ldaptic 0.2.0

data/lib/ldaptic/adapters/net_ldap_adapter.rb

@@ -0,0 +1,173 @@
+require 'ldaptic/adapters/abstract_adapter'
+
+module Ldaptic
+  module Adapters
+    class NetLDAPAdapter < AbstractAdapter
+
+      register_as(:net_ldap)
+
+      def initialize(options)
+        require 'net/ldap'
+        require 'ldaptic/adapters/net_ldap_ext'
+        if defined?(::Net::LDAP) && options.kind_of?(::Net::LDAP)
+          options = {:adapter => :net_ldap, :connection => option}
+        else
+          options = (options || {}).dup
+        end
+        if connection = options[:connection]
+          auth       = connection.instance_variable_get(:@auth) || {}
+          encryption = connection.instance_variable_get(:@encryption)
+          options = {
+            :adapter => :net_ldap,
+            :host => connection.host,
+            :port => connection.port,
+            :base => connection.base == "dc=com" ? nil : connection.base,
+            :username => auth[:username],
+            :password => auth[:password]
+          }.merge(options)
+          if encryption
+            options[:encryption] ||= encryption
+          end
+        else
+          if options[:username]
+            auth = {:method => :simple, :username => options[:username], :password => options[:password]}
+          else
+            auth = {:method => :anonymous}
+          end
+          options[:connection] ||= ::Net::LDAP.new(
+            :host => options[:host],
+            :port => options[:port],
+            :encryption => options[:encryption],
+            :auth => auth
+          )
+        end
+        @connection = options.delete(:connection)
+        @logger     = options.delete(:logger)
+        super(options)
+      end
+
+      attr_reader :connection
+
+      def add(dn, attributes)
+        connection.add(:dn => dn, :attributes => attributes)
+        handle_errors
+      end
+
+      def modify(dn, attributes)
+        if attributes.kind_of?(Hash)
+          attributes = attributes.map {|k, v| [:replace, k, v]}
+        end
+        connection.modify(
+          :dn => dn,
+          :operations => attributes
+        )
+        handle_errors
+      end
+
+      def delete(dn)
+        connection.delete(:dn => dn)
+        handle_errors
+      end
+
+      def rename(dn, new_rdn, delete_old, new_superior = nil)
+        connection.rename(:olddn => dn, :newrdn => new_rdn, :delete_attributes => delete_old, :newsuperior => new_superior)
+        handle_errors
+      end
+
+      DEFAULT_CAPITALIZATIONS = %w[
+        objectClass
+
+        objectClasses
+        attributeTypes
+        matchingRules
+        matchingRuleUse
+        dITStructureRules
+        dITContentRules
+        nameForms
+        ldapSyntaxes
+
+        configurationNamingContext
+        currentTime
+        defaultNamingContext
+        dn
+        dnsHostName
+        domainControllerFunctionality
+        domainFunctionality
+        dsServiceName
+        forestFunctionality
+        highestCommittedUSN
+        isGlobalCatalogReady
+        isSynchronized
+        ldapServiceName
+        namingContexts
+        rootDomainNamingContext
+        schemaNamingContext
+        serverName
+        subschemaSubentry
+        supportedCapabilities
+        supportedControl
+        supportedLDAPPolicies
+        supportedLDAPVersion
+        supportedSASLMechanisms
+      ].inject({}) { |h, k| h[k.downcase] = k; h }
+
+      def search(options = {}, &block)
+        options = options.merge(:return_result => false)
+        connection.search(options) do |entry|
+          hash = {}
+          entry.each do |attr, val|
+            attr = recapitalize(attr)
+            hash[attr] = val
+          end
+          block.call(hash)
+        end
+        handle_errors
+      end
+
+      # Convenience method which returns true if the credentials are valid, and
+      # false otherwise.  The credentials are discarded afterwards.
+      def authenticate(dn, password)
+        conn = Net::LDAP.new(
+          :host => @options[:host],
+          :port => @options[:port],
+          :encryption => @options[:encryption],
+          :auth => {:method => :simple, :username => dn, :password => password}
+        )
+        conn.bind
+      end
+
+      def default_base_dn
+        @options[:base] || server_default_base_dn
+      end
+
+      def inspect
+        "#<#{self.class} #{@connection.inspect}>"
+      end
+
+      private
+      def recapitalize(attribute)
+        attribute = attribute.to_s
+        @cached_capitalizations ||= DEFAULT_CAPITALIZATIONS
+        caps = @cached_capitalizations[attribute] ||=
+          attribute_types.keys.detect do |x|
+            x.downcase == attribute.downcase
+          end
+        if caps
+          caps
+        else
+          logger.warn "Original capitalization for #{attribute} unknown"
+          @cached_capitalizations[attribute] = attribute
+        end
+      end
+
+      def handle_errors
+        result = yield if block_given?
+        err = @connection.get_operation_result
+        Ldaptic::Errors.raise_unless_zero(err.code, err.message)
+        result
+      end
+
+    end
+
+  end
+end

