activeldap 5.2.4 → 6.1.0

data/lib/active_ldap/adapter/base.rb

@@ -30,6 +30,8 @@ module ActiveLdap
         :scope,
         :sasl_options,
         :follow_referrals,
+        :use_paged_results,
+        :page_size,
       ]
 
       @@row_even = true
@@ -41,6 +43,7 @@ module ActiveLdap
         @bind_tried = false
         @entry_attributes = {}
         @follow_referrals = nil
+        @page_size = nil
         @configuration = configuration.dup
         @logger = @configuration.delete(:logger)
         @configuration.assert_valid_keys(VALID_ADAPTER_CONFIGURATION_KEYS)
@@ -48,6 +51,7 @@ module ActiveLdap
           instance_variable_set("@#{name}", configuration[name])
         end
         @follow_referrals = true if @follow_referrals.nil?
+        @page_size ||= Configuration::DEFAULT_CONFIG[:page_size]
         @instrumenter = ActiveSupport::Notifications.instrumenter
       end
 
@@ -169,23 +173,40 @@ module ActiveLdap
       end
 
       def search(options={})
-        filter = parse_filter(options[:filter]) || 'objectClass=*'
-        attrs = options[:attributes] || []
-        scope = ensure_scope(options[:scope] || @scope)
         base = options[:base]
+        base = ensure_dn_string(base)
+        attributes = options[:attributes] || []
+        attributes = attributes.to_a # just in case
         limit = options[:limit] || 0
         limit = nil if limit <= 0
+        use_paged_results = options[:use_paged_results]
+        use_paged_results = @use_paged_results if use_paged_results.nil?
+        if use_paged_results
+          use_paged_results = limit != 1 && supported_control.paged_results?
+        end
+        search_options = {
+          base: base,
+          scope: ensure_scope(options[:scope] || @scope),
+          filter: parse_filter(options[:filter]) || 'objectClass=*',
+          attributes: attributes,
+          limit: limit,
+          use_paged_results: use_paged_results,
+          page_size: options[:page_size] || @page_size,
+        }
 
-        attrs = attrs.to_a # just in case
-        base = ensure_dn_string(base)
         begin
           operation(options) do
-            yield(base, scope, filter, attrs, limit)
+            yield(search_options)
           end
-        rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax
+        rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax => error
           # Do nothing on failure
           @logger.info do
-            args = [$!.class, $!.message, filter, attrs.inspect]
+            args = [
+              error.class.class,
+              error.message,
+              search_options[:filter],
+              search_options[:attributes].inspect,
+            ]
             _("Ignore error %s(%s): filter %s: attributes: %s") % args
           end
         end
@@ -662,8 +683,7 @@ module ActiveLdap
                :scope => :base,
                :attributes => attrs,
                :limit => 1,
-               :try_reconnect => try_reconnect,
-               :use_paged_results => false) do |dn, attributes|
+               :try_reconnect => try_reconnect) do |dn, attributes|
           found_attributes = attributes
         end
         found_attributes

data/lib/active_ldap/adapter/jndi.rb

@@ -22,9 +22,23 @@ module ActiveLdap
         super do |host, port, method|
           uri = construct_uri(host, port, method == :ssl)
           with_start_tls = method == :start_tls
-          info = {:uri => uri, :with_start_tls => with_start_tls}
-          [log("connect", info) {JndiConnection.new(host, port, method, @timeout)},
-           uri, with_start_tls]
+          follow_referrals = follow_referrals?(options)
+          info = {
+            :uri => uri,
+            :with_start_tls => with_start_tls,
+            :follow_referrals => follow_referrals,
+          }
+          [
+            log("connect", info) {
+              JndiConnection.new(host,
+                                 port,
+                                 method,
+                                 @timeout,
+                                 follow_referrals)
+            },
+            uri,
+            with_start_tls,
+          ]
         end
       end
 
@@ -46,12 +60,10 @@ module ActiveLdap
       end
 
       def search(options={}, &block)
-        super(options) do |base, scope, filter, attrs, limit|
-          info = {
-            :base => base, :scope => scope_name(scope), :filter => filter,
-            :attributes => attrs, :limit => limit,
-          }
-          execute(:search, info, base, scope, filter, attrs, limit, &block)
+        super(options) do |search_options|
+          scope = search_options[:scope]
+          info = search_options.merge(scope: scope_name(scope))
+          execute(:search, info, search_options, &block)
         end
       end
 

data/lib/active_ldap/adapter/jndi_connection.rb

@@ -25,6 +25,8 @@ module ActiveLdap
       Context = naming.Context
       StartTlsRequest = ldap.StartTlsRequest
       Control = ldap.Control
+      PagedResultsControl = ldap.PagedResultsControl
+      PagedResultsResponseControl = ldap.PagedResultsResponseControl
 
       CommunicationException = naming.CommunicationException
       ServiceUnavailableException = naming.ServiceUnavailableException
@@ -73,13 +75,14 @@ module ActiveLdap
         end
       end
 
-      def initialize(host, port, method, timeout)
+      def initialize(host, port, method, timeout, follow_referrals)
         @host = host
         @port = port
         @method = method
         @timeout = timeout
         @context = nil
         @tls = nil
+        @follow_referrals = follow_referrals
       end
 
       def unbind
@@ -108,23 +111,55 @@ module ActiveLdap
         bound?
       end
 
-      def search(base, scope, filter, attrs, limit)
+      def search(options)
+        base = options[:base]
+        scope = options[:scope]
+        filter = options[:filter]
+        attributes = options[:attributes]
+        limit = options[:limit]
+        use_paged_results = options[:use_paged_results]
+        page_size = options[:page_size]
+
         controls = SearchControls.new
         controls.search_scope = scope
 
         controls.count_limit = limit if limit
-        unless attrs.blank?
-          controls.returning_attributes = attrs.to_java(:string)
+        unless attributes.blank?
+          controls.returning_attributes = attributes.to_java(:string)
+        end
+
+        page_cookie = nil
+        if use_paged_results
+          # https://devdocs.io/openjdk~8/javax/naming/ldap/pagedresultscontrol
+          @context.set_request_controls([build_paged_results_control(page_size)])
+        else
+          @context.set_request_controls([])
         end
 
-        @context.search(base, filter, controls).each do |result|
-          attributes = {}
-          result.attributes.get_all.each do |attribute|
-            attributes[attribute.get_id] = attribute.get_all.collect do |value|
-              value.is_a?(String) ? value : String.from_java_bytes(value)
-            end
+        escaped_base = escape_dn(base)
+
+        loop do
+          @context.search(escaped_base, filter, controls).each do |search_result|
+            yield(build_raw_search_result(search_result))
           end
-          yield([result.name_in_namespace, attributes])
+
+          break unless use_paged_results
+
+          # Find the paged search cookie
+          response_controls = @context.get_response_controls
+          break unless response_controls
+          response_controls.each do |response_control|
+            next unless response_control.is_a?(PagedResultsResponseControl)
+            page_cookie = response_control.get_cookie
+            break
+          end
+
+          break unless page_cookie
+
+          # Set paged results control so we can keep getting results.
+          paged_results_control =
+            build_paged_results_control(page_size, page_cookie)
+          @context.set_request_controls([paged_results_control])
         end
       end
 
@@ -133,25 +168,32 @@ module ActiveLdap
         records.each do |record|
           attributes.put(record.to_java_attribute)
         end
-        @context.create_subcontext(dn, attributes)
+        @context.set_request_controls([])
+        @context.create_subcontext(escape_dn(dn), attributes)
       end
 
       def modify(dn, records)
         items = records.collect(&:to_java_modification_item)
-        @context.modify_attributes(dn, items.to_java(ModificationItem))
+        @context.set_request_controls([])
+        @context.modify_attributes(escape_dn(dn), items.to_java(ModificationItem))
       end
 
       def modify_rdn(dn, new_rdn, delete_old_rdn)
         # should use mutex
         delete_rdn_key = "java.naming.ldap.deleteRDN"
-        @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
-        @context.rename(dn, new_rdn)
-      ensure
-        @context.remove_from_environment(delete_rdn_key)
+        @context.set_request_controls([])
+        begin
+          @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
+          @context.rename(escape_dn(dn), escape_dn(new_rdn))
+        ensure
+          @context.remove_from_environment(delete_rdn_key)
+        end
       end
 
       def delete(dn)
-        @context.destroy_subcontext(dn)
+        escaped_dn = escape_dn(dn)
+        @context.set_request_controls([])
+        @context.destroy_subcontext(escaped_dn)
       end
 
       private
@@ -162,9 +204,10 @@ module ActiveLdap
           Context::PROVIDER_URL => ldap_uri,
           'com.sun.jndi.ldap.connect.timeout' => (@timeout * 1000).to_i.to_s,
           'com.sun.jndi.ldap.read.timeout' => (@timeout * 1000).to_i.to_s,
+          'java.naming.ldap.derefAliases' => 'never',
+          'java.naming.referral' => @follow_referrals ? 'follow' : 'ignore',
         }
-        environment = HashTable.new(environment)
-        context = InitialLdapContext.new(environment, nil)
+        context = InitialLdapContext.new(HashTable.new(environment), nil)
         if @method == :start_tls
           @tls = context.extended_operation(StartTlsRequest.new)
           @tls.negotiate
@@ -185,6 +228,26 @@ module ActiveLdap
         protocol = @method == :ssl ? "ldaps" : "ldap"
         "#{protocol}://#{@host}:#{@port}/"
       end
+
+      def escape_dn(dn)
+        javax.naming.ldap.LdapName.new(dn)
+      rescue Java::JavaLang::IllegalArgumentException, Java::JavaxNaming::InvalidNameException
+        dn
+      end
+
+      def build_paged_results_control(page_size, page_cookie=nil)
+        PagedResultsControl.new(page_size, page_cookie, Control::CRITICAL)
+      end
+
+      def build_raw_search_result(search_result)
+        attributes = {}
+        search_result.attributes.get_all.each do |attribute|
+          attributes[attribute.get_id] = attribute.get_all.collect do |value|
+            value.is_a?(String) ? value : String.from_java_bytes(value)
+          end
+        end
+        [search_result.name_in_namespace, attributes]
+      end
     end
   end
 end

data/lib/active_ldap/adapter/ldap.rb

@@ -113,25 +113,11 @@ module ActiveLdap
       end
 
       def search(options={})
-        super(options) do |base, scope, filter, attrs, limit|
+        super(options) do |search_options|
           begin
-            use_paged_results = options[:use_paged_results]
-            if use_paged_results or use_paged_results.nil?
-              use_paged_results = supported_control.paged_results?
-            end
-            info = {
-              :base => base, :scope => scope_name(scope),
-              :filter => filter, :attributes => attrs, :limit => limit,
-            }
-            options = {
-              :base              => base,
-              :scope             => scope,
-              :filter            => filter,
-              :attributes        => attrs,
-              :limit             => limit,
-              :use_paged_results => use_paged_results
-            }
-            execute(:search_full, info, options) do |entry|
+            scope = search_options[:scope]
+            info = search_options.merge(scope: scope_name(scope))
+            execute(:search_full, info, search_options) do |entry|
               attributes = {}
               entry.attrs.each do |attr|
                 value = entry.vals(attr)
@@ -142,7 +128,10 @@ module ActiveLdap
           rescue RuntimeError
             if $!.message == "no result returned by search"
               @logger.debug do
-                args = [filter, attrs.inspect]
+                args = [
+                  search_options[:filter],
+                  search_options[:attributes].inspect,
+                ]
                 _("No matches: filter: %s: attributes: %s") % args
               end
             else
@@ -220,15 +209,17 @@ module ActiveLdap
       def prepare_connection(options={})
         operation(options) do
           @connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
-          unless follow_referrals?(options)
-            @connection.set_option(LDAP::LDAP_OPT_REFERRALS, 0)
-          end
+          @ldap_follow_referrals = follow_referrals?(options) ? 1 : 0
+          @connection.set_option(LDAP::LDAP_OPT_REFERRALS,
+                                 @ldap_follow_referrals)
         end
       end
 
       def execute(method, info=nil, *args, &block)
         begin
           name = (info || {}).delete(:name) || method
+          @connection.set_option(LDAP::LDAP_OPT_REFERRALS,
+                                 @ldap_follow_referrals)
           log(name, info) {@connection.send(method, *args, &block)}
         rescue LDAP::ResultError
           @connection.assert_error_code

data/lib/active_ldap/adapter/ldap_ext.rb

@@ -65,12 +65,28 @@ module LDAP
       attributes        = options[:attributes]
       limit             = options[:limit] || 0
       use_paged_results = options[:use_paged_results]
+      page_size         = options[:page_size]
       if @@have_search_ext
         if use_paged_results
-          paged_search(base, scope, filter, attributes, limit, &block)
+          paged_search(base,
+                       scope,
+                       filter,
+                       attributes,
+                       limit,
+                       page_size,
+                       &block)
         else
-          search_ext(base, scope, filter, attributes,
-                     false, nil, nil, 0, 0, limit, &block)
+          search_ext(base,
+                     scope,
+                     filter,
+                     attributes,
+                     false,
+                     nil,
+                     nil,
+                     0,
+                     0,
+                     limit,
+                     &block)
         end
       else
         i = 0
@@ -120,27 +136,30 @@ module LDAP
       end
     end
 
-    def paged_search(base, scope, filter, attributes, limit, &block)
-      # work around a bug with openldap
-      page_size = 126
+    def paged_search(base, scope, filter, attributes, limit, page_size, &block)
       cookie = ""
       critical = true
-
       loop do
         ber_string = LDAP::Control.encode(page_size, cookie)
         control = LDAP::Control.new(LDAP::LDAP_CONTROL_PAGEDRESULTS,
                                     ber_string,
                                     critical)
-
-        search_ext(base, scope, filter, attributes,
-                   false, [control], nil, 0, 0, limit, &block)
+        search_ext(base,
+                   scope,
+                   filter,
+                   attributes,
+                   false,
+                   [control],
+                   nil,
+                   0,
+                   0,
+                   limit,
+                   &block)
 
         control = find_paged_results_control(@controls)
         break if control.nil?
-        returned_size, cookie = control.decode
-        returned_size = returned_size.to_i
-        page_size = returned_size if returned_size > 0
 
+        _estimated_result_set_size, cookie = control.decode
         break if cookie.empty?
       end
     end

data/lib/active_ldap/adapter/net_ldap.rb

@@ -69,25 +69,16 @@ module ActiveLdap
       end
 
       def search(options={})
-        use_paged_results = options[:use_paged_results]
-        if use_paged_results or use_paged_results.nil?
-          paged_results_supported = supported_control.paged_results?
-        else
-          paged_results_supported = false
-        end
-        super(options) do |base, scope, filter, attrs, limit|
+        super(options) do |search_options|
+          scope = search_options[:scope]
+          info = search_options.merge(scope: scope_name(scope))
           args = {
-            :base => base,
-            :scope => scope,
-            :filter => filter,
-            :attributes => attrs,
-            :size => limit,
-            :paged_searches_supported => paged_results_supported,
-          }
-          info = {
-            :base => base, :scope => scope_name(scope),
-            :filter => filter, :attributes => attrs, :limit => limit,
-            :paged_results_supported => paged_results_supported,
+            base: search_options[:base],
+            scope: scope,
+            filter: search_options[:filter],
+            attributes: search_options[:attributes],
+            size: search_options[:limit],
+            paged_searcheds_supported: search_options[:paged_results_supported],
           }
           execute(:search, info, args) do |entry|
             attributes = {}

data/lib/active_ldap/base.rb

@@ -851,6 +851,8 @@ module ActiveLdap
 
       _schema = _local_entry_attribute = nil
       targets = sanitize_for_mass_assignment(new_attributes)
+      have_dn = false
+      dn_value = nil
       targets.each do |key, value|
         setter = "#{key}="
         unless respond_to?(setter)
@@ -860,8 +862,15 @@ module ActiveLdap
           _local_entry_attribute ||= local_entry_attribute
           _local_entry_attribute.register(attribute)
         end
-        send(setter, value)
+        case setter
+        when "dn=", "id="
+          have_dn = true
+          dn_value = value
+        else
+          send(setter, value)
+        end
       end
+      self.dn = dn_value if have_dn
     end
 
     def to_ldif_record
@@ -1281,6 +1290,7 @@ module ActiveLdap
     end
 
     def compute_base
+      ensure_update_dn
       base_of_class = self.class.base
       if @base_value.nil?
         base_of_class

data/lib/active_ldap/configuration.rb

@@ -48,6 +48,15 @@ module ActiveLdap
     DEFAULT_CONFIG[:retry_on_timeout] = true
     DEFAULT_CONFIG[:follow_referrals] = true
 
+    # 500 is the default size limit value of OpenLDAP 2.4:
+    #   https://openldap.org/doc/admin24/limits.html#Global%20Limits
+    #
+    # We may change this when we find LDAP server that its the default
+    # size limit is smaller than 500.
+    DEFAULT_CONFIG[:page_size] = 500
+    # Whether using paged results if available.
+    DEFAULT_CONFIG[:use_paged_results] = true
+
     DEFAULT_CONFIG[:logger] = nil
 
     module ClassMethods
@@ -103,8 +112,22 @@ module ActiveLdap
         end
       end
 
+      def parent_configuration(target)
+        if target.is_a?(Base)
+          target = target.class
+        else
+          target = target.superclass
+        end
+        while target <= Base
+          config = defined_configurations[target.active_connection_key]
+          return config if config
+          target = target.superclass
+        end
+        default_configuration
+      end
+
       def merge_configuration(user_configuration, target=self)
-        configuration = default_configuration
+        configuration = parent_configuration(target).dup
         prepare_configuration(user_configuration).each do |key, value|
           case key
           when :base

data/lib/active_ldap/connection.rb

@@ -6,7 +6,7 @@ module ActiveLdap
 
     module ClassMethods
       @@active_connections = {}
-      @@allow_concurrency = false
+      @@allow_concurrency = true
 
       def thread_safe_active_connections
         @@active_connections[Thread.current.object_id] ||= {}
@@ -165,11 +165,11 @@ module ActiveLdap
         connection.schema
       end
 
-      private
       def active_connection_key(k=self)
         k.name.blank? ? k.object_id : k.name
       end
 
+      private
       def determine_active_connection_name
         key = active_connection_key
         if active_connections[key] or configuration(key)

data/lib/active_ldap/human_readable.rb

@@ -17,11 +17,12 @@ module ActiveLdap
         if attribute_or_name.is_a?(Schema::Attribute)
           name = attribute_or_name.name
         else
-          attribute = schema.attribute(attribute_or_name.to_s)
+          attribute_name = attribute_or_name.to_s
+          attribute = schema.attribute(attribute_name)
           return nil if attribute.id.nil?
-          if attribute.name == attribute_or_name or
-              attribute.aliases.include?(attribute_or_name.to_s)
-            name = attribute_or_name
+          if attribute.name == attribute_name or
+              attribute.aliases.include?(attribute_name)
+            name = attribute_name
           else
             return nil
           end

data/lib/active_ldap/operations.rb

@@ -22,9 +22,23 @@ module ActiveLdap
     end
 
     module Common
-      VALID_SEARCH_OPTIONS = [:attribute, :value, :filter, :prefix,
-                              :classes, :scope, :limit, :attributes,
-                              :sort_by, :order, :connection, :base, :offset]
+      VALID_SEARCH_OPTIONS = [
+        :attribute,
+        :value,
+        :filter,
+        :prefix,
+        :classes,
+        :scope,
+        :limit,
+        :attributes,
+        :sort_by,
+        :order,
+        :connection,
+        :base,
+        :offset,
+        :use_paged_results,
+        :page_size,
+      ]
 
       def search(options={}, &block)
         validate_search_options(options)
@@ -62,6 +76,8 @@ module ActiveLdap
           :attributes => requested_attributes,
           :sort_by => options[:sort_by] || sort_by,
           :order => options[:order] || order,
+          :use_paged_results => options[:use_paged_results],
+          :page_size => options[:page_size],
         }
         options[:connection] ||= connection
         values = []
@@ -96,10 +112,11 @@ module ActiveLdap
         }
 
         attribute = attr || ensure_search_attribute
+        escaped_value = DN.escape_value(value)
         options_for_non_leaf = {
           :attribute => attr,
           :value => value,
-          :prefix => ["#{attribute}=#{value}", prefix].compact.join(","),
+          :prefix => ["#{attribute}=#{escaped_value}", prefix].compact.join(","),
           :limit => 1,
           :scope => :base,
         }

data/lib/active_ldap/persistence.rb

@@ -81,9 +81,10 @@ module ActiveLdap
       end
     end
 
-    def reload
+    def reload(options={})
       clear_association_cache
-      _, attributes = search(:value => id).find do |_dn, _attributes|
+      search_options = options.merge(value: id)
+      _, attributes = search(search_options).find do |_dn, _attributes|
         dn == _dn
       end
       if attributes.nil?

data/lib/active_ldap/validations.rb

@@ -53,15 +53,23 @@ module ActiveLdap
       errors.empty? && output
     end
 
-    def save(*)
-      valid? ? super : false
+    def save(**options)
+      perform_validations(options) ? super : false
     end
 
-    def save!(*)
-      valid? ? super : raise(EntryInvalid.new(self))
+    def save!(**options)
+      perform_validations(options) ? super : raise(EntryInvalid.new(self))
     end
 
     private
+    def perform_validations(options)
+      if options[:validate] == false
+        true
+      else
+        valid?(options[:context])
+      end
+    end
+
     def format_validation_message(format, parameters)
       format % parameters
     end

data/lib/active_ldap/version.rb

@@ -1,3 +1,3 @@
 module ActiveLdap
-  VERSION = "5.2.4"
+  VERSION = "6.1.0"
 end