activeldap 5.2.1 → 5.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/doc/text/news.textile +11 -0
- data/lib/active_ldap/adapter/base.rb +1 -0
- data/lib/active_ldap/adapter/ldap.rb +37 -6
- data/lib/active_ldap/adapter/net_ldap.rb +4 -1
- data/lib/active_ldap/configuration.rb +1 -0
- data/lib/active_ldap/version.rb +1 -1
- data/test/add-phonetic-attribute-options-to-slapd.ldif +2 -2
- data/test/enable-start-tls.ldif +27 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6d6b5227689af0fea86d9e29d3fc76165038dafb71ff7962780647b83f5d973c
|
|
4
|
+
data.tar.gz: 3a645873ff56846dab7e85adc7cc1a99b4e904b72f2e28fb61297e4a5e70add2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2eeacfd5b6f4d6e109299b1a59efd19a154845b11d192611575e95ce7c9585c68b366bf2844cb800474377b0efe83e4a5c9fac6a4b7c366c9222537300d88eb9
|
|
7
|
+
data.tar.gz: 7aaf91753784bd19d10ef86e8b720785c96b0ba8e5b7c072cb0e6f88a31d4f458525dc23d610d7ab679d1389e5db87d1cfc9f189f2cf48d7cb2ebdb1faab3974
|
data/doc/text/news.textile
CHANGED
|
@@ -24,7 +24,7 @@ module ActiveLdap
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
class SSL < Base
|
|
27
|
-
def connect(host, port)
|
|
27
|
+
def connect(host, port, options={})
|
|
28
28
|
LDAP::SSLConn.new(host, port, false)
|
|
29
29
|
end
|
|
30
30
|
|
|
@@ -34,8 +34,35 @@ module ActiveLdap
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
class TLS < Base
|
|
37
|
-
def connect(host, port)
|
|
38
|
-
LDAP::
|
|
37
|
+
def connect(host, port, options={})
|
|
38
|
+
connection = LDAP::Conn.new(host, port)
|
|
39
|
+
if connection.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION) < 3
|
|
40
|
+
connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
|
|
41
|
+
end
|
|
42
|
+
tls_options = options[:tls_options]
|
|
43
|
+
if tls_options and LDAP.const_defined?(:LDAP_OPT_X_TLS_NEWCTX)
|
|
44
|
+
tls_options.each do |key, value|
|
|
45
|
+
case key
|
|
46
|
+
when :verify_mode
|
|
47
|
+
case value
|
|
48
|
+
when :none, OpenSSL::SSL::SSL_VERIFY_NONE
|
|
49
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
|
|
50
|
+
LDAP::LDAP_OPT_X_TLS_NEVER)
|
|
51
|
+
when :peer, OpenSSL::SSL::SSL_VERIFY_PEER
|
|
52
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
|
|
53
|
+
LDAP::LDAP_OPT_X_TLS_DEMAND)
|
|
54
|
+
end
|
|
55
|
+
when :verify_hostname
|
|
56
|
+
unless value
|
|
57
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
|
|
58
|
+
LDAP::LDAP_OPT_X_TLS_ALLOW)
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
connection.set_option(LDAP::LDAP_OPT_X_TLS_NEWCTX, 0)
|
|
63
|
+
end
|
|
64
|
+
connection.start_tls
|
|
65
|
+
connection
|
|
39
66
|
end
|
|
40
67
|
|
|
41
68
|
def start_tls?
|
|
@@ -44,7 +71,7 @@ module ActiveLdap
|
|
|
44
71
|
end
|
|
45
72
|
|
|
46
73
|
class Plain < Base
|
|
47
|
-
def connect(host, port)
|
|
74
|
+
def connect(host, port, options={})
|
|
48
75
|
LDAP::Conn.new(host, port)
|
|
49
76
|
end
|
|
50
77
|
end
|
|
@@ -54,9 +81,13 @@ module ActiveLdap
|
|
|
54
81
|
super do |host, port, method|
|
|
55
82
|
uri = construct_uri(host, port, method.ssl?)
|
|
56
83
|
with_start_tls = method.start_tls?
|
|
57
|
-
info = {
|
|
84
|
+
info = {
|
|
85
|
+
:uri => uri,
|
|
86
|
+
:with_start_tls => with_start_tls,
|
|
87
|
+
:tls_options => @tls_options,
|
|
88
|
+
}
|
|
58
89
|
connection = log("connect", info) do
|
|
59
|
-
method.connect(host, port)
|
|
90
|
+
method.connect(host, port, :tls_options => @tls_options)
|
|
60
91
|
end
|
|
61
92
|
[connection, uri, with_start_tls]
|
|
62
93
|
end
|
|
@@ -26,7 +26,10 @@ module ActiveLdap
|
|
|
26
26
|
:host => host,
|
|
27
27
|
:port => port,
|
|
28
28
|
}
|
|
29
|
-
|
|
29
|
+
if method
|
|
30
|
+
config[:encryption] = { :method => method }
|
|
31
|
+
config[:encryption][:tls_options] = @tls_options if @tls_options
|
|
32
|
+
end
|
|
30
33
|
begin
|
|
31
34
|
uri = construct_uri(host, port, method == :simple_tls)
|
|
32
35
|
with_start_tls = method == :start_tls
|
|
@@ -27,6 +27,7 @@ module ActiveLdap
|
|
|
27
27
|
DEFAULT_CONFIG[:host] = '127.0.0.1'
|
|
28
28
|
DEFAULT_CONFIG[:port] = nil
|
|
29
29
|
DEFAULT_CONFIG[:method] = :plain # :ssl, :tls, :plain allowed
|
|
30
|
+
DEFAULT_CONFIG[:tls_options] = nil
|
|
30
31
|
|
|
31
32
|
DEFAULT_CONFIG[:bind_dn] = nil
|
|
32
33
|
DEFAULT_CONFIG[:password_block] = nil
|
data/lib/active_ldap/version.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Your LDAP server
|
|
2
|
-
# This is a LDIF file for OpenLDAP to do the
|
|
1
|
+
# Your LDAP server needs to accept 'phonetic' attribute option for test.
|
|
2
|
+
# This is a LDIF file for OpenLDAP to do the configuration.
|
|
3
3
|
# You can use this file by the following command linne on Debian GNU/Linux
|
|
4
4
|
# or Ubuntu:
|
|
5
5
|
# % sudo -H ldapmodify -Y EXTERNAL -H ldapi:/// -f test/add-phonetic-attribute-options-to-slapd.ldif
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# Your LDAP server needs to support StartTLS when you test StartTLS related
|
|
2
|
+
# feature. This is a LDIF file for OpenLDAP to do the configuration.
|
|
3
|
+
# You can use this file by the following command linne on Debian GNU/Linux
|
|
4
|
+
# or Ubuntu:
|
|
5
|
+
#
|
|
6
|
+
# % sudo usermod -a -G ssl-cert openldap
|
|
7
|
+
# % sudo systemctl restart slapd
|
|
8
|
+
# % sudo -H ldapmodify -Y EXTERNAL -H ldapi:/// -f test/enable-start-tls.ldif
|
|
9
|
+
#
|
|
10
|
+
# Adding the openldap user to the ssl-cert group is required to read
|
|
11
|
+
# certification related files.
|
|
12
|
+
version: 1
|
|
13
|
+
dn: cn=config
|
|
14
|
+
delete: olcTLSCACertificateFile
|
|
15
|
+
-
|
|
16
|
+
add: olcTLSCACertificateFile
|
|
17
|
+
olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
|
|
18
|
+
-
|
|
19
|
+
delete: olcTLSCertificateKeyFile
|
|
20
|
+
-
|
|
21
|
+
add: olcTLSCertificateKeyFile
|
|
22
|
+
olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
|
|
23
|
+
-
|
|
24
|
+
delete: olcTLSCertificateFile
|
|
25
|
+
-
|
|
26
|
+
add: olcTLSCertificateFile
|
|
27
|
+
olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activeldap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.2.
|
|
4
|
+
version: 5.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Will Drewry
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-
|
|
12
|
+
date: 2018-07-12 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activemodel
|
|
@@ -294,6 +294,7 @@ files:
|
|
|
294
294
|
- test/al-test-utils.rb
|
|
295
295
|
- test/command.rb
|
|
296
296
|
- test/config.yaml.sample
|
|
297
|
+
- test/enable-start-tls.ldif
|
|
297
298
|
- test/fixtures/lower_case_object_class_schema.rb
|
|
298
299
|
- test/run-test.rb
|
|
299
300
|
- test/test_acts_as_tree.rb
|
|
@@ -368,6 +369,7 @@ test_files:
|
|
|
368
369
|
- test/al-test-utils.rb
|
|
369
370
|
- test/command.rb
|
|
370
371
|
- test/config.yaml.sample
|
|
372
|
+
- test/enable-start-tls.ldif
|
|
371
373
|
- test/fixtures/lower_case_object_class_schema.rb
|
|
372
374
|
- test/run-test.rb
|
|
373
375
|
- test/test_acts_as_tree.rb
|