RubyGems - fakeldap - Versions diffs - 0.0.1 → 0.1 - Mend

fakeldap 0.0.1 → 0.1

Files changed (114) hide show

data/vendor/ruby-ldapserver/lib/ldap/server/preforkserver.rb DELETED

@@ -1,93 +0,0 @@
-require 'prefork'	# <http://raa.ruby-lang.org/project/prefork/>
-require 'socket'
-module LDAP
-class Server
-  # Accept connections on a port, and for each one run the given block
-  # in one of N pre-forked children. Returns a Thread object for the
-  # listener.
-  #
-  # Options:
-  #   :port=>port number [required]
-  #   :bindaddr=>"IP address"
-  #   :user=>"username"				- drop privileges after bind
-  #   :group=>"groupname"			- ditto
-  #   :logger=>object				- implements << method
-  #   :listen=>number				- listen queue depth
-  #   :nodelay=>true				- set TCP_NODELAY option
-  #   :min_servers=>N				- prefork parameters
-  #   :max_servers=>N
-  #   :max_requests_per_child=>N
-  #   :max_idle=>N				- seconds
-  def self.preforkserver(opt, &blk)
-    logger = opt[:logger] || $stderr
-    server = PreFork.new(opt[:bindaddr] || "0.0.0.0", opt[:port])
-    # Drop privileges if requested
-    if opt[:group] or opt[:user]
-      require 'etc'
-      gid = Etc.getgrnam(opt[:group]).gid if opt[:group]
-      uid = Etc.getpwnam(opt[:user]).uid if opt[:user]
-      File.chown(uid, gid, server.instance_eval {@lockf})
-      Process.gid = Process.egid = gid if gid
-      Process.uid = Process.euid = uid if uid
-    end
-    # Typically the O/S will buffer response data for 100ms before sending.
-    # If the response is sent as a single write() then there's no need for it.
-    if opt[:nodelay]
-      begin
-        server.sock.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
-      rescue Exception
-      end
-    end
-    # set queue size for incoming connections (default is 5)
-    server.sock.listen(opt[:listen]) if opt[:listen]
-    # Set prefork server parameters
-    server.min_servers = opt[:min_servers] if opt[:min_servers]
-    server.max_servers = opt[:max_servers] if opt[:max_servers]
-    server.max_request_per_child = opt[:max_request_per_child] if opt[:max_request_per_child]
-    server.max_idle = opt[:max_idle] if opt[:max_idle]
-    Thread.new do
-      server.start do |s|
-        begin
-          s.instance_eval(&blk)
-        rescue Interrupt
-          # This exception can be raised to shut the server down
-          server.stop
-        rescue Exception => e
-          logger << "[#{s.peeraddr[3]}]: #{e}: #{e.backtrace[0]}\n"
-        ensure
-          s.close
-        end
-      end
-    end
-  end
-end # class Server
-end # module LDAP
-if __FILE__ == $0
-  # simple test
-  puts "Running a test POP3 server on port 1110"
-  t = LDAP::Server.preforkserver(:port=>1110) do
-    print "+OK I am a fake POP3 server (pid #{$$})\r\n"
-    while line = gets
-      case line
-      when /^quit/i
-        break
-      when /^crash/i
-        raise Errno::EPERM, "dammit!"
-      else
-        print "-ERR I don't understand #{line}"
-      end
-    end
-    print "+OK bye\r\n"
-  end
-  #sleep 10; t.raise Interrupt	# uncomment to run for fixed time period
-  t.join
-end

data/vendor/ruby-ldapserver/lib/ldap/server/result.rb DELETED

@@ -1,71 +0,0 @@
-module LDAP
-# compatible with ruby-ldap
-class Error < StandardError
-end
-class ResultError < Error
-end
-# This exception is raised when we need to kill an existing Operation
-# thread because of a received abandonRequest or bindRequest
-class Abandon < Interrupt
-end
-# ResultError constants from RFC 2251 4.1.10; these are all exceptions
-# which can be raised
-class ResultError
-  class Success < self;				def to_i; 0; end; end
-  class OperationsError < self;			def to_i; 1; end; end
-  class ProtocolError < self;			def to_i; 2; end; end
-  class TimeLimitExceeded < self; 		def to_i; 3; end; end
-  class SizeLimitExceeded < self;		def to_i; 4; end; end
-  class CompareFalse < self;			def to_i; 5; end; end
-  class CompareTrue < self;			def to_i; 6; end; end
-  class AuthMethodNotSupported < self;		def to_i; 7; end; end
-  class StrongAuthRequired < self;		def to_i; 8; end; end
-  class Referral < self;			def to_i; 10; end; end
-  class AdminLimitExceeded < self;		def to_i; 11; end; end
-  class UnavailableCriticalExtension < self;	def to_i; 12; end; end
-  class ConfidentialityRequired < self;		def to_i; 13; end; end
-  class SaslBindInProgress < self;		def to_i; 14; end; end
-  class NoSuchAttribute < self;			def to_i; 16; end; end
-  class UndefinedAttributeType < self;		def to_i; 17; end; end
-  class InappropriateMatching < self;		def to_i; 18; end; end
-  class ConstraintViolation < self;		def to_i; 19; end; end
-  class AttributeOrValueExists < self;		def to_i; 20; end; end
-  class InvalidAttributeSyntax < self;		def to_i; 21; end; end
-  class NoSuchObject < self;			def to_i; 32; end; end
-  class AliasProblem < self;			def to_i; 33; end; end
-  class InvalidDNSyntax < self;			def to_i; 34; end; end
-  class IsLeaf < self;				def to_i; 35; end; end
-  class AliasDereferencingProblem < self;	def to_i; 36; end; end
-  class InappropriateAuthentication < self;	def to_i; 48; end; end
-  class InvalidCredentials < self;		def to_i; 49; end; end
-  class InsufficientAccessRights < self;	def to_i; 50; end; end
-  class Busy < self;				def to_i; 51; end; end
-  class Unavailable < self;			def to_i; 52; end; end
-  class UnwillingToPerform < self;		def to_i; 53; end; end
-  class LoopDetect < self;			def to_i; 54; end; end
-  class NamingViolation < self;			def to_i; 64; end; end
-  class ObjectClassViolation < self;		def to_i; 65; end; end
-  class NotAllowedOnNonLeaf < self;		def to_i; 66; end; end
-  class NotAllowedOnRDN < self;			def to_i; 67; end; end
-  class EntryAlreadyExists < self;		def to_i; 68; end; end
-  class ObjectClassModsProhibited < self;	def to_i; 69; end; end
-  class AffectsMultipleDSAs < self;		def to_i; 71; end; end
-  class Other < self;				def to_i; 80; end; end
-  # Reverse lookup: so you can do raise LDAP::ResultError[53]
-  N_TO_CLASS = {
-    53 => UnwillingToPerform,
-    # FIXME: please fill in the rest
-  }
-  def self.[] (n)
-    return N_TO_CLASS[n] || self
-  end
-end # class ResultError
-end # module LDAP

data/vendor/ruby-ldapserver/lib/ldap/server/schema.rb DELETED

@@ -1,592 +0,0 @@
-require 'ldap/server/syntax'
-require 'ldap/server/result'
-module LDAP
-class Server
-  # This object represents an LDAP schema: that is, a collection of
-  # objectclasses and attributetypes. Methods are provided for loading
-  # the schema (from a string or a disk file), and validating an av-hash
-  # against it.
-  class Schema
-    SUBSCHEMA_ENTRY_ATTR = 'cn'
-    SUBSCHEMA_ENTRY_VALUE = 'Subschema'
-    def initialize
-      @attrtypes = {}		# name/alias/oid => AttributeType instance
-      @objectclasses = {}	# name/alias/oid => ObjectClass instance
-      @subschema_cache = nil
-    end
-    # return the DN of the subschema subentry
-    def subschema_dn
-      "#{SUBSCHEMA_ENTRY_ATTR}=#{SUBSCHEMA_ENTRY_VALUE}"
-    end
-    # Return an av hash object giving the subschema subentry. This is cached, so
-    # call Schema#changed if it needs to be rebuilt
-    def subschema_subentry
-      @subschema_cache ||= {
-	'objectClass' => ['top','subschema','extensibleObject'],
-	SUBSCHEMA_ENTRY_ATTR => [SUBSCHEMA_ENTRY_VALUE],
-	'objectClasses' => all_objectclasses.collect { |s| s.to_def },
-	'attributeTypes' => all_attrtypes.collect { |s| s.to_def },
-	'ldapSyntaxes' => LDAP::Server::Syntax.all_syntaxes.collect { |s| s.to_def },
-	#'matchingRules' =>
-	#'matchingRuleUse' =>
-      }
-    end
-    # Clear the subschema subentry cache, so the next time someone requests
-    # it, it will be rebuilt
-    def changed
-      @subschema_cache = nil
-    end
-    # Add an AttributeType to the schema
-    def add_attrtype(str)
-      a = AttributeType.new(str)
-      @attrtypes[a.oid] = a if a.oid
-      a.names.each do |n|
-        @attrtypes[n.downcase] = a
-      end
-    end
-    # Locate an attributetype object by name/alias/oid (or raise exception)
-    def find_attrtype(n)
-      return n if n.nil? or n.is_a?(LDAP::Server::Schema::AttributeType)
-      r = @attrtypes[n.downcase]
-      raise LDAP::ResultError::UndefinedAttributeType, "Unknown AttributeType #{n.inspect}" unless r
-      r
-    end
-    # Return array of all AttributeType objects in this schema
-    def all_attrtypes
-      @attrtypes.values.uniq
-    end
-    # Add an ObjectClass to the schema
-    def add_objectclass(str)
-      o = ObjectClass.new(str)
-      @objectclasses[o.oid] = o if o.oid
-      o.names.each do |n|
-        @objectclasses[n.downcase] = o
-      end
-    end
-    # Locate an objectclass object by name/alias/oid (or raise exception)
-    def find_objectclass(n)
-      return n if n.nil? or n.is_a?(LDAP::Server::Schema::ObjectClass)
-      r = @objectclasses[n.downcase]
-      raise LDAP::ResultError::ObjectClassViolation, "Unknown ObjectClass #{n.inspect}" unless r
-      r
-    end
-    # Return array of all ObjectClass objects in this schema
-    def all_objectclasses
-      @objectclasses.values.uniq
-    end
-    # Load an OpenLDAP-format schema from a named file (see notes under 'load')
-    def load_file(filename)
-      File.open(filename) { |f| load(f) }
-    end
-    # Load an OpenLDAP-format schema from a string or IO object (anything
-    # which responds to 'each_line'). Lines starting 'attributetype'
-    # or 'objectclass' contain one of those objects. Does not implement
-    # named objectIdentifier prefixes (used in the dyngroup.schema file
-    # supplied with openldap, but not documented in RFC2252)
-    #
-    # Note: RFC2252 is strict about the order in which the elements appear,
-    # and so are we, but OpenLDAP is not. This means that a schema which
-    # works in OpenLDAP might not load here. For example, RFC2252 says
-    # that in an objectclass description, "SUP" must come before "MAY";
-    # if they are the other way round, our regexp-based parser will not
-    # accept it. The solution is simply to modify the definition so that
-    # the elements appear in the correct order.
-    def load(str_or_io)
-      meth = :junk_line
-      data = ""
-      str_or_io.each_line do |line|
-        case line
-        when /^\s*#/, /^\s*$/
-          next
-        when /^objectclass\s*(.*)$/i
-          m = $~
-          send(meth, data)
-          meth, data = :add_objectclass, m[1]
-        when /^attributetype\s*(.*)$/i
-          m = $~
-          send(meth, data)
-          meth, data = :add_attrtype, m[1]
-        else
-          data << line
-        end
-      end
-      send(meth,data)
-      self
-    end
-    def junk_line(data)
-      return if data.empty?
