Obviously I am missing something and I don''t know what it is... I am following the instructions at http://rubyforge.org/docman/view.php/381/114/activeldap_rb.html and also here... http://wiki.rubyonrails.org/rails/pages/HowtoAuthenticateViaLdap my model looks exactly like this... class LdapUser < ActiveRecord::Base ldap_mapping :dnattr => ''uid'', :prefix => ''People'', :classes => [''top'',''account''] #belongs_to :groups, :class_name => ''Groups'', :foreign_key => ''memberUid'', :local_key => ''uid'' def self.login(username, password) begin ActiveLDAP::Base.connect( :host => "srv1.azapple.com", :port => 389, :base => "dc=azapple,dc=com", :bind_format => "uid=#{username},ou=People,dc=azapple,dc=com", :password_block => Proc.new { password }, :allow_anonymous => false ) ActiveLDAP::Base.close return true rescue ActiveLDAP::AuthenticationError return false end end end which makes sense to me since this works... $ ldapsearch -x -h srv1.azapple.com -W \ -D ''uid=craig,ou=People,dc=azapple,dc=com'' \ -b ''dc=azapple,dc=com'' ''(uid=craig)'' but the web page gives me this error about the ldap_mapping... NoMethodError in Login#login undefined method `ldap_mapping'' for LdapUser:Class RAILS_ROOT: script/../config/.. Application Trace | Framework Trace | Full Trace /usr/lib/ruby/gems/1.8/gems/activerecord-1.13.2/lib/active_record/base.rb:991:in `method_missing'' and it seems that no matter what I put into the ldap_mapping line in my model, the error is the same. Hints? Craig
* Craig White <craigwhite@azapple.com> [2006-03-26 05:57]:> my model looks exactly like this... > class LdapUser < ActiveRecord::BaseYou want LdapUser to be a subclass of ActiveLDAP::Base, not ActiveRecord::Base.
On Sun, 2006-03-26 at 16:46 -0700, Grant Hollingworth wrote:> * Craig White <craigwhite@azapple.com> [2006-03-26 05:57]: > > my model looks exactly like this... > > class LdapUser < ActiveRecord::Base > > You want LdapUser to be a subclass of ActiveLDAP::Base, not > ActiveRecord::Base.---- good catch - that''s been making me crazy - thanks Craig
On Sun, 2006-03-26 at 16:46 -0700, Grant Hollingworth wrote:> * Craig White <craigwhite@azapple.com> [2006-03-26 05:57]: > > my model looks exactly like this... > > class LdapUser < ActiveRecord::Base > > You want LdapUser to be a subclass of ActiveLDAP::Base, not > ActiveRecord::Base.---- this solved my syntax issues with things like ldap_mapping but I am still struggling to connect and have simply shifted to trying to connect from console and still struggling... First note, I am reasonably adept at ldap - from the command line, I can connect no problem... $ ldapsearch -x -h srv1.azapple.com \ -D ''uid=craig,ou=People,dc=azapple,dc=com'' \ -b ''dc=azapple,dc=com'' -W ''(uid=craig)'' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=azapple,dc=com> with scope sub # filter: (uid=craig) # requesting: ALL # # craig, People, azapple.com dn: uid=craig,ou=People,dc=azapple,dc=com ...snip...you get the idea... I have identical type bind configured in "app/models/ldap_user.rb" ldap_mapping :dnattr => ''uid'', :prefix => ''ou=People'', :classes => [''top'',''posixaccount''] def self.login(login, password) begin ActiveLDAP::Base.connect( #:logger => log4r_obj, :host => "srv1.azapple.com", :port => 389, :base => "dc=azapple,dc=com", :bind_format => "uid=#{login},ou=People,dc=azapple,dc=com", :password_block => Proc.new { password }, :allow_anonymous => false, :try_sasl => false ) ActiveLDAP::Base.close return true rescue ActiveLDAP::AuthenticationError return false end end then the console... [craig@lin-workstation trunk]$ ruby script/console Loading development environment.>> require "activeldap"=> false>> require "app/controllers/application.rb"=> true>> require "app/models/ldap_user.rb"=> true>> mytest = LdapUser.login("craig", "MY-REMOVED-PASSWORD")=> false One other thing of note...I have tried putting into following into environment.rb ... config.frameworks -= [ :active_record ] but it seems to make no difference either way (whether commented out or not) So - I''m wondering...why I get a ''false'' from my first console line of ''require "activeldap"'' ? and more importantly, why won''t it authenticate? slapd logs show the connection but the bind isn''t attempted. Craig
Did you install the gem or from source? I think if it''s from a gem you may need something like this: require ''rubygems'' require_gem ''ruby-activeldap'' I install from source, so the require ''activeldap'' works for me jro@inferno:~$ irb irb(main):001:0> require ''activeldap'' => true -j On Mon, Mar 27, 2006 at 08:08:23AM -0700, Craig White wrote:> On Sun, 2006-03-26 at 16:46 -0700, Grant Hollingworth wrote: > > * Craig White <craigwhite@azapple.com> [2006-03-26 05:57]: > > > my model looks exactly like this... > > > class LdapUser < ActiveRecord::Base > > > > You want LdapUser to be a subclass of ActiveLDAP::Base, not > > ActiveRecord::Base. > ---- > this solved my syntax issues with things like ldap_mapping but I am > still struggling to connect and have simply shifted to trying to connect > from console and still struggling... > > First note, I am reasonably adept at ldap - from the command line, I can > connect no problem... > > $ ldapsearch -x -h srv1.azapple.com \ > -D ''uid=craig,ou=People,dc=azapple,dc=com'' \ > -b ''dc=azapple,dc=com'' -W ''(uid=craig)'' > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=azapple,dc=com> with scope sub > # filter: (uid=craig) > # requesting: ALL > # > > # craig, People, azapple.com > dn: uid=craig,ou=People,dc=azapple,dc=com > ...snip...you get the idea... > > I have identical type bind configured in "app/models/ldap_user.rb" > > ldap_mapping :dnattr => ''uid'', > :prefix => ''ou=People'', > :classes => [''top'',''posixaccount''] > > def self.login(login, password) > begin > ActiveLDAP::Base.connect( > #:logger => log4r_obj, > :host => "srv1.azapple.com", > :port => 389, > :base => "dc=azapple,dc=com", > :bind_format => "uid=#{login},ou=People,dc=azapple,dc=com", > :password_block => Proc.new { password }, > :allow_anonymous => false, > :try_sasl => false > ) > ActiveLDAP::Base.close > return true > rescue ActiveLDAP::AuthenticationError > return false > end > end > > then the console... > [craig@lin-workstation trunk]$ ruby script/console > Loading development environment. > >> require "activeldap" > => false > >> require "app/controllers/application.rb" > => true > >> require "app/models/ldap_user.rb" > => true > >> mytest = LdapUser.login("craig", "MY-REMOVED-PASSWORD") > => false > > One other thing of note...I have tried putting into following into > environment.rb ... > > config.frameworks -= [ :active_record ] > > but it seems to make no difference either way (whether commented out or > not) > > So - I''m wondering...why I get a ''false'' from my first console line of > ''require "activeldap"'' ? > > and more importantly, why won''t it authenticate? slapd logs show the > connection but the bind isn''t attempted. > > Craig > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://wrath.rubyonrails.org/pipermail/rails/attachments/20060327/a55f4cdb/attachment.bin
Yes, I did install the gem... $ ruby script/console Loading development environment.>> require "rubygems"=> false>> require_gem "ruby-activeldap"=> true>> require "app/controllers/application.rb"=> true>> require "app/models/ldap_user.rb"=> true>> mytest = LdapUser.login("craig", "MY-REMOVED-PASSWORD")=> false require "rubygems" fails - perhaps not meaningful still significantly, I see the connect and then the close, but never a bind attempt in my slapd logs... Mar 27 09:01:04 srv1 slapd[30353]: conn=2835 fd=12 ACCEPT from IP=192.168.2.10:42993 (IP=0.0.0.0:389) Mar 27 09:01:04 srv1 slapd[30353]: conn=2835 fd=12 closed whereas binds are clearly obvious in the logs (binds from other ''client'' applications) Craig On Mon, 2006-03-27 at 09:26 -0600, jro@codegrinder.com wrote:> Did you install the gem or from source? I think if it''s from a gem you may > need something like this: > > require ''rubygems'' > require_gem ''ruby-activeldap'' > > I install from source, so the require ''activeldap'' works for me > > jro@inferno:~$ irb > irb(main):001:0> require ''activeldap'' > => true > > -j > > On Mon, Mar 27, 2006 at 08:08:23AM -0700, Craig White wrote: > > On Sun, 2006-03-26 at 16:46 -0700, Grant Hollingworth wrote: > > > * Craig White <craigwhite@azapple.com> [2006-03-26 05:57]: > > > > my model looks exactly like this... > > > > class LdapUser < ActiveRecord::Base > > > > > > You want LdapUser to be a subclass of ActiveLDAP::Base, not > > > ActiveRecord::Base. > > ---- > > this solved my syntax issues with things like ldap_mapping but I am > > still struggling to connect and have simply shifted to trying to connect > > from console and still struggling... > > > > First