[ANN] Net::LDAP 0.0.4 released

Works perfectly, thanks! I removed the parens from the filter, however.
My experience has showed me that not all platforms liked the parens and
it works fine without them (at least it does here at work).

Now, what would be the best way to test for the mere presence of a user
record, i.e. no password?

Regards,

Dan

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

···

-----Original Message-----
From: Francis Cianfrocca [mailto:garbagecat10@gmail.com]
Sent: Tuesday, August 15, 2006 2:14 PM
To: ruby-talk ML
Subject: Re: [ANN] Net::LDAP 0.0.4 released

On 8/15/06, Berger, Daniel <Daniel.Berger@qwest.com> wrote:
>
>
> I do two things with ldap - validation (does the user exist?) and
> authentication (is this user/password combo correct?). For
validation
> (e.g. an admin adding a new user to the app) I use a
command like this
> (on Unix, add -x):
>
> ldapsearch -h ldap.foo.com -LLL -b ou=People,o=foo.com uid=djberge
>
> If 'djberge' is found, a record is returned. If not, nothing is
> returned.
>
> For authentication (i.e. logging into the app) I use a command like
> this (again, add -x on Unix):
>
> ldapsearch -h ldap.foo.com -LLL -D
uid=djberge,ou=People,o=foo.com -b
> ou=People,o=foo.com -w my_pass uid=djberge
>
> That returns a record if the user/password is legit or
spews to stderr
> if it's invalid.
>
> Can this be done with net-ldap?

Get version 0.0.4 and read the Rdoc for Net::LDAP#bind_as .
It should do what you're looking for. But one question:
looking at your sample code, your first query binds
anonymously. Is that permitted on your LDAP server?
(Evidently it is, otherwise it wouldn't work for you!) I'm
not sure Net::LDAP will handle an anonymous bind, because I
don't have any directories that permit one. So you could try
this code (which will bind anonymously to query the person record):

require 'net/ldap'
ldap = Net::LDAP.new
ldap.host = "ldap.foo.com"

rs = ldap.bind_as(
  :base => "ou=People,o=foo.com,
  :filter => "(uid=djberge)",
  :password => "my_pass"
)

if rs
  # you're in
else
  # you're not
end

Does this work for you?

I noticed you had given your original code sample without parens around the
filter. Out of curiosity, what kind of LDAP server are you connecting to?
Searching for a user without binding ought to be easy:

require 'net/ldap'

ldap = Net::LDAP.new
ldap.host = "ldap.foo.com"
ldap.base = "ou=People,o=foo.com"

rs = ldap.search( :filter => "uid=djberge")

if rs
  puts "DN: #{rs.first.dn}"
end

By the way, you don't have to instantiate a Net::LDAP object every time you
need to hit the server. Just instantiate it once and keep it around in a
singleton or global.

···

On 8/15/06, Berger, Daniel <Daniel.Berger@qwest.com> wrote:

> On 8/15/06, Berger, Daniel <Daniel.Berger@qwest.com> wrote:

Works perfectly, thanks! I removed the parens from the filter, however.
My experience has showed me that not all platforms liked the parens and
it works fine without them (at least it does here at work).

Now, what would be the best way to test for the mere presence of a user
record, i.e. no password?