I am trying to get LDAP authentication working with SSL encryption. I have finally figured out how to authenticate against our central LDAP server with SSL (simple authentication, no SASL). To get OpenLDAP’s ldapsearch client program to work, I had to add some configuration information to /etc/openldap/ldap.conf. After those changes were in place, then I could use ruby/ldap to authenticate via irb using conn = LDAP::
SSLConn.new(host, port) (no TLS). However, I can’t authenticate over LDAPS from within Rails. I am using the Acts_as_LDAP_Authenticated plugin from
http://www.noitulove.ch/ldap-authentication-plugin-for-rails/ If I configure my server not to use SSL, then I can authenticate just fine. If, however, I request ssl, I get the error below.
LDAP::ResultError (Operations error):
initialize' /app/models/ldap_server.rb:86:in connect’
authenticated?' /app/models/user.rb:39:in authenticated?’
authenticate' /app/controllers/account_controller.rb:75:in login’
The line in question looks a lot like what I can do from irb. I have even tried changing it so it is exactly what I use from irb. But I still get the same error message. The connect method is:
conn = nil
conn = LDAP::SSLConn.new self.host, self.port
conn = LDAP::Conn.new self.host, self.port
I suspect the issue may be that from within the Rails context, the configuration options from my ldap.conf file are not being honored.
Does anyone know how to make ruby/ldap give more informative error messages? I would like more detail on the operations error that appears to be in some initialize function somewhere. I am assuming it is failing at the same point where ldapsearch was having trouble - but I can’t figure out how to confirm that.
Does anyone know how to pass options directly to ruby/ldap? There are tantilizing methods like conn.set_option but I am having trouble figuring out legal options and how they relate to configuration options that I set in ldap.conf.