Comments (8)
Arcath
commented on July 30, 2024
Sorry for taking so long to get back to you, been a bit busy this week
Is this not already supported by changing the port to 636 and setting an encryption method?
I've not really looked into LDAPS.
from adauth.
RaceFPV
commented on July 30, 2024
Not sure where i should be setting the encryption method at. I set 'c.encryption' in config/adauth.rb but then i get error: 'undefined method encryption'
from adauth.
Arcath
commented on July 30, 2024
you would set an encryption method so c.encryption = :simple_tls
from adauth.
hermiti
commented on July 30, 2024
I can verify that this works by setting the following in config/initializers/adauth.rb:
c.port = 636
c.encryption = :simple_tls
If you are getting an undefined method ensure that you are using adauth ~2.X, as it is not supported in 1.2.1.
from adauth.
drewhamlett
commented on July 30, 2024
Hi @hermiti do you have to have the AD TLS certificate on the machine running Ruby?
from adauth.
hermiti
commented on July 30, 2024
@drewhjava
No I did not, the server itself supplies the certificate to the client. No verification of that certificate or the certificate chain is performed by the client. Here is an excerpt from the net-ldap implementation's source code:
https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap.rb
# The :simple_tls encryption method encrypts <i>all</i> communications
# with the LDAP server. It completely establishes SSL/TLS encryption with
# the LDAP server before any LDAP-protocol data is exchanged. There is no
# plaintext negotiation and no special encryption-request controls are
# sent to the server. <i>The :simple_tls option is the simplest, easiest
# way to encrypt communications between Net::LDAP and LDAP servers.</i>
# It's intended for cases where you have an implicit level of trust in the
# authenticity of the LDAP server. No validation of the LDAP server's SSL
# certificate is performed. This means that :simple_tls will not produce
# errors if the LDAP server's encryption certificate is not signed by a
# well-known Certification Authority.
Here is a super simple ruby script that I threw together just to test simple_tls, mainly because I felt like the authentication times were much to long using tls, and I wanted to test the implementation.
require 'rubygems'
require 'net/ldap'
time_before = Time.now.to_f
ldap = Net::LDAP.new :host => "192.168.1.1",
:port => 636,
:encryption => :simple_tls,
:base => "dc=somewhere, dc=org",
:force_no_page => false,
:auth => {
:method => :simple,
:username => "whatever@somewhere",
:password => "password"
}
if ldap.bind
#User Authenticated
test_username_query = "testuser"
filter = Net::LDAP::Filter.eq("samaccountname", test_username_query)
treebase = "dc=somewhere, dc=org"
results = ldap.search(:base => treebase, :filter => filter)
results.each do |entry|
puts "DN: #{entry.dn}"
entry.each do |attribute, values|
puts " #{attribute}:"
values.each do |value|
puts " --->#{value}"
end
end
end
else
#User Authentication Failed
p "DOH!"
end
p results.length
p results[0].samaccountname
p results[0].mail
p results[0].telephonenumber
p results[0].company
p ldap.get_operation_result
time_after = Time.now.to_f
p (time_after - time_before)
from adauth.
drewhamlett
commented on July 30, 2024
@hermiti Thanks for your help with this. I was able to get it working!
from adauth.
Arcath
commented on July 30, 2024
@slacker87 Does the solution by @hermiti fix your issue aswell?
from adauth.
Related Issues (20)
- Reset password instead of change? HOT 4
- Remember Me - possible?
- Federated Active Directory Server Integration HOT 2
- Groups with over 1500 members... HOT 3
- Users with large numbers of group memberships experience slow login times using TLS HOT 2
- Please provide meaningful error message if user is not found HOT 1
- Do not rely on `givenname` being set HOT 1
- `allowed_ous` ignored HOT 1
- Disable log HOT 1
- Authenticating without Query_user HOT 2
- simple_authenticate still requires a query user
- Error in documentation?
- Adding a secondary domain server? HOT 3
- allowed_groups error
- Tests shouldn't rely on a real AD instance
- Insecure LDAPS implimentation upstream
- Please tag the release 2.0.6
- Edit login form HOT 2
- This repository is dead. Don't create any issues.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adauth.