libldap-ruby with TLS connection

Discussion in 'Ruby' started by Bedo Sandor, Nov 11, 2003.

  1. Bedo Sandor

    Bedo Sandor Guest

    Hi,

    Has anybody any experience with libldap-ruby? There's an
    example file, how to make connections with TLS, but it
    does'n work to me. The error message is similar to the
    prbleme if I use ldapsearch at a unix prompt and forget
    to include CA certificate file to the ldap.conf:

    ssage:~$ irb1.8
    irb(main):001:0> require 'ldap'
    => true
    irb(main):002:0> LDAP::LDAP_VENDOR_NAME
    => "OpenLDAP"
    irb(main):003:0> conn = LDAP::SSLConn.new("10.3.130.61", 3892, true)
    LDAP::ResultError: Connect error
    from (irb):3:in `initialize'
    from (irb):3:in `new'
    from (irb):3
    irb(main):004:0> _

    Yes, "10.3.130.61" and port 3892 is correct. Certs are OK, ldapsearch
    with -ZZ is ready. The TLS example in the package:

    | # -*- ruby -*- ### bind-ssl.rb ###
    | # This file is a part of test scripts of LDAP extension module.
    |
    | $test = File.dirname($0)
    | require "#{$test}/conf"
    || # -*- ruby -*- ### conf.rb ###
    ||
    || require 'ldap'
    ||
    || $HOST = 'localhost'
    || begin
    || $PORT = ARGV[0].to_i || LDAP::LDAP_PORT
    || $SSLPORT = ARGV[1].to_i || LDAP::LDAPS_PORT
    || rescue
    || $PORT = LDAP::LDAP_PORT
    || $SSLPORT = LDAP::LDAPS_PORT
    || end
    | require "ldap"
    |
    | case LDAP::LDAP_VENDOR_NAME
    | when /^OpenLDAP/i
    | # true means we use start_tls extension.
    | conn = LDAP::SSLConn.new($HOST, $PORT, true)
    | when /^Netscape/i
    | conn = LDAP::SSLConn.new($HOST, $SSLPORT,
    | false, File.expand_path("~/.netscape/cert7.db"))
    | conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
    | else
    | raise(RuntimeError, "unknown vendor")
    | end
    |
    | v = conn.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION)
    | printf("protocol version = #{v}\n")
    |
    | conn.bind{
    | conn.perror("bind")
    | }


    My questions are:

    - How to create TLS connections in Ruby?
    - If client library verifies the servers certificate, where
    can I put the CA's certificate? ldap.conf is ok?
    - Is there any documentation about libruby-ldap except the
    few examples in the package itself? Where?
     
    Bedo Sandor, Nov 11, 2003
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.