net-ldap 0.3.1 → 0.5.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 38e2a66893eef1d93e64fda3d84dc70e51b504f2
+  data.tar.gz: e15b5c72e9fd9a38fcf058a9c432e77320d3fcb7
+SHA512:
+  metadata.gz: 6bae92818e1c80d15b731d5f8b28ec39f332a0359e8eed3c704e7b4606d5c3ce8f29a7a46bb511b2963a2c30f8085529431a1bcef6780db09f018dd61049ff74
+  data.tar.gz: 7277e94a5fcd96fa2cf53e32727ac67b7a8feef5fb7f12190b5fc4dcf1c1c07d0f62a398daa726d776c988372308b1e964a54b0241312515d243a5f88709be41

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - jruby-19mode
+  - rbx-19mode
+script: bundle exec rake spec

data/Contributors.rdoc

@@ -19,3 +19,4 @@ Contributions since:
 * Derek Harmel (derekharmel)
 * Erik Hetzner (egh)
 * nowhereman
+* David J. Lee (DavidJLee)

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/History.rdoc

@@ -1,3 +1,15 @@
+=== Net::LDAP 0.5.0 / 2013-07-22
+* Major changes:
+  * Required Ruby version is >=1.9.3
+* Major enhancements:
+  * Added alias dereferencing (@ngwilson)
+  * BER now unescapes characters that are already escaped in the source string (@jzinn)
+  * BerIdentifiedString will now fall back to ASCII-8 encoding if the source Ruby object cannot be encoded in UTF-8 (@lfu)
+* Bug fixes:
+  * Fixed nil variable error when following a reference response (@cmdrclueless)
+  * Fixed FilterParser unable to parse multibyte strings (@satoryu)
+  * Return ConverterNotFound when dealing with a potentially corrupt data response (@jamuc)
+
 === Net::LDAP 0.3.1 / 2012-02-15
 * Bug Fixes:
   * Bundler should now work again

data/Manifest.txt

@@ -1,6 +1,8 @@
 .autotest
 .rspec
+.travis.yml
 Contributors.rdoc
+Gemfile
 Hacking.rdoc
 History.rdoc
 License.rdoc
@@ -25,16 +27,20 @@ lib/net/ldap/entry.rb
 lib/net/ldap/filter.rb
 lib/net/ldap/password.rb
 lib/net/ldap/pdu.rb
+lib/net/ldap/version.rb
 lib/net/snmp.rb
 net-ldap.gemspec
 spec/integration/ssl_ber_spec.rb
 spec/spec.opts
 spec/spec_helper.rb
 spec/unit/ber/ber_spec.rb
+spec/unit/ber/core_ext/array_spec.rb
 spec/unit/ber/core_ext/string_spec.rb
 spec/unit/ldap/dn_spec.rb
 spec/unit/ldap/entry_spec.rb
+spec/unit/ldap/filter_parser_spec.rb
 spec/unit/ldap/filter_spec.rb
+spec/unit/ldap/search_spec.rb
 spec/unit/ldap_spec.rb
 test/common.rb
 test/test_entry.rb

data/README.rdoc

@@ -1,4 +1,4 @@
-= Net::LDAP for Ruby
+= Net::LDAP for Ruby {<img src="https://travis-ci.org/ruby-ldap/ruby-net-ldap.png" />}[https://travis-ci.org/ruby-ldap/ruby-net-ldap]
 
 == Description
 
@@ -30,7 +30,7 @@ See Net::LDAP for documentation and usage samples.
 
 == Requirements
 
-Net::LDAP requires a Ruby 1.8.7 interpreter or better.
+Net::LDAP requires a Ruby 1.9.3 compatible interpreter or better.
 
 == Install
 
@@ -42,11 +42,6 @@ sources.
 
 Simply require either 'net-ldap' or 'net/ldap'.
 
-For non-RubyGems installations of Net::LDAP, you can use Minero Aoki's
-{setup.rb}[http://i.loveruby.net/en/projects/setup/] as the layout of
-Net::LDAP is compliant. The setup installer is not included in the
-Net::LDAP repository.
-
 :include: Contributors.rdoc
 
 :include: License.rdoc

data/Rakefile

@@ -8,18 +8,20 @@ Hoe.plugin :git
 Hoe.plugin :gemspec
 
 Hoe.spec 'net-ldap' do |spec|
-  spec.rubyforge_name = spec.name
+  # spec.rubyforge_name = spec.name
 
   spec.developer("Francis Cianfrocca", "blackhedd@rubyforge.org")
   spec.developer("Emiel van de Laar", "gemiel@gmail.com")
   spec.developer("Rory O'Connell", "rory.ocon@gmail.com")
   spec.developer("Kaspar Schiess", "kaspar.schiess@absurd.li")
   spec.developer("Austin Ziegler", "austin@rubyforge.org")
+  spec.developer("Michael Schaarschmidt", "michael@schaaryworks.com")
 
   spec.remote_rdoc_dir = ''
   spec.rsync_args << ' --exclude=statsvn/'
 
-  spec.url = %W(http://rubyldap.com/ https://github.com/ruby-ldap/ruby-net-ldap)
+  spec.urls = %w(http://rubyldap.com/' 'https://github.com/ruby-ldap/ruby-net-ldap)
+  spec.licenses = ['MIT']
 
   spec.history_file = 'History.rdoc'
   spec.readme_file = 'README.rdoc'
@@ -29,7 +31,7 @@ Hoe.spec 'net-ldap' do |spec|
   spec.extra_dev_deps << [ "hoe-git", "~> 1" ]
   spec.extra_dev_deps << [ "hoe-gemspec", "~> 1" ]
   spec.extra_dev_deps << [ "metaid", "~> 1" ]
-  spec.extra_dev_deps << [ "flexmock", "~> 0.9.0" ]
+  spec.extra_dev_deps << [ "flexmock", ">= 1.3.0" ]
   spec.extra_dev_deps << [ "rspec", "~> 2.0" ]
 
   spec.clean_globs << "coverage"

data/lib/net/ber.rb

@@ -1,4 +1,6 @@
 # -*- ruby encoding: utf-8 -*-
+require 'net/ldap/version'
+
 module Net # :nodoc:
   ##
   # == Basic Encoding Rules (BER) Support Module
@@ -106,7 +108,7 @@ module Net # :nodoc:
   # <tr><th>BMPString</th><th>C</th><td>30: 62 (0x3e, 0b00111110)</td></tr>
   # </table>
   module BER
-    VERSION = '0.3.1'
+    VERSION = Net::LDAP::VERSION
 
     ##
     # Used for BER-encoding the length and content bytes of a Fixnum integer
@@ -296,7 +298,7 @@ class Net::BER::BerIdentifiedString < String
   def initialize args
     super args
     # LDAP uses UTF-8 encoded strings
-    force_encoding('UTF-8') if respond_to?(:encoding)
+    self.encode('UTF-8') if self.respond_to?(:encoding) rescue self
   end
 end
 

data/lib/net/ber/core_ext/array.rb

@@ -79,4 +79,18 @@ module Net::BER::Extensions::Array
     oid = ary.pack("w*")
     [6, oid.length].pack("CC") + oid
   end
+
+  ##
+  # Converts an array into a set of ber control codes
+  # The expected format is [[control_oid, criticality, control_value(optional)]]
+  #   [['1.2.840.113556.1.4.805',true]]
+  #
+  def to_ber_control
+    #if our array does not contain at least one array then wrap it in an array before going forward
+    ary = self[0].kind_of?(Array) ? self : [self]
+    ary = ary.collect do |control_sequence|
+      control_sequence.collect{|element| element.to_ber}.to_ber_sequence.reject_empty_ber_arrays
+    end
+    ary.to_ber_sequence.reject_empty_ber_arrays
+  end
 end

data/lib/net/ber/core_ext/string.rb

@@ -16,11 +16,25 @@ module Net::BER::Extensions::String
     [code].pack('C') + raw_string.length.to_ber_length_encoding + raw_string
   end
 