-      raise LDAP::ResultError::InvalidAttributeSyntax,
-        "Expected 'attributetype' or 'objectclass', got #{data}"
-    end
-    private :junk_line
-    # Load in the base set of objectclasses and attributetypes, being
-    # the same set as OpenLDAP preloads internally. Includes objectclasses
-    # 'top', 'objectclass'; attributetypes 'objectclass' , 'cn',
-    # 'userPassword' and 'distinguishedName'; common operational attributes
-    # such as 'modifyTimestamp'; plus extras needed for publishing a v3
-    # schema via LDAP
-    def load_system
-      load(<<EOS)
-attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-attributetype ( 2.5.4.35 NAME 'userPassword' DESC 'RFC2256/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
-attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC2256: common name(s) for which the entity is known by' SUP name )
-attributetype ( 2.5.4.41 NAME 'name' DESC 'RFC2256: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-attributetype ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC2256: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'namedref: subordinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation )
-attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC2256: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC2252: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
-attributetype ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC2252: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
-attributetype ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC2252: object classes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
-attributetype ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC2252: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
-attributetype ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC2252: matching rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
-attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
-attributetype ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC2252: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC2252: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC2252: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC2252: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC2252: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC2252: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
-attributetype ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC2252: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attributetype ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attributetype ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC2252: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attributetype ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC2252: name of creator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attributetype ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC2252: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attributetype ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC2252: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attributetype ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'X.500(93): structural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-# These ones aren't published by OpenLDAP, but are referenced by the 'subschema' objectclass
-attributetype ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
-attributetype ( 2.5.21.7 NAME 'nameForms' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
-attributetype ( 2.5.21.2 NAME 'dITContentRules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
-objectclass ( 2.5.20.1 NAME 'subschema' DESC 'RFC2252: controlling subschema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ ditContentRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
-#Don't have definition for subtreeSpecification:
-#objectClass ( 2.5.17.0 NAME 'subentry' SUP top STRUCTURAL MUST ( cn $ subtreeSpecification ) )
-objectClass ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )
-objectClass ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: named subordinate referral' SUP top STRUCTURAL MUST ref )
-objectClass ( 2.5.6.1 NAME 'alias' DESC 'RFC2256: an alias' SUP top STRUCTURAL MUST aliasedObjectName )
-objectClass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC 'RFC2252: extensible object' SUP top AUXILIARY )
-objectClass ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' ABSTRACT MUST objectClass )
-EOS
-    end
-    # After loading object classes and attr types: resolve oid strings to point
-    # to objects. This will expose schema inconsistencies (e.g. objectclass
-    # has unknown SUP class or points to unknown attributeType). However,
-    # unknown Syntaxes just create new Syntax objects.
-    def resolve_oids
-      all_attrtypes.each do |a|
-        if a.sup
-          s = find_attrtype(a.sup)
-          a.instance_eval {
-            @sup = s
-            # inherit properties (FIXME: This breaks to_def)
-            @equality ||= s.equality
-            @ordering ||= s.ordering
-            @substr ||= s.substr
-            @syntax ||= s.syntax
-            @maxlen ||= s.maxlen
-            @singlevalue ||= s.singlevalue
-            @collective ||= s.collective
-            @nousermod ||= s.nousermod
-            @usage ||= s.usage
-          }
-        end
-        a.instance_eval do
-          @syntax = LDAP::Server::Syntax.find(@syntax) if @syntax
-          @equality = LDAP::Server::MatchingRule.find(@equality) if @equality
-          @ordering = LDAP::Server::MatchingRule.find(@ordering) if @ordering
-          @substr = LDAP::Server::MatchingRule.find(@substr) if @substr
-        end
-      end
-      all_objectclasses.each do |o|
-        if o.sup
-          s = o.sup.collect { |ss| find_objectclass(ss) }
-          o.instance_eval { @sup = s }
-        end
-        if o.must
-          s = o.must.collect { |ss| find_attrtype(ss) }
-          o.instance_eval { @must = s }
-        end
-        if o.may
-          s = o.may.collect { |ss| find_attrtype(ss) }
-          o.instance_eval { @may = s }
-        end
-      end
-    end
-    # Validate a new entry or update. For a new entry, just pass a hash
-    # of attr=>[val, val, ...]; for an update, the first parameter is
-    # a hash of attr=>[:modtype, val, val...] and the second parameter
-    # is the existing entry, where it is assumed that the attribute names
-    # are already in their standard string forms (as returned by attr#name)
-    #
-    # Returns a hash containing the updated entry.
-    #
-    # If a block is given, it is called to decide whether the user is
-    # allowed to update an attribute; parameter is the attr *object*
-    # (not name; use #name if you need its name instead). Return false
-    # if the update is not permitted. Otherwise, the only restriction
-    # will be that updates to attributes declared 'nousermod' are forbidden.
-    #
-    # No DN checks are done here, since we don't know the DN.
-    # Checking that the entry contains an attribute for the RDN is the
-    # responsibility of the caller.
-    def validate(mods, entry={})
-      # Run through the mods, make the normalized names, and perform any
-      # updates
-      # FIXME: I don't know if these are the right results to return
-      # for the various types of validation errors
-      oc_changed = false
-      res = entry.dup
-      mods.each do |attrname, nv|
-        attr = find_attrtype(attrname)
-        attrname = attr.to_s
-        raise LDAP::ResultError::ConstraintViolation,
-          "Cannot modify #{attrname}" if attr.nousermod or
-                                     (block_given? and !yield(attr))
-        # Perform the update
-        vals = res[attrname] || []
-        checkvals = []
-        nv = [nv] unless nv.is_a?(Array)
-        case nv.first
-        when :add
-          checkvals = nv[1..-1]
-          vals += checkvals
-          vals.uniq!   # FIXME: ?? error if duplicate values
-          # FIXME: normalize values? e.g. c: gb and c: GB are same value.
-        when :delete
-          nv = nv[1..-1]
-          if nv.empty?
-            vals = [] # ?? error if does not exist
-          else
-            nv.each { |v| vals.delete(v) } # ?? error if value missing
-          end
-        when :replace
-          vals = checkvals = nv[1..-1]
-        else
-          vals = checkvals = nv
-        end
-        if vals == []
-          res.delete(attrname)
-        else
-          res[attrname] = vals
-        end
-        # Attribute validation
-        raise LDAP::ResultError::ObjectClassViolation,
-          "Attribute #{attr} is SINGLE-VALUE" if attr.singlevalue and vals.size > 1
-        checkvals.each do |val|
-          raise LDAP::ResultError::InvalidAttributeSyntax,
-            "Nil or empty value for attribute #{attr}" if val.nil? or val.empty?
-          raise LDAP::ResultError::InvalidAttributeSyntax,
-            "Bad value for #{attr}: #{val.inspect}" if attr.syntax and ! attr.syntax.match(val)
-          raise LDAP::ResultError::InvalidAttributeSyntax,
-            "Value too long for #{attr} (max #{attr.maxlen})" if attr.maxlen and val.length > attr.maxlen
-        end
-        oc_changed = true if attrname == 'objectClass'
-      end
-      # Now do objectClass checks
-      oc = res['objectClass']
-      unless oc
-        raise LDAP::ResultError::ObjectClassViolation,
-          "objectClass attribute missing"
-      end
-      oc = oc.collect { |val| find_objectclass(val) }
-      if oc_changed
-        # Add superior objectClasses (note: growing an array while you
-        # iterate over it seems to work, in ruby-1.8.2 anyway!)
-        oc.each do |objectclass|
-          objectclass.sup.each do |s|
-            oc.push(s) unless oc.include?(s)
-          end
-        end
-        res['objectClass'] = oc.collect { |oo| oo.to_s }
-        # Check that exactly one structural objectClass is present
-        unless oc.find_all { |s| s.struct == :structural }.size >= 1
-          raise LDAP::ResultError::ObjectClassViolation,
-            "Entry must have at least one structural objectClass"
-            # Exactly one? But you have to sort out the inheritance problem
-            # (e.g. both person and organizationalPerson are declared
-            # structural)
-        end
-      end
-      # Ensure that all MUST attributes are present
-      allow_attr = {}
-      oc.each do |objectclass|
-        objectclass.must.each do |m|
-          unless res[m.name] and res[m.name] != []
-            raise LDAP::ResultError::ObjectClassViolation, "Missing attribute #{m} required by objectClass #{objectclass}"
-          end
-          allow_attr[m.name] = true
-        end
-        objectclass.may.each do |m|
-          allow_attr[m.name] = true
-        end
-      end
-      unless oc.find { |objectclass| objectclass.name == 'extensibleObject' }
-        # Now check all the attributes given are permitted by MUST or MAY
-        res.each_key do |attr|
-          unless allow_attr[attr] or find_attrtype(attr).usage == :directoryOperation
-            raise LDAP::ResultError::ObjectClassViolation, "Attribute #{attr} not permitted by objectClass"
-          end
-        end
-      end
-      return res
-    end
-    # Hopefully backwards-compatible API for ruby-ldap's LDAP::Schema.
-    # Since MUST/MAY/SUP may point to schema objects, convert them back
-    # to strings.
-    def names(key)
-      case key
-      when 'objectClasses'
-        return all_objectclasses.collect { |e| e.name }
-      when 'attributeTypes'
-        return all_attrtypes.collect { |e| e.name }
-      when 'ldapSyntaxes'
-        return LDAP::Server::Syntax.all_syntaxes.collect { |e| e.name }
-      when 'matchingRules'
-        return LDAP::Server::MatchingRule.all_matching_rules.collect { |e| e.name }
-      # TODO: matchingRuleUse
-      end
-      return nil
-    end
-    # Backwards-compatible for ruby-ldap LDAP::Schema
-    def attr(oc,at)
-      o = find_objectclass(oc)
-      case at.upcase
-      when 'MUST'
-        return o.must.collect { |e| e.to_s }
-      when 'MAY'
-        return o.may.collect { |e| e.to_s }
-      when 'SUP'
-        return o.sup.collect { |e| e.to_s }
-      when 'NAME'
-        return o.names.collect { |e| e.to_s }
-      when 'DESC'
-        return [o.desc]
-      end
-      return nil
-    rescue LDAP::ResultError
-      return nil
-    end
-    # Backwards-compatible for ruby-ldap LDAP::Schema
-    def must(oc)
-      attr(oc, "MUST")
-    end
-    # Backwards-compatible for ruby-ldap LDAP::Schema
-    def may(oc)
-      attr(oc, "MAY")
-    end
-    # Backwards-compatible for ruby-ldap LDAP::Schema
-    def sup(oc)
-      attr(oc, "SUP")
-    end
-    #####################################################################
-    # Class holding an instance of an AttributeTypeDescription (RFC2252 4.2)
-    class AttributeType
-      attr_reader :oid, :names, :desc, :obsolete, :sup, :equality, :ordering
-      attr_reader :substr, :syntax, :maxlen, :singlevalue, :collective
-      attr_reader :nousermod, :usage
-      def initialize(str)
-        m = LDAP::Server::Syntax::AttributeTypeDescription.match(str)
-        raise LDAP::ResultError::InvalidAttributeSyntax,
-          "Bad AttributeTypeDescription #{str.inspect}" unless m
-        @oid = m[1]
-        @names = (m[2]||"").scan(/'(.*?)'/).flatten
-	@desc = m[3]
-	@obsolete = ! m[4].nil?
-	@sup = m[5]
-	@equality = m[6]
-	@ordering = m[7]
-	@substr = m[8]
-	@syntax = m[9]
-	@maxlen = m[10] && m[10].to_i
-	@singlevalue = ! m[11].nil?
-	@collective = ! m[12].nil?
-	@nousermod = ! m[13].nil?
