I'm setting up a test environment which consists of VM clones of our production servers. I have all the clones behind a single IP (on the hypervisor) and doing NAT (Linux) to access the services in the test environment.
I have a DNS record on my test instance IP named 'test.internal.com'. When I want to contact the LDAP server in 'testing', I can issue ldapsearch
from the command line to retrieve information (this succeeds OK).
Now I'd like to connect to the test instance to test my Ruby applications however when I connect, Ruby says: hostname "test.internal.com" does not match the server certificate (Net::LDAP::Error)
. Obviously this is true since the certificate on my LDAP server is not configured for test.internal.com
.
Do I need to get a new cert for my LDAP server with an alternative name for test.internal.com
or is there some way to tell Ruby to ignore the problem? I've found OpenSSL::SSL::VERIFY_NONE
for the tls_options
but it doesn't seem to be working.
#!/usr/bin/ruby
require 'net/ldap'
require 'io/console'
require 'highline/import'
ldapHost = 'test.internal.com'
ldapPort = '8389'
baseDn = "dc=internal,dc=com"
user = gets
username = "uid=" + user + ',ou=users,dc=internal,dc=com'
password = ask("Password: ") { |q| q.echo = "*" }
ldap_con = Net::LDAP.new ({ :host => ldapHost,
:port => ldapPort,
:base => baseDn,
:encryption => :start_tls, tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
:auth => { :method => :simple, :username => username, :password => password }
})
op_filter = Net::LDAP::Filter.eq( "objectClass", "posixGroup" )
ldap_con.search( :base => baseDn, :filter => op_filter, :attributes=> 'dn') do |entry|
puts "DN: #{entry.dn}"
end
Counter to the documentation, tls_options are not a top level argument for the connection object, but rather an argument to the encryption
key:
ldap_con = Net::LDAP.new ({ :host => ldapHost,
:port => ldapPort,
:base => baseDn,
:encryption => {
:method => :start_tls,
:tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_NONE }
},
:auth => { :method => :simple, :username => username, :password => password }
})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With