activeldap 1.0.1 → 1.0.2

data/examples/al-admin/script/dbconsole

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/dbconsole'

data/lib/active_ldap.rb

@@ -905,12 +905,15 @@
 # package, and I'd like to see it prove helpful to more people than just myself.
 #
 
-require_gem_if_need = Proc.new do |library_name, gem_name|
+require_gem_if_need = Proc.new do |library_name, gem_name, *gem_args|
   begin
+    if !gem_args.empty? and Object.const_defined?(:Gem)
+      gem gem_name, *gem_args
+    end
     require library_name
   rescue LoadError
     require 'rubygems'
-    gem gem_name
+    gem gem_name, *gem_args
     require library_name
   end
 end
@@ -928,7 +931,7 @@ if dependencies.respond_to?(:load_paths)
 end
 
 module ActiveLdap
-  VERSION = "1.0.1"
+  VERSION = "1.0.2"
 end
 
 if RUBY_PLATFORM.match('linux')
@@ -939,7 +942,8 @@ end
 
 require_gem_if_need.call("active_record", "activerecord")
 begin
-  require_gem_if_need.call("gettext/active_record", "gettext")
+  require_gem_if_need.call("locale")
+  require_gem_if_need.call("gettext", "gettext", ">= 1.94")
 rescue LoadError
 end
 require 'active_ldap/get_text'
@@ -948,6 +952,7 @@ require 'active_ldap/base'
 
 require 'active_ldap/distinguished_name'
 require 'active_ldap/ldif'
+require 'active_ldap/xml'
 
 require 'active_ldap/associations'
 require 'active_ldap/attributes'
@@ -961,6 +966,7 @@ require 'active_ldap/acts/tree'
 
 require 'active_ldap/populate'
 require 'active_ldap/escape'
+require 'active_ldap/user_password'
 require 'active_ldap/helper'
 
 require 'active_ldap/validations'

data/lib/active_ldap/action_controller/ldap_benchmarking.rb

@@ -3,22 +3,31 @@ module ActiveLdap
     module LdapBenchmarking
       def self.included(base)
         base.class_eval do
-          alias_method_chain :render, :active_ldap_benchmark
-          alias_method_chain :rendering_runtime, :active_ldap
+          alias_method_chain :render_with_benchmark, :active_ldap
+          if private_method_defined?(:view_runtime)
+            alias_method_chain :view_runtime, :active_ldap
+          else
+            alias_method_chain :rendering_runtime, :active_ldap
+          end
         end
       end
 
       protected
-      def render_with_active_ldap_benchmark(*args, &block)
+      def render_with_benchmark_with_active_ldap(*args, &block)
         if logger
-          @ldap_runtime_before_render = ActiveLdap::Base.reset_runtime
-          result = render_without_active_ldap_benchmark(*args, &block)
+          ldap_runtime_before_render = ActiveLdap::Base.reset_runtime
+        end
+        result = render_with_benchmark_without_active_ldap(*args, &block)
+        if logger
+          @ldap_runtime_before_render = ldap_runtime_before_render
           @ldap_runtime_after_render = ActiveLdap::Base.reset_runtime
-          @rendering_runtime -= @ldap_runtime_after_render
-          result
-        else
-          render_without_active_ldap_benchmark(*args, &block)
+          if defined?(@rendering_runtime)
+            @rendering_runtime -= @ldap_runtime_after_render
+          else
+            @view_runtime -= @ldap_runtime_after_render
+          end
         end
+        result
       end
 
       private
@@ -30,6 +39,16 @@ module ActiveLdap
         ldap_percentage = ldap_runtime * 100 / runtime
         result + (" | LDAP: %.5f (%d%%)" % [ldap_runtime, ldap_percentage])
       end
+
+      def view_runtime_with_active_ldap
+        result = view_runtime_without_active_ldap
+        ldap_runtime = ActiveLdap::Base.reset_runtime
+        @ldap_runtime_before_render ||= 0
+        @ldap_runtime_after_render ||= 0
+        ldap_runtime += @ldap_runtime_before_render
+        ldap_runtime += @ldap_runtime_after_render
+        result + (", LDAP: %.0f" % (ldap_runtime * 1000))
+      end
     end
   end
 end

