Ignore server certificate error

[kuzevanoff]

Hi, i have this error: Net::LDAP::Error (hostname "x.x.x.x" does not match the server certificate):

So I need to ignore certificate error.

How I can do it? Thanks

[irruputuncu]

I had the same error and found these settings to ignore the certificate error in a development environment:

encryption:
  method: simple_tls
  tls_options:
    verify_mode: OpenSSL::SSL::VERIFY_NONE

(see also this stackoverflow question)

However I had to change the gem a little bit so the config would be read as symbols in order to work with (the newest version) of ruby-net-ldap. I created PR #264 with my alterations. It's still more of a workaround but might already be helpful.

[tramfjord]

This doesn't seem to be a Net::LDAP bug as such, but certainly will prevent you from reading your LDAP settings from a YAML file as in the above example. You can't set verify_mode using an ldap.yaml config file, because the verify_mode settings hash needs to have Symbol keys for Net::LDAP to recognize them, but the top level parameters need to have String keys for devise_ldap_authenticatable. But for other users of devise_ldap_authenticatable: you can actually set this without any monkey patching or PR merges by settting devise.ldap_config to a Proc rather than a String. i.e.:

  config.ldap_config = proc do
    {
      "host" => "my.ldap.server",
      "port" => 636,
      ...
      "encryption" => {
        method: :simple_tls,
        tls_options: {
          verify_mode: OpenSSL::SSL::VERIFY_NONE
        }
      }
    }
  end

This way you can also evaluate OpenSSL::SSL::VERIFY_NONE (which just returns 0).

[andersonbr]

Worked for me using ldap.yml in this way:

development:
  host: XXXXX
  port: 636
  attribute: sAMAccountName
  ....
  ....
  ssl: true
  encryption:
    :method: :simple_tls
    :tls_options:
      :verify_mode: 0