dm-ldap-adapter 0.4.3-java

data/lib/ldap/ruby_ldap_facade.rb

@@ -0,0 +1,201 @@
+require 'ldap'
+require 'slf4r'
+require 'ldap/conditions_2_filter'
+
+module Ldap
+  class Connection < LDAP::Conn
+
+    attr_reader :base, :host, :port
+
+    def initialize(config)
+      super(config[:host], config[:port])
+      @base = config[:base]
+      @port = config[:port]
+      @host = config[:host]
+      set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+    end
+
+  end
+
+  class RubyLdapFacade
+
+    # @param config Hash for the ldap connection
+    def self.open(config)
+      ldap2 = Connection.new(config)
+      ldap2.bind(config[:auth][:username], config[:auth][:password]) do |ldap|
+        yield ldap
+      end
+    end
+
+    include ::Slf4r::Logger
+
+    # @param config Hash for the ldap connection
+    def initialize(config)
+      if config.is_a? Hash
+        @ldap2 = Connection.new(config)
+        @ldap2.bind(config[:auth][:username], config[:auth][:password])
+      else
+        @ldap2 = config
+      end
+    end
+
+    def retrieve_next_id(treebase, key_field)
+      max = 0
+      @ldap2.search("#{treebase},#{@ldap2.base}",
+                    LDAP::LDAP_SCOPE_SUBTREE,
+                    "(objectclass=*)",
+                     [key_field]) do |entry|
+        n = (entry.vals(key_field) || [0]).first.to_i
+        max = n if max < n
+      end
+      max + 1
+    end
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @param key_field field which carries the integer unique id of the entity
+    # @param props Hash of the ldap attributes of the new ldap object
+    # @return nil in case of an error or the new id of the created object
+    def create_object(dn_prefix, treebase, key_field, props, silence = false)
+      base = "#{treebase},#{@ldap2.base}"
+      mods = props.collect do |k,v|
+        LDAP.mod(LDAP::LDAP_MOD_ADD, k.to_s, v.is_a?(::Array) ? v : [v.to_s] )
+      end
+      if @ldap2.add( dn(dn_prefix, treebase), mods)
+        props[key_field.to_sym]
+      else
+        unless silence
+          msg = ldap_error("create",
+                             dn(dn_prefix, treebase)) + "\n\t#{props.inspect}"
+          # TODO maybe raise always an error
+          if @ldap2.get_operation_result.code.to_s == "68"
+            raise ::DataMapper::PersistenceError.new(msg)
+          else
+            logger.warn(msg)
+          end
+        end
+        nil
+      end
+    end
+
+    # @param treebase the treebase of the search
+    # @param key_fields Array of fields which carries the integer unique id(s) of the entity
+    # @param Array of conditions for the search
+    # @return Array of Hashes with a name/values pair for each attribute
+    def read_objects(treebase, key_fields, conditions, field_names, order_field = '')      
+      
+      if !conditions.nil? and conditions.size > 0
+        filter = Conditions2Filter.convert(conditions).to_s
+      else
+        filter = "(objectclass=*)"
+      end
+
+      result = []
+      begin
+      @ldap2.search("#{treebase},#{@ldap2.base}",
+                    LDAP::LDAP_SCOPE_SUBTREE,
+                    filter,
+                    field_names, false, 0, 0, order_field) do |res|
+        mapp = to_map(field_names, res)
+        # TODO maybe make filter which removes this unless
+        # TODO move this into the ldap_Adapter to make it more general, so that
+        # all field with Integer gets converted, etc
+        # NOTE: somehow the fields are downcase coming from query.model
+        result << mapp if key_fields.detect do |key_field|
+            mapp.keys.detect {|k| k.to_s.downcase == key_field.downcase }
+          end
+        end
+      end
+      result
+    end
+
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @param actions the add/replace/delete actions on the attributes
+    # @return nil in case of an error or true
+    def update_object(dn_prefix, treebase, actions)
+      mods = actions.collect do |act|
+        mod_op = case act[0]
+              when :add
+                LDAP::LDAP_MOD_ADD
+              when :replace
+                LDAP::LDAP_MOD_REPLACE
+              when :delete
+                LDAP::LDAP_MOD_DELETE
+              end
+        LDAP.mod(mod_op, act[1].to_s, act[2] == [] ? [] : [act[2].to_s])
+      end
+      if @ldap2.modify( dn(dn_prefix, treebase),
+                       mods )
+        true
+      else
+        logger.warn(ldap_error("update",
+                               dn(dn_prefix, treebase) + "\n\t#{actions.inspect}"))
+        nil
+      end
+    end
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @return nil in case of an error or true
+    def delete_object(dn_prefix, treebase)
+      if @ldap2.delete( dn(dn_prefix, treebase) )
+        true
+      else
+        logger.warn(ldap_error("delete",
+                               dn(dn_prefix, treebase)))
+
+        nil
+      end
+    end
+
+
+    # @param dn String for identifying the ldap object
+    # @param password String to be used for authenticate to the dn
+    def authenticate(dn, password)
+      bound = false
+      ldap_con = LDAP::Conn.new(@ldap2.host, @ldap2.port)
+      ldap_con.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
+      begin
+        ldap_con.bind(dn, password, LDAP::LDAP_AUTH_SIMPLE) do
+          bound = true
+        end
+      rescue LDAP::ResultError => msg
+        if msg.to_s =~ /Invalid\ credentials/i
+          logger.info("Invalid Credentials: #{dn}")
+        else 
+          logger.warn "Authentication Error: #{msg.to_s}"
+        end
+      end
+      bound
+    end
+
+    # helper to concat the dn from the various parts
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @return the complete dn String
+    def dn(dn_prefix, treebase)
+      "#{dn_prefix},#{treebase},#{@ldap2.base}"
+    end
+
+    private
+
+    # helper to extract the Hash from the ldap search result
+    # @param Entry from the ldap_search
+    # @return Hash with name/value pairs of the entry
+    def to_map(field_names, entry)
+      fields = {:dn => :dn}
+      field_names.each { |f| fields[f.downcase.to_sym] = f.to_sym }
+      map = {}
+      LDAP::entry2hash(entry).each do |k,v|
+        map[fields[k.downcase.to_sym]] = v
+      end
+      map
+    end
+
+    def ldap_error(method, dn)
+      "#{method} error: (#{@ldap2.get_operation_result.code}) #{@ldap2.get_operation_result.message}\n\tDN: #{dn}"
+    end
+  end
+end

data/lib/ldap/transactions.rb

@@ -0,0 +1,2 @@
+require 'dm-transactions'
+require 'adapters/noop_transaction'

data/lib/ldap/unboundid_ldap_facade.rb

@@ -0,0 +1,188 @@
+require 'ldap'
+require 'slf4r'
+require 'ldap/conditions_2_filter'
+
+module Ldap
+  # class Connection < LDAP::Conn
+
+  #   attr_reader :base, :host, :port
+
+  #   def initialize(config)
+  #     super(config[:host], config[:port])
+  #     @base = config[:base]
+  #     @port = config[:port]
+  #     @host = config[:host]
+  #     set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+  #   end
+
+  # end
+
+  class RubyLdapFacade
+
+    # @param config Hash for the ldap connection
+    def self.open(config)
+      ldap3 = com.unboundid.ldap.sdk.LDAPConnection.new(config[:host], config[:port], config[:base] + "." + config[:auth][:username], config[:auth][:password])
+      
+      yield ldap
+    end
+
+    include ::Slf4r::Logger
+
+    # @param config Hash for the ldap connection
+    def initialize(config)
+      if config.is_a? Hash
+        @ldap2 = Connection.new(config)
+        @ldap2.bind(config[:auth][:username], config[:auth][:password])
+      else
+        @ldap2 = config
+      end
+    end
+
+    def retrieve_next_id(treebase, key_field)
+      max = 0
+      @ldap2.search("#{treebase},#{@ldap2.base}",
+                    LDAP::LDAP_SCOPE_SUBTREE,
+                    "(objectclass=*)",
+                     [key_field]) do |entry|
+        n = (entry.vals(key_field) || [0]).first.to_i
+        max = n if max < n
+      end
+      max + 1
+    end
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @param key_field field which carries the integer unique id of the entity
+    # @param props Hash of the ldap attributes of the new ldap object
+    # @return nil in case of an error or the new id of the created object
+    def create_object(dn_prefix, treebase, key_field, props, silence = false)
+      base = "#{treebase},#{@ldap2.base}"
+      mods = props.collect do |k,v|
+        LDAP.mod(LDAP::LDAP_MOD_ADD, k.to_s, v.is_a?(::Array) ? v : [v.to_s] )
+      end
+      if @ldap2.add( dn(dn_prefix, treebase), mods)
+#                    :attributes => props) and @ldap.get_operation_result.code.to_s == "0"
+        props[key_field.downcase.to_sym]
+      else
+        unless silence
+          msg = ldap_error("create",
+                             dn(dn_prefix, treebase)) + "\n\t#{props.inspect}"
+          # TODO maybe raise always an error
+          if @ldap2.get_operation_result.code.to_s == "68"
+            raise ::DataMapper::PersistenceError.new(msg)
+          else
+            logger.warn(msg)
+          end
+        end
+        nil
+      end
+    end
+
+    # @param treebase the treebase of the search
+    # @param key_fields Array of fields which carries the integer unique id(s) of the entity
+    # @param Array of conditions for the search
+    # @return Array of Hashes with a name/values pair for each attribute
+    def read_objects(treebase, key_fields, conditions, field_names, order_field = '')      
+      filter = Conditions2Filter.convert(conditions)
+      result = []
+      begin
+      @ldap2.search("#{treebase},#{@ldap2.base}",
+                    LDAP::LDAP_SCOPE_SUBTREE,
+                    filter.to_s == "" ? "(objectclass=*)" : filter.to_s.gsub(/\(\(/, "(").gsub(/\)\)/, ")"),
+                    field_names, false, 0, 0, order_field) do |res|
+
+        map = to_map(res)
+        #puts map[key_field.to_sym]
+        # TODO maybe make filter which removes this unless
+        # TODO move this into the ldap_Adapter to make it more general, so that
+        # all field with Integer gets converted, etc
+        result << map if key_fields.detect do |key_field|
+            map.member? key_field.to_sym
+          end
+        end
+      end
+      result
+    end
+
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @param actions the add/replace/delete actions on the attributes
+    # @return nil in case of an error or true
+    def update_object(dn_prefix, treebase, actions)
+      mods = actions.collect do |act|
+        mod_op = case act[0]
+              when :add
+                LDAP::LDAP_MOD_ADD
+              when :replace
+                LDAP::LDAP_MOD_REPLACE
+              when :delete
+                LDAP::LDAP_MOD_DELETE
+              end
+        LDAP.mod(mod_op, act[1].to_s, act[2] == [] ? [] : [act[2].to_s])
+      end
+      if @ldap2.modify( dn(dn_prefix, treebase),
+                       mods )
+        true
+      else
+        logger.warn(ldap_error("update",
+                               dn(dn_prefix, treebase) + "\n\t#{actions.inspect}"))
+        nil
+      end
+    end
+
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @return nil in case of an error or true
+    def delete_object(dn_prefix, treebase)
+      if @ldap2.delete( dn(dn_prefix, treebase) )
+        true
+      else
+        logger.warn(ldap_error("delete",
+                               dn(dn_prefix, treebase)))
+
+        nil
+      end
+    end
+
+
+    # @param dn String for identifying the ldap object
+    # @param password String to be used for authenticate to the dn
+    def authenticate(dn, password)
+      Net::LDAP.new( { :host => @ldap2.host,
+                       :port => @ldap2.port,
+                       :auth => {
+                         :method => :simple,
+                         :username => dn,
+                         :password => password
+                       },
+                       :base => @ldap2.base
+                     } ).bind
+    end
+
+    # helper to concat the dn from the various parts
+    # @param dn_prefix String the prefix of the dn
+    # @param treebase the treebase of the dn or any search
+    # @return the complete dn String
+    def dn(dn_prefix, treebase)
+      "#{dn_prefix},#{treebase},#{@ldap2.base}"
+    end
+
+    private
+
+    # helper to extract the Hash from the ldap search result
+    # @param Entry from the ldap_search
+    # @return Hash with name/value pairs of the entry
+    def to_map(entry)
+      map = {}
+      LDAP::entry2hash(entry).each do |k,v|
+        map[k.downcase.to_sym] = v
+      end
+      map
+    end
+
+    def ldap_error(method, dn)
+      "#{method} error: (#{@ldap2.get_operation_result.code}) #{@ldap2.get_operation_result.message}\n\tDN: #{dn}"
+    end
+  end
+end