note, I am reasonably adept at ldap - from the command line, I can > > connect no problem... > > > > $ ldapsearch -x -h srv1.azapple.com \ > > -D ''uid=craig,ou=People,dc=azapple,dc=com'' \ > > -b ''dc=azapple,dc=com'' -W ''(uid=craig)'' > > Enter LDAP Password: > > # extended LDIF > > # > > # LDAPv3 > > # base <dc=azapple,dc=com> with scope sub > > # filter: (uid=craig) > > # requesting: ALL > > # > > > > # craig, People, azapple.com > > dn: uid=craig,ou=People,dc=azapple,dc=com > > ...snip...you get the idea... > > > > I have identical type bind configured in "app/models/ldap_user.rb" > > > > ldap_mapping :dnattr => ''uid'', > > :prefix => ''ou=People'', > > :classes => [''top'',''posixaccount''] > > > > def self.login(login, password) > > begin > > ActiveLDAP::Base.connect( > > #:logger => log4r_obj, > > :host => "srv1.azapple.com", > > :port => 389, > > :base => "dc=azapple,dc=com", > > :bind_format => "uid=#{login},ou=People,dc=azapple,dc=com", > > :password_block => Proc.new { password }, > > :allow_anonymous => false, > > :try_sasl => false > > ) > > ActiveLDAP::Base.close > > return true > > rescue ActiveLDAP::AuthenticationError > > return false > > end > > end > > > > then the console... > > [craig@lin-workstation trunk]$ ruby script/console > > Loading development environment. > > >> require "activeldap" > > => false > > >> require "app/controllers/application.rb" > > => true > > >> require "app/models/ldap_user.rb" > > => true > > >> mytest = LdapUser.login("craig", "MY-REMOVED-PASSWORD") > > => false > > > > One other thing of note...I have tried putting into following into > > environment.rb ... > > > > config.frameworks -= [ :active_record ] > > > > but it seems to make no difference either way (whether commented out or > > not) > > > > So - I''m wondering...why I get a ''false'' from my first console line of > > ''require "activeldap"'' ? > > > > and more importantly, why won''t it authenticate? slapd logs show the > > connection but the bind isn''t attempted. > > > > Craig > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails
Maybe I''m wrong and rubygems error is significant... I don''t get it. The documentation of both gems, ruby-activeldap and log4r suggest that I need to execute require "rubygems" but all I get is false on this... so I tried...at any rate, the ruby-activeldap connects to my ldap server but never bothers trying to bind to it - despite having what I believe is a simple connection script (below) Craig the following is the results of my efforts to enable ''require "rubygems"'' to work... # gem install rubygems Attempting local installation of ''rubygems'' Local gem file not found: rubygems*.gem Attempting remote installation of ''rubygems'' Updating Gem source index for: http://gems.rubyforge.org ERROR: While executing gem ... (Gem::GemNotFoundException) Could not find rubygems (> 0) in the repository You have new mail in /var/spool/mail/root [root@lin-workstation activeldap]# gem list *** LOCAL GEMS *** actionmailer (1.1.5) Service layer for easy email delivery and testing. actionpack (1.11.2) Web-flow and rendering framework putting the VC in MVC. actionwebservice (1.0.0) Web service support for Action Pack. activerecord (1.13.2) Implements the ActiveRecord pattern for ORM. activesupport (1.2.5) Support and utility classes used by the Rails framework. log4r (1.0.5) Log4r is a comprehensive and flexible logging library for Ruby. model_security_generator (0.0.9) [Rails] Model security and authentication generator. postgres (0.7.1) The extension library to access a PostgreSQL database from Ruby. rails (1.0.0) Web-application framework with template engine, control-flow layer, and ORM. rake (0.7.0, 0.6.2) Ruby based make-like utility. ruby-activeldap (0.6.0) Ruby/ActiveLDAP is a object-oriented API to LDAP sources (0.0.1) This package provides download sources for remote gem installation Craig On Mon, 2006-03-27 at 09:04 -0700, Craig White wrote:> Yes, I did install the gem... > > $ ruby script/console > Loading development environment. > >> require "rubygems" > => false > >> require_gem "ruby-activeldap" > => true > >> require "app/controllers/application.rb" > => true > >> require "app/models/ldap_user.rb" > => true > >> mytest = LdapUser.login("craig", "MY-REMOVED-PASSWORD") > => false > > require "rubygems" fails - perhaps not meaningful > > still significantly, I see the connect and then