+	##
+	# Converts a string to a BER string but does *not* encode to UTF-8 first.
+	# This is required for proper representation of binary data for Microsoft
+	# Active Directory
+	def to_ber_bin(code = 0x04)
+		[code].pack('C') + length.to_ber_length_encoding + self
+	end
+
   def raw_utf8_encoded
     if self.respond_to?(:encode)
       # Strings should be UTF-8 encoded according to LDAP.
       # However, the BER code is not necessarily valid UTF-8
-      self.encode('UTF-8').force_encoding('ASCII-8BIT')
+      begin
+        self.encode('UTF-8').force_encoding('ASCII-8BIT')
+      rescue Encoding::UndefinedConversionError
+        self
+      rescue Encoding::ConverterNotFoundError
+        return self
+      end
     else
       self
     end
@@ -46,15 +60,19 @@ module Net::BER::Extensions::String
   def read_ber(syntax = nil)
     StringIO.new(self).read_ber(syntax)
   end
-  
+
   ##
-  # Destructively reads a BER object from the string. 
+  # Destructively reads a BER object from the string.
   def read_ber!(syntax = nil)
     io = StringIO.new(self)
 
     result = io.read_ber(syntax)
     self.slice!(0...io.pos)
-    
+
     return result
   end
+
+  def reject_empty_ber_arrays
+    self.gsub(/0\000/n,'')
+  end
 end

data/lib/net/ldap.rb

@@ -23,6 +23,7 @@ require 'net/ldap/filter'
 require 'net/ldap/dataset'
 require 'net/ldap/password'
 require 'net/ldap/entry'
+require 'net/ldap/version'
 
 # == Quick-start for the Impatient
 # === Quick Example of a user-authentication against an LDAP directory:
@@ -241,7 +242,6 @@ require 'net/ldap/entry'
 # and then keeps it open while it executes a user-supplied block.
 # Net::LDAP#open closes the connection on completion of the block.
 class Net::LDAP
-  VERSION = "0.3.1"
 
   class LdapError < StandardError; end
 
@@ -251,6 +251,12 @@ class Net::LDAP
   SearchScopes = [ SearchScope_BaseObject, SearchScope_SingleLevel,
     SearchScope_WholeSubtree ]
 
+  DerefAliases_Never = 0
+  DerefAliases_Search = 1
+  DerefAliases_Find = 2
+  DerefAliases_Always = 3
+  DerefAliasesArray = [ DerefAliases_Never, DerefAliases_Search, DerefAliases_Find, DerefAliases_Always ]
+  
   primitive = { 2 => :null } # UnbindRequest body
   constructed = {
     0 => :array, # BindRequest
@@ -308,6 +314,7 @@ class Net::LDAP
   DefaultPort = 389
   DefaultAuth = { :method => :anonymous }
   DefaultTreebase = "dc=com"
+	DefaultForceNoPage = false
 
   StartTlsOid = "1.3.6.1.4.1.1466.20037"
 
@@ -322,6 +329,7 @@ class Net::LDAP
     14 => "saslBindInProgress",
     16 => "No Such Attribute",
     17 => "Undefined Attribute Type",
+    19 => "Constraint Violation",
     20 => "Attribute or Value Exists",
     32 => "No Such Object",
     34 => "Invalid DN Syntax",
@@ -335,8 +343,11 @@ class Net::LDAP
     68 => "Entry Already Exists"
   }
 
