Client authentication with RubyLDAP ldap

Posted by Marcelo de Moraes Serpa on Stack Overflow See other posts from Stack Overflow or by Marcelo de Moraes Serpa
Published on 2010-05-19T03:38:04Z Indexed on 2010/05/19 3:40 UTC
Read the original article Hit count: 439

Filed under:
|
|
|
|

Hello all,

I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success).

My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found anything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around.

I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP):

TLSVerifyClient never

However, this is not an option here.

Thanks,

Marcelo.

© Stack Overflow or respective owner

Related posts about ldap

Related posts about ruby