activeldap 4.0.5 → 6.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.yardopts +3 -1
- data/doc/text/development.md +26 -0
- data/doc/text/{news.textile → news.md} +451 -241
- data/doc/text/{rails.textile → rails.md} +44 -33
- data/doc/text/{tutorial.textile → tutorial.md} +177 -185
- data/lib/active_ldap/adapter/base.rb +40 -17
- data/lib/active_ldap/adapter/jndi.rb +21 -9
- data/lib/active_ldap/adapter/jndi_connection.rb +83 -20
- data/lib/active_ldap/adapter/ldap.rb +50 -28
- data/lib/active_ldap/adapter/ldap_ext.rb +32 -13
- data/lib/active_ldap/adapter/net_ldap.rb +26 -24
- data/lib/active_ldap/associations.rb +5 -5
- data/lib/active_ldap/attribute_methods/before_type_cast.rb +1 -1
- data/lib/active_ldap/attribute_methods/dirty.rb +4 -7
- data/lib/active_ldap/attribute_methods/query.rb +1 -1
- data/lib/active_ldap/attribute_methods/read.rb +5 -1
- data/lib/active_ldap/attribute_methods/write.rb +1 -1
- data/lib/active_ldap/attribute_methods.rb +1 -2
- data/lib/active_ldap/base.rb +61 -14
- data/lib/active_ldap/callbacks.rb +7 -8
- data/lib/active_ldap/configuration.rb +27 -3
- data/lib/active_ldap/connection.rb +4 -22
- data/lib/active_ldap/distinguished_name.rb +1 -1
- data/lib/active_ldap/human_readable.rb +5 -4
- data/lib/active_ldap/operations.rb +24 -4
- data/lib/active_ldap/persistence.rb +3 -2
- data/lib/active_ldap/populate.rb +5 -3
- data/lib/active_ldap/railties/controller_runtime.rb +1 -2
- data/lib/active_ldap/schema/syntaxes.rb +8 -4
- data/lib/active_ldap/validations.rb +12 -4
- data/lib/active_ldap/version.rb +1 -1
- data/lib/active_ldap.rb +0 -7
- data/po/en/active-ldap.po +2 -2
- data/po/ja/active-ldap.po +3 -3
- data/test/add-phonetic-attribute-options-to-slapd.ldif +3 -3
- data/test/al-test-utils.rb +125 -38
- data/test/command.rb +13 -16
- data/test/enable-dynamic-groups.ldif +22 -0
- data/test/enable-start-tls.ldif +27 -0
- data/test/run-test.rb +0 -4
- data/test/test_base.rb +223 -22
- data/test/test_base_per_instance.rb +33 -1
- data/test/test_callback.rb +10 -8
- data/test/test_connection.rb +4 -0
- data/test/test_connection_per_class.rb +34 -0
- data/test/test_dn.rb +7 -0
- data/test/test_entry.rb +1 -0
- data/test/test_find.rb +14 -3
- data/test/test_supported_control.rb +1 -1
- data/test/test_syntax.rb +5 -0
- data/test/test_validation.rb +28 -15
- metadata +23 -24
- data/README.textile +0 -141
- data/doc/text/development.textile +0 -54
- data/lib/active_ldap/timeout.rb +0 -75
- data/lib/active_ldap/timeout_stub.rb +0 -17
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'timeout'
|
|
2
|
+
|
|
1
3
|
require 'active_ldap/schema'
|
|
2
4
|
require 'active_ldap/entry_attribute'
|
|
3
5
|
require 'active_ldap/ldap_error'
|
|
@@ -12,6 +14,7 @@ module ActiveLdap
|
|
|
12
14
|
:host,
|
|
13
15
|
:port,
|
|
14
16
|
:method,
|
|
17
|
+
:tls_options,
|
|
15
18
|
:timeout,
|
|
16
19
|
:retry_on_timeout,
|
|
17
20
|
:retry_limit,
|
|
@@ -27,6 +30,8 @@ module ActiveLdap
|
|
|
27
30
|
:scope,
|
|
28
31
|
:sasl_options,
|
|
29
32
|
:follow_referrals,
|
|
33
|
+
:use_paged_results,
|
|
34
|
+
:page_size,
|
|
30
35
|
]
|
|
31
36
|
|
|
32
37
|
@@row_even = true
|
|
@@ -38,6 +43,7 @@ module ActiveLdap
|
|
|
38
43
|
@bind_tried = false
|
|
39
44
|
@entry_attributes = {}
|
|
40
45
|
@follow_referrals = nil
|
|
46
|
+
@page_size = nil
|
|
41
47
|
@configuration = configuration.dup
|
|
42
48
|
@logger = @configuration.delete(:logger)
|
|
43
49
|
@configuration.assert_valid_keys(VALID_ADAPTER_CONFIGURATION_KEYS)
|
|
@@ -45,6 +51,7 @@ module ActiveLdap
|
|
|
45
51
|
instance_variable_set("@#{name}", configuration[name])
|
|
46
52
|
end
|
|
47
53
|
@follow_referrals = true if @follow_referrals.nil?
|
|
54
|
+
@page_size ||= Configuration::DEFAULT_CONFIG[:page_size]
|
|
48
55
|
@instrumenter = ActiveSupport::Notifications.instrumenter
|
|
49
56
|
end
|
|
50
57
|
|
|
@@ -166,23 +173,40 @@ module ActiveLdap
|
|
|
166
173
|
end
|
|
167
174
|
|
|
168
175
|
def search(options={})
|
|
169
|
-
filter = parse_filter(options[:filter]) || 'objectClass=*'
|
|
170
|
-
attrs = options[:attributes] || []
|
|
171
|
-
scope = ensure_scope(options[:scope] || @scope)
|
|
172
176
|
base = options[:base]
|
|
177
|
+
base = ensure_dn_string(base)
|
|
178
|
+
attributes = options[:attributes] || []
|
|
179
|
+
attributes = attributes.to_a # just in case
|
|
173
180
|
limit = options[:limit] || 0
|
|
174
181
|
limit = nil if limit <= 0
|
|
182
|
+
use_paged_results = options[:use_paged_results]
|
|
183
|
+
use_paged_results = @use_paged_results if use_paged_results.nil?
|
|
184
|
+
if use_paged_results
|
|
185
|
+
use_paged_results = limit != 1 && supported_control.paged_results?
|
|
186
|
+
end
|
|
187
|
+
search_options = {
|
|
188
|
+
base: base,
|
|
189
|
+
scope: ensure_scope(options[:scope] || @scope),
|
|
190
|
+
filter: parse_filter(options[:filter]) || 'objectClass=*',
|
|
191
|
+
attributes: attributes,
|
|
192
|
+
limit: limit,
|
|
193
|
+
use_paged_results: use_paged_results,
|
|
194
|
+
page_size: options[:page_size] || @page_size,
|
|
195
|
+
}
|
|
175
196
|
|
|
176
|
-
attrs = attrs.to_a # just in case
|
|
177
|
-
base = ensure_dn_string(base)
|
|
178
197
|
begin
|
|
179
198
|
operation(options) do
|
|
180
|
-
yield(
|
|
199
|
+
yield(search_options)
|
|
181
200
|
end
|
|
182
|
-
rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax
|
|
201
|
+
rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax => error
|
|
183
202
|
# Do nothing on failure
|
|
184
203
|
@logger.info do
|
|
185
|
-
args = [
|
|
204
|
+
args = [
|
|
205
|
+
error.class.class,
|
|
206
|
+
error.message,
|
|
207
|
+
search_options[:filter],
|
|
208
|
+
search_options[:attributes].inspect,
|
|
209
|
+
]
|
|
186
210
|
_("Ignore error %s(%s): filter %s: attributes: %s") % args
|
|
187
211
|
end
|
|
188
212
|
end
|
|
@@ -328,7 +352,7 @@ module ActiveLdap
|
|
|
328
352
|
n_retries = 0
|
|
329
353
|
retry_limit = options[:retry_limit] || @retry_limit
|
|
330
354
|
begin
|
|
331
|
-
|
|
355
|
+
Timeout.timeout(@timeout, &block)
|
|
332
356
|
rescue Timeout::Error => e
|
|
333
357
|
@logger.error {_('Requested action timed out.')}
|
|
334
358
|
if @retry_on_timeout and (retry_limit < 0 or n_retries <= retry_limit)
|
|
@@ -344,10 +368,6 @@ module ActiveLdap
|
|
|
344
368
|
end
|
|
345
369
|
end
|
|
346
370
|
|
|
347
|
-
def do_in_timeout(timeout, &block)
|
|
348
|
-
Timeout.alarm(timeout, &block)
|
|
349
|
-
end
|
|
350
|
-
|
|
351
371
|
def sasl_bind(bind_dn, options={})
|
|
352
372
|
# Get all SASL mechanisms
|
|
353
373
|
mechanisms = operation(options) do
|
|
@@ -601,9 +621,13 @@ module ActiveLdap
|
|
|
601
621
|
raise
|
|
602
622
|
rescue => detail
|
|
603
623
|
@logger.error do
|
|
604
|
-
_("Reconnect to server failed: %s\n" \
|
|
624
|
+
_("Reconnect to server failed: %s: %s\n" \
|
|
605
625
|
"Reconnect to server failed backtrace:\n" \
|
|
606
|
-
"%s") % [
|
|
626
|
+
"%s") % [
|
|
627
|
+
detail.class,
|
|
628
|
+
detail.message,
|
|
629
|
+
detail.backtrace.join("\n"),
|
|
630
|
+
]
|
|
607
631
|
end
|
|
608
632
|
# Do not loop if forced
|
|
609
633
|
raise ConnectionError, detail.message if force
|
|
@@ -659,8 +683,7 @@ module ActiveLdap
|
|
|
659
683
|
:scope => :base,
|
|
660
684
|
:attributes => attrs,
|
|
661
685
|
:limit => 1,
|
|
662
|
-
:try_reconnect => try_reconnect,
|
|
663
|
-
:use_paged_results => false) do |dn, attributes|
|
|
686
|
+
:try_reconnect => try_reconnect) do |dn, attributes|
|
|
664
687
|
found_attributes = attributes
|
|
665
688
|
end
|
|
666
689
|
found_attributes
|
|
@@ -22,9 +22,23 @@ module ActiveLdap
|
|
|
22
22
|
super do |host, port, method|
|
|
23
23
|
uri = construct_uri(host, port, method == :ssl)
|
|
24
24
|
with_start_tls = method == :start_tls
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
25
|
+
follow_referrals = follow_referrals?(options)
|
|
26
|
+
info = {
|
|
27
|
+
:uri => uri,
|
|
28
|
+
:with_start_tls => with_start_tls,
|
|
29
|
+
:follow_referrals => follow_referrals,
|
|
30
|
+
}
|
|
31
|
+
[
|
|
32
|
+
log("connect", info) {
|
|
33
|
+
JndiConnection.new(host,
|
|
34
|
+
port,
|
|
35
|
+
method,
|
|
36
|
+
@timeout,
|
|
37
|
+
follow_referrals)
|
|
38
|
+
},
|
|
39
|
+
uri,
|
|
40
|
+
with_start_tls,
|
|
41
|
+
]
|
|
28
42
|
end
|
|
29
43
|
end
|
|
30
44
|
|
|
@@ -46,12 +60,10 @@ module ActiveLdap
|
|
|
46
60
|
end
|
|
47
61
|
|
|
48
62
|
def search(options={}, &block)
|
|
49
|
-
super(options) do |
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
}
|
|
54
|
-
execute(:search, info, base, scope, filter, attrs, limit, &block)
|
|
63
|
+
super(options) do |search_options|
|
|
64
|
+
scope = search_options[:scope]
|
|
65
|
+
info = search_options.merge(scope: scope_name(scope))
|
|
66
|
+
execute(:search, info, search_options, &block)
|
|
55
67
|
end
|
|
56
68
|
end
|
|
57
69
|
|
|
@@ -25,6 +25,8 @@ module ActiveLdap
|
|
|
25
25
|
Context = naming.Context
|
|
26
26
|
StartTlsRequest = ldap.StartTlsRequest
|
|
27
27
|
Control = ldap.Control
|
|
28
|
+
PagedResultsControl = ldap.PagedResultsControl
|
|
29
|
+
PagedResultsResponseControl = ldap.PagedResultsResponseControl
|
|
28
30
|
|
|
29
31
|
CommunicationException = naming.CommunicationException
|
|
30
32
|
ServiceUnavailableException = naming.ServiceUnavailableException
|
|
@@ -73,13 +75,14 @@ module ActiveLdap
|
|
|
73
75
|
end
|
|
74
76
|
end
|
|
75
77
|
|
|
76
|
-
def initialize(host, port, method, timeout)
|
|
78
|
+
def initialize(host, port, method, timeout, follow_referrals)
|
|
77
79
|
@host = host
|
|
78
80
|
@port = port
|
|
79
81
|
@method = method
|
|
80
82
|
@timeout = timeout
|
|
81
83
|
@context = nil
|
|
82
84
|
@tls = nil
|
|
85
|
+
@follow_referrals = follow_referrals
|
|
83
86
|
end
|
|
84
87
|
|
|
85
88
|
def unbind
|
|
@@ -108,23 +111,55 @@ module ActiveLdap
|
|
|
108
111
|
bound?
