rom-ldap 0.2.2

data/lib/rom/ldap/version.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ROM
+  module LDAP
+    # The major version of ROM-LDAP. Only bumped for major changes.
+    MAJOR = 0
+
+    # The minor version of ROM-LDAP. Bumped for every non-patch level release.
+    MINOR = 2
+
+    # The tiny version of ROM-LDAP. Only bumped for bugfix releases.
+    TINY  = 2
+
+    # The version of ROM-LDAP, as a string (e.g. "2.11.0")
+    VERSION = [MAJOR, MINOR, TINY].join('.').freeze
+  end
+end

data/lib/rom/plugins/relation/ldap/active_directory.rb

@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+module ROM
+  module Plugins
+    module Relation
+      module LDAP
+        # Microsoft Active Directory specific extension.
+        #
+        # @api public
+        module ActiveDirectory
+          ACCOUNT_DISABLED               = 2
+          ACCOUNT_TEMP_DUPLICATE         = 256
+          ACCOUNT_NORMAL                 = 512
+
+          DOMAIN_CONTROLLER              = 532_480
+          PREAUTH_NOT_REQUIRED           = 4_194_304 # Kerberos Preauthentication Disabled
+          ENCRYPTED_TEXT_PWD_ALLOWED     = 128
+
+          GROUP_GLOBAL                   = 2
+          GROUP_LOCAL                    = 4
+          GROUP_UNIVERSAL                = 8
+          GROUP_SECURITY_ENABLED         = 2_147_483_648
+
+          HOMEDIR_REQUIRED               = 8
+          INTERDOMAIN_TRUST_ACCOUNT      = 2048
+          LOCKOUT                        = 16
+          MNS_LOGON_ACCOUNT              = 131_072
+          NOT_DELEGATED                  = 1_048_576
+          PARTIAL_SECRETS_ACCOUNT        = 67_108_864
+
+          PASSWORD_NOT_REQUIRED          = 32
+          PASSWORD_CANT_CHANGE           = 64
+          PASSWORD_DONT_EXPIRE           = 65_536
+          SMARTCARD_REQUIRED             = 262_144 # Smart Card Login Enforced
+          PASSWORD_EXPIRED               = 8_388_608
+
+          SCRIPT                         = 1
+          SERVER_TRUST_ACCOUNT           = 8192
+          TRUSTED_FOR_DELEGATION         = 524_288
+          TRUSTED_TO_AUTH_FOR_DELEGATION = 16_777_216
+          USE_DES_KEY_ONLY               = 2_097_152
+          WORKSTATION_TRUST_ACCOUNT      = 4096
+
+          RULE_BIT = ROM::LDAP::OID[:matching_rule_bit_and]
+          RULE_CHAIN = ROM::LDAP::OID[:matching_rule_in_chain]
+
+          FLAG   = "systemFlags:#{RULE_BIT}:"
+          GROUP  = "groupType:#{RULE_BIT}:"
+          MEMBER = "memberOf:#{RULE_CHAIN}:"
+          OPTS   = "options:#{RULE_BIT}:"
+          UAC    = "userAccountControl:#{RULE_BIT}:"
+
+          #
+          # Ambiguous Name Resolution (ANR)
+          #
+          # @return [Relation]
+          #
+          # @api public
+          def ambiguous(value)
+            equal('anr' => value)
+          end
+
+          # All DC's and their versions
+          # '(&(&(&(&(samAccountType=805306369)(primaryGroupId=516))(objectCategory=computer)(operatingSystem=*))))'
+
+          #
+          # Accounts
+          #
+
+          # @return [Relation]
+          #
+          # @api public
+          def ad_accounts_all
+            equal('sAMAccountType' => 805_306_368)
+          end
+
+          # AD_USER_DISABLED = Filter::Builder.ex("userAccountControl:1.2.840.113556.1.4.803", "2")
+          #
+          # @return [Relation]
+          #
+          # @api public
+          def ad_accounts_disabled
+            ad_accounts_all.equal(UAC => ACCOUNT_DISABLED)
+          end
+
+          def ad_accounts_enabled
+            ad_accounts_all.unequal(UAC => ACCOUNT_DISABLED)
+          end
+
+          def ad_accounts_insecure
+            ad_accounts_all.equal(UAC => PASSWORD_NOT_REQUIRED)
+          end
+
+          def ad_accounts_expired_password
+            ad_accounts_all.equal(UAC => PASSWORD_EXPIRED)
+          end
+
+          def ad_accounts_permanent_password
+            ad_accounts_all.equal(UAC => PASSWORD_DONT_EXPIRE)
+          end
+
+          def ad_accounts_control(oid)
+            ad_accounts_all.equal(UAC => oid)
+          end
+
+          def ad_accounts_membership(groupdn)
+            ad_accounts_all.equal(MEMBER => groupdn)
+          end
+
+          def ad_accounts_with_email
+            ad_accounts_all.present(:mailnickname)
+          end
+
+          # FIXME: the attribute names should be original format?
+          # see for example ad_accounts_all
+          #
+          def ad_accounts_with_fax
+            ad_accounts_all.equal(proxyaddresses: 'FAX:*')
+          end
+
+          def ad_accounts_hidden_email
+            unequal(objectclass: 'publicFolder').equal(msexchhidefromaddresslists: 'TRUE')
+          end
+
+          #
+          # Groups and Objects
+          #
+
+          # @return [Relation]
+          #
+          # @api public
+          def ad_groups_security
+            equal(GROUP => GROUP_SECURITY_ENABLED)
+            # equal(grouptype: GROUP_SECURITY_ENABLED)
+          end
+
+          def ad_groups_universal
+            equal(GROUP => GROUP_UNIVERSAL)
+          end
+
+          def ad_groups_empty
+            equal(objectclass: 'group').missing(:member)
+          end
+
+          def ad_catalog_global
+            equal(objectcategory: 'nTDSDSA', OPTS => SCRIPT)
+          end
+
+          def ad_computers
+            equal(objectcategory: 'computer')
+          end
+
+          def ad_controllers
+            ad_computers.equal(UAC => SERVER_TRUST_ACCOUNT)
+          end
+
+          def ad_exchanges
+            equal(objectclass: 'msExchExchangeServer').unequal(objectclass: 'msExchExchangeServerPolicy')
+          end
+
+          def ad_contacts
+            equal(objectcategory: 'contact')
+          end
+
+          def ad_unrenamable_object
+            equal(FLAG => 134_217_728)
+          end
+
+          def ad_undeletable_object
+            equal(FLAG => -GROUP_SECURITY_ENABLED)
+          end
+        end
+      end
+    end
+  end
+end
+
+ROM.plugins do
+  adapter :ldap do
+    register :active_directory, ROM::Plugins::Relation::LDAP::ActiveDirectory, type: :relation
+  end
+end

data/lib/rom/plugins/relation/ldap/auto_restrictions.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'rom/support/notifications'
+
+module ROM
+  module Plugins
+    module Relation
+      module LDAP
+        # Generates methods for restricting relations by their indexed attributes
+        #
+        # @example
+        #   rom = ROM.container(:ldap, {}) do |config|
+        #
+        #     config.plugin(:ldap, relations: :auto_restrictions)
+        #
+        #     config.relation(:users) do
+        #       schema('(cn=*)', infer: true) do
+        #         attribute :cn, ROM::LDAP::Types::Strings.meta(index: true)
+        #       end
+        #     end
+        #   end
+        #
+        #   rom.relations[:users].by_cn('Directory Administrator')
+        #
+        # @api public
+        module AutoRestrictions
+          extend Notifications::Listener
+
+          subscribe('configuration.relations.schema.set', adapter: :ldap) do |event|
+            schema   = event[:schema]
+            relation = event[:relation]
+
+            methods, mod = AutoRestrictions.restriction_methods(schema)
+            relation.include(mod)
+
+            methods.each { |meth| relation.auto_curry(meth) }
+          end
+
+          # @api private
+          def self.restriction_methods(schema)
+            mod = Module.new
+            methods = schema.attributes.each_with_object([]) do |attribute, generated|
+              next unless attribute.indexed?
+
+              meth_name = :"by_#{attribute.name}"
+              next if generated.include?(meth_name)
+
+              mod.module_eval do
+                define_method(meth_name) do |value|
+                  where(attribute.name => value)
+                end
+              end
+
+              generated << meth_name
+            end
+
+            [methods, mod]
+          end
+        end
+      end
+    end
+  end
+end
+
+ROM.plugins do
+  adapter :ldap do
+    register :auto_restrictions, ROM::Plugins::Relation::LDAP::AutoRestrictions, type: :relation
+  end
+end

data/lib/rom/plugins/relation/ldap/e_directory.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module ROM
+  module Plugins
+    module Relation
+      module LDAP
+        # Novell eDirectory specific extension.
+        #
+        # @api public
+        module EDirectory
+          NETWARE_SERVERS = '(objectClass=ncpServer)'
+          NETWARE_VOLUMES = '(objectClass=volume)'
+          ZEN_APPLICATION = '(objectClass=appApplication)'
+
+          # @see https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
+          # dn_part_match = '(|(ou:dn:=Chicago)(ou:dn:=Miami)))'.freeze
+        end
+      end
+    end
+  end
+end
+
+ROM.plugins do
+  adapter :ldap do
+    register :e_directory, ROM::Plugins::Relation::LDAP::EDirectory, type: :relation
+  end
+end

data/lib/rom/plugins/relation/ldap/instrumentation.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'rom/plugins/relation/instrumentation'
+
+module ROM
+  module Plugins
+    module Relation
+      module LDAP
+        # @api private
+        module Instrumentation
+          def self.included(klass)
+            super
+
+            klass.class_eval do
+              include ROM::Plugins::Relation::Instrumentation
+
+              # @overload [Hash]
+              #
+              # @api private
+              def notification_payload(relation)
+                super.merge(query: relation.to_filter)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+ROM.plugins do
+  adapter :ldap do
+    register :instrumentation, ROM::Plugins::Relation::LDAP::Instrumentation, type: :relation
+  end
+end

data/lib/rouge/lexers/ldap.rb

@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*- #
+# frozen_string_literal: true
+
+module Rouge
+  module Lexers
+    class LDAP < RegexLexer
+
+      title 'LDAP'
+      desc 'the LDAP query filter format'
+      tag 'ldap'
+
+
+      EXTENSIBLE = /^([-;\w]*)(:dn)?(:(\w+|[.\w]+))?$/
+
+      OPERATORS = '[~><:]?='
+
+      CONSTRUCTORS = '&|\!|\|'
+
+
+      state :root do
+
+
+
+        # parentheses
+        # rule /\s*[()]\s*/, Punctuation, :root
+        rule %r{[()]}, Comment
+
+        # constructors &, !, |
+        # rule %r"&|\!|\|", Str::Symbol
+        rule %r{[&\!\|]}, Str::Symbol
+
+
+
+
+        # attribute name
+        # rule /\w/, Keyword
+        # rule %r"(\w)[~><:]?=", Name::Attribute
+
+        # operators
+        # rule /\s*[~><:]?=\s*/, Name::Function
+        rule %r{([~><:]?=)}, Operator
+
+        rule %r{[~><:]?=(\w+)}, Keyword
+
+        # rule /\s*[~><:]?=\s*/ do
+        #    groups Name::Function
+        #    push :root
+        #  end
+
+        # numeric values
+        # rule /\s*\d\s*/, Num::Integer
+
+
+        # wild and boolean values
+        rule %r{\*|TRUE|FALSE}, Name::Tag
+
+
+
+        # string values
+        # rule /\w/, Name::Variable
+        # rule %r"=(\*)\)", Name::Variable
+        # rule %r"=(\*)\)", Name::Tag
+
+
+      end
+
+      start do
+        # this is run whenever a fresh lex is started
+      end
+    end
+  end
+end

data/lib/rouge/themes/ldap.rb

@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*- #
+# frozen_string_literal: true
+
+module Rouge
+  module Themes
+    class LDAP < CSSTheme
+      name 'ldap'
+
+      style Text, :fg => :fg0, :bg => :bg0
+      style Error, :fg => :red, :bg => :bg0, :bold => true
+      style Comment, :fg => :gray, :italic => true
+
+      style Comment::Preproc, :fg => :aqua
+
+      style Name::Tag, :fg => :red
+
+      style Operator,
+            Punctuation, :fg => :fg0
+
+      style Generic::Inserted, :fg => :green, :bg => :bg0
+      style Generic::Deleted, :fg => :red, :bg => :bg0
+      style Generic::Heading, :fg => :green, :bold => true
+
+      style Keyword, :fg => :red
+      style Keyword::Constant, :fg => :purple
+      style Keyword::Type, :fg => :yellow
+
+      style Keyword::Declaration, :fg => :orange
+
+      style Literal::String,
+            Literal::String::Interpol,
+            Literal::String::Regex, :fg => :green, :italic => true
+
+      style Literal::String::Escape, :fg => :orange
+
+      style Name::Namespace,
+            Name::Class, :fg => :aqua
+
+      style Name::Constant, :fg => :purple
+
+      style Name::Attribute, :fg => :green
+
+      style Literal::Number, :fg => :purple
+
+      style Literal::String::Symbol, :fg => :blue
+
+    end
+  end
+end