activeldap 5.2.3 → 6.0.3

data/lib/active_ldap.rb

@@ -1,4 +1,3 @@
-require "rubygems"
 require "active_model"
 require "active_support/core_ext"
 

data/lib/active_ldap/adapter/base.rb

@@ -30,6 +30,8 @@ module ActiveLdap
         :scope,
         :sasl_options,
         :follow_referrals,
+        :use_paged_results,
+        :page_size,
       ]
 
       @@row_even = true
@@ -41,6 +43,7 @@ module ActiveLdap
         @bind_tried = false
         @entry_attributes = {}
         @follow_referrals = nil
+        @page_size = nil
         @configuration = configuration.dup
         @logger = @configuration.delete(:logger)
         @configuration.assert_valid_keys(VALID_ADAPTER_CONFIGURATION_KEYS)
@@ -48,6 +51,7 @@ module ActiveLdap
           instance_variable_set("@#{name}", configuration[name])
         end
         @follow_referrals = true if @follow_referrals.nil?
+        @page_size ||= Configuration::DEFAULT_CONFIG[:page_size]
         @instrumenter = ActiveSupport::Notifications.instrumenter
       end
 
@@ -169,23 +173,39 @@ module ActiveLdap
       end
 
       def search(options={})
-        filter = parse_filter(options[:filter]) || 'objectClass=*'
-        attrs = options[:attributes] || []
-        scope = ensure_scope(options[:scope] || @scope)
         base = options[:base]
+        base = ensure_dn_string(base)
+        attributes = options[:attributes] || []
+        attributes = attributes.to_a # just in case
         limit = options[:limit] || 0
         limit = nil if limit <= 0
+        use_paged_results = options[:use_paged_results]
+        if use_paged_results or use_paged_results.nil?
+          use_paged_results = limit != 1 && supported_control.paged_results?
+        end
+        search_options = {
+          base: base,
+          scope: ensure_scope(options[:scope] || @scope),
+          filter: parse_filter(options[:filter]) || 'objectClass=*',
+          attributes: attributes,
+          limit: limit,
+          use_paged_results: use_paged_results,
+          page_size: options[:page_size] || @page_size,
+        }
 
-        attrs = attrs.to_a # just in case
-        base = ensure_dn_string(base)
         begin
           operation(options) do
-            yield(base, scope, filter, attrs, limit)
+            yield(search_options)
           end
-        rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax
+        rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax => error
           # Do nothing on failure
           @logger.info do
-            args = [$!.class, $!.message, filter, attrs.inspect]
+            args = [
+              error.class.class,
+              error.message,
+              search_options[:filter],
+              search_options[:attributes].inspect,
+            ]
             _("Ignore error %s(%s): filter %s: attributes: %s") % args
           end
         end
@@ -662,8 +682,7 @@ module ActiveLdap
                :scope => :base,
                :attributes => attrs,
                :limit => 1,
-               :try_reconnect => try_reconnect,
-               :use_paged_results => false) do |dn, attributes|
+               :try_reconnect => try_reconnect) do |dn, attributes|
           found_attributes = attributes
         end
         found_attributes

data/lib/active_ldap/adapter/jndi.rb

@@ -22,9 +22,23 @@ module ActiveLdap
         super do |host, port, method|
           uri = construct_uri(host, port, method == :ssl)
           with_start_tls = method == :start_tls
-          info = {:uri => uri, :with_start_tls => with_start_tls}
-          [log("connect", info) {JndiConnection.new(host, port, method, @timeout)},
-           uri, with_start_tls]
+          follow_referrals = follow_referrals?(options)
+          info = {
+            :uri => uri,
+            :with_start_tls => with_start_tls,
+            :follow_referrals => follow_referrals,
+          }
+          [
+            log("connect", info) {
+              JndiConnection.new(host,
+                                 port,
+                                 method,
+                                 @timeout,
+                                 follow_referrals)
+            },
+            uri,
+            with_start_tls,
+          ]
         end
       end
 
@@ -46,12 +60,10 @@ module ActiveLdap
       end
 
       def search(options={}, &block)
-        super(options) do |base, scope, filter, attrs, limit|
-          info = {
-            :base => base, :scope => scope_name(scope), :filter => filter,
-            :attributes => attrs, :limit => limit,
-          }
-          execute(:search, info, base, scope, filter, attrs, limit, &block)
+        super(options) do |search_options|
+          scope = search_options[:scope]
+          info = search_options.merge(scope: scope_name(scope))
+          execute(:search, info, search_options, &block)
         end
       end
 

data/lib/active_ldap/adapter/jndi_connection.rb

@@ -25,6 +25,8 @@ module ActiveLdap
       Context = naming.Context
       StartTlsRequest = ldap.StartTlsRequest
       Control = ldap.Control
+      PagedResultsControl = ldap.PagedResultsControl
+      PagedResultsResponseControl = ldap.PagedResultsResponseControl
 
       CommunicationException = naming.CommunicationException
       ServiceUnavailableException = naming.ServiceUnavailableException
@@ -73,13 +75,14 @@ module ActiveLdap
         end
       end
 
-      def initialize(host, port, method, timeout)
+      def initialize(host, port, method, timeout, follow_referrals)
         @host = host
         @port = port
         @method = method
         @timeout = timeout
         @context = nil
         @tls = nil
+        @follow_referrals = follow_referrals
       end
 
       def unbind
@@ -108,23 +111,55 @@ module ActiveLdap
         bound?
       end
 
-      def search(base, scope, filter, attrs, limit)
+      def search(options)
+        base = options[:base]
+        scope = options[:scope]
+        filter = options[:filter]
+        attributes = options[:attributes]
+        limit = options[:limit]
+        use_paged_results = options[:use_paged_results]
+        page_size = options[:page_size]
+
         controls = SearchControls.new
         controls.search_scope = scope
 
         controls.count_limit = limit if limit
-        unless attrs.blank?
-          controls.returning_attributes = attrs.to_java(:string)
+        unless attributes.blank?
+          controls.returning_attributes = attributes.to_java(:string)
+        end
+
+        page_cookie = nil
+        if use_paged_results
+          # https://devdocs.io/openjdk~8/javax/naming/ldap/pagedresultscontrol
+          @context.set_request_controls([build_paged_results_control(page_size)])
+        else
+          @context.set_request_controls([])
         end
 
-        @context.search(base, filter, controls).each do |result|
-          attributes = {}
-          result.attributes.get_all.each do |attribute|
-            attributes[attribute.get_id] = attribute.get_all.collect do |value|
-              value.is_a?(String) ? value : String.from_java_bytes(value)
-            end
+        escaped_base = escape_dn(base)
+
+        loop do
+          @context.search(escaped_base, filter, controls).each do |search_result|
+            yield(build_raw_search_result(search_result))
           end
-          yield([result.name_in_namespace, attributes])
+
+          break unless use_paged_results
+
+          # Find the paged search cookie
+          response_controls = @context.get_response_controls
+          break unless response_controls
+          response_controls.each do |response_control|
+            next unless response_control.is_a?(PagedResultsResponseControl)
+            page_cookie = response_control.get_cookie
+            break
+          end
+
+          break unless page_cookie
+
+          # Set paged results control so we can keep getting results.
+          paged_results_control =
+            build_paged_results_control(page_size, page_cookie)
+          @context.set_request_controls([paged_results_control])
         end
       end
 