data/lib/ldaptic/adapters/net_ldap_ext.rb

@@ -0,0 +1,24 @@
+require 'net/ldap'
+module Net # :nodoc:
+  class LDAP # :nodoc:
+
+    class Connection # :nodoc:
+      # Monkey-patched in support for new superior.
+      def rename args
+        old_dn = args[:olddn] or raise "Unable to rename empty DN"
+        new_rdn = args[:newrdn] or raise "Unable to rename to empty RDN"
+        new_superior = args[:newsuperior]
+        delete_attrs = args[:delete_attributes] ? true : false
+
+        request = [old_dn.to_ber, new_rdn.to_ber, delete_attrs.to_ber]
+        request << new_superior.to_ber(128) if new_superior
+        request = request.to_ber_appsequence(12)
+        pkt = [next_msgid.to_ber, request].to_ber_sequence
+        @conn.write pkt
+
+        (be = @conn.read_ber(AsnSyntax)) && (pdu = Net::LdapPdu.new( be )) && (pdu.app_tag == 13) or raise LdapError.new( "response missing or invalid" )
+        pdu.result_code
+      end
+    end
+  end
+end

data/lib/ldaptic/attribute_set.rb

@@ -0,0 +1,283 @@
+require 'ldaptic/escape'
+
+module Ldaptic
+  # AttributeSet, like the name suggests, represents a set of attributes.  Most
+  # operations are delegated to an array, so the usual array methods should
+  # work transparently.
+  class AttributeSet
+
+    attr_reader :entry, :name, :type, :syntax
+
+    # The original attributes before type conversion.  Mutating the result
+    # mutates the original attributes.
+    def before_type_cast
+      @target
+    end
+
+    def to_a
+      typecast(@target)
+    end
+    alias to_ary to_a
+
+    include Enumerable
+    def each(&block)
+      to_a.each(&block)
+    end
+
+    def initialize(entry, name, target)
+      @entry  = entry
+      @name   = Ldaptic.encode(name)
+      @type   = @entry.namespace.attribute_type(@name)
+      @syntax = @entry.namespace.attribute_syntax(@name)
+      @target = target
+      if @type.nil?
+        @entry.logger "Unknown type for attribute #@name"
+      elsif @syntax.nil?
+        @entry.logger "Unknown syntax #{@type.syntax_oid} for attribute #{@name}"
+      end
+    end
+
+    def errors
+      return ['is forbidden'] if forbidden? && !empty?
+      errors = []
+      if single_value? && size > 1
+        errors << "does not accept multiple values"
+      elsif mandatory? && empty?
+        errors << "is mandatory"
+      end
+      if syntax_object
+        errors += @target.map { |v| syntax_object.error(v) }.compact
+      end
+      errors
+    end
+
+    # Delegates to an array.
+    def method_missing(method, *args, &block)
+      to_a.send(method, *args, &block)
+    end
+
+    def ===(object)
+      to_a === object
+    end
+
+    def eql?(object)
+      to_a.eql?(object)
+    end
+    alias == eql?
+
+    def respond_to?(method, *args) #:nodoc:
+      super || @target.respond_to?(method, *args)
+    end
+
+    def size
+      @target.size
+    end
+
+    def empty?
+      @target.empty?
+    end
+
+    # Adds the given attributes, discarding duplicates.  Currently, a duplicate
+    # is determined by == (case sensitive) rather than by the server (typically
+    # case insensitive).  All arrays are flattened.
+    def add(*attributes)
+      dest = @target.dup
+      safe_array(attributes).each do |attribute|
+        dest.push(attribute) unless include?(attribute)
+      end
+      replace(dest)
+    end
+    alias <<     add
+    alias concat add
+    alias push   add
+
+    # Add the desired attributes to the LDAP server immediately.
+    def add!(*attributes)
+      @entry.add!(@name, safe_array(attributes))
+      self
+    end
+
+    # Does a complete replacement of the attributes.  Multiple attributes can
+    # be given as either multiple arguments or as an array.
+    def replace(*attributes)
+      attributes = safe_array(attributes)
+      user_modification_guard
+      @target.replace(attributes)
+      self
+    end
+
+    # Replace the entire attribute at the LDAP server immediately.
+    def replace!(*attributes)
+      @entry.replace!(@name, safe_array(attributes))
+      self
+    end
+
+    def clear
+      replace([])
+      self
+    end
+
+    # Remove the given attributes given, functioning more or less like
+    # Array#delete, except accepting multiple arguments.
+    #
+    # Two passes are made to find each element, one case sensitive and one
+    # ignoring case, before giving up.
+    def delete(*attributes, &block)
+      return clear if attributes.flatten.empty?
+      dest = @target.dup
+      ret = []
+      safe_array(attributes).each do |attribute|
+        ret << dest.delete(attribute) do
+          match = dest.detect {|x| x.downcase == attribute.downcase}
+          if match
+            dest.delete(match)
+          else
+            yield(attribute) if block_given?
+          end
+        end
+      end
+      replace(dest)
+      if attributes.size == 1 && !attributes.first.kind_of?(Array)
+        typecast ret.first
+      else
+        self
+      end
+    end
+    alias subtract delete
+
+    # Delete the desired values from the attribute at the LDAP server.
+    # If no values are given, the entire attribute is removed.
+    def delete!(*attributes)
+      @entry.delete!(@name, safe_array(attributes))
+      self
+    end
+
+    def collect!(&block)
+      replace(to_a.collect(&block))
+    end
+    alias map! collect!
+
+    def insert(index, *objects)
+      user_modification_guard
+      @target.insert(index, *safe_array(objects))
+      self
+    end
+
+    def unshift(*values)
+      insert(0, *values)
+    end
+
+    def reject!(&block)
+      user_modification_guard
+      @target.reject! do |value|
+        yield(typecast(value))
+      end
+    end
+
+    def delete_if(&block)
+      reject!(&block)
+      self
+    end
+
+    %w(delete_at pop shift slice!).each do |method|
+      class_eval(<<-EOS, __FILE__, __LINE__.succ)
+        def #{method}(*args, &block)
+          user_modification_guard
+          typecast(@target.#{method}(*args, &block))
+        end
+      EOS
+    end
+    alias []= slice!
+
+    %w(reverse! shuffle! sort! uniq!).each do |method|
+      class_eval(<<-EOS, __FILE__, __LINE__.succ)
+        def #{method}(*args)
+          Ldaptic::Errors.raise(NotImplementedError.new)
+        end
+      EOS
+    end
+
+    # Returns +true+ if the attribute is marked neither MUST nor MAY in the
+    # object class.
+    def forbidden?
+      !(@entry.must + @entry.may).include?(@name)
+    end
+
+    # Returns +true+ if the attribute is marked MUST in the object class.
+    def mandatory?
+      @entry.must.include?(@name)
+    end
+
+    # Returns +true+ if the attribute may not be specified more than once.
+    def single_value?
+      @type && @type.single_value?
+    end
+
+    # Returns +true+ for read only attributes.
+    def no_user_modification?
+      @type && @type.no_user_modification?
+    end
+
+    # If the attribute is a single value, return it, otherwise, return self.
+    def one
+      if single_value?
+        first
+      else
+        self
+      end
+    end
+
+    attr_reader :type
+
+    def to_s
+      @target.join("\n")
+    end
+
+    def inspect
+      "<#{to_a.inspect}>"
+    end
+
+    def as_json(*args) #:nodoc:
+      to_a.as_json(*args)
+    end
+
+    def syntax_object
+      @syntax && @syntax.object.new(@entry)
+    end
+
+    # Invokes +human_attribute_name+ on the attribute's name.
+    def human_name
+      @entry.class.human_attribute_name(@name)
+    end
+
+    private
+
+    def format(value)
+      value = @syntax ? syntax_object.format(value) : value
+      if no_user_modification? && value.kind_of?(String)
+        value.dup.freeze
+      else
+        value
+      end
+    end
+
+    def safe_array(attributes)
+      Array(attributes).flatten.compact.map {|x| format(x)}
+    end
+
+    def typecast(value)
+      case value
+      when Array then value.map {|x| typecast(x)}
+      when nil   then nil
+      else            @syntax ? syntax_object.parse(value) : value
+      end
+    end
+
+    def user_modification_guard
+      if no_user_modification?
+        Ldaptic::Errors.raise(TypeError.new("read-only attribute #{@name}"))
+      end
+    end
+
+  end
+end