activeldap 1.1.0 → 1.2.0

data/CHANGES

@@ -1,5 +1,20 @@
 = CHANGES
 
+== 1.2.0: 2009-09-22
+
+* Supported ActiveRecord 2.3.4 and Rails 2.3.4.
+* [IMCOMPATIBLE]
+  [#23932] Inconsistant DN handling in object attributes [Marc Dequènes]
+  (ActiveLdap::Base#dn and ActiveLdap::Base#base return
+  ActiveLdap::DN not String)
+* [#26824] support operational attributes detection [Marc Dequènes]
+  (added ActiveLdap::Schema::Attribute#directory_operation?)
+* [#27] Error saving an ActiveLDAP user [brad@lucky-dip.net]
+* [#29] Raised on modify_rdn_entry when rdn already exists [Alexey.Chebotar]
+* Added ActiveLdap::DN.parent.
+* Supported renaming an entry. Renaming other DTI is only supported by
+  JNDI backend.
+
 == 1.1.0: 2009-07-18
 
 * Improved tutorial. [Kazuaki Takase]

data/README

@@ -133,4 +133,7 @@ list, please point out.
 * Tim Hermans: A bug report.
 * Joe Francis: A suggestion.
 * Tiago Fernandes: Bug reports.
-* achemze. A suggestion.
+* achemze: A suggestion.
+* George Montana Harkin: A suggestion.
+* Marc Dequènes: Bug reports.
+* brad@lucky-dip.net: A bug report.

data/Rakefile

@@ -65,7 +65,7 @@ project = Hoe.spec('activeldap') do
   self.changes = self.paragraphs_of('CHANGES', 1..2).join("\n\n")
   self.extra_deps = [
                      # ['ruby-ldap', '= 0.9.9'],
-                     ['activerecord', '= 2.3.2'],
+                     ['activerecord', '= 2.3.4'],
                      ['locale', '= 2.0.4'],
                      ['gettext', '= 2.0.4'],
                      ['gettext_activerecord', '= 2.0.4'],

data/TODO

@@ -1,6 +1,5 @@
-- [1.1.1] add :readonly option to :has_many.
+- [1.1.x] add :readonly option to :has_many.
 - Work as framework on Rails.
-- [1.1.x] ActiveLdap::Base#dn returns ActiveLdap::DN. [#23932] [Marc Dequènes]
 - How to support dSCorePropagationData? ignore it?
   all systemOnly == "TRUE" attribute can be ignored?
 - Add parsing position to DistinguishedNameInvalid error like

data/examples/al-admin/app/models/user.rb

@@ -82,7 +82,7 @@ class User < ActiveRecord::Base
     else
       begin
         ldap_user = LdapUser.find(login)
-        self.dn = ldap_user.dn
+        self.dn = ldap_user.dn.to_s
       rescue ActiveLdap::EntryNotFound
         self.dn = nil
       end

data/examples/al-admin/config/boot.rb

@@ -82,8 +82,8 @@ module Rails
       end
 
       def load_rubygems
+        min_version = '1.3.2'
         require 'rubygems'
-        min_version = '1.3.1'
         unless rubygems_version >= min_version
           $stderr.puts %Q(Rails requires RubyGems >= #{min_version} (you have #{rubygems_version}). Please `gem update --system` and try again.)
           exit 1

data/examples/al-admin/config/environment.rb

@@ -5,7 +5,7 @@
 # ENV['RAILS_ENV'] ||= 'production'
 
 # Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '2.3.2' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.3.4' unless defined? RAILS_GEM_VERSION
 
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')
@@ -55,20 +55,6 @@ Rails::Initializer.run do |config|
   # config.i18n.load_path << Dir[File.join(RAILS_ROOT, 'my', 'locales', '*.{rb,yml}')]
   # config.i18n.default_locale = :de
 
-  # Your secret key for verifying cookie session data integrity.
-  # If you change this key, all old sessions will become invalid!
-  # Make sure the secret is at least 30 characters and all random, 
-  # no regular words or you'll be exposed to dictionary attacks.
-  config.action_controller.session = {
-    :session_key => '_al_admin_session',
-    :secret      => '581ed74d26a88caa7cb2ff6d0ea0f0aeea1a49f98641ee6d3e7ba1dfcf6154e26cd2b3f9636c9cc02ed8139a4f74c64fdb529a53dcfd1b7ff7aa763f91083aad'
-  }
-
-  # Use the database for sessions instead of the cookie-based default,
-  # which shouldn't be used to store highly confidential information
-  # (create the session table with "rake db:sessions:create")
-  # config.action_controller.session_store = :active_record_store
-
   # Use SQL instead of Active Record's schema dumper when creating the test database.
   # This is necessary if your schema can't be completely dumped by the schema dumper,
   # like if you have constraints or database-specific column types

data/examples/al-admin/config/initializers/session_store.rb

@@ -0,0 +1,23 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random, 
+# no regular words or you'll be exposed to dictionary attacks.
+session_secret_file = File.join(RAILS_ROOT, "config", "session_secret.txt")
+unless File.exist?(session_secret_file)
+  File.open(session_secret_file, "w") do |file|
+    file.puts(ActiveSupport::SecureRandom.hex(64))
+  end
+end
+session_secret = File.read(session_secret_file).strip
+
+ActionController::Base.session = {
+  :key         => '_al_admin_session',
+  :secret      => session_secret,
+}
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store

data/examples/al-admin/config/session_secret.txt

@@ -0,0 +1 @@
+455ed531e0b1f453d98bdf1bffc9941d659ae54b8ed7506fa63edab05c04516f8888540d4ef6870fa660fe525668f59ebfcc2408446f17e57fa41243e6edb0c6

data/examples/al-admin/db/schema.rb

@@ -0,0 +1,23 @@
+# This file is auto-generated from the current state of the database. Instead of editing this file, 
+# please use the migrations feature of Active Record to incrementally modify your database, and
+# then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your database schema. If you need
+# to create the application database on another system, you should be using db:schema:load, not running
+# all the migrations from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 1) do
+
+  create_table "users", :force => true do |t|
+    t.string   "login"
+    t.string   "dn"
+    t.datetime "updated_at"
+    t.string   "salt"
+    t.string   "remember_token"
+    t.datetime "remember_token_expires_at"
+  end
+
+end

data/lib/active_ldap.rb

@@ -901,7 +901,7 @@ require_gem_if_need = Proc.new do |library_name, gem_name, *gem_args|
   end
 end
 
-require_gem_if_need.call("active_support", "activesupport", "= 2.3.2")
+require_gem_if_need.call("active_support", "activesupport", "= 2.3.4")
 
 if ActiveSupport.const_defined?(:Dependencies)
   dependencies = ActiveSupport::Dependencies
@@ -914,7 +914,7 @@ if dependencies.respond_to?(:load_paths)
 end
 
 module ActiveLdap
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
 end
 
 if RUBY_PLATFORM.match('linux')
@@ -923,7 +923,7 @@ else
   require 'active_ldap/timeout_stub'
 end
 
-require_gem_if_need.call("active_record", "activerecord", "= 2.3.2")
+require_gem_if_need.call("active_record", "activerecord", "= 2.3.4")
 begin
   require_gem_if_need.call("locale", nil, "= 2.0.4")
   require_gem_if_need.call("gettext", nil, "= 2.0.4")

data/lib/active_ldap/acts/tree.rb

@@ -55,7 +55,7 @@ module ActiveLdap
       end
 
       def parent=(entry)
-        if entry.is_a?(String)
+        if entry.is_a?(String) or entry.is_a?(DN)
           base = entry
         elsif entry.respond_to?(:dn)
           base = entry.dn

data/lib/active_ldap/adapter/base.rb

@@ -139,6 +139,10 @@ module ActiveLdap
         end
       end
 
+      def naming_contexts
+        root_dse_values('namingContexts')
+      end
+
       def entry_attribute(object_classes)
         @entry_attributes[object_classes.uniq.sort] ||=
           EntryAttribute.new(schema, object_classes)
@@ -615,7 +619,11 @@ module ActiveLdap
       def root_dse_values(key, options={})
         dse = root_dse([key], options)[0]
         return [] if dse.nil?
-        dse[key] || dse[key.downcase] || []
+        normalized_key = key.downcase
+        dse.each do |_key, _value|
+          return _value if _key.downcase == normalized_key
+        end
+        []
       end
 
       def root_dse(attrs, options={})

data/lib/active_ldap/adapter/ldap.rb

@@ -158,9 +158,15 @@ module ActiveLdap
 
       def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
         super do |_dn, _new_rdn, _delete_old_rdn, _new_superior|
+          if _new_superior
+            raise NotImplemented.new(_("modify RDN with new superior"))
+          end
           info = {
             :name => "modify: RDN",
-            :dn => _dn, :new_rdn => _new_rdn, :delete_old_rdn => _delete_old_rdn
+            :dn => _dn,
+            :new_rdn => _new_rdn,
+            :new_superior => _new_superior,
+            :delete_old_rdn => _delete_old_rdn
           }
           execute(:modrdn, info, _dn, _new_rdn, _delete_old_rdn)
         end

data/lib/active_ldap/association/belongs_to_many.rb

@@ -10,7 +10,9 @@ module ActiveLdap
         if primary_key_name == "dn"
           old_value = dn_values_to_string_values(old_value)
         end
-        new_value = old_value + @owner[primary_key_name, true]
+        current_value = @owner[primary_key_name, true]
+        current_value = dn_values_to_string_values(current_value)
+        new_value = old_value + current_value
         new_value = new_value.uniq.sort
         if old_value != new_value
           entry[@options[:many]] = new_value
@@ -25,7 +27,9 @@ module ActiveLdap
           if primary_key_name == "dn"
             old_value = dn_values_to_string_values(old_value)
           end
-          new_value = old_value - @owner[primary_key_name, true]
+          current_value = @owner[primary_key_name, true]
+          current_value = dn_values_to_string_values(current_value)
+          new_value = old_value - current_value
           new_value = new_value.uniq.sort
           if old_value != new_value
             entry[@options[:many]] = new_value

data/lib/active_ldap/association/children.rb

@@ -5,7 +5,7 @@ module ActiveLdap
     class Children < Collection
       private
       def insert_entry(entry)
-        entry.dn = [entry.id, @owner.dn].join(",")
+        entry.dn = [entry.id, @owner.dn.to_s].join(",")
         entry.save
       end
 

data/lib/active_ldap/association/has_many_utils.rb

@@ -14,9 +14,9 @@ module ActiveLdap
         elsif foreign_base_key == "dn"
           requested_targets = requested_targets.collect do |target|
             if target.is_a?(DN)
-              target.to_s
-            else
               target
+            else
+              DN.parse(target)
             end
           end
           targets = []

data/lib/active_ldap/association/has_many_wrap.rb

@@ -13,7 +13,9 @@ module ActiveLdap
         if _primary_key == "dn"
           old_value = dn_values_to_string_values(old_value)
         end
-        new_value = (old_value + entry[_primary_key, true]).uniq.sort
+        current_value = entry[_primary_key, true]
+        current_value = dn_values_to_string_values(current_value)
+        new_value = (old_value + current_value).uniq.sort
         if old_value != new_value
           @owner[@options[:wrap]] = new_value
           @owner.save
@@ -26,7 +28,9 @@ module ActiveLdap
         if _primary_key == "dn"
           old_value = dn_values_to_string_values(old_value)
         end
-        new_value = old_value - entries.collect {|entry| entry[_primary_key]}
+        current_value = entries.collect {|entry| entry[_primary_key]}
+        current_value = dn_values_to_string_values(current_value)
+        new_value = old_value - current_value
         new_value = new_value.uniq.sort
         if old_value != new_value
           @owner[@options[:wrap]] = new_value

data/lib/active_ldap/attributes.rb

@@ -105,7 +105,11 @@ module ActiveLdap
               result[new_name].concat(real_value)
             else
               result[name] ||= []
-              result[name] << value.dup
+              if value.is_a?(DN)
+                result[name] << value.to_s
+              else
+                result[name] << value.dup
+              end
             end
           end
         end

data/lib/active_ldap/base.rb

@@ -259,6 +259,14 @@ module ActiveLdap
     end
   end
 
+  class NotImplemented < Error
+    attr_reader :target
+    def initialize(target)
+      @target = target
+      super(_("not implemented: %s") % @target)
+    end
+  end
+
   # Base
   #
   # Base is the primary class which contains all of the core
@@ -313,7 +321,7 @@ module ActiveLdap
       end
     end
 
