Ruby Net-Ldap Add User

Add entries in ldap server

You need to authenticate a user that has write privileges in your LDAP (It could be an admin or someone else for instance). It is that user that will create your new entries.

ldap.auth admin_dn, admin_pass
ldap.add(...)

Net/LDAP gem and basic auth in Rails 4 app

Have you looked at the Gem devise_ldap_authenticatable.I guess it better suits your requirement.Instead of using your own authentication system, you could use LDAP(Active directory) as an authentication provider.

If you are building applications for use within your organization
which require authentication and you want to use LDAP, this plugin is
for you.

Devise LDAP Authenticatable works in replacement of Database
Authenticatable. This devise plugin has not been tested with
DatabaseAuthenticatable enabled at the same time. This is meant as a
drop in replacement for DatabaseAuthenticatable allowing for a semi
single sign on approach.

SAML based single sign on is also popularly renowned way of transmitting authentication and authorization information as an XML. Service Provider(You) can leverage Identity Provider(Active directory- perhaps ADFS) for authentication purposes. Ruby-SAML by onelogin is well known gem for SAML implementation.

Net::LDAP add() failed with no error message. How can I find the reason why the record did not validate?

Then I stumbled across ldap.get_operation_result, I had a real facepalm moment. I've intentionally recreated several of the issues I painfully solved through careful inspection with get_operation_result in my arsenal, and each time it described exactly what the problem was.

This function is useful in the case of rescuing an exception, or if add(), modify(), delete(), etc. simply returns false. 

 ldap.add(dn: dn, attributes: attributes)
 Rails.logger.info("ldap.add: #{ldap.get_operation_result}")

The snippet above saved my sanity, not to mention hours of tedious hunt-and-peck testing.

For example, here is just one part of an error message it revealed that I did not provide the required sn attribute:

ERR_279 Required attributes [sn(2.5.4.4)] not found within entry uid=david,o=users,dc=example,dc=com"

It will also show messages related to bad server connection credentials, etc.

HTH

Cannot enable active directory user using net-ldap

The error 0000052D is a system error code. Specifically, it means:

ERROR_PASSWORD_RESTRICTION

1325 (0x52D)

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.

The problem would seem to be that the account you're enabling has a password-policy applied to it, whereby enabling it that password-policy would not be met.

I would first figure out what the password policy is for the account, then set the password to something that meets that policy criteria before flipping the bit to enable it.

If, however, you really want the user to be able to login with no password then the password should be set to null. But I'm not sure under what circumstances that would be desirable.

Ruby NetLdap - Move user entry from one container to another in Samba4

Finally discovered the answer. The problem is the way the gem is encoding the true value for delete_attributes, so it was never getting the message to delete the old RDN. I cloned my own copy of the gem and made the following change:

File: lib/net/ber/core_ext/true_class.rb

def to_ber
   "\x01\x01\xFF".force_encoding("ASCII-8BIT")
end

The code for false can also be changed (I don't have any place I use "false" myself).

File: lib/net/ber/core_ext/false_class.rb

def to_ber
  "\x01\x01\x00".force_encoding("ASCII-8BIT")
end

This solution can be found in Issue #31 for the gem.

Query all the users in a system with LDAP

So the short answer to the question is that it all depends on how your schema is setup. If you are setting up an LDAP schema, you need to have several groups of records with various cn (common name) identifiers, eg cn=activeUsers and cn=inactiveUsers which will allow you to query down the list much deeper than in my situation.

Active Directory LDAP move user to different OU - Ruby

This is how we solved it:

@ldap.rename(
  olddn: user.dn, 
  newrdn: "CN=#{user.cn}", 
  delete_attributes: true, 
  new_superior: "#{new_ou}"
)

We also used the version of ldap-ruby on Github not the version on RubyGems.


Related Topics

Writing Ruby Console Output to Text File

How to Figure Out Which Step I'Ve Just Executed in Cucumber's Afterstep Hook

How to Parse Xml Nodes to CSV with Ruby and Nokogiri

Ruby on Rails: Params Is Nil. Undefined Method '[]' for Nil:Nilclass

How to Include Ё in [А-Я] Regexp Char Interval

Building a Simple Search Form in Rails

Can't Setup Ruby Environment - Installing Fii Gem Error

Rails 4 Error with Every Command "'Load': No Implicit Conversion of Nil into String" (MAC Os X 10.9)

Product Orders Between 2 Users

Cron Is Running in Home Directory Instead of File Directory

Shortening Socket Timeout Using Timeout::Timeout(N) Does Not Seem to Work for Me

Advice on How to Validate Names and Surnames Using Regex

Nanoc Changing the Base Path When Deploying Page in Github

Pass Command Line Argument to Vagrant Shell Script Provisioner

Scraping a Site That Requires Login Username and Password on Two Separate Pages

Ruby Net-Ssh Login Shell

Ruby, Generate a Random Hex Color (Only Light Colors)

Remove a Tag But Keep the Text


Leave a reply



Submit