the close, but never a > bind attempt in my slapd logs... > > Mar 27 09:01:04 srv1 slapd[30353]: conn=2835 fd=12 ACCEPT from > IP=192.168.2.10:42993 (IP=0.0.0.0:389) > Mar 27 09:01:04 srv1 slapd[30353]: conn=2835 fd=12 closed > > whereas binds are clearly obvious in the logs (binds from other ''client'' > applications) > > Craig > > On Mon, 2006-03-27 at 09:26 -0600, jro@codegrinder.com wrote: > > Did you install the gem or from source? I think if it''s from a gem you may > > need something like this: > > > > require ''rubygems'' > > require_gem ''ruby-activeldap'' > > > > I install from source, so the require ''activeldap'' works for me > > > > jro@inferno:~$ irb > > irb(main):001:0> require ''activeldap'' > > => true > > > > -j > > > > On Mon, Mar 27, 2006 at 08:08:23AM -0700, Craig White wrote: > > > On Sun, 2006-03-26 at 16:46 -0700, Grant Hollingworth wrote: > > > > * Craig White <craigwhite@azapple.com> [2006-03-26 05:57]: > > > > > my model looks exactly like this... > > > > > class LdapUser < ActiveRecord::Base > > > > > > > > You want LdapUser to be a subclass of ActiveLDAP::Base, not > > > > ActiveRecord::Base. > > > ---- > > > this solved my syntax issues with things like ldap_mapping but I am > > > still struggling to connect and have simply shifted to trying to connect > > > from console and still struggling... > > > > > > First note, I am reasonably adept at ldap - from the command line, I can > > > connect no problem... > > > > > > $ ldapsearch -x -h srv1.azapple.com \ > > > -D ''uid=craig,ou=People,dc=azapple,dc=com'' \ > > > -b ''dc=azapple,dc=com'' -W ''(uid=craig)'' > > > Enter LDAP Password: > > > # extended LDIF > > > # > > > # LDAPv3 > > > # base <dc=azapple,dc=com> with scope sub > > > # filter: (uid=craig) > > > # requesting: ALL > > > # > > > > > > # craig, People, azapple.com > > > dn: uid=craig,ou=People,dc=azapple,dc=com > > > ...snip...you get the idea... > > > > > > I have identical type bind configured in "app/models/ldap_user.rb" > > > > > > ldap_mapping :dnattr => ''uid'', > > > :prefix => ''ou=People'', > > > :classes => [''top'',''posixaccount''] > > > > > > def self.login(login, password) > > > begin > > > ActiveLDAP::Base.connect( > > > #:logger => log4r_obj, > > > :host => "srv1.azapple.com", > > > :port => 389, > > > :base => "dc=azapple,dc=com", > > > :bind_format => "uid=#{login},ou=People,dc=azapple,dc=com", > > > :password_block => Proc.new { password }, > > > :allow_anonymous => false, > > > :try_sasl => false > > > ) > > > ActiveLDAP::Base.close > > > return true > > > rescue ActiveLDAP::AuthenticationError > > > return false > > > end > > > end > > > > > > then the console... > > > [craig@lin-workstation trunk]$ ruby script/console > > > Loading development environment. > > > >> require "activeldap" > > > => false > > > >> require "app/controllers/application.rb" > > > => true > > > >> require "app/models/ldap_user.rb" > > > => true > > > >> mytest = LdapUser.login("craig", "MY-REMOVED-PASSWORD") > > > => false > > > > > > One other thing of note...I have tried putting into following into > > > environment.rb ... > > > > > > config.frameworks -= [ :active_record ] > > > > > > but it seems to make no difference either way (whether commented out or > > > not) > > > > > > So - I''m wondering...why I get a ''false'' from my first console line of > > > ''require "activeldap"'' ? > > > > > > and more importantly, why won''t it authenticate? slapd logs show the > > > connection but the bind isn''t attempted. > > > > > > Craig
* Craig White <craigwhite@azapple.com> [2006-03-27 11:23]:> The documentation of both gems, ruby-activeldap and log4r suggest that I > need to execute > require "rubygems" but all I get is false on this...I got confused by the same thing. False means it''s already loaded. If the load failed, Ruby would raise a LoadError exception. Explanation: http://rubyforge.org/pipermail/rubygems-developers/2005-September/001746.html> # gem install rubygemsIf you have ''gem'', RubyGems is already installed.
> The documentation of both gems, ruby-activeldap and log4r suggest that I > need to execute > > require "rubygems" but all I get is false on this...http://rubyforge.org/pipermail/fxruby-users/2005-June.txt From: lyle at knology.net > require ''rubygems'' > false This is a little confusing, but require returns false if you try to require a library that has already been loaded.
On Mon, 2006-03-27 at 13:43 -0500, brabuhr@gmail.com wrote:> > The documentation of both gems, ruby-activeldap and log4r suggest that I > > need to execute > > > > require "rubygems" but all I get is false on this...----> This is a little confusing, but require returns false if you try to require > a library that has already been loaded.---- I''ve seen that - just usually the first time when I open a console and require, it returns true and subsequent efforts would be false. Apparently, it is as Grant suggests, rubygems is automatically activated in which case, all attempts to ''require "rubygems"'' are superfluous and probably relate to pre-1.0.0 rails Anyway, I am going to restate my problem with activeldap since I can articulate it better with each wasted hour I spend trying to make it work... $ ldapsearch -x -h srv1.azapple.com \ -D ''uid=craig,ou=People,dc=azapple,dc=com'' \ -b ''dc=azapple,dc=com'' -W ''(uid=craig)'' Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=azapple,dc=com> with scope sub # filter: (uid=craig) # requesting: ALL # # craig, People, azapple.com dn: uid=craig,ou=People,dc=azapple,dc=com ...snip...you get the idea... I have identical type bind configured in "app/models/ldap_user.rb" class LdapUser < ActiveLDAP::Base ldap_mapping def self.login(login, password) begin ActiveLDAP::Base.connect( :host => "srv1.azapple.com", :port => 389, :base => "dc=azapple,dc=com", :bind_format => "uid=#{login},ou=People,dc=azapple,dc=com", :password_block => Proc.new { password }, :allow_anonymous => false, :try_sasl => false ) ActiveLDAP::Base.close return true rescue ActiveLDAP::AuthenticationError return false end end end BUT in the Console... $ ruby script/console Loading development environment.>> require_gem "ruby-activeldap"=> true>> require "app/models/ldap_user.rb"=> true>> mytest = LdapUser.login("craig", "MY-REMOVED-PASSWORD")=> false and though it will connect to the ldap server, it never attempts to bind to the ldap server as me or anyone (according to the ldap server logs). Craig
I really need this to work - and I can''t make it work regardless of how I simplify...>> require_gem "ruby-activeldap"=> false>> require "app/models/ldap_user.rb"=> true>> mytest = ActiveLDAP::Base.connect(:host => "srv1.azapple.com",:port => 389, :base => "dc=azapple,dc=com", :bind_format => "cn=root,dc=azapple,dc=com", :password_block => Proc.new{ "MY-REMOVED-PASSWORD" }, :try_sasl => false, :allow_anonymous => false ) ActiveLDAP::AuthenticationError: All authentication mechanisms failed from ./script/../config/../config/../lib/activeldap/base.rb:1196:in `do_bind'' from ./script/../config/../config/../lib/activeldap/base.rb:1168:in `do_connect'' from ./script/../config/../config/../lib/activeldap/base.rb:227:in `connect'' from (irb):11 that is my rootbinddn - I have absolutely no problem connecting to ldap server with this same host/port/bind/password/no-sasl combo I have updated to Rails 1.1 I now get false reply to the following... require "activeldap" require_gem "ruby-activeldap" and removing/reinstalling gem ruby-activeldap doesn''t change that. More importantly - still the logs on the ldap server show the connection being made but no attempt to ''bind'' is made whatsoever. I really need help with this. This is now the 4th day I have remained stuck here. Thanks Craig
Have you mailed the maintainer? I think his email address is in the README or, at least, all over the docs. The main post on his blog for ActiveLDAP is: http://dataspill.org/pages/projects/ruby-activeldap I''ve had issues with ActiveLDAP before and he was very helpful. He might be able to determine what the issue is. My question is, have you tried to authenticate with just Ruby::LDAP? It would be interesting to see if the problem lies there and not in ActiveLDAP (or vice-versa). Obviously, authentication works, but something''s mucking it up. Sean On 3/28/06, Craig White <craigwhite@azapple.com> wrote:> I really need this to work - and I can''t make it work regardless of how > I simplify... > > >> require_gem "ruby-activeldap" > => false > >> require "app/models/ldap_user.rb" > => true > >> mytest = ActiveLDAP::Base.connect(:host => "srv1.azapple.com", > :port => 389, > :base => "dc=azapple,dc=com", > :bind_format => "cn=root,dc=azapple,dc=com", > :password_block => Proc.new{ "MY-REMOVED-PASSWORD" }, > :try_sasl => false, :allow_anonymous => false ) > ActiveLDAP::AuthenticationError: All authentication mechanisms failed > > from ./script/../config/../config/../lib/activeldap/base.rb:1196:in > `do_bind'' > > from ./script/../config/../config/../lib/activeldap/base.rb:1168:in > `do_connect'' > > from ./script/../config/../config/../lib/activeldap/base.rb:227:in > `connect'' > from (irb):11 > > that is my rootbinddn - I have absolutely no problem connecting to ldap > server with this same host/port/bind/password/no-sasl combo > > I have updated to Rails 1.1 > I now get false reply to the following... > require "activeldap" > require_gem "ruby-activeldap" > > and removing/reinstalling gem ruby-activeldap doesn''t change that. > > More importantly - still the logs on the ldap server show the connection > being made but no attempt to ''bind'' is made whatsoever. > > I really need help with this. This is now the 4th day I have remained > stuck here. > > Thanks > > Craig > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On Tue, 2006-03-28 at 15:23 -0500, Sean Hussey wrote:> Have you mailed the maintainer? I think his email address is in the > README or, at least, all over the docs. The main post on his blog for > ActiveLDAP is: > > http://dataspill.org/pages/projects/ruby-activeldap > > I''ve had issues with ActiveLDAP before and he was very helpful. He > might be able to determine what the issue is.