LDAP- ldap.add does not add entries to the LDAP server

Question

I'm very new to working with LDAP, and any help is appreciated.

I'm writing a Ruby program that adds entries to an LDAP server. I'm able to add entries just fine using Terminal. But the challenge is getting it to work using Ruby.

Here is the LDAP server I'm trying to write to.

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example

# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: mypassword

# people, example.org
dn: ou=people,dc=example,dc=org
objectClass: organizationalUnit
ou: people

And here are the contents of ldap-program.rb. For the

    require 'rubygems'
    require 'net/ldap'

    ldap = Net::LDAP.new  :host => '127.0.0.1',
                            :port => 1300,
                            :auth => {
                                :method => :simple,
                                :username => 'cn=admin,dc=example,dc=org',
                                :password => 'mypassword'
    }

  dn = "uid=christine,ou=people,dc=example,dc=com"
attr = {
  :cn => "Christine",
  :sn => "Smith",
  :objectClass => "inetOrgPerson",
  :mail => "christine@example.com",
  :uid => "christine"
}

ldap.add(:dn => dn, :attr => attr)

I've been following the documentation for ldap.add very closely, but in this case the entry does not get added to LDAP. Can anyone give any pointers or suggestions?

Maybe a separate ldap.auth is required, See here: https://stackoverflow.com/questions/21271834/ruby-net-ldap-add-user. — Christian, Aug 19 '19 at 11:55
Possible duplicate of [Ruby net-ldap add user](https://stackoverflow.com/questions/21271834/ruby-net-ldap-add-user) — Christian, Aug 19 '19 at 11:55
Just to note .... as the naming attribute is 'uid' ,you don't need to add it as attribute as well. — Bernhard Thalmayr, Aug 19 '19 at 18:35
You tagged `active-directory`. Are you actually using AD? If so, you have a few problems that I can see. — Gabriel Luci, Aug 20 '19 at 18:01
@GabrielLuci Yes, I believe so. I'm extremely new to LDAP so I am also trying to figure out how exactly it works too. — Leia_Organa, Aug 20 '19 at 18:12

score 0 · Answer 1 · answered Aug 20 '19 at 18:28

I am not a Ruby developer, so my code examples may need tweaks. But if you are using Active Directory, then I see two problems:

The objectClass should be user
In AD, the uid attribute has no special meaning. The username used for login is the sAMAccountName attribute.

attr = {
  :cn => "Christine",
  :sn => "Smith",
  :objectClass => "user",
  :mail => "christine@example.com",
  :sAMAccountName => "christine"
}

You may also want to set givenName, which is for the user's first name.

If that doesn't work, let us know what error you are getting.

That will create the account in a disabled state. To enable it you need to give it a password in a second step by setting the unicodePwd attribute (which has a weird format), and updating the userAccountControl attribute to enable it.

Modify it again, using these attributes (where the new password is "new_password"):

def self.str2unicodePwd(str)
    ('"' + str + '"').encode("utf-16le").force_encoding("utf-8")
end

attr = {
  :unicodePwd, str2unicodePwd("new_password"),
  :userAccountControl, 0x200
}

I borrowed some code from here for the password bit.

LDAP- ldap.add does not add entries to the LDAP server

1 Answers1