@@ -41,7 +41,25 @@ module Net
4141 # the LDAP protocol itself, and thus presenting as Ruby-like
4242 # a programming interface as possible.
4343 #
44- # === Quick-start for the Impatient
44+ # == Quick-start for the Impatient
45+ # === Quick Example of a user-authentication against an LDAP directory:
46+ #
47+ # require 'rubygems'
48+ # require 'net/ldap'
49+ #
50+ # ldap = Net::LDAP.new
51+ # ldap.host = your_server_ip_address
52+ # ldap.port = 389
53+ # ldap.auth "joe_user", "opensesame"
54+ # if ldap.bind
55+ # # authentication succeeded
56+ # else
57+ # # authentication failed
58+ # end
59+ #
60+ #
61+ # === Quick Example of a search against an LDAP directory:
62+ #
4563 # require 'rubygems'
4664 # require 'net/ldap'
4765 #
@@ -69,14 +87,14 @@ module Net
6987 # p ldap.get_operation_result
7088 #
7189 #
72- # == Quick introduction to LDAP
90+ # == A Brief Introduction to LDAP
7391 #
74- # We're going to provide a quick and highly informal introduction to LDAP
92+ # We're going to provide a quick, informal introduction to LDAP
7593 # terminology and
7694 # typical operations. If you're comfortable with this material, skip
7795 # ahead to "How to use Net::LDAP." If you want a more rigorous treatment
7896 # of this material, we recommend you start with the various IETF and ITU
79- # standards that control LDAP.
97+ # standards that relate to LDAP.
8098 #
8199 # === Entities
82100 # LDAP is an Internet-standard protocol used to access directory servers.
@@ -360,17 +378,38 @@ def initialize args = {}
360378 @open_connection = nil
361379 end
362380
363- # Convenient method to specify your authentication to the LDAP
381+ # Convenience method to specify authentication credentials to the LDAP
364382 # server. Currently supports simple authentication requiring
365- # a username and password. Observe that on most LDAP servers,
366- # including A/D, the username is a complete DN.
367- # The password argument may be a Proc that returns a string.
383+ # a username and password.
384+ #
385+ # Observe that on most LDAP servers,
386+ # the username is a complete DN. However, with A/D, it's often possible
387+ # to give only a user-name rather than a complete DN. In the latter
388+ # case, beware that many A/D servers are configured to permit anonymous
389+ # (uncredentialled) binding, and will silently accept your binding
390+ # as anonymous if you give an unrecognized username. This is not usually
391+ # what you want. (See #get_operation_result.)
392+ #
393+ # <b>Important:</b> The password argument may be a Proc that returns a string.
394+ # This makes it possible for you to write client programs that solicit
395+ # passwords from users or from other data sources without showing them
396+ # in your code or on command lines.
397+ #
368398 # require 'net/ldap'
369399 #
370400 # ldap = Net::LDAP.new
371401 # ldap.host = server_ip_address
372402 # ldap.authenticate "cn=Your Username,cn=Users,dc=example,dc=com", "your_psw"
373403 #
404+ # Alternatively (with a password block):
405+ #
406+ # require 'net/ldap'
407+ #
408+ # ldap = Net::LDAP.new
409+ # ldap.host = server_ip_address
410+ # psw = proc { your_psw_function }
411+ # ldap.authenticate "cn=Your Username,cn=Users,dc=example,dc=com", psw
412+ #
374413 def authenticate username , password
375414 password = password . call if password . respond_to? ( :call )
376415 @auth = { :method => :simple , :username => username , :password => password }
@@ -553,12 +592,46 @@ def search args = {}
553592 @result == 0 and result_set
554593 end
555594
556- # #bind connects to the LDAP server and requests authentication
595+ # #bind connects to an LDAP server and requests authentication
557596 # based on the <tt>:auth</tt> parameter passed to #open or #new.
558597 # It takes no parameters.
559- # User code generally will not call #bind. It will be called
560- # implicitly by the library whenever an LDAP operation is
561- # requested. #bind can be useful to test authentication.
598+ #
599+ # User code does not need to call #bind directly. It will be called
600+ # implicitly by the library whenever you invoke an LDAP operation,
601+ # such as #search or #add.
602+ #
603+ # It is useful, however, to call #bind in your own code when the
604+ # only operation you intend to perform against the directory is
605+ # to validate a login credential. #bind returns true or false
606+ # to indicate whether the binding was successful. Reasons for
607+ # failure include malformed or unrecognized usernames and
608+ # incorrect passwords. Use #get_operation_result to find out
609+ # what happened in case of failure.
610+ #
611+ # Here's a typical example using #bind to authenticate a
612+ # credential which was (perhaps) solicited from the user of a
613+ # web site:
614+ #
615+ # require 'net/ldap'
616+ # ldap = Net::LDAP.new
617+ # ldap.host = your_server_ip_address
618+ # ldap.port = 389
619+ # ldap.auth your_user_name, your_user_password
620+ # if ldap.bind
621+ # # authentication succeeded
622+ # else
623+ # # authentication failed
624+ # p ldap.get_operation_result
625+ # end
626+ #
627+ # You don't have to create a new instance of Net::LDAP every time
628+ # you perform a binding in this way. If you prefer, you can cache the Net::LDAP object
629+ # and re-use it to perform subsequent bindings, <i>provided</i> you call
630+ # #auth to specify a new credential before calling #bind. Otherwise, you'll
631+ # just re-authenticate the previous user! (You don't need to re-set
632+ # the values of #host and #port.) As noted in the documentation for #auth,
633+ # the password parameter can be a Ruby Proc instead of a String.
634+ #
562635 #--
563636 # If there is an @open_connection, then perform the bind
564637 # on it. Otherwise, connect, bind, and disconnect.
0 commit comments