---- I thought I did...I emailed Ian Caliban but his was the Ruby::LDAP and that I guess is not the activeldap package. I got no answer ;-) Thanks for forcing me to look again - I am tearing my hair out. I''ve aged 4 years in the past 4 days ;-) it was easier to learn LDAP than to get this little module going. ----> > My question is, have you tried to authenticate with just Ruby::LDAP? > It would be interesting to see if the problem lies there and not in > ActiveLDAP (or vice-versa). Obviously, authentication works, but > something''s mucking it up.---- I have to figure out how to do that - I don''t know that I''ve been able to figure out where the Ruby::LDAP stops and activeldap starts ----> > Sean > > On 3/28/06, Craig White <craigwhite@azapple.com> wrote: > > I really need this to work - and I can''t make it work regardless of how > > I simplify... > > > > >> require_gem "ruby-activeldap" > > => false > > >> require "app/models/ldap_user.rb" > > => true > > >> mytest = ActiveLDAP::Base.connect(:host => "srv1.azapple.com", > > :port => 389, > > :base => "dc=azapple,dc=com", > > :bind_format => "cn=root,dc=azapple,dc=com", > > :password_block => Proc.new{ "MY-REMOVED-PASSWORD" }, > > :try_sasl => false, :allow_anonymous => false ) > > ActiveLDAP::AuthenticationError: All authentication mechanisms failed > > > > from ./script/../config/../config/../lib/activeldap/base.rb:1196:in > > `do_bind'' > > > > from ./script/../config/../config/../lib/activeldap/base.rb:1168:in > > `do_connect'' > > > > from ./script/../config/../config/../lib/activeldap/base.rb:227:in > > `connect'' > > from (irb):11 > > > > that is my rootbinddn - I have absolutely no problem connecting to ldap > > server with this same host/port/bind/password/no-sasl combo > > > > I have updated to Rails 1.1 > > I now get false reply to the following... > > require "activeldap" > > require_gem "ruby-activeldap" > > > > and removing/reinstalling gem ruby-activeldap doesn''t change that. > > > > More importantly - still the logs on the ldap server show the connection > > being made but no attempt to ''bind'' is made whatsoever. > > > > I really need help with this. This is now the 4th day I have remained > > stuck here.---- Thanks Craig
For the moment, throw ActiveLDAP out. Here''s a (modified) class I built to work with our LDAP: require "ldap" include LDAP class MyLDAP < LDAP::Conn DN = "uid=ldapmanager,dc=company,dc=com" PASS = "" BASE_DN = "dc=company,dc=com" PEOPLE_DN = "ou=people,dc=company,dc=com" LDAP_HOST = "ldap.company.com" LDAP_PORT = 389 PROTOCOL_VERSION = 3 # Create a new LDAP connection object with a default # host of ldap.company.com # Override this by setting host in the method call. # Returns a connection object. def initialize (host = LDAP_HOST, version = PROTOCOL_VERSION) super( host, LDAP_PORT ) set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, version ) return self end # Bind as the root dn unless specified otherwise. def bind(dn = DN, pass = PASS) super( dn, pass ) end end Then I use it like this (sort of--that''s a big data return on the filter): require "myldap" conn = MyLDAP.new.bind attrs = %w{uid sn givenname cn} filter = "objectClass=*" results = conn.search2(MyLDAP::PEOPLE_DN, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) p results See if you can get something like that going. Sean On 3/28/06, Craig White <craigwhite@azapple.com> wrote:> On Tue, 2006-03-28 at 15:23 -0500, Sean Hussey wrote: > > Have you mailed the maintainer? I think his email address is in the > > README or, at least, all over the docs. The main post on his blog for > > ActiveLDAP is: > > > > http://dataspill.org/pages/projects/ruby-activeldap > > > > I''ve had issues with ActiveLDAP before and he was very helpful. He > > might be able to determine what the issue is. > ---- > I thought I did...I emailed Ian Caliban but his was the Ruby::LDAP and > that I guess is not the activeldap package. I got no answer ;-) > > Thanks for forcing me to look again - I am tearing my hair out. I''ve > aged 4 years in the past 4 days ;-) > > it was easier to learn LDAP than to get this little module going. > ---- > > > > My question is, have you tried to authenticate with just Ruby::LDAP? > > It would be interesting to see if the problem lies there and not in > > ActiveLDAP (or vice-versa). Obviously, authentication works, but > > something''s mucking it up. > ---- > I have to figure out how to do that - I don''t know that I''ve been able > to figure out where the Ruby::LDAP stops and activeldap starts > ---- > > > > Sean > > > > On 3/28/06, Craig White <craigwhite@azapple.com> wrote: > > > I really need this to work - and I can''t make it work regardless of how > > > I simplify... > > > > > > >> require_gem "ruby-activeldap" > > > => false > > > >> require "app/models/ldap_user.rb" > > > => true > > > >> mytest = ActiveLDAP::Base.connect(:host => "srv1.azapple.com", > > > :port => 389, > > > :base => "dc=azapple,dc=com", > > > :bind_format => "cn=root,dc=azapple,dc=com", > > > :password_block => Proc.new{ "MY-REMOVED-PASSWORD" }, > > > :try_sasl => false, :allow_anonymous => false ) > > > ActiveLDAP::AuthenticationError: All authentication mechanisms failed > > > > > > from ./script/../config/../config/../lib/activeldap/base.rb:1196:in > > > `do_bind'' > > > > > > from ./script/../config/../config/../lib/activeldap/base.rb:1168:in > > > `do_connect'' > > > > > > from ./script/../config/../config/../lib/activeldap/base.rb:227:in > > > `connect'' > > > from (irb):11 > > > > > > that is my rootbinddn - I have absolutely no problem connecting to ldap > > > server with this same host/port/bind/password/no-sasl combo > > > > > > I have updated to Rails 1.1 > > > I now get false reply to the following... > > > require "activeldap" > > > require_gem "ruby-activeldap" > > > > > > and removing/reinstalling gem ruby-activeldap doesn''t change that. > > > > > > More importantly - still the logs on the ldap server show the connection > > > being made but no attempt to ''bind'' is made whatsoever. > > > > > > I really need help with this. This is now the 4th day I have remained > > > stuck here. > ---- > Thanks > > Craig > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On Tue, 2006-03-28 at 17:35 -0500, Sean Hussey wrote:> For the moment, throw ActiveLDAP out. > > Here''s a (modified) class I built to work with our LDAP: > > require "ldap" > include LDAP > > class MyLDAP < LDAP::Conn > > DN = "uid=ldapmanager,dc=company,dc=com" > PASS = "" > BASE_DN = "dc=company,dc=com" > PEOPLE_DN = "ou=people,dc=company,dc=com" > LDAP_HOST = "ldap.company.com" > LDAP_PORT = 389 > PROTOCOL_VERSION = 3 > > # Create a new LDAP connection object with a default > # host of ldap.company.com > # Override this by setting host in the method call. > # Returns a connection object. > def initialize (host = LDAP_HOST, version = PROTOCOL_VERSION) > super( host, LDAP_PORT ) > set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, version ) > return self > end > > # Bind as the root dn unless specified otherwise. > def bind(dn = DN, pass = PASS) > super( dn, pass ) > end > end > > Then I use it like this (sort of--that''s a big data return on the filter): > > require "myldap" > conn = MyLDAP.new.bind > attrs = %w{uid sn givenname cn} > filter = "objectClass=*" > results = conn.search2(MyLDAP::PEOPLE_DN, LDAP::LDAP_SCOPE_SUBTREE, > filter, attrs) > p results > > See if you can get something like that going.--- I''m playing with this but it ain''t rails and I''m starting to figure rails out but ruby code is still not entirely clear to me...nor is the environment to use it. I started using script/console from my application and then figured it was probably smarter to use irb. I ended up hitting a wall about here... results = conn.search2(MyLDAP::PEOPLE_DN, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) LDAP::ResultError: No such object from (irb):14:in `search2'' from (irb):14 from /usr/lib/ruby/1.8/rdoc/markup/simple_markup/inline.rb:150 which was disappointing since I thought I was getting to it...with only a few missteps but this told me that I didn''t know what I was doing because I wasn''t sure that this command above related to the other section where initialize and bind were defined and other than the original ''include'' statement, it doesn''t seem to me that the parts connect to each other, let alone the LDAP server. I did write an email to Will Drewry (I think was his name), packager for activeldap...and I pray that he takes the time to look at it my issue - I hope I made it simple enough for him. The LDAP integration is less than optimal. Craig
Hmm.> > I ended up hitting a wall about here... > > results = conn.search2(MyLDAP::PEOPLE_DN, LDAP::LDAP_SCOPE_SUBTREE, > filter, attrs) > LDAP::ResultError: No such object > from (irb):14:in `search2'' > from (irb):14 > from /usr/lib/ruby/1.8/rdoc/markup/simple_markup/inline.rb:150Before you try the search, try this: conn.bound? I should have put that in there. That''ll tell you if you''re binding. If not, maybe we''ve found your issue.> I did write an email to Will Drewry (I think was his name), packager for > activeldap...and I pray that he takes the time to look at it my issue - > I hope I made it simple enough for him. The LDAP integration is less > than optimal.Will has been great and patient with me. I did eventually have to drop ActiveLDAP from my project due to a schema clash with the schema for our calendar server. The error was in (I believe) Ruby::LDAP, not ActiveLDAP, but since ActiveLDAP uses Ruby::LDAP and needs to see all the schemas, I couldn''t reliably work around it. Sean
