activeldap 5.2.4 → 6.0.0

data/lib/active_ldap/adapter/base.rb

@@ -30,6 +30,8 @@ module ActiveLdap
         :scope,
         :sasl_options,
         :follow_referrals,
+        :use_paged_results,
+        :page_size,
       ]
 
       @@row_even = true
@@ -41,6 +43,7 @@ module ActiveLdap
         @bind_tried = false
         @entry_attributes = {}
         @follow_referrals = nil
+        @page_size = nil
         @configuration = configuration.dup
         @logger = @configuration.delete(:logger)
         @configuration.assert_valid_keys(VALID_ADAPTER_CONFIGURATION_KEYS)
@@ -48,6 +51,7 @@ module ActiveLdap
           instance_variable_set("@#{name}", configuration[name])
         end
         @follow_referrals = true if @follow_referrals.nil?
+        @page_size ||= Configuration::DEFAULT_CONFIG[:page_size]
         @instrumenter = ActiveSupport::Notifications.instrumenter
       end
 
@@ -169,23 +173,39 @@ module ActiveLdap
       end
 
       def search(options={})
-        filter = parse_filter(options[:filter]) || 'objectClass=*'
-        attrs = options[:attributes] || []
-        scope = ensure_scope(options[:scope] || @scope)
         base = options[:base]
+        base = ensure_dn_string(base)
+        attributes = options[:attributes] || []
+        attributes = attributes.to_a # just in case
         limit = options[:limit] || 0
         limit = nil if limit <= 0
+        use_paged_results = options[:use_paged_results]
+        if use_paged_results or use_paged_results.nil?
+          use_paged_results = supported_control.paged_results?
+        end
+        search_options = {
+          base: base,
+          scope: ensure_scope(options[:scope] || @scope),
+          filter: parse_filter(options[:filter]) || 'objectClass=*',
+          attributes: attributes,
+          limit: limit,
+          use_paged_results: use_paged_results,
+          page_size: options[:page_size] || @page_size,
+        }
 
-        attrs = attrs.to_a # just in case
-        base = ensure_dn_string(base)
         begin
           operation(options) do
-            yield(base, scope, filter, attrs, limit)
+            yield(search_options)
           end
-        rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax
+        rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax => error
           # Do nothing on failure
           @logger.info do
-            args = [$!.class, $!.message, filter, attrs.inspect]
+            args = [
+              error.class.class,
+              error.message,
+              search_options[:filter],
+              search_options[:attributes].inspect,
+            ]
             _("Ignore error %s(%s): filter %s: attributes: %s") % args
           end
         end

data/lib/active_ldap/adapter/jndi.rb

@@ -46,12 +46,10 @@ module ActiveLdap
       end
 
       def search(options={}, &block)
-        super(options) do |base, scope, filter, attrs, limit|
-          info = {
-            :base => base, :scope => scope_name(scope), :filter => filter,
-            :attributes => attrs, :limit => limit,
-          }
-          execute(:search, info, base, scope, filter, attrs, limit, &block)
+        super(options) do |search_options|
+          scope = search_options[:scope]
+          info = search_options.merge(scope: scope_name(scope))
+          execute(:search, info, search_options, &block)
         end
       end
 

data/lib/active_ldap/adapter/jndi_connection.rb

@@ -25,6 +25,8 @@ module ActiveLdap
       Context = naming.Context
       StartTlsRequest = ldap.StartTlsRequest
       Control = ldap.Control
+      PagedResultsControl = ldap.PagedResultsControl
+      PagedResultsResponseControl = ldap.PagedResultsResponseControl
 
       CommunicationException = naming.CommunicationException
       ServiceUnavailableException = naming.ServiceUnavailableException
@@ -108,23 +110,54 @@ module ActiveLdap
         bound?
       end
 
-      def search(base, scope, filter, attrs, limit)
+      def search(options)
+        base = options[:base]
+        scope = options[:scope]
+        filter = options[:filter]
+        attributes = options[:attributes]
+        limit = options[:limit]
+        use_paged_results = options[:use_paged_results]
+        page_size = options[:page_size]
+
         controls = SearchControls.new
         controls.search_scope = scope
 
         controls.count_limit = limit if limit
-        unless attrs.blank?
-          controls.returning_attributes = attrs.to_java(:string)
+        unless attributes.blank?
+          controls.returning_attributes = attributes.to_java(:string)
         end
 
-        @context.search(base, filter, controls).each do |result|
-          attributes = {}
-          result.attributes.get_all.each do |attribute|
-            attributes[attribute.get_id] = attribute.get_all.collect do |value|
-              value.is_a?(String) ? value : String.from_java_bytes(value)
-            end
+        page_cookie = nil
+        if use_paged_results
+          # https://devdocs.io/openjdk~8/javax/naming/ldap/pagedresultscontrol
+          @context.set_request_controls([build_paged_results_control(page_size)])
+        else
+          @context.set_request_controls([])
+        end
+
+        escaped_base = escape_dn(base)
+        loop do
+          @context.search(escaped_base, filter, controls).each do |search_result|
+            yield(build_raw_search_result(search_result))
+          end
+
+          break unless use_paged_results
+
+          # Find the paged search cookie
+          response_controls = @context.get_response_controls
+          break unless response_controls
+          response_controls.each do |response_control|
+            next unless response_control.is_a?(PagedResultsResponseControl)
+            page_cookie = response_control.get_cookie
+            break
           end
-          yield([result.name_in_namespace, attributes])
+
+          break unless page_cookie
+
+          # Set paged results control so we can keep getting results.
+          paged_results_control =
+            build_paged_results_control(page_size, page_cookie)
+          @context.set_request_controls([paged_results_control])
         end
       end
 
@@ -133,25 +166,35 @@ module ActiveLdap
         records.each do |record|
           attributes.put(record.to_java_attribute)
         end
-        @context.create_subcontext(dn, attributes)
+        escaped_dn = escape_dn(dn)
+        @context.set_request_controls([])
+        @context.create_subcontext(escaped_dn, attributes)
       end
 
       def modify(dn, records)
+        escaped_dn = escape_dn(dn)
         items = records.collect(&:to_java_modification_item)
-        @context.modify_attributes(dn, items.to_java(ModificationItem))
+        @context.set_request_controls([])
+        @context.modify_attributes(escaped_dn, items.to_java(ModificationItem))
       end
 
       def modify_rdn(dn, new_rdn, delete_old_rdn)
+        escaped_dn = escape_dn(dn)
         # should use mutex
         delete_rdn_key = "java.naming.ldap.deleteRDN"
-        @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
-        @context.rename(dn, new_rdn)
-      ensure
-        @context.remove_from_environment(delete_rdn_key)
+        @context.set_request_controls([])
+        begin
+          @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
+          @context.rename(escaped_dn, new_rdn)
+        ensure
+          @context.remove_from_environment(delete_rdn_key)
+        end
       end
 
       def delete(dn)
-        @context.destroy_subcontext(dn)
+        escaped_dn = escape_dn(dn)
+        @context.set_request_controls([])
+        @context.destroy_subcontext(escaped_dn)
       end
 
       private
@@ -185,6 +228,51 @@ module ActiveLdap
         protocol = @method == :ssl ? "ldaps" : "ldap"
         "#{protocol}://#{@host}:#{@port}/"
       end
+
+      def escape_dn(dn)
+        parsed_dn = nil
+        begin
+          parsed_dn = DN.parse(dn)
+        rescue DistinguishedNameInvalid
+          return dn
+        end
+
+        escaped_rdns = parsed_dn.rdns.collect do |rdn|
+          escaped_rdn_strings = rdn.collect do |key, value|
+            escaped_value = DN.escape_value(value)
+            # We may need to escape the followings too:
+            #   * ,
+            #   * =
+            #   * +
+            #   * <
+            #   * >
+            #   * #
+            #   * ;
+            #
+            # See javax.naming.ldap.Rdn.unescapeValue()
+            escaped_value = escaped_value.gsub(/\\\\/) do
+              "\\5C"
+            end
+            "#{key}=#{escaped_value}"
+          end
+          escaped_rdn_strings.join("+")
+        end
+        escaped_rdns.join(",")
+      end
+
+      def build_paged_results_control(page_size, page_cookie=nil)
+        PagedResultsControl.new(page_size, page_cookie, Control::CRITICAL)
+      end
+
+      def build_raw_search_result(search_result)
+        attributes = {}
+        search_result.attributes.get_all.each do |attribute|
+          attributes[attribute.get_id] = attribute.get_all.collect do |value|
+            value.is_a?(String) ? value : String.from_java_bytes(value)
+          end
+        end
+        [search_result.name_in_namespace, attributes]
+      end
     end
   end
 end

data/lib/active_ldap/adapter/ldap.rb

@@ -113,25 +113,11 @@ module ActiveLdap
       end
 
       def search(options={})
-        super(options) do |base, scope, filter, attrs, limit|
+        super(options) do |search_options|
           begin
-            use_paged_results = options[:use_paged_results]
-            if use_paged_results or use_paged_results.nil?
-              use_paged_results = supported_control.paged_results?
-            end
-            info = {
-              :base => base, :scope => scope_name(scope),
-              :filter => filter, :attributes => attrs, :limit => limit,
-            }
-            options = {
-              :base              => base,
-              :scope             => scope,
-              :filter            => filter,
-              :attributes        => attrs,
-              :limit             => limit,
-              :use_paged_results => use_paged_results
-            }
-            execute(:search_full, info, options) do |entry|
+            scope = search_options[:scope]
+            info = search_options.merge(scope: scope_name(scope))
+            execute(:search_full, info, search_options) do |entry|
               attributes = {}
               entry.attrs.each do |attr|
                 value = entry.vals(attr)
@@ -142,7 +128,10 @@ module ActiveLdap
           rescue RuntimeError
             if $!.message == "no result returned by search"
               @logger.debug do
-                args = [filter, attrs.inspect]
+                args = [
+                  search_options[:filter],
+                  search_options[:attributes].inspect,
+                ]
                 _("No matches: filter: %s: attributes: %s") % args
               end
             else

