> -----Original Message-----
> From: Francis Cianfrocca [mailto:garbagecat10 / gmail.com] 
> Sent: Tuesday, August 15, 2006 2:14 PM
> To: ruby-talk ML
> Subject: Re: [ANN] Net::LDAP 0.0.4 released
> 
> 
> On 8/15/06, Berger, Daniel <Daniel.Berger / qwest.com> wrote:
> >
> >
> > I do two things with ldap - validation (does the user exist?) and 
> > authentication (is this user/password combo correct?). For 
> validation 
> > (e.g. an admin adding a new user to the app) I use a 
> command like this 
> > (on Unix, add -x):
> >
> > ldapsearch -h ldap.foo.com -LLL -b ou=People,o=foo.com uid=djberge
> >
> > If 'djberge' is found, a record is returned.  If not, nothing is 
> > returned.
> >
> > For authentication (i.e. logging into the app) I use a command like 
> > this (again, add -x on Unix):
> >
> > ldapsearch -h ldap.foo.com -LLL -D 
> uid=djberge,ou=People,o=foo.com -b 
> > ou=People,o=foo.com -w my_pass uid=djberge
> >
> > That returns a record if the user/password is legit or 
> spews to stderr 
> > if it's invalid.
> >
> > Can this be done with net-ldap?
> 
> 
> 
> Get version 0.0.4 and read the Rdoc for Net::LDAP#bind_as . 
> It should do what you're looking for.  But one question: 
> looking at your sample code, your first query binds 
> anonymously. Is that permitted on your LDAP server? 
> (Evidently it is, otherwise it wouldn't work for you!) I'm 
> not sure Net::LDAP will handle an anonymous bind, because I 
> don't have any directories that permit one. So you could try 
> this code (which will bind anonymously to query the person record):
> 
> require 'net/ldap'
> ldap = Net::LDAP.new
> ldap.host = "ldap.foo.com"
> 
> rs = ldap.bind_as(
>   :base => "ou=People,o=foo.com,
>   :filter => "(uid=djberge)",
>   :password => "my_pass"
> )
> 
> if rs
>   # you're in
> else
>   # you're not
> end
> 
> Does this work for you?

Works perfectly, thanks!  I removed the parens from the filter, however.
My experience has showed me that not all platforms liked the parens and
it works fine without them (at least it does here at work).

Now, what would be the best way to test for the mere presence of a user
record, i.e. no password?

Regards,

Dan


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.