On Wed, 2006-03-29 at 00:59 -0500, Sean Hussey wrote:> Hmm. > > > > I ended up hitting a wall about here... > > > > results = conn.search2(MyLDAP::PEOPLE_DN, LDAP::LDAP_SCOPE_SUBTREE, > > filter, attrs) > > LDAP::ResultError: No such object > > from (irb):14:in `search2'' > > from (irb):14 > > from /usr/lib/ruby/1.8/rdoc/markup/simple_markup/inline.rb:150 > > Before you try the search, try this: > > conn.bound? > > I should have put that in there. That''ll tell you if you''re binding. > If not, maybe we''ve found your issue. > > > I did write an email to Will Drewry (I think was his name), packager for > > activeldap...and I pray that he takes the time to look at it my issue - > > I hope I made it simple enough for him. The LDAP integration is less > > than optimal. > > Will has been great and patient with me. I did eventually have to > drop ActiveLDAP from my project due to a schema clash with the schema > for our calendar server. The error was in (I believe) Ruby::LDAP, not > ActiveLDAP, but since ActiveLDAP uses Ruby::LDAP and needs to see all > the schemas, I couldn''t reliably work around it.---- Sean Will never did write me back but it is of little consequence now. Ian (Ruby::LDAP) did write me back finally this morning and said that he thought that Will was in the process of moving from the US to Ireland. Since I already had things sort of working following your direction, I didn''t belabor the point. I have been able to make it thoroughly work within irb and have even made it into working rails code and have only a few snags left to deal with but it definitely allows me to launch the rails application without a connection, to bind when I need to authenticate a user and then finally, I used the login (after success) to tie into my ActiveRecord based ''users'' table where I intend to keep the role based access information and not bother with sustaining an LDAP connection. Your help was awesome. I just needed to forget about activeldap. What I think I finally determined was that activeldap wasn''t suitable for my needs either and the wiki page is very misleading (HowToAuthenticateWithLDAP) since it is really isn''t about authentication at all, it''s about one sustained bind to LDAP - and once bound, an ''unbind'' breaks the application entirely. Just thought I would sound back on this and expect that I will try to put something useful on the rails wiki when I get settled on the structure. Craig
Awesome! Glad it''s working! I had almost the same experience with ActiveLDAP. I had it working at one point, but just in a simple way, not with any relations. After wrestling for some time and then coming up against schema validation errors, I couldn''t go any further. Hence, good ol'' Ruby::LDAP. I think I''d be able to work with ActiveLDAP (forgetting about the validation errors) to build something along the lines of phpLDAPadmin, but the roadblocks I kept hitting trying to integrate it into a Rails project were too much to overcome without documentation. That said, it''s still 0.6, not 1.0+, so that''s to be expected. I really like the library and I especially like the idea and simplicity of it, but it''s just not "there" enough for my needs. Sean On 3/30/06, Craig White <craigwhite@azapple.com> wrote:> On Wed, 2006-03-29 at 00:59 -0500, Sean Hussey wrote: > > Hmm. > > > > > > I ended up hitting a wall about here... > > > > > > results = conn.search2(MyLDAP::PEOPLE_DN, LDAP::LDAP_SCOPE_SUBTREE, > > > filter, attrs) > > > LDAP::ResultError: No such object > > > from (irb):14:in `search2'' > > > from (irb):14 > > > from /usr/lib/ruby/1.8/rdoc/markup/simple_markup/inline.rb:150 > > > > Before you try the search, try this: > > > > conn.bound? > > > > I should have put that in there. That''ll tell you if you''re binding. > > If not, maybe we''ve found your issue. > > > > > I did write an email to Will Drewry (I think was his name), packager for > > > activeldap...and I pray that he takes the time to look at it my issue - > > > I hope I made it simple enough for him. The LDAP integration is less > > > than optimal. > > > > Will has been great and patient with me. I did eventually have to > > drop ActiveLDAP from my project due to a schema clash with the schema > > for our calendar server. The error was in (I believe) Ruby::LDAP, not > > ActiveLDAP, but since ActiveLDAP uses Ruby::LDAP and needs to see all > > the schemas, I couldn''t reliably work around it. > ---- > Sean > > Will never did write me back but it is of little consequence now. Ian > (Ruby::LDAP) did write me back finally this morning and said that he > thought that Will was in the process of moving from the US to Ireland. > Since I already had things sort of working following your direction, I > didn''t belabor the point. > > I have been able to make it thoroughly work within irb and have even > made it into working rails code and have only a few snags left to deal > with but it definitely allows me to launch the rails application without > a connection, to bind when I need to authenticate a user and then > finally, I used the login (after success) to tie into my ActiveRecord > based ''users'' table where I intend to keep the role based access > information and not bother with sustaining an LDAP connection. > > Your help was awesome. I just needed to forget about activeldap. > > What I think I finally determined was that activeldap wasn''t suitable > for my needs either and the wiki page is very misleading > (HowToAuthenticateWithLDAP) since it is really isn''t about > authentication at all, it''s about one sustained bind to LDAP - and once > bound, an ''unbind'' breaks the application entirely. > > Just thought I would sound back on this and expect that I will try to > put something useful on the rails wiki when I get settled on the > structure. > > Craig > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >