ruby-ldap + SSL

By Christian Hofstaedtler on May 6, 2009 11:38 PM | No TrackBacks
If you have trouble with ruby-ldap to connect to an SSL-only LDAP server, there can be lots of reasons. From what I've seen today, the next time I've problems like this I'd check these things first:

  • does ldapsearch -x -H ldaps://your.ldap.hostname work?
    • if not, fix this. usually you need to set TLS_CACERT in /etc/ldap/ldap.conf
  • check the underlying ldap library. ruby's ldap library can be linked against the OpenLDAP libldap or against the Netscape LDAP SDK. Make sure the binaries supplied with the correct library can connect to your ldap server.

  • check that the minimum amount of code works, an example would be:

    require 'ldap'

    conn = LDAP::SSLConn.new( 'your.ldap.hostname', 636 )
    conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
    conn.bind('cn=loginuser,o=foo','FOOPASSWORD') {
      conn.perror("bind")
    }

In my case, I was missing the TLS_CACERT config option in /etc/ldap/ldap.conf and was only getting a useless "Connect error" from ruby.

Tags:

No TrackBacks

Search

The author ...

About this Entry

This page contains a single entry by Christian Hofstaedtler published on May 6, 2009 11:38 PM.

Why we're using GRML in the datacenter was the previous entry in this blog.

Puppet 0.25.0 beta1 + Passenger is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages