RubyGems - ruby-activeldap - Versions diffs - 0.8.1 → 0.8.2 - Mend

ruby-activeldap 0.8.1 → 0.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

data/CHANGES +5 -0
data/Manifest.txt +91 -25
data/README +22 -0
data/Rakefile +41 -8
data/TODO +1 -6
data/examples/config.yaml.example +5 -0
data/examples/example.der +0 -0
data/examples/example.jpg +0 -0
data/examples/groupadd +41 -0
data/examples/groupdel +35 -0
data/examples/groupls +49 -0
data/examples/groupmod +42 -0
data/examples/lpasswd +55 -0
data/examples/objects/group.rb +13 -0
data/examples/objects/ou.rb +4 -0
data/examples/objects/user.rb +20 -0
data/examples/ouadd +38 -0
data/examples/useradd +45 -0
data/examples/useradd-binary +50 -0
data/examples/userdel +34 -0
data/examples/userls +50 -0
data/examples/usermod +42 -0
data/examples/usermod-binary-add +47 -0
data/examples/usermod-binary-add-time +51 -0
data/examples/usermod-binary-del +48 -0
data/examples/usermod-lang-add +43 -0
data/lib/active_ldap.rb +213 -214
data/lib/active_ldap/adapter/base.rb +461 -0
data/lib/active_ldap/adapter/ldap.rb +232 -0
data/lib/active_ldap/adapter/ldap_ext.rb +69 -0
data/lib/active_ldap/adapter/net_ldap.rb +288 -0
data/lib/active_ldap/adapter/net_ldap_ext.rb +29 -0
data/lib/active_ldap/association/belongs_to.rb +3 -1
data/lib/active_ldap/association/belongs_to_many.rb +5 -6
data/lib/active_ldap/association/has_many.rb +9 -17
data/lib/active_ldap/association/has_many_wrap.rb +4 -5
data/lib/active_ldap/attributes.rb +4 -0
data/lib/active_ldap/base.rb +201 -56
data/lib/active_ldap/configuration.rb +11 -1
data/lib/active_ldap/connection.rb +15 -9
data/lib/active_ldap/distinguished_name.rb +246 -0
data/lib/active_ldap/ldap_error.rb +74 -0
data/lib/active_ldap/object_class.rb +9 -5
data/lib/active_ldap/schema.rb +50 -9
data/lib/active_ldap/validations.rb +11 -13
data/rails/plugin/active_ldap/generators/scaffold_al/scaffold_al_generator.rb +7 -0
data/rails/plugin/active_ldap/generators/scaffold_al/templates/ldap.yml +21 -0
data/rails/plugin/active_ldap/init.rb +10 -4
data/test/al-test-utils.rb +46 -3
data/test/run-test.rb +16 -4
data/test/test-unit-ext/always-show-result.rb +28 -0
data/test/test-unit-ext/priority.rb +163 -0
data/test/test_adapter.rb +81 -0
data/test/test_attributes.rb +8 -1
data/test/test_base.rb +132 -3
data/test/test_base_per_instance.rb +14 -3
data/test/test_connection.rb +19 -0
data/test/test_dn.rb +161 -0
data/test/test_find.rb +24 -0
data/test/test_object_class.rb +15 -2
data/test/test_schema.rb +108 -1
metadata +111 -41
data/lib/active_ldap/adaptor/base.rb +0 -29
data/lib/active_ldap/adaptor/ldap.rb +0 -466
data/lib/active_ldap/ldap.rb +0 -113

data/lib/active_ldap/configuration.rb CHANGED Viewed

@@ -15,13 +15,16 @@ module ActiveLdap
     DEFAULT_CONFIG[:port] = 389
     DEFAULT_CONFIG[:method] = :plain  # :ssl, :tls, :plain allowed
-    DEFAULT_CONFIG[:bind_dn] = "cn=admin,dc=localdomain"
+    DEFAULT_CONFIG[:bind_dn] = nil
     DEFAULT_CONFIG[:password_block] = nil
     DEFAULT_CONFIG[:password] = nil
     DEFAULT_CONFIG[:store_password] = true
     DEFAULT_CONFIG[:allow_anonymous] = true
     DEFAULT_CONFIG[:sasl_quiet] = false
     DEFAULT_CONFIG[:try_sasl] = false
+    # See http://www.iana.org/assignments/sasl-mechanisms
+    DEFAULT_CONFIG[:sasl_mechanisms] = ["GSSAPI", "DIGEST-MD5",
+                                        "CRAM-MD5", "EXTERNAL"]
     DEFAULT_CONFIG[:retry_limit] = 3
     DEFAULT_CONFIG[:retry_wait] = 3
@@ -76,6 +79,13 @@ module ActiveLdap
         @@defined_configurations.delete_if {|key, value| value == config}
       end
+      CONNECTION_CONFIGURATION_KEYS = [:base, :ldap_scope, :adapter]
+      def remove_connection_related_configuration(config)
+        config.reject do |key, value|
+          CONNECTION_CONFIGURATION_KEYS.include?(key)
+	end
+      end
       def merge_configuration(config)
         configuration = default_configuration
         config.symbolize_keys.each do |key, value|

data/lib/active_ldap/connection.rb CHANGED Viewed

@@ -45,18 +45,24 @@ module ActiveLdap
         conn
       end
-      def connection=(adaptor)
-        if adaptor.is_a?(Adaptor::Base)
+      def connection=(adapter)
+        if adapter.is_a?(Adapter::Base)
           @schema = nil
-          active_connections[active_connection_name] = adaptor
-        elsif adaptor.is_a?(Hash)
-          config = adaptor
-          adaptor = Inflector.camelize(config[:adaptor] || "ldap")
-          self.connection = Adaptor.const_get(adaptor).new(config)
-        elsif adaptor.nil?
+          active_connections[active_connection_name] = adapter
+        elsif adapter.is_a?(Hash)
+          config = adapter
+          adapter = (config[:adapter] || "ldap")
+          normalized_adapter = adapter.downcase.gsub(/-/, "_")
+          adapter_method = "#{normalized_adapter}_connection"
+          unless Adapter::Base.respond_to?(adapter_method)
+            raise AdapterNotFound.new(adapter)
+          end
+          config = remove_connection_related_configuration(config)
+          self.connection = Adapter::Base.send(adapter_method, config)
+        elsif adapter.nil?
           raise ConnectionNotEstablished
         else
-          establish_connection(adaptor)
+          establish_connection(adapter)
         end
       end

data/lib/active_ldap/distinguished_name.rb ADDED Viewed

@@ -0,0 +1,246 @@
+require 'strscan'
+module ActiveLdap
+  class DistinguishedName
+    class Parser
+      attr_reader :dn
+      def initialize(source)
+        @dn = nil
+        @source = source
+      end
+      def parse
+        return @dn if @dn
+        rdns = []
+        scanner = StringScanner.new(@source)
+        scanner.scan(/\s*/)
+        raise rdn_is_missing if scanner.scan(/\s*\+\s*/)
+        raise name_component_is_missing if scanner.scan(/\s*,\s*/)
+        rdn = {}
+        until scanner.eos?
+          type = scan_attribute_type(scanner)
+          skip_attribute_type_and_value_separator(scanner)
+          value = scan_attribute_value(scanner)
+          rdn[type] = value
+          if scanner.scan(/\s*\+\s*/)
+            raise rdn_is_missing if scanner.eos?
+          elsif scanner.scan(/\s*\,\s*/)
+            rdns << rdn
+            rdn = {}
+            raise name_component_is_missing if scanner.eos?
+          else
+            scanner.scan(/\s*/)
+            rdns << rdn if scanner.eos?
+          end
+        end
+        @dn = DN.new(*rdns)
+        @dn
+      end
+      private
+      ATTRIBUTE_TYPE_RE = /\s*([a-zA-Z][a-zA-Z\d\-]*|\d+(?:\.\d+)*)\s*/
+      def scan_attribute_type(scanner)
+        raise attribute_type_is_missing unless scanner.scan(ATTRIBUTE_TYPE_RE)
+        scanner[1]
+      end
+      def skip_attribute_type_and_value_separator(scanner)
+        raise attribute_value_is_missing unless scanner.scan(/\s*=\s*/)
+      end
+      HEX_PAIR = "(?:[\\da-fA-F]{2})"
+      STRING_CHARS_RE = /[^,=\+<>\#;\\\"]*/ #
+      PAIR_RE = /\\([,=\+<>\#;]|\\|\"|(#{HEX_PAIR}))/ #
+      HEX_STRING_RE = /\#(#{HEX_PAIR}+)/ #
+      def scan_attribute_value(scanner)
+        if scanner.scan(HEX_STRING_RE)
+          value = scanner[1].scan(/../).collect do |hex_pair|
+            hex_pair.hex
+          end.pack("C*")
+        elsif scanner.scan(/\"/)
+          value = scan_quoted_attribute_value(scanner)
+        else
+          value = scan_not_quoted_attribute_value(scanner)
+        end
+        raise attribute_value_is_missing if value.blank?
+        value
+      end
+      def scan_quoted_attribute_value(scanner)
+        result = ""
+        until scanner.scan(/\"/)
+          scanner.scan(/([^\\\"]*)/)
+          quoted_strings = scanner[1]
+          pairs = collect_pairs(scanner)
+          if scanner.eos? or (quoted_strings.empty? and pairs.empty?)
+            raise found_unmatched_quotation
+          end
+          result << quoted_strings
+          result << pairs
+        end
+        result
+      end
+      def scan_not_quoted_attribute_value(scanner)
+        result = ""
+        until scanner.eos?
+          prev_size = result.size
+          pairs = collect_pairs(scanner)
+          strings = scanner.scan(STRING_CHARS_RE)
+          result << pairs if !pairs.nil? and !pairs.empty?
+          unless strings.nil?
+            if scanner.peek(1) == ","
+              result << strings.rstrip
+            else
+              result << strings
+            end
+          end
+          break if prev_size == result.size
+        end
+        result
+      end
+      def collect_pairs(scanner)
+        result = ""
+        while scanner.scan(PAIR_RE)
+          if scanner[2]
+            result << [scanner[2].hex].pack("C*")
+          else
+            result << scanner[1]
+          end
+        end
+        result
+      end
+      def invalid_dn(reason)
+        DistinguishedNameInvalid.new(@source, reason)
+      end
+      def name_component_is_missing
+        invalid_dn("name component is missing")
+      end
+      def rdn_is_missing
+        invalid_dn("relative distinguished name (RDN) is missing")
+      end
+      def attribute_type_is_missing
+        invalid_dn("attribute type is missing")
+      end
+      def attribute_value_is_missing
+        invalid_dn("attribute value is missing")
+      end
+      def found_unmatched_quotation
+        invalid_dn("found unmatched quotation")
+      end
+    end
+    class << self
+      def parse(source)
+        Parser.new(source).parse
+      end
+    end
+    attr_reader :rdns
+    def initialize(*rdns)
+      @rdns = rdns.collect do |rdn|
+        rdn = {rdn[0] => rdn[1]} if rdn.is_a?(Array) and rdn.size == 2
+        rdn
+      end
+    end
+    def -(other)
+      rdns = @rdns.dup
+      normalized_rdns = normalize(@rdns)
+      normalize(other.rdns).reverse_each do |rdn|
+        if rdn == normalized_rdns.pop
+          rdns.pop
+        else
+          raise ArgumentError, "#{other} isn't sub DN of #{self}"
+        end
+      end
+      self.class.new(*rdns)
+    end
+    def <<(rdn)
+      @rdns << rdn
+    end
+    def unshift(rdn)
+      @rdns.unshift(rdn)
+    end
+    def <=>(other)
+      normalize_for_comparing(@rdns) <=>
+        normalize_for_comparing(other.rdns)
+    end
+    def ==(other)
+      other.is_a?(self.class) and
+        normalize(@rdns) == normalize(other.rdns)
+    end
+    def eql?(other)
+      other.is_a?(self.class) and
+        normalize(@rdns).to_s.eql?(normalize(other.rdns).to_s)
+    end
+    def hash
+      normalize(@rdns).to_s.hash
+    end
+    def inspect
+      super
+    end
+    def to_s
+      @rdns.collect do |rdn|
+        rdn.sort_by do |type, value|
+          type.upcase
+        end.collect do |type, value|
+          "#{type}=#{escape(value)}"
+        end.join("+")
+      end.join(",")
+    end
+    private
+    def normalize(rdns)
+      rdns.collect do |rdn|
+        normalized_rdn = {}
+        rdn.each do |key, value|
+          normalized_rdn[key.upcase] = value.upcase
+        end
+        normalized_rdn
+      end
+    end
+    def normalize_for_comparing(rdns)
+      normalize(rdns).collect do |rdn|
+        rdn.sort_by do |key, value|
+          key
+        end
+      end.collect do |key, value|
+        [key, value]
+      end
+    end
+    def escape(value)
+      if /(\A | \z)/.match(value)
+        '"' + value.gsub(/([\\\"])/, '\\\\\1') + '"'
+      else
+        value.gsub(/([,=\+<>#;\\\"])/, '\\\\\1')
+      end
+    end
+  end
+  DN = DistinguishedName
+end

data/lib/active_ldap/ldap_error.rb ADDED Viewed

@@ -0,0 +1,74 @@
+module ActiveLdap
+  class LdapError < Error
+    class << self
+      def define(code, name, target)
+        klass_name = name.downcase.camelize
+        target.module_eval(<<-EOC, __FILE__, __LINE__ + 1)
+          class #{klass_name} < #{self}
+            CODE = #{code}
+            def code
+              CODE
+            end
+          end
+EOC
+        target.const_get(klass_name)
+      end
+    end
+    ERRORS = {}
+    {
+      0x00 => "SUCCESS",
+      0x01 => "OPERATIONS_ERROR",
+      0x02 => "PROTOCOL_ERROR",
+      0x03 => "TIMELIMIT_EXCEEDED",
+      0x04 => "SIZELIMIT_EXCEEDED",
+      0x05 => "COMPARE_FALSE",
+      0x06 => "COMPARE_TRUE",
+      0x07 => "AUTH_METHOD_NOT_SUPPORTED",
+      0x08 => "STRONG_AUTH_REQUIRED",
+      0x09 => "PARTIAL_RESULTS", # LDAPv2+ (not LDAPv3)
+      0x0a => "REFERRAL",
+      0x0b => "ADMINLIMIT_EXCEEDED",
+      0x0c => "UNAVAILABLE_CRITICAL_EXTENSION",
+      0x0d => "CONFIDENTIALITY_REQUIRED",
+      0x0e => "LDAP_SASL_BIND_IN_PROGRESS",
+      0x10 => "NO_SUCH_ATTRIBUTE",
+      0x11 => "UNDEFINED_TYPE",
+      0x12 => "INAPPROPRIATE_MATCHING",
+      0x13 => "CONSTRAINT_VIOLATION",
+      0x14 => "TYPE_OR_VALUE_EXISTS",
+      0x15 => "INVALID_SYNTAX",
+      0x20 => "NO_SUCH_OBJECT",
+      0x21 => "ALIAS_PROBLEM",
+      0x22 => "INVALID_DN_SYNTAX",
+      0x23 => "IS_LEAF",
+      0x24 => "ALIAS_DEREF_PROBLEM",
+      0x2F => "PROXY_AUTHZ_FAILURE",
+      0x30 => "INAPPROPRIATE_AUTH",
+      0x31 => "INVALID_CREDENTIALS",
+      0x32 => "INSUFFICIENT_ACCESS",
+      0x33 => "BUSY",
+      0x34 => "UNAVAILABLE",
+      0x35 => "UNWILLING_TO_PERFORM",
+      0x36 => "LOOP_DETECT",
+      0x40 => "NAMING_VIOLATION",
+      0x41 => "OBJECT_CLASS_VIOLATION",
+      0x42 => "NOT_ALLOWED_ON_NONLEAF",
+      0x43 => "NOT_ALLOWED_ON_RDN",
+      0x44 => "ALREADY_EXISTS",
+      0x45 => "NO_OBJECT_CLASS_MODS",
+      0x46 => "RESULTS_TOO_LARGE",
+      0x47 => "AFFECTS_MULTIPLE_DSAS",
+      0x50 => "OTHER",
+    }.each do |code, name|
+      ERRORS[code] = LdapError.define(code, name, self)
+    end
+  end
+end

data/lib/active_ldap/object_class.rb CHANGED Viewed

@@ -11,16 +11,20 @@ module ActiveLdap
       replace_class((classes + target_classes.flatten).uniq)
     end
+    def ensure_recommended_classes
+      add_class(self.class.recommended_classes)
+    end
     def remove_class(*target_classes)
-      new_classes = (classes - target_classes.flatten).uniq
-      assert_object_classes(new_classes)
-      set_attribute('objectClass', new_classes)
+      replace_class((classes - target_classes.flatten).uniq)
     end
     def replace_class(*target_classes)
       new_classes = target_classes.flatten.uniq
       assert_object_classes(new_classes)
-      set_attribute('objectClass', new_classes)
+      if new_classes.sort != classes.sort
+        set_attribute('objectClass', new_classes)
+      end
     end
     def classes
@@ -52,7 +56,7 @@ module ActiveLdap
         schema.exist_name?("objectClasses", new_class)
       end
       unless invalid_classes.empty?
-        message = "unknown objectClass to LDAP server"
+        message = "unknown objectClass in LDAP server"
         message = "#{message}: #{invalid_classes.join(', ')}"
         raise ObjectClassError, message
       end

data/lib/active_ldap/schema.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module ActiveLdap
   class Schema
     def initialize(entries)
-      @entries = entries
+      @entries = default_entries.merge(entries || {})
       @schema_info = {}
       @class_attributes_info = {}
       @cache = {}
@@ -16,7 +16,7 @@ module ActiveLdap
     end
     # attribute
-    #
+    #
     # This is just like LDAP::Schema#attribute except that it allows
     # look up in any of the given keys.
     # e.g.
@@ -31,9 +31,16 @@ module ActiveLdap
     alias_method :[], :attribute
     alias_method :attr, :attribute
+    NUMERIC_OID_RE = "\\d[\\d\\.]+"
+    DESCRIPTION_RE = "[a-zA-Z][a-zA-Z\\d\\-]*"
+    OID_RE = "(?:#{NUMERIC_OID_RE}|#{DESCRIPTION_RE}-oid)"
     def attributes(group, id_or_name)
       return {} if group.empty? or id_or_name.empty?
+      unless @entries.has_key?(group)
+        raise ArgumentError, "Unknown schema group: #{group}"
+      end
       # Initialize anything that is required
       info, ids, aliases = ensure_schema_info(group)
       id, name = determine_id_or_name(id_or_name, aliases)
@@ -41,8 +48,9 @@ module ActiveLdap
       # Check already parsed options first
       return ids[id] if ids.has_key?(id)
-      while schema = @entries[group].shift
-        next unless /\A\s*\(\s*([\d\.]+)\s*(.*)\s*\)\s*\z/ =~ schema
+      schemata = @entries[group] || []
+      while schema = schemata.shift
+        next unless /\A\s*\(\s*(#{OID_RE})\s*(.*)\s*\)\s*\z/ =~ schema
         schema_id = $1
         rest = $2
         next if ids.has_key?(schema_id)
@@ -190,12 +198,34 @@ module ActiveLdap
       [id, name]
     end
+    # from RFC 2252
+    attribute_type_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "SUP", "EQUALITY", "ORDERING", "SUBSTR",
+       "SYNTAX", "SINGLE-VALUE", "COLLECTIVE", "NO-USER-MODIFICATION", "USAGE"]
+    syntax_description_reserved_names = ["DESC"]
+    object_class_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "SUP", "ABSTRACT", "STRUCTURAL",
+       "AUXILIARY", "MUST", "MAY"]
+    matching_rule_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "SYNTAX"]
+    matching_rule_use_description_reserved_names =
+      ["NAME", "DESC", "OBSOLETE", "APPLIES"]
+    private_experiment_reserved_names = ["X-[A-Z\\-_]+"]
+    reserved_names =
+      (attribute_type_description_reserved_names +
+       syntax_description_reserved_names +
+       object_class_description_reserved_names +
+       matching_rule_description_reserved_names +
+       matching_rule_use_description_reserved_names +
+       private_experiment_reserved_names).uniq
+    RESERVED_NAMES_RE = /(?:#{reserved_names.join('|')})/
     def parse_attributes(str, attributes)
-      str.scan(/([A-Z\-]+)\s+
+      str.scan(/([A-Z\-_]+)\s+
                 (?:\(\s*([\w\-]+(?:\s+\$\s+[\w\-]+)+)\s*\)|
                    \(\s*([^\)]*)\s*\)|
                    '([^\']*)'|
-                   ([a-z][\w\-]*)|
+                   ((?!#{RESERVED_NAMES_RE})[a-zA-Z][a-zA-Z\d\-;]*)|
                    (\d[\d\.\{\}]+)|
                    ()
                 )/x
@@ -214,7 +244,7 @@ module ActiveLdap
         when no_value
           values = ["TRUE"]
         end
-        attributes[name] = values
+        attributes[normalize_attribute_name(name)] = values
       end
     end
@@ -225,6 +255,7 @@ module ActiveLdap
     end
     def ldap_syntax(name, attribute_name)
+      return [] unless @entries.has_key?("ldapSyntaxes")
       cache([:ldap_syntax, name, attribute_name]) do
         attribute("ldapSyntaxes", name, attribute_name)
       end
@@ -238,10 +269,12 @@ module ActiveLdap
     def alias_map(group)
       ensure_parse(group)
-      @schema_info[group][:aliases]
+      return {} if @schema_info[group].nil?
+      @schema_info[group][:aliases] || {}
     end
     def ensure_parse(group)
+      return if @entries[group].nil?
       unless @entries[group].empty?
         attribute(group, 'nonexistent', 'nonexistent')
       end
@@ -252,7 +285,15 @@ module ActiveLdap
     end
     def normalize_attribute_name(name)
-      name.upcase
+      name.upcase.gsub(/_/, "-")
+    end
+    def default_entries
+      {
+        "objectClasses" => [],
+        "attributeTypes" => [],
+        "ldapSyntaxes" => [],
+      }
     end
   end # Schema
 end