dm-ldap-adapter 0.2.0

data/lib/dummy_ldap_resource.rb

@@ -0,0 +1,60 @@
+require 'slf4r/logger'
+require 'ldap/digest'
+
+# dummy implementation which turns the extra ldap configuration noops
+module DataMapper
+  module Resource
+ 
+    module ClassMethods
+ 
+      include ::Slf4r::Logger
+
+      def ldap_properties(resource = nil, &block)
+        if block
+          @ldap_properties = block
+        elsif resource.instance_of? Hash
+          @ldap_properties = resource
+          logger.debug { "ldap_properties=#{@ldap_properties.inspect}" }
+        elsif resource
+          logger.debug { "ldap_properties=#{@ldap_properties.call(resource).inspect}" }
+        else
+          logger.debug { "ldap_properties=#{@ldap_properties.inspect}" }
+        end
+      end
+      
+      def treebase(resource = nil)
+        if block
+          @treebase = block
+        elsif resource.instance_of? Hash
+          @treebase = resource
+          logger.debug { "treebase=#{@treebase.inspect}" }
+        elsif resource
+          logger.debug { "treebase=#{@treebase.call(resource).inspect}" }
+        else
+          logger.debug { "treebase=#{treebase}" }
+        end
+      end
+      
+      def dn_prefix(resource = nil, &block)
+        if block
+          @dn_prefix = block
+        elsif resource.instance_of? Hash
+          @dn_prefix = resource
+          logger.debug { "dn_prefix=#{@dn_prefix.inspect}" }
+        elsif resource
+          logger.debug { "dn_prefix=#{@dn_prefix.call(resource).inspect}" }
+        else
+          logger.debug { "dn_prefix=#{dn_prefix}" }
+        end
+      end
+      
+      def multivalue_field(field = nil)
+        logger.debug { "multivalue_field = #{field}" } if field
+      end
+    end
+    
+    def authenticate(password)
+      raise "NotImplemented"
+    end
+  end
+end

data/lib/ldap/digest.rb

@@ -0,0 +1,23 @@
+module Ldap
+  class Digest
+    # method from openldap faq which produces the userPassword attribute
+    # for the ldap
+    # @param secret String the password
+    # @param salt String the salt for the password digester
+    # @return the encoded password/salt
+    def self.ssha(secret, salt)
+      require 'sha1' 
+      require 'base64' 
+      (salt.empty? ? "{SHA}": "{SSHA}") +  
+        Base64.encode64(::Digest::SHA1.digest(secret + salt) + salt).gsub(/\n/, '')
+    end
+
+    # method from openldap faq which produces the userPassword attribute
+    # for the ldap
+    # @param secret String the password
+    # @return the encoded password
+    def self.sha(secret)
+      ssha(secret, "")
+    end
+  end
+end

