ruby-activeldap 0.8.1 → 0.8.2

data/test/test_object_class.rb

@@ -4,6 +4,21 @@ class TestObjectClass < Test::Unit::TestCase
   include AlTestUtils
 
   priority :must
+  def test_ensure_recommended_classes
+    make_temporary_group do |group|
+      added_class = "labeledURIObject"
+
+      assert_equal([], group.class.recommended_classes)
+      group.class.recommended_classes += [added_class]
+      assert_equal([added_class], group.class.recommended_classes)
+
+      assert_equal([added_class],
+                   group.class.recommended_classes - group.classes)
+      group.ensure_recommended_classes
+      assert_equal([],
+                   group.class.recommended_classes - group.classes)
+    end
+  end
 
   priority :normal
   def test_unknown_object_class
@@ -27,6 +42,4 @@ class TestObjectClass < Test::Unit::TestCase
       assert_raises(TypeError) {group.add_class(:posixAccount)}
     end
   end
-
-  priority :normal
 end

data/test/test_schema.rb

@@ -1,6 +1,104 @@
 require 'al-test-utils'
 
 class TestSchema < Test::Unit::TestCase
+  priority :must
+  def test_empty_schema
+    assert_make_schema_with_empty_entries(nil)
+    assert_make_schema_with_empty_entries({})
+    assert_make_schema_with_empty_entries({"someValues" => ["aValue"]})
+  end
+
+  def test_empty_schema_value
+    schema = ActiveLdap::Schema.new({"attributeTypes" => nil})
+    assert_equal([], schema["attributeTypes", "cn", "DESC"])
+  end
+
+  priority :normal
+  def test_attribute_name_with_under_score
+    top_schema =
+      "( 2.5.6.0 NAME 'Top' STRUCTURAL MUST objectClass MAY ( " +
+      "cAPublicKey $ cAPrivateKey $ certificateValidityInterval $ " +
+      "authorityRevocation $ lastReferencedTime $ " +
+      "equivalentToMe $ ACL $ backLink $ binderyProperty $ " +
+      "Obituary $ Reference $ revision $ " +
+      "ndsCrossCertificatePair $ certificateRevocation $ " +
+      "usedBy $ GUID $ otherGUID $ DirXML-Associations $ " +
+      "creatorsName $ modifiersName $ unknownBaseClass $ " +
+      "unknownAuxiliaryClass $ auditFileLink $ " +
+      "masvProposedLabelel $ masvDefaultRange $ " +
+      "masvAuthorizedRange $ objectVersion $ " +
+      "auxClassCompatibility $ rbsAssignedRoles $ " +
+      "rbsOwnedCollections $ rbsAssignedRoles2 $ " +
+      "rbsOwnedCollections2 ) X-NDS_NONREMOVABLE '1' " +
+      "X-NDS_ACL_TEMPLATES '16#subtree#[Creator]#[Entry Rights]' )"
+
+    expect = {
+      :name => ["Top"],
+      :structural => ["TRUE"],
+      :must => ["objectClass"],
+      :x_nds_nonremovable => ["1"],
+      :x_nds_acl_templates => ['16#subtree#[Creator]#[Entry Rights]'],
+    }
+    assert_schema(expect, "Top", top_schema)
+  end
+
+  def test_sup_with_oid_start_with_upper_case
+    organizational_person_schema =
+      "( 2.5.6.7 NAME 'organizationalPerson' SUP Person STRUCTURAL MAY " +
+      "( facsimileTelephoneNumber $ l $ eMailAddress $ ou $ " +
+      "physicalDeliveryOfficeName $ postalAddress $ postalCode $ " +
+      "postOfficeBox $ st $ street $ title $ mailboxLocation $ " +
+      "mailboxID $ uid $ mail $ employeeNumber $ destinationIndicator $ " +
+      "internationaliSDNNumber $ preferredDeliveryMethod $ " +
+      "registeredAddress $ teletexTerminalIdentifier $ telexNumber $ " +
+      "x121Address $ businessCategory $ roomNumber $ x500UniqueIdentifier " +
+      ") X-NDS_NAMING ( 'cn' 'ou' 'uid' ) X-NDS_CONTAINMENT ( " +
+      "'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME " +
+      "'Organizational Person' X-NDS_NOT_CONTAINER '1' " +
+      "X-NDS_NONREMOVABLE '1' )"
+
+    expect = {
+      :name => ["organizationalPerson"],
+      :sup => ["Person"],
+      :structural => ["TRUE"],
+      :x_nds_naming => ["cn", "ou", "uid"],
+      :x_nds_containment => ["Organization", "organizationalUnit", "domain"],
