activeldap 1.0.2 → 1.0.9

data/examples/useradd

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 if User.exists?(name)
   $stderr.puts("User #{name} already exists.")

data/examples/useradd-binary

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 if User.exists?(name)
   $stderr.puts("User #{name} already exists.")
@@ -40,7 +40,10 @@ user.gid_number = uid
 user.home_directory = "/home/#{name}"
 user.add_class('strongAuthenticationUser')
 cert_file = File.join(File.dirname(__FILE__), 'example.der')
-user.user_certificate = File.read(cert_file)
+File.open(cert_file) do |input|
+  input.set_encoding("ascii-8bit") if input.respond_to?(:set_encoding)
+  user.user_certificate = input.read
+end
 
 unless user.save
   puts "failed"

data/examples/userdel

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 unless User.exists?(name)
   $stderr.puts("User #{name} doesn't exist.")

data/examples/userls

@@ -25,8 +25,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 unless User.exists?(name)
   $stderr.puts("User #{name} doesn't exist.")

data/examples/usermod

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 unless User.exists?(name)
   $stderr.puts("User #{name} doesn't exist.")

data/examples/usermod-binary-add

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 unless User.exists?(name)
   $stderr.puts("User #{name} doesn't exist.")
@@ -38,7 +38,10 @@ user.gid_number = uid
 
 user.add_class('strongAuthenticationUser')
 cert_file = File.join(File.dirname(__FILE__), 'example.der')
-user.user_certificate = File.read(cert_file)
+File.open(cert_file) do |input|
+  input.set_encoding("ascii-8bit") if input.respond_to?(:set_encoding)
+  user.user_certificate = input.read
+end
 
 unless user.save
   puts "failed"

data/examples/usermod-binary-add-time

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 unless User.exists?(name)
   $stderr.puts("User #{name} doesn't exist.")
@@ -39,7 +39,10 @@ end
 
   user.add_class('strongAuthenticationUser')
   cert_file = File.join(File.dirname(__FILE__), 'example.der')
-  user.user_certificate = File.read(cert_file)
+  File.open(cert_file) do |input|
+    input.set_encoding("ascii-8bit") if input.respond_to?(:set_encoding)
+    user.user_certificate = input.read
+  end
 
   unless user.save
     puts "failed #{i}"

data/examples/usermod-binary-del

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 unless User.exists?(name)
   $stderr.puts("User #{name} doesn't exist.")

data/examples/usermod-lang-add

@@ -23,8 +23,8 @@ pwb = Proc.new do |user|
   ActiveLdap::Command.read_password("[#{user}] Password: ")
 end
 
-ActiveLdap::Base.establish_connection(:password_block => pwb,
-                                      :allow_anonymous => false)
+ActiveLdap::Base.setup_connection(:password_block => pwb,
+                                  :allow_anonymous => false)
 
 unless User.exists?(name)
   $stderr.puts("User #{name} doesn't exist.")

data/lib/active_ldap/adapter/base.rb

@@ -24,6 +24,8 @@ module ActiveLdap
         @runtime = 0
         @connection = nil
         @disconnected = false
+        @bound = false
+        @bind_tried = false
         @entry_attributes = {}
         @configuration = configuration.dup
         @logger = @configuration.delete(:logger)
@@ -44,15 +46,17 @@ module ActiveLdap
         port = options[:port] || @port || ensure_port(method)
         method = ensure_method(method)
         @disconnected = false
+        @bound = false
+        @bind_tried = false
         @connection, @uri, @with_start_tls = yield(host, port, method)
         prepare_connection(options)
         bind(options)
       end
 
       def disconnect!(options={})
-        return if @connection.nil?
         unbind(options)
         @connection = @uri = @with_start_tls = nil
+        @disconnected = true
       end
 
       def rebind(options={})
@@ -61,6 +65,8 @@ module ActiveLdap
       end
 
       def bind(options={})
+        @bind_tried = true
+
         bind_dn = options[:bind_dn] || @bind_dn
         try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
         if options.has_key?(:allow_anonymous)
@@ -86,19 +92,27 @@ module ActiveLdap
           raise AuthenticationError, message
         end
 
-        bound?
+        @bound = true
+        @bound
+      end
+
+      def unbind(options={})
+        yield if @connection and (@bind_tried or bound?)
+        @bind_tried = @bound = false
       end
 
       def bind_as_anonymous(options={})
-        operation(options) do
-          yield
-        end
+        yield
       end
 
       def connecting?
         !@connection.nil? and !@disconnected
       end
 
+      def bound?
+        connecting? and @bound
+      end
+
       def schema(options={})
         @schema ||= operation(options) do
           base = options[:base]
@@ -164,7 +178,6 @@ module ActiveLdap
       def delete(targets, options={})
         targets = [targets] unless targets.is_a?(Array)
         return if targets.empty?
-        target = nil
         begin
           operation(options) do
             targets.each do |target|
@@ -293,11 +306,19 @@ module ActiveLdap
       end
 
       def with_timeout(try_reconnect=true, options={}, &block)
+        n_retries = 0
+        retry_limit = options[:retry_limit] || @retry_limit
         begin
           Timeout.alarm(@timeout, &block)
         rescue Timeout::Error => e
           @logger.error {_('Requested action timed out.')}
-          retry if @retry_on_timeout and try_reconnect and reconnect(options)
+          if @retry_on_timeout and retry_limit < 0 and n_retries <= retry_limit
+            if connecting?
+              retry
+            elsif try_reconnect
+              retry if with_timeout(false, options) {reconnect(options)}
+            end
+          end
           @logger.error {e.message}
           raise TimeoutError, e.message
         end
@@ -318,10 +339,7 @@ module ActiveLdap
         sasl_mechanisms = options[:sasl_mechanisms] || @sasl_mechanisms
         sasl_mechanisms.each do |mechanism|
           next unless mechanisms.include?(mechanism)
-          operation(options) do
-            yield(bind_dn, mechanism, sasl_quiet)
-            return true if bound?
-          end
+          return true if yield(bind_dn, mechanism, sasl_quiet)
         end
         false
       end
@@ -343,10 +361,7 @@ module ActiveLdap
         end
 
         begin
-          operation(options) do
-            yield(bind_dn, passwd)
-            bound?
-          end
+          yield(bind_dn, passwd)
         rescue LdapError::InvalidDnSyntax
           raise DistinguishedNameInvalid.new(bind_dn)
         rescue LdapError::InvalidCredentials
@@ -484,7 +499,11 @@ module ActiveLdap
             s
           else
             s = "*" if s == "**"
-            "\\%02X" % s[0]
+            if s.respond_to?(:getbyte)
+              "\\%02X" % s.getbyte(0)
+            else
+              "\\%02X" % s[0]
+            end
           end
         end
       end
@@ -544,11 +563,6 @@ module ActiveLdap
         options[:reconnect_attempts] ||= 0
 
         loop do
-          unless can_reconnect?(options)
-            raise ConnectionError,
-                  _('Giving up trying to reconnect to LDAP server.')
-          end
-
           @logger.debug {_('Attempting to reconnect')}
           disconnect!
 
@@ -558,6 +572,8 @@ module ActiveLdap
           begin
             connect(options)
             break
+          rescue AuthenticationError
+            raise
           rescue => detail
             @logger.error do
               _("Reconnect to server failed: %s\n" \
@@ -568,6 +584,11 @@ module ActiveLdap
             raise ConnectionError, detail.message if force
           end
 
+          unless can_reconnect?(options)
+            raise ConnectionError,
+                  _('Giving up trying to reconnect to LDAP server.')
+          end
+
           # Sleep before looping
           sleep retry_wait
         end
@@ -576,7 +597,10 @@ module ActiveLdap
       end
 
       def reconnect_if_need(options={})
-        reconnect(options) if !connecting? and can_reconnect?(options)
+        return if connecting?
+        with_timeout(false, options) do
+          reconnect(options)
+        end
       end
 
       # Determine if we have exceed the retry limit or not.
@@ -585,7 +609,7 @@ module ActiveLdap
         retry_limit = options[:retry_limit] || @retry_limit
         reconnect_attempts = options[:reconnect_attempts] || 0
 
