Does Ruby LDAP support LDAP over SSL?

4,571 views
Skip to first unread message

Graham Glass

unread,
Jun 8, 2011, 8:48:00 PM6/8/11
to Ruby LDAP
Hi everyone,

I'm trying to use Ruby LDAP to access LDAP over SSL, which seems like
a popular combination. I've set up my Open LDAP test server correctly,
and can browse its contents using the Apache Directory Studio using
LDAP over SSL (port 636), so everything seems to be setup for LDAP
over SSL correctly.

I can do a plain bind fine, but when I attempt to do a bind_as using
Ruby LDAP using port 636, it throws a "no bind result" exception
(shown below).

Does anyone have any idea what's going on?

Thanks!
Graham

========================

ldap = Net::LDAP.new
ldap.host = <my host here>
ldap.port = 636
ldap.auth <my dn>, <my password> # returns fine, no problem
ldap.bind_as(:base => <my base>, :filter => <my filter>, :password =>
<password>)

EXCEPTION: no bind result
/usr/local/lib/ruby/gems/1.8/gems/net-ldap-0.2.2/lib/net/ldap.rb:
1232:in `bind_simple'
/usr/local/lib/ruby/gems/1.8/gems/net-ldap-0.2.2/lib/net/ldap.rb:
1203:in `bind'
/usr/local/lib/ruby/gems/1.8/gems/net-ldap-0.2.2/lib/net/ldap.rb:
562:in `open'
/usr/local/lib/ruby/gems/1.8/gems/net-ldap-0.2.2/lib/net/ldap.rb:
769:in `bind_as'
/Users/grahamglass/Documents/workspace/edu20/app/models/
ldap_authentication.rb:54:in `authenticate'

Lars Tobias Skjong-Børsting

unread,
Jun 9, 2011, 8:26:56 AM6/9/11
to ruby...@googlegroups.com
Hi Graham,

On 6/9/11 2:48 AM, Graham Glass wrote:

> I can do a plain bind fine, but when I attempt to do a bind_as using
> Ruby LDAP using port 636, it throws a "no bind result" exception
> (shown below).
>
> Does anyone have any idea what's going on?

I think it tries to bind in plain text instead of over SSL.

This works for me on SSL:

ldap_args = {}
ldap_args[:host] = host
ldap_args[:base] = base_dn
ldap_args[:encryption] = :simple_tls
ldap_args[:port] = port

auth = {}
auth[:username] = bind_dn
auth[:password] = password
auth[:method] = :simple
ldap_args[:auth] = auth

ldap = Net::LDAP.new(ldap_args)

--
Regards, Lars Tobias

Graham Glass

unread,
Jun 9, 2011, 2:16:41 PM6/9/11
to Ruby LDAP
Hi Lars,

Thanks for your reply! I notice that you're setting "simple_tls",
which is different from LDAP over SSL. Or am I confused about how to
configure ruby-ldap?

Cheers,
Graham

On Jun 9, 5:26 am, Lars Tobias Skjong-Børsting <li...@relatime.no>
wrote:

Lars Tobias Skjong-Børsting

unread,
Jun 10, 2011, 2:45:50 AM6/10/11
to ruby...@googlegroups.com
Hi Graham,

On 6/9/11 8:16 PM, Graham Glass wrote:

> I notice that you're setting "simple_tls", which is different from LDAP over SSL.

How is it different?

TLS is the successor of SSL(v2|v3), OpenLDAP supports it through
OpenSSL. You may also use the StartTLS protocol with Net::LDAP to
communicate securely with OpenLDAP on port 389. That will be {:method =>
:start_tls}.

If you leave ldap_args[:encryption] = nil, then
Net::LDAP::Connection#new will not try to use an encrypted connection,
but if it is other than nil, you may specify {:method => :simple_tls} or
{:method => :start_tls}. Net::LDAP does not automatically choose one or
the other based on the port you are using, so you'll have to specify it
if you want to use SSL/TLS.

http://en.wikipedia.org/wiki/Transport_Layer_Security#Simple_TLS_handshake

--
Regards, Lars Tobias

Graham Glass

unread,
Jun 10, 2011, 2:50:03 AM6/10/11
to Ruby LDAP
Hi Lars,

You're absolutely right, it was my misunderstanding. I was getting
"simple TLS" mixed up with "StartTLS".
Thanks for all your help!!

Cheers,
Graham


On Jun 9, 11:45 pm, Lars Tobias Skjong-Børsting <li...@relatime.no>
wrote:
> http://en.wikipedia.org/wiki/Transport_Layer_Security#Simple_TLS_hand...
>
> --
> Regards, Lars Tobias
Reply all
Reply to author
Forward
0 new messages