[Date Prev][Date Next] [Chronological] [Thread] [Top]

libldap-ruby with TLS connection




   Hi,

Has anybody any experience with libldap-ruby?  There's an
example file, how to make connections with TLS, but it
does'n work to me.  The error message is similar to the
prbleme if I use ldapsearch at a unix prompt and forget
to include CA certificate file to the ldap.conf:

	ssage:~$ irb1.8        
	irb(main):001:0> require 'ldap'
	=> true
	irb(main):002:0> LDAP::LDAP_VENDOR_NAME
	=> "OpenLDAP"
	irb(main):003:0> conn = LDAP::SSLConn.new("10.3.130.61", 3892, true)
	LDAP::ResultError: Connect error
		from (irb):3:in `initialize'
		from (irb):3:in `new'
		from (irb):3
	irb(main):004:0> _

Yes, "10.3.130.61" and port 3892 is correct.  Certs are OK, ldapsearch
with -ZZ is ready.  The TLS example in the package:

|	# -*- ruby -*-		### bind-ssl.rb ###
|	# This file is a part of test scripts of LDAP extension module.
|	
|	$test = File.dirname($0)
|	require "#{$test}/conf"
||			# -*- ruby -*-		### conf.rb ###
||			
||			require 'ldap'
||			
||			$HOST = 'localhost'
||			begin
||			  $PORT = ARGV[0].to_i || LDAP::LDAP_PORT
||			  $SSLPORT = ARGV[1].to_i || LDAP::LDAPS_PORT
||			rescue
||			  $PORT = LDAP::LDAP_PORT
||			  $SSLPORT = LDAP::LDAPS_PORT
||			end
|	require "ldap"
|	
|	case LDAP::LDAP_VENDOR_NAME
|	when /^OpenLDAP/i
|	  # true means we use start_tls extension.
|	  conn = LDAP::SSLConn.new($HOST, $PORT, true)
|	when /^Netscape/i
|	  conn = LDAP::SSLConn.new($HOST, $SSLPORT,
|	                           false, File.expand_path("~/.netscape/cert7.db"))
|	  conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
|	else
|	  raise(RuntimeError, "unknown vendor")
|	end
|	
|	v = conn.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION)
|	printf("protocol version = #{v}\n")
|	
|	conn.bind{
|	  conn.perror("bind")
|	}


My questions are:

-  How to create TLS connections in Ruby?
-  If client library verifies the servers certificate, where
	can I put the CA's certificate?  ldap.conf is ok?
-  Is there any documentation about libruby-ldap except the
	few examples in the package itself?  Where?

-- 
Thanks,
bSanyI