|
|
109
112
|
end
|
|
110
113
|
|
|
111
|
-
def search(
|
|
114
|
+
def search(options)
|
|
115
|
+
base = options[:base]
|
|
116
|
+
scope = options[:scope]
|
|
117
|
+
filter = options[:filter]
|
|
118
|
+
attributes = options[:attributes]
|
|
119
|
+
limit = options[:limit]
|
|
120
|
+
use_paged_results = options[:use_paged_results]
|
|
121
|
+
page_size = options[:page_size]
|
|
122
|
+
|
|
112
123
|
controls = SearchControls.new
|
|
113
124
|
controls.search_scope = scope
|
|
114
125
|
|
|
115
126
|
controls.count_limit = limit if limit
|
|
116
|
-
unless
|
|
117
|
-
controls.returning_attributes =
|
|
127
|
+
unless attributes.blank?
|
|
128
|
+
controls.returning_attributes = attributes.to_java(:string)
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
page_cookie = nil
|
|
132
|
+
if use_paged_results
|
|
133
|
+
# https://devdocs.io/openjdk~8/javax/naming/ldap/pagedresultscontrol
|
|
134
|
+
@context.set_request_controls([build_paged_results_control(page_size)])
|
|
135
|
+
else
|
|
136
|
+
@context.set_request_controls([])
|
|
118
137
|
end
|
|
119
138
|
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
end
|
|
139
|
+
escaped_base = escape_dn(base)
|
|
140
|
+
|
|
141
|
+
loop do
|
|
142
|
+
@context.search(escaped_base, filter, controls).each do |search_result|
|
|
143
|
+
yield(build_raw_search_result(search_result))
|
|
126
144
|
end
|
|
127
|
-
|
|
145
|
+
|
|
146
|
+
break unless use_paged_results
|
|
147
|
+
|
|
148
|
+
# Find the paged search cookie
|
|
149
|
+
response_controls = @context.get_response_controls
|
|
150
|
+
break unless response_controls
|
|
151
|
+
response_controls.each do |response_control|
|
|
152
|
+
next unless response_control.is_a?(PagedResultsResponseControl)
|
|
153
|
+
page_cookie = response_control.get_cookie
|
|
154
|
+
break
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
break unless page_cookie
|
|
158
|
+
|
|
159
|
+
# Set paged results control so we can keep getting results.
|
|
160
|
+
paged_results_control =
|
|
161
|
+
build_paged_results_control(page_size, page_cookie)
|
|
162
|
+
@context.set_request_controls([paged_results_control])
|
|
128
163
|
end
|
|
129
164
|
end
|
|
130
165
|
|
|
@@ -133,25 +168,32 @@ module ActiveLdap
|
|
|
133
168
|
records.each do |record|
|
|
134
169
|
attributes.put(record.to_java_attribute)
|
|
135
170
|
end
|
|
136
|
-
@context.
|
|
171
|
+
@context.set_request_controls([])
|
|
172
|
+
@context.create_subcontext(escape_dn(dn), attributes)
|
|
137
173
|
end
|
|
138
174
|
|
|
139
175
|
def modify(dn, records)
|
|
140
176
|
items = records.collect(&:to_java_modification_item)
|
|
141
|
-
@context.
|
|
177
|
+
@context.set_request_controls([])
|
|
178
|
+
@context.modify_attributes(escape_dn(dn), items.to_java(ModificationItem))
|
|
142
179
|
end
|
|
143
180
|
|
|
144
181
|
def modify_rdn(dn, new_rdn, delete_old_rdn)
|
|
145
182
|
# should use mutex
|
|
146
183
|
delete_rdn_key = "java.naming.ldap.deleteRDN"
|
|
147
|
-
@context.
