Skip to content

Latest commit

 

History

History
113 lines (84 loc) · 2.95 KB

README.md

File metadata and controls

113 lines (84 loc) · 2.95 KB

LDAP Support for Crystal Lang

Build Status

Installation

Add the dependency to your shard.yml:

dependencies:
  ldap:
    github: spider-gazelle/crystal-ldap

Usage

Connecting and Binding

Passing a TLS context will upgrade the connection using start tls

require "ldap"

host = "ldap.forumsys.com"
port = 389
user = "cn=read-only-admin,dc=example,dc=com"
pass = "password"

# Standard LDAP port with unencrypted socket
socket = TCPSocket.new(host, port)

# Providing a context will upgrade to encrypted comms using start tls (official method)
tls = OpenSSL::SSL::Context::Client.new
tls.verify_mode = OpenSSL::SSL::VerifyMode::NONE

# Bind to the server
client = LDAP::Client.new(socket, tls)
client.authenticate(user, pass)

# Can now perform LDAP operations

To use the non-standard LDAPS (LDAP Secure, commonly known as LDAP over SSL) protocol then pass in a OpenSSL::SSL::Socket::Client directly: LDAP::Client.new(tls_socket)

# LDAPS method
socket = TCPSocket.new(host, port)
tls = OpenSSL::SSL::Context::Client.new
tls.verify_mode = OpenSSL::SSL::VerifyMode::NONE
socket = OpenSSL::SSL::Socket::Client.new(socket, context: tls, sync_close: true, hostname: host)

# Bind to the server
client = LDAP::Client.new(socket)
client.authenticate(user, pass)

# Can now perform LDAP operations

Querying

You can perform search requests

# You can use LDAP string filters directly
client.search(base: "dc=example,dc=com", filter: "(|(uid=einstein)(uid=training))")

# There are options to select particular attributes and limit response sizes
filter = LDAP::Request::Filter.equal("objectClass", "person")
client.search(
  base: "dc=example,dc=com",
  filter: filter,
  size: 6,
  attributes: ["hasSubordinates", "objectClass"]
)

# Filters can be combined using standard operations
filter = (
          LDAP::Request::Filter.equal("objectClass", "person") &
          LDAP::Request::Filter.equal("sn", "training")) |
          LDAP::Request::FilterParser.parse("(uid=einstein)"
         )
client.search(base: "dc=example,dc=com", filter: filter)

Search responses are Array(Hash(String, Array(String)))

[
 {
  "dn" => ["uid=einstein,dc=example,dc=com"],
  "objectClass" => ["inetOrgPerson", "organizationalPerson", "person", "top"],
  "cn" => ["Albert Einstein"],
  "sn" => ["Einstein"],
  "uid" => ["einstein"],
  "mail" => ["[email protected]"],
  "telephoneNumber" => ["314-159-2653"]
 },
 {
  "dn" => ["uid=training,dc=example,dc=com"],
  "uid" => ["training"],
  "objectClass" => ["inetOrgPerson", "organizationalPerson", "person", "top"],
  "cn" => ["FS Training"],
  "sn" => ["training"],
  "mail" => ["[email protected]"],
  "telephoneNumber" => ["888-111-2222"]
 }
]