ruby-activeldap 0.8.1 → 0.8.2

data/lib/active_ldap/configuration.rb

@@ -15,13 +15,16 @@ module ActiveLdap
     DEFAULT_CONFIG[:port] = 389
     DEFAULT_CONFIG[:method] = :plain  # :ssl, :tls, :plain allowed
 
-    DEFAULT_CONFIG[:bind_dn] = "cn=admin,dc=localdomain"
+    DEFAULT_CONFIG[:bind_dn] = nil
     DEFAULT_CONFIG[:password_block] = nil
     DEFAULT_CONFIG[:password] = nil
     DEFAULT_CONFIG[:store_password] = true
     DEFAULT_CONFIG[:allow_anonymous] = true
     DEFAULT_CONFIG[:sasl_quiet] = false
     DEFAULT_CONFIG[:try_sasl] = false
+    # See http://www.iana.org/assignments/sasl-mechanisms
+    DEFAULT_CONFIG[:sasl_mechanisms] = ["GSSAPI", "DIGEST-MD5",
+                                        "CRAM-MD5", "EXTERNAL"]
 
     DEFAULT_CONFIG[:retry_limit] = 3
     DEFAULT_CONFIG[:retry_wait] = 3
@@ -76,6 +79,13 @@ module ActiveLdap
         @@defined_configurations.delete_if {|key, value| value == config}
       end
 
+      CONNECTION_CONFIGURATION_KEYS = [:base, :ldap_scope, :adapter]
+      def remove_connection_related_configuration(config)
+        config.reject do |key, value|
+          CONNECTION_CONFIGURATION_KEYS.include?(key)
+	end
+      end
+
       def merge_configuration(config)
         configuration = default_configuration
         config.symbolize_keys.each do |key, value|

data/lib/active_ldap/connection.rb

@@ -45,18 +45,24 @@ module ActiveLdap
         conn
       end
 
-      def connection=(adaptor)
-        if adaptor.is_a?(Adaptor::Base)
+      def connection=(adapter)
+        if adapter.is_a?(Adapter::Base)
           @schema = nil
-          active_connections[active_connection_name] = adaptor
-        elsif adaptor.is_a?(Hash)
-          config = adaptor
-          adaptor = Inflector.camelize(config[:adaptor] || "ldap")
-          self.connection = Adaptor.const_get(adaptor).new(config)
-        elsif adaptor.nil?
+          active_connections[active_connection_name] = adapter
+        elsif adapter.is_a?(Hash)
+          config = adapter
+          adapter = (config[:adapter] || "ldap")
+          normalized_adapter = adapter.downcase.gsub(/-/, "_")
+          adapter_method = "#{normalized_adapter}_connection"
+          unless Adapter::Base.respond_to?(adapter_method)
+            raise AdapterNotFound.new(adapter)
+          end
+          config = remove_connection_related_configuration(config)
+          self.connection = Adapter::Base.send(adapter_method, config)
+        elsif adapter.nil?
           raise ConnectionNotEstablished
         else
-          establish_connection(adaptor)
+          establish_connection(adapter)
         end
       end
 

data/lib/active_ldap/distinguished_name.rb

@@ -0,0 +1,246 @@
+require 'strscan'
+
+module ActiveLdap
+  class DistinguishedName
+    class Parser
+      attr_reader :dn
+      def initialize(source)
+        @dn = nil
+        @source = source
+      end
+
+      def parse
+        return @dn if @dn
+
+        rdns = []
+        scanner = StringScanner.new(@source)
+
+        scanner.scan(/\s*/)
+        raise rdn_is_missing if scanner.scan(/\s*\+\s*/)
+        raise name_component_is_missing if scanner.scan(/\s*,\s*/)
+
+        rdn = {}
+        until scanner.eos?
+          type = scan_attribute_type(scanner)
+          skip_attribute_type_and_value_separator(scanner)
+          value = scan_attribute_value(scanner)
+          rdn[type] = value
+          if scanner.scan(/\s*\+\s*/)
+            raise rdn_is_missing if scanner.eos?
+          elsif scanner.scan(/\s*\,\s*/)
+            rdns << rdn
+            rdn = {}
+            raise name_component_is_missing if scanner.eos?
+          else
+            scanner.scan(/\s*/)
+            rdns << rdn if scanner.eos?
+          end
+        end
+
+        @dn = DN.new(*rdns)
+        @dn
+      end
+
+      private
+      ATTRIBUTE_TYPE_RE = /\s*([a-zA-Z][a-zA-Z\d\-]*|\d+(?:\.\d+)*)\s*/
+      def scan_attribute_type(scanner)
+        raise attribute_type_is_missing unless scanner.scan(ATTRIBUTE_TYPE_RE)
+        scanner[1]
+      end
+
+      def skip_attribute_type_and_value_separator(scanner)
+        raise attribute_value_is_missing unless scanner.scan(/\s*=\s*/)
+      end
+
+      HEX_PAIR = "(?:[\\da-fA-F]{2})"
+      STRING_CHARS_RE = /[^,=\+<>\#;\\\"]*/ #
+      PAIR_RE = /\\([,=\+<>\#;]|\\|\"|(#{HEX_PAIR}))/ #
+      HEX_STRING_RE = /\#(#{HEX_PAIR}+)/ #
+      def scan_attribute_value(scanner)
+        if scanner.scan(HEX_STRING_RE)
+          value = scanner[1].scan(/../).collect do |hex_pair|
+            hex_pair.hex
+          end.pack("C*")
+        elsif scanner.scan(/\"/)
+          value = scan_quoted_attribute_value(scanner)
+        else
+          value = scan_not_quoted_attribute_value(scanner)
+        end
+        raise attribute_value_is_missing if value.blank?
+
+        value
+      end
+
+      def scan_quoted_attribute_value(scanner)
+        result = ""
+        until scanner.scan(/\"/)
+          scanner.scan(/([^\\\"]*)/)
+          quoted_strings = scanner[1]
+          pairs = collect_pairs(scanner)
+
+          if scanner.eos? or (quoted_strings.empty? and pairs.empty?)
+            raise found_unmatched_quotation
+          end
+
+          result << quoted_strings
+          result << pairs
+        end
+        result
+      end
+
+      def scan_not_quoted_attribute_value(scanner)
+        result = ""
+        until scanner.eos?
+          prev_size = result.size
+          pairs = collect_pairs(scanner)
+          strings = scanner.scan(STRING_CHARS_RE)
+          result << pairs if !pairs.nil? and !pairs.empty?
+          unless strings.nil?
+            if scanner.peek(1) == ","
+              result << strings.rstrip
+            else
+              result << strings
+            end
+          end
+          break if prev_size == result.size
+        end
+        result
+      end
+
+      def collect_pairs(scanner)
+        result = ""
+        while scanner.scan(PAIR_RE)
+          if scanner[2]
+            result << [scanner[2].hex].pack("C*")
+          else
+            result << scanner[1]
+          end
+        end
+        result
+      end
+
+      def invalid_dn(reason)
+        DistinguishedNameInvalid.new(@source, reason)
+      end
+
+      def name_component_is_missing
+        invalid_dn("name component is missing")
+      end
+
+      def rdn_is_missing
+        invalid_dn("relative distinguished name (RDN) is missing")
+      end
+
+      def attribute_type_is_missing
+        invalid_dn("attribute type is missing")
+      end
+
+      def attribute_value_is_missing
+        invalid_dn("attribute value is missing")
+      end
+
+      def found_unmatched_quotation
+        invalid_dn("found unmatched quotation")
+      end
+    end
+
+    class << self
+      def parse(source)
+        Parser.new(source).parse
+      end
+    end
+
+    attr_reader :rdns
+    def initialize(*rdns)
+      @rdns = rdns.collect do |rdn|
+        rdn = {rdn[0] => rdn[1]} if rdn.is_a?(Array) and rdn.size == 2
+        rdn
+      end
+    end
+
+    def -(other)
+      rdns = @rdns.dup
+      normalized_rdns = normalize(@rdns)
+      normalize(other.rdns).reverse_each do |rdn|
+        if rdn == normalized_rdns.pop
+          rdns.pop
+        else
+          raise ArgumentError, "#{other} isn't sub DN of #{self}"
+        end
+      end
+      self.class.new(*rdns)
+    end
+
+    def <<(rdn)
+      @rdns << rdn
+    end
+
+    def unshift(rdn)
+      @rdns.unshift(rdn)
+    end
+
+    def <=>(other)
+      normalize_for_comparing(@rdns) <=>
+        normalize_for_comparing(other.rdns)
+    end
+
+    def ==(other)
+      other.is_a?(self.class) and
+        normalize(@rdns) == normalize(other.rdns)
+    end
+
+    def eql?(other)
+      other.is_a?(self.class) and
+        normalize(@rdns).to_s.eql?(normalize(other.rdns).to_s)
+    end
+
+    def hash
+      normalize(@rdns).to_s.hash
+    end
+
+    def inspect
+      super
+    end
+
+    def to_s
+      @rdns.collect do |rdn|
+        rdn.sort_by do |type, value|
+          type.upcase
+        end.collect do |type, value|
+          "#{type}=#{escape(value)}"
+        end.join("+")
+      end.join(",")
+    end
+
+    private
+    def normalize(rdns)
+      rdns.collect do |rdn|
+        normalized_rdn = {}
+        rdn.each do |key, value|
+          normalized_rdn[key.upcase] = value.upcase
+        end
+        normalized_rdn
+      end
+    end
+
+    def normalize_for_comparing(rdns)
+      normalize(rdns).collect do |rdn|
+        rdn.sort_by do |key, value|
+          key
+        end
+      end.collect do |key, value|
+        [key, value]
+      end
+    end
+
+    def escape(value)
+      if /(\A | \z)/.match(value)
+        '"' + value.gsub(/([\\\"])/, '\\\\\1') + '"'
+      else
+        value.gsub(/([,=\+<>#;\\\"])/, '\\\\\1')
+      end
+    end
+  end
+
+  DN = DistinguishedName
+end

data/lib/active_ldap/ldap_error.rb

@@ -0,0 +1,74 @@
+module ActiveLdap
+  class LdapError < Error
+    class << self
+      def define(code, name, target)
+        klass_name = name.downcase.camelize
+        target.module_eval(<<-EOC, __FILE__, __LINE__ + 1)
+          class #{klass_name} < #{self}
+            CODE = #{code}
+            def code
+              CODE
+            end
+          end
+EOC
+        target.const_get(klass_name)
+      end
+    end
+
+    ERRORS = {}
+    {
+      0x00 => "SUCCESS",
+      0x01 => "OPERATIONS_ERROR",
+      0x02 => "PROTOCOL_ERROR",
+      0x03 => "TIMELIMIT_EXCEEDED",
+      0x04 => "SIZELIMIT_EXCEEDED",
+      0x05 => "COMPARE_FALSE",
+      0x06 => "COMPARE_TRUE",
+      0x07 => "AUTH_METHOD_NOT_SUPPORTED",
+      0x08 => "STRONG_AUTH_REQUIRED",
+      0x09 => "PARTIAL_RESULTS", # LDAPv2+ (not LDAPv3)
+
+      0x0a => "REFERRAL",
+      0x0b => "ADMINLIMIT_EXCEEDED",
+      0x0c => "UNAVAILABLE_CRITICAL_EXTENSION",
+      0x0d => "CONFIDENTIALITY_REQUIRED",
+      0x0e => "LDAP_SASL_BIND_IN_PROGRESS",
+
+      0x10 => "NO_SUCH_ATTRIBUTE",
+      0x11 => "UNDEFINED_TYPE",
+      0x12 => "INAPPROPRIATE_MATCHING",
+      0x13 => "CONSTRAINT_VIOLATION",
+      0x14 => "TYPE_OR_VALUE_EXISTS",
+      0x15 => "INVALID_SYNTAX",
+
+      0x20 => "NO_SUCH_OBJECT",
+      0x21 => "ALIAS_PROBLEM",
+      0x22 => "INVALID_DN_SYNTAX",
+      0x23 => "IS_LEAF",
+      0x24 => "ALIAS_DEREF_PROBLEM",
+
+      0x2F => "PROXY_AUTHZ_FAILURE",
+      0x30 => "INAPPROPRIATE_AUTH",
+      0x31 => "INVALID_CREDENTIALS",
+      0x32 => "INSUFFICIENT_ACCESS",
+
+      0x33 => "BUSY",
+      0x34 => "UNAVAILABLE",
+      0x35 => "UNWILLING_TO_PERFORM",
+      0x36 => "LOOP_DETECT",
+
+      0x40 => "NAMING_VIOLATION",
+      0x41 => "OBJECT_CLASS_VIOLATION",
+      0x42 => "NOT_ALLOWED_ON_NONLEAF",
+      0x43 => "NOT_ALLOWED_ON_RDN",
+      0x44 => "ALREADY_EXISTS",
+      0x45 => "NO_OBJECT_CLASS_MODS",
+      0x46 => "RESULTS_TOO_LARGE",
+      0x47 => "AFFECTS_MULTIPLE_DSAS",
+
+      0x50 => "OTHER",
+    }.each do |code, name|
+      ERRORS[code] = LdapError.define(code, name, self)
+    end
+  end
+end

data/lib/active_ldap/object_class.rb

@@ -11,16 +11,20 @@ module ActiveLdap
       replace_class((classes + target_classes.flatten).uniq)
     end
 
+    def ensure_recommended_classes
+      add_class(self.class.recommended_classes)
+    end
+
     def remove_class(*target_classes)
-      new_classes = (classes - target_classes.flatten).uniq
-      assert_object_classes(new_classes)
-      set_attribute('objectClass', new_classes)
+      replace_class((classes - target_classes.flatten).uniq)
     end
 
     def replace_class(*target_classes)
       new_classes = target_classes.flatten.uniq
       assert_object_classes(new_classes)
-      set_attribute('objectClass', new_classes)
+      if new_classes.sort != classes.sort
+        set_attribute('objectClass', new_classes)
+      end
     end
 
     def classes
@@ -52,7 +56,7 @@ module ActiveLdap
         schema.exist_name?("objectClasses", new_class)
       end
       unless invalid_classes.empty?
-        message = "unknown objectClass to LDAP server"
+        message = "unknown objectClass in LDAP server"
         message = "#{message}: #{invalid_classes.join(', ')}"
         raise ObjectClassError, message
       end

data/lib/active_ldap/schema.rb

@@ -1,7 +1,7 @@
 module ActiveLdap
   class Schema
     def initialize(entries)
-      @entries = entries
+      @entries = default_entries.merge(entries || {})
       @schema_info = {}
       @class_attributes_info = {}
       @cache = {}
@@ -16,7 +16,7 @@ module ActiveLdap
     end
 
     # attribute
-    # 
+    #
     # This is just like LDAP::Schema#attribute except that it allows
     # look up in any of the given keys.
     # e.g.
@@ -31,9 +31,16 @@ module ActiveLdap
     alias_method :[], :attribute
     alias_method :attr, :attribute
 
+    NUMERIC_OID_RE = "\\d[\\d\\.]+"
+    DESCRIPTION_RE = "[a-zA-Z][a-zA-Z\\d\\-]*"
+    OID_RE = "(?:#{NUMERIC_OID_RE}|#{DESCRIPTION_RE}-oid)"
     def attributes(group, id_or_name)
       return {} if group.empty? or id_or_name.empty?
 
+      unless @entries.has_key?(group)
+        raise ArgumentError, "Unknown schema group: #{group}"
+      end
+
       # Initialize anything that is required
       info, ids, aliases = ensure_schema_info(group)
       id, name = determine_id_or_name(id_or_name, aliases)
@@ -41,8 +48,9 @@ module ActiveLdap
       # Check already parsed options first
       return ids[id] if ids.has_key?(id)
 
-      while schema = @entries[group].shift
-        next unless /\A\s*\(\s*([\d\.]+)\s*(.*)\s*\)\s*\z/ =~ schema
+      schemata = @entries[group] || []
+      while schema = schemata.shift
+        next unless /\A\s*\(\s*(#{OID_RE})\s*(.*)\s*\)\s*\z/ =~ schema
         schema_id = $1
         rest = $2
         next if ids.has_key?(schema_id)
@@ -190,12 +198,34 @@ module ActiveLdap
       [id, name]
     end
 
+    # from RFC 2252
+    attribute_type_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "SUP", "EQUALITY", "ORDERING", "SUBSTR",
+       "SYNTAX", "SINGLE-VALUE", "COLLECTIVE", "NO-USER-MODIFICATION", "USAGE"]
+    syntax_description_reserved_names = ["DESC"]
+    object_class_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "SUP", "ABSTRACT", "STRUCTURAL",
+       "AUXILIARY", "MUST", "MAY"]
+    matching_rule_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "SYNTAX"]
+    matching_rule_use_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "APPLIES"]
+    private_experiment_reserved_names = ["X-[A-Z\\-_]+"]
+    reserved_names =
+      (attribute_type_description_reserved_names +
+       syntax_description_reserved_names +
+       object_class_description_reserved_names +
+       matching_rule_description_reserved_names +
+       matching_rule_use_description_reserved_names +
+       private_experiment_reserved_names).uniq
+    RESERVED_NAMES_RE = /(?:#{reserved_names.join('|')})/
+
     def parse_attributes(str, attributes)
-      str.scan(/([A-Z\-]+)\s+
+      str.scan(/([A-Z\-_]+)\s+
                 (?:\(\s*([\w\-]+(?:\s+\$\s+[\w\-]+)+)\s*\)|
                    \(\s*([^\)]*)\s*\)|
                    '([^\']*)'|
-                   ([a-z][\w\-]*)|
+                   ((?!#{RESERVED_NAMES_RE})[a-zA-Z][a-zA-Z\d\-;]*)|
                    (\d[\d\.\{\}]+)|
                    ()
                 )/x
@@ -214,7 +244,7 @@ module ActiveLdap
         when no_value
           values = ["TRUE"]
         end
-        attributes[name] = values
+        attributes[normalize_attribute_name(name)] = values
       end
     end
 
@@ -225,6 +255,7 @@ module ActiveLdap
     end
 
     def ldap_syntax(name, attribute_name)
+      return [] unless @entries.has_key?("ldapSyntaxes")
       cache([:ldap_syntax, name, attribute_name]) do
         attribute("ldapSyntaxes", name, attribute_name)
       end
@@ -238,10 +269,12 @@ module ActiveLdap
 
     def alias_map(group)
       ensure_parse(group)
-      @schema_info[group][:aliases]
+      return {} if @schema_info[group].nil?
+      @schema_info[group][:aliases] || {}
     end
 
     def ensure_parse(group)
+      return if @entries[group].nil?
       unless @entries[group].empty?
         attribute(group, 'nonexistent', 'nonexistent')
       end
@@ -252,7 +285,15 @@ module ActiveLdap
     end
 
     def normalize_attribute_name(name)
-      name.upcase
+      name.upcase.gsub(/_/, "-")
+    end
+
+    def default_entries
+      {
+        "objectClasses" => [],
+        "attributeTypes" => [],
+        "ldapSyntaxes" => [],
+      }
     end
   end # Schema
 end