We ended up analysing four different solutions for solving the problem.
This approach involved using the Active LDAP Ruby which “provides an object oriented interface to LDAP. It maps LDAP entries to Ruby objects with LDAP attribute accessors based on your LDAP server’s schema and each object’s objectClasses”.
We had real problems trying to even connect to our OpenDS server using this library. We eventually found out that OpenDS is not actually listed as one of the supported interfaces.
The real benefit of this approach was that the library is written in Ruby meaning that getting permission to install it would be easier.
The fact that we couldn’t actually get it to work didn’t help!
Java LDAP libraries + RJB
We were able to solve the problem quite easily using this approach but the Ruby code we ended up writing was very Javaesque in style and it didn’t feel like we were utilising the power of Ruby by using Java for such a fundamental part of the problem we were attempting to solve.
On the positive side RJB is easily installable via a gem and we were able to connect to OpenDS and execute the operations that were required.
The third option we looked at was Ruby-LDAP, a Ruby extension library written in C.
The disadvantage of this was that we needed to have make available to install it onto our machine. Seeing as we were using a Mac this meant downloading XCode to make use of the GCC compiler.
Interacting with the different libraries was tricky initially but we eventually got the hang of it and were able to connect to OpenDS despite it not being listed as one of the supported libraries.
ruby-net-ldap is a pure Ruby LDAP library, installable via a gem.
This had by far the best examples and most intuitive interface of the options that we analysed and worked for us first time without too much fuss. Connecting to our Open DS server was seamless.
Our original selection, despite the slightly more complicated installation was Ruby-LDAP.
However, Ola Bini pointed out ruby-net-ldap which actually proved to meet our criteria even more closely than Ruby-LDAP did and as such was the option we went with.