data/lib/active_ldap/adapter/base.rb

@@ -40,8 +40,9 @@ module ActiveLdap
 
       def connect(options={})
         host = options[:host] || @host
-        port = options[:port] || @port
-        method = ensure_method(options[:method] || @method)
+        method = options[:method] || @method || :plain
+        port = options[:port] || @port || ensure_port(method)
+        method = ensure_method(method)
         @disconnected = false
         @connection, @uri, @with_start_tls = yield(host, port, method)
         prepare_connection(options)
@@ -167,7 +168,11 @@ module ActiveLdap
         begin
           operation(options) do
             targets.each do |target|
-              yield(target)
+              begin
+                yield(target)
+              rescue LdapError::UnwillingToPerform, LdapError::InsufficientAccess
+                raise OperationNotPermitted, _("%s: %s") % [$!.message, target]
+              end
             end
           end
         rescue LdapError::NoSuchObject
@@ -198,7 +203,11 @@ module ActiveLdap
       def modify(dn, entries, options={})
         begin
           operation(options) do
-            yield(dn, entries)
+            begin
+              yield(dn, entries)
+            rescue LdapError::UnwillingToPerform, LdapError::InsufficientAccess
+              raise OperationNotPermitted, _("%s: %s") % [$!.message, target]
+            end
           end
         rescue LdapError::UndefinedType
           raise
@@ -213,14 +222,22 @@ module ActiveLdap
         end
       end
 
-      def log_info(name, runtime, info=nil)
+      def log_info(name, runtime_in_seconds, info=nil)
         return unless @logger
         return unless @logger.debug?
-        message = "LDAP: #{name} (#{'%f' % runtime})"
+        message = "LDAP: #{name} (#{'%.1f' % (runtime_in_seconds * 1000)}ms)"
         @logger.debug(format_log_entry(message, info))
       end
 
       private
+      def ensure_port(method)
+        if method == :ssl
+          URI::LDAPS::DEFAULT_PORT
+        else
+          URI::LDAP::DEFAULT_PORT
+        end
+      end
+
       def prepare_connection(options)
       end
 
@@ -388,7 +405,7 @@ module ActiveLdap
           when Hash
             options = value[0]
             value = value[1]
-          when "=", "~=", "<=", "=>"
+          when "=", "~=", "<=", ">="
             options[:operator] = value[0]
             if value.size > 2
               value = value[1..-1]
@@ -601,17 +618,13 @@ module ActiveLdap
 
       def log(name, info=nil)
         if block_given?
-          if @logger and @logger.debug?
-            result = nil
-            runtime = Benchmark.realtime {result = yield}
-            @runtime += runtime
-            log_info(name, runtime, info)
-            result
-          else
-            yield
-          end
+          result = nil
+          seconds = Benchmark.realtime {result = yield}
+          @runtime += seconds
+          log_info(name, seconds, info)
+          result
         else
-          log_info(name, info, 0)
+          log_info(name, 0, info)
           nil
         end
       rescue Exception

data/lib/active_ldap/adapter/jndi.rb

@@ -153,8 +153,12 @@ module ActiveLdap
           mod_type = ensure_mod_type(type)
           binary = schema.attribute(key).binary?
           attributes.each do |name, values|
+            real_binary = binary
+            if values.any? {|value| Ldif::Attribute.binary_value?(value)}
+              real_binary = true
+            end
             result << JndiConnection::ModifyRecord.new(mod_type, name,
-                                                       values, binary)
+                                                       values, real_binary)
           end
         end
         result

data/lib/active_ldap/adapter/ldap.rb

@@ -257,7 +257,11 @@ module ActiveLdap
           binary = schema.attribute(key).binary?
           mod_type |= LDAP::LDAP_MOD_BVALUES if binary
           attributes.each do |name, values|
-            result << LDAP.mod(mod_type, name, values)
+            additional_mod_type = 0
+            if values.any? {|value| Ldif::Attribute.binary_value?(value)}
+              additional_mod_type |= LDAP::LDAP_MOD_BVALUES
+            end
+            result << LDAP.mod(mod_type | additional_mod_type, name, values)
           end
         end
         result

data/lib/active_ldap/association/has_many_utils.rb

@@ -19,7 +19,13 @@ module ActiveLdap
               target
             end
           end
-          targets = foreign_class.find(requested_targets, find_options)
+          targets = []
+          requested_targets.each do |target|
+            begin
+              targets << foreign_class.find(target, find_options)
+            rescue EntryNotFound
+            end
+          end
         else
           components = requested_targets.collect do |value|
             [foreign_base_key, value]