data/lib/active_ldap/adapter/ldap_ext.rb

@@ -65,12 +65,28 @@ module LDAP
       attributes        = options[:attributes]
       limit             = options[:limit] || 0
       use_paged_results = options[:use_paged_results]
+      page_size         = options[:page_size]
       if @@have_search_ext
         if use_paged_results
-          paged_search(base, scope, filter, attributes, limit, &block)
+          paged_search(base,
+                       scope,
+                       filter,
+                       attributes,
+                       limit,
+                       page_size,
+                       &block)
         else
-          search_ext(base, scope, filter, attributes,
-                     false, nil, nil, 0, 0, limit, &block)
+          search_ext(base,
+                     scope,
+                     filter,
+                     attributes,
+                     false,
+                     nil,
+                     nil,
+                     0,
+                     0,
+                     limit,
+                     &block)
         end
       else
         i = 0
@@ -120,27 +136,30 @@ module LDAP
       end
     end
 
-    def paged_search(base, scope, filter, attributes, limit, &block)
-      # work around a bug with openldap
-      page_size = 126
+    def paged_search(base, scope, filter, attributes, limit, page_size, &block)
       cookie = ""
       critical = true
-
       loop do
         ber_string = LDAP::Control.encode(page_size, cookie)
         control = LDAP::Control.new(LDAP::LDAP_CONTROL_PAGEDRESULTS,
                                     ber_string,
                                     critical)
-
-        search_ext(base, scope, filter, attributes,
-                   false, [control], nil, 0, 0, limit, &block)
+        search_ext(base,
+                   scope,
+                   filter,
+                   attributes,
+                   false,
+                   [control],
+                   nil,
+                   0,
+                   0,
+                   limit,
+                   &block)
 
         control = find_paged_results_control(@controls)
         break if control.nil?
-        returned_size, cookie = control.decode
-        returned_size = returned_size.to_i
-        page_size = returned_size if returned_size > 0
 
+        _estimated_result_set_size, cookie = control.decode
         break if cookie.empty?
       end
     end

data/lib/active_ldap/adapter/net_ldap.rb

@@ -69,25 +69,16 @@ module ActiveLdap
       end
 
       def search(options={})
-        use_paged_results = options[:use_paged_results]
-        if use_paged_results or use_paged_results.nil?
-          paged_results_supported = supported_control.paged_results?
-        else
-          paged_results_supported = false
-        end
-        super(options) do |base, scope, filter, attrs, limit|
+        super(options) do |search_options|
+          scope = search_options[:scope]
+          info = search_options.merge(scope: scope_name(scope))
           args = {
-            :base => base,
-            :scope => scope,
-            :filter => filter,
-            :attributes => attrs,
-            :size => limit,
-            :paged_searches_supported => paged_results_supported,
-          }
-          info = {
-            :base => base, :scope => scope_name(scope),
-            :filter => filter, :attributes => attrs, :limit => limit,
-            :paged_results_supported => paged_results_supported,
+            base: search_options[:base],
+            scope: scope,
+            filter: search_options[:filter],
+            attributes: search_options[:attributes],
+            size: search_options[:limit],
+            paged_searcheds_supported: search_options[:paged_results_supported],
           }
           execute(:search, info, args) do |entry|
             attributes = {}

data/lib/active_ldap/configuration.rb

@@ -48,6 +48,15 @@ module ActiveLdap
     DEFAULT_CONFIG[:retry_on_timeout] = true
     DEFAULT_CONFIG[:follow_referrals] = true
 
+    # 500 is the default size limit value of OpenLDAP 2.4:
+    #   https://openldap.org/doc/admin24/limits.html#Global%20Limits
+    #
+    # We may change this when we find LDAP server that its the default
+    # size limit is smaller than 500.
+    DEFAULT_CONFIG[:page_size] = 500
+    # Whether using paged results if available.
+    DEFAULT_CONFIG[:use_paged_results] = true
+
     DEFAULT_CONFIG[:logger] = nil
 
     module ClassMethods
@@ -103,8 +112,22 @@ module ActiveLdap
         end
       end
 
+      def parent_configuration(target)
+        if target.is_a?(Base)
+          target = target.class
+        else
+          target = target.superclass
+        end
+        while target <= Base
+          config = defined_configurations[target.active_connection_key]
+          return config if config
+          target = target.superclass
+        end
+        default_configuration
+      end
+
       def merge_configuration(user_configuration, target=self)
-        configuration = default_configuration
+        configuration = parent_configuration(target).dup
         prepare_configuration(user_configuration).each do |key, value|
           case key
           when :base

data/lib/active_ldap/connection.rb

@@ -165,11 +165,11 @@ module ActiveLdap
         connection.schema
       end
 
-      private
       def active_connection_key(k=self)
         k.name.blank? ? k.object_id : k.name
       end
 
+      private
       def determine_active_connection_name
         key = active_connection_key
         if active_connections[key] or configuration(key)