activeldap 0.9.0 → 0.10.0

data/lib/active_ldap/adapter/jndi_connection.rb

@@ -0,0 +1,180 @@
+require 'java'
+
+java.util.Enumeration.module_eval do
+  include Enumerable
+
+  def each
+    while has_more_elements
+      yield(next_element)
+    end
+  end
+end
+
+module ActiveLdap
+  module Adapter
+    class JndiConnection
+      HashTable = java.util.Hashtable
+      naming = javax.naming
+      directory = naming.directory
+      ldap = naming.ldap
+      InitialDirContext = directory.InitialDirContext
+      InitialLdapContext = ldap.InitialLdapContext
+      SearchControls = directory.SearchControls
+      ModificationItem = directory.ModificationItem
+      BasicAttributes = directory.BasicAttributes
+      Context = naming.Context
+      StartTlsRequest = ldap.StartTlsRequest
+      Control = ldap.Control
+
+      NamingException = naming.NamingException
+      NameNotFoundException = naming.NameNotFoundException
+
+      class ModifyRecord
+        directory = javax.naming.directory
+        DirContext = directory.DirContext
+        BasicAttribute = directory.BasicAttribute
+
+        ADD_ATTRIBUTE = DirContext::ADD_ATTRIBUTE
+        REPLACE_ATTRIBUTE = DirContext::REPLACE_ATTRIBUTE
+        REMOVE_ATTRIBUTE = DirContext::REMOVE_ATTRIBUTE
+
+        attr_reader :type, :name, :values
+        def initialize(type, name, values, binary)
+          @type = self.class.const_get("#{type.to_s.upcase}_ATTRIBUTE")
+          @name = name
+          @values = values
+          @binary = binary
+        end
+
+        def binary?
+          @binary
+        end
+
+        def to_java_modification_item
+          ModificationItem.new(@type, to_java_attribute)
+        end
+
+        def to_java_attribute
+          attribute = BasicAttribute.new(@name)
+          values = @values
+          values = values.collect(&:to_java_bytes) if binary?
+          values.each do |value|
+            attribute.add(value)
+          end
+          attribute
+        end
+      end
+
+      def initialize(host, port, method)
+        @host = host
+        @port = port
+        @method = method
+        @context = nil
+        @tls = nil
+      end
+
+      def unbind
+        @tls.close if @tls
+        @tls = nil
+        @context.close if @context
+        @context = nil
+      end
+
+      def bound?
+        not @context.nil?
+      end
+
+      def sasl_bind(bind_dn, mechanism, quiet)
+        setup_context(bind_dn, password, mechanism)
+        bound?
+      end
+
+      def simple_bind(bind_dn, password)
+        setup_context(bind_dn, password, "simple")
+        bound?
+      end
+
+      def bind_as_anonymous
+        setup_context(nil, nil, "none")
+        bound?
+      end
+
+      def search(base, scope, filter, attrs, limit, callback, &block)
+        controls = SearchControls.new
+        controls.search_scope = scope
+
+        if attrs && !attrs.empty?
+          controls.returning_attributes = attrs.to_java(:string)
+        end
+
+        i = 0
+        @context.search(base, filter, controls).each do |result|
+          i += 1
+          attributes = {}
+          result.attributes.get_all.each do |attribute|
+            attributes[attribute.get_id] = attribute.get_all.collect do |value|
+              value.is_a?(String) ? value : String.from_java_bytes(value)
+            end
+          end
+          callback.call([result.name_in_namespace, attributes], block)
+          break if limit and limit <= i
+        end
+      end
+
+      def add(dn, records)
+        attributes = BasicAttributes.new
+        records.each do |record|
+          attributes.put(record.to_java_attribute)
+        end
+        @context.create_subcontext(dn, attributes)
+      end
+
+      def modify(dn, records)
+        items = records.collect(&:to_java_modification_item)
+        @context.modify_attributes(dn, items.to_java(ModificationItem))
+      end
+
+      def modify_rdn(dn, new_rdn, delete_old_rdn)
+        # should use mutex
+        delete_rdn_key = "java.naming.ldap.deleteRDN"
+        @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
+        @context.rename(dn, new_rdn)
+      ensure
+        @context.remove_from_environment(delete_rdn_key)
+      end
+
+      def delete(dn)
+        @context.destroy_subcontext(dn)
+      end
+
+      private
+      def setup_context(bind_dn, password, authentication)
+        unbind
+        environment = {
+          Context::INITIAL_CONTEXT_FACTORY => "com.sun.jndi.ldap.LdapCtxFactory",
+          Context::PROVIDER_URL => ldap_uri,
+        }
+        environment = HashTable.new(environment)
+        context = InitialLdapContext.new(environment, nil)
+        if @method == :start_tls
+          @tls = context.extended_operation(StartTlsRequest.new)
+          @tls.negotiate
+        end
+        context.add_to_environment(Context::SECURITY_AUTHENTICATION,
+                                   authentication)
+        if bind_dn
+          context.add_to_environment(Context::SECURITY_PRINCIPAL, bind_dn)
+        end
+        if password
+          context.add_to_environment(Context::SECURITY_CREDENTIALS, password)
+        end
+        @context = context
+      end
+
+      def ldap_uri
+        protocol = @method == :ssl ? "ldaps" : "ldap"
+        "#{protocol}://#{@host}:#{@port}/"
+      end
+    end
+  end
+end

