0

I am attempting to pull information from an ldap database. When I do I get the following error.

/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap/connection.rb:64:in `open_connection': SSL_connect returned=1 errno=0 state=error: dh key too small (Net::LDAP::Error)
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap/connection.rb:699:in `socket'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap.rb:1311:in `new_connection'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap.rb:1288:in `use_connection'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap.rb:771:in `block in search'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap/instrumentation.rb:19:in `instrument'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap.rb:770:in `search'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap.rb:1195:in `search_root_dse'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap.rb:1261:in `paged_searches_supported?'
        from /home/jphamlett/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/net-ldap-0.15.0/lib/net/ldap.rb:763:in `search'
        from ldap.rb:15:in `<main>'

Here is my code

require 'net/ldap'

ldap = Net::LDAP.new  :host => "ldap.umn.edu", # your LDAP host name or IP goes here,
                      :port => "636", # your LDAP host port goes here,
                      :encryption => :simple_tls,
                      tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
                      :base => "o=University of Minnesota,c=US", # the base of your AD tree goes here,
                      :auth => {
                        :method => :simple,
                        :username => "", # a user w/sufficient privileges to read from AD goes here,
                        :password => "" # the user's password goes here
                      }

search_filter = Net::LDAP::Filter.eq("uid", "hamle010")
ldap.search(:filter => search_filter, :return_result => false) { |item| 
    puts item 
}

I have tried changing the auth from simple to anonymous, because this ldap supports it supposedly. I have also tried using start_tls instead of simple_tls.

I had this working one time. I have not changed the code at all and a minute later it stated failing again. I am very sure the ldap server is running.

How do I resolve this issue?

JPHamlett
  • 365
  • 3
  • 9
  • The version of OpenSSL you are using requires that the server uses a secure enough DH key which the server does not. See [weakdh.org](https://weakdh.org/) for a description of the vulnerability which should explain why OpenSSL is enforcing a proper DH key. You need to fix the server. – Steffen Ullrich Jan 09 '17 at 17:49
  • 1
    Also see [SSL operation failed with code 1: dh key too small](http://stackoverflow.com/q/30701397) and [OpenSSL DH Key Too Small Error](http://stackoverflow.com/q/36417224) on Stack Overflow; and [How to find which key exactly `dh key too small` OpenSSL error is about?](http://unix.stackexchange.com/q/333877) on [Unix & Linux Stack Exchange](http://unix.stackexchange.com/). – jww Jan 09 '17 at 20:52

0 Answers0