RubyGems - rom-ldap - Versions diffs - 0.2.2 - Mend

rom-ldap 0.2.2

Files changed (104) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +251 -0
data/CONTRIBUTING.md +18 -0
data/README.md +172 -0
data/TODO.md +33 -0
data/config/responses.yml +328 -0
data/lib/dry/monitor/ldap/colorizers/default.rb +17 -0
data/lib/dry/monitor/ldap/colorizers/rouge.rb +31 -0
data/lib/dry/monitor/ldap/logger.rb +58 -0
data/lib/rom-ldap.rb +1 -0
data/lib/rom/ldap.rb +22 -0
data/lib/rom/ldap/alias.rb +30 -0
data/lib/rom/ldap/associations.rb +6 -0
data/lib/rom/ldap/associations/core.rb +23 -0
data/lib/rom/ldap/associations/many_to_many.rb +18 -0
data/lib/rom/ldap/associations/many_to_one.rb +22 -0
data/lib/rom/ldap/associations/one_to_many.rb +32 -0
data/lib/rom/ldap/associations/one_to_one.rb +19 -0
data/lib/rom/ldap/associations/self_ref.rb +35 -0
data/lib/rom/ldap/attribute.rb +327 -0
data/lib/rom/ldap/client.rb +185 -0
data/lib/rom/ldap/client/authentication.rb +118 -0
data/lib/rom/ldap/client/operations.rb +233 -0
data/lib/rom/ldap/commands.rb +6 -0
data/lib/rom/ldap/commands/create.rb +41 -0
data/lib/rom/ldap/commands/delete.rb +17 -0
data/lib/rom/ldap/commands/update.rb +35 -0
data/lib/rom/ldap/constants.rb +193 -0
data/lib/rom/ldap/dataset.rb +286 -0
data/lib/rom/ldap/dataset/conversion.rb +62 -0
data/lib/rom/ldap/dataset/dsl.rb +299 -0
data/lib/rom/ldap/dataset/persistence.rb +44 -0
data/lib/rom/ldap/directory.rb +126 -0
data/lib/rom/ldap/directory/capabilities.rb +71 -0
data/lib/rom/ldap/directory/entry.rb +200 -0
data/lib/rom/ldap/directory/env.rb +155 -0
data/lib/rom/ldap/directory/operations.rb +282 -0
data/lib/rom/ldap/directory/password.rb +122 -0
data/lib/rom/ldap/directory/root.rb +187 -0
data/lib/rom/ldap/directory/tokenization.rb +66 -0
data/lib/rom/ldap/directory/transactions.rb +31 -0
data/lib/rom/ldap/directory/vendors/active_directory.rb +129 -0
data/lib/rom/ldap/directory/vendors/apache_ds.rb +27 -0
data/lib/rom/ldap/directory/vendors/e_directory.rb +16 -0
data/lib/rom/ldap/directory/vendors/open_directory.rb +12 -0
data/lib/rom/ldap/directory/vendors/open_dj.rb +25 -0
data/lib/rom/ldap/directory/vendors/open_ldap.rb +35 -0
data/lib/rom/ldap/directory/vendors/three_eight_nine.rb +16 -0
data/lib/rom/ldap/directory/vendors/unknown.rb +22 -0
data/lib/rom/ldap/dsl.rb +76 -0
data/lib/rom/ldap/errors.rb +47 -0
data/lib/rom/ldap/expression.rb +77 -0
data/lib/rom/ldap/expression_encoder.rb +174 -0
data/lib/rom/ldap/extensions.rb +50 -0
data/lib/rom/ldap/extensions/active_support_notifications.rb +26 -0
data/lib/rom/ldap/extensions/compatibility.rb +11 -0
data/lib/rom/ldap/extensions/dsml.rb +165 -0
data/lib/rom/ldap/extensions/msgpack.rb +23 -0
data/lib/rom/ldap/extensions/optimised_json.rb +25 -0
data/lib/rom/ldap/extensions/rails_log_subscriber.rb +38 -0
data/lib/rom/ldap/formatter.rb +26 -0
data/lib/rom/ldap/functions.rb +207 -0
data/lib/rom/ldap/gateway.rb +145 -0
data/lib/rom/ldap/ldif.rb +74 -0
data/lib/rom/ldap/ldif/exporter.rb +77 -0
data/lib/rom/ldap/ldif/importer.rb +95 -0
data/lib/rom/ldap/mapper_compiler.rb +19 -0
data/lib/rom/ldap/matchers.rb +69 -0
data/lib/rom/ldap/message_queue.rb +7 -0
data/lib/rom/ldap/oid.rb +101 -0
data/lib/rom/ldap/parsers/abstract_syntax.rb +91 -0
data/lib/rom/ldap/parsers/attribute.rb +290 -0
data/lib/rom/ldap/parsers/filter_syntax.rb +133 -0
data/lib/rom/ldap/pdu.rb +285 -0
data/lib/rom/ldap/plugin/pagination.rb +145 -0
data/lib/rom/ldap/plugins.rb +7 -0
data/lib/rom/ldap/projection_dsl.rb +38 -0
data/lib/rom/ldap/relation.rb +135 -0
data/lib/rom/ldap/relation/exporting.rb +72 -0
data/lib/rom/ldap/relation/reading.rb +461 -0
data/lib/rom/ldap/relation/writing.rb +64 -0
data/lib/rom/ldap/responses.rb +17 -0
data/lib/rom/ldap/restriction_dsl.rb +45 -0
data/lib/rom/ldap/schema.rb +123 -0
data/lib/rom/ldap/schema/attributes_inferrer.rb +59 -0
data/lib/rom/ldap/schema/dsl.rb +13 -0
data/lib/rom/ldap/schema/inferrer.rb +50 -0
data/lib/rom/ldap/schema/type_builder.rb +133 -0
data/lib/rom/ldap/scope.rb +19 -0
data/lib/rom/ldap/search_request.rb +249 -0
data/lib/rom/ldap/socket.rb +210 -0
data/lib/rom/ldap/tasks/ldap.rake +103 -0
data/lib/rom/ldap/tasks/ldif.rake +80 -0
data/lib/rom/ldap/transaction.rb +29 -0
data/lib/rom/ldap/type_map.rb +88 -0
data/lib/rom/ldap/types.rb +158 -0
data/lib/rom/ldap/version.rb +17 -0
data/lib/rom/plugins/relation/ldap/active_directory.rb +182 -0
data/lib/rom/plugins/relation/ldap/auto_restrictions.rb +69 -0
data/lib/rom/plugins/relation/ldap/e_directory.rb +27 -0
data/lib/rom/plugins/relation/ldap/instrumentation.rb +35 -0
data/lib/rouge/lexers/ldap.rb +72 -0
data/lib/rouge/themes/ldap.rb +49 -0
metadata +231 -0

data/lib/rom/ldap/tasks/ldap.rake ADDED Viewed

@@ -0,0 +1,103 @@
+#
+# Leverage LDAP env variables or RC files.
+#
+# @note
+#   Any LDAPURI must be compatible with ldapmodify.
+#
+# @example
+#   load 'rom/ldap/tasks/ldap.rake'
+#
+require 'pathname'
+require 'pry'
+module ROM
+  module LDAP
+    #
+    # `$ ldapmodify -a -H ldap://127.0.0.1:3389 -D 'cn=Directory Manager'
+    #     -w 'topsecret' -c -v -f spec/fixtures/ldif/examples/users.ldif`
+    #
+    module RakeSupport
+      module_function
+      def message
+        puts "Using #{root}, alternatively set LDAPDIR=/path/to/root"
+        puts
+        puts "=========================================="
+      end
+      # ldapsearch with simple authentication.
+      #
+      def search(attrs:, filter:)
+        puts 'ldapsearch is not installed!' if ldapsearch.empty?
+        system(ldapsearch, '-x', *auth, filter, *attrs.split('.'))
+      end
+      # ldapmodify with simple authentication and continuous operation.
+      #
+      def modify(dir: root)
+        puts 'ldapmodify is not installed!' if ldapmodify.empty?
+        Dir.glob("#{dir}/*.ldif") do |file|
+          system(ldapmodify, '-x', *auth, '-a', '-c', '-v', '-f', file)
+        end
+      end
+      private_instance_methods
+      def root
+        Pathname(ENV['LDAPDIR'] || Dir.pwd)
+      end
+      def auth
+        abort('LDAPBINDDN and LDAPBINDPW are not set') unless ENV['LDAPBINDDN'] && ENV['LDAPBINDPW']
+        ['-D', ENV['LDAPBINDDN'], '-w', ENV['LDAPBINDPW']]
+      end
+      def ldapsearch
+        `which ldapsearch`.strip
+      end
+      def ldapmodify
+        `which ldapmodify`.strip
+      end
+    end
+  end
+end
+namespace :ldap do
+  task :env do
+    ROM::LDAP::RakeSupport.message
+  end
+  # Iterate through *.ldif files in a folder.
+  #
+  # @example
+  #
+  #   $ LDAPURI=ldap://127.0.0.1:3389 \
+  #     LDAPBINDDN='cn=Directory Manager' \
+  #     LDAPBINDPW=topsecret \
+  #     LDAPDIR=./spec/fixtures/ldif \
+  #     rake ldap:modify
+  #
+  desc 'Use ldapmodify'
+  task :modify, [:dir] => :env do |_t, args|
+    ROM::LDAP::RakeSupport.modify(args)
+  end
+  # 'LDAPBASE=dc=foo ldap:search[cn=*foo,gn.sn]'
+  #
+  # @example
+  #   $ rake ldap:search
+  #   $ rake ldap:search[cn=*41,uid.mail.sn]
+  #   $ rake ldap:search[gn=adele]
+  #   $ rake ldap:search[userid=adele*]
+  #
+  desc 'Use ldapsearch'
+  task :search, [:filter, :attrs] => :env do |_t, args|
+    args.with_defaults(attrs: "+ \\*", filter: '(objectClass=*)')
+    ROM::LDAP::RakeSupport.search(args)
+  end
+end

data/lib/rom/ldap/tasks/ldif.rake ADDED Viewed

@@ -0,0 +1,80 @@
+# @example
+#   load 'rom/ldap/tasks/ldif.rake'
+require 'rom/ldap'
+module ROM
+  module LDAP
+    module RakeSupport
+      module_function
+      def directory
+        @directory ||= config.gateways[:default].directory
+      end
+      private_instance_methods
+      def config
+        @config ||= ROM::Configuration.new(:ldap)
+      end
+      def container
+        @container ||= ROM.container(config)
+      end
+    end
+  end
+end
+namespace :ldif do
+  task :env do
+    # ENV['DEBUG'] = 'y'
+  end
+  #
+  # Parse and import LDIF file
+  # rake 'ldif:import[examples/users.ldif]'
+  #
+  desc 'import'
+  task :import, [:file] => :env do |_t, args|
+    abort 'file is required' unless args[:file]
+    timer   = Time.now.utc
+    counter = 0
+    ROM::LDAP::LDIF(File.read(args[:file])) do |entry|
+      counter += 1
+      ROM::LDAP::RakeSupport.directory.add(entry)
+    end
+    duration = Time.now.utc - timer
+    puts "========================================="
+    puts "#{counter} entries in #{duration} seconds"
+  end
+  #
+  # Print LDIF
+  # rake 'ldif:export[(cn=*)]'
+  #
+  desc 'export'
+  task :export, [:filter] => :env do |_t, args|
+    args.with_defaults(filter: '(objectClass=*)')
+    using ROM::LDAP::LDIF
+    directory = ROM::LDAP::RakeSupport.directory
+    dataset   = ROM::LDAP::Dataset.new(directory: directory, name: args[:filter])
+    puts "#"
+    puts "# #{Time.now}"
+    puts "# ========================================="
+    puts ""
+    puts dataset.export.to_ldif
+  end
+end

data/lib/rom/ldap/transaction.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module ROM
+  module LDAP
+    # Work in progress
+    #
+    # @see https://tools.ietf.org/html/rfc5805
+    #
+    # @api private
+    class Transaction < ::ROM::Transaction
+      attr_reader :directory
+      private :directory
+      def initialize(directory)
+        @directory = directory
+      end
+      # rubocop:disable Lint/SuppressedException
+      def run(opts = EMPTY_OPTS)
+        directory.transaction(opts) { yield(self) }
+      rescue ::ROM::Transaction::Rollback
+        # noop
+      end
+      # rubocop:enable Lint/SuppressedException
+    end
+  end
+end

data/lib/rom/ldap/type_map.rb ADDED Viewed

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+# rubocop:disable Layout/HashAlignment
+module ROM
+  module LDAP
+    # LDAPv3 Syntaxes
+    #
+    # @see https://ldapwiki.com/wiki/LDAPSyntaxes
+    #
+    OID_TYPE_MAP = {
+      '1.3.6.1.1.16.1'                =>  'String',     # UUID
+      '1.3.6.1.4.1.1466.115.121.1.1'  =>  'String',     # ACI Item
+      '1.3.6.1.4.1.1466.115.121.1.2'  =>  'String',     # Access Point
+      '1.3.6.1.4.1.1466.115.121.1.3'  =>  'String',     # Attribute Type Description
+      '1.3.6.1.4.1.1466.115.121.1.4'  =>  'Binary',     # Audio
+      '1.3.6.1.4.1.1466.115.121.1.5'  =>  'Binary',     # Binary
+      '1.3.6.1.4.1.1466.115.121.1.6'  =>  'String',     # Bit String
+      '1.3.6.1.4.1.1466.115.121.1.7'  =>  'Bool',       # Boolean
+      '1.3.6.1.4.1.1466.115.121.1.8'  =>  'String',     # Certificate
+      '1.3.6.1.4.1.1466.115.121.1.9'  =>  'String',     # Certificate List
+      '1.3.6.1.4.1.1466.115.121.1.10' =>  'String',     # Certificate Pair
+      '1.3.6.1.4.1.1466.115.121.1.11' =>  'String',     # Country String - IA5 ISO-646 (ASCII). Limited to exactly two characters describing the ISO 3166 country code.
+      '1.3.6.1.4.1.1466.115.121.1.12' =>  'String',     # DN
+      '1.3.6.1.4.1.1466.115.121.1.13' =>  'String',     # Data Quality Syntax
+      '1.3.6.1.4.1.1466.115.121.1.14' =>  'String',     # Delivery Method
+      '1.3.6.1.4.1.1466.115.121.1.15' =>  'String',     # Directory String
+      '1.3.6.1.4.1.1466.115.121.1.19' =>  'String',     # DSA Quality Syntax
+      '1.3.6.1.4.1.1466.115.121.1.20' =>  'String',     # DSE Type
+      '1.3.6.1.4.1.1466.115.121.1.21' =>  'String',     # Enhanced Guide
+      '1.3.6.1.4.1.1466.115.121.1.22' =>  'String',     # Facsimile Telephone Number
+      '1.3.6.1.4.1.1466.115.121.1.23' =>  'String',     # Fax
+      '1.3.6.1.4.1.1466.115.121.1.24' =>  'Time',       # Generalized Time
+      '1.3.6.1.4.1.1466.115.121.1.25' =>  'String',     # Guide
+      '1.3.6.1.4.1.1466.115.121.1.26' =>  'String',     # IA5String - IA5 ISO-646 (ASCII).
+      '1.3.6.1.4.1.1466.115.121.1.27' =>  'Integer',    # INTEGER - IntegerMatch / integerOrderingMatch
+      '1.3.6.1.4.1.1466.115.121.1.28' =>  'Binary',     # JPEG - RFC2798: Joint Photographic Experts Group (JPEG) image syntax from inetOrgPerson object class schema.
+      '1.3.6.1.4.1.1466.115.121.1.32' =>  'String',     # Mail Preference
+      '1.3.6.1.4.1.1466.115.121.1.34' =>  'String',     # Name And Optional UID
+      '1.3.6.1.4.1.1466.115.121.1.35' =>  'String',     # Name Form Description
+      '1.3.6.1.4.1.1466.115.121.1.36' =>  'Integer',    # Numeric String - IA5 ISO-646 (ASCII).
+      '1.3.6.1.4.1.1466.115.121.1.37' =>  'String',     # Object Class Description
+      '1.3.6.1.4.1.1466.115.121.1.38' =>  'String',     # OID
+      '1.3.6.1.4.1.1466.115.121.1.39' =>  'String',     # Other Mailbox
+      '1.3.6.1.4.1.1466.115.121.1.40' =>  'String',     # Octet String - Treated as transparent 8-bit bytes. (passwords)
+      '1.3.6.1.4.1.1466.115.121.1.41' =>  'String',     # Postal Address - UTF-8 ISO-10646 (Unicode). Split by dollar sign "$".
+      '1.3.6.1.4.1.1466.115.121.1.42' =>  'String',     # Protocol Information
+      '1.3.6.1.4.1.1466.115.121.1.43' =>  'String',     # Presentation Address
+      '1.3.6.1.4.1.1466.115.121.1.44' =>  'String',     # Printable String
+      '1.3.6.1.4.1.1466.115.121.1.50' =>  'String',     # Telephone Number
+      '1.3.6.1.4.1.1466.115.121.1.51' =>  'String',     # Teletex Terminal Identifier
+      '1.3.6.1.4.1.1466.115.121.1.52' =>  'String',     # Telex Number
+      '1.3.6.1.4.1.1466.115.121.1.53' =>  'Time',       # UTC Time
+      '1.3.6.1.4.1.1466.115.121.1.54' =>  'String',     # LDAP Syntax Description
+      '1.3.6.1.4.1.1466.115.121.1.56' =>  'String',     # LDAP Schema Definition
+      '1.3.6.1.4.1.1466.115.121.1.57' =>  'String',     # LDAP Schema Description
+      # Microsoft Active Directory
+      #
+      # @see https://ldapwiki.com/wiki/Microsoft%20Active%20Directory%20Syntax
+      # @see https://docs.microsoft.com/en-gb/windows/desktop/ADSchema/attributes-all
+      # @see https://docs.microsoft.com/en-us/windows/desktop/ADSI/data-type-mapping-between-active-directory-and-ldap
+      #
+      '1.2.840.113556.1.2.19'         =>  'Time',       # uSNCreated
+      '1.2.840.113556.1.2.120'        =>  'Time',       # uSNChanged
+      '1.2.840.113556.1.4.49'         =>  'Time',       # badPasswordTime
+      '1.2.840.113556.1.4.52'         =>  'Time',       # lastLogon
+      '1.2.840.113556.1.4.53'         =>  'Time',       # lastSetTime
+      '1.2.840.113556.1.4.60'         =>  'Time',       # lockoutDuration
+      '1.2.840.113556.1.4.74'         =>  'Time',       # maxPwdAge
+      '1.2.840.113556.1.4.76'         =>  'Integer',    # maxStorage
+      '1.2.840.113556.1.4.78'         =>  'Time',       # minPwdAge
+      '1.2.840.113556.1.4.96'         =>  'Time',       # pwdLastSet
+      '1.2.840.113556.1.4.159'        =>  'Time',       # accountExpires
+      '1.2.840.113556.1.4.371'        =>  'Integer',    # rIDAllocationPool
+      '1.2.840.113556.1.4.662'        =>  'Time',       # lockoutTime
+      '1.2.840.113556.1.4.903'        =>  'String',     # DNWithOctetString
+      '1.2.840.113556.1.4.904'        =>  'String',     # DNWithString
+      '1.2.840.113556.1.4.905'        =>  'String',     # Telex
+      '1.2.840.113556.1.4.906'        =>  'Integer',    # INTEGER8
+      '1.2.840.113556.1.4.907'        =>  'String',     # ObjectSecurityDescriptor
+      '1.2.840.113556.1.4.1221'       =>  'String',     # CaseIgnoreString' / ORName
+      '1.2.840.113556.1.4.1362'       =>  'String',     # CaseExactString
+      '1.2.840.113556.1.4.1696'       =>  'Time'        # lastLogonTimeStamp
+    }.freeze
+  end
+end
+# rubocop:enable Layout/HashAlignment

data/lib/rom/ldap/types.rb ADDED Viewed

@@ -0,0 +1,158 @@
+# frozen_string_literal: true
+require 'rom/types'
+require 'rom/ldap/functions'
+module ROM
+  module LDAP
+    module Types
+      include ROM::Types
+      # Protocol ldap(s) only
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      URI = Strict::String.constrained(format: LDAPURI_REGEX)
+      # Something in parentheses
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Filter = Strict::String.constrained(format: FILTER_REGEX)
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      DN = Strict::String.constrained(format: DN_REGEX)
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Direction = Strict::Symbol.constrained(included_in: %i[asc desc])
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Scope = Strict::Integer.constrained(included_in: SCOPES)
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Deref = Strict::Integer.constrained(included_in: DEREF_ALL)
+      # Abstraction of LDAP constructors and operators
+      #
+      # @return [Dry::Types::Constrained]
+      #
+      # @api public
+      Abstract = Strict::Symbol.constrained(included_in: ABSTRACTS)
+      # Compatible filter fields (formatters may symbolise)
+      #
+      # @return [Dry::Types::Sum::Constrained]
+      #
+      # @api public
+      Field = Strict::String | Strict::Symbol
+      # Compatible filter values (including wildcard abstraction)
+      #
+      # @return [Dry::Types::Sum::Constrained]
+      #
+      # @api public
+      Value = Strict::String | Strict::Integer | Strict::Float | Strict::Symbol.constrained(included_in: %i[wildcard])
+      # @example => "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD...."
+      #
+      # @return [String]
+      #
+      # @api public
+      Media = Constructor(String,  ->(v) { Functions[:mime_type].call(v[0]) })
+      #     1.3.6.1.4.1.1466.115.121.1.41
+      #
+      #     A special format which uses UTF-8 encoding of ISO-10646 (Unicode)
+      #     separated by '$' used for generating printable labels or other output.
+      #     DOES allow extended characters e.g. é, Ø, å etc.
+      #     Allows matchingRules of `caseIgnoreListMatch` and `caseIgnoreListSubstringsMatch`.
+      #
+      # @return [Array<String>]
+      #
+      # @api public
+      Address = Constructor(Array, ->(v) { v.split('$').map(&:strip) })
+      #
+      # Single Values --------
+      #
+      # @see Schema::Attribute read types
+      # @return [String]
+      #
+      # @api public
+      String = Constructor(String, ->(v) { Functions[:stringify].call(v[0]) })
+      # @return [Integer]
+      #
+      # @api public
+      Integer = Constructor(Integer, ->(v) { Functions[:map_to_integers][v][0] })
+      # @return [Symbol]
+      #
+      # @api public
+      Symbol = Constructor(Symbol, ->(v) { Functions[:map_to_symbols][v][0] })
+      # @return [Time]
+      #
+      # @api public
+      Time = Constructor(Time, ->(v) { Functions[:map_to_times][v][0] })
+      # @overload [ROM::Types::Bool]
+      #
+      # @return [Boolean]
+      #
+      # @api public
+      Bool = Constructor(Bool, ->(v) { Functions[:map_to_booleans][v][0] })
+      # @return [String]
+      #
+      # @api public
+      Binary = Constructor(String, ->(v) { Functions[:map_to_base64][v][0] }).meta(binary: true)
+      #
+      # Multiple Values --------
+      #
+      # @return [Array<String>]
+      #
+      # @api public
+      Strings = Constructor(Array, Functions[:stringify])
+      # @return [Array<Integer>]
+      #
+      # @api public
+      Integers = Constructor(Array, Functions[:map_to_integers])
+      # @return [Array<Symbol>]
+      #
+      # @api public
+      Symbols = Constructor(Array, Functions[:map_to_symbols])
+      # @return [Array<Time>]
+      #
+      # @api public
+      Times = Constructor(Array, Functions[:map_to_times])
+      # @return [Array<TrueClass, FalseClass>]
+      #
+      # @api public
+      Bools = Constructor(Array, Functions[:map_to_booleans])
+      # @return [Array<String>]
+      #
+      # @api public
+      Binaries = Constructor(Array, Functions[:map_to_base64]).meta(binary: true)
+    end
+  end
+end