-    class_local_attr_accessor false, :prefix, :base
+    class_local_attr_accessor false, :inheritable_prefix, :inheritable_base
     class_local_attr_accessor true, :dn_attribute, :scope, :sort_by, :order
     class_local_attr_accessor true, :required_classes, :recommended_classes
     class_local_attr_accessor true, :excluded_classes
@@ -412,7 +420,6 @@ module ActiveLdap
         public_class_method :new
       end
 
-      alias_method :base_inheritable, :base
       # Base.base
       #
       # This method when included into Base provides
@@ -424,22 +431,23 @@ module ActiveLdap
       # configuration.rb into this class.
       # When subclassing, the specified prefix will be concatenated.
       def base
-        _base = base_inheritable
-        _base = configuration[:base] if _base.nil? and configuration
-        _base ||= base_inheritable(true)
-        [prefix, _base].find_all do |component|
-          !component.blank?
-        end.join(",")
+        @base ||= compute_base
       end
+      alias_method :parsed_base, :base # for backward compatibility
 
-      alias_method :base_without_parsed_cache_clear=, :base=
       def base=(value)
-        self.base_without_parsed_cache_clear = value
-        @parsed_base = nil
+        self.inheritable_base = value
+        @base = nil
       end
 
-      def parsed_base
-        @parsed_base ||= DN.parse(base)
+      def prefix
+        @prefix ||= inheritable_prefix and DN.parse(inheritable_prefix)
+      end
+
+      def prefix=(value)
+        self.inheritable_prefix = value
+        @prefix = nil
+        @base = nil
       end
 
       alias_method :scope_without_validation=, :scope=
@@ -473,17 +481,23 @@ module ActiveLdap
         elsif abstract_class?
           "#{super}(abstract)"
         else
-          class_names = []
-          must = []
-          may = []
-          class_names = classes.collect do |object_class|
-            must.concat(object_class.must)
-            may.concat(object_class.may)
-            object_class.name
+          detail = nil
+          begin
+            must = []
+            may = []
+            class_names = classes.collect do |object_class|
+              must.concat(object_class.must)
+              may.concat(object_class.may)
+              object_class.name
+            end
+            detail = ["objectClass:<#{class_names.join(', ')}>",
+                      "must:<#{inspect_attributes(must)}>",
+                      "may:<#{inspect_attributes(may)}>"].join(", ")
+          rescue ActiveLdap::ConnectionNotSetup
+            detail = "not-connected"
+          rescue ActiveLdap::Error
+            detail = "connection-failure"
           end
-          detail = ["objectClass:<#{class_names.join(', ')}>",
-                    "must:<#{inspect_attributes(must)}>",
-                    "may:<#{inspect_attributes(may)}>"].join(", ")
           "#{super}(#{detail})"
         end
       end
@@ -615,6 +629,28 @@ module ActiveLdap
           "ou=#{name.demodulize.pluralize}"
         end
       end
+
+      def compute_base
+        _base = inheritable_base
+        _base = configuration[:base] if _base.nil? and configuration
+        if _base.nil?
+          target = superclass
+          loop do
+            break unless target.respond_to?(:base)
+            _base = target.base
+            break if _base
+            target = target.superclass
+          end
+        end
+        _prefix = prefix
+
+        _base ||= connection.naming_contexts.first
+        return _prefix if _base.blank?
+
+        _base = DN.parse(_base)
+        _base = _prefix + _base if _prefix
+        _base
+      end
     end
 
     self.scope = :sub
@@ -763,12 +799,8 @@ module ActiveLdap
     #
     # Delete this entry from LDAP
     def destroy
-      begin
-        self.class.delete(dn)
-        @new_entry = true
-      rescue Error
-        raise DeleteError.new(_("Failed to delete LDAP entry: %s") % dn)
-      end
+      self.class.delete(dn)
+      @new_entry = true
     end
 
     def delete(options={})
@@ -844,9 +876,9 @@ module ActiveLdap
       return true if super
 
       name = name.to_s
-      return true if have_attribute?(name)
+      return true if have_attribute?(name, ["objectClass"])
       return false if /(?:=|\?|_before_type_cast)$/ !~ name
-      have_attribute?($PREMATCH)
+      have_attribute?($PREMATCH, ["objectClass"])
     end
 
     # Updates a given attribute and saves immediately
@@ -870,7 +902,7 @@ module ActiveLdap
     # This returns the key value pairs in @data with all values
     # cloned
     def attributes
-      Marshal.load(Marshal.dump(@data))
+      @data.clone
     end
 
     # This allows a bulk update to the attributes of a record
@@ -1006,18 +1038,15 @@ module ActiveLdap
       @schema ||= super
     end
 
-    alias_method :base_of_class, :base
     def base
-      ensure_update_dn
-      [@base, base_of_class].find_all do |component|
-        not component.blank?
-      end.join(",")
+      @base ||= compute_base
     end
 
     def base=(object_local_base)
       ensure_update_dn
       @dn = nil
-      @base = object_local_base
+      @base = nil
+      @base_value = object_local_base
     end
 
     alias_method :scope_of_class, :scope
@@ -1030,6 +1059,14 @@ module ActiveLdap
       @scope = scope
     end
 
+    def delete_all(options={})
+      super({:base => dn}.merge(options || {}))
+    end
+
+    def destroy_all(options={})
+      super({:base => dn}.merge(options || {}))
+    end
+
     def inspect
       object_classes = entry_attribute.object_classes
       inspected_object_classes = object_classes.collect do |object_class|
@@ -1106,7 +1143,10 @@ module ActiveLdap
       init_base
       dn = Compatible.convert_to_utf8_encoded_object(dn)
       attributes = Compatible.convert_to_utf8_encoded_object(attributes)
+      @original_dn = dn.clone
       @dn = dn
+      @base = nil
+      @base_value = nil
       @new_entry = false
       @dn_is_base = false
       @ldap_data = attributes
@@ -1259,6 +1299,7 @@ module ActiveLdap
       if new_name.nil? and new_value.nil?
         @dn_is_base = true
         @base = nil
+        @base_value = nil
         attr, value = bases[0].to_a[0]
         @dn_attribute = attr
       else
@@ -1271,10 +1312,11 @@ module ActiveLdap
         new_bases = bases.empty? ? nil : DN.new(*bases).to_s
         dn_components = ["#{new_name}=#{new_value}",
                          new_bases,
-                         base_of_class]
+                         self.class.base.to_s]
         dn_components = dn_components.find_all {|component| !component.blank?}
         DN.parse(dn_components.join(','))
-        @base = new_bases
+        @base = nil
+        @base_value = new_bases
         @dn_attribute = new_name
       end
     end
@@ -1294,7 +1336,9 @@ module ActiveLdap
 
       val = bases = nil
       begin
-        relative_dn_value = dn_value - self.class.parsed_base
+        relative_dn_value = dn_value
+        base_of_class = self.class.base
+        relative_dn_value -= base_of_class if base_of_class
         if relative_dn_value.rdns.empty?
           val = []
           bases = dn_value.rdns
@@ -1328,7 +1372,7 @@ module ActiveLdap
       end
     end
 
-    def compute_dn(escape_dn_value=false)
+    def compute_dn
       return base if @dn_is_base
 
       ensure_update_dn
@@ -1338,14 +1382,21 @@ module ActiveLdap
         message = format % [self.inspect, dn_attribute]
         raise DistinguishedNameNotSetError.new, message
       end
-      dn_value = DN.escape_value(dn_value.to_s) if escape_dn_value
+      dn_value = DN.escape_value(dn_value.to_s)
       _base = base
       _base = nil if _base.blank?
-      ["#{dn_attribute}=#{dn_value}", _base].compact.join(",")
+      DN.parse(["#{dn_attribute}=#{dn_value}", _base].compact.join(","))
     end
 