-  module LdapControls
-    PagedResults = "1.2.840.113556.1.4.319" # Microsoft evil from RFC 2696
+  module LDAPControls
+    PAGED_RESULTS = "1.2.840.113556.1.4.319" # Microsoft evil from RFC 2696
+    SORT_REQUEST  = "1.2.840.113556.1.4.473"
+    SORT_RESPONSE = "1.2.840.113556.1.4.474"
+    DELETE_TREE   = "1.2.840.113556.1.4.805"
   end
 
   def self.result2string(code) #:nodoc:
@@ -370,6 +381,8 @@ class Net::LDAP
   #   specifying the Hash {:method => :simple_tls}. There is a fairly large
   #   range of potential values that may be given for this parameter. See
   #   #encryption for details.
+  # * :force_no_page => Set to true to prevent paged results even if your
+  #   server says it supports them. This is a fix for MS Active Directory
   #
   # Instantiating a Net::LDAP object does <i>not</i> result in network
   # traffic to the LDAP server. It simply stores the connection and binding
@@ -380,6 +393,7 @@ class Net::LDAP
     @verbose = false # Make this configurable with a switch on the class.
     @auth = args[:auth] || DefaultAuth
     @base = args[:base] || DefaultTreebase
+		@force_no_page = args[:force_no_page] || DefaultForceNoPage
     encryption args[:encryption] # may be nil
 
     if pr = @auth[:password] and pr.respond_to?(:call)
@@ -516,15 +530,17 @@ class Net::LDAP
   # response codes instead of a simple numeric code.
   #++
   def get_operation_result
+    result = @result
+    result = result.result if result.is_a?(Net::LDAP::PDU)
     os = OpenStruct.new
-    if @result.is_a?(Hash)
+    if result.is_a?(Hash)
       # We might get a hash of LDAP response codes instead of a simple
       # numeric code.
-      os.code = (@result[:resultCode] || "").to_i
-      os.error_message = @result[:errorMessage]
-      os.matched_dn = @result[:matchedDN]
-    elsif @result
-      os.code = @result
+      os.code = (result[:resultCode] || "").to_i
+      os.error_message = result[:errorMessage]
+      os.matched_dn = result[:matchedDN]
+    elsif result
+      os.code = result
     else
       os.code = 0
     end
@@ -582,6 +598,8 @@ class Net::LDAP
   #   Net::LDAP::SearchScope_WholeSubtree. Default is WholeSubtree.)
   # * :size (an integer indicating the maximum number of search entries to
   #   return. Default is zero, which signifies no limit.)
+  # * :deref (one of: Net::LDAP::DerefAliases_Never, Net::LDAP::DerefAliases_Search,
+  #   Net::LDAP::DerefAliases_Find, Net::LDAP::DerefAliases_Always. Default is Never.)
   #
   # #search queries the LDAP server and passes <i>each entry</i> to the
   # caller-supplied block, as an object of type Net::LDAP::Entry. If the
@@ -629,11 +647,10 @@ class Net::LDAP
         yield entry if block_given?
       }
     else
-      @result = 0
       begin
         conn = Net::LDAP::Connection.new(:host => @host, :port => @port,
                                          :encryption => @encryption)
-        if (@result = conn.bind(args[:auth] || @auth)) == 0
+        if (@result = conn.bind(args[:auth] || @auth)).result_code == 0
           @result = conn.search(args) { |entry|
             result_set << entry if result_set
             yield entry if block_given?
@@ -645,9 +662,9 @@ class Net::LDAP
     end
 
     if return_result_set
-      @result == 0 ? result_set : nil
+      (!@result.nil? && @result.result_code == 0) ? result_set : nil
     else
-      @result == 0
+      @result.success?
     end
   end
 
@@ -721,7 +738,7 @@ class Net::LDAP
       end
     end
 
-    @result == 0
+    @result.success?
   end
 
   # #bind_as is for testing authentication credentials.
@@ -816,14 +833,14 @@ class Net::LDAP
       begin
         conn = Connection.new(:host => @host, :port => @port,
                               :encryption => @encryption)
-        if (@result = conn.bind(args[:auth] || @auth)) == 0
+        if (@result = conn.bind(args[:auth] || @auth)).result_code == 0
           @result = conn.add(args)
         end
       ensure
         conn.close if conn
       end
     end
-    @result == 0
+    @result.success?
   end
 
   # Modifies the attribute values of a particular entry on the LDAP
@@ -914,14 +931,15 @@ class Net::LDAP
       begin
         conn = Connection.new(:host => @host, :port => @port,
                               :encryption => @encryption)
-        if (@result = conn.bind(args[:auth] || @auth)) == 0
+        if (@result = conn.bind(args[:auth] || @auth)).result_code == 0
           @result = conn.modify(args)
         end
       ensure
         conn.close if conn
       end
     end
-    @result == 0
+
+    @result.success?
   end
 
   # Add a value to an attribute. Takes the full DN of the entry to modify,
@@ -985,14 +1003,14 @@ class Net::LDAP
       begin
         conn = Connection.new(:host => @host, :port => @port,
                               :encryption => @encryption)
-        if (@result = conn.bind(args[:auth] || @auth)) == 0
+        if (@result = conn.bind(args[:auth] || @auth)).result_code == 0
           @result = conn.rename(args)
         end
       ensure
         conn.close if conn
       end
     end
-    @result == 0
+    @result.success?
   end
   alias_method :modify_rdn, :rename
 
@@ -1013,16 +1031,29 @@ class Net::LDAP
       begin
         conn = Connection.new(:host => @host, :port => @port,
                               :encryption => @encryption)
-        if (@result = conn.bind(args[:auth] || @auth)) == 0
+        if (@result = conn.bind(args[:auth] || @auth)).result_code == 0
           @result = conn.delete(args)
         end
       ensure
         conn.close
       end
     end
-    @result == 0
+    @result.success?
   end
 
+  # Delete an entry from the LDAP directory along with all subordinate entries.
+  # the regular delete method will fail to delete an entry if it has subordinate
+  # entries. This method sends an extra control code to tell the LDAP server
+  # to do a tree delete. ('1.2.840.113556.1.4.805')
+  #
+  # Returns True or False to indicate whether the delete succeeded. Extended
+  # status information is available by calling #get_operation_result.
+  #
+  #  dn = "mail=deleteme@example.com, ou=people, dc=example, dc=com"
+  #  ldap.delete_tree :dn => dn
+  def delete_tree(args)
+    delete(args.merge(:control_codes => [[Net::LDAP::LDAPControls::DELETE_TREE, true]]))
+  end
   # This method is experimental and subject to change. Return the rootDSE
   # record from the LDAP server as a Net::LDAP::Entry, or an empty Entry if
   # the server doesn't return the record.
@@ -1092,8 +1123,12 @@ class Net::LDAP
   # MUST refactor the root_dse call out.
   #++
   def paged_searches_supported?
+		# active directory returns that it supports paged results. However
+		# it returns binary data in the rfc2696_cookie which throws an
+		# encoding exception breaking searching.		
+		return false if @force_no_page
     @server_caps ||= search_root_dse
-    @server_caps[:supportedcontrol].include?(Net::LDAP::LdapControls::PagedResults)
+    @server_caps[:supportedcontrol].include?(Net::LDAP::LDAPControls::PAGED_RESULTS)
   end
 end # class LDAP
 
@@ -1237,7 +1272,7 @@ class Net::LDAP::Connection #:nodoc:
 
     (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::LdapError, "no bind result"
 
-    pdu.result_code
+    pdu
   end
 
   #--
@@ -1275,7 +1310,7 @@ class Net::LDAP::Connection #:nodoc:
       @conn.write request_pkt
 
       (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::LdapError, "no bind result"
-      return pdu.result_code unless pdu.result_code == 14 # saslBindInProgress
+      return pdu unless pdu.result_code == 14 # saslBindInProgress
       raise Net::LDAP::LdapError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges)
 
       cred = chall.call(pdu.result_server_sasl_creds)
@@ -1315,6 +1350,35 @@ class Net::LDAP::Connection #:nodoc:
   end
   private :bind_gss_spnego
 
+
+  #--
+  # Allow the caller to specify a sort control
+  #
+  # The format of the sort control needs to be:
+  #
+  # :sort_control => ["cn"]  # just a string
+  # or
+  # :sort_control => [["cn", "matchingRule", true]] #attribute, matchingRule, direction (true / false)
+  # or
+  # :sort_control => ["givenname","sn"] #multiple strings or arrays
+  #
+  def encode_sort_controls(sort_definitions)
+    return sort_definitions unless sort_definitions
+
+    sort_control_values = sort_definitions.map do |control|
+      control = Array(control) # if there is only an attribute name as a string then infer the orderinrule and reverseorder
+      control[0] = String(control[0]).to_ber,
+      control[1] = String(control[1]).to_ber,
+      control[2] = (control[2] == true).to_ber
+      control.to_ber_sequence
+    end
+    sort_control = [
+      Net::LDAP::LDAPControls::SORT_REQUEST.to_ber,
+      false.to_ber,
+      sort_control_values.to_ber_sequence.to_s.to_ber
+    ].to_ber_sequence
+  end
+
   #--
   # Alternate implementation, this yields each search entry to the caller as
   # it are received.
@@ -1340,6 +1404,12 @@ class Net::LDAP::Connection #:nodoc:
     scope = args[:scope] || Net::LDAP::SearchScope_WholeSubtree
     raise Net::LDAP::LdapError, "invalid search scope" unless Net::LDAP::SearchScopes.include?(scope)
 
+    sort_control = encode_sort_controls(args.fetch(:sort_controls){ false })
+
+	deref = args[:deref] || Net::LDAP::DerefAliases_Never
+	raise Net::LDAP::LdapError.new( "invalid alias dereferencing value" ) unless Net::LDAP::DerefAliasesArray.include?(deref)
+
+	
     # An interesting value for the size limit would be close to A/D's
     # built-in page limit of 1000 records, but openLDAP newer than version
     # 2.2.0 chokes on anything bigger than 126. You get a silent error that
@@ -1361,7 +1431,7 @@ class Net::LDAP::Connection #:nodoc:
     # to do a root-DSE record search and not do a paged search if the LDAP
     # doesn't support it. Yuck.
     rfc2696_cookie = [126, ""]
-    result_code = 0
+    result_pdu = nil
     n_results = 0
 
     loop {
@@ -1379,7 +1449,7 @@ class Net::LDAP::Connection #:nodoc:
       request = [
         search_base.to_ber,
         scope.to_ber_enumerated,
-        0.to_ber_enumerated,
+        deref.to_ber_enumerated,
         query_limit.to_ber, # size limit
         0.to_ber,
         attributes_only.to_ber,
@@ -1387,20 +1457,25 @@ class Net::LDAP::Connection #:nodoc:
         search_attributes.to_ber_sequence
       ].to_ber_appsequence(3)
 
+			# rfc2696_cookie sometimes contains binary data from Microsoft Active Directory
+			# this breaks when calling to_ber. (Can't force binary data to UTF-8)
+			# we have to disable paging (even though server supports it) to get around this...
+
       controls = []
       controls <<
         [
-          Net::LDAP::LdapControls::PagedResults.to_ber,
+          Net::LDAP::LDAPControls::PAGED_RESULTS.to_ber,
           # Criticality MUST be false to interoperate with normal LDAPs.
           false.to_ber,
           rfc2696_cookie.map{ |v| v.to_ber}.to_ber_sequence.to_s.to_ber
         ].to_ber_sequence if paged_searches_supported
+      controls << sort_control if sort_control
       controls = controls.empty? ? nil : controls.to_ber_contextspecific(0)
 
       pkt = [next_msgid.to_ber, request, controls].compact.to_ber_sequence
       @conn.write pkt
 
-      result_code = 0
+      result_pdu = nil
       controls = []
 
       while (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be))
@@ -1417,9 +1492,9 @@ class Net::LDAP::Connection #:nodoc:
             end
           end
         when 5 # search-result
-          result_code = pdu.result_code
+          result_pdu = pdu
           controls = pdu.result_controls
-          if return_referrals && result_code == 10
+          if return_referrals && pdu.result_code == 10
             if block_given?
               se = Net::LDAP::Entry.new
               se[:search_referrals] = (pdu.search_referrals || [])
@@ -1443,9 +1518,9 @@ class Net::LDAP::Connection #:nodoc:
       # of type OCTET STRING, covered in the default syntax supported by
       # read_ber, so I guess we're ok.
       more_pages = false
-      if result_code == 0 and controls
+      if result_pdu.result_code == 0 and controls
         controls.each do |c|
-          if c.oid == Net::LDAP::LdapControls::PagedResults
+          if c.oid == Net::LDAP::LDAPControls::PAGED_RESULTS
             # just in case some bogus server sends us more than 1 of these.
             more_pages = false
             if c.value and c.value.length > 0
@@ -1462,7 +1537,7 @@ class Net::LDAP::Connection #:nodoc:
       break unless more_pages
     } # loop
 
-    result_code
+    result_pdu || OpenStruct.new(:status => :failure, :result_code => 1, :message => "Invalid search")
   end
 
   MODIFY_OPERATIONS = { #:nodoc:
@@ -1502,7 +1577,8 @@ class Net::LDAP::Connection #:nodoc:
     @conn.write pkt
 
     (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 7) or raise Net::LDAP::LdapError, "response missing or invalid"
-    pdu.result_code
+
+    pdu
   end
 
   #--
@@ -1523,21 +1599,25 @@ class Net::LDAP::Connection #:nodoc:
     pkt = [next_msgid.to_ber, request].to_ber_sequence
     @conn.write pkt
 
-    (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 9) or raise Net::LDAP::LdapError, "response missing or invalid"
-    pdu.result_code
+    (be = @conn.read_ber(Net::LDAP::AsnSyntax)) &&
+      (pdu = Net::LDAP::PDU.new(be)) &&
+      (pdu.app_tag == 9) or
+      raise Net::LDAP::LdapError, "response missing or invalid"
+
+    pdu
   end
 
   #--
   # TODO: need to support a time limit, in case the server fails to respond.
   #++
-  def rename args
+  def rename(args)
     old_dn = args[:olddn] or raise "Unable to rename empty DN"
     new_rdn = args[:newrdn] or raise "Unable to rename to empty RDN"
     delete_attrs = args[:delete_attributes] ? true : false
     new_superior = args[:new_superior]
 
     request = [old_dn.to_ber, new_rdn.to_ber, delete_attrs.to_ber]
-    request << new_superior.to_ber unless new_superior == nil
+    request << new_superior.to_ber_contextspecific(0) unless new_superior == nil
 
     pkt = [next_msgid.to_ber, request.to_ber_appsequence(12)].to_ber_sequence
     @conn.write pkt
@@ -1545,7 +1625,8 @@ class Net::LDAP::Connection #:nodoc:
     (be = @conn.read_ber(Net::LDAP::AsnSyntax)) &&
     (pdu = Net::LDAP::PDU.new( be )) && (pdu.app_tag == 13) or
     raise Net::LDAP::LdapError.new( "response missing or invalid" )
-    pdu.result_code
+
+    pdu
   end
 
   #--
@@ -1553,12 +1634,13 @@ class Net::LDAP::Connection #:nodoc:
   #++
   def delete(args)
     dn = args[:dn] or raise "Unable to delete empty DN"
-
+    controls = args.include?(:control_codes) ? args[:control_codes].to_ber_control : nil #use nil so we can compact later
     request = dn.to_s.to_ber_application_string(10)
-    pkt = [next_msgid.to_ber, request].to_ber_sequence
+    pkt = [next_msgid.to_ber, request, controls].compact.to_ber_sequence
     @conn.write pkt
 
     (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 11) or raise Net::LDAP::LdapError, "response missing or invalid"
-    pdu.result_code
+
+    pdu
   end
 end # class Connection