+      :x_nds_name => ["Organizational Person"],
+      :x_nds_not_container => ["1"],
+      :x_nds_nonremovable => ["1"],
+    }
+    assert_schema(expect, "organizationalPerson",
+                  organizational_person_schema)
+  end
+
+  def test_text_oid
+    text_oid_schema = "( mysite-oid NAME 'mysite' " +
+                      "SUP groupofuniquenames STRUCTURAL " +
+                      "MUST ( mysitelang $ mysiteurl ) " +
+                      "MAY ( mysitealias $ mysitecmsurl ) " +
+                      "X-ORIGIN 'user defined' )"
+    expect = {
+      :name => ["mysite"],
+      :sup => ["groupofuniquenames"],
+      :structural => ["TRUE"],
+      :must => %w(mysitelang mysiteurl),
+      :may => %w(mysitealias mysitecmsurl),
+      :x_origin => ["user defined"]
+    }
+    assert_schema(expect, "mysite", text_oid_schema)
+
+    text_oid_attribute_schema = "( mysiteurl-oid NAME 'mysiteurl' " +
+                                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " +
+                                "SINGLE-VALUE X-ORIGIN 'user defined' )"
+    expect = {
+      :name => ["mysiteurl"],
+      :syntax => ["1.3.6.1.4.1.1466.115.121.1.15"],
+      :single_value => ["TRUE"],
+      :x_origin => ["user defined"]
+    }
+    assert_schema(expect, "mysiteurl", text_oid_attribute_schema)
+  end
+
   def test_name_as_key
     top_schema = "( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' " +
                  "ABSTRACT MUST objectClass )"
@@ -159,8 +257,17 @@ class TestSchema < Test::Unit::TestCase
     expect.each do |key, value|
       normalized_key = key.to_s.gsub(/_/, "-")
       normalized_expect[normalized_key] = value
-      actual[normalized_key] = schema.attr(sub, name, normalized_key)
+      actual[normalized_key] = schema[sub, name, normalized_key]
     end
     assert_equal(normalized_expect, actual)
   end
+
+  def assert_make_schema_with_empty_entries(entries)
+    schema = ActiveLdap::Schema.new(entries)
+    assert_equal([], schema["attributeTypes", "cn", "DESC"])
+    assert_equal([], schema["ldapSyntaxes",
+                            "1.3.6.1.4.1.1466.115.121.1.5",
+                            "DESC"])
+    assert_equal([], schema["objectClasses", "posixAccount", "MUST"])
+  end
 end

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
 specification_version: 1
 name: ruby-activeldap
 version: !ruby/object:Gem::Version 
-  version: 0.8.1
-date: 2007-01-28 00:00:00 +00:00
+  version: 0.8.2
+date: 2007-05-15 00:00:00 -07:00
 summary: Ruby/ActiveLdap is a object-oriented API to LDAP
 require_paths: 
 - lib
@@ -32,72 +32,133 @@ authors:
 - Will Drewry
 - Kouhei Sutou
 files: 
-- Rakefile
-- LICENSE
-- TODO
-- COPYING
 - CHANGES
-- README
+- COPYING
+- LICENSE
 - Manifest.txt
-- lib/active_ldap/adaptor/ldap.rb
-- lib/active_ldap/adaptor/base.rb
-- lib/active_ldap/association/has_many_wrap.rb
-- lib/active_ldap/association/has_many.rb
-- lib/active_ldap/association/proxy.rb
+- README
+- Rakefile
+- TODO
+- benchmark/bench-al.rb
+- examples/config.yaml.example
+- examples/example.der
+- examples/example.jpg
+- examples/groupadd
+- examples/groupdel
+- examples/groupls
+- examples/groupmod
+- examples/lpasswd
+- examples/objects/group.rb
+- examples/objects/ou.rb
+- examples/objects/user.rb
+- examples/ouadd
+- examples/useradd
+- examples/useradd-binary
+- examples/userdel
+- examples/userls
+- examples/usermod
+- examples/usermod-binary-add
+- examples/usermod-binary-add-time
+- examples/usermod-binary-del
+- examples/usermod-lang-add
+- lib/active_ldap.rb
+- lib/active_ldap/adapter/base.rb
+- lib/active_ldap/adapter/ldap.rb
+- lib/active_ldap/adapter/ldap_ext.rb
+- lib/active_ldap/adapter/net_ldap.rb
+- lib/active_ldap/adapter/net_ldap_ext.rb
+- lib/active_ldap/association/belongs_to.rb
 - lib/active_ldap/association/belongs_to_many.rb
 - lib/active_ldap/association/collection.rb
-- lib/active_ldap/association/belongs_to.rb
-- lib/active_ldap/validations.rb
-- lib/active_ldap/command.rb
-- lib/active_ldap/callbacks.rb
-- lib/active_ldap/ldap.rb
-- lib/active_ldap/timeout_stub.rb
-- lib/active_ldap/timeout.rb
+- lib/active_ldap/association/has_many.rb
+- lib/active_ldap/association/has_many_wrap.rb
+- lib/active_ldap/association/proxy.rb
+- lib/active_ldap/associations.rb
 - lib/active_ldap/attributes.rb
-- lib/active_ldap/object_class.rb
+- lib/active_ldap/base.rb
+- lib/active_ldap/callbacks.rb
+- lib/active_ldap/command.rb
+- lib/active_ldap/configuration.rb
 - lib/active_ldap/connection.rb
-- lib/active_ldap/associations.rb
-- lib/active_ldap/user_password.rb
+- lib/active_ldap/distinguished_name.rb
+- lib/active_ldap/ldap_error.rb
+- lib/active_ldap/object_class.rb
 - lib/active_ldap/schema.rb
-- lib/active_ldap/configuration.rb
-- lib/active_ldap/base.rb
-- lib/active_ldap.rb
-- benchmark/bench-al.rb
-- rails/plugin/active_ldap/init.rb
+- lib/active_ldap/timeout.rb
+- lib/active_ldap/timeout_stub.rb
+- lib/active_ldap/user_password.rb
+- lib/active_ldap/validations.rb
 - rails/plugin/active_ldap/README
-test_files: 
-- test/test-unit-ext
-- test/test_useradd.rb
-- test/test_user.rb
+- rails/plugin/active_ldap/generators/scaffold_al/scaffold_al_generator.rb
+- rails/plugin/active_ldap/generators/scaffold_al/templates/ldap.yml
+- rails/plugin/active_ldap/init.rb
+- test/TODO
+- test/al-test-utils.rb
 - test/command.rb
-- test/test_usermod.rb
+- test/config.yaml.sample
+- test/run-test.rb
+- test/test-unit-ext.rb
+- test/test-unit-ext/always-show-result.rb
+- test/test-unit-ext/priority.rb
+- test/test_adapter.rb
+- test/test_associations.rb
+- test/test_attributes.rb
+- test/test_base.rb
+- test/test_base_per_instance.rb
 - test/test_bind.rb
+- test/test_callback.rb
+- test/test_connection.rb
+- test/test_connection_per_class.rb
+- test/test_dn.rb
+- test/test_find.rb
+- test/test_groupadd.rb
+- test/test_groupdel.rb
+- test/test_groupls.rb
+- test/test_groupmod.rb
+- test/test_lpasswd.rb
+- test/test_object_class.rb
+- test/test_reflection.rb
+- test/test_schema.rb
+- test/test_user.rb
+- test/test_user_password.rb
+- test/test_useradd-binary.rb
+- test/test_useradd.rb
+- test/test_userdel.rb
+- test/test_userls.rb
+- test/test_usermod-binary-add-time.rb
+- test/test_usermod-binary-add.rb
+- test/test_usermod-binary-del.rb
+- test/test_usermod-lang-add.rb
+- test/test_usermod.rb
+- test/test_validation.rb
+test_files: 
+- test/test_user.rb
 - test/test_usermod-binary-add-time.rb
 - test/test_usermod-lang-add.rb
 - test/test_attributes.rb
 - test/test_usermod-binary-add.rb
+- test/test_useradd.rb
 - test/test_validation.rb
-- test/test-unit-ext.rb
 - test/test_object_class.rb
 - test/test_groupmod.rb
 - test/test_associations.rb
 - test/test_user_password.rb
 - test/test_base_per_instance.rb
-- test/al-test-utils.rb
 - test/test_useradd-binary.rb
-- test/test_groupdel.rb
+- test/test_bind.rb
+- test/test_usermod.rb
 - test/test_find.rb
-- test/test_groupls.rb
-- test/run-test.rb
-- test/TODO
-- test/config.yaml.sample
+- test/test_adapter.rb
+- test/test_groupdel.rb
+- test/test_connection_per_class.rb
 - test/test_reflection.rb
+- test/test_groupls.rb
 - test/test_callback.rb
-- test/test_connection_per_class.rb
 - test/test_connection.rb
 - test/test_schema.rb
-- test/test_userdel.rb
+- test/test_dn.rb
 - test/test_usermod-binary-del.rb
+- test/test_userdel.rb
 - test/test_groupadd.rb
 - test/test_base.rb
 - test/test_userls.rb
@@ -132,3 +193,12 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 0.0.0
     version: 
+- !ruby/object:Gem::Dependency 
+  name: hoe