-    def escaped_dn
-      compute_dn(true)
+    def compute_base
+      base_of_class = self.class.base
+      if @base_value.nil?
+        base_of_class
+      else
+        base_of_object = DN.parse(@base_value)
+        base_of_object += base_of_class if base_of_class
+        base_of_object
+      end
     end
 
     # array_of
@@ -1393,7 +1444,11 @@ module ActiveLdap
     end
 
     def collect_modified_attributes(ldap_data, data)
+      klass = self.class
+      _dn_attribute = dn_attribute
+      new_dn_value = nil
       attributes = []
+
       # Now that all the options will be treated as unique attributes
       # we can see what's changed and add anything that is brand-spankin'
       # new.
@@ -1402,23 +1457,26 @@ module ActiveLdap
 
         next if v == value
 
-        x = value
-        value = self.class.remove_blank_value(value) || []
+        value = klass.remove_blank_value(value) || []
         next if v == value
 
-        if self.class.blank_value?(value) and
+        if klass.blank_value?(value) and
             schema.attribute(k).binary_required?
           value = [{'binary' => []}]
         end
-        attributes.push([:replace, k, value])
+        if k == _dn_attribute
+          new_dn_value = value[0]
+        else
+          attributes.push([:replace, k, value])
+        end
       end
+
       data.each do |k, v|
         value = v || []
         next if ldap_data.has_key?(k)
 
-        value = self.class.remove_blank_value(value) || []
-        next if self.class.blank_value?(value)
-
+        value = klass.remove_blank_value(value) || []
+        next if klass.blank_value?(value)
 
         # Detect subtypes and account for them
         # REPLACE will function like ADD, but doesn't hit EQUALITY problems
@@ -1426,7 +1484,7 @@ module ActiveLdap
         attributes.push([:replace, k, value])
       end
 
-      attributes
+      [new_dn_value, attributes]
     end
 
     def collect_all_attributes(data)
@@ -1460,18 +1518,21 @@ module ActiveLdap
       ldap_data = normalize_data(@ldap_data)
 
       # Expand subtypes to real data attributes, but leave @data alone
-      bad_attrs = @data.keys - attribute_names
+      original_attributes =
+        connection.entry_attribute(@ldap_data["objectClass"] || []).names
+      bad_attrs = original_attributes - entry_attribute.names
       data = normalize_data(@data, bad_attrs)
 
       success = yield(data, ldap_data)
 
       if success
-        @ldap_data = Marshal.load(Marshal.dump(data))
+        @ldap_data = data.clone
         # Delete items disallowed by objectclasses.
         # They should have been removed from ldap.
         bad_attrs.each do |remove_me|
           @ldap_data.delete(remove_me)
         end
+        @original_dn = dn.clone
       end
 
       success
@@ -1480,7 +1541,7 @@ module ActiveLdap
     def create
       prepare_data_for_saving do |data, ldap_data|
         attributes = collect_all_attributes(data)
-        add_entry(escaped_dn, attributes)
+        add_entry(dn, attributes)
         @new_entry = false
         true
       end
@@ -1488,8 +1549,21 @@ module ActiveLdap
 
     def update
       prepare_data_for_saving do |data, ldap_data|
-        attributes = collect_modified_attributes(ldap_data, data)
-        modify_entry(escaped_dn, attributes)
+        new_dn_value, attributes = collect_modified_attributes(ldap_data, data)
+        modify_entry(@original_dn, attributes)
+        if new_dn_value
+          old_dn_base = DN.parse(@original_dn).parent
+          new_dn_base = dn.clone.parent
+          if old_dn_base == new_dn_base
+            new_superior = nil
+          else
+            new_superior = new_dn_base
+          end
+          modify_rdn_entry(@original_dn,
+                           "#{dn_attribute}=#{DN.escape_value(new_dn_value)}",
+                           true,
+                           new_superior)
+        end
         true
       end
     end