data/lib/active_ldap/adapter/ldap.rb

@@ -13,19 +13,37 @@ module ActiveLdap
 
     class Ldap < Base
       module Method
-        class SSL
+        class Base
+          def ssl?
+            false
+          end
+
+          def start_tls?
+            false
+          end
+        end
+
+        class SSL < Base
           def connect(host, port)
             LDAP::SSLConn.new(host, port, false)
           end
+
+          def ssl?
+            true
+          end
         end
 
-        class TLS
+        class TLS < Base
           def connect(host, port)
             LDAP::SSLConn.new(host, port, true)
           end
+
+          def start_tls?
+            true
+          end
         end
 
-        class Plain
+        class Plain < Base
           def connect(host, port)
             LDAP::Conn.new(host, port)
           end
@@ -34,7 +52,11 @@ module ActiveLdap
 
       def connect(options={})
         super do |host, port, method|
-          method.connect(host, port)
+          uri = construct_uri(host, port, method.ssl?)
+          with_start_tls = method.start_tls?
+          info = {:uri => uri, :with_start_tls => with_start_tls}
+          [log("connect", info) {method.connect(host, port)},
+           uri, with_start_tls]
         end
       end
 
@@ -53,7 +75,7 @@ module ActiveLdap
 
       def bind_as_anonymous(options={})
         super do
-          execute(:bind)
+          execute(:bind, :name => "bind: anonymous")
           true
         end
       end
@@ -66,7 +88,11 @@ module ActiveLdap
         super(options) do |base, scope, filter, attrs, limit, callback|
           begin
             i = 0
-            execute(:search, base, scope, filter, attrs) do |entry|
+            info = {
+              :base => base, :scope => scope_name(scope),
+              :filter => filter, :attributes => attrs,
+            }
+            execute(:search, info, base, scope, filter, attrs) do |entry|
               i += 1
               attributes = {}
               entry.attrs.each do |attr|
@@ -76,6 +102,11 @@ module ActiveLdap
               break if limit and limit <= i
             end
           rescue RuntimeError
+            begin
+              @connection.assert_error_code
+            rescue LDAP::ServerDown
+              raise ConnectionError, $!.message
+            end
             if $!.message == "no result returned by search"
               @logger.debug do
                 args = [filter, attrs.inspect]
@@ -88,37 +119,55 @@ module ActiveLdap
         end
       end
 
-      def to_ldif(dn, attributes)
-        ldif = LDAP::LDIF.to_ldif("dn", [dn.dup])
-        attributes.sort_by do |key, value|
-          key
-        end.each do |key, values|
-          ldif << LDAP::LDIF.to_ldif(key, values)
-        end
-        ldif
-      end
-
-      def load(ldifs, options={})
-        super do |ldif|
-          LDAP::LDIF.parse_entry(ldif).send(@connection)
-        end
-      end
-
       def delete(targets, options={})
         super do |target|
-          execute(:delete, target)
+          controls = options[:controls]
+          info = {:dn => target}
+          if controls
+            info.merge!(:name => :delete, :controls => controls)
+            execute(:delete_ext, info,
+                    target, controls, [])
+          else
+            execute(:delete, info, target)
+          end
         end
       end
 
       def add(dn, entries, options={})
         super do |dn, entries|
-          execute(:add, dn, parse_entries(entries))
+          controls = options[:controls]
+          attributes = parse_entries(entries)
+          info = {:dn => dn, :attributes => entries}
+          if controls
+            info.merge!(:name => :add, :controls => controls)
+            execute(:add_ext, info, dn, attributes, controls, [])
+          else
+            execute(:add, info, dn, attributes)
+          end
         end
       end
 
       def modify(dn, entries, options={})
         super do |dn, entries|
-          execute(:modify, dn, parse_entries(entries))
+          controls = options[:controls]
+          attributes = parse_entries(entries)
+          info = {:dn => dn, :attributes => entries}
+          if controls
+            info.merge!(:name => :modify, :controls => controls)
+            execute(:modify_ext, info, dn, attributes, controls, [])
+          else
+            execute(:modify, info, dn, attributes)
+          end
+        end
+      end
+
+      def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
+        super do |dn, new_rdn, delete_old_rdn, new_superior|
+          info = {
+            :name => "modify: RDN",
+            :dn => dn, :new_rdn => new_rdn, :delete_old_rdn => delete_old_rdn
+          }
+          execute(:modrdn, info, dn, new_rdn, delete_old_rdn)
         end
       end
 
@@ -129,31 +178,16 @@ module ActiveLdap
         end
       end
 
-      def root_dse(attributes, options={})
-        sec = options[:sec] || 0
-        usec = options[:usec] || 0
-        @connection.root_dse(attributes, sec, usec)
-      end
-
-      def execute(method, *args, &block)
+      def execute(method, info=nil, *args, &block)
         begin
-          @connection.send(method, *args, &block)
+          name = (info || {}).delete(:name) || method
+          log(name, info) {@connection.send(method, *args, &block)}
         rescue LDAP::ResultError
           @connection.assert_error_code
           raise $!.message
         end
       end
 
-      def with_timeout(try_reconnect=true, options={}, &block)
-        begin
-          super
-        rescue LDAP::ServerDown => e
-          @logger.error {_("LDAP server is down: %s") % e.message}
-          retry if try_reconnect and reconnect(options)
-          raise ConnectionError.new(e.message)
-        end
-      end
-
       def ensure_method(method)
         Method.constants.each do |name|
           if method.to_s.downcase == name.downcase
@@ -183,6 +217,14 @@ module ActiveLdap
         value
       end
 
+      def scope_name(scope)
+        {
+          LDAP::LDAP_SCOPE_BASE => :base,
+          LDAP::LDAP_SCOPE_SUBTREE => :sub,
+          LDAP::LDAP_SCOPE_ONELEVEL => :one,
+        }[scope]
+      end
+
       def sasl_bind(bind_dn, options={})
         super do |bind_dn, mechanism, quiet|
           begin
@@ -192,7 +234,10 @@ module ActiveLdap
             if need_credential_sasl_mechanism?(mechanism)
               args << password(bind_dn, options)
             end
-            execute(:sasl_bind, *args)
+            info = {
+              :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism
+            }
+            execute(:sasl_bind, info, *args)
           ensure
             @connection.sasl_quiet = sasl_quiet
           end
@@ -201,7 +246,7 @@ module ActiveLdap
 
       def simple_bind(bind_dn, options={})
         super do |bind_dn, passwd|
-          execute(:bind, bind_dn, passwd)
+          execute(:bind, {:dn => bind_dn}, bind_dn, passwd)
         end
       end
 
@@ -220,7 +265,7 @@ module ActiveLdap
 
       def ensure_mod_type(type)
         case type
-        when :replace, :add
+        when :replace, :add, :delete
           LDAP.const_get("LDAP_MOD_#{type.to_s.upcase}")
         else
           raise ArgumentError, _("unknown type: %s") % type

data/lib/active_ldap/adapter/ldap_ext.rb

@@ -3,6 +3,10 @@ require 'ldap/ldif'
 require 'ldap/schema'
 
 module LDAP
+  unless const_defined?(:LDAP_OPT_ERROR_NUMBER)
+    LDAP_OPT_ERROR_NUMBER = 0x0031
+  end
+
   class Mod
     unless instance_method(:to_s).arity.zero?
       alias_method :original_to_s, :to_s
@@ -47,12 +51,18 @@ module LDAP
 
   class Conn
     def failed?
-      not err.zero?
+      not error_code.zero?
+    end
+
+    def error_code
+      code = err
+      code = get_option(LDAP_OPT_ERROR_NUMBER) if code.zero?
+      code
     end
 
     def error_message
       if failed?
-        LDAP.err2string(err)
+        LDAP.err2string(error_code)
       else
         nil
       end
@@ -60,10 +70,14 @@ module LDAP
 
     def assert_error_code
       return unless failed?
-      klass = ActiveLdap::LdapError::ERRORS[err]
-      klass ||= IMPLEMENT_SPECIFIC_ERRORS[err]
+      code = error_code
+      klass = ActiveLdap::LdapError::ERRORS[code]
+      klass ||= IMPLEMENT_SPECIFIC_ERRORS[code]
+      if klass.nil? and error_message == "Can't contact LDAP server"
+        klass = LDAP::ServerDown
+      end
       klass ||= ActiveLdap::LdapError
-      raise klass, LDAP.err2string(err)
+      raise klass, LDAP.err2string(code)
     end
   end
 end