lom 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 383b6cdf0a55888e40558ca5b24f46a7f5e5d033f27fc873e4625c42b385c571
+  data.tar.gz: cef1eef2f7ee9b2b39118e9f54b2d15f1ba5d35518ed04e98cb09a047cbbb34e
+SHA512:
+  metadata.gz: dd9eab41714ae145477e2756300b0041dd2d0a12f90485a3997e95266bbb121a33e8a3ed3660d8fd14e7372fd0cfa0fca6da6f800f61599a1c995da221b67b4f
+  data.tar.gz: f435226cb86088cfa48db588b105396b79fc0172eec4a967168b507dffb1039f201f6d7261d371edf63883c7fe519ca0d6167c649259f282a7d38e592ee929e1

data/README.md

@@ -0,0 +1,152 @@
+LDAP Object Mapper
+==================
+
+Allow to map LDAP object to ruby object.
+
+It is best used with dry-struct and dry-struct-setters libraries
+
+
+Examples
+========
+
+~~~ruby
+require 'net/ldap'
+require 'lom/ldap'
+
+using LOM::LDAP::Extensions
+
+# Define LDAP handler used by LOM
+LH = Net::LDAP.connect('ldap://127.0.0.1')
+LH.auth 'uid=root,ou=Admins,dc=example,dc=com', 'foobar'
+~~~
+
+~~~ruby
+# Defining mapping between LDAP and ruby using Dry::Struct
+#
+class User < Dry::Struct
+    include Dry::Struct::Setters
+    using LOM::LDAP::Extensions
+    
+    ADMINS_BRANCH     = 'ou=Admins,dc=example,dc=com'
+    TEAMS_BRANCH      = 'ou=Team,dc=example,dc=com'
+    
+    #
+    # Defining LDAP mapping
+    # 
+    extend LOM::Mapper
+
+    ldap_branch  "ou=People,dc=example,dc=com"
+    ldap_filter  '(objectClass=inetOrgPerson)'
+    ldap_attrs   '*', '+'
+    ldap_prefix  :uid
+    
+    ldap_from   do
+        {
+            :firstname       => first(:givenName,             String   ),
+            :lastname        => first(:sn,                    String   ),
+            :email           => first(:mail,                  String   ),
+            :homepage        => first(:labeledURI,            String   ),
+            :address         => first(:postalAddress,         String   ),
+            :title           => first(:title,                 String   ),
+            :type            =>   all(:objectClass,           String   )
+                                    .map(&:downcase)
+                                    .include?('posixaccount') ? :full : :minimal,
+            :login           => first(:uid,                   String   ),
+            :password        => nil,
+            :managers        =>   all(:manager,               String   )
+                                    .map {|m| User.ldap_dn_to_id(m) },
+            :locked          => first(:pwdAccountLockedTime,  Time     ),
+            :uid             => first(:uidNumber,             Integer  ),
+            :gid             => first(:gidNumber,             Integer  ),
+            :home            => first(:homeDirectory,         String   ),
+            :teams           =>   all(:memberOf,              String   ).map{|m|
+                    LOM.id_from_dn(m, TEAMS_BRANCH, :cn)
+                }.compact,
+        }.compact
+    end
+
+    ldap_to do
+        oclass = [ 'inetOrgPerson' ]
+        if type == :full
+            oclass += [ 'posixAccount', 'sambaSamAccount', 'pwdPolicy' ]
+            { :gecos      => fullname,
+              :loginShell => '/bin/bash'
+            }
+        end
+        
+        { :givenName        => firstname,
+          :sn               => lastname,
+          :cn               => fullname,
+          :mail             => email,
+          :labeledURI       => homepage,
+          :postalAddress    => address,
+          :title            => title,
+          :uid              => login,
+          :manager          => managers.map {|m| User.ldap_dn_from_id(m) },
+          :pwdAccountLockedTime => locked,
+          :uidNumber        => uid,
+          :gidNumber        => gid,
+          :homeDirectory    => home.to_s,
+        }
+    end
+
+    ldap_list    :locked,  ->(predicate=true) do
+        Filtered.exists(:pwdAccountLockedTime, predicate: predicate)
+    end
+
+    ldap_list   :manager,  ->(manager) do
+        Filtered.has(:manager, manager) {|m|
+            case m
+            when true,  nil   then Filtered::ANY
+            when false, :none then Filtered::NONE
+            else User.ldap_dn_from_id(m.to_str)
+            end
+        }
+    end
+    
+    
+    #
+    # Object structure
+    #
+    
+    transform_keys(&:to_sym)
+    
+    attribute  :firstname,       Types::String
+    attribute  :lastname,        Types::String
+    attribute  :email,           Types::EMail
+    attribute? :homepage,        Types::WebPage.optional
+    attribute? :address,         Types::String.optional
+    attribute  :title,           Types::String
+    attribute  :type,            Types::Symbol.enum(:minimal, :full)
+    attribute  :login,           Types::Login
+    attribute? :password,        Types::Password.optional
+    attribute? :managers,        Types::Array.of(Types::Login)
+    attribute? :locked,          Types::Time.optional
+    attribute? :uid,             Types::Integer
+    attribute? :gid,             Types::Integer
+    attribute? :home,            Types::Pathname
+    attribute  :teams,           Types::Array.of(Types::Team)
+
+    # Various User representation that can be used in processing
+    # as string, in sql statement, as JSON
+    def to_s            ; self.login                       ; end
+    def to_str          ; self.login                       ; end
+    def sql_literal(ds) ; ds.literal(self.login)           ; end
+    def to_json(*a)     ; self.to_hash.compact.to_json(*a) ; end
+   
+    # User full name.
+    def fullname
+        [ firstname, lastname ].join(' ')
+    end
+end
+~~~
+
+
+~~~ruby
+# Return user id of users for which account has been locked and 
+# with "John Doe" as manager 
+User.locked(true).manager('jdoe').list
+
+# Return list of users (as User instance)  without managers
+User.manager(false).all
+~~~

data/lib/lom.rb

@@ -0,0 +1,5 @@
+require_relative 'lom/core'
+require_relative 'lom/ldap'
+require_relative 'lom/handler'
+require_relative 'lom/mapper'
+

data/lib/lom/core.rb

@@ -0,0 +1,49 @@
+require_relative 'version'
+
+class LOM
+    # Standard Error
+    class Error < StandardError
+    end
+
+    # Entry not found
+    class EntryNotFound < Error
+    end
+
+    # Mapping error
+    class MappingError < Error
+    end
+
+    # Conversion error
+    class ConvertionError < Error
+    end
+
+    
+    # Time format used in ldap
+    TIME_FORMAT = "%Y%m%d%H%M%SZ"
+
+    
+    # Convert a Date/Time object to an ldap string representation
+    #
+    # @param [Date, Time] ts
+    #
+    # @return [String] string representation of time in ldap 
+    #
+    def self.to_ldap_time(ts)
+        case ts
+        when Date, Time then ts.strftime(TIME_FORMAT)
+        when nil        then nil
+        else raise ArgumentError
+        end
+    end
+
+    # Get debugging mode
+    def self.debug
+        @@debug ||= []
+    end
+
+    # Set debugging mode
+    # @param [Array<:dry,:verbose>] debugging options
+    def self.debug=(v)
+        @@debug = v
+    end
+end

data/lib/lom/filtered.rb

@@ -0,0 +1,171 @@
+require 'date'
+require_relative 'ldap/converters'
+require_relative 'ldap/extensions'
+
+class LOM
+
+class Filtered
+    include Enumerable
+
+    using LDAP::Extensions
+    using LDAP::Converters
+
+    NONE = Object.new.freeze
+    ANY  = Object.new.freeze
+
+    def initialize(src, filter = nil, paged: nil)
+        @src      = src
+        @filter   = filter
+        @paged    = paged
+    end
+    attr_reader :src, :filter, :paged
+
+    # Join two filter using a or operation
+    def |(o)
+        _operator_2('|', o)
+    end
+
+    # Join two filter using a and operation
+    def &(o)
+        _operator_2('&', o)
+    end
+
+    # Take the negation of this fileter
+    def ~@
+        _operator_1('!')
+    end
+
+
+    # Ask for paginated data.
+    #
+    # @note That is not supported by net/ldap and is emulated by taking
+    #       a slice of the retrieved data. Avoid using.
+    #
+    # @param [Integer] page index (starting from 1)
+    # @param [Integer] page size
+    #
+    # @return [self]
+    def paginate(page, page_size)
+        @paged = [ page, page_size ]
+        self
+    end
+
+    # Iterate over matching data
+    def each(*args, &block)
+        @src.each(*args, filter: @filter, paged: self.paged, &block)
+    end
+
+    # Retrieve matching data as a list of object
+    #
+    # @return [Array<Object>]
+    #
+    def all
+        each(:object).to_a
+    end
+
+    # Retrieve matching data as a list of id
+    #
+    # @return [Array<String>]
+    #
+    def list
+        each(:id).to_a
+    end
+
+    # Escape (and convert) a value for correct processing.
+    #
+    # Before escaping, the value will be converted to string using
+    # if possible #to_ldap, #to_str, and #to_s in case of symbol
+    #
+    # @param [Object] val value to be escaped
+    #
+    def self.escape(val)
+        val = if    val.respond_to?(:to_ldap) then val.to_ldap
+              elsif val.respond_to?(:to_str ) then val.to_str
+              elsif val.kind_of?(Symbol)      then val.to_s
+              else raise ArgumentError, 'can\'t convert to string'
+              end
+        Net::LDAP::Filter.escape(val)
+    end
+
+    # Test if an attribute exists
+    def self.exists(attr, predicate: true)
+        case predicate
+        when true,  nil   then   "(#{attr}=*)"
+        when false, :none then "(!(#{attr}=*))"
+        else raise ArgumentError
+        end
+    end
+
+    # Test if an attribute is of the specified value
+    def self.is(attr, val, predicate: true)
+        case predicate
+        when true,  nil then   "(#{attr}=#{escape(val)})"
+        when false      then "(!(#{attr}=#{escape(val)}))"
+        else raise ArgumentError
+        end
+    end
+
+    # Test if an attribute has the specified value.
+    # Using NONE will test for absence, ANY for existence
+    def self.has(attr, val)
+        val = yield(val) if block_given?
+
+        case val
+        when ANY  then   "(#{attr}=*)"
+        when NONE then "(!(#{attr}=*))"
+        else             "(#{attr}=#{escape(val)})"
+        end
+    end
+
+    # Test if an attribute as a time before the specified timestamp
+    # If an integer is given it is added to the today date
+    def self.before(attr, ts, predicate: true)
+        ts = Date.today + ts if ts.kind_of?(Integer)
+        ts = LOM.to_ldap_time(ts)       
+        "(#{attr}<=#{ts})".then {|f| predicate ? f : "(!#{f})" }
+    end
+
+    # Test if an attribute as a time after the specified timestamp
+    # If an integer is given it is subtracted to the today date
+    def self.after(attr, ts, predicate: true)
+        ts = Date.today - ts if ts.kind_of?(Integer)
+        ts = LOM.to_ldap_time(ts)
+        "(#{attr}>=#{ts})".then {|f| predicate ? f : "(!#{f})" }
+    end
+
+    private
+
+    # Operation with 2 elements
+    def _operator_2(op, o)
+        if @src != o.src
+            raise ArgumentError, 'filter defined with different sources'
+        end
+        _filter = if !@filter.nil? && !o.filter.nil?
+                  then Net::LDAP.filter(op, @filter, o.filter)
+                  else @filter || o.filter
+                  end
+        Filtered.new(@src, _filter, paged: o.paged || self.paged)
+    end
+
+    # Operation with 1 element
+    def _operator_1(op)
+        Filtered.new(@src, Net::LDAP.filter(op, @filter),
+                     paged: self.paged)
+    end
+
+    # Check if an ldap_list has been defined with that name
+    def respond_to_missing?(method_name, include_private = false)
+        @src.ldap_listing.include?(method_name) || super
+    end
+    
+    # Call the ldap_list defined with that name
+    def method_missing(method_name, *args, &block)
+        if @src.ldap_listing.include?(method_name)
+            self & @src.send(method_name, *args, &block)
+        else
+            super
+        end        
+    end
+    
+end
+end

data/lib/lom/handler.rb

@@ -0,0 +1,43 @@
+require 'forwardable'
+
+class LOM
+    using LDAP::Extensions
+
+    
+    def self.lh=(lh)
+        @lh = lh
+    end
+
+    # Get the LDAP handler to use
+    #
+    # In order of preference:
+    #
+    # * the handler set using lh=
+    # * the LH constant in this scope or parent scope
+    # * the one defined in $lh
+    #
+    def self.lh
+        @lh || const_get(:LH) || $lh
+    end   
+
+
+    # extend Forwardable
+    #
+    # def self.connect(*args)
+    #     self.new(Net::LDAP.connect(*args))
+    # end
+    #
+    # def initialize(lh)
+    #     @lh = lh
+    # end
+    #
+    # def_delegator :@lh, :search
+    # def_delegator :@lh, :update
+    # def_delegator :@lh, :modify
+    # def_delegator :@lh, :add
+    # def_delegator :@lh, :delete
+
+end
+                 
+
+

