Ruby: Does NET::LDAP plus start_tls support certificate validation? - ruby

I am reading documents regarding NET::LDAP with TLS. But I could not find any mentioning regarding enforcing certificate validation with start_tls. The sample code is attached below.
ldap = Net::LDAP.new :host => params["host"],
:base => params["base_dn"],
:encryption => :start_tls,
:port => params["port"],
:auth => { :username => params["bind_dn"],
:password => params["bind_pw"],
:method => :simple
}
The document here "http://net-ldap.rubyforge.org/Net/LDAP.html#method-i-encryption" mentions there is no SSL certificate validation for simple_tls. But there is no information regarding start_tls.

no, I checked the latest 0.6.1 version, this functionality is still missing.
simple_tls is actually LDAPS which usually on port 636.

Related

Binding to LDAP with multiple certs. in ruby

I'm using https://github.com/ruby-ldap/ruby-net-ldap gem to connect/bind to LDAP
treebase = "ou=xxxxxx,dc=xxxxx,dc=xx"
credentials = {
:username => "myusername,ou=xxxxxx,dc=xxxxx,dc=xx",
:password => "password"
}
encryption = {
:method => :simple_tls,
:tls_options => { :ca_path => "folder/Chain/pem_folder"}
}
# pem_folder = folder that contains multiple pem files
ldap = Net::LDAP.new :host => "hostname.example.com",
:port => 636,
:encryption => encryption,
:base => treebase,
:auth => credentials
ldap.bind
The above code results in
ruby-2.2.2/gems/net-ldap-0.12.1/lib/net/ldap/connection.rb:47:in open_connection': SSL_connect returned=1 errno=0 state=error: certificate verify failed (Net::LDAP::Error)
I have a feeling it has something to do with the multiple certs but not sure.
What worked for me was
Make sure you are connected to VPN if needed to be on the network
follow the instruction here specially the part about rehashing with c_rehash
my username was also missing uid= before which was causing failed binding
Stackoverflow also helped but I used Figaro Gem instead

Automation of email sending process through corporate webmail

I am in need of a script which automatically sends particular data from my corporate webmail email id .
Till now I am able to send automatic emails from a gmail id. But Iam unable to configure it for my webmail id.
Please let me know if any configuration changes are needed or I need to setup a server for this.(if possible also help me how to configure the server)
This is the Ruby function which I am using
def send_mail(to_recepient,data,mailSubject,extraBodyText,sender_info)
options = { :address => "smtp.gmail.com",
:port => 587,
:domain => 'mail.gmail.com',
:user_name => sender_info[:senderName],
:password => sender_info[:senderPassword],
:authentication => 'plain',
:enable_starttls_auto => true }
Mail.defaults do
delivery_method :smtp, options
end
Mail.deliver do
to "#{to_recepient}"
from 'mailtest20152#gmail.com'
subject mailSubject
body stringData
fh=File.open('attachment_file',"w")
fh.puts data
add_file :filename => 'attachment_file', :content => data
end
File.unlink('attachment_file')
end
I faced similar problem. You can configure mailer for particular smtp server like this:
options = { :address => "smtp.yourdomain.com", #address can differ
:port => 25 }
Don't forget to add:
config.action_mailer.delivery_method = :smtp
Don't need to provide password and username, but remember to specify from field in your email message (as you already did).

