ruby-activeldap 0.8.1 → 0.8.2

data/lib/active_ldap/adapter/net_ldap_ext.rb

@@ -0,0 +1,29 @@
+require_library_or_gem 'net/ldap'
+
+module Net
+  class LDAP
+    class Entry
+      alias initialize_without_original_attribute_names initialize
+      def initialize(*args)
+        @original_attribute_names = []
+        initialize_without_original_attribute_names(*args)
+      end
+
+      alias aset_without_original_attribute_names []=
+      def []=(name, value)
+        @original_attribute_names << name
+        aset_without_original_attribute_names(name, value)
+      end
+
+      def original_attribute_names
+        @original_attribute_names.compact.uniq
+      end
+
+      def each_attribute
+        attribute_names.sort_by {|name| name.to_s}.each do |name|
+          yield name, self[name]
+        end
+      end
+    end
+  end
+end

data/lib/active_ldap/association/belongs_to.rb

@@ -28,7 +28,9 @@ module ActiveLdap
       end
 
       def find_target
-        filter = "(#{primary_key}=#{@owner[@options[:foreign_key_name]]})"
+        value = @owner[@options[:foreign_key_name]]
+        raise EntryNotFound if value.nil?
+        filter = {primary_key => value}
         result = foreign_class.find(:all, :filter => filter, :limit => 1)
         raise EntryNotFound if result.empty?
         result.first

data/lib/active_ldap/association/belongs_to_many.rb

@@ -28,12 +28,11 @@ module ActiveLdap
 
       def find_target
         key = @options[:many]
-        filter = @owner[@options[:foreign_key_name], true].reject do |value|
-          value.nil?
-        end.collect do |value|
-          "(#{key}=#{value})"
-        end.join
-        foreign_class.find(:all, :filter => "(|#{filter})")
+        values = @owner[@options[:foreign_key_name], true].compact
+        components = values.collect do |value|
+          [key, value]
+        end
+        foreign_class.find(:all, :filter => [:or, *components])
       end
     end
   end

data/lib/active_ldap/association/has_many.rb

@@ -11,7 +11,7 @@ module ActiveLdap
 
       def find_target
         foreign_base_key = primary_key
-        filter = @owner[@options[:foreign_key_name], true].collect do |value|
+        components = @owner[@options[:foreign_key_name], true].collect do |value|
           key = val = nil
           if foreign_base_key == "dn"
             key, val = value.split(",")[0].split("=") unless value.empty?
@@ -21,27 +21,19 @@ module ActiveLdap
           [key, val]
         end.reject do |key, val|
           key.nil? or val.nil?
-        end.collect do |key, val|
-          "(#{key}=#{val})"
-        end.join
-        foreign_class.find(:all, :filter => "(|#{filter})")
+        end
+        foreign_class.find(:all, :filter => [:or, *components])
       end
 
       def delete_entries(entries)
         key = primary_key
-        dn_attribute = foreign_class.dn_attribute
-        filter = @owner[@options[:foreign_key_name], true].reject do |value|
+        components = @owner[@options[:foreign_key_name], true].reject do |value|
           value.nil?
-        end.collect do |value|
-          "(#{key}=#{value})"
-        end.join
-        filter = "(&#{filter})"
-        entry_filter = entries.collect do |entry|
-          "(#{dn_attribute}=#{entry.id})"
-        end.join
-        entry_filter = "(|#{entry_filter})"
-        foreign_class.update_all({primary_key => []},
-                                 "(&#{filter}#{entry_filter})")
+        end
+        filter = [:and,
+                  [:and, {key => components}],
+                  [:or, {foreign_class.dn_attribute => entries.collect(&:id)}]]
+        foreign_class.update_all({key => []}, filter)
       end
     end
   end

data/lib/active_ldap/association/has_many_wrap.rb

@@ -27,7 +27,7 @@ module ActiveLdap
         foreign_base_key = primary_key
         requested_targets = @owner[@options[:wrap], true]
 
-        filter = requested_targets.collect do |value|
+        components = requested_targets.collect do |value|
           key = val = nil
           if foreign_base_key == "dn"
             key, val = value.split(",")[0].split("=") unless value.empty?
@@ -37,13 +37,12 @@ module ActiveLdap
           [key, val]
         end.reject do |key, val|
           key.nil? or val.nil?
-        end.collect do |key, val|
-          "(#{key}=#{val})"
-        end.join
+        end
+        return [] if components.empty?
 
         klass = foreign_class
         found_targets = {}
-        klass.find(:all, :filter => "(|#{filter})").each do |target|
+        klass.find(:all, :filter => [:or, *components]).each do |target|
           found_targets[target.send(foreign_base_key)] ||= target
         end
 

data/lib/active_ldap/attributes.rb

@@ -195,5 +195,9 @@ module ActiveLdap
     def attributes_protected_by_default
       [dn_attribute, 'objectClass']
     end
+
+    def normalize_attribute_name(name)
+      self.class.normalize_attribute_name(name)
+    end
   end
 end

data/lib/active_ldap/base.rb

@@ -104,10 +104,13 @@ module ActiveLdap
   end
 
   class DistinguishedNameInvalid < Error
-    attr_reader :dn
-    def initialize(dn)
+    attr_reader :dn, :reason
+    def initialize(dn, reason=nil)
       @dn = dn
-      super("#{@dn} is invalid distinguished name (dn).")
+      @reason = reason
+      message = "#{@dn} is invalid distinguished name (dn)"
+      message << ": #{@reason}"if @reason
+      super(message)
     end
   end
 
@@ -126,7 +129,7 @@ module ActiveLdap
   class EntryInvalid < Error
   end
 
-  class UnwillingToPerform < Error
+  class OperationNotPermitted < Error
   end
 
   class ConnectionNotEstablished < Error
@@ -135,6 +138,14 @@ module ActiveLdap
   class AdapterNotSpecified < Error
   end
 
+  class AdapterNotFound < Error
+    attr_reader :adapter
+    def initialize(adapter)
+      @adapter = adapter
+      super("LDAP configuration specifies nonexistent #{@adapter} adapter")
+    end
+  end
+
   class UnknownAttribute < Error
     attr_reader :name
     def initialize(name)
@@ -155,7 +166,11 @@ module ActiveLdap
       include Reloadable::Subclasses
     end
 
-    VALID_LDAP_MAPPING_OPTIONS = [:dn_attribute, :prefix, :classes, :scope]
+    VALID_LDAP_MAPPING_OPTIONS = [:dn_attribute, :prefix, :scope,
+                                  :classes, :recommended_classes]
+    VALID_SEARCH_OPTIONS = [:attribute, :value, :filter, :prefix,
+                            :classes, :scope, :limit, :attributes,
+                            :sort_by, :order]
 
     cattr_accessor :logger
     cattr_accessor :configurations
@@ -189,12 +204,12 @@ module ActiveLdap
     end
 
     class_local_attr_accessor false, :prefix, :base, :dn_attribute
-    class_local_attr_accessor true, :ldap_scope, :required_classes
+    class_local_attr_accessor true, :ldap_scope
+    class_local_attr_accessor true, :required_classes, :recommended_classes
 
     class << self
       # Hide new in Base
       private :new
-      private :dn_attribute
 
       # Connect and bind to LDAP creating a class variable for use by
       # all ActiveLdap objects.
@@ -213,6 +228,8 @@ module ActiveLdap
       # :base overwrites Base.base - this affects EVERYTHING
       # :try_sasl indicates that a SASL bind should be attempted when binding
       #   to the server (default: false)
+      # :sasl_mechanisms is an array of SASL mechanism to try
+      #   (default: ["GSSAPI", "CRAM-MD5", "EXTERNAL"])
       # :allow_anonymous indicates that a true anonymous bind is allowed when
       #   trying to bind to the server (default: true)
       # :retries - indicates the number of attempts to reconnect that will be
@@ -246,10 +263,12 @@ module ActiveLdap
       end
 