-        retry_limit < 0 or reconnect_attempts < (retry_limit - 1)
+        retry_limit < 0 or reconnect_attempts <= retry_limit
       end
 
       def root_dse_values(key, options={})

data/lib/active_ldap/adapter/jndi.rb

@@ -29,8 +29,7 @@ module ActiveLdap
       end
 
       def unbind(options={})
-        return unless bound?
-        operation(options) do
+        super do
           execute(:unbind)
         end
       end
@@ -38,13 +37,10 @@ module ActiveLdap
       def bind_as_anonymous(options={})
         super do
           execute(:bind_as_anonymous, :name => "bind: anonymous")
+          true
         end
       end
 
-      def bound?
-        connecting? and @connection.bound?
-      end
-
       def search(options={}, &block)
         super(options) do |base, scope, filter, attrs, limit, callback|
           info = {
@@ -63,26 +59,26 @@ module ActiveLdap
       end
 
       def add(dn, entries, options={})
-        super do |dn, entries|
-          info = {:dn => dn, :attributes => entries}
-          execute(:add, info, dn, parse_entries(entries))
+        super do |_dn, _entries|
+          info = {:dn => _dn, :attributes => _entries}
+          execute(:add, info, _dn, parse_entries(_entries))
         end
       end
 
       def modify(dn, entries, options={})
-        super do |dn, entries|
-          info = {:dn => dn, :attributes => entries}
-          execute(:modify, info, dn, parse_entries(entries))
+        super do |_dn, _entries|
+          info = {:dn => _dn, :attributes => _entries}
+          execute(:modify, info, _dn, parse_entries(_entries))
         end
       end
 
       def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
-        super do |dn, new_rdn, delete_old_rdn, new_superior|
+        super do |_dn, _new_rdn, _delete_old_rdn, _new_superior|
           info = {
-            :name => "modify: RDN", :dn => dn, :new_rdn => new_rdn,
-            :delete_old_rdn => delete_old_rdn,
+            :name => "modify: RDN",
+            :dn => _dn, :new_rdn => _new_rdn, :delete_old_rdn => _delete_old_rdn,
           }
-          execute(:modify_rdn, info, dn, new_rdn, delete_old_rdn)
+          execute(:modify_rdn, info, _dn, _new_rdn, _delete_old_rdn)
         end
       end
 
@@ -112,9 +108,9 @@ module ActiveLdap
 
       def ensure_scope(scope)
         scope_map = {
-          :base => 0,
-          :one => 1,
-          :sub => 2,
+          :base => JndiConnection::Scope::OBJECT,
+          :one => JndiConnection::Scope::ONE_LEVEL,
+          :sub => JndiConnection::Scope::SUBTREE,
         }
         value = scope_map[scope || :sub]
         if value.nil?
@@ -127,23 +123,29 @@ module ActiveLdap
 
       def scope_name(scope)
         {
-          0 => :base,
-          1 => :one,
-          2 => :sub,
+          JndiConnection::Scope::OBJECT => :base,
+          JndiConnection::Scope::ONE_LEVEL => :one,
+          JndiConnection::Scope::SUBTREE => :sub,
         }[scope]
       end
 
       def sasl_bind(bind_dn, options={})
-        super do |bind_dn, mechanism, quiet|
-          info = {:name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism}
-          execute(:sasl_bind, info, bind_dn, mechanism, quiet)
+        super do |_bind_dn, mechanism, quiet|
+          info = {
+            :name => "bind: SASL",
+            :dn => _bind_dn,
+            :mechanism => mechanism
+          }
+          execute(:sasl_bind, info, _bind_dn, mechanism, quiet)
+          true
         end
       end
 
       def simple_bind(bind_dn, options={})
-        super do |bind_dn, passwd|
-          info = {:name => "bind", :dn => bind_dn}
-          execute(:simple_bind, info, bind_dn, passwd)
+        super do |_bind_dn, password|
+          info = {:name => "bind", :dn => _bind_dn}
+          execute(:simple_bind, info, _bind_dn, password)
+          true
         end
       end
 

data/lib/active_ldap/adapter/jndi_connection.rb

@@ -29,6 +29,12 @@ module ActiveLdap
       NamingException = naming.NamingException
       NameNotFoundException = naming.NameNotFoundException
 
