Method: Net::LDAP#encryption
- Defined in:
- lib/net/ldap.rb
#encryption(args) ⇒ Object
Convenience method to specify encryption characteristics for connections to LDAP servers. Called implicitly by #new and #open, but may also be called by user code if desired. The single argument is generally a Hash (but see below for convenience alternatives). This implementation is currently a stub, supporting only a few encryption alternatives. As additional capabilities are added, more configuration values will be added here.
Currently, the only supported argument is => :simple_tls. (Equivalently, you may pass the symbol :simple_tls all by itself, without enclosing it in a Hash.)
The :simple_tls encryption method encrypts all communications with the LDAP server. It completely establishes SSL/TLS encryption with the LDAP server before any LDAP-protocol data is exchanged. There is no plaintext negotiation and no special encryption-request controls are sent to the server. The :simple_tls option is the simplest, easiest way to encrypt communications between Net::LDAP and LDAP servers. It’s intended for cases where you have an implicit level of trust in the authenticity of the LDAP server. No validation of the LDAP server’s SSL certificate is performed. This means that :simple_tls will not produce errors if the LDAP server’s encryption certificate is not signed by a well-known Certification Authority. If you get communications or protocol errors when using this option, check with your LDAP server administrator. Pay particular attention to the TCP port you are connecting to. It’s impossible for an LDAP server to support plaintext LDAP communications and simple TLS connections on the same port. The standard TCP port for unencrypted LDAP connections is 389, but the standard port for simple-TLS encrypted connections is 636. Be sure you are using the correct port.
[Note: a future version of Net::LDAP will support the STARTTLS LDAP control, which will enable encrypted communications on the same TCP port used for unencrypted connections.]
467 468 469 470 471 472 |
# File 'lib/net/ldap.rb', line 467 def encryption args if args == :simple_tls args = {:method => :simple_tls} end @encryption = args end |