Sending email from simple Sinatra app using Pony

I am building my first portfolio page with Sinatra.
I have a 'textbook' contact page with a straight-forward form containing 'name', 'email' and 'content' fields. When someone submits the form, I want to recieve an email notification.
Pony claims that it can send email via simple 'one-line' of code. I have read the Pony documentation but it is not very detailed in how to set it up.
I don't know if I am not setting it up properly, the code is not right, Pony is not the best tool, or if my development environment is not allowing the mail to be sent.
The code below is supposed to be sending an email from the post method, it is then saving the data to a PostgreSQL database via the save_message method. The data is being persisted correctly.
#server.rb
require 'sinatra'
require 'pony'
require_relative 'model/methods'
get '/contact' do
erb :contact
end
post '/thankyou' do
unless params[:name] == '' || params[:email] == '' || params[:content] == ''
Pony.options = {
:subject => "Portfolio page: Message delivery from #{params[:name]}",
:body => "#{params[:content]}",
:via => :smtp,
:via_options => {
:address => 'smtp.1and1.com',
:port => '587',
:enable_starttls_auto => true,
:user_name => ENV["USER_EMAIL_ADDRESS"],
:password => ENV["SMTP_PASSWORD"],
:authentication => :login,
:domain => 'nterrafranca.com'
}
}
Pony.mail(:to => ENV["DESTINATION_EMAIL_ADDRESS"])
save_message(params[:name], params[:email], params[:content])
end
redirect '/'
end
Pony needs to know how to send the email, not just who it's to, from, what the subject and body are, etc.
From the pony documentation, it will default to use sendmail, otherwise configures SMTP to use localhost. Depending on where this application is running, it's highly likely that sendmail is not available, and that there is no SMTP configured on localhost.
I've used Pony for several applications. Each one, I configure a "noreply#" email address for Pony to use to authenticate for SMTP, therefore using my own domain email (usually Google Apps, or even Gmail) for my SMTP connection. For example:
Pony.options = {
:subject => "Some Subject",
:body => "This is the body.",
:via => :smtp,
:via_options => {
:address => 'smtp.gmail.com',
:port => '587',
:enable_starttls_auto => true,
:user_name => 'noreply#cdubs-awesome-domain.com',
:password => ENV["SMTP_PASSWORD"],
:authentication => :plain, # :plain, :login, :cram_md5, no auth by default
:domain => "localhost.localdomain"
}
}
In the case of a Sinatra app, I perform the exact above code (with the obvious substitutions) right before I call:
Pony.mail(:to => <some_email>)
I've configured Pony multiple times - comment if you still have issues and I'll be glad to help.
If you are using a gmail account with 2-step verification, you must generate an application specific password for the Pony mailer, and NOT use your usual SMTP password.
See https://support.google.com/accounts/answer/185833?hl=en
Insert the application specific password in the place of your usual password.
This is from the Pony project page on Github.

Getting email to work on openshift ruby application

I can't seem to get email for password recovery using devise to work on my openshift app. I'm using Rails 4.0.2 and Ruby 1.9.3. I've tried the following in production.rb :
config.action_mailer.default_url_options = { :host => 'mydomain.com' }
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:port => 25,
:address => 'smtp.mailgun.org',
:user_name => 'postmaster#domain.com',
:password => '[password]',
:domain => 'mydomain.com.mailgun.domain',
:authentication => :plain,
}
I've also done settings required for google use and both worked fine in development on local. Also tried ports 465, 587, as described here. Sending mail unfortunately still isn't performed on production. The app just throws an error with nothing in the logs.

Protecting Passwords in a Rails Application's Environments

SO I found this sweet code to use Gmail in as the SMTP server for a Rails application:
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "google.com",
:authentication => :login,
:user_name => "<email address>",
:password => "<password>",
:enable_starttls_auto => true
}
This is awesome, but it requires me to authenticate, so my username and password will appear in the settings hash.
How can I protect my username and password from the source code and the CVS (i.e., from other developers whom I may grant access). I was thinking along the lines of somehow reading those values out of a text file on my development machine's home directory, but
I couldn't quite work out how to do it.
Can anyone help with a way to protect these values from having to be committed to my CVS.
So I figured it out (apparently I had over-throught the problem):
:user_name => IO.readlines('/some/path/secret_auth.txt')[0],
:password => IO.readlines('/some/path/secret_auth.txt')[1]
This reads the first and second lines from the path specified and uses them in the rails app. and since the file is outside the scope of the CVS it is unknown to other developers.
And to #zabba - you are correct, you can (provided you can get access to the instance of the rails configuration).
I've answered pretty much this exact same question before right here. Long story short, set your credentials up as environment variables like so:
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => "google.com",
:authentication => :login,
:user_name => ENV['EMAIL_USERNAME'],
:password => ENV['EMAIL_PASSWORD'],
:enable_starttls_auto => true
}

Resources