Net::LDAP for Ruby is also written as net::ldap. It stands for Lightweight Directory Access Protocol. It is an internet standard protocol used to access directory servers. Its basic search unit is the entity, which corresponds to a person or other domain-specific object. A directory which supports LDAP protocol, typically stores information about a number of entities.
Ruby LDAP Principals
The LDAP servers are generally used to access information about people, but sometimes it is also used for items such as computers, printers and other resources.
Ruby LDAP Distinguished Names
In LDAP servers, an entity is uniquely identified by a globally-unique text string called as Distinguished name. It is like a DNS hostname, a DN is a "flattened" text representation of a string of tree nodes.
You can query an LDAP-enabled directory for information about the entity if you know the DN of a person or other entity. Otherwise, you can also see the list of DNs matching a set of criteria that you supply.
Ruby LDAP Attributes
In LDAP, information about the entity is stored as a set of Attributes. An attribute is a text string which is associated with zero or more values. Most LDAP-enabled directories contain a well standardized range of attributes and constrain their values according to standard values.
An example for attribute is sn. It stands for "surname". This attribute is generally used to store a person's surname. Most of the directories follow standard convention that an entity sn attribute will have exactly one value.
Ruby LDAP Tree-Base
Just like DNS, LDAP assumes that each directory server contains authoritative attribute data for a set of DNs corresponding to a specific sub-tree of global directory tree. This subtree is configured into directory server when it is created. You can't query in most of the servers as they will not allow, unless you specify a correct tree-base.
Ruby LDAP Versions
Ruby LDAP veraions are stub, discuss v2 and v3.
Ruby LDAP Operations
Ruby LDAP operations are:
The net::LDAP is a pure Ruby library. It does not require any external library. RubyGems version of Net::LDAP can be installed from usual sources.
The Net::LDAP requires Ruby 2.0.0 interpreter or better.
To install RubyGems version of Net::LDAP, write the following command:
Using Ruby net::LDAP
The Net::LDAP functionality start by requiring the library.
If you have installed Gem version, then you need following library.
Credentials for LDAP connection
The Net::LDAP connection is a two step process.
Step 1 : Instantiating Net:LDAP object
Most of the Net:LDAP operations start by instantiating Net:LDAP object. The constructor takes arguments specifying address and port of LDAP server.
Step 1 : Authentication (binding)
Here we need to specify username and password which we will use for the rest of the session.
Now we can perform different operations like search, modify or delete inside block of bind method with proper permissions.
Adding a new LDAP entry
The following method adds a new entry to remote LDAP server.
Step 1: Creating LDAP::Mod object
The LDAP::Mod object need to be passed to conn.add method to create an entry.
mod_type : You can add one or more option here like LDAP_MOD_ADD, LDAP_MOD_DELETE, LDAP_MOD_REPLACE.
attr : It is the name of the attribute.
vals : It is an array of values.
Step 2: Calling conn.add Method
After creating LDAP::Mod object, we need to call conn.add method.
The above example will modify the surname in the previous example.
Deleting an LDAP entry
The delete method will delete an entry.
Search in LDAP
There are three different modes to perform search with search method.
In this example, we will search the whole subtree of entry.
In the last parameter of search, you can specify any attributes. If nil is passed, all attributes are returned same as "SELECT∗" in relational database.