data/lib/ldap/version.rb

@@ -0,0 +1,3 @@
+module Ldap
+  VERSION = '0.4.0.alpha1'.freeze
+end

data/lib/ldap_resource.rb

@@ -0,0 +1,189 @@
+require 'ldap/digest'
+require 'dm-core'
+require 'ldap/array'
+
+module DataMapper
+  module Model
+   
+      def load(records, query)
+        repository      = query.repository
+        repository_name = repository.name
+        fields          = query.fields
+        discriminator   = properties(repository_name).discriminator
+        no_reload       = !query.reload?
+        
+        field_map = {}
+        fields.each { |property| field_map[property] = property.field }
+        
+        records.map do |record|
+          identity_map = nil
+          key_values   = nil
+          resource     = nil
+          
+          case record
+          when Hash
+            # remap fields to use the Property object
+            record = record.dup
+            field_map.each { |property, field| record[property] = record.delete(field) if record.key?(field) }
+
+            model     = discriminator && discriminator.load(record[discriminator]) || self
+            model_key = model.key(repository_name)
+
+            resource = if model_key.valid?(key_values = record.values_at(*model_key))
+              identity_map = repository.identity_map(model)
+              identity_map[key_values]
+            end
+
+            resource ||= model.allocate
+
+            fields.each do |property|
+              next if no_reload && property.loaded?(resource)
+
+              value = record[property]
+
+              value = property.load(value)
+
+              property.set!(resource, value)
+            end
+
+          when Resource
+            model     = record.model
+            model_key = model.key(repository_name)
+            
+            resource = if model_key.valid?(key_values = record.key)
+                         identity_map = repository.identity_map(model)
+                         identity_map[key_values]
+                       end
+            
+            resource ||= model.allocate
+            
+            fields.each do |property|
+              next if no_reload && property.loaded?(resource)
+              
+              property.set!(resource, property.get!(record))
+            end
+          end
+          
+          resource.instance_variable_set(:@_repository, repository)
+          
+          if identity_map
+            resource.persisted_state = Resource::State::Clean.new(resource) unless resource.persisted_state?
+            
+            # defer setting the IdentityMap so second level caches can
+            # record the state of the resource after loaded
+            identity_map[key_values] = resource
+          else
+            resource.persisted_state = Resource::State::Immutable.new(resource)
+          end
+          
+          resource
+        end
+      end
+
+      module LdapResource
+
+      Model.append_inclusions self
+
+      # authenticate the current resource against the stored password
+      # @param [String] password to authenticate
+      # @return [TrueClass, FalseClass] whether password was right or wrong
+      def authenticate(password)
+        ldap.authenticate(ldap.dn(self.class.dn_prefix(self),
+                                  self.class.treebase),
+                          password)
+      end
+
+      # if called without parameter or block the given properties get returned.
+      # if called with a block then the block gets stored. if called with new
+      # properties they get stored. if called with a Resource then either the
+      # stored block gets called with that Resource or the stored properties get
+      # returned.
+      # @param [Hash,DataMapper::Resource] properties_or_resource either a Hash with properties, a Resource or nil
+      # @param [block] &block to be stored for later calls when properties_or_resource is nil
+      # @return [Hash] when called with a Resource
+      def ldap_properties(properties_or_resource = nil, &block)
+        if properties_or_resource
+          if properties_or_resource.instance_of? Hash
+            @ldap_properties = properties_or_resource
+          elsif @ldap_properties.instance_of? Hash
+            @ldap_properties
+          else
+            @ldap_properties.call(properties_or_resource)
+          end
+        else
+          @ldap_properties = block
+        end
+      end
+
+      # if called without parameter or block the given treebase gets returned.
+      # if called with a block then the block gets stored. if called with a
+      # String then it gets stored. if called with a Resource then either the
+      # stored block gets called with that Resource or the stored String gets
+      # returned.
+      # @param [String,DataMapper::Resource] treebase_or_resource either a String, a Resource or nil
+      # @param [block] &block to be stored for later calls when base_or_resource is nil
+      # @return [String] when called with a Resource
+      def treebase(base_or_resource = nil, &block)
+        if base_or_resource
+          if base_or_resource.instance_of? String
+            @treebase = base_or_resource
+          elsif @treebase.instance_of? String
+            @treebase
+          else
+            @treebase.call(base_or_resource)
+          end
+        else
+          if block
+            @treebase = block
+          else # backwards compatibility
+            @treebase
+          end
+        end
+      end
+
+      # if called without parameter or block the given dn_prefix gets returned.
+      # if called with a block then the block gets stored. if called with a
+      # String then it gets stored. if called with a Resource then either the
+      # stored block gets called with that Resource or the stored String gets
+      # returned.
+      # @param [String,DataMapper::Resource] prefix_or_resource either a String, a Resource or nil
+      # @param [&block] block to be stored for later calls
+      # @return [String, nil] when called with a Resource
+      def dn_prefix(prefix_or_resource = nil, &block)
+        if prefix_or_resource
+          if prefix_or_resource.instance_of? String
+            @ldap_dn = prefix_or_resource
+          elsif @ldap_dn.instance_of? String
+            @ldap_dn
+          else
+            @ldap_dn.call(prefix_or_resource)
+          end
+        else
+          @ldap_dn = block
+        end
+      end
+
+      # if called without parameter then the stored field gets returned
+      # otherwise the given parameters gets stored
+      # @param [Symbol, String] field a new multivalue_field
+      # @return [Symbol] the multivalue_field
+      def multivalue_field(field = nil)
+        if field.nil?
+          @ldap_multivalue_field
+        else
+          @ldap_multivalue_field = field.to_sym
+        end
+      end
+
+      private
+      # short cut to the ldap facade
+      # @return [Ldap::LdapFacade]
+      def ldap
+        raise "not an ldap adapter #{repository.adapter.name}" unless repository.adapter.respond_to? :ldap
+        repository.adapter.ldap
+      end
+    end
+
+    include LdapResource
+  end
+end