@@ -133,25 +168,32 @@ module ActiveLdap
         records.each do |record|
           attributes.put(record.to_java_attribute)
         end
-        @context.create_subcontext(dn, attributes)
+        @context.set_request_controls([])
+        @context.create_subcontext(escape_dn(dn), attributes)
       end
 
       def modify(dn, records)
         items = records.collect(&:to_java_modification_item)
-        @context.modify_attributes(dn, items.to_java(ModificationItem))
+        @context.set_request_controls([])
+        @context.modify_attributes(escape_dn(dn), items.to_java(ModificationItem))
       end
 
       def modify_rdn(dn, new_rdn, delete_old_rdn)
         # should use mutex
         delete_rdn_key = "java.naming.ldap.deleteRDN"
-        @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
-        @context.rename(dn, new_rdn)
-      ensure
-        @context.remove_from_environment(delete_rdn_key)
+        @context.set_request_controls([])
+        begin
+          @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
+          @context.rename(escape_dn(dn), escape_dn(new_rdn))
+        ensure
+          @context.remove_from_environment(delete_rdn_key)
+        end
       end
 
       def delete(dn)
-        @context.destroy_subcontext(dn)
+        escaped_dn = escape_dn(dn)
+        @context.set_request_controls([])
+        @context.destroy_subcontext(escaped_dn)
       end
 
       private
@@ -162,9 +204,10 @@ module ActiveLdap
           Context::PROVIDER_URL => ldap_uri,
           'com.sun.jndi.ldap.connect.timeout' => (@timeout * 1000).to_i.to_s,
           'com.sun.jndi.ldap.read.timeout' => (@timeout * 1000).to_i.to_s,
+          'java.naming.ldap.derefAliases' => 'never',
+          'java.naming.referral' => @follow_referrals ? 'follow' : 'ignore',
         }
-        environment = HashTable.new(environment)
-        context = InitialLdapContext.new(environment, nil)
+        context = InitialLdapContext.new(HashTable.new(environment), nil)
         if @method == :start_tls
           @tls = context.extended_operation(StartTlsRequest.new)
           @tls.negotiate
@@ -185,6 +228,26 @@ module ActiveLdap
         protocol = @method == :ssl ? "ldaps" : "ldap"
         "#{protocol}://#{@host}:#{@port}/"
       end
+
+      def escape_dn(dn)
+        javax.naming.ldap.LdapName.new(dn)
+      rescue Java::JavaLang::IllegalArgumentException, Java::JavaxNaming::InvalidNameException
+        dn
+      end
+
+      def build_paged_results_control(page_size, page_cookie=nil)
+        PagedResultsControl.new(page_size, page_cookie, Control::CRITICAL)
+      end
+
+      def build_raw_search_result(search_result)
+        attributes = {}
+        search_result.attributes.get_all.each do |attribute|
+          attributes[attribute.get_id] = attribute.get_all.collect do |value|
+            value.is_a?(String) ? value : String.from_java_bytes(value)
+          end
+        end
+        [search_result.name_in_namespace, attributes]
+      end
     end
   end
 end

data/lib/active_ldap/adapter/ldap.rb

@@ -113,25 +113,11 @@ module ActiveLdap
       end
 
       def search(options={})
-        super(options) do |base, scope, filter, attrs, limit|
+        super(options) do |search_options|
           begin
-            use_paged_results = options[:use_paged_results]
-            if use_paged_results or use_paged_results.nil?
-              use_paged_results = supported_control.paged_results?
-            end
-            info = {
-              :base => base, :scope => scope_name(scope),
-              :filter => filter, :attributes => attrs, :limit => limit,
-            }
-            options = {
-              :base              => base,
-              :scope             => scope,
-              :filter            => filter,
-              :attributes        => attrs,
-              :limit             => limit,
-              :use_paged_results => use_paged_results
-            }
-            execute(:search_full, info, options) do |entry|
+            scope = search_options[:scope]
+            info = search_options.merge(scope: scope_name(scope))
+            execute(:search_full, info, search_options) do |entry|
               attributes = {}
               entry.attrs.each do |attr|
                 value = entry.vals(attr)
@@ -142,7 +128,10 @@ module ActiveLdap
           rescue RuntimeError
             if $!.message == "no result returned by search"
               @logger.debug do
-                args = [filter, attrs.inspect]
+                args = [
+                  search_options[:filter],
+                  search_options[:attributes].inspect,
+                ]
                 _("No matches: filter: %s: attributes: %s") % args
               end
             else
@@ -220,15 +209,17 @@ module ActiveLdap
       def prepare_connection(options={})
         operation(options) do
           @connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
-          unless follow_referrals?(options)
-            @connection.set_option(LDAP::LDAP_OPT_REFERRALS, 0)
-          end
+          @ldap_follow_referrals = follow_referrals?(options) ? 1 : 0
+          @connection.set_option(LDAP::LDAP_OPT_REFERRALS,
+                                 @ldap_follow_referrals)
         end
       end
 
