Connection to Samba ActiveDirectory LDAP

[mbab]

When try to connect to Samba ActiveDirectory LDAP with code:

require "ldap"

host = "my.domain"
port = 636

# Standard LDAP port with unencrypted socket
socket = TCPSocket.new(host, port)

# Providing a context will upgrade to encrypted comms using start tls (official method)
tls = OpenSSL::SSL::Context::Client.new
tls.verify_mode = OpenSSL::SSL::VerifyMode::NONE

# Bind to the server
client = LDAP::Client.new(socket, tls)

got this:

Unhandled exception: failed to parse ASN1::BER::Identifier.bitfield.tag_class (BinData::ParseError)
  from lib/bindata/src/bindata/asn1/identifier.cr:18:3 in '__perform_read__'
  from lib/bindata/src/bindata.cr:64:5 in 'read'
  from lib/bindata/src/bindata/asn1/identifier.cr:34:7 in 'read'
  from lib/bindata/src/bindata.cr:86:5 in 'from_io'
  from /usr/lib/crystal/io.cr:879:5 in 'read_bytes'
  from lib/bindata/src/bindata/asn1/identifier.cr:1:1 in '__perform_read__'
  from lib/bindata/src/bindata.cr:64:5 in 'read'
  from lib/bindata/src/bindata/asn1.cr:66:7 in 'read'
  from lib/bindata/src/bindata.cr:86:5 in 'from_io'
  from /usr/lib/crystal/io.cr:879:5 in 'read_bytes'
  from lib/ldap/src/ldap/client.cr:133:16 in 'start_tls'
  from lib/ldap/src/ldap/client.cr:20:36 in 'initialize'
  from lib/ldap/src/ldap/client.cr:11:3 in 'new'
  from src/ldaptest2.cr:14:1 in '__crystal_main'
  from /usr/lib/crystal/crystal/main.cr:110:5 in 'main_user_code'
  from /usr/lib/crystal/crystal/main.cr:96:7 in 'main'
  from /usr/lib/crystal/crystal/main.cr:119:3 in 'main'
  from __libc_start_main
  from _start
  from ???
Caused by: Error reading socket: Connection reset by peer (IO::Error)
  from /usr/lib/crystal/io/evented.cr:61:9 in 'unbuffered_read'
  from /usr/lib/crystal/io/buffered.cr:239:12 in 'fill_buffer'
  from /usr/lib/crystal/io/buffered.cr:82:9 in 'read'
  from /usr/lib/crystal/io.cr:520:7 in 'read_fully?'
  from /usr/lib/crystal/io.cr:503:5 in 'read_fully'
  from lib/bindata/src/bindata/bitfield.cr:67:5 in 'read'
  from lib/bindata/src/bindata/asn1/identifier.cr:18:3 in '__perform_read__'
  from lib/bindata/src/bindata.cr:64:5 in 'read'
  from lib/bindata/src/bindata/asn1/identifier.cr:34:7 in 'read'
  from lib/bindata/src/bindata.cr:86:5 in 'from_io'
  from /usr/lib/crystal/io.cr:879:5 in 'read_bytes'
  from lib/bindata/src/bindata/asn1/identifier.cr:1:1 in '__perform_read__'
  from lib/bindata/src/bindata.cr:64:5 in 'read'
  from lib/bindata/src/bindata/asn1.cr:66:7 in 'read'
  from lib/bindata/src/bindata.cr:86:5 in 'from_io'
  from /usr/lib/crystal/io.cr:879:5 in 'read_bytes'
  from lib/ldap/src/ldap/client.cr:133:16 in 'start_tls'
  from lib/ldap/src/ldap/client.cr:20:36 in 'initialize'
  from lib/ldap/src/ldap/client.cr:11:3 in 'new'
  from src/ldaptest2.cr:14:1 in '__crystal_main'
  from /usr/lib/crystal/crystal/main.cr:110:5 in 'main_user_code'
  from /usr/lib/crystal/crystal/main.cr:96:7 in 'main'
  from /usr/lib/crystal/crystal/main.cr:119:3 in 'main'
  from __libc_start_main
  from _start
  from ???

[stakach]

Connection reset by peer seems to be the issue - possibly expecting the non-standard LDAPS which is probably more secure (this is what MS use by default)

require "ldap"

host = "my.domain"
port = 636

# Providing a context will upgrade to encrypted comms using start tls (official method)
tls = OpenSSL::SSL::Context::Client.new
tls.verify_mode = OpenSSL::SSL::VerifyMode::NONE

# Standard LDAP port with encrypted socket
socket = TCPSocket.new(host, port)
socket = OpenSSL::SSL::Socket::Client.new(socket, context: tls, sync_close: true, hostname: host)

# Bind to the server
client = LDAP::Client.new(socket)

[mbab]

This help.

Thank You!