data/lib/active_ldap/associations.rb

@@ -31,7 +31,8 @@ module ActiveLdap
       #
       # This defines a method for an extension class map its DN key
       # attribute value on to multiple items which reference it by
-      # |:foreign_key| in the other LDAP entry covered by class |:class_name|.
+      # |:foreign_key| in the other LDAP entry covered by class
+      # |:class_name|.
       #
       # Example:
       #  belongs_to :groups, :class_name => "Group",
@@ -44,7 +45,8 @@ module ActiveLdap
       #
       def belongs_to(association_id, options={})
         validate_belongs_to_options(options)
-        klass = options[:class] || association_id.to_s.classify
+        klass = options[:class]
+        klass ||= (options[:class_name] || association_id.to_s).classify
         foreign_key = options[:foreign_key]
         primary_key = options[:primary_key]
         many = options[:many]
@@ -96,7 +98,8 @@ module ActiveLdap
       #            :wrap => "memberUid" # Group#memberUid
       def has_many(association_id, options = {})
         validate_has_many_options(options)
-        klass = options[:class] || association_id.to_s.classify
+        klass = options[:class]
+        klass ||= (options[:class_name] || association_id.to_s).classify
         foreign_key = options[:foreign_key] || "#{association_id}_id"
         primary_key = options[:primary_key]
         set_associated_class(association_id, klass)
@@ -149,13 +152,15 @@ module ActiveLdap
         EOM
       end
 
-      VALID_BELONGS_TO_OPTIONS = [:class, :foreign_key, :primary_key, :many,
+      VALID_BELONGS_TO_OPTIONS = [:class, :class_name,
+                                  :foreign_key, :primary_key, :many,
                                   :extend]
       def validate_belongs_to_options(options)
         options.assert_valid_keys(VALID_BELONGS_TO_OPTIONS)
       end
 
-      VALID_HAS_MANY_OPTIONS = [:class, :foreign_key, :primary_key, :wrap,
+      VALID_HAS_MANY_OPTIONS = [:class, :class_name,
+                                :foreign_key, :primary_key, :wrap,
                                 :extend]
       def validate_has_many_options(options)
         options.assert_valid_keys(VALID_HAS_MANY_OPTIONS)

data/lib/active_ldap/attributes.rb

@@ -126,7 +126,12 @@ module ActiveLdap
     end
 
     def attributes_protected_by_default
-      [dn_attribute, 'objectClass']
+      _dn_attribute = nil
+      begin
+        _dn_attribute = dn_attribute_with_fallback
+      rescue DistinguishedNameInvalid
+      end
+      [_dn_attribute, 'objectClass'].compact
     end
 
     def normalize_attribute_name(name)

data/lib/active_ldap/base.rb

@@ -30,6 +30,7 @@
 
 require 'English'
 require 'thread'
+require 'erb'
 
 module ActiveLdap
   # OO-interface to LDAP assuming pam/nss_ldap-style organization with
@@ -438,6 +439,8 @@ module ActiveLdap
       def inspect
         if self == Base
           super
+        elsif abstract_class?
+          "#{super}(abstract)"
         else
           class_names = []
           must = []
@@ -454,6 +457,48 @@ module ActiveLdap
         end
       end
 
+      attr_accessor :abstract_class
+      def abstract_class?
+        defined?(@abstract_class) && @abstract_class
+      end
+
+      def class_of_active_ldap_descendant(klass)
+        if klass.superclass == Base or klass.superclass.abstract_class?
+          klass
+        elsif klass.superclass.nil?
+          raise Error, _("%s doesn't belong in a hierarchy descending " \
+                         "from ActiveLdap") % (name || to_s)
+        else
+          class_of_active_ldap_descendant(klass.superclass)
+        end
+      end
+
+      def self_and_descendents_from_active_ldap
+        klass = self
+        classes = [klass]
+        while klass != klass.base_class
+          classes << klass = klass.superclass
+        end
+        classes
+      rescue
+        [self]
+      end
+      alias_method(:self_and_descendents_from_active_record,
+                   :self_and_descendents_from_active_ldap)
+
+      def human_name(options={})
+        defaults = self_and_descendents_from_active_ldap.collect do |klass|
+          if klass.name.blank?
+            nil
+          else
+            :"#{klass.name.underscore}"
+          end
+        end
+        defaults << name.humanize
+        defaults = defaults.compact
+        defaults.first || name || to_s
+      end
+
       private
       def inspect_attributes(attributes)
 	inspected_attribute_names = {}
@@ -579,7 +624,6 @@ module ActiveLdap
         raise ArgumentError, format % attributes.inspect
       end
       yield self if block_given?
-      assert_dn_attribute
     end
 
