activeldap 5.2.1 → 5.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 952ff57b69e61432c8d7558c5d7174c1b1624887d334af0dce219f81c3c96994
4
- data.tar.gz: ea21da7bf86e6a8f0a71e95177cb8d2edaf6f7900700a2416c2d2c89438531e3
3
+ metadata.gz: 6d6b5227689af0fea86d9e29d3fc76165038dafb71ff7962780647b83f5d973c
4
+ data.tar.gz: 3a645873ff56846dab7e85adc7cc1a99b4e904b72f2e28fb61297e4a5e70add2
5
5
  SHA512:
6
- metadata.gz: 3b52b40daf56db823378e77216af2a6673c35dd8f9d5167d01cbe1a94112aec66bb41af3367992b9f03ca48480d3e58a9a64de3d3380d4ce198937834bf78b4b
7
- data.tar.gz: 4437b9bdb39f9258e50e0b5527e58b82b5241b49223df5c296e046b6841028a05076bbfa6c7033f83eb42234f58106a08e06d0491d8146a934a95c5a72fbe349
6
+ metadata.gz: 2eeacfd5b6f4d6e109299b1a59efd19a154845b11d192611575e95ce7c9585c68b366bf2844cb800474377b0efe83e4a5c9fac6a4b7c366c9222537300d88eb9
7
+ data.tar.gz: 7aaf91753784bd19d10ef86e8b720785c96b0ba8e5b7c072cb0e6f88a31d4f458525dc23d610d7ab679d1389e5db87d1cfc9f189f2cf48d7cb2ebdb1faab3974
@@ -1,5 +1,16 @@
1
1
  h1. News
2
2
 
3
+ h2(#release-5-2-2). 5.2.2: 2018-07-12
4
+
5
+ h3. Improvements
6
+
7
+ * Added @:tls_options@ option.
8
+ [GitHub#156][Patch by David Klotz]
9
+
10
+ h3. Thanks
11
+
12
+ * David Klotz
13
+
3
14
  h2(#release-5-2-1). 5.2.1: 2018-06-13
4
15
 
5
16
  h3. Fixes
@@ -14,6 +14,7 @@ module ActiveLdap
14
14
  :host,
15
15
  :port,
16
16
  :method,
17
+ :tls_options,
17
18
  :timeout,
18
19
  :retry_on_timeout,
19
20
  :retry_limit,
@@ -24,7 +24,7 @@ module ActiveLdap
24
24
  end
25
25
 
26
26
  class SSL < Base
27
- def connect(host, port)
27
+ def connect(host, port, options={})
28
28
  LDAP::SSLConn.new(host, port, false)
29
29
  end
30
30
 
@@ -34,8 +34,35 @@ module ActiveLdap
34
34
  end
35
35
 
36
36
  class TLS < Base
37
- def connect(host, port)
38
- LDAP::SSLConn.new(host, port, true)
37
+ def connect(host, port, options={})
38
+ connection = LDAP::Conn.new(host, port)
39
+ if connection.get_option(LDAP::LDAP_OPT_PROTOCOL_VERSION) < 3
40
+ connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
41
+ end
42
+ tls_options = options[:tls_options]
43
+ if tls_options and LDAP.const_defined?(:LDAP_OPT_X_TLS_NEWCTX)
44
+ tls_options.each do |key, value|
45
+ case key
46
+ when :verify_mode
47
+ case value
48
+ when :none, OpenSSL::SSL::SSL_VERIFY_NONE
49
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
50
+ LDAP::LDAP_OPT_X_TLS_NEVER)
51
+ when :peer, OpenSSL::SSL::SSL_VERIFY_PEER
52
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
53
+ LDAP::LDAP_OPT_X_TLS_DEMAND)
54
+ end
55
+ when :verify_hostname
56
+ unless value
57
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT,
58
+ LDAP::LDAP_OPT_X_TLS_ALLOW)
59
+ end
60
+ end
61
+ end
62
+ connection.set_option(LDAP::LDAP_OPT_X_TLS_NEWCTX, 0)
63
+ end
64
+ connection.start_tls
65
+ connection
39
66
  end
40
67
 
41
68
  def start_tls?
@@ -44,7 +71,7 @@ module ActiveLdap
44
71
  end
45
72
 
46
73
  class Plain < Base
47
- def connect(host, port)
74
+ def connect(host, port, options={})
48
75
  LDAP::Conn.new(host, port)
49
76
  end
50
77
  end
@@ -54,9 +81,13 @@ module ActiveLdap
54
81
  super do |host, port, method|
55
82
  uri = construct_uri(host, port, method.ssl?)
56
83
  with_start_tls = method.start_tls?
57
- info = {:uri => uri, :with_start_tls => with_start_tls}
84
+ info = {
85
+ :uri => uri,
86
+ :with_start_tls => with_start_tls,
87
+ :tls_options => @tls_options,
88
+ }
58
89
  connection = log("connect", info) do
59
- method.connect(host, port)
90
+ method.connect(host, port, :tls_options => @tls_options)
60
91
  end
61
92
  [connection, uri, with_start_tls]
62
93
  end
@@ -26,7 +26,10 @@ module ActiveLdap
26
26
  :host => host,
27
27
  :port => port,
28
28
  }
29
- config[:encryption] = {:method => method} if method
29
+ if method
30
+ config[:encryption] = { :method => method }
31
+ config[:encryption][:tls_options] = @tls_options if @tls_options
32
+ end
30
33
  begin
31
34
  uri = construct_uri(host, port, method == :simple_tls)
32
35
  with_start_tls = method == :start_tls
@@ -27,6 +27,7 @@ module ActiveLdap
27
27
  DEFAULT_CONFIG[:host] = '127.0.0.1'
28
28
  DEFAULT_CONFIG[:port] = nil
29
29
  DEFAULT_CONFIG[:method] = :plain # :ssl, :tls, :plain allowed
30
+ DEFAULT_CONFIG[:tls_options] = nil
30
31
 
31
32
  DEFAULT_CONFIG[:bind_dn] = nil
32
33
  DEFAULT_CONFIG[:password_block] = nil
@@ -1,3 +1,3 @@
1
1
  module ActiveLdap
2
- VERSION = "5.2.1"
2
+ VERSION = "5.2.2"
3
3
  end
@@ -1,5 +1,5 @@
1
- # Your LDAP server need to accept 'phonetic' attribute option for test.
2
- # This is a LDIF file for OpenLDAP to do the confiugration.
1
+ # Your LDAP server needs to accept 'phonetic' attribute option for test.
2
+ # This is a LDIF file for OpenLDAP to do the configuration.
3
3
  # You can use this file by the following command linne on Debian GNU/Linux
4
4
  # or Ubuntu:
5
5
  # % sudo -H ldapmodify -Y EXTERNAL -H ldapi:/// -f test/add-phonetic-attribute-options-to-slapd.ldif
@@ -0,0 +1,27 @@
1
+ # Your LDAP server needs to support StartTLS when you test StartTLS related
2
+ # feature. This is a LDIF file for OpenLDAP to do the configuration.
3
+ # You can use this file by the following command linne on Debian GNU/Linux
4
+ # or Ubuntu:
5
+ #
6
+ # % sudo usermod -a -G ssl-cert openldap
7
+ # % sudo systemctl restart slapd
8
+ # % sudo -H ldapmodify -Y EXTERNAL -H ldapi:/// -f test/enable-start-tls.ldif
9
+ #
10
+ # Adding the openldap user to the ssl-cert group is required to read
11
+ # certification related files.
12
+ version: 1
13
+ dn: cn=config
14
+ delete: olcTLSCACertificateFile
15
+ -
16
+ add: olcTLSCACertificateFile
17
+ olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
18
+ -
19
+ delete: olcTLSCertificateKeyFile
20
+ -
21
+ add: olcTLSCertificateKeyFile
22
+ olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
23
+ -
24
+ delete: olcTLSCertificateFile
25
+ -
26
+ add: olcTLSCertificateFile
27
+ olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activeldap
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.1
4
+ version: 5.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Will Drewry
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-06-13 00:00:00.000000000 Z
12
+ date: 2018-07-12 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activemodel
@@ -294,6 +294,7 @@ files:
294
294
  - test/al-test-utils.rb
295
295
  - test/command.rb
296
296
  - test/config.yaml.sample
297
+ - test/enable-start-tls.ldif
297
298
  - test/fixtures/lower_case_object_class_schema.rb
298
299
  - test/run-test.rb
299
300
  - test/test_acts_as_tree.rb
@@ -368,6 +369,7 @@ test_files:
368
369
  - test/al-test-utils.rb
369
370
  - test/command.rb
370
371
  - test/config.yaml.sample
372
+ - test/enable-start-tls.ldif
371
373
  - test/fixtures/lower_case_object_class_schema.rb
372
374
  - test/run-test.rb
373
375
  - test/test_acts_as_tree.rb