Add entries in ldap server
You need to authenticate a user that has write privileges in your LDAP (It could be an admin or someone else for instance). It is that user that will create your new entries.
ldap.auth admin_dn, admin_pass
ldap.add(...)
Net/LDAP gem and basic auth in Rails 4 app
Have you looked at the Gem devise_ldap_authenticatable.I guess it better suits your requirement.Instead of using your own authentication system, you could use LDAP(Active directory) as an authentication provider.
If you are building applications for use within your organization
which require authentication and you want to use LDAP, this plugin is
for you.Devise LDAP Authenticatable works in replacement of Database
Authenticatable. This devise plugin has not been tested with
DatabaseAuthenticatable enabled at the same time. This is meant as a
drop in replacement for DatabaseAuthenticatable allowing for a semi
single sign on approach.
SAML based single sign on is also popularly renowned way of transmitting authentication and authorization information as an XML
. Service Provider(You) can leverage Identity Provider(Active directory- perhaps ADFS) for authentication purposes. Ruby-SAML by onelogin is well known gem for SAML implementation.
Net::LDAP add() failed with no error message. How can I find the reason why the record did not validate?
Then I stumbled across ldap.get_operation_result
, I had a real facepalm moment. I've intentionally recreated several of the issues I painfully solved through careful inspection with get_operation_result
in my arsenal, and each time it described exactly what the problem was.
This function is useful in the case of rescuing an exception, or if add(), modify(), delete(), etc. simply returns false.
ldap.add(dn: dn, attributes: attributes)
Rails.logger.info("ldap.add: #{ldap.get_operation_result}")
The snippet above saved my sanity, not to mention hours of tedious hunt-and-peck testing.
For example, here is just one part of an error message it revealed that I did not provide the required sn
attribute:
ERR_279 Required attributes [sn(2.5.4.4)] not found within entry uid=david,o=users,dc=example,dc=com"
It will also show messages related to bad server connection credentials, etc.
HTH
Cannot enable active directory user using net-ldap
The error 0000052D
is a system error code. Specifically, it means:
ERROR_PASSWORD_RESTRICTION
1325 (0x52D)
Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
The problem would seem to be that the account you're enabling has a password-policy applied to it, whereby enabling it that password-policy would not be met.
I would first figure out what the password policy is for the account, then set the password to something that meets that policy criteria before flipping the bit to enable it.
If, however, you really want the user to be able to login with no password then the password should be set to null. But I'm not sure under what circumstances that would be desirable.
Ruby NetLdap - Move user entry from one container to another in Samba4
Finally discovered the answer. The problem is the way the gem is encoding the true
value for delete_attributes
, so it was never getting the message to delete the old RDN. I cloned my own copy of the gem and made the following change:
File: lib/net/ber/core_ext/true_class.rb
def to_ber
"\x01\x01\xFF".force_encoding("ASCII-8BIT")
end
The code for false
can also be changed (I don't have any place I use "false" myself).
File: lib/net/ber/core_ext/false_class.rb
def to_ber
"\x01\x01\x00".force_encoding("ASCII-8BIT")
end
This solution can be found in Issue #31 for the gem.
Query all the users in a system with LDAP
So the short answer to the question is that it all depends on how your schema is setup. If you are setting up an LDAP schema, you need to have several groups of records with various cn (common name) identifiers, eg cn=activeUsers
and cn=inactiveUsers
which will allow you to query down the list much deeper than in my situation.
Active Directory LDAP move user to different OU - Ruby
This is how we solved it:
@ldap.rename(
olddn: user.dn,
newrdn: "CN=#{user.cn}",
delete_attributes: true,
new_superior: "#{new_ou}"
)
We also used the version of ldap-ruby on Github not the version on RubyGems.
Related Topics
Writing Ruby Console Output to Text File
How to Figure Out Which Step I'Ve Just Executed in Cucumber's Afterstep Hook
How to Parse Xml Nodes to CSV with Ruby and Nokogiri
Ruby on Rails: Params Is Nil. Undefined Method '[]' for Nil:Nilclass
How to Include Ё in [А-Я] Regexp Char Interval
Building a Simple Search Form in Rails
Can't Setup Ruby Environment - Installing Fii Gem Error
Rails 4 Error with Every Command "'Load': No Implicit Conversion of Nil into String" (MAC Os X 10.9)
Product Orders Between 2 Users
Cron Is Running in Home Directory Instead of File Directory
Shortening Socket Timeout Using Timeout::Timeout(N) Does Not Seem to Work for Me
Advice on How to Validate Names and Surnames Using Regex
Nanoc Changing the Base Path When Deploying Page in Github
Pass Command Line Argument to Vagrant Shell Script Provisioner
Scraping a Site That Requires Login Username and Password on Two Separate Pages