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Version::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.2.0
+    version: 

data/lib/active_ldap/adaptor/base.rb

@@ -1,29 +0,0 @@
-module ActiveLdap
-  module Adaptor
-    class Base
-      def initialize(config={})
-        @connection = nil
-        @config = config.dup
-        @logger = @config.delete(:logger)
-        %w(host port method timeout retry_on_timeout
-           retry_limit retry_wait bind_dn password
-           password_block try_sasl allow_anonymous
-           store_password).each do |name|
-          instance_variable_set("@#{name}", config[name.to_sym])
-        end
-      end
-
-      private
-      def with_timeout(try_reconnect=true, &block)
-        begin
-          Timeout.alarm(@timeout, &block)
-        rescue Timeout::Error => e
-          @logger.error {'Requested action timed out.'}
-          retry if try_reconnect and @retry_on_timeout and reconnect
-          @logger.error {e.message}
-          raise TimeoutError, e.message
-        end
-      end
-    end
-  end
-end

data/lib/active_ldap/adaptor/ldap.rb

@@ -1,466 +0,0 @@
-require 'ldap'
-require 'ldap/ldif'
-require 'ldap/schema'
-
-require 'active_ldap/ldap'
-require 'active_ldap/schema'
-
-require 'active_ldap/adaptor/base'
-
-class LDAP::Mod
-  unless instance_method(:to_s).arity.zero?
-    def to_s
-      inspect
-    end
-  end
-
-  alias_method :_initialize, :initialize
-  def initialize(op, type, vals)
-    if (LDAP::VERSION.split(/\./).collect {|x| x.to_i} <=> [0, 9, 7]) <= 0
-      @op, @type, @vals = op, type, vals # to protect from GC
-    end
-    _initialize(op, type, vals)
-  end
-end
-
-module ActiveLdap
-  module Adaptor
-    class Ldap < Base
-      module Method
-        class SSL
-          def connect(host, port)
-            LDAP::SSLConn.new(host, port, false)
-          end
-        end
-
-        class TLS
-          def connect(host, port)
-            LDAP::SSLConn.new(host, port, true)
-          end
-        end
-
-        class Plain
-          def connect(host, port)
-            LDAP::Conn.new(host, port)
-          end
-        end
-      end
-
-      SCOPE = {
-        :base => LDAP::LDAP_SCOPE_BASE,
-        :sub => LDAP::LDAP_SCOPE_SUBTREE,
-        :one => LDAP::LDAP_SCOPE_ONELEVEL,
-      }
-
-      def connect(options={})
-        method = ensure_method(options[:method] || @method)
-        host = options[:host] || @host
-        port = options[:port] || @port
-
-        @connection = method.connect(host, port)
-        operation(options) do
-          @connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
-        end
-        bind(options)
-      end
-
-      def schema(options={})
-        @schema ||= operation(options) do
-          base = options[:base]
-          attrs = options[:attrs]
-          sec = options[:sec] || 0
-          usec = options[:usec] || 0
-
-          attrs ||= [
-            'objectClasses',
-            'attributeTypes',
-            'matchingRules',
-            'matchingRuleUse',
-            'dITStructureRules',
-            'dITContentRules',
-            'nameForms',
-            'ldapSyntaxes',
-          ]
-          key = 'subschemaSubentry'
-          base ||= @connection.root_dse([key], sec, usec)[0][key][0]
-          base ||= 'cn=schema'
-          result = @connection.search2(base, LDAP::LDAP_SCOPE_BASE,
-                                       '(objectClass=subschema)', attrs, false,
-                                       sec, usec).first
-          Schema.new(result)
-        end
-#       rescue
-#         raise ConnectionError.new("Unable to retrieve schema from " +
-#                                   "server (#{@method.class.downcase})")
-      end
-
-      def disconnect!(options={})
-        return if @connection.nil?