       def search(options={}, &block)
+        validate_search_options(options)
         attr = options[:attribute]
         value = options[:value] || '*'
         filter = options[:filter]
         prefix = options[:prefix]
+        classes = options[:classes]
 
         value = value.first if value.is_a?(Array) and value.first.size == 1
         if filter.nil? and !value.is_a?(String)
@@ -259,13 +278,21 @@ module ActiveLdap
         _attr, value, _prefix = split_search_value(value)
         attr ||= _attr || dn_attribute || "objectClass"
         prefix ||= _prefix
-        filter ||= "(#{attr}=#{escape_filter_value(value, true)})"
+        if filter.nil?
+          filter = "(#{attr}=#{escape_filter_value(value, true)})"
+          filter = "(&#{filter}#{object_class_filters(classes)})"
+        end
         _base = [prefix, base].compact.reject{|x| x.empty?}.join(",")
-        connection.search(:base => _base,
-                          :scope => options[:scope] || ldap_scope,
-                          :filter => filter,
-                          :limit => options[:limit],
-                          :attributes => options[:attributes]) do |dn, attrs|
+        search_options = {
+          :base => _base,
+          :scope => options[:scope] || ldap_scope,
+          :filter => filter,
+          :limit => options[:limit],
+          :attributes => options[:attributes],
+          :sort_by => options[:sort_by],
+          :order => options[:order],
+        }
+        connection.search(search_options) do |dn, attrs|
           attributes = {}
           attrs.each do |key, value|
             normalized_attr, normalized_value = make_subtypes(key, value)
@@ -290,15 +317,16 @@ module ActiveLdap
         dn_attribute = options[:dn_attribute] || default_dn_attribute
         prefix = options[:prefix] || default_prefix
         classes = options[:classes]
+        recommended_classes = options[:recommended_classes]
         scope = options[:scope]
 
         self.dn_attribute = dn_attribute
         self.prefix = prefix
         self.ldap_scope = scope
         self.required_classes = classes
+        self.recommended_classes = recommended_classes
 
         public_class_method :new
-        public_class_method :dn_attribute
       end
 
       alias_method :base_inheritable, :base
@@ -406,7 +434,7 @@ module ActiveLdap
 
       # find
       #
-      # Finds the first match for value where |value| is the value of some 
+      # Finds the first match for value where |value| is the value of some
       # |field|, or the wildcard match. This is only useful for derived classes.
       # usage: Subclass.find(:attribute => "cn", :value => "some*val")
       #        Subclass.find('some*val')
@@ -424,10 +452,20 @@ module ActiveLdap
       end
 
       def exists?(dn, options={})
-        prefix = /^#{Regexp.escape(truncate_base(ensure_dn_attribute(dn)))}/
-        suffix = /,#{Regexp.escape(base)}$/
+        prefix = /^#{Regexp.escape(truncate_base(ensure_dn_attribute(dn)))}/ #
+        dn_suffix = nil
         not search({:value => dn}.merge(options)).find do |_dn,|
-          prefix.match(_dn) and suffix.match(_dn)
+          if prefix.match(_dn)
+            begin
+              dn_suffix ||= DN.parse(base)
+              dn_prefix = DN.parse(_dn) - dn_suffix
+              true
+            rescue DistinguishedNameInvalid, ArgumentError
+              false
+            end
+          else
+            false
+          end
         end.nil?
       end
 
@@ -449,10 +487,10 @@ module ActiveLdap
       def update_all(attributes, filter=nil, options={})
         search_options = options
         if filter
-          if /[=\(\)&\|]/ =~ filter
-            search_options = search_options.merge(:filter => filter)
-          else
+          if filter.is_a?(String) and /[=\(\)&\|]/ !~ filter
             search_options = search_options.merge(:value => filter)
+          else
+            search_options = search_options.merge(:filter => filter)
           end
         end
         targets = search(search_options).collect do |dn, attrs|
@@ -486,18 +524,56 @@ module ActiveLdap
         options.assert_valid_keys(VALID_LDAP_MAPPING_OPTIONS)
       end
 
+      def validate_search_options(options)
+        options.assert_valid_keys(VALID_SEARCH_OPTIONS)
+      end
+
       def extract_options_from_args!(args)
         args.last.is_a?(Hash) ? args.pop : {}
       end
 
+      def object_class_filters(classes=nil)
+        (classes || required_classes).collect do |name|
+          "(objectClass=#{escape_filter_value(name, true)})"
+        end.join("")
+      end
+
       def find_initial(options)
         find_every(options.merge(:limit => 1)).first
       end
 
+      def normalize_sort_order(value)
+        case value.to_s
+        when /\Aasc(?:end)?\z/i
+          :ascend
+        when /\Adesc(?:end)?\z/i
+          :descend
+        else
+          raise ArgumentError, "Invalid order: #{value.inspect}"
+        end
+      end
+
       def find_every(options)
-        search(options).collect do |dn, attrs|
+        options = options.dup
+        sort_by = options.delete(:sort_by)
+        order = options.delete(:order)
+        limit = options.delete(:limit) if sort_by or order
+
+        results = search(options).collect do |dn, attrs|
           instantiate([dn, attrs])
         end
+        return results if sort_by.nil? and order.nil?
+
+        sort_by ||= "dn"
+        if sort_by.downcase == "dn"
+          results = results.sort_by {|result| DN.parse(result.dn)}
+        else
+          results = results.sort_by {|result| result.send(sort_by)}
+        end
+
+        results.reverse! if normalize_sort_order(order || "ascend") == :descend
+        results = results[0, limit] if limit
+        results
       end
 
       def find_from_dns(dns, options)
@@ -519,8 +595,12 @@ module ActiveLdap
 
       def find_one(dn, options)
         attr, value, prefix = split_search_value(dn)
-        filter = "(#{attr || dn_attribute}=#{escape_filter_value(value, true)})"
-        filter = "(&#{filter}#{options[:filter]})" if options[:filter]
+        filters = [
+          "(#{attr || dn_attribute}=#{escape_filter_value(value, true)})",
+          object_class_filters(options[:classes]),
+          options[:filter],
+        ]
+        filter = "(&#{filters.compact.join('')})"
         options = {:prefix => prefix}.merge(options.merge(:filter => filter))
         result = find_initial(options)
         if result
@@ -542,8 +622,12 @@ module ActiveLdap
           end
           filter
         end
-        filter = "(|#{dn_filters.join('')})"
-        filter = "(&#{filter}#{options[:filter]})" if options[:filter]
+        filters = [
+          "(|#{dn_filters.join('')})",
+          object_class_filters(options[:classes]),
+          options[:filter],
+        ]
+        filter = "(&#{filters.compact.join('')})"
         result = find_every(options.merge(:filter => filter))
         if result.size == dns.size
           result
@@ -555,9 +639,22 @@ module ActiveLdap
       end
 
       def split_search_value(value)
-        value, prefix = value.split(/,/, 2)
-        attr, value = value.split(/=/, 2)
-        attr, value = value, attr if value.nil?
+        attr = prefix = nil
+        begin
+          dn = DN.parse(value)
+          attr, value = dn.rdns.first.to_a.first
+          rest = dn.rdns[1..-1]
+          prefix = DN.new(*rest).to_s unless rest.empty?
+        rescue DistinguishedNameInvalid
+          begin
+            dn = DN.parse("DUMMY=#{value}")
+            _, value = dn.rdns.first.to_a.first
+            rest = dn.rdns[1..-1]
+            prefix = DN.new(*rest).to_s unless rest.empty?
+          rescue DistinguishedNameInvalid
+          end
+        end
+
         prefix = nil if prefix == base
         prefix = truncate_base(prefix) if prefix
         [attr, value, prefix]
@@ -580,7 +677,7 @@ module ActiveLdap
 
