|
1 | | -We're pleased to announce version 0.0.2 of Net::LDAP, the first |
| 1 | +We're pleased to announce version 0.0.3 of Net::LDAP, the first |
2 | 2 | pure-Ruby LDAP library. Net::LDAP intends to be a feature-complete |
3 | 3 | LDAP client which can access as much as possible of the functionality |
4 | 4 | of the most-used LDAP server implementations. This library does |
5 | 5 | not wrap any existing native-code LDAP libraries, creates no |
6 | 6 | Ruby extensions, and has no dependencies external to Ruby. |
7 | 7 |
|
8 | | -Version 0.0.2 includes an implementation of the "paged search |
9 | | -control" to enable queries of A/D result sets > 1000 entries. |
10 | | -It also fills in some holes in the documentation. |
11 | | - |
12 | | -We fixed a handful of issues that gave strange-looking errors when |
13 | | -working with A/D. The most important of these was support for search |
14 | | -referrals. |
15 | | - |
16 | | -Net::LDAP now works with standard RFC-2254 filter strings (see |
17 | | -Net::LDAP::Filter#construct). This is intended as an adjunct to |
18 | | -(not a replacement for) the existing Filter API, which is considerably |
19 | | -easier to use for people who are not LDAP experts. |
20 | | - |
21 | | -We added a range of new APIs, and deprecated some existing ones. |
22 | | -The goal is to make the Net::LDAP API as intuitive and Ruby-like |
23 | | -as possible. We'll be adding more improvements to the API as we |
24 | | -go along. |
25 | | - |
26 | | -Please note that Net::LDAP is licensed under the Ruby license |
27 | | -or LGPL, at your option. (I'm saying it publicly right here!) |
28 | | -There are still many source files in the distro that contain |
29 | | -GPL verbiage. We will clean that up in a future release. |
30 | | -See the file LICENCE in the distro for details of the Ruby-like |
31 | | -license. |
32 | | - |
33 | | -And finally we fixed the annoying problem that the 0.0.1 gem |
34 | | -and tarball had trailing garbage. Thanks to Austin for helping |
35 | | -track that down. Thanks also to Andre Nathan and others for |
36 | | -several valuable suggestions and notes on your experience with |
37 | | -the library. |
38 | | - |
39 | | -Progress so far: Net::LDAP is now in use on a variety of production |
40 | | -sites. Stability has been excellent, and performance is quite good. |
41 | | -We've found by far that the most popular application is authentication |
42 | | -for users of web sites, but there has been some chatter about |
43 | | -authorization as well, and a few of you are building directory-enabled |
44 | | -applications. |
45 | | - |
46 | | -What's next on the roadmap? |
47 | | - |
48 | | -Many of you have requested support for encryption. We will soon be |
49 | | -adding support for STARTTLS and LDAPS to Net::LDAP, using Ruby's |
50 | | -built-in OpenSSL library. |
51 | | - |
52 | | -We'd like to improve the API so it presents a more search-like interface |
53 | | -and further masks the archaic (and arcane) native LDAP vocabulary. |
54 | | - |
55 | | -We have a project going ("Peregrine") to provide a full-featured |
56 | | -LDAP server in Ruby, based on the EventMachine fast network-IO library, |
57 | | -that you can use with your own Ruby classes. This will allow you |
58 | | -to serve LDAP clients (such as mailers, IM, and calendaring apps) with data |
59 | | -that you generate dynamically from your own code. |
60 | | - |
61 | | -Finally, we've started thinking about an authentication generator or |
62 | | -plugin for Rails that will work against LDAP servers. It would be even |
63 | | -more interesting to augment it with fine-grained authorization at the |
64 | | -controller level. |
| 8 | +Version 0.0.3 adds support for encrypted communications to LDAP servers. |
| 9 | +There is a new optional parameter for Net::LDAP#new and Net::LDAP#open |
| 10 | +that allows you to specify encryption characteristics. Here's a quick |
| 11 | +example: |
| 12 | + |
| 13 | + require 'net/ldap' |
| 14 | + ldap = Net::LDAP.new( |
| 15 | + :host => "an_ip_address", |
| 16 | + :port => 636, |
| 17 | + :auth => {:method => :simple, :username => "mickey", :password => "mouse" }, |
| 18 | + :encryption => {:method => :simple_tls} |
| 19 | + ) |
| 20 | + ldap.bind or raise "bind failed" |
| 21 | + ldap.search( ... ) |
| 22 | + # etc, etc. |
| 23 | + |
| 24 | +This release supports simple TLS encryption with no client or server |
| 25 | +validation. Future versions will add support for the STARTTLS control, |
| 26 | +and for certificate validation. Additional parameters will appear to |
| 27 | +support these options. |
| 28 | + |
| 29 | +Net::LDAP encryption requires Ruby's openssl library. We're not |
| 30 | +quite sure what happens when this library is present but the underlying |
| 31 | +OpenSSL libraries are missing or not configured appropriately, |
| 32 | +especially on back versions of Ruby. If anyone encounters problems |
| 33 | +using encryption in Net::LDAP, please let us know and give us the |
| 34 | +details of your platform and Ruby build info. |
| 35 | + |
| 36 | +Thanks to Garett Shulman for helping to test the new code. |
65 | 37 |
|
66 | 38 | If anyone wants to contribute suggestions, insights or (especially) |
67 | | -code, please email me at garbagecat10@gmail.com. |
| 39 | +code, please email me at garbagecat10 .. .. gmail.com. |
68 | 40 |
|
69 | 41 | = What is Net::LDAP for Ruby? |
70 | 42 | This library provides a pure-Ruby implementation of an LDAP client. |
|
0 commit comments