     # Returns true if the +comparison_object+ is the same object, or is of
@@ -648,7 +692,7 @@ module ActiveLdap
     end
 
     def id
-      get_attribute(dn_attribute)
+      get_attribute(dn_attribute_with_fallback)
     end
 
     def to_param
@@ -656,13 +700,14 @@ module ActiveLdap
     end
 
     def dn=(value)
-      set_attribute(dn_attribute, value)
+      set_attribute(dn_attribute_with_fallback, value)
       @dn = nil
     end
     alias_method(:id=, :dn=)
 
     alias_method(:dn_attribute_of_class, :dn_attribute)
     def dn_attribute
+      ensure_update_dn
       _dn_attribute = @dn_attribute || dn_attribute_of_class
       to_real_attribute_name(_dn_attribute) || _dn_attribute
     end
@@ -792,7 +837,7 @@ module ActiveLdap
     # Also be sure to only pass in key-value pairs of your choosing.
     # Do not let URL/form hackers supply the keys.
     def attributes=(new_attributes)
-      return if new_attributes.nil?
+      return if new_attributes.blank?
       _schema = _local_entry_attribute = nil
       targets = remove_attributes_protected_from_mass_assignment(new_attributes)
       targets.each do |key, value|
@@ -817,26 +862,23 @@ module ActiveLdap
     end
 
     def to_xml(options={})
-      root = options[:root] || self.class.name.underscore
-      result = "<#{root}>\n"
-      result << "  <dn>#{dn}</dn>\n"
-      normalize_data(@data).sort_by {|key, values| key}.each do |key, values|
-        targets = []
-        values.each do |value|
-          if value.is_a?(Hash)
-            value.each do |option, real_value|
-              targets << [real_value, " #{option}=\"true\""]
-            end
+      options = options.dup
+      options[:root] ||= self.class.name.underscore
+      except = options[:except]
+      if except
+        options[:except] = except.collect do |name|
+          if name.to_s.downcase == "dn"
+            "dn"
           else
-            targets << [value]
+            to_real_attribute_name(name)
           end
-        end
-        targets.sort_by {|value, attr| value}.each do |value, attr|
-          result << "  <#{key}#{attr}>#{value}</#{key}>\n"
-        end
+        end.compact
       end
-      result << "</#{root}>\n"
-      result
+      XML.new(dn, normalize_data(@data), schema).to_s(options)
+    end
+
+    def to_s
+      to_ldif
     end
 
     def have_attribute?(name, except=[])
@@ -922,7 +964,10 @@ module ActiveLdap
 
     alias_method :base_of_class, :base
     def base
-      [@base, base_of_class].compact.join(",")
+      ensure_update_dn
+      [@base, base_of_class].find_all do |component|
+        not component.blank?
+      end.join(",")
     end
 
     undef_method :base=
@@ -959,6 +1004,17 @@ module ActiveLdap
     end
 
     private
+    def dn_attribute_with_fallback
+      begin
+        dn_attribute
+      rescue DistinguishedNameInvalid
+        _dn_attribute = @dn_attribute || dn_attribute_of_class
+        _dn_attribute = to_real_attribute_name(_dn_attribute) || _dn_attribute
+        raise if _dn_attribute.nil?
+        _dn_attribute
+      end
+    end
+
     def inspect_attribute(name)
       values = get_attribute(name, true)
       values.collect do |value|
@@ -1014,7 +1070,6 @@ module ActiveLdap
       self.dn = dn
       self.attributes = attributes
       yield self if block_given?
-      assert_dn_attribute
     end
 
     def instantiate(args)
@@ -1059,6 +1114,8 @@ module ActiveLdap
       @base = nil
       @scope = nil
       @dn = nil
+      @dn_is_base = false
+      @dn_split_value = nil
       @connection ||= nil
       clear_connection_based_cache
     end
@@ -1119,35 +1176,61 @@ module ActiveLdap
     #
     # Set the value of the attribute called by method_missing?
     def set_attribute(name, value)
-      attr = to_real_attribute_name(name)
-      attr, value = update_dn(attr, value) if attr == dn_attribute
-      raise UnknownAttribute.new(name) if attr.nil?
+      real_name = to_real_attribute_name(name)
+      _dn_attribute = nil
+      valid_dn_attribute = true
+      begin
+        _dn_attribute = dn_attribute
+      rescue DistinguishedNameInvalid
+        valid_dn_attribute = false
+      end
+      if valid_dn_attribute and real_name == _dn_attribute
+        real_name, value = register_new_dn_attribute(real_name, value)
+      end
+      raise UnknownAttribute.new(name) if real_name.nil?
 
-      @data[attr] = value
+      @data[real_name] = value
     end
 
-    def update_dn(attr, value)
+    def register_new_dn_attribute(name, value)
       @dn = nil
       @dn_is_base = false
-      return [attr, nil] if value.blank?
+      if value.blank?
+        @dn_split_value = nil
+        [name, nil]
+      else
+        new_name, new_value, raw_new_value, new_bases = split_dn_value(value)
+        @dn_split_value = [new_name, new_value, new_bases]
+        if new_name.nil? and new_value.nil?
+          new_name, raw_new_value = new_bases[0].to_a[0]
+        end
+        [to_real_attribute_name(new_name) || name,
+         raw_new_value || value]
+      end
+    end
 
-      new_dn_attribute, new_value, bases = split_dn_value(value)
-      if new_dn_attribute.nil? and new_value.nil?
+    def update_dn(new_name, new_value, bases)
+      if new_name.nil? and new_value.nil?
         @dn_is_base = true
         @base = nil
         attr, value = bases[0].to_a[0]
         @dn_attribute = attr
       else
-        new_dn_attribute = to_real_attribute_name(new_dn_attribute)
-        if new_dn_attribute
-          value = new_value
-          @base = bases.empty? ? nil : DN.new(*bases).to_s
-          if dn_attribute != new_dn_attribute
-            @dn_attribute = attr = new_dn_attribute
-          end
+        new_name ||= @dn_attribute || dn_attribute_of_class
+        new_name = to_real_attribute_name(new_name)
+        if new_name.nil?
+          new_name = @dn_attribute || dn_attribute_of_class
+          new_name = to_real_attribute_name(new_name)
         end
+        new_bases = bases.empty? ? nil : DN.new(*bases).to_s
+        dn_components = ["#{new_name}=#{new_value}",
+                         new_bases,
+                         base_of_class]
+        dn_components = dn_components.find_all {|component| !component.blank?}
+        DN.parse(dn_components.join(','))
+        @base = new_bases
+        @dn_attribute = new_name
       end
-      [attr, value]
     end
 
     def split_dn_value(value)
@@ -1156,9 +1239,14 @@ module ActiveLdap
         dn_value = value if value.is_a?(DN)
         dn_value ||= DN.parse(value)
       rescue DistinguishedNameInvalid
-        dn_value = DN.parse("#{dn_attribute}=#{value}")
+        begin
+          dn_value = DN.parse("#{dn_attribute}=#{value}")
+        rescue DistinguishedNameInvalid
+          return [nil, value, value, []]
+        end
       end
 
+      val = bases = nil
       begin
         relative_dn_value = dn_value - self.class.parsed_base
         if relative_dn_value.rdns.empty?
@@ -1172,20 +1260,41 @@ module ActiveLdap
       end
 
       dn_attribute_name, dn_attribute_value = val.to_a[0]
-      [dn_attribute_name, dn_attribute_value, bases]
+      escaped_dn_attribute_value = nil
+      unless dn_attribute_value.nil?
+        escaped_dn_attribute_value = DN.escape_value(dn_attribute_value)
+      end
+      [dn_attribute_name, escaped_dn_attribute_value,
+       dn_attribute_value, bases]
+    end
+
+    def need_update_dn?
+      not @dn_split_value.nil?
+    end
+
+    def ensure_update_dn
+      return unless need_update_dn?
+      @mutex.synchronize do
+        if @dn_split_value
+          update_dn(*@dn_split_value)
+          @dn_split_value = nil
+        end
+      end
     end
 
     def compute_dn(escape_dn_value=false)
       return base if @dn_is_base
 
+      ensure_update_dn
       dn_value = id
       if dn_value.nil?
-        raise DistinguishedNameNotSetError.new,
-                _("%s's DN attribute (%s) isn't set") % [self, dn_attribute]
+        format =_("%s's DN attribute (%s) isn't set")
+        message = format % [self.inspect, dn_attribute]
+        raise DistinguishedNameNotSetError.new, message
       end
-      dn_value = DN.escape_value(dn_value) if escape_dn_value
+      dn_value = DN.escape_value(dn_value.to_s) if escape_dn_value
       _base = base
-      _base = nil if _base.empty?
+      _base = nil if _base.blank?
       ["#{dn_attribute}=#{dn_value}", _base].compact.join(",")
     end
 
@@ -1292,13 +1401,6 @@ module ActiveLdap
       attributes
     end
 
-    def assert_dn_attribute
-      unless dn_attribute
-        raise ConfigurationError,
-                _("dn_attribute isn't set for this class: %s") % self.class
-      end
-    end
-
     def create_or_update
       new_entry? ? create : update
     end