arldap 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in arldap.gemspec
+gemspec

data/README

@@ -0,0 +1,45 @@
+arldap
+=========================
+
+This is an implementation of an LDAP server which uses active record as the data source.
+The server is read-only, and can serve information from any AR model that implements the
+#search(string) class method and the #to_ldap_entry instance method.
+
+To test, point your addressbook (ie: Outlook, Thunderbird or OS X Address Book) at the server and run a search.
+
+Example AR class:
+
+class Person < ActiveRecord::Base
+  def fullname
+    "#{firstname} #{lastname}"
+  end
+  
+  def to_ldap_entry
+  {	
+    "objectclass"     => ["top", "person", "organizationalPerson", "inetOrgPerson", "mozillaOrgPerson"],
+    "uid"             => ["tbotter-#{id}"],
+    "sn"              => [lastname],
+    "givenName"       => [firstname],
+    "cn"              => [fullname],
+    "title"           => [title],
+    "o"               => [company], 
+    "mail"            => [email],
+    "telephonenumber" => [work_phone], 
+    "homephone"       => [home_phone],
+    "fax"             => [fax],
+    "mobile"          => [mobile],
+    "street"          => [address],
+    "l"               => [city],
+    "st"              => [state], 
+    "postalcode"      => [zip], 
+  }
+  end
+
+  def self.search(query)
+    Person.find(:all, 
+                :conditions => ["(email LIKE ?) OR (firstname LIKE ?) OR (lastname LIKE ?)", 
+                                "#{query}%", "#{query}%", "#{query}%"])
+  end
+end
+
+

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/arldap.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "arldap/version"
+
+Gem::Specification.new do |s|
+  s.name        = "arldap"
+  s.version     = Arldap::VERSION
+  s.authors     = ["Jody Alkema", "Shane Davies"]
+  s.email       = ["jody@alkema.ca", "shane@domain7.com"]
+  s.homepage    = ""
+  s.summary     = %q{Active Record LDAP}
+  s.description = %q{Provide an LDAP search interface to an ActiveRecord model in a Rails 3 project}
+
+  s.rubyforge_project = "arldap"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # s.add_development_dependency "rspec"
+  s.add_runtime_dependency "ruby-ldapserver"
+end

data/bin/arldap

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+require 'arldap/server'
+
+case ARGV[0]
+  when "start":    Server.new(ARGV[1]).start
+  when "stop":     Server.new(ARGV[1]).stop
+  when "restart":  Server.new(ARGV[1]).restart
+  else puts "Usage: #{File.basename(__FILE__)} {start|stop|restart} [config file]"
+end