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
184
|
+
@context.set_request_controls([])
|
|
185
|
+
begin
|
|
186
|
+
@context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
|
|
187
|
+
@context.rename(escape_dn(dn), escape_dn(new_rdn))
|
|
188
|
+
ensure
|
|
189
|
+
@context.remove_from_environment(delete_rdn_key)
|
|
190
|
+
end
|
|
151
191
|
end
|
|
152
192
|
|
|
153
193
|
def delete(dn)
|
|
154
|
-
|
|
194
|
+
escaped_dn = escape_dn(dn)
|
|
195
|
+
@context.set_request_controls([])
|
|
196
|
+
@context.destroy_subcontext(escaped_dn)
|
|
155
197
|
end
|
|
156
198
|
|
|
157
199
|
private
|
|
@@ -162,9 +204,10 @@ module ActiveLdap
|
|
|
162
204
|
Context::PROVIDER_URL => ldap_uri,
|
|
163
205
|
'com.sun.jndi.ldap.connect.timeout' => (@timeout * 1000).to_i.to_s,
|
|
164
206
|
'com.sun.jndi.ldap.read.timeout' => (@timeout * 1000).to_i.to_s,
|
|
207
|
+
'java.naming.ldap.derefAliases' => 'never',
|
|
208
|
+
'java.naming.referral' => @follow_referrals ? 'follow' : 'ignore',
|
|
165
209
|
}
|
|
166
|
-
|
|
167
|
-
context = InitialLdapContext.new(environment, nil)
|
|
210
|
+
context = InitialLdapContext.new(HashTable.new(environment), nil)
|
|
168
211
|
if @method == :start_tls
|
|
169
212
|
@tls = context.extended_operation(StartTlsRequest.new)
|
|
170
213
|
@tls.negotiate
|
|
@@ -185,6 +228,26 @@ module ActiveLdap
|
|
|
185
228
|
protocol = @method == :ssl ? "ldaps" : "ldap"
|
|
186
229
|
"#{protocol}://#{@host}:#{@port}/"
|
|
187
230
|
end
|
|
231
|
+
|
|
232
|
+
def escape_dn(dn)
|
|
233
|
+
javax.naming.ldap.LdapName.new(dn)
|
|
234
|
+
rescue Java::JavaLang::IllegalArgumentException, Java::JavaxNaming::InvalidNameException
|
|
235
|
+
dn
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
def build_paged_results_control(page_size, page_cookie=nil)
|
|
239
|
+
PagedResultsControl.new(page_size, page_cookie, Control::CRITICAL)
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
def build_raw_search_result(search_result)
|
|
243
|
+
attributes = {}
|
|
244
|
+
search_result.attributes.get_all.each do |attribute|
|
|
245
|
+
attributes[attribute.get_id] = attribute.get_all.collect do |value|
|
|
246
|
+
value.is_a?(String) ? value : String.from_java_bytes(value)
|
|
247
|
+
end
|
|
248
|
+
end
|
|
249
|
+
[search_result.name_in_namespace, attributes]
|
|
250
|
+
end
|
|
188
251
|
end
|
|
189
252
|
end
|
|
190
253
|
end
|
|
@@ -24,7 +24,7 @@ module ActiveLdap
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
class SSL < Base
|
|
27
|
-
def connect(host, port)
|
|
27
|
+
def connect(host, port, options={})
|
|
28
28
|
LDAP::SSLConn.new(host, port, false)
|
|
29
29
|
end
|
|
30
30
|
|
|
@@ -34,8 +34,35 @@ module ActiveLdap
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
class TLS < Base
|
|
37
|
-
def connect(host, port)
|
|
38
|
-
LDAP::
|
|
37
|
+
def connect(host, port, options={})
|
|
38
|
+
connection = LDAP::Conn.new(host, port)
|
|
39
|
+
if connection.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION) < 3
|
|
40
|
+
connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
|
|
41
|
+
end
|
|
42
|
+
tls_options = options[:tls_options]
|
|
43
|
+
if tls_options and LDAP.const_defined?(:LDAP_OPT_X_TLS_NEWCTX)
|
|
44
|
+
tls_options.each do |key, value|
|
|
45
|
+
case key
|
|
46
|
+
when :verify_mode
|
|
47
|
+
case value
|
|
48
|
+
when :none, OpenSSL::SSL::SSL_VERIFY_NONE
|
|
49
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
|
|
50
|
+
LDAP::LDAP_OPT_X_TLS_NEVER)
|
|
51
|
+
when :peer, OpenSSL::SSL::SSL_VERIFY_PEER
|
|
52
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
|
|
53
|
+
LDAP::LDAP_OPT_X_TLS_DEMAND)
|
|
54
|
+
end
|
|
55
|
+
when :verify_hostname
|
|
56
|
+
unless value
|
|
57
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
|
|
58
|
+
LDAP::LDAP_OPT_X_TLS_ALLOW)
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_NEWCTX, 0)
|
|
63
|
+
end
|
|
64
|
+
connection.start_tls
|
|
65
|
+
connection
|
|
39
66
|
end
|
|
40
67
|
|
|
41
68
|
def start_tls?
|
|
@@ -44,7 +71,7 @@ module ActiveLdap
|
|
|
44
71
|
end
|
|
45
72
|
|
|
46
73
|
class Plain < Base
|
|
47
|
-
def connect(host, port)
|
|
74
|
+
def connect(host, port, options={})
|
|
48
75
|
LDAP::Conn.new(host, port)
|
|
49
76
|
end
|
|
50
77
|
end
|
|
@@ -54,9 +81,13 @@ module ActiveLdap
|
|
|
54
81
|
super do |host, port, method|
|
|
55
82
|
uri = construct_uri(host, port, method.ssl?)
|
|
56
83
|
with_start_tls = method.start_tls?
|
|
57
|
-
info = {
|
|
84
|
+
info = {
|
|
85
|
+
:uri => uri,
|
|
86
|
+
:with_start_tls => with_start_tls,
|
|
87
|
+
:tls_options => @tls_options,
|
|
88
|
+
}
|
|
58
89
|
connection = log("connect", info) do
|
|
59
|
-
method.connect(host, port)
|
|
90
|
+
method.connect(host, port, :tls_options => @tls_options)
|
|
60
91
|
end
|
|
61
92
|
[connection, uri, with_start_tls]
|
|
62
93
|
end
|
|
@@ -82,25 +113,11 @@ module ActiveLdap
|
|
|
82
113
|
end
|
|
83
114
|
|
|
84
115
|
def search(options={})
|
|
85
|
-
super(options) do |
|
|
116
|
+
super(options) do |search_options|
|
|
86
117
|
begin
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
end
|
|
91
|
-
info = {
|
|
92
|
-
:base => base, :scope => scope_name(scope),
|
|
93
|
-
:filter => filter, :attributes => attrs, :limit => limit,
|
|
94
|
-
}
|
|
95
|
-
options = {
|
|
96
|
-
:base => base,
|
|
97
|
-
:scope => scope,
|
|
98
|
-
:filter => filter,
|
|
99
|
-
:attributes => attrs,
|
|
100
|
-
:limit => limit,
|
|
101
|
-
:use_paged_results => use_paged_results
|
|
102
|
-
}
|
|
103
|
-
execute(:search_full, info, options) do |entry|
|
|
118
|
+
scope = search_options[:scope]
|
|
119
|
+
info = search_options.merge(scope: scope_name(scope))
|
|
120
|
+
execute(:search_full, info, search_options) do |entry|
|
|
104
121
|
attributes = {}
|
|
105
122
|
entry.attrs.each do |attr|
|
|
106
123
|
value = entry.vals(attr)
|
|
@@ -111,7 +128,10 @@ module ActiveLdap
|
|
|
111
128
|
rescue RuntimeError
|
|
112
129
|
if $!.message == "no result returned by search"
|
|
113
130
|
@logger.debug do
|
|
114
|
-
args = [
|
|
131
|
+
args = [
|
|
132
|
+
search_options[:filter],
|
|
133
|
+
search_options[:attributes].inspect,
|
|
134
|
+
]
|
|
115
135
|
_("No matches: filter: %s: attributes: %s") % args
|
|
116
136
|
end
|
|
117
137
|
else
|
|
@@ -189,15 +209,17 @@ module ActiveLdap
|
|
|
189
209
|
def prepare_connection(options={})
|
|
190
210
|
operation(options) do
|
|
191
211
|
@connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
212
|
+
@ldap_follow_referrals = follow_referrals?(options) ? 1 : 0
|
|
213
|
+
@connection.set_option(LDAP::LDAP_OPT_REFERRALS,
|
|
214
|
+
@ldap_follow_referrals)
|
|
195
215
|
end
|
|
196
216
|
end
|
|
197
217
|
|
|
198
218
|
def execute(method, info=nil, *args, &block)
|
|
199
219
|
begin
|
|
200
220
|
name = (info || {}).delete(:name) || method
|
|
221
|
+
@connection.set_option(LDAP::LDAP_OPT_REFERRALS,
|
|
222
|
+
@ldap_follow_referrals)
|
|
201
223
|
log(name, info) {@connection.send(method, *args, &block)}
|
|
202
224
|
rescue LDAP::ResultError
|
|
203
225
|
@connection.assert_error_code
|
|
@@ -65,12 +65,28 @@ module LDAP
|
|
|
65
65
|
attributes = options[:attributes]
|
|
66
66
|
limit = options[:limit] || 0
|
|
67
67
|
use_paged_results = options[:use_paged_results]
|
|
68
|
+
page_size = options[:page_size]
|
|
68
69
|
if @@have_search_ext
|
|
69
70
|
if use_paged_results
|
|
70
|
-
paged_search(base,
|
|
71
|
+
paged_search(base,
|
|
72
|
+
scope,
|
|
73
|
+
filter,
|
|
74
|
+
attributes,
|
|
75
|
+
limit,
|
|
76
|
+
page_size,
|
|
77
|
+
&block)
|
|
71
78
|
else
|
|
72
|
-
search_ext(base,
|
|
73
|
-
|
|
79
|
+
search_ext(base,
|
|
80
|
+
scope,
|
|
81
|
+
filter,
|
|
82
|
+
attributes,
|
|
83
|
+
false,
|
|
84
|
+
nil,
|
|
85
|
+
nil,
|
|
86
|
+
0,
|
|
87
|
+
0,
|
|
88
|
+
limit,
|
|
89
|
+
&block)
|
|
74
90
|
end
|
|
75
91
|
else
|
|
76
92
|
i = 0
|
|
@@ -120,27 +136,30 @@ module LDAP
|
|
|
120
136
|
end
|
|
121
137
|
end
|
|
122
138
|
|
|
123
|
-
def paged_search(base, scope, filter, attributes, limit, &block)
|
|
124
|
-
# work around a bug with openldap
|
|
125
|
-
page_size = 126
|
|
139
|
+
def paged_search(base, scope, filter, attributes, limit, page_size, &block)
|
|
126
140
|
cookie = ""
|
|
127
141
|
critical = true
|
|
128
|
-
|
|
129
142
|
loop do
|
|
130
143
|
ber_string = LDAP::Control.encode(page_size, cookie)
|
|
131
144
|
control = LDAP::Control.new(LDAP::LDAP_CONTROL_PAGEDRESULTS,
|
|
132
145
|
ber_string,
|
|
133
146
|
critical)
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
147
|
+
search_ext(base,
|
|
148
|
+
scope,
|
|
149
|
+
filter,
|
|
150
|
+
attributes,
|
|
151
|
+
false,
|
|
152
|
+
[control],
|
|
153
|
+
nil,
|
|
154
|
+
0,
|
|
155
|
+
0,
|
|
156
|
+
limit,
|
|
157
|
+
&block)
|
|
137
158
|
|
|
138
159
|
control = find_paged_results_control(@controls)
|
|
139
160
|
break if control.nil?
|
|
140
|
-
returned_size, cookie = control.decode
|
|
141
|
-
returned_size = returned_size.to_i
|
|
142
|
-
page_size = returned_size if returned_size > 0
|
|
143
161
|
|
|
162
|
+
_estimated_result_set_size, cookie = control.decode
|
|
144
163
|
break if cookie.empty?