       def execute(method, info=nil, *args, &block)
         begin
           name = (info || {}).delete(:name) || method
+          @connection.set_option(LDAP::LDAP_OPT_REFERRALS,
+                                 @ldap_follow_referrals)
           log(name, info) {@connection.send(method, *args, &block)}
         rescue LDAP::ResultError
           @connection.assert_error_code

data/lib/active_ldap/adapter/ldap_ext.rb

@@ -65,12 +65,28 @@ module LDAP
       attributes        = options[:attributes]
       limit             = options[:limit] || 0
       use_paged_results = options[:use_paged_results]
+      page_size         = options[:page_size]
       if @@have_search_ext
         if use_paged_results
-          paged_search(base, scope, filter, attributes, limit, &block)
+          paged_search(base,
+                       scope,
+                       filter,
+                       attributes,
+                       limit,
+                       page_size,
+                       &block)
         else
-          search_ext(base, scope, filter, attributes,
-                     false, nil, nil, 0, 0, limit, &block)
+          search_ext(base,
+                     scope,
+                     filter,
+                     attributes,
+                     false,
+                     nil,
+                     nil,
+                     0,
+                     0,
+                     limit,
+                     &block)
         end
       else
         i = 0
@@ -120,27 +136,30 @@ module LDAP
       end
     end
 
-    def paged_search(base, scope, filter, attributes, limit, &block)
-      # work around a bug with openldap
-      page_size = 126
+    def paged_search(base, scope, filter, attributes, limit, page_size, &block)
       cookie = ""
       critical = true
-
       loop do
         ber_string = LDAP::Control.encode(page_size, cookie)
         control = LDAP::Control.new(LDAP::LDAP_CONTROL_PAGEDRESULTS,
                                     ber_string,
                                     critical)
-
-        search_ext(base, scope, filter, attributes,
-                   false, [control], nil, 0, 0, limit, &block)
+        search_ext(base,
+                   scope,
+                   filter,
+                   attributes,
+                   false,
+                   [control],
+                   nil,
+                   0,
+                   0,
+                   limit,
+                   &block)
 
         control = find_paged_results_control(@controls)
         break if control.nil?
-        returned_size, cookie = control.decode
-        returned_size = returned_size.to_i
-        page_size = returned_size if returned_size > 0
 
+        _estimated_result_set_size, cookie = control.decode
         break if cookie.empty?
       end
     end

data/lib/active_ldap/adapter/net_ldap.rb

@@ -69,25 +69,16 @@ module ActiveLdap
       end
 
       def search(options={})
-        use_paged_results = options[:use_paged_results]
-        if use_paged_results or use_paged_results.nil?
-          paged_results_supported = supported_control.paged_results?
-        else
-          paged_results_supported = false
-        end
-        super(options) do |base, scope, filter, attrs, limit|
+        super(options) do |search_options|
+          scope = search_options[:scope]
+          info = search_options.merge(scope: scope_name(scope))
           args = {
-            :base => base,
-            :scope => scope,
-            :filter => filter,
-            :attributes => attrs,
-            :size => limit,
-            :paged_searches_supported => paged_results_supported,
-          }
-          info = {
-            :base => base, :scope => scope_name(scope),
-            :filter => filter, :attributes => attrs, :limit => limit,
-            :paged_results_supported => paged_results_supported,
+            base: search_options[:base],
+            scope: scope,
+            filter: search_options[:filter],
+            attributes: search_options[:attributes],
+            size: search_options[:limit],
+            paged_searcheds_supported: search_options[:paged_results_supported],
           }
           execute(:search, info, args) do |entry|
             attributes = {}