Skip to content

More detailed error messages possible? #1

Open
dmpro opened this Issue Jan 31, 2010 · 2 comments

2 participants

@dmpro
dmpro commented Jan 31, 2010

I'm using ruby-net-ldap to connect to an Active Directory server to authenticate users, and everything is working fine, except the error messages returned for authentication failures aren't detailed enough.

For example,

ldap = Net::LDAP.new(
  :host => "10.0.0.1",
  :port => "389",
  :base => "DC=example,DC=com",
  :auth => {:username => "joe@example.com", :password => "secret", :method => :simple}
)

ldap.bind
ldap.get_operation_result

If the user exists, but the password is wrong, this produces error 49, Invalid Credentials.

If the account has been locked because of too many unsuccessful attempts, you still get the same error, even if you use the correct password.

Active Directory actually supplies more detailed information about the error, but ruby-net-ldap doesn't seem to pass this on.

This is what the full error message looks like:

Invalid credentials (49)

additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

The "data 525" part relates to more detailed error reasons. In my case, I need to do something specific when this is 775 - which means Account Locked.

Is there any way to get this detailed information from ruby-net-ldap?

Thanks,

David.

@dim
Owner
dim commented Feb 7, 2010

I am not exactly an AD expert. Would you be able to make the required changes yourself? I can point you into the right direction.

@dmpro
dmpro commented Feb 8, 2010

I'm not really an expert myself, but need this for a project I'm currently working on, so I would certainly like to give it a go.

If you could give me some pointers, like where in the code the actual request/response to the LDAP server takes place, etc, that would be really useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.