDOR_NAME
=> "OpenLDAP"
irb(main):003:0> conn = LDAP::SSLConn.new("10.3.130.61", 3892, true)
LDAP::ResultError: Connect error
from (irb):3:in `initialize'
from (irb):3:in `new'
from (irb):3
irb(main):004:0> _
Yes, "10.3.130.61" and port 3892 is correct. Certs are OK, ldapsearch
with -ZZ is ready. The TLS example in the package:
| # -*- ruby -*- ### bind-ssl.rb ###
| # This file is a part of test scripts of LDAP extension module.
|
| $test = File.dirname($0)
| require "#{$test}/conf"
|| # -*- ruby -*- ### conf.rb ###
||
|| require 'ldap'
||
|| $HOST = 'localhost'
|| begin
|| $PORT = ARGV[0].to_i || LDAP::LDAP_PORT
|| $SSLPORT = ARGV[1].to_i || LDAP::LDAPS_PORT
|| rescue
|| $PORT = LDAP::LDAP_PORT
|| $SSLPORT = LDAP::LDAPS_PORT
|| end
| require "ldap"
|
| case LDAP::LDAP_VENDOR_NAME
| when /^OpenLDAP/i
| # true means we use start_tls extension.
| conn = LDAP::SSLConn.new($HOST, $PORT, true)
| when /^Netscape/i
| conn = LDAP::SSLConn.new($HOST, $SSLPORT,
| false, File.expand_path("~/.netscape/cert7.db"))
| conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
| else
| raise(RuntimeError, "unknown vendor")
| end
|
| v = conn.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION)
| printf("protocol version = #{v}\n")
|
| conn.bind{
| conn.perror("bind")
| }
My questions are:
- How to create TLS connections in Ruby?
- If client library verifies the servers certificate, where
can I put the CA's certificate? ldap.conf is ok?
- Is there any documentation about libruby-ldap except the
few examples in the package itself? Where?