I am trying to authenticate user against Windows 2003 AD. This is what I
have found so far, but what ever I do I get error:
#<LDAP::ResultError: Invalid credentials>
This is my source code, which I picked sowhere on net:
···
-------------------------------------
require "ldap"
# Provides access to authenticate user from LDAP using the user provided
# user name and password
class MyLDAP < LDAP::Conn
BASE_DN = "dc=mydomain,dc=com"
PEOPLE_DN = "ou=users,dc=mydomain,dc=com"
LDAP_HOST = "mydc"
LDAP_PORT = 389
PROTOCOL_VERSION = 3
# sets up connection to LDAP server
def initialize (host = LDAP_HOST, version = PROTOCOL_VERSION)
super( host, LDAP_PORT )
set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, version )
return self
end
# Bind with the user supplied information
def bind(mydn, pass)
dn = "uid=" + mydn + "," + PEOPLE_DN
super( dn, pass )
end
end
#** user.rb **
# Takes user login name and password and connects to LDAP
def login(login, password)
if password == ''
return false
end
begin
conn = MyLDAP.new.bind(login, password)
rescue => e
puts e.inspect
return false
end
return conn.bound?
conn.unbind
end
You may have to tweak the authentification options, though.
(I believe you can install OpenLDAP ldapsearch on windows boxen,
probably with cygwin.)
Fred
···
Le 24 octobre à 13:53, Damjan Rems a écrit :
Brian Candler wrote:
Suggestion: first eliminate Ruby from the equation, by getting an
"ldapsearch" command line to bind successfully to your Windows LDAP
server.
Could you post some simple quick query how to do it. Net is full of very
complicated examples.
--
I remember when everybody posted to Usenet with their real, deliverable
e-mail address. Of all the sins committed by the spammers, destroying
the viability of the open Internet was the worst.
(Shmuel (Seymour J.) Metz in NANAE)
I was having trouble authenticating against 2003 in the past. I fixed it by
submitting the full email address for the account as the login. I believe
it has to be in the form of username@full.dc.list
···
On Fri, Oct 24, 2008 at 6:15 AM, F. Senault <fred@lacave.net> wrote:
Le 24 octobre à 13:53, Damjan Rems a écrit :
> Brian Candler wrote:
>> Suggestion: first eliminate Ruby from the equation, by getting an
>> "ldapsearch" command line to bind successfully to your Windows LDAP
>> server.
>
> Could you post some simple quick query how to do it. Net is full of very
> complicated examples.
Well, it's not always simple. With an OpenLDAP setup :
You may have to tweak the authentification options, though.
(I believe you can install OpenLDAP ldapsearch on windows boxen,
probably with cygwin.)
Fred
--
I remember when everybody posted to Usenet with their real, deliverable
e-mail address. Of all the sins committed by the spammers, destroying
the viability of the open Internet was the worst.
(Shmuel (Seymour J.) Metz in NANAE)
--
"Hey brother Christian with your high and mighty errand, Your actions speak
so loud, I can't hear a word you're saying."
(Technically not email address, but UPN; which is generally what I use
instead of DN when working in AD-land.) I don't have the net-ldap
code I am currently using handy, but here was an older example with
ruby-ldap:
In that code, it was expected that the username was the user's AD UPN.
···
On Fri, Oct 24, 2008 at 9:26 AM, Glen Holcomb <damnbigman@gmail.com> wrote:
I was having trouble authenticating against 2003 in the past. I fixed it by
submitting the full email address for the account as the login. I believe
it has to be in the form of username@full.dc.list
Sorry Damjan, I didn't read your first message closely enough. Had I
noticed you weren't using net-ldap I would have suggested you do so. It
works great for me with all things AD and LDAP (all things I've done
anyway).
···
On Tue, Oct 28, 2008 at 7:43 AM, Damjan Rems <d_rems@yahoo.com> wrote:
And then in a desperate attempt (when I was searching for something
completly different) I stumbelt upon this: