net-ldap 0.15.0 → 0.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/History.rdoc +53 -0
- data/README.rdoc +18 -8
- data/lib/net-ldap.rb +1 -1
- data/lib/net/ber.rb +5 -6
- data/lib/net/ber/ber_parser.rb +3 -3
- data/lib/net/ber/core_ext.rb +6 -6
- data/lib/net/ldap.rb +90 -57
- data/lib/net/ldap/auth_adapter/gss_spnego.rb +2 -2
- data/lib/net/ldap/auth_adapter/sasl.rb +4 -2
- data/lib/net/ldap/auth_adapter/simple.rb +1 -1
- data/lib/net/ldap/connection.rb +41 -38
- data/lib/net/ldap/dataset.rb +3 -3
- data/lib/net/ldap/dn.rb +13 -14
- data/lib/net/ldap/entry.rb +17 -7
- data/lib/net/ldap/error.rb +2 -26
- data/lib/net/ldap/filter.rb +10 -3
- data/lib/net/ldap/instrumentation.rb +2 -2
- data/lib/net/ldap/password.rb +7 -5
- data/lib/net/ldap/pdu.rb +1 -1
- data/lib/net/ldap/version.rb +1 -1
- data/lib/net/snmp.rb +1 -1
- metadata +19 -104
- data/.gitignore +0 -9
- data/.rubocop.yml +0 -17
- data/.rubocop_todo.yml +0 -599
- data/.travis.yml +0 -33
- data/CONTRIBUTING.md +0 -54
- data/Gemfile +0 -2
- data/Rakefile +0 -23
- data/net-ldap.gemspec +0 -37
- data/script/changelog +0 -47
- data/script/install-openldap +0 -115
- data/script/package +0 -7
- data/script/release +0 -16
- data/test/ber/core_ext/test_array.rb +0 -22
- data/test/ber/core_ext/test_string.rb +0 -25
- data/test/ber/test_ber.rb +0 -153
- data/test/fixtures/cacert.pem +0 -20
- data/test/fixtures/openldap/memberof.ldif +0 -33
- data/test/fixtures/openldap/retcode.ldif +0 -76
- data/test/fixtures/openldap/slapd.conf.ldif +0 -67
- data/test/fixtures/seed.ldif +0 -374
- data/test/integration/test_add.rb +0 -28
- data/test/integration/test_ber.rb +0 -30
- data/test/integration/test_bind.rb +0 -42
- data/test/integration/test_delete.rb +0 -31
- data/test/integration/test_open.rb +0 -88
- data/test/integration/test_password_modify.rb +0 -80
- data/test/integration/test_return_codes.rb +0 -38
- data/test/integration/test_search.rb +0 -77
- data/test/support/vm/openldap/.gitignore +0 -1
- data/test/support/vm/openldap/README.md +0 -32
- data/test/support/vm/openldap/Vagrantfile +0 -33
- data/test/test_auth_adapter.rb +0 -15
- data/test/test_dn.rb +0 -44
- data/test/test_entry.rb +0 -65
- data/test/test_filter.rb +0 -223
- data/test/test_filter_parser.rb +0 -24
- data/test/test_helper.rb +0 -66
- data/test/test_ldap.rb +0 -114
- data/test/test_ldap_connection.rb +0 -493
- data/test/test_ldif.rb +0 -104
- data/test/test_password.rb +0 -10
- data/test/test_rename.rb +0 -77
- data/test/test_search.rb +0 -39
- data/test/test_snmp.rb +0 -119
- data/test/test_ssl_ber.rb +0 -40
- data/test/testdata.ldif +0 -101
- data/testserver/ldapserver.rb +0 -209
- data/testserver/testdata.ldif +0 -101
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 02707fcb56d13184b4bbcc16c1555a0d417efb7e20c216a97ee8f28c9553ea84
|
4
|
+
data.tar.gz: 26a82f5021146fe6ec84d83e41722364964e155eb898102e3a8618facc020d9a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d19e1bc7cdcaceff6263f2bca2e9326ef441e301ab74556c42313e01704800abb59231f760abec64a8f2d1e313c18324b97c57a64d2b2ee24943be9e4bd2c428
|
7
|
+
data.tar.gz: fa69d36265e7b11b7c83cf812caca680e30af3a0be31c145d70396835081fc06f6a2bf43262ec08f4d6fab1094823dc70de069441229a991f3c5b2eadeb7c4e5
|
data/History.rdoc
CHANGED
@@ -1,3 +1,56 @@
|
|
1
|
+
=== Net::LDAP 0.17.0
|
2
|
+
* Added private recursive_delete as alternative to DELETE_TREE #268
|
3
|
+
* Test suite updates #373 #376 #377
|
4
|
+
* Use Base64.strict_encode64 and SSHA256 #303
|
5
|
+
* Remove deprecated ConnectionRefusedError #366
|
6
|
+
* Added method to get a duplicate of the internal Hash #286
|
7
|
+
* remove a circular require #380
|
8
|
+
* fix LdapServerAsnSyntax compile #379
|
9
|
+
* Implement '==' operator for entries #381
|
10
|
+
* fix for undefined method for write exception #383
|
11
|
+
|
12
|
+
=== Net::LDAP 0.16.3
|
13
|
+
|
14
|
+
* Add Net::LDAP::InvalidDNError #371
|
15
|
+
* Use require_relative instead of require #360
|
16
|
+
* Address some warnings and fix JRuby test omissions #365
|
17
|
+
* Bump rake dev dependency to 12.3 #359
|
18
|
+
* Enable rubocop in ci #251
|
19
|
+
* Enhance rubocop configuration and test syntax #344
|
20
|
+
* CI: Drop rbx-2, uninstallable #364
|
21
|
+
* Fix RuboCop warnings #312
|
22
|
+
* Fix wrong error class #305
|
23
|
+
* CONTRIBUTING.md: Repair link to Issues #309
|
24
|
+
* Make the generate() method more idiomatic... #326
|
25
|
+
* Make encode_sort_controls() more idiomatic... #327
|
26
|
+
* Make the instrument() method more idiomatic... #328
|
27
|
+
* Fix uninitialised Net::LDAP::LdapPduError #338
|
28
|
+
* README.rdoc: Use SVG build badge #310
|
29
|
+
* Update TravisCI config to inclue Ruby 2.7 #346
|
30
|
+
* add explicit ** to silence Ruby 2.7 warning #342
|
31
|
+
* Support parsing filters with attribute tags #345
|
32
|
+
* Bump rubocop development dependency version #336
|
33
|
+
* Add link to generated and hosted documentation on rubydoc #319
|
34
|
+
* Fix 'uninitialized constant Net::LDAP::PDU::LdapPduError' error #317
|
35
|
+
* simplify encoding logic: no more chomping required #362
|
36
|
+
|
37
|
+
=== Net::LDAP 0.16.2
|
38
|
+
|
39
|
+
* Net::LDAP#open does not cache bind result {#334}[https://github.com/ruby-ldap/ruby-net-ldap/pull/334]
|
40
|
+
* Fix CI build {#333}[https://github.com/ruby-ldap/ruby-net-ldap/pull/333]
|
41
|
+
* Fix to "undefined method 'result_code'" {#308}[https://github.com/ruby-ldap/ruby-net-ldap/pull/308]
|
42
|
+
* Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 in filter.rb {#285}[https://github.com/ruby-ldap/ruby-net-ldap/pull/285]
|
43
|
+
|
44
|
+
=== Net::LDAP 0.16.1
|
45
|
+
|
46
|
+
* Send DN and newPassword with password_modify request {#271}[https://github.com/ruby-ldap/ruby-net-ldap/pull/271]
|
47
|
+
|
48
|
+
=== Net::LDAP 0.16.0
|
49
|
+
|
50
|
+
* Sasl fix {#281}[https://github.com/ruby-ldap/ruby-net-ldap/pull/281]
|
51
|
+
* enable TLS hostname validation {#279}[https://github.com/ruby-ldap/ruby-net-ldap/pull/279]
|
52
|
+
* update rubocop to 0.42.0 {#278}[https://github.com/ruby-ldap/ruby-net-ldap/pull/278]
|
53
|
+
|
1
54
|
=== Net::LDAP 0.15.0
|
2
55
|
|
3
56
|
* Respect connect_timeout when establishing SSL connections {#273}[https://github.com/ruby-ldap/ruby-net-ldap/pull/273]
|
data/README.rdoc
CHANGED
@@ -1,4 +1,6 @@
|
|
1
|
-
= Net::LDAP for Ruby
|
1
|
+
= Net::LDAP for Ruby
|
2
|
+
{<img src="https://badge.fury.io/rb/net-ldap.svg" alt="Gem Version" />}[https://badge.fury.io/rb/net-ldap]
|
3
|
+
{<img src="https://travis-ci.org/ruby-ldap/ruby-net-ldap.svg" />}[https://travis-ci.org/ruby-ldap/ruby-net-ldap]
|
2
4
|
|
3
5
|
== Description
|
4
6
|
|
@@ -21,7 +23,7 @@ the most recent LDAP RFCs (4510–4519, plus portions of 4520–4532).
|
|
21
23
|
|
22
24
|
== Synopsis
|
23
25
|
|
24
|
-
See Net::LDAP for documentation and usage samples.
|
26
|
+
See {Net::LDAP on rubydoc.info}[https://www.rubydoc.info/gems/net-ldap/Net/LDAP] for documentation and usage samples.
|
25
27
|
|
26
28
|
== Requirements
|
27
29
|
|
@@ -52,19 +54,27 @@ This task will run the test suite and the
|
|
52
54
|
|
53
55
|
rake rubotest
|
54
56
|
|
55
|
-
|
57
|
+
CI takes too long? If your local box supports
|
58
|
+
{Docker}[https://www.docker.com/], you can also run integration tests locally.
|
59
|
+
Simply run:
|
56
60
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
+
script/ldap-docker
|
62
|
+
INTEGRATION=openldap rake test
|
63
|
+
|
64
|
+
Or, use {Docker Compose}[https://docs.docker.com/compose/]. See docker-compose.yml for available Ruby versions.
|
65
|
+
|
66
|
+
docker-compose run ci-2.7
|
67
|
+
|
68
|
+
CAVEAT: you need to add the following line to /etc/hosts
|
69
|
+
127.0.0.1 ldap.example.org
|
70
|
+
127.0.0.1 cert.mismatch.example.org
|
61
71
|
|
62
72
|
== Release
|
63
73
|
|
64
74
|
This section is for gem maintainers to cut a new version of the gem.
|
65
75
|
|
66
76
|
* Check out a new branch `release-VERSION`
|
67
|
-
* Update lib/net/ldap/version.rb to next version number X.X.X following {semver}
|
77
|
+
* Update lib/net/ldap/version.rb to next version number X.X.X following {semver}[http://semver.org/].
|
68
78
|
* Update `History.rdoc`. Get latest changes with `script/changelog`
|
69
79
|
* Open a pull request with these changes for review
|
70
80
|
* After merging, on the master branch, run `script/release`
|
data/lib/net-ldap.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
1
|
# -*- ruby encoding: utf-8 -*-
|
2
|
-
|
2
|
+
require_relative 'net/ldap'
|
data/lib/net/ber.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- ruby encoding: utf-8 -*-
|
2
|
-
|
2
|
+
require_relative 'ldap/version'
|
3
3
|
|
4
4
|
module Net # :nodoc:
|
5
5
|
##
|
@@ -327,11 +327,10 @@ class Net::BER::BerIdentifiedString < String
|
|
327
327
|
# Check the encoding of the newly created String and set the encoding
|
328
328
|
# to 'UTF-8' (NOTE: we do NOT change the bytes, but only set the
|
329
329
|
# encoding to 'UTF-8').
|
330
|
+
return unless encoding == Encoding::BINARY
|
330
331
|
current_encoding = encoding
|
331
|
-
|
332
|
-
|
333
|
-
force_encoding(current_encoding) unless valid_encoding?
|
334
|
-
end
|
332
|
+
force_encoding('UTF-8')
|
333
|
+
force_encoding(current_encoding) unless valid_encoding?
|
335
334
|
end
|
336
335
|
end
|
337
336
|
|
@@ -350,4 +349,4 @@ module Net::BER
|
|
350
349
|
Null = Net::BER::BerIdentifiedNull.new
|
351
350
|
end
|
352
351
|
|
353
|
-
|
352
|
+
require_relative 'ber/core_ext'
|
data/lib/net/ber/ber_parser.rb
CHANGED
@@ -172,10 +172,10 @@ module Net::BER::BERParser
|
|
172
172
|
yield id, content_length if block_given?
|
173
173
|
|
174
174
|
if -1 == content_length
|
175
|
-
raise Net::BER::BerError,
|
176
|
-
|
177
|
-
data = read(content_length)
|
175
|
+
raise Net::BER::BerError,
|
176
|
+
"Indeterminite BER content length not implemented."
|
178
177
|
end
|
178
|
+
data = read(content_length)
|
179
179
|
|
180
180
|
parse_ber_object(syntax, id, data)
|
181
181
|
end
|
data/lib/net/ber/core_ext.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- ruby encoding: utf-8 -*-
|
2
|
-
|
2
|
+
require_relative 'ber_parser'
|
3
3
|
# :stopdoc:
|
4
4
|
class IO
|
5
5
|
include Net::BER::BERParser
|
@@ -19,35 +19,35 @@ end
|
|
19
19
|
module Net::BER::Extensions # :nodoc:
|
20
20
|
end
|
21
21
|
|
22
|
-
|
22
|
+
require_relative 'core_ext/string'
|
23
23
|
# :stopdoc:
|
24
24
|
class String
|
25
25
|
include Net::BER::BERParser
|
26
26
|
include Net::BER::Extensions::String
|
27
27
|
end
|
28
28
|
|
29
|
-
|
29
|
+
require_relative 'core_ext/array'
|
30
30
|
# :stopdoc:
|
31
31
|
class Array
|
32
32
|
include Net::BER::Extensions::Array
|
33
33
|
end
|
34
34
|
# :startdoc:
|
35
35
|
|
36
|
-
|
36
|
+
require_relative 'core_ext/integer'
|
37
37
|
# :stopdoc:
|
38
38
|
class Integer
|
39
39
|
include Net::BER::Extensions::Integer
|
40
40
|
end
|
41
41
|
# :startdoc:
|
42
42
|
|
43
|
-
|
43
|
+
require_relative 'core_ext/true_class'
|
44
44
|
# :stopdoc:
|
45
45
|
class TrueClass
|
46
46
|
include Net::BER::Extensions::TrueClass
|
47
47
|
end
|
48
48
|
# :startdoc:
|
49
49
|
|
50
|
-
|
50
|
+
require_relative 'core_ext/false_class'
|
51
51
|
# :stopdoc:
|
52
52
|
class FalseClass
|
53
53
|
include Net::BER::Extensions::FalseClass
|
data/lib/net/ldap.rb
CHANGED
@@ -17,19 +17,19 @@ module Net # :nodoc:
|
|
17
17
|
end
|
18
18
|
require 'socket'
|
19
19
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
20
|
+
require_relative 'ber'
|
21
|
+
require_relative 'ldap/pdu'
|
22
|
+
require_relative 'ldap/filter'
|
23
|
+
require_relative 'ldap/dataset'
|
24
|
+
require_relative 'ldap/password'
|
25
|
+
require_relative 'ldap/entry'
|
26
|
+
require_relative 'ldap/instrumentation'
|
27
|
+
require_relative 'ldap/connection'
|
28
|
+
require_relative 'ldap/version'
|
29
|
+
require_relative 'ldap/error'
|
30
|
+
require_relative 'ldap/auth_adapter'
|
31
|
+
require_relative 'ldap/auth_adapter/simple'
|
32
|
+
require_relative 'ldap/auth_adapter/sasl'
|
33
33
|
|
34
34
|
Net::LDAP::AuthAdapter.register([:simple, :anon, :anonymous], Net::LDAP::AuthAdapter::Simple)
|
35
35
|
Net::LDAP::AuthAdapter.register(:sasl, Net::LDAP::AuthAdapter::Sasl)
|
@@ -476,61 +476,73 @@ class Net::LDAP
|
|
476
476
|
# specify a treebase. If you give a treebase value in any particular
|
477
477
|
# call to #search, that value will override any treebase value you give
|
478
478
|
# here.
|
479
|
+
# * :force_no_page => Set to true to prevent paged results even if your
|
480
|
+
# server says it supports them. This is a fix for MS Active Directory
|
481
|
+
# * :instrumentation_service => An object responsible for instrumenting
|
482
|
+
# operations, compatible with ActiveSupport::Notifications' public API.
|
479
483
|
# * :encryption => specifies the encryption to be used in communicating
|
480
484
|
# with the LDAP server. The value must be a Hash containing additional
|
481
485
|
# parameters, which consists of two keys:
|
482
486
|
# method: - :simple_tls or :start_tls
|
483
|
-
#
|
487
|
+
# tls_options: - Hash of options for that method
|
484
488
|
# The :simple_tls encryption method encrypts <i>all</i> communications
|
485
489
|
# with the LDAP server. It completely establishes SSL/TLS encryption with
|
486
490
|
# the LDAP server before any LDAP-protocol data is exchanged. There is no
|
487
491
|
# plaintext negotiation and no special encryption-request controls are
|
488
492
|
# sent to the server. <i>The :simple_tls option is the simplest, easiest
|
489
493
|
# way to encrypt communications between Net::LDAP and LDAP servers.</i>
|
490
|
-
#
|
491
|
-
#
|
492
|
-
#
|
493
|
-
#
|
494
|
-
#
|
495
|
-
#
|
496
|
-
#
|
497
|
-
# connecting to. It's impossible for an LDAP server to support plaintext
|
498
|
-
# LDAP communications and <i>simple TLS</i> connections on the same port.
|
499
|
-
# The standard TCP port for unencrypted LDAP connections is 389, but the
|
500
|
-
# standard port for simple-TLS encrypted connections is 636. Be sure you
|
501
|
-
# are using the correct port.
|
502
|
-
#
|
494
|
+
# If you get communications or protocol errors when using this option,
|
495
|
+
# check with your LDAP server administrator. Pay particular attention
|
496
|
+
# to the TCP port you are connecting to. It's impossible for an LDAP
|
497
|
+
# server to support plaintext LDAP communications and <i>simple TLS</i>
|
498
|
+
# connections on the same port. The standard TCP port for unencrypted
|
499
|
+
# LDAP connections is 389, but the standard port for simple-TLS
|
500
|
+
# encrypted connections is 636. Be sure you are using the correct port.
|
503
501
|
# The :start_tls like the :simple_tls encryption method also encrypts all
|
504
502
|
# communcations with the LDAP server. With the exception that it operates
|
505
503
|
# over the standard TCP port.
|
506
504
|
#
|
507
|
-
#
|
508
|
-
#
|
509
|
-
#
|
510
|
-
# OpenSSL::SSL::SSLContext#set_params(). The most common options passed
|
511
|
-
# should be OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, or the :ca_file option,
|
512
|
-
# which contains a path to a Certificate Authority file (PEM-encoded).
|
513
|
-
#
|
514
|
-
# Example for a default setup without custom settings:
|
515
|
-
# {
|
516
|
-
# :method => :simple_tls,
|
517
|
-
# :tls_options => OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
|
518
|
-
# }
|
519
|
-
#
|
520
|
-
# Example for specifying a CA-File and only allowing TLSv1.1 connections:
|
505
|
+
# To validate the LDAP server's certificate (a security must if you're
|
506
|
+
# talking over the public internet), you need to set :tls_options
|
507
|
+
# something like this...
|
521
508
|
#
|
522
|
-
#
|
523
|
-
#
|
524
|
-
#
|
509
|
+
# Net::LDAP.new(
|
510
|
+
# # ... set host, bind dn, etc ...
|
511
|
+
# encryption: {
|
512
|
+
# method: :simple_tls,
|
513
|
+
# tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS,
|
525
514
|
# }
|
526
|
-
#
|
527
|
-
#
|
528
|
-
#
|
529
|
-
#
|
515
|
+
# )
|
516
|
+
#
|
517
|
+
# The above will use the operating system-provided store of CA
|
518
|
+
# certificates to validate your LDAP server's cert.
|
519
|
+
# If cert validation fails, it'll happen during the #bind
|
520
|
+
# whenever you first try to open a connection to the server.
|
521
|
+
# Those methods will throw Net::LDAP::ConnectionError with
|
522
|
+
# a message about certificate verify failing. If your
|
523
|
+
# LDAP server's certificate is signed by DigiCert, Comodo, etc.,
|
524
|
+
# you're probably good. If you've got a self-signed cert but it's
|
525
|
+
# been added to the host's OS-maintained CA store (e.g. on Debian
|
526
|
+
# add foobar.crt to /usr/local/share/ca-certificates/ and run
|
527
|
+
# `update-ca-certificates`), then the cert should pass validation.
|
528
|
+
# To ignore the OS's CA store, put your CA in a PEM-encoded file and...
|
529
|
+
#
|
530
|
+
# encryption: {
|
531
|
+
# method: :simple_tls,
|
532
|
+
# tls_options: { ca_file: '/path/to/my-little-ca.pem',
|
533
|
+
# ssl_version: 'TLSv1_1' },
|
534
|
+
# }
|
535
|
+
#
|
536
|
+
# As you might guess, the above example also fails the connection
|
537
|
+
# if the client can't negotiate TLS v1.1.
|
538
|
+
# tls_options is ultimately passed to OpenSSL::SSL::SSLContext#set_params
|
539
|
+
# For more details, see
|
540
|
+
# http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/SSL/SSLContext.html
|
530
541
|
#
|
531
542
|
# Instantiating a Net::LDAP object does <i>not</i> result in network
|
532
543
|
# traffic to the LDAP server. It simply stores the connection and binding
|
533
|
-
# parameters in the object.
|
544
|
+
# parameters in the object. That's why Net::LDAP.new doesn't throw
|
545
|
+
# cert validation errors itself; #bind does instead.
|
534
546
|
def initialize(args = {})
|
535
547
|
@host = args[:host] || DefaultHost
|
536
548
|
@port = args[:port] || DefaultPort
|
@@ -700,7 +712,7 @@ class Net::LDAP
|
|
700
712
|
begin
|
701
713
|
@open_connection = new_connection
|
702
714
|
payload[:connection] = @open_connection
|
703
|
-
payload[:bind] = @open_connection.bind(@auth)
|
715
|
+
payload[:bind] = @result = @open_connection.bind(@auth)
|
704
716
|
yield self
|
705
717
|
ensure
|
706
718
|
@open_connection.close if @open_connection
|
@@ -1170,14 +1182,22 @@ class Net::LDAP
|
|
1170
1182
|
# entries. This method sends an extra control code to tell the LDAP server
|
1171
1183
|
# to do a tree delete. ('1.2.840.113556.1.4.805')
|
1172
1184
|
#
|
1185
|
+
# If the LDAP server does not support the DELETE_TREE control code, subordinate
|
1186
|
+
# entries are deleted recursively instead.
|
1187
|
+
#
|
1173
1188
|
# Returns True or False to indicate whether the delete succeeded. Extended
|
1174
1189
|
# status information is available by calling #get_operation_result.
|
1175
1190
|
#
|
1176
1191
|
# dn = "mail=deleteme@example.com, ou=people, dc=example, dc=com"
|
1177
1192
|
# ldap.delete_tree :dn => dn
|
1178
1193
|
def delete_tree(args)
|
1179
|
-
|
1194
|
+
if search_root_dse[:supportedcontrol].include? Net::LDAP::LDAPControls::DELETE_TREE
|
1195
|
+
delete(args.merge(:control_codes => [[Net::LDAP::LDAPControls::DELETE_TREE, true]]))
|
1196
|
+
else
|
1197
|
+
recursive_delete(args)
|
1198
|
+
end
|
1180
1199
|
end
|
1200
|
+
|
1181
1201
|
# This method is experimental and subject to change. Return the rootDSE
|
1182
1202
|
# record from the LDAP server as a Net::LDAP::Entry, or an empty Entry if
|
1183
1203
|
# the server doesn't return the record.
|
@@ -1286,11 +1306,9 @@ class Net::LDAP
|
|
1286
1306
|
else
|
1287
1307
|
begin
|
1288
1308
|
conn = new_connection
|
1289
|
-
|
1290
|
-
|
1291
|
-
|
1292
|
-
return result
|
1293
|
-
end
|
1309
|
+
result = conn.bind(args[:auth] || @auth)
|
1310
|
+
return result unless result.result_code == Net::LDAP::ResultCodeSuccess
|
1311
|
+
yield conn
|
1294
1312
|
ensure
|
1295
1313
|
conn.close if conn
|
1296
1314
|
end
|
@@ -1310,7 +1328,7 @@ class Net::LDAP
|
|
1310
1328
|
# Force connect to see if there's a connection error
|
1311
1329
|
connection.socket
|
1312
1330
|
connection
|
1313
|
-
rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT
|
1331
|
+
rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT => e
|
1314
1332
|
@result = {
|
1315
1333
|
:resultCode => 52,
|
1316
1334
|
:errorMessage => ResultStrings[ResultCodeUnavailable],
|
@@ -1330,4 +1348,19 @@ class Net::LDAP
|
|
1330
1348
|
end
|
1331
1349
|
end
|
1332
1350
|
|
1351
|
+
# Recursively delete a dn and it's subordinate children.
|
1352
|
+
# This is useful when a server does not support the DELETE_TREE control code.
|
1353
|
+
def recursive_delete(args)
|
1354
|
+
raise EmptyDNError unless args.is_a?(Hash) && args.key?(:dn)
|
1355
|
+
# Delete Children
|
1356
|
+
search(base: args[:dn], scope: Net::LDAP::SearchScope_SingleLevel) do |entry|
|
1357
|
+
recursive_delete(dn: entry.dn)
|
1358
|
+
end
|
1359
|
+
# Delete Self
|
1360
|
+
unless delete(dn: args[:dn])
|
1361
|
+
raise Net::LDAP::Error, get_operation_result[:error_message].to_s
|
1362
|
+
end
|
1363
|
+
true
|
1364
|
+
end
|
1365
|
+
|
1333
1366
|
end # class LDAP
|
@@ -1,9 +1,11 @@
|
|
1
|
-
|
1
|
+
require_relative '../auth_adapter'
|
2
2
|
|
3
3
|
module Net
|
4
4
|
class LDAP
|
5
5
|
class AuthAdapter
|
6
6
|
class Sasl < Net::LDAP::AuthAdapter
|
7
|
+
MAX_SASL_CHALLENGES = 10
|
8
|
+
|
7
9
|
#--
|
8
10
|
# Required parameters: :mechanism, :initial_credential and
|
9
11
|
# :challenge_response
|
@@ -47,7 +49,7 @@ module Net
|
|
47
49
|
end
|
48
50
|
|
49
51
|
return pdu unless pdu.result_code == Net::LDAP::ResultCodeSaslBindInProgress
|
50
|
-
raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) >
|
52
|
+
raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MAX_SASL_CHALLENGES)
|
51
53
|
|
52
54
|
cred = chall.call(pdu.result_server_sasl_creds)
|
53
55
|
end
|