activeldap 5.2.1 → 5.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 952ff57b69e61432c8d7558c5d7174c1b1624887d334af0dce219f81c3c96994
4
- data.tar.gz: ea21da7bf86e6a8f0a71e95177cb8d2edaf6f7900700a2416c2d2c89438531e3
3
+ metadata.gz: 6d6b5227689af0fea86d9e29d3fc76165038dafb71ff7962780647b83f5d973c
4
+ data.tar.gz: 3a645873ff56846dab7e85adc7cc1a99b4e904b72f2e28fb61297e4a5e70add2
5
5
  SHA512:
6
- metadata.gz: 3b52b40daf56db823378e77216af2a6673c35dd8f9d5167d01cbe1a94112aec66bb41af3367992b9f03ca48480d3e58a9a64de3d3380d4ce198937834bf78b4b
7
- data.tar.gz: 4437b9bdb39f9258e50e0b5527e58b82b5241b49223df5c296e046b6841028a05076bbfa6c7033f83eb42234f58106a08e06d0491d8146a934a95c5a72fbe349
6
+ metadata.gz: 2eeacfd5b6f4d6e109299b1a59efd19a154845b11d192611575e95ce7c9585c68b366bf2844cb800474377b0efe83e4a5c9fac6a4b7c366c9222537300d88eb9
7
+ data.tar.gz: 7aaf91753784bd19d10ef86e8b720785c96b0ba8e5b7c072cb0e6f88a31d4f458525dc23d610d7ab679d1389e5db87d1cfc9f189f2cf48d7cb2ebdb1faab3974
@@ -1,5 +1,16 @@
1
1
  h1. News
2
2
 
3
+ h2(#release-5-2-2). 5.2.2: 2018-07-12
4
+
5
+ h3. Improvements
6
+
7
+ * Added @:tls_options@ option.
8
+ [GitHub#156][Patch by David Klotz]
9
+
10
+ h3. Thanks
11
+
12
+ * David Klotz
13
+
3
14
  h2(#release-5-2-1). 5.2.1: 2018-06-13
4
15
 
5
16
  h3. Fixes
@@ -14,6 +14,7 @@ module ActiveLdap
14
14
  :host,
15
15
  :port,
16
16
  :method,
17
+ :tls_options,
17
18
  :timeout,
18
19
  :retry_on_timeout,
19
20
  :retry_limit,
@@ -24,7 +24,7 @@ module ActiveLdap
24
24
  end
25
25
 
26
26
  class SSL < Base
27
- def connect(host, port)
27
+ def connect(host, port, options={})
28
28
  LDAP::SSLConn.new(host, port, false)
29
29
  end
30
30
 
@@ -34,8 +34,35 @@ module ActiveLdap
34
34
  end
35
35
 
36
36
  class TLS < Base
37
- def connect(host, port)
38
- LDAP::SSLConn.new(host, port, true)
37
+ def connect(host, port, options={})
38
+ connection = LDAP::Conn.new(host, port)
39
+ if connection.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION) < 3
40
+ connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
41
+ end
42
+ tls_options = options[:tls_options]
43
+ if tls_options and LDAP.const_defined?(:LDAP_OPT_X_TLS_NEWCTX)
44
+ tls_options.each do |key, value|
45
+ case key
46
+ when :verify_mode
47
+ case value
48
+ when :none, OpenSSL::SSL::SSL_VERIFY_NONE
49
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
50
+ LDAP::LDAP_OPT_X_TLS_NEVER)
51
+ when :peer, OpenSSL::SSL::SSL_VERIFY_PEER
52
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
53
+ LDAP::LDAP_OPT_X_TLS_DEMAND)
54
+ end
55
+ when :verify_hostname
56
+ unless value
57
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
58
+ LDAP::LDAP_OPT_X_TLS_ALLOW)
59
+ end
60
+ end
61
+ end
62
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_NEWCTX, 0)
63
+ end
64
+ connection.start_tls
65
+ connection
39
66
  end
40
67
 
41
68
  def start_tls?
@@ -44,7 +71,7 @@ module ActiveLdap
44
71
  end
45
72
 
46
73
  class Plain < Base
47
- def connect(host, port)
74
+ def connect(host, port, options={})
48
75
  LDAP::Conn.new(host, port)
49
76
  end
50
77
  end
@@ -54,9 +81,13 @@ module ActiveLdap
54
81
  super do |host, port, method|
55
82
  uri = construct_uri(host, port, method.ssl?)
56
83
  with_start_tls = method.start_tls?
57
- info = {:uri => uri, :with_start_tls => with_start_tls}
84
+ info = {
85
+ :uri => uri,
86
+ :with_start_tls => with_start_tls,
87
+ :tls_options => @tls_options,
88
+ }
58
89
  connection = log("connect", info) do
59
- method.connect(host, port)
90
+ method.connect(host, port, :tls_options => @tls_options)
60
91
  end
61
92
  [connection, uri, with_start_tls]
62
93
  end
@@ -26,7 +26,10 @@ module ActiveLdap
26
26
  :host => host,
27
27
  :port => port,
28
28
  }
29
- config[:encryption] = {:method => method} if method
29
+ if method
30
+ config[:encryption] = { :method => method }
31
+ config[:encryption][:tls_options] = @tls_options if @tls_options
32
+ end
30
33
  begin
31
34
  uri = construct_uri(host, port, method == :simple_tls)
32
35
  with_start_tls = method == :start_tls
@@ -27,6 +27,7 @@ module ActiveLdap
27
27
  DEFAULT_CONFIG[:host] = '127.0.0.1'
28
28
  DEFAULT_CONFIG[:port] = nil
29
29
  DEFAULT_CONFIG[:method] = :plain # :ssl, :tls, :plain allowed
30
+ DEFAULT_CONFIG[:tls_options] = nil
30
31
 
31
32
  DEFAULT_CONFIG[:bind_dn] = nil
32
33
  DEFAULT_CONFIG[:password_block] = nil
@@ -1,3 +1,3 @@
1
1
  module ActiveLdap
2
- VERSION = "5.2.1"
2
+ VERSION = "5.2.2"
3
3
  end
@@ -1,5 +1,5 @@
1
- # Your LDAP server need to accept 'phonetic' attribute option for test.
2
- # This is a LDIF file for OpenLDAP to do the confiugration.
1
+ # Your LDAP server needs to accept 'phonetic' attribute option for test.
2
+ # This is a LDIF file for OpenLDAP to do the configuration.
3
3
  # You can use this file by the following command linne on Debian GNU/Linux
4
4
  # or Ubuntu:
5
5
  # % sudo -H ldapmodify -Y EXTERNAL -H ldapi:/// -f test/add-phonetic-attribute-options-to-slapd.ldif
@@ -0,0 +1,27 @@
1
+ # Your LDAP server needs to support StartTLS when you test StartTLS related
2
+ # feature. This is a LDIF file for OpenLDAP to do the configuration.
3
+ # You can use this file by the following command linne on Debian GNU/Linux
4
+ # or Ubuntu:
5
+ #
6
+ # % sudo usermod -a -G ssl-cert openldap
7
+ # % sudo systemctl restart slapd
8
+ # % sudo -H ldapmodify -Y EXTERNAL -H ldapi:/// -f test/enable-start-tls.ldif
9
+ #
10
+ # Adding the openldap user to the ssl-cert group is required to read
11
+ # certification related files.
12
+ version: 1
13
+ dn: cn=config
14
+ delete: olcTLSCACertificateFile
15
+ -
16
+ add: olcTLSCACertificateFile
17
+ olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
18
+ -
19
+ delete: olcTLSCertificateKeyFile
20
+ -
21
+ add: olcTLSCertificateKeyFile
22
+ olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
23
+ -
24
+ delete: olcTLSCertificateFile
25
+ -
26
+ add: olcTLSCertificateFile
27
+ olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activeldap
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.1
4
+ version: 5.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Will Drewry
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-06-13 00:00:00.000000000 Z
12
+ date: 2018-07-12 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activemodel
@@ -294,6 +294,7 @@ files:
294
294
  - test/al-test-utils.rb
295
295
  - test/command.rb
296
296
  - test/config.yaml.sample
297
+ - test/enable-start-tls.ldif
297
298
  - test/fixtures/lower_case_object_class_schema.rb
298
299
  - test/run-test.rb
299
300
  - test/test_acts_as_tree.rb
@@ -368,6 +369,7 @@ test_files:
368
369
  - test/al-test-utils.rb
369
370
  - test/command.rb
370
371
  - test/config.yaml.sample
372
+ - test/enable-start-tls.ldif
371
373
  - test/fixtures/lower_case_object_class_schema.rb
372
374
  - test/run-test.rb
373
375
  - test/test_acts_as_tree.rb