data/lib/ldap/ldap_facade.rb

@@ -0,0 +1,210 @@
+require "net/ldap.rb"
+module Ldap
+  class LdapFacade
+    
+    # @param config Hash for the ldap connection
+    def self.open(config)
+      Net::LDAP.open( config ) do |ldap|
+        yield ldap
+      end
+    end
+    
+    include ::Slf4r::Logger
+
+    # @param config Hash for the ldap connection
+    def initialize(config)
+      if config.is_a? Hash
+        @ldap = Net::LDAP.new( config )
+      else
+        @ldap = config
+      end
+    end
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @param key_field field which carries the integer unique id of the entity
+    # @param props Hash of the ldap attributes of the new ldap object
+    # @return nil in case of an error or the new id of the created object
+    def create_object(dn_prefix, treebase, key_field, props, silence = false)
+      base = "#{treebase},#{@ldap.base}"
+      id_sym = key_field.downcase.to_sym
+      max = 0
+      @ldap.search( :base => base, 
+                    :attributes => [key_field], 
+                    :return_result => false ) do |entry|
+        n = entry[id_sym].first.to_i
+        max = n if max < n
+      end
+      id = max + 1
+      props[id_sym] = "#{id}"
+      if @ldap.add( :dn => dn(dn_prefix, treebase), 
+                    :attributes => props)
+        id
+      else
+        unless silence
+          msg = ldap_error("create", 
+                             dn(dn_prefix, treebase)) + "\n\t#{props.inspect}"
+          # TODO maybe raise always an error
+          if @ldap.get_operation_result.code == 68
+            raise ::DataMapper::PersistenceError.new(msg)
+          else
+            logger.warn(msg)
+          end
+        end
+        nil
+      end
+    end
+
+    # @param treebase the treebase of the search
+    # @param key_fields Array of fields which carries the integer unique id(s) of the entity
+    # @param Array of conditions for the search
+    # @return Array of Hashes with a name/values pair for each attribute
+    def read_objects(treebase, key_fields, conditions)
+      filters = []
+      conditions.each do |cond|
+        c = cond[2]
+        case cond[0]
+        when :eql
+          if c.nil?
+            f = ~ Net::LDAP::Filter.pres( cond[1].to_s )
+          elsif c.class == Array
+            f = nil
+            c.each do |cc|
+              if f
+                f = f | Net::LDAP::Filter.eq( cond[1].to_s, cc.to_s )
+              else
+                f = Net::LDAP::Filter.eq( cond[1].to_s, cc.to_s )
+              end
+            end
+            #elsif c.class == Range
+            #  p c
+            #  f = Net::LDAP::Filter.ge( cond[1].to_s, c.begin.to_s ) & Net::LDAP::Filter.le( cond[1].to_s, c.end.to_s )
+          else
+            f = Net::LDAP::Filter.eq( cond[1].to_s, c.to_s )
+          end
+        when :gte
+          f = Net::LDAP::Filter.ge( cond[1].to_s, c.to_s )
+        when :lte
+          f = Net::LDAP::Filter.le( cond[1].to_s, c.to_s )
+        when :not
+            if c.nil?
+              f = Net::LDAP::Filter.pres( cond[1].to_s )
+            elsif c.class == Array
+              f = nil
+              c.each do |cc|
+              if f
+                f = f | Net::LDAP::Filter.eq( cond[1].to_s, cc.to_s )
+              else
+                f = Net::LDAP::Filter.eq( cond[1].to_s, cc.to_s )
+              end
+            end
+              f = ~ f
+            else
+              f = ~ Net::LDAP::Filter.eq( cond[1].to_s, c.to_s )
+            end
+        when :like
+          f = Net::LDAP::Filter.eq( cond[1].to_s, c.to_s.gsub(/%/, "*").gsub(/_/, "*").gsub(/\*\*/, "*") )
+        else
+          logger.error(cond[0].to_s + " needs coding")
+        end
+        filters << f
+      end
+      
+      filter = nil
+      filters.each do |f|
+        if filter.nil?
+          filter = f
+        else
+          filter = filter & f
+        end
+      end
+      logger.debug { "search filter: (#{filter.to_s})" }
+      result = []
+      @ldap.search( :base => "#{treebase},#{@ldap.base}",
+                    :filter => filter ) do |res|
+        map = to_map(res) 
+        #puts map[key_field.to_sym]
+        # TODO maybe make filter which removes this unless
+        # TODO move this into the ldap_Adapter to make it more general, so that
+        # all field with Integer gets converted, etc
+        result << map if key_fields.select do |key_field|
+          if map.member? key_field.to_sym
+            # convert field to integer
+            map[key_field.to_sym] = [map[key_field.to_sym].collect { |k| k.to_i != 0 ? k.to_s : k }].flatten
+            true
+          end
+        end.size > 0 # i.e. there was at least one key_field in the map
+      end
+      result
+    end
+
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @param actions the add/replace/delete actions on the attributes
+    # @return nil in case of an error or true
+    def update_object(dn_prefix, treebase, actions)
+      if @ldap.modify( :dn => dn(dn_prefix, treebase), 
+                       :operations => actions )
+        true
+      else
+        logger.warn(ldap_error("update", 
+                               dn(dn_prefix, treebase) + "\n\t#{actions.inspect}"))
+        nil
+      end
+    end
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @return nil in case of an error or true
+    def delete_object(dn_prefix, treebase)
+      if @ldap.delete( :dn => dn(dn_prefix, treebase) )
+        true
+      else
+        logger.warn(ldap_error("delete", 
+                               dn(dn_prefix, treebase)))
+        
+        nil
+      end
+    end
+
+    
+    # @param dn String for identifying the ldap object
+    # @param password String to be used for authenticate to the dn
+    def authenticate(dn, password)
+      Net::LDAP.new( { :host => @ldap.host, 
+                       :port => @ldap.port, 
+                       :auth => { 
+                         :method => :simple, 
+                         :username => dn, 
+                         :password => password 
+                       }, 
+                       :base => @ldap.base
+                     } ).bind
+    end
+
+    # helper to concat the dn from the various parts
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @return the complete dn String
+    def dn(dn_prefix, treebase)
+      "#{dn_prefix},#{treebase},#{@ldap.base}"
+    end
+
+    private
+    
+    # helper to extract the Hash from the ldap search result
+    # @param Entry from the ldap_search
+    # @return Hash with name/value pairs of the entry
+    def to_map(entry)
+      def entry.map
+        @myhash
+      end
+      entry.map
+    end
+    
+    def ldap_error(method, dn)
+      "#{method} error: (#{@ldap.get_operation_result.code}) #{@ldap.get_operation_result.message}\n\tDN: #{dn}"
+    end
+  end
+end

