I see that Mingle has an auth_confg.yml file & also some ldap variables—is there an LDAP config guide, or sample?

Also—our LDAP uses a self-signed cert, any guidance on how to configure the SSL trust-chain: if I add the cert to the JVM cacerts will it work, or is there a Ruby/Mingle mechanism that is needed as well?

Found the readme inside the ldap_auth plugin directory and the sample looks good. Only problem (I believe that I’m hitting right now is properly configuring the LDAP connection to use SSL over port 636 (not TLS).

After browsing around the Net::Ldap source on RubyForge it appears that :simple_tls will actually do what I want, since it doesn’t appear to do protocol negotiation, but assumes the channel is encrypted. After patching lib/ldap_auth.rb to include the additional argument to Ldap.new however, I still get an error when I try to login -

Net::LDAP::LdapError (no connection to server): /vendor/rails/activerecord/lib/active_record/transactions.rb:101:in `transaction’ /app/controllers/application.rb:38:in `filter’ /vendor/rails/actionpack/lib/action_controller/filters.rb:484:in `call’

Any hints for additional logging/debugging I can do?

Jay -

There’s not enough information here to see why Mingle cannot connect to your LDAP server. My first suggestion would be to open an IRB session and check that you can interact with your LDAP server as expected without Mingle.

Unfortunatly I’ve only dabbled in either RoR or JRuby. How do I get an IRB session with Mingle’s environment up?

I saw a script in mingle/bin/jirb, but it doesn’t seem to launch a irb shell like I’d expect:

!/usr/bin/env jruby

#

1. irb.rb – intaractive ruby
2. $Release Version: 0.7.3 $
3. $Revision$
4. $Date$
5. by Keiju ISHITSUKA(keiju@ishitsuka.com) #

require “irb”

if FILE == $0 IRB.start(FILE)
else # check -e option if /^-e$/ =~ $0 IRB.start(FILE) else IRB.setup(FILE) end
end

Mingle does not currently support a console mode.

Ahh… so you’re suggesting to try to whip something up standalone in IRB using Net::LDAP to try and connect?

Yes. You will need to verify your LDAP config using IRB. Or you could even copy the ldap_auth.rb file and turn it into a simple script that attempts to authenticate one time.