+      module Scope
+        OBJECT = SearchControls::OBJECT_SCOPE
+        ONE_LEVEL = SearchControls::ONELEVEL_SCOPE
+        SUBTREE = SearchControls::SUBTREE_SCOPE
+      end
+
       class ModifyRecord
         directory = javax.naming.directory
         DirContext = directory.DirContext

data/lib/active_ldap/adapter/ldap.rb

@@ -61,8 +61,7 @@ module ActiveLdap
       end
 
       def unbind(options={})
-        return unless bound?
-        operation(options) do
+        super do
           execute(:unbind)
         end
       end
@@ -80,10 +79,6 @@ module ActiveLdap
         end
       end
 
-      def bound?
-        connecting? and @connection.bound?
-      end
-
       def search(options={}, &block)
         super(options) do |base, scope, filter, attrs, limit, callback|
           begin
@@ -134,40 +129,40 @@ module ActiveLdap
       end
 
       def add(dn, entries, options={})
-        super do |dn, entries|
+        super do |_dn, _entries|
           controls = options[:controls]
-          attributes = parse_entries(entries)
-          info = {:dn => dn, :attributes => entries}
+          attributes = parse_entries(_entries)
+          info = {:dn => _dn, :attributes => _entries}
           if controls
             info.merge!(:name => :add, :controls => controls)
-            execute(:add_ext, info, dn, attributes, controls, [])
+            execute(:add_ext, info, _dn, attributes, controls, [])
           else
-            execute(:add, info, dn, attributes)
+            execute(:add, info, _dn, attributes)
           end
         end
       end
 
       def modify(dn, entries, options={})
-        super do |dn, entries|
+        super do |_dn, _entries|
           controls = options[:controls]
-          attributes = parse_entries(entries)
-          info = {:dn => dn, :attributes => entries}
+          attributes = parse_entries(_entries)
+          info = {:dn => _dn, :attributes => _entries}
           if controls
             info.merge!(:name => :modify, :controls => controls)
-            execute(:modify_ext, info, dn, attributes, controls, [])
+            execute(:modify_ext, info, _dn, attributes, controls, [])
           else
-            execute(:modify, info, dn, attributes)
+            execute(:modify, info, _dn, attributes)
           end
         end
       end
 
       def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
-        super do |dn, new_rdn, delete_old_rdn, new_superior|
+        super do |_dn, _new_rdn, _delete_old_rdn, _new_superior|
           info = {
             :name => "modify: RDN",
-            :dn => dn, :new_rdn => new_rdn, :delete_old_rdn => delete_old_rdn
+            :dn => _dn, :new_rdn => _new_rdn, :delete_old_rdn => _delete_old_rdn
           }
-          execute(:modrdn, info, dn, new_rdn, delete_old_rdn)
+          execute(:modrdn, info, _dn, _new_rdn, _delete_old_rdn)
         end
       end
 
@@ -189,8 +184,9 @@ module ActiveLdap
       end
 
       def ensure_method(method)
+        normalized_method = method.to_s.downcase
         Method.constants.each do |name|
-          if method.to_s.downcase == name.downcase
+          if normalized_method == name.to_s.downcase
             return Method.const_get(name).new
           end
         end
@@ -226,18 +222,20 @@ module ActiveLdap
       end
 
       def sasl_bind(bind_dn, options={})
-        super do |bind_dn, mechanism, quiet|
+        super do |_bind_dn, mechanism, quiet|
           begin
+            _bind_dn ||= ''
             sasl_quiet = @connection.sasl_quiet
             @connection.sasl_quiet = quiet unless quiet.nil?
-            args = [bind_dn, mechanism]
+            args = [_bind_dn, mechanism]
             if need_credential_sasl_mechanism?(mechanism)
-              args << password(bind_dn, options)
+              args << password(_bind_dn, options)
             end
             info = {
-              :name => "bind: SASL", :dn => bind_dn, :mechanism => mechanism
+              :name => "bind: SASL", :dn => _bind_dn, :mechanism => mechanism
             }
             execute(:sasl_bind, info, *args)
+            true
           ensure
             @connection.sasl_quiet = sasl_quiet
           end
@@ -245,8 +243,9 @@ module ActiveLdap
       end
 
       def simple_bind(bind_dn, options={})
-        super do |bind_dn, passwd|
-          execute(:bind, {:dn => bind_dn}, bind_dn, passwd)
+        super do |_bind_dn, password|
+          execute(:bind, {:dn => _bind_dn}, _bind_dn, password)
+          true
         end
       end