ldaptic 0.2.0 → 0.2.1

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2007 Tim Pope
+Copyright (c) Tim Pope
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.rdoc

@@ -29,18 +29,15 @@ a dynamically created module into a namespace of your choosing.
     )
   end
 
-The adapter field can usually be omitted as it defaults to :ldap_conn or
-:net_ldap, based on which of the above two gems can be found (though you might
-want to use the :active_directory adapter, which depends on ruby-ldap,
-instead).  If the base is omitted, it will use the first naming context on the
-server (usually what you want).
+The adapter can usually be omitted as it defaults to :ldap_conn or :net_ldap,
+based on which of the above two gems can be found.  If the base is omitted, it
+will use the first naming context on the server (usually what you want).
 
 Entries are retrieved using the search method.  Named parameters include
-:base, :filter, :sort, :limit, :scope, and :attributes.  All are optional.
+:base, :scope, :filter, :attributes, :scope, and :limit.  All are optional.
 
   entries = Example.search(
-    :filter => {:objectClass => 'inetOrgPerson'}
-    :sort => :cn,
+    :filter => {:objectClass => 'inetOrgPerson'},
     :limit => 10
   )
 
@@ -61,7 +58,7 @@ Predictably, entries have attribute readers and writers.
   => <["root"]>
   >> entry[:cn] = "admin"
 
-The returned object is an attribute set and behaves similar to an array.  Some
+The returned object is an attribute set and is similar to an array.  Some
 attributes are marked by the server as "single value;" those will return the
 first element on method access but an attribute set on indexing access, for
 programmatic convenience.
@@ -80,7 +77,7 @@ The indexing syntax can also be used to create and fetch children.
   >> users[:cn=>'admin']
   => #<Example::InetOrgPerson cn=admin,ou=Users,dc=example,dc=com ...>
 
-Entries also implement many of the standard methods you've come to expect in
+Entry also implements many of the standard methods you've come to expect in
 an Active Record world (save, valid?, errors, to_param, attributes, ...).
 In fact, it is fully Active Model compliant.
 
@@ -89,10 +86,6 @@ methods like search), Ldaptic::Entry, and Ldaptic::AttributeSet.
 
 == To Do
 
-* Verify everything still works.  The tests take care of much of this, but
-  there are no integration tests for the adapters.  In particular, I have no
-  way to verify the Active Directory adapter still works.
-
 * The test suite (reflecting my fledgling testing abilities from 2007) is more
   smoke test than BDD.  Perhaps switch to RSpec in the quest to rectify this.
 
@@ -100,5 +93,3 @@ methods like search), Ldaptic::Entry, and Ldaptic::AttributeSet.
   Record") are in the GitHub issue tracker.  Vote for and comment on the ones
   you would find useful, as most are on hold until someone has a real use
   case.
-
-* Pick a better name?  Ldaptic has an ambiguous spelling.

data/lib/ldaptic/adapters/active_directory_adapter.rb

@@ -3,6 +3,11 @@ require 'ldaptic/adapters/active_directory_ext'
 
 module Ldaptic
   module Adapters
+    # Before using this adapter, try the :ldap_conn adapter.  The notes below
+    # were originally thought to apply to all Active Directory servers, but now
+    # I suspect they are peculiarities of a former employer's setup.  This
+    # adapter is a candidate for removal.
+    #
     # ActiveDirectoryAdapter is a LDAPConnAdapter with some Active Directory
     # specific behaviors.  To help mitigate server timeout issues, this adapter
     # binds on each request and unbinds afterwards.  For search requests, the
@@ -46,11 +51,10 @@ module Ldaptic
             username = [@options[:domain], username].join("\\")
           else
             conn = new_connection(3268)
-            dn = conn.search2("", 0, "(objectClass=*", ['defaultNamingContext']).first['defaultNamingContext']
+            dn = conn.search2("", 0, "(objectClass=*)", ['defaultNamingContext']).first['defaultNamingContext']
             if dn
-              domain = Ldaptic::DN(dn).rdns.map {|rdn| rdn[:dc]}.compact
-              unless domain.empty?
-                username = [username, domain.join(".")].join("@")
+              if domain = Ldaptic::DN(dn).domain
+                username = [username, domain].join('@')
               end
             end
           end
@@ -70,7 +74,7 @@ module Ldaptic
       end
 
       def with_writer(&block)
-        with_port(389, &block)
+        with_port(@options[:port] || 389, &block)
       end
 
     end

data/lib/ldaptic/adapters/active_directory_ext.rb

@@ -1,3 +1,5 @@
+require 'date'
+
 # Converts an integer representing the number of microseconds since January 1,
 # 1600 to a DateTime.
 def DateTime.microsoft(tinies)

data/lib/ldaptic/adapters/ldap_conn_adapter.rb

@@ -153,10 +153,6 @@ module Ldaptic
       end
 
       def search_parameters(options = {})
-        case options[:sort]
-        when Proc, Method then s_attr, s_proc = nil, options[:sort]
-        else s_attr, s_proc = options[:sort], nil
-        end
         [
           options[:base],
           options[:scope],
@@ -165,8 +161,6 @@ module Ldaptic
           options[:attributes_only],
           options[:timeout].to_i,
           ((options[:timeout].to_f % 1) * 1e6).round,
-          s_attr.to_s,
-          s_proc
         ]
       end
 

data/lib/ldaptic/attribute_set.rb

@@ -31,9 +31,9 @@ module Ldaptic
       @syntax = @entry.namespace.attribute_syntax(@name)
       @target = target
       if @type.nil?
-        @entry.logger "Unknown type for attribute #@name"
+        @entry.logger.warn "Unknown type for attribute #@name"
       elsif @syntax.nil?
-        @entry.logger "Unknown syntax #{@type.syntax_oid} for attribute #{@name}"
+        @entry.logger.warn "Unknown syntax #{@type.syntax_oid} for attribute #{@name}"
       end
     end
 
@@ -77,15 +77,37 @@ module Ldaptic
       @target.empty?
     end
 
-    # Adds the given attributes, discarding duplicates.  Currently, a duplicate
-    # is determined by == (case sensitive) rather than by the server (typically
-    # case insensitive).  All arrays are flattened.
-    def add(*attributes)
-      dest = @target.dup
-      safe_array(attributes).each do |attribute|
-        dest.push(attribute) unless include?(attribute)
+    def index(*args, &block)
+      if block_given? || args.size != 1
+        return to_a.index(*args, &block)
+      else
+        target = matchable(args.first)
+        @target.each_with_index do |candidate, index|
+          return index if matchable(candidate) == target
+        end
       end
-      replace(dest)
+      nil
+    end
+    alias find_index index
+    alias rindex index
+
+    def include?(target)
+      !!index(target)
+    end
+
+    def exclude?(target)
+      !index(target)
+    end
+
+    # Like #include?, but asks the server rather than checking locally.
+    def compare(target)
+      @entry.compare(@name, target)
+    end
+
+    # Adds the given attributes, discarding duplicates.  All arrays are
+    # flattened.
+    def add(*attributes)
+      replace(@target + safe_array(attributes))
     end
     alias <<     add
     alias concat add
@@ -102,7 +124,16 @@ module Ldaptic
     def replace(*attributes)
       attributes = safe_array(attributes)
       user_modification_guard
-      @target.replace(attributes)
+      seen = {}
+      filtered = []
+      attributes.each do |value|
+        matchable = matchable(value)
+        unless seen[matchable]
+          filtered << value
+          seen[matchable] = true
+        end
+      end
+      @target.replace(filtered)
       self
     end
 
@@ -119,16 +150,13 @@ module Ldaptic
 
     # Remove the given attributes given, functioning more or less like
     # Array#delete, except accepting multiple arguments.
-    #
-    # Two passes are made to find each element, one case sensitive and one
-    # ignoring case, before giving up.
     def delete(*attributes, &block)
       return clear if attributes.flatten.empty?
       dest = @target.dup
       ret = []
       safe_array(attributes).each do |attribute|
         ret << dest.delete(attribute) do
-          match = dest.detect {|x| x.downcase == attribute.downcase}
+          match = dest.detect {|x| matchable(x) == matchable(attribute)}
           if match
             dest.delete(match)
           else
@@ -158,8 +186,7 @@ module Ldaptic
     alias map! collect!
 
     def insert(index, *objects)
-      user_modification_guard
-      @target.insert(index, *safe_array(objects))
+      replace(@target.dup.insert(index, *safe_array(objects)))
       self
     end
 
@@ -261,6 +288,14 @@ module Ldaptic
       end
     end
 
+    def matchable(value)
+      if @type
+        @type.matchable(value)
+      else
+        format(value)
+      end
+    end
+
     def safe_array(attributes)
       Array(attributes).flatten.compact.map {|x| format(x)}
     end

data/lib/ldaptic/dn.rb

@@ -75,13 +75,13 @@ module Ldaptic
       filter = "(objectClass=*)"
       if source.respond_to?(:search2_ext)
         source.search2(
-          self.to_s,
+          to_s,
           scope,
           filter
         )
       elsif source.respond_to?(:search)
         Array(source.search(
-          :base => self.to_s,
+          :base => to_s,
           :scope => scope,
           :filter => filter,
           :limit => 1
@@ -113,6 +113,12 @@ module Ldaptic
       end
     end
 
+    # Join all DC elements with periods.
+    def domain
+      components = rdns.map {|rdn| rdn[:dc]}.compact
+      components.join('.') unless components.empty?
+    end
+
     def parent
       Ldaptic::DN(rdns[1..-1], source)
     end
@@ -142,12 +148,10 @@ module Ldaptic
         end
       end
       if other.kind_of?(Ldaptic::DN)
-        self.rdns == other.rdns
+        rdns == other.rdns
       else
         super
       end
-    # rescue
-      # super
     end
 
     # Pass in one or more hashes to augment the DN.  Otherwise, this behaves
@@ -338,7 +342,7 @@ module Ldaptic
     end
 
     def merge(hash)
-      self.dup.update(hash)
+      dup.update(hash)
     end
 
     def delete(key)

data/lib/ldaptic/entry.rb

@@ -48,11 +48,18 @@ module Ldaptic
       def create_accessors #:nodoc:
         to_be_evaled = ""
         (may(false) + must(false)).each do |attr|
-          method = attr.to_s.tr_s('-_', '_-')
-          to_be_evaled << <<-RUBY
-          def #{method}() read_attribute('#{attr}').one end
-          def #{method}=(value) write_attribute('#{attr}', value) end
-          RUBY
+          if type = namespace.attribute_type(attr)
+            names = type.names
+          else
+            names = [attr]
+          end
+          names.each do |name|
+            method = name.to_s.tr_s('-_', '_-')
+            to_be_evaled << <<-RUBY
+            def #{method}() read_attribute('#{attr}').one end
+            def #{method}=(value) write_attribute('#{attr}', value) end
+            RUBY
+          end
         end
         class_eval(to_be_evaled, __FILE__, __LINE__)
       end
@@ -176,7 +183,7 @@ module Ldaptic
       @attributes = {}
       data = data.dup
       if dn = data.delete('dn') || data.delete(:dn)
-        dn.first if dn.kind_of?(Array)
+        dn = dn.first if dn.kind_of?(Array)
         self.dn = dn
       end
       merge_attributes(data)
@@ -273,7 +280,11 @@ module Ldaptic
     # #method_missing delegates to this method, method names with underscores
     # map to attributes with hyphens.
     def read_attribute(key)
-      key = Ldaptic.encode(key)
+      if type = namespace.attribute_type(key)
+        key = type.names.first
+      else
+        key = Ldaptic.encode(key)
+      end
       @attributes[key] ||= ((@original_attributes || {}).fetch(key, [])).dup
       Ldaptic::AttributeSet.new(self, key, @attributes[key])
     end
@@ -302,7 +313,7 @@ module Ldaptic
     # Changes are not committed to the server until #save is called.
     def write_attribute(key, values)
       set = read_attribute(key)
-      if values.respond_to?(:to_str) && set.syntax_object && set.syntax_object.error("1\n1")
+      if values.respond_to?(:to_str) && !set.single_value? && set.syntax_object && set.syntax_object.error("1\n1")
         values = values.split(/\r?\n/)
       elsif values == ''
         values = []
@@ -357,7 +368,6 @@ module Ldaptic
       namespace.compare(dn, key, value)
     end
 
-    # attr_reader :attributes
     def attribute_names
       attributes.keys
     end
@@ -370,25 +380,41 @@ module Ldaptic
       self['objectClass'].map {|c| namespace.object_class(c)} - self.class.ldap_ancestors
     end
 
-    def must(all = true)
-      self.class.must(all) + aux.map {|a|a.must(false)}.flatten
+    def must(include_aliases = false)
+      attrs = (self.class.must + aux.map {|a| a.must(false)}.flatten).uniq
+      if include_aliases
+        attrs.map do |attr|
+          type = namespace.attribute_type(attr)
+          type ? type.names : attr
+        end.flatten
+      else
+        attrs
+      end
     end
 
-    def may(all = true)
-      self.class.may(all)  + aux.map {|a|a.may(false)}.flatten
+    def may(include_aliases = false)
+      attrs = (self.class.may + aux.map {|a| a.may(false)}.flatten).uniq - must
+      if include_aliases
+        attrs.map do |attr|
+          type = namespace.attribute_type(attr)
+          type ? type.names : attr
+        end.flatten
+      else
+        attrs
+      end
     end
 
     def may_must(attribute)
       attribute = Ldaptic.encode(attribute)
-      if must.include?(attribute)
+      if must(true).include?(attribute)
         :must
-      elsif may.include?(attribute)
+      elsif may(true).include?(attribute)
         :may
       end
     end
 
     def respond_to?(method, *) #:nodoc:
-      both = may + must
+      both = may(true) + must(true)
       super || (both + both.map {|x| "#{x}="} + both.map {|x| "#{x}-before-type-cast"}).include?(Ldaptic.encode(method.to_sym))
     end
 
@@ -435,7 +461,10 @@ module Ldaptic
     alias find /
 
     def fetch(dn = self.dn, options = {}) #:nodoc:
-      search({:base => dn}.merge(options))
+      if dn.kind_of?(Hash)
+        dn = self.dn/dn
+      end
+      namespace.fetch(dn, options)
     end
 
     # If a Hash or a String containing "=" is given, the argument is treated as

data/lib/ldaptic/filter.rb

@@ -144,7 +144,7 @@ module Ldaptic
       def process
         "(#{@array*''})" if @array.compact.size > 1
       end
-      def to_net_ldap_filter #:nodoc
+      def to_net_ldap_filter #:nodoc:
         @array[1..-1].inject {|m, o| m.to_net_ldap_filter.send(@array.first, o.to_net_ldap_filter)}
       end
     end

data/lib/ldaptic/matching_rules.rb

@@ -0,0 +1,80 @@
+require 'ldaptic/syntaxes'
+
+module Ldaptic
+  # RFC4517 - Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules
+  # RFC4518 - Lightweight Directory Access Protocol (LDAP): Internationalized
+  # String Preparation
+  module MatchingRules
+    def self.for(name)
+      name = name.to_s
+      name = name[0..0].upcase + name[1..-1].to_s
+      if !name.empty? && const_defined?(name)
+        const_get(name)
+      else
+        CaseIgnoreMatch
+      end
+    end
+
+    class OctetStringMatch
+      def matchable(value)
+        value
+      end
+
+      def match(one, two)
+        matchable(one) == matchable(two)
+      end
+    end
+
+    class Boolean < OctetStringMatch
+    end
+
+    class CaseExactMatch < OctetStringMatch
+      def matchable(value)
+        super.gsub(/ +/, '  ').sub(/\A */, ' ').sub(/ *\z/, ' ')
+      end
+    end
+
+    class CaseExactIA5Match < CaseExactMatch
+    end
+
+    class CaseIgnoreMatch < CaseExactMatch
+      def matchable(value)
+        super.downcase
+      end
+    end
+
+    class CaseIgnoreIA5Match < CaseIgnoreMatch
+    end
+
+    class CaseIgnoreListMatch < CaseIgnoreMatch
+    end
+
+    class GeneralizedTimeMatch < OctetStringMatch
+      def matchable(value)
+        Ldaptic::Syntaxes::GeneralizedTime.parse(value)
+      end
+    end
+
+    class NumericStringMatch < OctetStringMatch
+      def matchable(value)
+        super.delete(' ')
+      end
+    end
+
+    class DistinguishedNameMatch < OctetStringMatch
+      def matchable(value)
+        Ldaptic::DN(value)
+      end
+    end
+
+    class TelephoneNumberMatch < CaseIgnoreMatch
+      # Doesn't remove unicode hyphen equivalents \u058A, \u2010, \u2011,
+      # \u2212, \ufe63, or \uff0d on account of unicode being so darn difficult
+      # to get right in both 1.8 and 1.9.
+      def matchable(value)
+        super.delete(' ').delete('-')
+      end
+    end
+
+  end
+end