ruby-activeldap 0.7.1 → 0.7.2

data/lib/activeldap.rb

@@ -177,7 +177,8 @@
 # Below is a much more realistic Group class:
 # 
 #   class Group < ActiveLDAP::Base
-#     ldap_mapping :dnattr => 'cn', :prefix => 'ou=Groups', :classes => ['top', 'posixGroup']
+#     ldap_mapping :dnattr => 'cn', :prefix => 'ou=Groups', :classes => ['top', 'posixGroup']<
+#                  :scope => LDAP::LDAP_SCOPE_ONELEVEL
 #   end
 # 
 # As you can see, this method is used for defining how this class maps in to LDAP.  Let's say that 
@@ -205,6 +206,8 @@
 #              :prefix     |
 #                :base from configuration.rb
 # 
+# :scope tells ActiveLDAP to only search under ou=Groups, and not to look deeper
+# for dnattr matches. (e.g. cn=develop,ou=DevGroups,ou=Groups,dc=dataspill,dc=org)
 # 
 # Something's missing: :classes.  :classes is used to tell Ruby/ActiveLDAP what
 # the minimum requirement is when creating a new object. LDAP uses objectClasses
@@ -222,7 +225,10 @@
 # 
 # :classes isn't the only optional argument.  If :dnattr is left off, it defaults
 # to 'cn'.  If :prefix is left off, it will default to 'ou=CLASSNAME'. In this
-# case, it would be 'ou=Group'.
+# case, it would be 'ou=Group'. There is also a :parent_class option which, when
+# specified, adds a method call parent() which will return the 
+# parent_class.new(parent_dn). The parent_dn is the objects dn without the dnattr
+# pair.
 # 
 # :classes should be an Array. :dnattr should be a String and so should :prefix.
 # 
@@ -486,12 +492,20 @@
 #   bind methods fail
 # * :try_sasl, when true, tells ActiveLDAP to attempt a SASL-GSSAPI bind
 # * :sasl_quiet, when true, tells the SASL libraries to not spew messages to STDOUT
+# * :method indicates whether to use :ssl, :tls, or :plain
+# * :retries - indicates the number of attempts to reconnect that will be undertaken when a stale connection occurs. -1 means infinite.
+# * :retry_wait - seconds to wait before retrying a connection
+# * :ldap_scope - dictates how to find objects. (Default: ONELEVEL)
+# * :return_objects - indicates whether find/find_all will return objects or just the distinguished name attribute value of the matches. Rails users will find this useful.
+# * :timeout - time in seconds - defaults to disabled. This CAN interrupt search() requests. Be warned.
+# * :retry_on_timeout - whether to reconnect when timeouts occur. Defaults to true
+# See lib/configuration.rb for defaults for each option
 # 
 # Base.connect both connects and binds in one step. It follows roughly the following approach:
 # 
 # * Connect to host:port using :method
 # 
-# * If user and password_block, attempt to bind with credentials.
+# * If user and password_block/password, attempt to bind with credentials.
 # * If that fails or no password_block and anonymous allowed, attempt to bind
 #   anonymously.
 # * If that fails, error out.
@@ -907,13 +921,18 @@ $VERBOSE, verbose = false, $VERBOSE
 
 require 'activeldap/ldap'
 require 'activeldap/schema2'
+if RUBY_PLATFORM.match('linux')
+  require 'activeldap/timeout'
+else
+  require 'activeldap/timeout_stub'
+end
 require 'activeldap/base'
 require 'activeldap/associations'
 require 'activeldap/configuration'
 
 
 module ActiveLDAP
-  VERSION = "0.7.1"
+  VERSION = "0.7.2"
 end
 
 ActiveLDAP::Base.class_eval do

data/lib/activeldap/associations.rb

@@ -11,28 +11,42 @@ module ActiveLDAP
      base.extend(ClassMethods)
    end
    module ClassMethods
+
      # This class function is used to setup all mappings between the subclass
      # and ldap for use in activeldap
+     #
+     # Example:
+     #   ldap_mapping :dnattr => 'uid', :prefix => 'ou=People', 
+     #                :classes => ['top', 'posixAccount'], scope => LDAP::LDAP_SCOPE_SUBTREE,
+     #                :parent => String
      def ldap_mapping(options = {})
        # The immediate ancestor should be the caller....
        klass = self.ancestors[0]
 
        dnattr = options[:dnattr] || 'cn'
        prefix = options[:prefix] || "ou=#{klass.to_s.split(':').last}"
-       classes_array = options[:classes] || ['top']
+       classes_array = options[:classes] || nil
+       scope = options[:scope] || 'super'
+       # When used, instantiates parent objects from the "parent dn". This
+       # can be a String or a real ActiveLDAP class. This just adds the helper 
+       # Base#parent.
+       parent = options[:parent_class] || nil
 
-       raise TypeError, ":classes must be an array" \
-         unless classes_array.respond_to? :size
-       # Build classes array
-       classes = '['
-       classes_array.map! {|x| x = "'#{x}'"}
-       classes << classes_array.join(', ')
-       classes << ']'
+       classes = 'super'
+       unless classes_array.nil?
+         raise TypeError, ":classes must be an array" \
+           unless classes_array.respond_to? :size
+         # Build classes array
+         classes = '['
+         classes_array.map! {|x| x = "'#{x}'"}
+         classes << classes_array.join(', ')
+         classes << ']'
+       end
 
        # This adds the methods to the local
        # class which can then be inherited, etc
        # which describe the mapping to LDAP.
-       klass.class_eval <<-"end_eval"
+       klass.class_eval(<<-"end_eval")
          class << self
            # Return the list of required object classes
            def required_classes
@@ -52,8 +66,13 @@ module ActiveLDAP
            def dnattr
              '#{dnattr}'
            end
-         end
 
+           # Return the expected DN attribute of an object
+           def ldap_scope
+             #{scope}
+           end
+         end
+         
          # Hide connect
          private_class_method :connect
 
@@ -63,6 +82,15 @@ module ActiveLDAP
          public_class_method :new
          public_class_method :dnattr
       end_eval
+
+      # Add the parent helper if desired
+      if parent
+        klass.class_eval(<<-"end_eval")
+          def parent()
+            return #{parent}.new(@dn.split(',')[1..-1].join(','))
+          end
+        end_eval
+      end
      end
 
     # belongs_to

data/lib/activeldap/base.rb

@@ -40,7 +40,7 @@ module ActiveLDAP
   # If no exact match, raise an error.
   # If match, change all LDAP attributes in accessor attributes on the object.
   # -- these are ACTUALLY populated from schema - see subschema.rb example
-  # -- @conn.schema().each{|k,vs| vs.each{|v| print("#{k}: #{v}\n")}}
+  # -- @conn.schema2().each{|k,vs| vs.each{|v| print("#{k}: #{v}\n")}}
   # -- extract objectClasses from match and populate
   # Multiple entries become lists.
   # If this isn't read-only then lists become multiple entries, etc.
@@ -94,6 +94,11 @@ module ActiveLDAP
   class AttributeAssignmentError < RuntimeError
   end
 
+  # TimeoutError
+  #
+  # An exception raised when a connection action fails due to a timeout
+  class TimeoutError < RuntimeError
+  end
 
   # Base
   #
@@ -196,6 +201,9 @@ module ActiveLDAP
     # :method - whether to use :ssl, :tls, or :plain (unencrypted)
     # :retry_wait - seconds to wait before retrying a connection
     # :ldap_scope - dictates how to find objects. ONELEVEL by default to avoid dn_attr collisions across OUs. Think before changing.
+    # :return_objects - indicates whether find/find_all will return objects or just the distinguished name attribute value of the matches
+    # :timeout - time in seconds - defaults to disabled. This CAN interrupt search() requests. