ruby-activeldap 0.7.4 → 0.8.0

data/lib/active_ldap/callbacks.rb

@@ -0,0 +1,19 @@
+require 'active_record/callbacks'
+
+module ActiveLdap
+  module Callbacks
+    def self.append_features(base)
+      super
+
+      base.class_eval do
+        include ActiveRecord::Callbacks
+
+        def callback(method)
+          super
+        rescue ActiveRecord::ActiveRecordError
+          raise Error, $!.message
+        end
+      end
+    end
+  end
+end

data/lib/active_ldap/command.rb

@@ -0,0 +1,46 @@
+require 'optparse'
+require 'ostruct'
+
+module ActiveLdap
+  module Command
+    module_function
+    def parse_options(argv=nil, version=nil)
+      argv ||= ARGV.dup
+      options = OpenStruct.new
+      opts = OptionParser.new do |opts|
+        yield(opts, options)
+
+        opts.separator ""
+        opts.separator "Common options:"
+
+        opts.on_tail("--config=CONFIG",
+                     "Specify configuration file written as YAML") do |file|
+          require 'yaml'
+          config = YAML.load(File.read(file)).symbolize_keys
+          Configuration::DEFAULT_CONFIG.update(config)
+        end
+
+        opts.on_tail("-h", "--help", "Show this message") do
+          puts opts
+          exit
+        end
+
+        opts.on_tail("--version", "Show version") do
+          puts(version || VERSION)
+          exit
+        end
+      end
+      opts.parse!(argv)
+      [argv, opts, options]
+    end
+
+    def read_password(prompt, input=$stdin, output=$stdout)
+      output.print prompt
+      system "/bin/stty -echo" if input.tty?
+      input.gets.chomp
+    ensure
+      system "/bin/stty echo" if input.tty?
+      output.puts
+    end
+  end
+end

data/lib/active_ldap/configuration.rb

@@ -0,0 +1,96 @@
+
+module ActiveLdap
+  # Configuration
+  #
+  # Configuration provides the default settings required for
+  # ActiveLdap to work with your LDAP server. All of these
+  # settings can be passed in at initialization time.
+  module Configuration
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    DEFAULT_CONFIG = {}
+    DEFAULT_CONFIG[:host] = '127.0.0.1'
+    DEFAULT_CONFIG[:port] = 389
+    DEFAULT_CONFIG[:method] = :plain  # :ssl, :tls, :plain allowed
+
+    DEFAULT_CONFIG[:bind_dn] = "cn=admin,dc=localdomain"
+    DEFAULT_CONFIG[:password_block] = nil
+    DEFAULT_CONFIG[:password] = nil
+    DEFAULT_CONFIG[:store_password] = true
+    DEFAULT_CONFIG[:allow_anonymous] = true
+    DEFAULT_CONFIG[:sasl_quiet] = false
+    DEFAULT_CONFIG[:try_sasl] = false
+
+    DEFAULT_CONFIG[:retry_limit] = 3
+    DEFAULT_CONFIG[:retry_wait] = 3
+    DEFAULT_CONFIG[:timeout] = 0 # in seconds; 0 <= Never timeout
+    # Whether or not to retry on timeouts
+    DEFAULT_CONFIG[:retry_on_timeout] = true
+
+    DEFAULT_CONFIG[:logger] = nil
+
+    module ClassMethods
+      @@defined_configurations = {}
+
+      def default_configuration
+        DEFAULT_CONFIG.dup
+      end
+
+      def ensure_configuration(config=nil)
+        if config.nil?
+          if defined?(LDAP_ENV)
+            config = LDAP_ENV
+          elsif defined?(RAILS_ENV)
+            config = RAILS_ENV
+          else
+            config = {}
+          end
+        end
+
+        if config.is_a?(Symbol) or config.is_a?(String)
+          _config = configurations[config.to_s]
+          unless _config
+            raise ConnectionError, "#{config} connection is not configured"
+          end
+          config = _config
+        end
+
+        config
+      end
+
+      def configuration(key=nil)
+        @@defined_configurations[key || active_connection_name]
+      end
+
+      def define_configuration(key, config)
+        @@defined_configurations[key] = config
+      end
+
+      def defined_configurations
+        @@defined_configurations
+      end
+
+      def remove_configuration_by_configuration(config)
+        @@defined_configurations.delete_if {|key, value| value == config}
+      end
+
+      def merge_configuration(config)
+        configuration = default_configuration
+        config.symbolize_keys.each do |key, value|
+          case key
+          when :base
+            # Scrub before inserting
+            self.base = value.gsub(/['}{#]/, '')
+          when :ldap_scope
+            self.ldap_scope = value
+          else
+            configuration[key] = value
+          end
+        end
+        configuration
+      end
+    end
+  end
+end

data/lib/active_ldap/connection.rb

@@ -0,0 +1,137 @@
+module ActiveLdap
+  module Connection
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      @@active_connections = {}
+
+      def active_connections
+        @@active_connections[Thread.current.object_id] ||= {}
+      end
+
+      def active_connection_name
+        @active_connection_name ||= determine_active_connection_name
+      end
+
+      def clear_active_connections!
+        connections = active_connections
+        connections.each do |key, connection|
+          connection.disconnect!
+        end
+        connections.clear
+      end
+
+      def clear_active_connection_name
+        @active_connection_name = nil
+        ObjectSpace.each_object(Class) do |klass|
+          if klass < self and !klass.name.empty?
+            klass.instance_variable_set("@active_connection_name", nil)
+          end
+        end
+      end
+
+      def connection
+        conn = nil
+        @active_connection_name ||= nil
+        if @active_connection_name
+          conn = active_connections[@active_connection_name]
+        end
+        unless conn
+          conn = retrieve_connection
+          active_connections[@active_connection_name] = conn
+        end
+        conn
+      end
+
+      def connection=(adaptor)
+        if adaptor.is_a?(Adaptor::Base)
+          @schema = nil
+          active_connections[active_connection_name] = adaptor
+        elsif adaptor.is_a?(Hash)
+          config = adaptor
+          adaptor = Inflector.camelize(config[:adaptor] || "ldap")
+          self.connection = Adaptor.const_get(adaptor).new(config)
+        elsif adaptor.nil?
+          raise ConnectionNotEstablished
+        else
+          establish_connection(adaptor)
+        end
+      end
+
+      def connected?
+        active_connections[active_connection_name] ? true : false
+      end
+
+      def retrieve_connection
+        conn = nil
+        name = active_connection_name
+        raise ConnectionNotEstablished unless name
+        conn = active_connections[name]
+        if conn.nil?
+          config = configuration(name)
+          raise ConnectionNotEstablished unless config
+          self.connection = config
+          conn = active_connections[name]
+        end
+        raise ConnectionNotEstablished if conn.nil?
+        conn
+      end
+
+      def remove_connection(klass=self)
+        key = active_connection_key(klass)
+        config = configuration(key)
+        conn = active_connections[key]
+        remove_configuration_by_configuration(config)
+        active_connections.delete_if {|key, value| value == conn}
+        conn.disconnect! if conn
+        config
+      end
+
+      def establish_connection(config=nil)
+        config = ensure_configuration(config)
+        remove_connection
+
+        clear_active_connection_name
+        key = active_connection_key
+        @active_connection_name = key
+        define_configuration(key, merge_configuration(config))
+      end
+
+      # Return the schema object
+      def schema
+        @schema ||= connection.schema
+      end
+
+      private
+      def active_connection_key(k=self)
+        k.name.empty? ? k.object_id : k.name
+      end
+
+      def determine_active_connection_name
+        key = active_connection_key
+        if active_connections[key] or configuration(key)
+          key
+        elsif self == ActiveLdap::Base
+          nil
+        else
+          superclass.active_connection_name
+        end
+      end
+    end
+
+    def connection
+      self.class.connection
+    end
+
+    # schema
+    #
+    # Returns the value of self.class.schema
+    # This is just syntactic sugar
+    def schema
+      logger.debug {"stub: called schema"}
+      self.class.schema
+    end
+  end
+end

data/lib/{activeldap → active_ldap}/ldap.rb

@@ -1,4 +1,4 @@
-# Extensions to Rubu/LDAP to make ActiveLDAP behave better
+# Extensions to Rubu/LDAP to make ActiveLdap behave better
 #
 # Copyright 2006 Will Drewry <will@alum.bu.edu>
 # Some portions Copyright 2006 Google Inc

data/lib/active_ldap/object_class.rb

@@ -0,0 +1,70 @@
+module ActiveLdap
+  module ObjectClass
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+    end
+
+    def add_class(*target_classes)
+      replace_class((classes + target_classes.flatten).uniq)
+    end
+
+    def remove_class(*target_classes)
+      new_classes = (classes - target_classes.flatten).uniq
+      assert_object_classes(new_classes)
+      set_attribute('objectClass', new_classes)
+    end
+
+    def replace_class(*target_classes)
+      new_classes = target_classes.flatten.uniq
+      assert_object_classes(new_classes)
+      set_attribute('objectClass', new_classes)
+    end
+
+    def classes
+      (get_attribute('objectClass', true) || []).dup
+    end
+
+    private
+    def assert_object_classes(new_classes)
+      assert_valid_object_class_value_type(new_classes)
+      assert_valid_object_class_value(new_classes)
+      assert_have_all_required_classes(new_classes)
+    end
+
+    def assert_valid_object_class_value_type(new_classes)
+      invalid_classes = new_classes.reject do |new_class|
+        new_class.is_a?(String)
+      end
+      unless invalid_classes.empty?
+        message = "Value in objectClass array is not a String"
+        invalid_classes_info = invalid_classes.collect do |invalid_class|
+          "#{invalid_class.class}:#{invalid_class.inspect}"
+        end.join(", ")
+        raise TypeError,  "#{message}: #{invalid_classes_info}"
+      end
+    end
+
+    def assert_valid_object_class_value(new_classes)
+      invalid_classes = new_classes.reject do |new_class|
+        schema.exist_name?("objectClasses", new_class)
+      end
+      unless invalid_classes.empty?
+        message = "unknown objectClass to LDAP server"
+        message = "#{message}: #{invalid_classes.join(', ')}"
+        raise ObjectClassError, message
+      end
+    end
+
+    def assert_have_all_required_classes(new_classes)
+      required_classes = self.class.required_classes - new_classes
+      unless required_classes.empty?
+        raise RequiredObjectClassMissed,
+                "Can't remove required objectClass: " +
+                 required_classes.join(", ")
+      end
+    end
+  end
+end

data/lib/active_ldap/schema.rb

@@ -0,0 +1,258 @@
+module ActiveLdap
+  class Schema
+    def initialize(entries)
+      @entries = entries
+      @schema_info = {}
+      @class_attributes_info = {}
+      @cache = {}
+    end
+
+    def names(group)
+      alias_map(group).keys
+    end
+
+    def exist_name?(group, name)
+      alias_map(group).has_key?(normalize_schema_name(name))
+    end
+
+    # attribute
+    # 
+    # This is just like LDAP::Schema#attribute except that it allows
+    # look up in any of the given keys.
+    # e.g.
+    #  attribute('attributeTypes', 'cn', 'DESC')
+    #  attribute('ldapSyntaxes', '1.3.6.1.4.1.1466.115.121.1.5', 'DESC')
+    def attribute(group, id_or_name, attribute_name)
+      return [] if attribute_name.empty?
+      attribute_name = normalize_attribute_name(attribute_name)
+      value = attributes(group, id_or_name)[attribute_name]
+      value ? value.dup : []
+    end
+    alias_method :[], :attribute
+    alias_method :attr, :attribute
+
+    def attributes(group, id_or_name)
+      return {} if group.empty? or id_or_name.empty?
+
+      # Initialize anything that is required
+      info, ids, aliases = ensure_schema_info(group)
+      id, name = determine_id_or_name(id_or_name, aliases)
+
+      # Check already parsed options first
+      return ids[id] if ids.has_key?(id)
+
+      while schema = @entries[group].shift
+        next unless /\A\s*\(\s*([\d\.]+)\s*(.*)\s*\)\s*\z/ =~ schema
+        schema_id = $1
+        rest = $2
+        next if ids.has_key?(schema_id)
+
+        attributes = {}
+        ids[schema_id] = attributes
+
+        parse_attributes(rest, attributes)
+        (attributes["NAME"] || []).each do |v|
+          normalized_name = normalize_schema_name(v)
+          aliases[normalized_name] = schema_id
+          id = schema_id if id.nil? and name == normalized_name
+        end
+
+        break if id == schema_id
+      end
+
+      ids[id || aliases[name]] || {}
+    end
+
+    # attribute_aliases
+    #
+    # Returns all names from the LDAP schema for the
+    # attribute given.
+    def attribute_aliases(name)
+      cache([:attribute_aliases, name]) do
+        attribute_type(name, 'NAME')
+      end
+    end
+
+    # read_only?
+    #
+    # Returns true if an attribute is read-only
+    # NO-USER-MODIFICATION
+    def read_only?(name)
+      cache([:read_only?, name]) do
+        attribute_type(name, 'NO-USER-MODIFICATION')[0] == 'TRUE'
+      end
+    end
+
+    # single_value?
+    #
+    # Returns true if an attribute can only have one
+    # value defined
+    # SINGLE-VALUE
+    def single_value?(name)
+      cache([:single_value?, name]) do
+        attribute_type(name, 'SINGLE-VALUE')[0] == 'TRUE'
+      end
+    end
+
+    # binary?
+    #
+    # Returns true if the given attribute's syntax
+    # is X-NOT-HUMAN-READABLE or X-BINARY-TRANSFER-REQUIRED
+    def binary?(name)
+      cache([:binary?, name]) do
+        # Get syntax OID
+        syntax = attribute_type(name, 'SYNTAX')[0]
+        !syntax.nil? and
+          (ldap_syntax(syntax, 'X-NOT-HUMAN-READABLE') == ["TRUE"] or
+           ldap_syntax(syntax, 'X-BINARY-TRANSFER-REQUIRED') == ["TRUE"])
+      end
+    end
+
+    # binary_required?
+    #
+    # Returns true if the value MUST be transferred in binary
+    def binary_required?(name)
+      cache([:binary_required?, name]) do
+        # Get syntax OID
+        syntax = attribute_type(name, 'SYNTAX')[0]
+        !syntax.nil? and
+          ldap_syntax(syntax, 'X-BINARY-TRANSFER-REQUIRED') == ["TRUE"]
+      end
+    end
+
+    # class_attributes
+    #
+    # Returns an Array of all the valid attributes (but not with full aliases)
+    # for the given objectClass
+    def class_attributes(objc)
+      cache([:class_attributes, objc]) do
+        # First get all the current level attributes
+        must = object_class(objc, 'MUST')
+        may = object_class(objc, 'MAY')
+
+        # Now add all attributes from the parent object (SUPerclasses)
+        # Hopefully an iterative approach will be pretty speedy
+        # 1. build complete list of SUPs
+        # 2. Add attributes from each
+        sups = object_class(objc, 'SUP')
+        loop do
+          start_size = sups.size
+          new_sups = []
+          sups.each do |sup|
+            new_sups.concat(object_class(sup, 'SUP'))
+          end
+
+          sups.concat(new_sups)
+          sups.uniq!
+          break if sups.size == start_size
+        end
+        sups.each do |sup|
+          must.concat(object_class(sup, 'MUST'))
+          may.concat(object_class(sup, 'MAY'))
+        end
+
+        # Clean out the dupes.
+        must.uniq!
+        may.uniq!
+        if objc == "inetOrgPerson"
+          may.collect! do |name|
+            if name == "x500uniqueIdentifier"
+              "x500UniqueIdentifier"
+            else
+              name
+            end
+          end
+        end
+
+        {:must => must, :may => may}
+      end
+    end
+
+    private
+    def cache(key)
+      (@cache[key] ||= [yield])[0]
+    end
+
+    def ensure_schema_info(group)
+      @schema_info[group] ||= {:ids => {}, :aliases => {}}
+      info = @schema_info[group]
+      [info, info[:ids], info[:aliases]]
+    end
+
+    def determine_id_or_name(id_or_name, aliases)
+      if /\A[\d\.]+\z/ =~ id_or_name
+        id = id_or_name
+        name = nil
+      else
+        name = normalize_schema_name(id_or_name)
+        id = aliases[name]
+      end
+      [id, name]
+    end
+
+    def parse_attributes(str, attributes)
+      str.scan(/([A-Z\-]+)\s+
+                (?:\(\s*([\w\-]+(?:\s+\$\s+[\w\-]+)+)\s*\)|
+                   \(\s*([^\)]*)\s*\)|
+                   '([^\']*)'|
+                   ([a-z][\w\-]*)|
+                   (\d[\d\.\{\}]+)|
+                   ()
+                )/x
+               ) do |name, multi_amp, multi, string, literal, syntax, no_value|
+        case
+        when multi_amp
+          values = multi_amp.rstrip.split(/\s*\$\s*/)
+        when multi
+          values = multi.scan(/\s*'([^\']*)'\s*/).collect {|value| value[0]}
+        when string
+          values = [string]
+        when literal
+          values = [literal]
+        when syntax
+          values = [syntax]
+        when no_value
+          values = ["TRUE"]
+        end
+        attributes[name] = values
+      end
+    end
+
+    def attribute_type(name, attribute_name)
+      cache([:attribute_type, name, attribute_name]) do
+        attribute("attributeTypes", name, attribute_name)
+      end
+    end
+
+    def ldap_syntax(name, attribute_name)
+      cache([:ldap_syntax, name, attribute_name]) do
+        attribute("ldapSyntaxes", name, attribute_name)
+      end
+    end
+
+    def object_class(name, attribute_name)
+      cache([:object_class, name, attribute_name]) do
+        attribute("objectClasses", name, attribute_name)
+      end
+    end
+
+    def alias_map(group)
+      ensure_parse(group)
+      @schema_info[group][:aliases]
+    end
+
+    def ensure_parse(group)
+      unless @entries[group].empty?
+        attribute(group, 'nonexistent', 'nonexistent')
+      end
+    end
+
+    def normalize_schema_name(name)
+      name.downcase.sub(/;.*$/, '')
+    end
+
+    def normalize_attribute_name(name)
+      name.upcase
+    end
+  end # Schema
+end