On Tue, 2011-12-27 at 22:57 -0800, venkata reddy wrote:> Hi all,
> Anybody tried net/ldap gem to authenticate your rails app with
> active directory under windows server?
> I have been trying it but something is missing and i am not able to
> figure it out...
>
> here is my code in the console to establish a connection and
> authenticate.
>
>
> 1.9.2p290 :001 > require ''net/ldap''
> => true
> 1.9.2p290 :002 > ldap = Net::LDAP.new
> => #<Net::LDAP:0x000000019bd650 @host="127.0.0.1",
@port=389,
> @verbose=false, @auth={:method=>:anonymous}, @base="dc=com",
> @encryption=nil, @open_connection=nil>
> 1.9.2p290 :003 > ldap.host = "myserveripcomeshere"
> => "myserveripcomeshere"
> 1.9.2p290 :004 > ldap.port = 389
> => 389
> 1.9.2p290 :005 > ldap.auth
"my_user_name_here","my_password_here"
> =>
> {:method=>:simple, :username=>"my_user_name_here",
:password=>"my_password_here"}
> 1.9.2p290 :006 > if ldap.bind
> 1.9.2p290 :007?> puts "Authentication successful"
> 1.9.2p290 :008?> else
> 1.9.2p290 :009 > puts "Authentication failed"
> 1.9.2p290 :010?> end
> Authentication failed
> => nil
>
>
> and when i tried to see what''s the operation result. below is what
> happened..
>
> 1.9.2p290 :011 > unless ldap.bind
> 1.9.2p290 :012?> puts "Result:
#{ldap.get_operation_result.code}"
> 1.9.2p290 :013?> puts "Message:
> #{ldap.get_operation_result.message}"
> 1.9.2p290 :014?> end
> Result: 49
> Message: Invalid Credentials
> => nil
>
> con''t figure out why is happening like that, though i given the
> correct credentials.
> Any ideas?
----
I use LDAP auth but not AD. I seem to recall that it''s not possible to
use anonymous binds to AD and you probably want to use SSL. Thus you
might want to try adding...
:method => :ssl
:encryption => :simple_tls
:port => 636
or in your usage, ldap.method = ''ssl'', ldap.encryption =
''simple_tls'',
ldap.port = 636
Also, I''m not entirely certain of the usage for
''encryption'', whether
it''s required (or even useful) or not for AD.
I would suspect that the error 49 (Invalid credentials) probably comes
from the anonymous bind but one of the surest way to speed the
troubleshooting process is to view the logs on the LDAP server (not that
I know how to do that on AD but I''m sure that there''s a way).
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.