-        begin
-          unbind(options)
-        #rescue
-        end
-        @connection = nil
-        # Make sure it is cleaned up
-        # This causes Ruby/LDAP memory corruption.
-        # GC.start
-      end
-
-      def unbind(options={})
-        return unless bound?
-        operation(options) do
-          @connection.unbind
-        end
-      end
-
-      def rebind(options={})
-        unbind(options) if bound?
-        connect(options)
-      end
-
-      def bind(options={})
-        bind_dn = options[:bind_dn] || @bind_dn
-        try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
-        if options.has_key?(:allow_anonymous)
-          allow_anonymous = options[:allow_anonymous]
-        else
-          allow_anonymous = @allow_anonymous
-        end
-
-        # Rough bind loop:
-        # Attempt 1: SASL if available
-        # Attempt 2: SIMPLE with credentials if password block
-        # Attempt 3: SIMPLE ANONYMOUS if 1 and 2 fail (or pwblock returns '')
-        if try_sasl and sasl_bind(bind_dn, options)
-          @logger.info {'Bound SASL'}
-        elsif simple_bind(bind_dn, options)
-          @logger.info {'Bound simple'}
-        elsif allow_anonymous and bind_as_anonymous(options)
-          @logger.info {'Bound anonymous'}
-        else
-          if @connection.err.zero?
-            message = 'All authentication methods exhausted.'
-          else
-            message = LDAP.err2string(@connection.err)
-          end
-          raise AuthenticationError, message
-        end
-
-        bound?
-      end
-
-      def bind_as_anonymous(options={})
-        @logger.info {"Attempting anonymous authentication"}
-        operation(options) do
-          @connection.bind
-          true
-        end
-      end
-
-      def connecting?
-        not @connection.nil?
-      end
-
-      def bound?
-        connecting? and @connection.bound?
-      end
-
-      # search
-      #
-      # Wraps Ruby/LDAP connection.search to make it easier to search for
-      # specific data without cracking open Base.connection
-      def search(options={})
-        filter = options[:filter] || 'objectClass=*'
-        attrs = options[:attributes] || []
-        scope = ensure_scope(options[:scope])
-        base = options[:base]
-        limit = options[:limit] || 0
-        limit = nil if limit <= 0
-
-        values = []
-        attrs = attrs.to_a # just in case
-
-        begin
-          operation(options) do
-            i = 0
-            @connection.search(base, scope, filter, attrs) do |m|
-              i += 1
-              attributes = {}
-              m.attrs.each do |attr|
-                attributes[attr] = m.vals(attr)
-              end
-              value = [m.dn, attributes]
-              value = yield(value) if block_given?
-              values.push(value)
-              break if limit and limit >= i
-            end
-          end
-        rescue LDAP::Error
-          # Do nothing on failure
-          @logger.debug {"Ignore error #{$!.class}(#{$!.message}) " +
-                         "for #{filter} and attrs #{attrs.inspect}"}
-        rescue RuntimeError
-          if $!.message == "no result returned by search"
-            @logger.debug {"No matches for #{filter} and attrs " +
-                           "#{attrs.inspect}"}
-          else
-            raise
-          end
-        end
-
-        values
-      end
-
-      def to_ldif(dn, attributes)
-        ldif = LDAP::LDIF.to_ldif("dn", [dn.dup])
-        attributes.sort_by do |key, value|
-          key
-        end.each do |key, values|
-          ldif << LDAP::LDIF.to_ldif(key, values)
-        end
-        ldif
-      end
-
-      def load(ldifs, options={})
-        operation(options) do
-          ldifs.split(/(?:\r?\n){2,}/).each do |ldif|
-            LDAP::LDIF.parse_entry(ldif).send(@connection)
-          end
-        end
-      end
-
-      def delete(targets, options={})
-        targets = [targets] unless targets.is_a?(Array)
-        return if targets.empty?
-        target = nil
-        begin
-          operation(options) do
-            targets.each do |target|
-              @connection.delete(target)
-            end
-          end
-        rescue LDAP::NoSuchObject
-          raise EntryNotFound, "No such entry: #{target}"
-        end
-      end
-
-      def add(dn, entries, options={})
-        begin
-          operation(options) do
-            @connection.add(dn, parse_entries(entries))
-          end
-        rescue LDAP::NoSuchObject
-          raise EntryNotFound, "No such entry: #{dn}"
-        rescue LDAP::InvalidDnSyntax
-          raise DistinguishedNameInvalid.new(dn)
-        rescue LDAP::AlreadyExists
-          raise EntryAlreadyExist, "#{$!.message}: #{dn}"
-        rescue LDAP::StrongAuthRequired
-          raise StrongAuthenticationRequired, "#{$!.message}: #{dn}"
-        rescue LDAP::ObjectClassViolation
-          raise RequiredAttributeMissed, "#{$!.message}: #{dn}"
-        rescue LDAP::UnwillingToPerform
-          raise UnwillingToPerform, "#{$!.message}: #{dn}"
-        end
-      end
-
-      def modify(dn, entries, options={})
-        begin
-          operation(options) do
-            @connection.modify(dn, parse_entries(entries))
-          end
-        rescue LDAP::UndefinedType
-          raise
-        rescue LDAP::ObjectClassViolation
-          raise RequiredAttributeMissed, "#{$!.message}: #{dn}"
-        end
-      end
-
-      private
-      def operation(options={}, &block)
-        reconnect_if_need
-        try_reconnect = !options.has_key?(:try_reconnect) ||
-                           options[:try_reconnect]
-        with_timeout(try_reconnect) do
-          begin
-            block.call
-          rescue LDAP::ResultError
-            raise *LDAP::err2exception(@connection.err) if @connection.err != 0
-            raise
-          end
-        end
-      end
-
-      def with_timeout(try_reconnect=true, &block)
-        begin
-          super
-        rescue LDAP::ServerDown => e
-          @logger.error {"#{e.class} exception occurred in with_timeout block"}
-          @logger.error {"Exception message: #{e.message}"}
-          @logger.error {"Exception backtrace: #{e.backtrace}"}
-          retry if try_reconnect and reconnect
-          raise ConnectionError.new(e.message)
-        end
-      end
-
-      def ensure_method(method)
-        Method.constants.each do |name|
-          if method.to_s.downcase == name.downcase
-            return Method.const_get(name).new
-          end
-        end
-
-        available_methods = Method.constants.collect do |name|
-          name.downcase.to_sym.inspect
-        end.join(", ")
-        raise ConfigurationError,
-                "#{method.inspect} is not one of the available connect " +
-                "methods #{available_methods}"
-      end
-
-      def ensure_scope(scope)
-        value = SCOPE[scope || :sub]
-        if value.nil?
-          available_scopes = SCOPE.keys.collect {|s| s.inspect}
-          raise ArgumentError, "#{scope.inspect} is not one of the available " +
-                               "LDAP scope #{available_scopes}"
-        end
-        value
-      end
-
-      # Bind to LDAP with the given DN using any available SASL methods
-      def sasl_bind(bind_dn, options={})
-        # Get all SASL mechanisms
-        #
-        mechanisms = nil
-        exc = ConnectionError.new('Root DSE query failed')
-        mechanisms = operation do
-          @connection.root_dse[0]['supportedSASLMechanisms']
-        end
-
-        # Use GSSAPI if available
-        # Currently only GSSAPI is supported with Ruby/LDAP from
-        # http://caliban.org/files/redhat/RPMS/i386/ruby-ldap-0.8.2-4.i386.rpm
-        # TODO: Investigate further SASL support
-        return false unless (mechanisms || []).include?('GSSAPI')
-        operation do
-          @connection.sasl_quiet = @sasl_quiet unless @sasl_quit.nil?
-          @connection.sasl_bind(bind_dn, 'GSSAPI')
-          true
-        end
-      end
-
-      # Bind to LDAP with the given DN and password
-      def simple_bind(bind_dn, options={})
-        # Bail if we have no password or password block
-        if @password.nil? and @password_block.nil?
-          @logger.error {'Skipping simple bind: ' +
-                         '@password_block and @password options are empty.'}
-          return false
-        end
-
-        if @password
-          password = @password
-        else
-          # TODO: Give a warning to reconnect users with password clearing
-          # Get the passphrase for the first time, or anew if we aren't storing
-          unless @password_block.respond_to?(:call)
-            @logger.error {'Skipping simple bind: ' +
-                           '@password_block not nil or Proc object. Ignoring.'}
-            return false
-          end
-          password = @password_block.call(bind_dn)
-        end
-
-        # Store the password for quick reference later
-        @password = @store_password ? password : nil
-
-        begin
-          operation do
-            @connection.bind(bind_dn, password)
-            true
-          end
-        rescue LDAP::InvalidDnSyntax
-          @logger.debug {"DN is invalid: #{bind_dn}"}
-          raise DistinguishedNameInvalid.new(bind_dn)
-        rescue LDAP::InvalidCredentials
-          false
-        end
-      end
-
-      def parse_entries(entries)
-        result = []
-        entries.each do |type, key, attributes|
-          mod_type = ensure_mod_type(type)
-          binary = schema.binary?(key)
-          mod_type |= LDAP::LDAP_MOD_BVALUES if binary
-          attributes.each do |name, values|
-            result << LDAP.mod(mod_type, name, values)
-          end
-        end
-        result
-      end
-
-      def ensure_mod_type(type)
-        case type
-        when :replace, :add
-          LDAP.const_get("LDAP_MOD_#{type.to_s.upcase}")
-        else
-          raise ArgumentError, "unknown type: #{type}"
-        end
-      end
-
-      # Attempts to reconnect up to the number of times allowed
-      # If forced, try once then fail with ConnectionError if not connected.
-      def reconnect(options={})
-        options = options.dup
-        force = options[:force]
-        retry_limit = options[:retry_limit] || @retry_limit
-        retry_wait = options[:retry_wait] || @retry_wait
-        options[:reconnect_attempts] ||= 0
-
-        loop do
-          unless can_reconnect?(options)
-            raise ConnectionError,
-                  'Giving up trying to reconnect to LDAP server.'
-          end
-
-          @logger.debug {'Attempting to reconnect'}
-          disconnect!
-
-          # Reset the attempts if this was forced.
-          options[:reconnect_attempts] = 0 if force
-          options[:reconnect_attempts] += 1 if retry_limit >= 0
-          begin
-            connect(options)
-            break
-          rescue => detail
-            @logger.error {"Reconnect to server failed: #{detail.exception}"}
-            @logger.error {"Reconnect to server failed backtrace: " +
-                            detail.backtrace.join("\n")}
-            # Do not loop if forced
-            raise ConnectionError, detail.message if force
-          end
-
-          # Sleep before looping
-          sleep retry_wait
-        end
-
-        true
-      end
-
-      def reconnect_if_need(options={})
-        reconnect(options) if !connecting? and can_reconnect?(options)
-      end
-
-      # Determine if we have exceed the retry limit or not.
-      # True is reconnecting is allowed - False if not.
-      def can_reconnect?(options={})
-        retry_limit = options[:retry_limit] || @retry_limit
-        reconnect_attempts = options[:reconnect_attempts] || 0
-
-        retry_limit < 0 or reconnect_attempts < (retry_limit - 1)
-      end
-    end
-  end
-end