RubyGems - net-ldap - Versions diffs - 0.3.1 → 0.17.0 - Mend

net-ldap 0.3.1 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

checksums.yaml +7 -0
data/Contributors.rdoc +4 -0
data/Hacking.rdoc +3 -8
data/History.rdoc +181 -0
data/README.rdoc +44 -12
data/lib/net-ldap.rb +1 -1
data/lib/net/ber.rb +41 -7
data/lib/net/ber/ber_parser.rb +21 -7
data/lib/net/ber/core_ext.rb +11 -18
data/lib/net/ber/core_ext/array.rb +14 -0
data/lib/net/ber/core_ext/integer.rb +74 -0
data/lib/net/ber/core_ext/string.rb +24 -4
data/lib/net/ber/core_ext/true_class.rb +2 -3
data/lib/net/ldap.rb +441 -639
data/lib/net/ldap/auth_adapter.rb +29 -0
data/lib/net/ldap/auth_adapter/gss_spnego.rb +41 -0
data/lib/net/ldap/auth_adapter/sasl.rb +62 -0
data/lib/net/ldap/auth_adapter/simple.rb +34 -0
data/lib/net/ldap/connection.rb +716 -0
data/lib/net/ldap/dataset.rb +23 -9
data/lib/net/ldap/dn.rb +13 -14
data/lib/net/ldap/entry.rb +27 -9
data/lib/net/ldap/error.rb +49 -0
data/lib/net/ldap/filter.rb +58 -32
data/lib/net/ldap/instrumentation.rb +23 -0
data/lib/net/ldap/password.rb +23 -14
data/lib/net/ldap/pdu.rb +70 -6
data/lib/net/ldap/version.rb +5 -0
data/lib/net/snmp.rb +237 -241
metadata +71 -116
data/.autotest +0 -11
data/.gemtest +0 -0
data/.rspec +0 -2
data/Manifest.txt +0 -49
data/Rakefile +0 -74
data/autotest/discover.rb +0 -1
data/lib/net/ber/core_ext/bignum.rb +0 -22
data/lib/net/ber/core_ext/fixnum.rb +0 -66
data/net-ldap.gemspec +0 -58
data/spec/integration/ssl_ber_spec.rb +0 -36
data/spec/spec.opts +0 -2
data/spec/spec_helper.rb +0 -5
data/spec/unit/ber/ber_spec.rb +0 -109
data/spec/unit/ber/core_ext/string_spec.rb +0 -51
data/spec/unit/ldap/dn_spec.rb +0 -80
data/spec/unit/ldap/entry_spec.rb +0 -51
data/spec/unit/ldap/filter_spec.rb +0 -84
data/spec/unit/ldap_spec.rb +0 -48
data/test/common.rb +0 -3
data/test/test_entry.rb +0 -59
data/test/test_filter.rb +0 -122
data/test/test_ldap_connection.rb +0 -24
data/test/test_ldif.rb +0 -79
data/test/test_password.rb +0 -17
data/test/test_rename.rb +0 -77
data/test/test_snmp.rb +0 -114
data/test/testdata.ldif +0 -101
data/testserver/ldapserver.rb +0 -210
data/testserver/testdata.ldif +0 -101

data/lib/net/ldap/instrumentation.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module Net::LDAP::Instrumentation
+  attr_reader :instrumentation_service
+  private     :instrumentation_service
+  # Internal: Instrument a block with the defined instrumentation service.
+  #
+  # Yields the event payload if a block is given.
+  #
+  # Skips instrumentation if no service is set.
+  #
+  # Returns the return value of the block.
+  def instrument(event, payload = {})
+    payload = (payload || {}).dup
+    if instrumentation_service
+      instrumentation_service.instrument(event, payload) do |instr_payload|
+        instr_payload[:result] = yield(instr_payload) if block_given?
+      end
+    else
+      yield(payload) if block_given?
+    end
+  end
+  private :instrument
+end

data/lib/net/ldap/password.rb CHANGED Viewed

@@ -1,31 +1,40 @@
 # -*- ruby encoding: utf-8 -*-
 require 'digest/sha1'
+require 'digest/sha2'
 require 'digest/md5'
+require 'base64'
+require 'securerandom'
 class Net::LDAP::Password
   class << self
     # Generate a password-hash suitable for inclusion in an LDAP attribute.
-    # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
+    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
     # password. This function will return a hashed representation.
     #
     #--
     # STUB: This is here to fulfill the requirements of an RFC, which
     # one?
     #
-    # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
-    # sha1 as a synonym for sha1? I vote no because then should you also
-    # provide ssha1 for symmetry?
+    # TODO:
+    # * maybe salted-md5
+    # * Should we provide sha1 as a synonym for sha1? I vote no because then
+    #   should you also provide ssha1 for symmetry?
+    #
     def generate(type, str)
-      digest, digest_name = case type
-                            when :md5
-                              [Digest::MD5.new, 'MD5']
-                            when :sha
-                              [Digest::SHA1.new, 'SHA']
-                            else
-                              raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
-                            end
-      digest << str.to_s
-      return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
+      case type
+      when :md5
+         '{MD5}' + Base64.strict_encode64(Digest::MD5.digest(str))
+      when :sha
+         '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(str))
+      when :ssha
+         salt = SecureRandom.random_bytes(16)
+         '{SSHA}' + Base64.strict_encode64(Digest::SHA1.digest(str + salt) + salt)
+      when :ssha256
+        salt = SecureRandom.random_bytes(16)
+        '{SSHA256}' + Base64.strict_encode64(Digest::SHA256.digest(str + salt) + salt)
+      else
+         raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})"
+      end
     end
   end
 end

data/lib/net/ldap/pdu.rb CHANGED Viewed

@@ -18,24 +18,48 @@ require 'ostruct'
 # well with our approach.
 #
 # Currently, we only support controls on SearchResult.
+#
+# http://tools.ietf.org/html/rfc4511#section-4.1.1
+# http://tools.ietf.org/html/rfc4511#section-4.1.9
 class Net::LDAP::PDU
   class Error < RuntimeError; end
-  ##
-  # This message packet is a bind request.
+  # http://tools.ietf.org/html/rfc4511#section-4.2
   BindRequest = 0
+  # http://tools.ietf.org/html/rfc4511#section-4.2.2
   BindResult = 1
+  # http://tools.ietf.org/html/rfc4511#section-4.3
   UnbindRequest = 2
+  # http://tools.ietf.org/html/rfc4511#section-4.5.1
   SearchRequest = 3
+  # http://tools.ietf.org/html/rfc4511#section-4.5.2
   SearchReturnedData = 4
   SearchResult = 5
+  # see also SearchResultReferral (19)
+  # http://tools.ietf.org/html/rfc4511#section-4.6
+  ModifyRequest  = 6
   ModifyResponse = 7
+  # http://tools.ietf.org/html/rfc4511#section-4.7
+  AddRequest = 8
   AddResponse = 9
+  # http://tools.ietf.org/html/rfc4511#section-4.8
+  DeleteRequest = 10
   DeleteResponse = 11
+  # http://tools.ietf.org/html/rfc4511#section-4.9
+  ModifyRDNRequest  = 12
   ModifyRDNResponse = 13
+  # http://tools.ietf.org/html/rfc4511#section-4.10
+  CompareRequest = 14
+  CompareResponse = 15
+  # http://tools.ietf.org/html/rfc4511#section-4.11
+  AbandonRequest = 16
+  # http://tools.ietf.org/html/rfc4511#section-4.5.2
   SearchResultReferral = 19
+  # http://tools.ietf.org/html/rfc4511#section-4.12
   ExtendedRequest = 23
   ExtendedResponse = 24
+  # unused: http://tools.ietf.org/html/rfc4511#section-4.13
+  IntermediateResponse = 25
   ##
   # The LDAP packet message ID.
@@ -50,6 +74,7 @@ class Net::LDAP::PDU
   attr_reader :search_referrals
   attr_reader :search_parameters
   attr_reader :bind_parameters
+  attr_reader :extended_response
   ##
   # Returns RFC-2251 Controls if any.
@@ -96,9 +121,9 @@ class Net::LDAP::PDU
     when UnbindRequest
       parse_unbind_request(ber_object[1])
     when ExtendedResponse
-      parse_ldap_result(ber_object[1])
+      parse_extended_response(ber_object[1])
     else
-      raise LdapPduError.new("unknown pdu-type: #{@app_tag}")
+      raise Error.new("unknown pdu-type: #{@app_tag}")
     end
     parse_controls(ber_object[2]) if ber_object[2]
@@ -112,6 +137,10 @@ class Net::LDAP::PDU
     @ldap_result || {}
   end
+  def error_message
+    result[:errorMessage] || ""
+  end
   ##
   # This returns an LDAP result code taken from the PDU, but it will be nil
   # if there wasn't a result code. That can easily happen depending on the
@@ -120,6 +149,18 @@ class Net::LDAP::PDU
     @ldap_result and @ldap_result[code]
   end
+  def status
+    Net::LDAP::ResultCodesNonError.include?(result_code) ? :success : :failure
+  end
+  def success?
+    status == :success
+  end
+  def failure?
+    !success?
+  end
   ##
   # Return serverSaslCreds, which are only present in BindResponse packets.
   #--
@@ -134,12 +175,35 @@ class Net::LDAP::PDU
     @ldap_result = {
       :resultCode => sequence[0],
       :matchedDN => sequence[1],
-      :errorMessage => sequence[2]
+      :errorMessage => sequence[2],
     }
-    parse_search_referral(sequence[3]) if @ldap_result[:resultCode] == 10
+    parse_search_referral(sequence[3]) if @ldap_result[:resultCode] == Net::LDAP::ResultCodeReferral
   end
   private :parse_ldap_result
+  ##
+  # Parse an extended response
+  #
+  # http://www.ietf.org/rfc/rfc2251.txt
+  #
+  # Each Extended operation consists of an Extended request and an
+  # Extended response.
+  #
+  #      ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+  #           requestName      [0] LDAPOID,
+  #           requestValue     [1] OCTET STRING OPTIONAL }
+  def parse_extended_response(sequence)
+    sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP result length."
+    @ldap_result = {
+      :resultCode => sequence[0],
+      :matchedDN => sequence[1],
+      :errorMessage => sequence[2],
+    }
+    @extended_response = sequence[3]
+  end
+  private :parse_extended_response
   ##
   # A Bind Response may have an additional field, ID [7], serverSaslCreds,
   # per RFC 2251 pgh 4.2.3.

data/lib/net/ldap/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Net
+  class LDAP
+    VERSION = "0.17.0"
+  end
+end

data/lib/net/snmp.rb CHANGED Viewed

@@ -1,268 +1,264 @@
 # -*- ruby encoding: utf-8 -*-
+require_relative 'ldap/version'
 # :stopdoc:
 module Net
-    class SNMP
-      VERSION = '0.3.1'
-	AsnSyntax = Net::BER.compile_syntax({
-	    :application => {
-		:primitive => {
-		    1 => :integer,	# Counter32, (RFC2578 sec 2)
-		    2 => :integer,	# Gauge32 or Unsigned32, (RFC2578 sec 2)
-		    3 => :integer	# TimeTicks32, (RFC2578 sec 2)
-		},
-		:constructed => {
-		}
-	    },
-	    :context_specific => {
-		:primitive => {
-		},
-		:constructed => {
-		    0 => :array,	# GetRequest PDU (RFC1157 pgh 4.1.2)
-		    1 => :array,	# GetNextRequest PDU (RFC1157 pgh 4.1.3)
-		    2 => :array		# GetResponse PDU (RFC1157 pgh 4.1.4)
-		}
-	    }
-	})
-	# SNMP 32-bit counter.
-	# Defined in RFC1155 (Structure of Mangement Information), section 6.
-	# A 32-bit counter is an ASN.1 application [1] implicit unsigned integer
-	# with a range from 0 to 2^^32 - 1.
-	class Counter32
-	    def initialize value
-		@value = value
-	    end
-	    def to_ber
-		@value.to_ber_application(1)
-	    end
-	end
+  class SNMP
+    VERSION = Net::LDAP::VERSION
+    AsnSyntax = Net::BER.compile_syntax({
+      :application => {
+        :primitive => {
+          1 => :integer,  # Counter32, (RFC2578 sec 2)
+          2 => :integer,  # Gauge32 or Unsigned32, (RFC2578 sec 2)
+          3 => :integer  # TimeTicks32, (RFC2578 sec 2)
+        },
+        :constructed => {},
+      },
+      :context_specific => {
+        :primitive => {},
+        :constructed => {
+          0 => :array,  # GetRequest PDU (RFC1157 pgh 4.1.2)
+          1 => :array,  # GetNextRequest PDU (RFC1157 pgh 4.1.3)
+          2 => :array    # GetResponse PDU (RFC1157 pgh 4.1.4)
+        },
+      },
+    })
-	# SNMP 32-bit gauge.
-	# Defined in RFC1155 (Structure of Mangement Information), section 6.
-	# A 32-bit counter is an ASN.1 application [2] implicit unsigned integer.
-	# This is also indistinguishable from Unsigned32. (Need to alias them.)
-	class Gauge32
-	    def initialize value
-		@value = value
-	    end
-	    def to_ber
-		@value.to_ber_application(2)
-	    end
-	end
-	# SNMP 32-bit timer-ticks.
-	# Defined in RFC1155 (Structure of Mangement Information), section 6.
-	# A 32-bit counter is an ASN.1 application [3] implicit unsigned integer.
-	class TimeTicks32
-	    def initialize value
-		@value = value
-	    end
-	    def to_ber
-		@value.to_ber_application(3)
-	    end
-	end
+    # SNMP 32-bit counter.
+    # Defined in RFC1155 (Structure of Mangement Information), section 6.
+    # A 32-bit counter is an ASN.1 application [1] implicit unsigned integer
+    # with a range from 0 to 2^^32 - 1.
+    class Counter32
+      def initialize value
+        @value = value
+      end
+      def to_ber
+        @value.to_ber_application(1)
+      end
     end
-    class SnmpPdu
-	class Error < StandardError; end
-	PduTypes = [
-	    :get_request,
-	    :get_next_request,
-	    :get_response,
-	    :set_request,
-	    :trap
-	]
-	ErrorStatusCodes = { # Per RFC1157, pgh 4.1.1
-	    0 => "noError",
-	    1 => "tooBig",
-	    2 => "noSuchName",
-	    3 => "badValue",
-	    4 => "readOnly",
-	    5 => "genErr"
-	}
+    # SNMP 32-bit gauge.
+    # Defined in RFC1155 (Structure of Mangement Information), section 6.
+    # A 32-bit counter is an ASN.1 application [2] implicit unsigned integer.
+    # This is also indistinguishable from Unsigned32. (Need to alias them.)
+    class Gauge32
+      def initialize value
+        @value = value
+      end
+      def to_ber
+        @value.to_ber_application(2)
+      end
+    end
-	class << self
-	    def parse ber_object
-		n = new
-		n.send :parse, ber_object
-		n
-	    end
-	end
+    # SNMP 32-bit timer-ticks.
+    # Defined in RFC1155 (Structure of Mangement Information), section 6.
+    # A 32-bit counter is an ASN.1 application [3] implicit unsigned integer.
+    class TimeTicks32
+      def initialize value
+        @value = value
+      end
+      def to_ber
+        @value.to_ber_application(3)
+      end
+    end
+  end
-	attr_reader :version, :community, :pdu_type, :variables, :error_status
-	attr_accessor :request_id, :error_index
+  class SnmpPdu
+    class Error < StandardError; end
+    PduTypes = [
+      :get_request,
+      :get_next_request,
+      :get_response,
+      :set_request,
+      :trap,
+    ]
+    ErrorStatusCodes = { # Per RFC1157, pgh 4.1.1
+      0 => "noError",
+      1 => "tooBig",
+      2 => "noSuchName",
+      3 => "badValue",
+      4 => "readOnly",
+      5 => "genErr",
+    }
+    class << self
+      def parse ber_object
+        n = new
+        n.send :parse, ber_object
+        n
+      end
+    end
-	def initialize args={}
-	    @version = args[:version] || 0
-	    @community = args[:community] || "public"
-	    @pdu_type = args[:pdu_type] # leave nil unless specified; there's no reasonable default value.
-	    @error_status = args[:error_status] || 0
-	    @error_index = args[:error_index] || 0
-	    @variables = args[:variables] || []
-	end
+    attr_reader :version, :community, :pdu_type, :variables, :error_status
+    attr_accessor :request_id, :error_index
-	#--
-	def parse ber_object
-	    begin
-		parse_ber_object ber_object
-	    rescue Error
-		# Pass through any SnmpPdu::Error instances
-		raise $!
-	    rescue
-		# Wrap any basic parsing error so it becomes a PDU-format error
-		raise Error.new( "snmp-pdu format error" )
-	    end
-	end
-	private :parse
+    def initialize args={}
+      @version = args[:version] || 0
+      @community = args[:community] || "public"
+      @pdu_type = args[:pdu_type] # leave nil unless specified; there's no reasonable default value.
+      @error_status = args[:error_status] || 0
+      @error_index = args[:error_index] || 0
+      @variables = args[:variables] || []
+    end
-	def parse_ber_object ber_object
-	    send :version=, ber_object[0].to_i
-	    send :community=, ber_object[1].to_s
+    #--
+    def parse ber_object
+      begin
+        parse_ber_object ber_object
+      rescue Error
+        # Pass through any SnmpPdu::Error instances
+        raise $!
+      rescue
+        # Wrap any basic parsing error so it becomes a PDU-format error
+        raise Error.new( "snmp-pdu format error" )
+      end
+    end
+    private :parse
-	    data = ber_object[2]
-	    case (app_tag = data.ber_identifier & 31)
-	    when 0
-		send :pdu_type=, :get_request
-		parse_get_request data
-	    when 1
-		send :pdu_type=, :get_next_request
-		# This PDU is identical to get-request except for the type.
-		parse_get_request data
-	    when 2
-		send :pdu_type=, :get_response
-		# This PDU is identical to get-request except for the type,
-		# the error_status and error_index values are meaningful,
-		# and the fact that the variable bindings will be non-null.
-		parse_get_response data
-	    else
-		raise Error.new( "unknown snmp-pdu type: #{app_tag}" )
-	    end
-	end
-	private :parse_ber_object
+    def parse_ber_object ber_object
+      send :version=, ber_object[0].to_i
+      send :community=, ber_object[1].to_s
-	#--
-	# Defined in RFC1157, pgh 4.1.2.
-	def parse_get_request data
-	    send :request_id=, data[0].to_i
-	    # data[1] is error_status, always zero.
-	    # data[2] is error_index, always zero.
-	    send :error_status=, 0
-	    send :error_index=, 0
-	    data[3].each {|n,v|
-		# A variable-binding, of which there may be several,
-		# consists of an OID and a BER null.
-		# We're ignoring the null, we might want to verify it instead.
-		unless v.is_a?(Net::BER::BerIdentifiedNull)
-		    raise Error.new(" invalid variable-binding in get-request" )
-		end
-		add_variable_binding n, nil
-	    }
-	end
-	private :parse_get_request
+      data = ber_object[2]
+      case (app_tag = data.ber_identifier & 31)
+      when 0
+        send :pdu_type=, :get_request
+        parse_get_request data
+      when 1
+        send :pdu_type=, :get_next_request
+        # This PDU is identical to get-request except for the type.
+        parse_get_request data
+      when 2
+        send :pdu_type=, :get_response
+        # This PDU is identical to get-request except for the type,
+        # the error_status and error_index values are meaningful,
+        # and the fact that the variable bindings will be non-null.
+        parse_get_response data
+      else
+        raise Error.new( "unknown snmp-pdu type: #{app_tag}" )
+      end
+    end
+    private :parse_ber_object
-	#--
-	# Defined in RFC1157, pgh 4.1.4
-	def parse_get_response data
-	    send :request_id=, data[0].to_i
-	    send :error_status=, data[1].to_i
-	    send :error_index=, data[2].to_i
-	    data[3].each {|n,v|
-		# A variable-binding, of which there may be several,
-		# consists of an OID and a BER null.
-		# We're ignoring the null, we might want to verify it instead.
-		add_variable_binding n, v
-	    }
-	end
-	private :parse_get_response
+    #--
+    # Defined in RFC1157, pgh 4.1.2.
+    def parse_get_request data
+      send :request_id=, data[0].to_i
+      # data[1] is error_status, always zero.
+      # data[2] is error_index, always zero.
+      send :error_status=, 0
+      send :error_index=, 0
+      data[3].each do |n, v|
+        # A variable-binding, of which there may be several,
+        # consists of an OID and a BER null.
+        # We're ignoring the null, we might want to verify it instead.
+        unless v.is_a?(Net::BER::BerIdentifiedNull)
+            raise Error.new(" invalid variable-binding in get-request" )
+        end
+        add_variable_binding n, nil
+      end
+    end
+    private :parse_get_request
+    #--
+    # Defined in RFC1157, pgh 4.1.4
+    def parse_get_response data
+      send :request_id=, data[0].to_i
+      send :error_status=, data[1].to_i
+      send :error_index=, data[2].to_i
+      data[3].each do |n, v|
+        # A variable-binding, of which there may be several,
+        # consists of an OID and a BER null.
+        # We're ignoring the null, we might want to verify it instead.
+        add_variable_binding n, v
+      end
+    end
+    private :parse_get_response
-	def version= ver
-	    unless [0,2].include?(ver)
-		raise Error.new("unknown snmp-version: #{ver}")
-	    end
-	    @version = ver
-	end
-	def pdu_type= t
-	    unless PduTypes.include?(t)
-		raise Error.new("unknown pdu-type: #{t}")
-	    end
-	    @pdu_type = t
-	end
+    def version= ver
+      unless [0, 2].include?(ver)
+        raise Error.new("unknown snmp-version: #{ver}")
+      end
+      @version = ver
+    end
-	def error_status= es
-	    unless ErrorStatusCodes.has_key?(es)
-		raise Error.new("unknown error-status: #{es}")
-	    end
-	    @error_status = es
-	end
+    def pdu_type= t
+      unless PduTypes.include?(t)
+        raise Error.new("unknown pdu-type: #{t}")
+      end
+      @pdu_type = t
+    end
-	def community= c
-	    @community = c.to_s
-	end
+    def error_status= es
+      unless ErrorStatusCodes.key?(es)
+        raise Error.new("unknown error-status: #{es}")
+      end
+      @error_status = es
+    end
-	#--
-	# Syntactic sugar
-	def add_variable_binding name, value=nil
-	    @variables ||= []
-	    @variables << [name, value]
-	end
+    def community= c
+      @community = c.to_s
+    end
-	def to_ber_string
-	    [
-		version.to_ber,
-		community.to_ber,
-		pdu_to_ber_string
-	    ].to_ber_sequence
-	end
+    #--
+    # Syntactic sugar
+    def add_variable_binding name, value=nil
+      @variables ||= []
+      @variables << [name, value]
+    end
-	#--
-	# Helper method that returns a PDU payload in BER form,
-	# depending on the PDU type.
-	def pdu_to_ber_string
-	    case pdu_type
-	    when :get_request
-		[
-		    request_id.to_ber,
-		    error_status.to_ber,
-		    error_index.to_ber,
-		    [
-			@variables.map {|n,v|
-			    [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
-			}
-		    ].to_ber_sequence
-		].to_ber_contextspecific(0)
-	    when :get_next_request
-		[
-		    request_id.to_ber,
-		    error_status.to_ber,
-		    error_index.to_ber,
-		    [
-			@variables.map {|n,v|
-			    [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
-			}
-		    ].to_ber_sequence
-		].to_ber_contextspecific(1)
-	    when :get_response
-		[
-		    request_id.to_ber,
-		    error_status.to_ber,
-		    error_index.to_ber,
-		    [
-			@variables.map {|n,v|
-			    [n.to_ber_oid, v.to_ber].to_ber_sequence
-			}
-		    ].to_ber_sequence
-		].to_ber_contextspecific(2)
-	    else
-		raise Error.new( "unknown pdu-type: #{pdu_type}" )
-	    end
-	end
-	private :pdu_to_ber_string
+    def to_ber_string
+      [
+        version.to_ber,
+        community.to_ber,
+        pdu_to_ber_string,
+      ].to_ber_sequence
+    end
+    #--
+    # Helper method that returns a PDU payload in BER form,
+    # depending on the PDU type.
+    def pdu_to_ber_string
+      case pdu_type
+      when :get_request
+        [
+          request_id.to_ber,
+          error_status.to_ber,
+          error_index.to_ber,
+          [
+            @variables.map do|n, v|
+              [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
+            end,
+          ].to_ber_sequence,
+        ].to_ber_contextspecific(0)
+      when :get_next_request
+        [
+          request_id.to_ber,
+          error_status.to_ber,
+          error_index.to_ber,
+          [
+            @variables.map do|n, v|
+              [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
+            end,
+          ].to_ber_sequence,
+        ].to_ber_contextspecific(1)
+      when :get_response
+        [
+          request_id.to_ber,
+          error_status.to_ber,
+          error_index.to_ber,
+          [
+            @variables.map do|n, v|
+              [n.to_ber_oid, v.to_ber].to_ber_sequence
+            end,
+          ].to_ber_sequence,
+        ].to_ber_contextspecific(2)
+      else
+        raise Error.new( "unknown pdu-type: #{pdu_type}" )
+      end
     end
+    private :pdu_to_ber_string
+  end
 end
 # :startdoc: