Hi,
Has anybody any experience with libldap-ruby? There’s an
example file, how to make connections with TLS, but it
does’n work to me. The error message is similar to the
prbleme if I use ldapsearch at a unix prompt and forget
to include CA certificate file to the ldap.conf:
ssage:~$ irb1.8
irb(main):001:0> require 'ldap'
=> true
irb(main):002:0> LDAP::LDAP_VENDOR_NAME
=> "OpenLDAP"
irb(main):003:0> conn = LDAP::SSLConn.new("10.3.130.61", 3892, true)
LDAP::ResultError: Connect error
from (irb):3:in `initialize'
from (irb):3:in `new'
from (irb):3
irb(main):004:0> _
Yes, “10.3.130.61” and port 3892 is correct. Certs are OK, ldapsearch
with -ZZ is ready. The TLS example in the package:
-- ruby -- ### bind-ssl.rb
This file is a part of test scripts of LDAP extension module.
$test = File.dirname($0)
require “#{$test}/conf”# -*- ruby -*- ### conf.rb ### require 'ldap' $HOST = 'localhost' begin $PORT = ARGV[0].to_i || LDAP::LDAP_PORT $SSLPORT = ARGV[1].to_i || LDAP::LDAPS_PORT rescue $PORT = LDAP::LDAP_PORT $SSLPORT = LDAP::LDAPS_PORT endrequire “ldap”
case LDAP::LDAP_VENDOR_NAME
when /^OpenLDAP/i
# true means we use start_tls extension.
conn = LDAP::SSLConn.new($HOST, $PORT, true)
when /^Netscape/i
conn = LDAP::SSLConn.new($HOST, $SSLPORT,
false, File.expand_path(“~/.netscape/cert7.db”))
conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
else
raise(RuntimeError, “unknown vendor”)
endv = conn.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION)
printf(“protocol version = #{v}\n”)conn.bind{
conn.perror(“bind”)
}
My questions are:
- How to create TLS connections in Ruby?
- If client library verifies the servers certificate, where
can I put the CA’s certificate? ldap.conf is ok? - Is there any documentation about libruby-ldap except the
few examples in the package itself? Where?
···
–
Thanks,
bSanyI