data/lib/arldap.rb

@@ -0,0 +1,3 @@
+module Arldap
+  VERSION = "0.0.1"  
+end

data/lib/arldap/active_record_operation.rb

@@ -0,0 +1,131 @@
+#!/usr/bin/env ruby
+require "ruby-ldapserver-0.3/lib/ldap/server"
+
+class ActiveRecordOperation < LDAP::Server::Operation
+  attr_accessor :schema, :server, :attributes, :connection
+  
+  def initialize(connection, messageID, config, ar_class, logger)
+    @config, @ar_class, @logger = config, ar_class, logger
+    @logger.debug "Received connection request (#{messageID})."
+    @connection = connection
+    super(connection, messageID)
+  end
+ 
+  def simple_bind(version, dn, password)
+    @logger.debug "config password"
+    @logger.debug @config[:password]
+    @logger.debug "config password class"
+    @logger.debug @config[:password].class
+    @logger.debug "passed password"
+    @logger.debug password
+    @logger.debug "passed password class"
+    @logger.debug password.class
+    
+    @connection.opt[:authentic] = password == @config[:password]
+    if @connection.opt[:authentic]
+      @logger.info  "simple_bind authentic: #{@connection.opt[:authentic]}"
+    else
+      @logger.info  "simple_bind not authentic: #{@connection.opt[:authentic]}"
+    end
+  end
+  
+  def search(basedn, scope, deref, filter)
+    if @connection.opt[:authentic]
+      @logger.info "Valid credentials: #{@connection.opt[:authentic]}"
+    else
+      @logger.info "Invalid credentials"
+      raise LDAP::ResultError::InvalidCredentials, "Invalid credentials: #{@connection.opt[:authentic]}"
+    end
+
+    # This is needed to force the ruby ldap server to return our parameters, 
+    # even though the client didn't explicitly ask for them
+    @attributes << "*"
+    if basedn != @config[:basedn]
+      @logger.info "Denying request with missmatched basedn (wanted \"#{@config[:basedn]}\", but got \"#{basedn}\")"
+      raise LDAP::ResultError::UnwillingToPerform, "Bad base DN"
+    end
+
+    if scope == LDAP::Server::BaseObject
+      @logger.info "Denying request for BaseObject: #{filter.inspect}"
+      raise LDAP::ResultError::UnwillingToPerform, "BaseObject not implemented: #{filter}"
+    end
+
+    query_string = parse_filter(filter)
+    
+    @logger.debug "Running #{@ar_class.name}.ldap_search(\"#{query_string}\")"
+    
+    begin
+      @records = @ar_class.ldap_search(query_string)
+    rescue Exception => e
+      @logger.error "ERROR running #{@ar_class.name}.ldap_search(#{query_string}): #{e}"
+      # raise LDAP::ResultError::OperationsError, "Error encountered during processing: #{e}."
+    end 
+
+    @logger.info "Returning #{@records.size} records matching \"#{query_string}\"."
+    
+    @records.each do |record| 
+      begin
+        ret = record.to_ldap_entry
+      rescue
+        @logger.error "ERROR converting AR instance to ldap entry: #{$!}"
+        raise LDAP::ResultError::OperationsError, "Error encountered during processing."
+      end
+      
+      ret_basedn = "uid=#{ret["uid"]},#{@config[:basedn]}"
+      @logger.debug "Sending #{ret_basedn} - #{ret.inspect}" 
+      send_SearchResultEntry(ret_basedn, ret)
+    end
+  end
+  
+  def parse_filter(filter)
+    # format of mozilla and OS X address book searches are always this: 
+    # [:or, [:substrings, "mail",      nil, nil, "XXX", nil], 
+    #       [:substrings, "cn",        nil, nil, "XXX", nil], 
+    #       [:substrings, "givenName", nil, nil, "XXX", nil], 
+    #       [:substrings, "sn",        nil, nil, "XXX", nil]]
+    # (with the order of the subgroups maybe turned around)
+    ##
+    # [:or, [:substrings, "givenname", nil, "j", nil], 
+    # [:substrings, "sn", nil, "j", nil], 
+    # [:substrings, "mail", nil, "j", nil], 
+    # [:substrings, "cn", nil, "j", nil]]
+
+    @logger.info filter
+
+    unless filter
+      @logger.info "Denying complex query (error 1): #{filter.inspect}"
+      raise LDAP::ResultError::UnwillingToPerform, "This query is way too complex: #{filter.inspect}"
+    end
+
+    if filter[0] != :or
+      @logger.info "Denying complex query (error 1): #{filter.inspect}"
+      raise LDAP::ResultError::UnwillingToPerform, "This query is way too complex: #{filter.inspect}"
+    end
+
+    query = filter[1]
+
+    if !(query.length > 3)
+      @logger.info "Denying complex query (error 2): #{filter.inspect}"
+      raise LDAP::ResultError::UnwillingToPerform, "This query is way too complex: #{filter.inspect}"      
+    end
+    
+    if !query[1]
+      @logger.info "Refusing to respond to blank query string: #{filter.inspect}."
+      raise LDAP::ResultError::UnwillingToPerform, "Refusing to respond to blank query string: #{filter.inspect}"
+    end
+
+    if !(%w{mail cn givenname sn}.include? query[1].downcase)
+      @logger.info "Denying complex query (error 3): #{filter.inspect}"
+      raise LDAP::ResultError::UnwillingToPerform, "This query is way too complex: #{filter.inspect}"      
+    end
+    
+    query_string = query[2..-1].compact.first # We're just going to take the first non-nil element as the search string
+    
+    if !query_string
+      @logger.info "Refusing to respond to blank query string: #{filter.inspect}."
+      raise LDAP::ResultError::UnwillingToPerform, "Refusing to respond to blank query string: #{filter.inspect}"
+    end
+    
+    query_string
+  end
+end

data/lib/arldap/daemon.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+
+class Logger
+  attr_accessor :logdev
+end
+
+module Daemon
+  def daemonize(logger = nil)
+    # This causes the grandchild process to be orphaned, 
+    # so the init process is responsible for cleaning it up.
+    Kernel.fork and Kernel.exit
+    Process.setsid
+    Kernel.fork and Kernel.exit
+
+    File.umask 0
+    Dir.chdir '/'
+
+    ObjectSpace.each_object(IO) do |io|
+      unless (logger and logger.logdev.dev == io)
+        io.close rescue nil
+      end
+    end
+
+    STDIN.reopen( '/dev/null')
+    STDOUT.reopen('/dev/null', 'a')
+    STDERR.reopen('/dev/null', 'a')
+  end
+end

data/lib/arldap/pid_file.rb

@@ -0,0 +1,28 @@
+require 'fileutils'
+class PidFile
+  attr_reader :file
+  def initialize(file)
+    @file = file 
+  end
+  
+  def pid
+    File.file?(@file) and IO.read(@file) 
+  end
+  
+  def remove
+    if self.pid
+      FileUtils.rm @file 
+    end
+  end
+  
+  def create
+    File.open(@file, "w") { |f| f.write($$) }
+  end
+  
+  def ensure_empty!(msg = nil)
+    if self.pid
+      puts msg if msg
+      exit 1
+    end
+  end
+end

