Ldap search not succeding in a single attempt

ruby-talk
1

Hi,
I am writing a code for user authentication from ldapserver in ruby.
For that first i am doing an anonymous search on bluepages
    ldap_con = Net::LDAP.new
    ldap_con.host = 'X.Y.com'
    ldap_con.port = 389
    treebase = "ou=X,o=Y.com"
    user_filter = Net::LDAP::Filter.eq("notesShortName",username)
    dn = String.new
    @res = ldap_con.search( :base => treebase, :filter =>
    user_filter) do |entry|
    dn = entry.dn

then getting "dn" and after that doing authentication with passwd and
dn.

    unless dn.empty?
    ldap_con.auth dn,password
    if ldap_con.bind
      login_succeeded = true
But I am getting strange results. Some times the ldap search was
successful some times not. Then i tried with putting the ldap search
in a for loop and tried also to get the return code so I found like

#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=0, message="Success">

I dont know why it is happening for same search( same parameters)

Can you help me in this( why the search is not successful in first
iteration) ?
I also wants to tell you few Things
1- First of all i was testing(doing anonymous ldap search) with
A.Y.com and there was no problem with
   this server at all or i can say 100% results i got if intranetid/
passwd were correct.
2- I tried on command line ( "cmd" on windows ) with this
   ldapsearch -h A.Y.com -b o=Y.com emailaddress=abc@B.Y.com
   ldapsearch -h X.Y.com -b o=Y.com emailaddress= abc@B.Y.com
both were giving me 100 % results.
3- Then with the help of a ldap person in pune i tried with a ldap
server here and there also i did not got any problem.

Problem is there only with bluepages and how it can possible that for
anonymous search it gives
#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=0, message="Success">

Previously i was suspecting timeout but from the above lines it is
clear that it is access permission related issue.
Please help me in resolving this issue.

One thing i forgot that the problem is only with ldapsearch, if we get
correct "dn" there is no issues i faced in
authentication means 100 % successful.

Is it possible if i can see the logs on bluepages, that what is
happening with my anonymous search on bluepages.

Or do you have any idea about it?

2

For one thing, you can try using Net::LDAP#bind_as, which will do the dn
lookup and the password binding in one step.

For another, you can try using an actual user account when you do the dn
lookup.

But as fas as the anonymous access working sometimes and not other times,
that's hard to understand. I assume that bluepages uses either TDS or some
version of Lotus Notes. I know that Net::LDAP works well on both. What
happens if you use the IP address of the server rather than the domain name,
X.Y.com? Perhaps your DNS has multiple entries, or you are in front of a
hardware load balancer that is distributing the traffic to more than one
actual LDAP server.

···

On 8/17/07, rahulc1982@gmail.com <rahulc1982@gmail.com> wrote:

Hi,
I am writing a code for user authentication from ldapserver in ruby.
For that first i am doing an anonymous search on bluepages
    ldap_con = Net::LDAP.new
    ldap_con.host = 'X.Y.com'
    ldap_con.port = 389
    treebase = "ou=X,o=Y.com"
    user_filter = Net::LDAP::Filter.eq("notesShortName",username)
    dn = String.new
    @res = ldap_con.search( :base => treebase, :filter =>
    user_filter) do |entry|
    dn = entry.dn

then getting "dn" and after that doing authentication with passwd and
dn.

    unless dn.empty?
    ldap_con.auth dn,password
    if ldap_con.bind
      login_succeeded = true
But I am getting strange results. Some times the ldap search was
successful some times not. Then i tried with putting the ldap search
in a for loop and tried also to get the return code so I found like

#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=0, message="Success">

I dont know why it is happening for same search( same parameters)

Can you help me in this( why the search is not successful in first
iteration) ?
I also wants to tell you few Things
1- First of all i was testing(doing anonymous ldap search) with
A.Y.com and there was no problem with
   this server at all or i can say 100% results i got if intranetid/
passwd were correct.
2- I tried on command line ( "cmd" on windows ) with this
   ldapsearch -h A.Y.com -b o=Y.com emailaddress=abc@B.Y.com
   ldapsearch -h X.Y.com -b o=Y.com emailaddress= abc@B.Y.com
both were giving me 100 % results.
3- Then with the help of a ldap person in pune i tried with a ldap
server here and there also i did not got any problem.

Problem is there only with bluepages and how it can possible that for
anonymous search it gives
#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=50, message="Insufficient Access Rights">
#<OpenStruct code=0, message="Success">

Previously i was suspecting timeout but from the above lines it is
clear that it is access permission related issue.
Please help me in resolving this issue.

One thing i forgot that the problem is only with ldapsearch, if we get
correct "dn" there is no issues i faced in
authentication means 100 % successful.

Is it possible if i can see the logs on bluepages, that what is
happening with my anonymous search on bluepages.

Or do you have any idea about it?