data/lib/lom/ldap.rb

@@ -0,0 +1,33 @@
+require_relative 'ldap/converters'
+require_relative 'ldap/extensions'
+
+class LOM
+    using LDAP::Extensions
+
+    # Retrieve the identifier.
+    #
+    # The given `dn` should be a direct child of the `branch`,
+    # and if `attr` is specified, the attribute name should also match.
+    #
+    # ~~~
+    # dn = "uid=jdoe,ou=People,dc=example,dc=com"
+    # LOM.id_from_dn(dn, "ou=People,dc=example,dc=com", :uid)
+    # ~~~
+    #
+    # @param [String]        dn      DN of the object 
+    # @param [String]        branch  Branch the DN should belong
+    # @param [Symbol,String] attr    Attribute name
+    #
+    # @return [String] Identifier
+    # @return [nil]    Unable to extract identifier
+    #
+    def self.id_from_dn(dn, branch, attr = nil)
+        if sub = Net::LDAP::DN.sub?(dn, branch)
+            k, v, o = sub.to_a
+            if o.nil? && (!attr.nil? || (k == attr.to_s))
+                v
+            end
+        end
+    end
+
+end

data/lib/lom/ldap/converters.rb

@@ -0,0 +1,132 @@
+require 'date'
+require 'set'
+
+require_relative '../core'
+
+
+module LOM::LDAP
+module Converters
+
+    #
+    # Integer
+    #
+    
+    refine Integer do
+        def to_ldap
+            self.to_s
+        end
+    end
+    
+    refine Integer.singleton_class do
+        def from_ldap(v)
+            Integer(v)
+        end
+    end
+
+    
+
+    #
+    # String
+    #
+    
+    refine String do
+        def to_ldap
+            self
+        end
+    end
+
+    refine String.singleton_class do
+        def from_ldap(v)
+            v
+        end
+    end
+
+    
+
+    #
+    # Date / Time
+    #
+    
+    refine Date do
+        def to_ldap
+            self.to_time.to_ldap
+        end
+    end
+
+    refine Date.singleton_class do
+        def from_ldap(date)
+            return nil if date.nil?
+            Date.parse(date)
+        end
+    end
+
+    refine Time do
+        def to_ldap
+            self.gmtime.strftime("%Y%m%d%H%M%SZ")
+        end
+    end
+
+    refine Time.singleton_class do
+        def from_ldap(time)
+            return nil if time.nil?
+            self::gm(time[0,4].to_i, time[4,2].to_i,  time[6,2].to_i,
+                     time[8,2].to_i, time[10,2].to_i, time[12,2].to_i)
+        end
+    end
+
+   
+
+    #
+    # Boolean
+    #
+    
+    refine TrueClass do
+        def to_ldap
+            'TRUE'
+        end
+    end
+
+    refine TrueClass.singleton_class do
+        def from_ldap(v)
+            v == 'TRUE'
+        end
+    end
+
+    refine FalseClass do
+        def to_ldap
+            'FALSE'
+        end
+    end        
+
+
+    
+    #
+    # Array / Set
+    #
+    
+    refine Set do
+        def to_ldap
+            self.to_a.to_ldap
+        end
+    end
+    
+    refine Array do
+        def to_ldap
+            self.map { |val|
+                if    val.respond_to?(:to_ldap) then val.to_ldap
+                elsif val.respond_to?(:to_str ) then val.to_str
+                elsif val.kind_of?(Symbol)      then val.to_s
+                else raise LOM::ConvertionError,
+                           "can't convert to string (#{val.class})"
+                end
+            }.tap {|list|
+                if err = list.find {|e| ! e.kind_of?(String) }
+                    raise LOM::ConvertionError,
+                          "detected a non-string element (#{err.class})"
+                end
+            }
+        end
+    end
+
+end
+end

data/lib/lom/ldap/extensions.rb

@@ -0,0 +1,257 @@
+# -*- coding: utf-8 -*-
+
+require 'net/ldap'
+require 'net/ldap/dn'
+
+require_relative '../core'
+
+
+module LOM::LDAP
+
+# Ensure that the Converters module exists.
+#
+# NOTE: If the optional refinements provided by this modules are required,
+#       they need to be defined/loaded before requiring this file
+#       For example: require 'lom/ldap/converters'
+module Converters
+end
+
+
+# Provide refinements to ease development with the net/ldap library:
+#
+# * Net::LDAP instance can be created from an URI
+#   using Net::LDAP.connect
+#
+# * Net::LDAP#search can use symbols for
+#      scope: :base, :one, :sub
+#      deref: :never, :search, :find, :always
+#
+# * Net::LDAP#get method allows retrieving the first entry of a DN
+#   (it is just a customized search query)
+#
+# * Net::LDAP#update method that try to intelligently update an
+#   LDAP attribute (to be used instead of Net::LDAP#modify)
+#
+# * Net::LDAP::Entry has been enhanced to easy casting of retrieved
+#   attributes
+#
+# * Net::LDAP::DN.sub? has been added to test if a DN is included
+#   in another, and will return the sub part
+#
+# * Net::LDAP::DN.escape and Net::LDAP:Filter.escape have been
+#   redefined to fix some issues
+#
+module Extensions
+    refine Net::LDAP.singleton_class  do
+        def filter(op, *args)
+            op, check = case op
+                        when :or,  '|'  then [ '|',  1.. ]
+                        when :and, '&'  then [ '&',  1.. ]
+                        when :not, '!'  then [ '!',  1   ]
+                        when :ge,  '>=' then [ '>=', 2   ]
+                        when :eq,  '='  then [ '=',  2   ]
+                        when :le,  '<=' then [ '<=', 2   ]
+                        else raise ArgumentError, 'Unknown operation'
+                        end
+            args = args.compact.map(&:strip).reject(&:empty?).map {|a|
+                if    ( a[0] == '(' ) && ( a[-1] == ')' ) then a
+                elsif ( a[0] != '(' ) && ( a[-1] != ')' ) then "(#{a})"
+                else raise ArgumentError, "Bad LDAP filter: #{a}"
+                end
+            }
+            case args.size
+            when 0 then nil
+            when 1 then args[0]
+            else        "(#{op}#{args.join})"
+            end
+        end
+
+        def connect(uri=nil, **opts)
+            if uri
+                uri = URI(uri)
+                case uri.scheme
+                when 'ldap'  then
+                when 'ldaps' then opts[:encryption] = :simple_tls
+                else raise ArgumentError, "Unsupported protocol #{proto}";
+                end
+                opts[:host] = uri.host
+                opts[:port] = uri.port
+            end
+            self.new(opts)
+        end
+    end
+    
+    refine Net::LDAP do
+        def close
+        end
+
+        def search(args={}, &block)
+            if deref = case args[:deref]
+                       when :never  then Net::LDAP::DerefAliases_Never
+                       when :search then Net::LDAP::DerefAliases_Search
+                       when :find   then Net::LDAP::DerefAliases_Find
+                       when :always then Net::LDAP::DerefAliases_Always
+                       end
+                args[:deref] = deref
+            end
+            if scope = case args[:scope]
+                       when :base   then Net::LDAP::SearchScope_BaseObject
+                       when :one    then Net::LDAP::SearchScope_SingleLevel
+                       when :sub    then Net::LDAP::SearchScope_WholeSubtree
+                       end
+                args[:scope] = scope
+            end
+            super(args, &block)
+        end
+
+        def get(dn:, attributes: nil, attributes_only: false,
+                return_result: true, time: nil, deref: :never, &block)
+            search(:base            => dn,
+                   :scope           => :base,
+                   :attributes      => attributes,
+                   :attributes_only => attributes_only,
+                   :return_result   => return_result,
+                   :time            => time,
+                   :deref           => deref,
+                   &block)
+                .then {|r| return_result ? r&.first : r }
+        end
+
+        # Update an existing dn entry.
+        # The necessary operation (add/modify/replace) will be built
+        # accordingly.
+        #
+        # @note the dn can be specified, either in the dn parameter
+        #       or as a key in the attributes parameter
+        #
+        # @param dn
+        # @param attributes
+        #
+        # @return [nil]     dn doesn't exist so it can't be updated
+        # @return [Boolean] operation success
+        #
+        # @raise [ArgumentError] if DN missing or incoherent
+        #
+        def update(dn: nil, attributes: {})
+            # Normalize keys
+            attributes = attributes.to_h.dup
+            attributes.transform_keys!   {|k| k.downcase.to_sym  }
+            attributes.transform_values! {|v| Array(v)           }
+            attributes.transform_values! {|v| v.empty? ? nil : v }
+
+            # Sanitize
+            _dn = attributes[:dn]
+            if _dn && _dn.size > 1
+                raise ArgumentError, 'only one DN can be specified'
+            end
+            if dn.nil? && _dn.nil?
+                raise ArgumentError, 'missing DN'
+            elsif dn && _dn && dn != _dn.first
+                raise ArgumentError, 'attribute DN doesn\'t match provided DN'
+            end
+
+            dn              ||= _dn.first
+            attributes[:dn]   = [ dn ]
+            
+            # Retrieve existing attributes
+            # Note: dn is always present in entries
+            entries = get(dn: dn, attributes: attributes.keys)
+            
+            # Entry not found
+            return nil if entries.nil?
+
+            # Identify keys
+            changing = attributes.compact.keys
+            removing = attributes.select {|k, v| v.nil? }.keys
+            existing = entries.attribute_names
+            add      = changing - existing
+            modify   = changing & existing 
+            delete   = removing & existing 
+
+            # Remove key from update if same content
+            modify.reject! {|k| attributes[k] == entries[k] }
+                
+            # Build operations
+            # Note: order is delete/modify/add
+            #       to avoid "Object Class Violation" due to possible
+            #       modification of objectClass
+            ops = []
+            ops += delete.map {|k| [ :delete,  k, nil           ] }
+            ops += modify.map {|k| [ :replace, k, attributes[k] ] }
+            ops += add   .map {|k| [ :add,     k, attributes[k] ] }
+
+            # Apply
+            if LOM.debug.include?(:verbose)
+                $stderr.puts "Update: #{dn}"
+                $stderr.puts ops.inspect
+            end
+            if LOM.debug.include?(:dry)
+                return true
+            end
+            return true if op.empty?                # That's a no-op
+            modify(:dn => dn, :operations => ops)   # Apply modifications
+        end       
+    end
+
+    refine Net::LDAP::Filter.singleton_class do
+        def escape(str)
+            str.gsub(/([\x00-\x1f*()\\])/) { '\\%02x' % $1[0].ord }
+        end
+    end
+
+    refine Net::LDAP::DN.singleton_class do
+        def sub?(dn, prefix)
+            _dn     = Net::LDAP::DN.new(dn    ).to_a
+            _prefix = Net::LDAP::DN.new(prefix).to_a
+            return nil if _dn.size <= _prefix.size
+            sub     = _dn[0 .. - (_prefix.size + 1)]
+            return nil if sub.empty?
+            Net::LDAP::DN.new(*sub)
+        end
+    end
+    
+    refine Net::LDAP::DN.singleton_class do
+        def escape(str)
+            str.gsub(/([\x00-\x1f])/     ) { '\\%02x' % $1[0].ord }     \
+               .gsub(/([\\+\"<>;,\#=])/  ) { '\\' + $1            }
+        end
+    end
+
+    refine Net::LDAP::Entry do
+        using LOM::LDAP::Converters
+        
+        def _cast(val, cnv=nil, &block)
+            if cnv && block
+                raise ArgumentError,
+                      'converter can\'t be pass as parameter and as block'
+            elsif block
+                cnv = block
+            end
+            
+            case cnv
+            when Method, Proc then cnv.call(val)
+            when Class        then cnv.from_ldap(val)
+            when nil          then val
+            else raise ArgumentError, "unhandled converter type (#{cnv.class})"
+            end
+        end
+        private :_cast
+
+        def [](name, cnv=nil, &block)
+            values = super(name)
+            if cnv.nil? && block.nil?
+            then values
+            else values.map {|e| _cast(e, cnv, &block) }
+            end
+        end
+        alias :all :[]
+        
+        def first(name, cnv=nil, &block)
+            if value = super(name)
+                _cast(value, cnv, &block)
+            end
+        end
+    end
+end
+
+end

data/lib/lom/mapper.rb

@@ -0,0 +1,296 @@
+require_relative 'ldap/converters'
+require_relative 'ldap/extensions'
+require_relative 'filtered'
+
+class LOM
+using LDAP::Extensions
+using LDAP::Converters    
+
+# This module is to be prepend to Entry instance when processing
+# block `from_ldap`
+#
+# It will allow the use of refined methods #first, #[], #all
+# without requiring an explicit import of LDAPExt refinement
+# in the class being mapped.
+#
+module EntryEnhanced
+    def first(*args) ; super ; end
+    def [](*args)    ; super ; end
+    alias :all :[]
+end
+
+
+
+# Instance methods to be injected in the class being mapped.
+#
+module Mapper
+module InstanceMethods
+    # LDAP handler
+    def lh
+        self.class.lh
+    end
+
+    # Save object to ldap.
+    #
+    # If object already exists, it will be updated otherwise created.
+    #
+    # @return [true, false]
+    #
+    def save!
+        attrs  = instance_exec(self, &self.class._ldap_to)
+                     .transform_values {|v|
+                          # Don't use Array(), not what you think on
+                          # some classes such as Time
+                          v = [   ] if     v.nil? 
+                          v = [ v ] unless v.is_a?(Array)
+                          v.to_ldap
+                     }
+        id, _  = Array(attrs[self.class._ldap_prefix])
+        raise MappingError, 'prefix for dn has multiple values' if _
+        dn     = self.class.ldap_dn_from_id(id)
+        
+        lh.update(dn: dn, attributes: attrs).then {|res|
+            break res unless res.nil?
+            attrs.reject! {|k, v| Array(v).empty? }
+            lh.add(dn: dn, attributes: attrs)
+        }
+    end
+end
+end
+
+
+
+# Class methods to be injected in the class being mapped,
+# and performs initialization thanks to #extend_object
+#
+module Mapper
+    def self.extend_object(o)
+        super
+        o.include Mapper::InstanceMethods
+        o.extend  Enumerable
+        o.const_set(:Filtered, LOM::Filtered)
+        o.__ldap_init
+    end
+
+    def __ldap_init
+        @__ldap_branch    = nil
+        @__ldap_prefix    = nil
+        @__ldap_scope     = :one
+        @__ldap_filter    = nil
+        @__ldap_attrs     = nil
+        @__ldap_from      = nil
+        @__ldap_to        = nil
+        @__ldap_list      = []
+        @__ldap_lh        = nil
+    end
+
+    # Get the LDAP handler to use
+    #
+    # In order of preference:
+    #
+    # * the handler set using lh=
+    # * the LH constant in this scope or parent scope
+    # * the one provided by LOM.lh
+    #
+    def lh
+        @__ldap_lh || const_get(:LH) || LOM.lh
+    end
+
+    # Set the LDAP handler to use
+    def lh=(lh)
+        @__ldap_lh = lh
+    end
+        
+
+    def ldap_listing
+        @__ldap_list
+    end
+
+    def ldap_list(name, body=nil, &block)
+        if body && block
+            raise ArgumentError
+        elsif body.nil? && block.nil?
+            raise ArgumentError
+        elsif block
+            body = block
+        end
+            
+        @__ldap_list << name
+        define_singleton_method(name) do |*args|
+            filter = body.call(*args)
+            LOM::Filtered.new(self, filter)
+        end
+    end
+
+    
+    def ldap_branch(v)
+        @__ldap_branch = v
+    end
+    
+    def ldap_prefix(v)
+        @__ldap_prefix = v
+    end
+    
+    def ldap_scope(v)
+        @__ldap_scope = v
+    end
+    
+    def ldap_filter(v)
+        @__ldap_filter = v[0] == '(' ? v : "(#{v})"
+    end
+    
+    def ldap_attrs(*v)
+        @__ldap_attrs = v
+    end
+
+    # @note block will be executed in the Net::LDAP::Entry instance
+    def ldap_from(p=nil, &b)
+        if (! p.nil? ^ b.nil?) || (p && !p.kind_of?(Proc))
+            raise ArgumentError,
+                  'one and only one of proc/lamba/block need to be defined'
+        end
+        @__ldap_from = p || b
+    end
+
+    # @note block will be executed in the mapped object instance
+    def ldap_to(p=nil, &b)
+        if (! p.nil? ^ b.nil?) || (p && !p.kind_of?(Proc))
+            raise ArgumentError,
+                  'one and only one of proc/lamba/block need to be defined'
+        end
+        @__ldap_to = p || b
+    end
+
+
+    
+    def ldap_dn_to_id(dn)
+        prefix = _ldap_prefix.to_s
+        branch = _ldap_branch
+        
+        if sub = Net::LDAP::DN.sub?(dn, branch)
+            case prefix
+            when String, Symbol
+                k, v, _ = sub.to_a
+                raise ArgumentError, "not a direct child" if _
+                raise ArgumentError, "wrong prefix"       if k.casecmp(prefix) != 0
+                v
+            end
+        end
+    end
+    
+    def ldap_dn_from_id(id)
+        Net::LDAP::DN.new(_ldap_prefix.to_s, id, _ldap_branch).to_s
+    end
+
+    def _ldap_to_obj(entry)
+        raise EntryNotFound if entry.nil?
+        entry.extend(EntryEnhanced)       
+        args  = entry.instance_exec(entry, &_ldap_from)
+        args  = [ args ] unless args.kind_of?(Array)
+        self.new(*args)
+    end
+    
+    
+    def each(type = :object, filter: nil, paged: nil)
+        # Create Enumerator if no block given
+        unless block_given?
+            return enum_for(:each, type, filter: filter, paged: paged)
+        end
+
+        # Merging filters
+        filters = [ filter, _ldap_filter ].compact
+        filter  = filters.size == 2 ? "(&#{filters.join})" : filters.first
+
+        # Define attributes/converter according to selected type
+        attributes, converter =
+            case type
+            when :id     then [ :dn,         ->(e) { ldap_dn_to_id(e.dn) } ]
+            when :object then [ _ldap_attrs, ->(e) { _ldap_to_obj(e)     } ]
+            else raise ArgumentError, 'type must be either :object or :id'
+            end
+        
+        # Paginate
+        # XXX: pagination is emulated, should be avoided
+        skip, count = if paged
+                          page, page_size = paged
+                          [ (page - 1) * page_size, page_size ]
+                      end
+        
+        # Perform search
+        lh.search(:base       => _ldap_branch,
+                  :filter     => filter,
+                  :attributes => attributes,
+                  :scope      => _ldap_scope) {|entry|
+
+            if paged.nil?
+                yield(converter.(entry))
+            elsif skip > 0
+                skip -= 1
+            elsif count <= 0
+                break
+            else
+                count -= 1
+                yield(converter.(entry))
+            end                
+        }
+    end
+
+    def paginate(page, page_size)
+        LOM::Filtered.new(self, paged: [ page, page_size ])
+    end
+  
+    def all
+        each(:object).to_a
+    end
+
+    def list
+        each(:id).to_a
+    end
+    
+    def get(name)
+        dn    = ldap_dn_from_id(name)
+        attrs = _ldap_attrs
+        entry = lh.get(:dn => dn, :attributes => attrs)
+
+        _ldap_to_obj(entry)
+    end
+
+    def delete!(name)
+        dn    = ldap_dn_from_id(name)
+        lh.delete(:dn => dn)
+    end
+
+    alias [] get
+
+    private
+    
+    def _ldap_branch
+        @__ldap_branch || (raise MappingError, 'ldap_branch not defined')
+    end
+
+    def _ldap_prefix
+        @__ldap_prefix || (raise MappingError, 'ldap_prefix not defined')
+    end
+
+    def _ldap_scope
+        @__ldap_scope
+    end
+
+    def _ldap_filter
+        @__ldap_filter
+    end
+
+    def _ldap_attrs
+        @__ldap_attrs
+    end
+
+    def _ldap_from
+        @__ldap_from   || (raise MappingError, 'ldap_from not defined'  )
+    end
+
+    def _ldap_to
+        @__ldap_to     || (raise MappingError, 'ldap_to not defined'    )
+    end
+
+end
+end

data/lib/lom/version.rb

@@ -0,0 +1,3 @@
+class LOM
+    VERSION = '0.9.0'
+end

data/lom.gemspec

@@ -0,0 +1,31 @@
+# -*- encoding: utf-8 -*-
+
+require_relative 'lib/lom/version'
+
+Gem::Specification.new do |s|
+    s.name        = 'lom'
+    s.version     = LOM::VERSION
+    s.summary     = "LDAP Object Mapper"
+    s.description =  <<~EOF
+      
+      Ease processing of parameters in Sinatra framework.
+      Integrates well with dry-types, sequel, ...
+
+      Example:
+        want! :user,    Dry::Types::String, User
+        want? :expired, Dry::Types::Params::Bool.default(true)
+      EOF
+
+    s.homepage    = 'https://gitlab.com/sdalu/lom'
+    s.license     = 'MIT'
+
+    s.authors     = [ "Stéphane D'Alu" ]
+    s.email       = [ 'stephane.dalu@insa-lyon.fr' ]
+
+    s.files       = %w[ README.md lom.gemspec ] +
+                    Dir['lib/**/*.rb']
+
+    s.add_dependency 'net-ldap'
+    s.add_development_dependency 'yard', '~>0'
+    s.add_development_dependency 'rake', '~>13'
+end

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification
+name: lom
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Stéphane D'Alu
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-05-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+description: |2
+
+  Ease processing of parameters in Sinatra framework.
+  Integrates well with dry-types, sequel, ...
+
+  Example:
+    want! :user,    Dry::Types::String, User
+    want? :expired, Dry::Types::Params::Bool.default(true)
+email:
+- stephane.dalu@insa-lyon.fr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/lom.rb
+- lib/lom/core.rb
+- lib/lom/filtered.rb
+- lib/lom/handler.rb
+- lib/lom/ldap.rb
+- lib/lom/ldap/converters.rb
+- lib/lom/ldap/extensions.rb
+- lib/lom/mapper.rb
+- lib/lom/version.rb
+- lom.gemspec
+homepage: https://gitlab.com/sdalu/lom
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.8
+signing_key:
+specification_version: 4
+summary: LDAP Object Mapper
+test_files: []