net-ldap 0.18.0 → 0.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8d5def02bd0ce6b44457f5c1c7983f8730131a1a7082b3765791b14a0ee576b
-  data.tar.gz: 41a50fda89f8c8e7a6a1c182e894181d910367a356c67f031dec8072e1544e3e
+  metadata.gz: 8f1ae20f7f3f599999e4178becdc139f1aaa81b97021696ab3dd8aa78442ca7f
+  data.tar.gz: 7dc05aad5c2d2e6cb2ca9abd22654139fa236cd97d5e16467733f64dd3cf398e
 SHA512:
-  metadata.gz: c5ae1310f3668a7f12f4817ede1cdd9310b8b262a40f41639d29e6cf0ba105f3bd6df8f6b892abed3924b03987c18f0e3f0c9bb2c848ed9d33a4662d53783f83
-  data.tar.gz: f2b4573b1af8db1dd16b9b31202a53edd08829d399fb94bd27cb400b8b1246929dca87744bd5156c4910a4fd53a4c4689a3917258d165e472135fbf50afceb7c
+  metadata.gz: e39aaf763a7e29c4f271958a4cc93216afef8705661fc8483c2facf67796a67f1e42d2683efe4bca4b908178d251bb2acb1d2dc3fae8e2c489067e2767d547ce
+  data.tar.gz: fb6c7de22a5584d39e9a08bc2b270870cde9c6454af49eeadaccaf4717a6432763bdb0ced4488821b7dfaa9875635e6b4683baf8cd851f48aca743927c54af8a

data/History.rdoc

@@ -1,3 +1,20 @@
+=== Net::LDAP 0.20.0
+* Update test.yml by @HarlemSquirrel in #433
+* Add `ostruct` as a dependency to the gemspec by @Ivanov-Anton in #432
+* Require Ruby >= 3.0 by @HarlemSquirrel in #435
+* Link to usage examples by @sebbASF in #428
+* Add controls for modify and add operations by @zeroSteiner in #426
+* Add support for ldapwhoami (RFC4532) (now with tests) by @zeroSteiner in #425
+* Update for ruby 3.4 by @HarlemSquirrel in #439
+* Add ruby 3.4 to CI by @hakeem0114 in #438
+* Add support for UTF-8 encoded passwords by @frankwalentowski in #430
+
+=== Net::LDAP 0.19.0
+* Net::LDAP::DN - Retain trailing spaces in RDN values in DNs #412
+* Add in ability for users to specify LDAP controls when conducting searches #411
+* Document connect_timeout in Constructor Details #415
+* Fix openssl error when using multiple hosts #417
+
 === Net::LDAP 0.18.0
 * Fix escaping of # and space in attrs #408
 * Add support to use SNI #406

data/README.rdoc

@@ -23,7 +23,7 @@ the most recent LDAP RFCs (4510–4519, plus portions of 4520–4532).
 
 == Synopsis
 
-See {Net::LDAP on rubydoc.info}[https://www.rubydoc.info/github/ruby-ldap/ruby-net-ldap] for documentation and usage samples.
+See {Net::LDAP on rubydoc.info}[https://www.rubydoc.info/github/ruby-ldap/ruby-net-ldap/Net/LDAP] for documentation and usage samples.
 
 == Requirements
 

data/lib/net/ldap/auth_adapter/gss_spnego.rb

@@ -20,7 +20,7 @@ module Net
           require 'ntlm'
 
           user, psw = [auth[:username] || auth[:dn], auth[:password]]
-          raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
+          raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless user && psw
 
           nego = proc do |challenge|
             t2_msg = NTLM::Message.parse(challenge)

data/lib/net/ldap/auth_adapter/sasl.rb

@@ -30,7 +30,7 @@ module Net
         def bind(auth)
           mech, cred, chall = auth[:mechanism], auth[:initial_credential],
             auth[:challenge_response]
-          raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (mech && cred && chall)
+          raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless mech && cred && chall
 
           message_id = @connection.next_msgid
 

data/lib/net/ldap/auth_adapter/simple.rb

@@ -11,7 +11,7 @@ module Net
                         ["", ""]
                       end
 
-          raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
+          raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless user && psw
 
           message_id = @connection.next_msgid
           request    = [

data/lib/net/ldap/connection.rb

@@ -30,10 +30,9 @@ class Net::LDAP::Connection #:nodoc:
     @socket_class = socket_class
   end
 
-  def prepare_socket(server, timeout=nil)
+  def prepare_socket(server, timeout=nil, hostname='127.0.0.1')
     socket = server[:socket]
     encryption = server[:encryption]
-    hostname = server[:host]
 
     @conn = socket
     setup_encryption(encryption, timeout, hostname) if encryption
@@ -51,7 +50,7 @@ class Net::LDAP::Connection #:nodoc:
     errors = []
     hosts.each do |host, port|
       begin
-        prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout)
+        prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout, host)
         if encryption
           if encryption[:tls_options] &&
              encryption[:tls_options][:verify_mode] &&
@@ -425,6 +424,7 @@ class Net::LDAP::Connection #:nodoc:
         # this breaks when calling to_ber. (Can't force binary data to UTF-8)
         # we have to disable paging (even though server supports it) to get around this...
 
+        user_controls = args.fetch(:controls, [])
         controls = []
         controls <<
           [
@@ -434,7 +434,12 @@ class Net::LDAP::Connection #:nodoc:
             rfc2696_cookie.map(&:to_ber).to_ber_sequence.to_s.to_ber,
           ].to_ber_sequence if paged
         controls << ber_sort if ber_sort
-        controls = controls.empty? ? nil : controls.to_ber_contextspecific(0)
+        if controls.empty? && user_controls.empty?
+          controls = nil
+        else
+          controls += user_controls
+          controls = controls.to_ber_contextspecific(0)
+        end
 
         write(request, controls, message_id)
 
@@ -564,7 +569,12 @@ class Net::LDAP::Connection #:nodoc:
       ops.to_ber_sequence,
     ].to_ber_appsequence(Net::LDAP::PDU::ModifyRequest)
 
-    write(request, nil, message_id)
+    controls = args.fetch(:controls, nil)
+    unless controls.nil?
+      controls = controls.to_ber_contextspecific(0)
+    end
+
+    write(request, controls, message_id)
     pdu = queued_read(message_id)
 
     if !pdu || pdu.app_tag != Net::LDAP::PDU::ModifyResponse
@@ -636,7 +646,12 @@ class Net::LDAP::Connection #:nodoc:
     message_id = next_msgid
     request    = [add_dn.to_ber, add_attrs.to_ber_sequence].to_ber_appsequence(Net::LDAP::PDU::AddRequest)
 
-    write(request, nil, message_id)
+    controls = args.fetch(:controls, nil)
+    unless controls.nil?
+      controls = controls.to_ber_contextspecific(0)
+    end
+
+    write(request, controls, message_id)
     pdu = queued_read(message_id)
 
     if !pdu || pdu.app_tag != Net::LDAP::PDU::AddResponse
@@ -688,6 +703,22 @@ class Net::LDAP::Connection #:nodoc:
     pdu
   end
 
+  def ldapwhoami
+    ext_seq = [Net::LDAP::WhoamiOid.to_ber_contextspecific(0)]
+    request = ext_seq.to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)
+
+    message_id = next_msgid
+
+    write(request, nil, message_id)
+    pdu = queued_read(message_id)
+
+    if !pdu || pdu.app_tag != Net::LDAP::PDU::ExtendedResponse
+      raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
+    end
+
+    pdu
+  end
+
   # Internal: Returns a Socket like object used internally to communicate with
   # LDAP server.
   #

data/lib/net/ldap/dn.rb

@@ -81,7 +81,7 @@ class Net::LDAP::DN
           value << char
         when ',' then
           state = :key
-          yield key.string.strip, value.string.rstrip
+          yield key.string.strip, value.string
           key = StringIO.new
           value = StringIO.new;
         else
@@ -93,7 +93,7 @@ class Net::LDAP::DN
         when '\\' then state = :value_normal_escape
         when ',' then
           state = :key
-          yield key.string.strip, value.string.rstrip
+          yield key.string.strip, value.string
           key = StringIO.new
           value = StringIO.new;
         else value << char
@@ -142,7 +142,7 @@ class Net::LDAP::DN
         when ' ' then state = :value_end
         when ',' then
           state = :key
-          yield key.string.strip, value.string.rstrip
+          yield key.string.strip, value.string
           key = StringIO.new
           value = StringIO.new;
         else raise Net::LDAP::InvalidDNError, "DN badly formed"
@@ -159,7 +159,7 @@ class Net::LDAP::DN
         when ' ' then state = :value_end
         when ',' then
           state = :key
-          yield key.string.strip, value.string.rstrip
+          yield key.string.strip, value.string
           key = StringIO.new
           value = StringIO.new;
         else raise Net::LDAP::InvalidDNError, "DN badly formed"
@@ -172,7 +172,7 @@ class Net::LDAP::DN
     raise Net::LDAP::InvalidDNError, "DN badly formed" unless
       [:value, :value_normal, :value_hexstring, :value_end].include? state
 
-    yield key.string.strip, value.string.rstrip
+    yield key.string.strip, value.string
   end
 
   ##

data/lib/net/ldap/password.rb

@@ -28,10 +28,14 @@ class Net::LDAP::Password
          '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(str))
       when :ssha
          salt = SecureRandom.random_bytes(16)
-         '{SSHA}' + Base64.strict_encode64(Digest::SHA1.digest(str + salt) + salt)
+         digest = Digest::SHA1.new
+         digest << str << salt
+         '{SSHA}' + Base64.strict_encode64(digest.digest + salt)
       when :ssha256
         salt = SecureRandom.random_bytes(16)
-        '{SSHA256}' + Base64.strict_encode64(Digest::SHA256.digest(str + salt) + salt)
+        digest = Digest::SHA256.new
+        digest << str << salt
+        '{SSHA256}' + Base64.strict_encode64(digest.digest + salt)
       else
          raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})"
       end

data/lib/net/ldap/pdu.rb

@@ -194,13 +194,13 @@ class Net::LDAP::PDU
   #           requestValue     [1] OCTET STRING OPTIONAL }
 
   def parse_extended_response(sequence)
-    sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP result length."
+    sequence.length.between?(3, 5) or raise Net::LDAP::PDU::Error, "Invalid LDAP result length."
     @ldap_result = {
       :resultCode => sequence[0],
       :matchedDN => sequence[1],
       :errorMessage => sequence[2],
     }
-    @extended_response = sequence[3]
+    @extended_response = sequence.length == 3 ? nil : sequence.last
   end
   private :parse_extended_response
 

data/lib/net/ldap/version.rb

@@ -1,5 +1,5 @@
 module Net
   class LDAP
-    VERSION = "0.18.0"
+    VERSION = "0.20.0"
   end
 end

data/lib/net/ldap.rb

@@ -311,7 +311,7 @@ class Net::LDAP
     0 => :array, # RFC-2251 Control and Filter-AND
     1 => :array, # SearchFilter-OR
     2 => :array, # SearchFilter-NOT
-    3 => :array, # Seach referral
+    3 => :array, # Search referral
     4 => :array, # unknown use in Microsoft Outlook
     5 => :array, # SearchFilter-GE
     6 => :array, # SearchFilter-LE
@@ -325,7 +325,7 @@ class Net::LDAP
 
   universal = {
     constructed: {
-      107 => :array, #ExtendedResponse (PasswdModifyResponseValue)
+      107 => :string, # ExtendedResponse
     },
   }
 
@@ -341,6 +341,7 @@ class Net::LDAP
 
   StartTlsOid = '1.3.6.1.4.1.1466.20037'
   PasswdModifyOid = '1.3.6.1.4.1.4203.1.11.1'
+  WhoamiOid = '1.3.6.1.4.1.4203.1.11.3'
 
   # https://tools.ietf.org/html/rfc4511#section-4.1.9
   # https://tools.ietf.org/html/rfc4511#appendix-A
@@ -480,6 +481,8 @@ class Net::LDAP
   #   server says it supports them. This is a fix for MS Active Directory
   # * :instrumentation_service => An object responsible for instrumenting
   #   operations, compatible with ActiveSupport::Notifications' public API.
+  # * :connect_timeout => The TCP socket timeout (in seconds) to use when
+  #   connecting to the LDAP server (default 5 seconds).
   # * :encryption => specifies the encryption to be used in communicating
   #   with the LDAP server. The value must be a Hash containing additional
   #   parameters, which consists of two keys:
@@ -1198,6 +1201,23 @@ class Net::LDAP
     end
   end
 
+  # Return the authorization identity of the client that issues the
+  # ldapwhoami request.  The method does not support any arguments.
+  #
+  # Returns True or False to indicate whether the request was successfull.
+  # The result is available in the extended status information when calling
+  # #get_operation_result.
+  #
+  #  ldap.ldapwhoami
+  #  puts ldap.get_operation_result.extended_response
+  def ldapwhoami(args = {})
+    instrument "ldapwhoami.net_ldap", args do |payload|
+      @result = use_connection(args, &:ldapwhoami)
+      @result.success? ? @result.extended_response : nil
+    end
+  end
+  alias_method :whoami, :ldapwhoami
+
   # This method is experimental and subject to change. Return the rootDSE
   # record from the LDAP server as a Net::LDAP::Entry, or an empty Entry if
   # the server doesn't return the record.
@@ -1255,10 +1275,10 @@ class Net::LDAP
     rs = search(:ignore_server_caps => true, :base => "",
                 :scope => SearchScope_BaseObject,
                 :attributes => [:subschemaSubentry])
-    return Net::LDAP::Entry.new unless (rs and rs.first)
+    return Net::LDAP::Entry.new unless rs and rs.first
 
     subschema_name = rs.first.subschemasubentry
-    return Net::LDAP::Entry.new unless (subschema_name and subschema_name.first)
+    return Net::LDAP::Entry.new unless subschema_name and subschema_name.first
 
     rs = search(:ignore_server_caps => true, :base => subschema_name.first,
                 :scope => SearchScope_BaseObject,

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ldap
 version: !ruby/object:Gem::Version
-  version: 0.18.0
+  version: 0.20.0
 platform: ruby
 authors:
 - Francis Cianfrocca
@@ -10,81 +10,38 @@ authors:
 - Kaspar Schiess
 - Austin Ziegler
 - Michael Schaarschmidt
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-04 00:00:00.000000000 Z
+date: 2025-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: flexmock
+  name: base64
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
-  type: :development
+        version: '0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: ostruct
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 12.3.3
-  type: :development
+        version: '0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 12.3.3
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.48'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.48'
-- !ruby/object:Gem::Dependency
-  name: test-unit
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.3'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.3'
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 9.0.6
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 9.0.6
+        version: '0'
 description: |-
   Net::LDAP for Ruby (also called net-ldap) implements client access for the
   Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for
@@ -146,7 +103,6 @@ homepage: http://github.com/ruby-ldap/ruby-net-ldap
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
 rdoc_options:
 - "--main"
 - README.rdoc
@@ -156,15 +112,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.0.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.7
-signing_key: 
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Net::LDAP for Ruby (also called net-ldap) implements client access for the
   Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for accessing