data/lib/ldap/ldap_facade_mock.rb

@@ -0,0 +1,56 @@
+module Ldap
+  class LdapFacade
+
+    def self.open(config)
+      puts "open"
+      p config
+      puts
+      yield "dummy"
+    end
+
+    def initialize(uri)
+      puts "new #{self.hash}"
+      p uri
+      puts
+    end
+
+    def create_object(treebase, dn_prefix, key_field, props, silence = false)
+      options = { :dn_prefix => dn_prefix, 
+        :treebase => treebase, 
+        :key_field => key_field, 
+        :properties => props }
+      puts "create #{self.hash}"
+      p options
+      puts
+      @@count ||= 0
+      @@count += 1
+    end
+
+    def read_objects(treebase, key_field, conditions, many = false)
+      options = { :treebase => treebase, 
+        :key_field => key_field,
+        :conditions => conditions, :many => many }
+      puts "read #{self.hash}"
+      p options
+      puts
+      [] if many
+    end
+
+    def update_object(treebase, dn_prefix, actions)
+      options = { :dn_prefix => dn_prefix, 
+        :treebase => treebase, 
+        :actions => actions }
+      puts "update #{self.hash}"
+      p options
+      puts
+    end
+
+    def delete_object(treebase, dn_prefix)
+      options = { :dn_prefix => dn_prefix, 
+        :treebase => treebase }
+      puts "delete #{self.hash}"
+      p options
+      puts
+    end
+  end
+end

data/lib/ldap/version.rb

@@ -0,0 +1,3 @@
+module Ldap
+  VERSION = '0.2.0'
+end

data/lib/ldap_resource.rb

@@ -0,0 +1,107 @@
+require 'ldap/digest'
+
+module DataMapper
+  module Resource
+    module ClassMethods
+      
+      # if called without parameter or block the given properties get returned.
+      # if called with a block then the block gets stored. if called with new 
+      # properties they get stored. if called with a Resource then either the
+      # stored block gets called with that Resource or the stored properties get
+      # returned.
+      # @param [Hash,DataMapper::Resource] properties_or_resource either a Hash with properties, a Resource or nil
+      # @param [block] &block to be stored for later calls when properties_or_resource is nil
+      # @return [Hash] when called with a Resource
+      def ldap_properties(properties_or_resource = nil, &block)
+        if properties_or_resource
+          if properties_or_resource.instance_of? Hash
+            @ldap_properties = properties_or_resource
+          elsif @ldap_properties.instance_of? Hash
+            @ldap_properties
+          else
+            @ldap_properties.call(properties_or_resource)
+          end
+        else
+          @ldap_properties = block
+        end
+      end
+      
+      # if called without parameter or block the given treebase gets returned.
+      # if called with a block then the block gets stored. if called with a 
+      # String then it gets stored. if called with a Resource then either the
+      # stored block gets called with that Resource or the stored String gets
+      # returned.
+      # @param [String,DataMapper::Resource] treebase_or_resource either a String, a Resource or nil
+      # @param [block] &block to be stored for later calls when base_or_resource is nil
+      # @return [String] when called with a Resource
+      def treebase(base_or_resource = nil, &block)
+        if base_or_resource
+          if base_or_resource.instance_of? String
+            @treebase = base_or_resource
+          elsif @treebase.instance_of? String
+            @treebase
+          else
+            @treebase.call(base_or_resource)
+          end
+        else
+          if block
+            @treebase = block
+          else # backwards compatibility
+            @treebase
+          end
+        end
+      end
+      
+      # if called without parameter or block the given dn_prefix gets returned.
+      # if called with a block then the block gets stored. if called with a 
+      # String then it gets stored. if called with a Resource then either the
+      # stored block gets called with that Resource or the stored String gets
+      # returned.
+      # @param [String,DataMapper::Resource] prefix_or_resource either a String, a Resource or nil
+      # @param [&block] block to be stored for later calls
+      # @return [String, nil] when called with a Resource
+      def dn_prefix(prefix_or_resource = nil, &block)
+        if prefix_or_resource
+          if prefix_or_resource.instance_of? String
+            @ldap_dn = prefix_or_resource
+          elsif @ldap_dn.instance_of? String
+            @ldap_dn
+          else
+            @ldap_dn.call(prefix_or_resource)
+          end
+        else
+          @ldap_dn = block
+        end
+      end
+      
+      # if called without parameter then the stored field gets returned 
+      # otherwise the given parameters gets stored
+      # @param [Symbol, String] field a new multivalue_field
+      # @return [Symbol] the multivalue_field
+      def multivalue_field(field = nil)
+        if field.nil?
+          @ldap_multivalue_field
+        else
+          @ldap_multivalue_field = field.to_sym
+        end
+      end
+    end
+    
+    # authenticate the current resource against the stored password
+    # @param [String] password to authenticate
+    # @return [TrueClass, FalseClass] whether password was right or wrong
+    def authenticate(password)
+      ldap.authenticate(ldap.dn(self.class.dn_prefix(self),
+                                self.class.treebase), 
+                        password)
+    end
+
+    private
+    # short cut to the ldap facade
+    # @return [Ldap::LdapFacade]
+    def ldap
+      raise "not an ldap adapter #{repository.adapter.name}" unless repository.adapter.respond_to? :ldap
+      repository.adapter.ldap
+    end
+  end
+end