-	@usage = m[14] && m[14].intern
-        # This is the cache of the stringified version. Rather than
-        # initialize to str, we set nil to force it to be rebuilt
-        @def = nil
-      end
-      def name
-        @names.first
-      end
-      def to_s
-        (@names && @names.first) || @oid
-      end
-      def changed
-        @def = nil
-      end
-      def to_def
-        return @def if @def
-        ans = "( #{@oid} "
-        if @names.nil? or @names.empty?
-          # nothing
-        elsif @names.size == 1
-          ans << "NAME '#{@names.first}' "
-        else
-          ans << "NAME ( "
-          @names.each { |n| ans << "'#{n}' " }
-          ans << ") "
-        end
-        ans << "DESC '#{@desc}' " if @desc
-        ans << "OBSOLETE " if @obsolete
-        ans << "SUP #{@sup} " if @sup			# oid
-        ans << "EQUALITY #{@equality} " if @equality	# oid
-        ans << "ORDERING #{@ordering} " if @ordering	# oid
-        ans << "SUBSTR #{@substr} " if @substr		# oid
-        ans << "SYNTAX #{@syntax}#{@maxlen && "{#{@maxlen}}"} " if @syntax
-        ans << "SINGLE-VALUE " if @singlevalue
-        ans << "COLLECTIVE " if @collective
-        ans << "NO-USER-MODIFICATION " if @nousermod
-        ans << "USAGE #{@usage} " if @usage
-        ans << ")"
-        @def = ans
-      end
-    end # class AttributeType
-    #####################################################################
-    # Class holding an instance of an ObjectClassDescription (RFC2252 4.4)
-    class ObjectClass
-      attr_reader :oid, :names, :desc, :obsolete, :sup, :struct, :must, :may
-      SCAN_WOID = /#{LDAP::Server::Syntax::WOID}/x
-      def initialize(str)
-        m = LDAP::Server::Syntax::ObjectClassDescription.match(str)
-        raise LDAP::ResultError::InvalidAttributeSyntax,
-          "Bad ObjectClassDescription #{str.inspect}" unless m
-        @oid = m[1]
-        @names = (m[2]||"").scan(/'(.*?)'/).flatten
-	@desc = m[3]
-	@obsolete = ! m[4].nil?
-	@sup = (m[5]||"").scan(SCAN_WOID).flatten
-        @struct = m[6] ? m[6].downcase.intern : :structural
-        @must = (m[7]||"").scan(SCAN_WOID).flatten
-        @may = (m[8]||"").scan(SCAN_WOID).flatten
-        @def = nil
-      end
-      def name
-        @names.first
-      end
-      def to_s
-        (@names && @names.first) || @oid
-      end
-      def changed
-        @def = nil
-      end
-      def to_def
-        return @def if @def
-        ans = "( #{@oid} "
-        if @names.nil? or @names.empty?
-          # nothing
-        elsif @names.size == 1
-          ans << "NAME '#{@names.first}' "
-        else
-          ans << "NAME ( "
-          @names.each { |n| ans << "'#{n}' " }
-          ans << ") "
-        end
-        ans << "DESC '#{@desc}' " if @desc
-        ans << "OBSOLETE " if @obsolete
-        ans << joinoids("SUP ",@sup," ")
-        ans << "#{@struct.to_s.upcase} " if @struct
-        ans << joinoids("MUST ",@must," ")
-        ans << joinoids("MAY ",@may," ")
-        ans << ")"
-        @def = ans
-      end
-      def joinoids(pfx,arr,sfx)
-        return "" unless arr and !arr.empty?
-        return "#{pfx}#{arr}#{sfx}" unless arr.is_a?(Array)
-        a = arr.collect { |elem| elem.to_s }
-        if a.size == 1
-          return "#{pfx}#{a.first}#{sfx}"
-        else
-          return "#{pfx}( #{a.join(" $ ")} )#{sfx}"
-        end
-      end
-    end # class ObjectClass
-  end # class Schema
-end # class Server
-end # module LDAP