|
|
145
164
|
end
|
|
146
165
|
end
|
|
@@ -26,15 +26,21 @@ module ActiveLdap
|
|
|
26
26
|
:host => host,
|
|
27
27
|
:port => port,
|
|
28
28
|
}
|
|
29
|
-
|
|
29
|
+
if method
|
|
30
|
+
config[:encryption] = { :method => method }
|
|
31
|
+
config[:encryption][:tls_options] = @tls_options if @tls_options
|
|
32
|
+
end
|
|
30
33
|
begin
|
|
31
34
|
uri = construct_uri(host, port, method == :simple_tls)
|
|
32
35
|
with_start_tls = method == :start_tls
|
|
33
36
|
info = {:uri => uri, :with_start_tls => with_start_tls}
|
|
34
37
|
[log("connect", info) {Net::LDAP::Connection.new(config)},
|
|
35
38
|
uri, with_start_tls]
|
|
36
|
-
rescue Net::LDAP::
|
|
37
|
-
raise ConnectionError,
|
|
39
|
+
rescue Net::LDAP::ConnectionError => error
|
|
40
|
+
raise ConnectionError, error.message
|
|
41
|
+
rescue Net::LDAP::Error => error
|
|
42
|
+
message = "#{error.class}: #{error.message}"
|
|
43
|
+
raise ConnectionError, message, caller(0) + error.backtrace
|
|
38
44
|
end
|
|
39
45
|
end
|
|
40
46
|
end
|
|
@@ -50,7 +56,7 @@ module ActiveLdap
|
|
|
50
56
|
def bind(options={})
|
|
51
57
|
begin
|
|
52
58
|
super
|
|
53
|
-
rescue Net::LDAP::
|
|
59
|
+
rescue Net::LDAP::Error
|
|
54
60
|
raise AuthenticationError, $!.message
|
|
55
61
|
end
|
|
56
62
|
end
|
|
@@ -63,25 +69,16 @@ module ActiveLdap
|
|
|
63
69
|
end
|
|
64
70
|
|
|
65
71
|
def search(options={})
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
else
|
|
70
|
-
paged_results_supported = false
|
|
71
|
-
end
|
|
72
|
-
super(options) do |base, scope, filter, attrs, limit|
|
|
72
|
+
super(options) do |search_options|
|
|
73
|
+
scope = search_options[:scope]
|
|
74
|
+
info = search_options.merge(scope: scope_name(scope))
|
|
73
75
|
args = {
|
|
74
|
-
:
|
|
75
|
-
:
|
|
76
|
-
:
|
|
77
|
-
:attributes
|
|
78
|
-
:
|
|
79
|
-
:
|
|
80
|
-
}
|
|
81
|
-
info = {
|
|
82
|
-
:base => base, :scope => scope_name(scope),
|
|
83
|
-
:filter => filter, :attributes => attrs, :limit => limit,
|
|
84
|
-
:paged_results_supported => paged_results_supported,
|
|
76
|
+
base: search_options[:base],
|
|
77
|
+
scope: scope,
|
|
78
|
+
filter: search_options[:filter],
|
|
79
|
+
attributes: search_options[:attributes],
|
|
80
|
+
size: search_options[:limit],
|
|
81
|
+
paged_searcheds_supported: search_options[:paged_results_supported],
|
|
85
82
|
}
|
|
86
83
|
execute(:search, info, args) do |entry|
|
|
87
84
|
attributes = {}
|
|
@@ -148,8 +145,13 @@ module ActiveLdap
|
|
|
148
145
|
result = log(name, info) do
|
|
149
146
|
begin
|
|
150
147
|
@connection.send(method, *args, &block)
|
|
151
|
-
rescue
|
|
152
|
-
|
|
148
|
+
rescue SystemCallError => error
|
|
149
|
+
message = "#{error.class}: #{error.message}"
|
|
150
|
+
raise ConnectionError, message, caller(0) + error.backtrace
|
|
151
|
+
rescue Net::LDAP::ResponseMissingOrInvalidError => error
|
|
152
|
+
message = "#{error.class}: #{error.message}"
|
|
153
|
+
message << ": connection may be timed out"
|
|
154
|
+
raise ConnectionError, message, caller(0) + error.backtrace
|
|
153
155
|
end
|
|
154
156
|
end
|
|
155
157
|
message = nil
|
|
@@ -75,15 +75,15 @@ module ActiveLdap
|
|
|
75
75
|
association_class = Association::BelongsTo
|
|
76
76
|
opts[:foreign_key_name] ||= "#{association_id}_id"
|
|
77
77
|
|
|
78
|
-
before_save
|
|
79
|
-
if
|
|
80
|
-
association = @#{association_id}
|
|
78
|
+
before_save do
|
|
79
|
+
if instance_variable_defined?(:"@#{association_id}")
|
|
80
|
+
association = instance_variable_get(:"@#{association_id}")
|
|
81
81
|
if association and association.updated?
|
|
82
82
|
self[association.__send__(:primary_key)] =
|
|
83
|
-
association[
|
|
83
|
+
association[opts[:foreign_key_name]]
|
|
84
84
|
end
|
|
85
85
|
end
|
|
86
|
-
|
|
86
|
+
end
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
association_accessor(association_id) do |target|
|