       def ensure_dn_attribute(target)
         "#{dn_attribute}=" +
-          target.gsub(/^#{Regexp.escape(dn_attribute)}\s*=\s*/, '')
+          target.gsub(/^\s*#{Regexp.escape(dn_attribute)}\s*=\s*/i, '')
       end
 
       def ensure_base(target)
@@ -588,7 +685,15 @@ module ActiveLdap
       end
 
       def truncate_base(target)
-        target.sub(/,#{Regexp.escape(base)}$/, '')
+        if /,/ =~ target
+          begin
+            (DN.parse(target) - DN.parse(base)).to_s
+          rescue DistinguishedNameInvalid, ArgumentError
+            target
+          end
+        else
+          target
+        end
       end
 
       def ensure_logger
@@ -623,7 +728,12 @@ module ActiveLdap
 
       def default_dn_attribute
         if name.empty?
-          "cn"
+          dn_attribute = nil
+          parent_class = ancestors[1]
+          if parent_class.respond_to?(:dn_attribute)
+            dn_attribute = parent_class.dn_attribute
+          end
+          dn_attribute || "cn"
         else
           Inflector.underscore(Inflector.demodulize(name))
         end
@@ -640,6 +750,7 @@ module ActiveLdap
 
     self.ldap_scope = :sub
     self.required_classes = ['top']
+    self.recommended_classes = []
 
     include Enumerable
 
@@ -653,12 +764,15 @@ module ActiveLdap
     def initialize(attributes=nil)
       init_base
       @new_entry = true
-      if attributes.is_a?(String) or attributes.is_a?(Array)
-        apply_object_class(required_classes)
+      initial_classes = required_classes | recommended_classes
+      if attributes.nil?
+        apply_object_class(initial_classes)
+      elsif attributes.is_a?(String) or attributes.is_a?(Array)
+        apply_object_class(initial_classes)
         self.dn = attributes
       elsif attributes.is_a?(Hash)
         classes, attributes = extract_object_class(attributes)
-        apply_object_class(classes | required_classes)
+        apply_object_class(classes | initial_classes)
         normalized_attributes = {}
         attributes.each do |key, value|
           real_key = to_real_attribute_name(key)
@@ -666,6 +780,10 @@ module ActiveLdap
         end
         self.dn = normalized_attributes[dn_attribute]
         self.attributes = normalized_attributes
+      else
+        message = "'#{attributes.inspect}' must be either "
+        message << "nil, DN value as String or Array or attributes as Hash"
+        raise ArgumentError, message
       end
       yield self if block_given?
     end
@@ -750,6 +868,10 @@ module ActiveLdap
       get_attribute(dn_attribute)
     end
 
+    def to_param
+      id
+    end
+
     def dn=(value)
       set_attribute(dn_attribute, value)
     end
@@ -834,7 +956,8 @@ module ActiveLdap
     # Add available attributes to the methods
     def methods(inherited_too=true)
       ensure_apply_object_class
-      target_names = @attr_methods.keys + @attr_aliases.keys - ['objectClass']
+      target_names = @attr_methods.keys + @attr_aliases.keys
+      target_names -= ['objectClass', Inflector.underscore('objectClass')]
       super + target_names.uniq.collect do |x|
         [x, "#{x}=", "#{x}?", "#{x}_before_type_cast"]
       end.flatten
@@ -946,15 +1069,13 @@ module ActiveLdap
     end
 
     private
-    def logger
-      @@logger
-    end
-
     def extract_object_class(attributes)
       classes = []
       attrs = attributes.reject do |key, value|
-        if key.to_s == 'objectClass' or
-            Inflector.underscore(key) == 'object_class'
+        key = key.to_s
+        if key == 'objectClass' or
+            key.underscore == 'object_class' or
+            key.downcase == 'objectclass'
           classes |= [value].flatten
           true
         else
@@ -980,10 +1101,18 @@ module ActiveLdap
       yield self if block_given?
     end
 
-    def to_real_attribute_name(name)
+    def to_real_attribute_name(name, allow_normalized_name=false)
       ensure_apply_object_class
       name = name.to_s
-      @attr_methods[name] || @attr_aliases[Inflector.underscore(name)]
+      real_name = @attr_methods[name]
+      real_name ||= @attr_aliases[Inflector.underscore(name)]
+      if real_name
+        real_name
+      elsif allow_normalized_name
+        @attr_methods[@normalized_attr_names[normalize_attribute_name(name)]]
+      else
+        nil
+      end
     end
 
     def ensure_apply_object_class
@@ -1011,6 +1140,7 @@ module ActiveLdap
       @ldap_data = {} # original ldap entry data
       @attr_methods = {} # list of valid method calls for attributes used for
                          # dereferencing
+      @normalized_attr_names = {} # list of normalized attribute name
       @attr_aliases = {} # aliases of @attr_methods
       @last_oc = false # for use in other methods for "caching"
       @base = nil
@@ -1040,6 +1170,7 @@ module ActiveLdap
       # Build |data| from schema
       # clear attr_method mapping first
       @attr_methods = {}
+      @normalized_attr_names = {}
       @attr_aliases = {}
       @musts = {}
       @mays = {}
@@ -1125,9 +1256,7 @@ module ActiveLdap
       raise UnknownAttribute.new(name) if attr.nil?
 
       if attr == dn_attribute and value.is_a?(String)
-        value = value.gsub(/,#{Regexp.escape(base_of_class)}$/, '')
-        value, @base = value.split(/,/, 2)
-        value = $POSTMATCH if /^#{dn_attribute}=/ =~ value
+        value, @base = split_dn_value(value)
       end
 
       logger.debug {"set_attribute(#{name.inspect}, #{value.inspect}): " +
@@ -1154,6 +1283,24 @@ module ActiveLdap
       @data[attr]
     end
 
+    def split_dn_value(value)
+      dn_value = relative_dn_value = nil
+      begin
+        dn_value = DN.parse(value)
+      rescue DistinguishedNameInvalid
+        dn_value = DN.parse("#{dn_attribute}=#{value}")
+      end
+
+      begin
+        relative_dn_value = dn_value - DN.parse(base_of_class)
+        relative_dn_value = dn_value if relative_dn_value.rdns.empty?
+      rescue ArgumentError
+        relative_dn_value = dn_value
+      end
+
+      val, *bases = relative_dn_value.rdns
+      [val.values[0], bases.empty? ? nil : DN.new(*bases).to_s]
+    end
 
     # define_attribute_methods
     #
@@ -1168,6 +1315,9 @@ module ActiveLdap
         logger.debug {"associating #{Inflector.underscore(ali)}" +
                         " --> #{attr}"}
         @attr_aliases[Inflector.underscore(ali)] = attr
+        logger.debug {"associating #{normalize_attribute_name(ali)}" +
+                        " --> #{attr}"}
+        @normalized_attr_names[normalize_attribute_name(ali)] = attr
       end
       logger.debug {"stub: leaving define_attribute_methods(#{attr.inspect})"}
     end
@@ -1233,8 +1383,7 @@ module ActiveLdap
           # Since some types do not have equality matching rules,
           # delete doesn't work
           # Replacing with nothing is equivalent.
-          logger.debug {"#save: removing attribute from existing entry: " +
-                          "#{new_key}"}
+          logger.debug {"#save: removing attribute from existing entry: #{k}"}
           if !data.has_key?(k) and schema.binary_required?(k)
             value = [{'binary' => []}]
           end
@@ -1340,13 +1489,9 @@ module ActiveLdap
       prepare_data_for_saving do |data, ldap_data|
         entries = collect_all_entries(data)
         logger.debug {"#create: adding #{dn}"}
-        begin
-          self.class.add(dn, entries)
-          logger.debug {"#create: add successful"}
-          @new_entry = false
-        rescue UnwillingToPerform
-          logger.warn {"#create: didn't perform: #{$!.message}"}
-        end
+        self.class.add(dn, entries)
+        logger.debug {"#create: add successful"}
+        @new_entry = false
         true
       end
     end