Hi all,
Solaris 10
Ruby 1.8.2
ruby-ldap 0.9.2
openldap 2.1.3
I built ruby-ldap successfully on my solaris box, and I can do regular connections just fine. However, I can't seem to do secure connections using LDAP::SSLConn.new.
If I just try to pass the server name, and no other arguments, it dies with an "unknown error", stemming from these lines in sslconn.c:
/* line 108 ff */
else
{
int opt = LDAP_OPT_X_TLS_HARD;
ldapdata->err = ldap_set_option (cldap, LDAP_OPT_X_TLS, &opt);
Check_LDAP_Result (ldapdata->err);
}
I also tried passing an explicit port, and 'true' for the 'start_tls' option like so:
ldap = LDAP::SSLConn.new(ldap_server, 389, true)
That resulted in this rather odd error:
Assertion failed: SOCKBUF_VALID( sb ), file sockbuf.c, line 82
Abort (core dumped)
Any ideas?
Thanks,
Dan
Doesn't ring a bell.
Maybe your (C) LDAP library is the problem.
Can you do other starttls ldap sessions outside ruby?
···
On 10/11/05, Daniel Berger <Daniel.Berger@qwest.com> wrote:
Hi all,
Solaris 10
Ruby 1.8.2
ruby-ldap 0.9.2
openldap 2.1.3
I built ruby-ldap successfully on my solaris box, and I can do regular
connections just fine. However, I can't seem to do secure connections using
LDAP::SSLConn.new.
If I just try to pass the server name, and no other arguments, it dies with an
"unknown error", stemming from these lines in sslconn.c:
/* line 108 ff */
else
{
int opt = LDAP_OPT_X_TLS_HARD;
ldapdata->err = ldap_set_option (cldap, LDAP_OPT_X_TLS, &opt);
Check_LDAP_Result (ldapdata->err);
}
I also tried passing an explicit port, and 'true' for the 'start_tls' option
like so:
ldap = LDAP::SSLConn.new(ldap_server, 389, true)
That resulted in this rather odd error:
Assertion failed: SOCKBUF_VALID( sb ), file sockbuf.c, line 82
Abort (core dumped)
Any ideas?
Thanks,
Dan
--
Rasputin :: Jack of All Trades - Master of Nuns
http://number9.hellooperator.net/
Dick Davies wrote:
Doesn't ring a bell.
Maybe your (C) LDAP library is the problem.
Can you do other starttls ldap sessions outside ruby?
I'm afraid I don't know ldap that well, so I'm not even sure what you mean.
Upon further review, it appears that I build against the ldap.h that comes with Solaris 10, not the ldap.h that comes with OpenLDAP.
So, I rebuilt it and explicitly set the "--with-ldap-dir" option to point to openldap. It built fine, and standard connections seem to work alright. When I try a secure connection now I get:
Can't contact LDAP server (LDAP::ResultError)
I tried a couple different ports, but no luck. Is it possible our ldap server doesn't accept secure connections? I'll investigate further and post a followup if I find out anything.
Anyway, it's better than a core dump. 
Regards,
Dan
Daniel Berger wrote:
So, I rebuilt it and explicitly set the "--with-ldap-dir" option to point to openldap. It built fine, and standard connections seem to work alright. When I try a secure connection now I get:
Can't contact LDAP server (LDAP::ResultError)
Is your server cert self-signed? As of version 2.1, OpenLDAP rejects self-signed certs. You can override this by adding
TLS_REQCERT never
to your ldap.conf file (on the OpenLDAP client). If that works, then you'll have to consider the security implications.
Steve