data/lib/arldap/server.rb

@@ -0,0 +1,123 @@
+$:.unshift File.join(File.dirname(__FILE__))
+
+%w( yaml
+    erb
+    etc
+    fileutils
+    logger
+    thread
+	ldap
+    resolv-replace
+    active_record_operation
+    pid_file
+    daemon
+).each do |lib|
+  require lib
+end
+
+class Server
+  attr_accessor :config, :logger, :pidfile
+  include Daemon
+
+  @@def_config_file_name = File.expand_path(File.join(File.dirname(__FILE__), "..", "conf", "ldap-server.yml"))
+
+  def initialize(config_file_name = nil)
+    config_file_name ||= @@def_config_file_name
+
+    @config = YAML.load(ERB.new(File.read(config_file_name)).result)
+
+    self.logger = Logger.new(@config["log_file"] || File.join(@config["rails_dir"], *%w(log ldap-server.log)))
+    self.logger.level = @config["debug"] ? Logger::DEBUG : Logger::INFO
+    self.logger.datetime_format = "%H:%M:%S"
+    self.logger.info ""
+    @config["pid_file"] ||= @config["pid_file"] || File.join(@config["rails_dir"], *%w(log ldap-server.pid))
+    @pidfile = PidFile.new(@config["pid_file"])
+  end
+
+  def become_user(username = 'nobody', chroot = false)
+    user = Etc::getpwnam(username)
+
+    Dir.chroot(user.dir) and Dir.chdir('/') if chroot
+
+    Process::initgroups(username, user.gid)
+    Process::Sys::setegid(user.gid)
+    Process::Sys::setgid(user.gid)
+    Process::Sys::setuid(user.uid)
+  end
+
+  def start
+    pidfile.ensure_empty! "ERROR: It looks like I'm already running #{@config['pid_file']}.  Not starting."
+
+    logger.info "Starting LDAP server"
+    daemonize(logger)
+
+    self.logger.info("Cannot load Rails. Exiting.") and exit 5 unless defined? RAILS_ROOT
+    @config.symbolize_keys!
+
+    logger.info "Became daemon with process id: #{$$}"
+    begin
+      pidfile.create
+    rescue Exception => e
+      logger.info "Exception caught while creating pidfile: #{e}"
+      exit
+    end
+
+    trap("TERM") do
+      logger.info("Received TERM signal.  Exiting.") if logger
+      pidfile.remove if pidfile
+      exit
+    end
+
+    begin
+      # This is to ensure thread-safety
+      # logger.debug "Setting allow_concurrency"
+      # ActiveRecord::Base.allow_concurrency = true
+    rescue Exception => e
+      logger.info "Exception caught: #{e}"
+      exit
+    end
+
+    klass = nil
+    begin
+      klass = @config[:active_record_model].constantize
+      logger.info "Access to #{klass.count} #{@config[:active_record_model]} records"
+    rescue Exception => e
+      logger.info "Exception caught while loading #{@config[:active_record_model]}: #{e}"
+      exit
+    end
+
+    s = LDAP::Server.new(
+      :port             => @config[:port],
+      :bindaddr         => @config[:bind_address],
+      :nodelay          => @config[:tcp_nodelay],
+      :listen           => @config[:prefork_threads],
+      :namingContexts   => [@config[:basedn]],
+      :user             => @config[:user],
+      :group            => @config[:group],
+      :operation_class  => ActiveRecordOperation,
+      :operation_args   => [@config, klass, logger]
+    )
+    s.run_tcpserver
+    logger.info "Listening on port #{@config[:port]}."
+
+    s.join
+  end
+
+  def stop
+    if @pidfile.pid
+      puts "Sending TERM signal to process #{@pidfile.pid}" if @config[:debug]
+      logger.info("Killing server at #{@pidfile.pid}")
+      Process.kill("TERM", @pidfile.pid.to_i)
+    else
+       puts "Can't find pid.  Are you sure I'm running?"
+     end
+  end
+
+  def restart
+    stop
+    sleep 5
+    start
+  end
+end
+
+

data/lib/arldap/version.rb

@@ -0,0 +1,3 @@
+module Arldap
+  VERSION = "0.0.1"
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: arldap
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Jody Alkema
+- Shane Davies
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-12-09 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-ldapserver
+  requirement: &21655100 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *21655100
+description: Provide an LDAP search interface to an ActiveRecord model in a Rails
+  3 project
+email:
+- jody@alkema.ca
+- shane@domain7.com
+executables:
+- arldap
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README
+- Rakefile
+- arldap.gemspec
+- bin/arldap
+- lib/arldap.rb
+- lib/arldap/active_record_operation.rb
+- lib/arldap/daemon.rb
+- lib/arldap/pid_file.rb
+- lib/arldap/server.rb
+- lib/arldap/version.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: arldap
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Active Record LDAP
+test_files: []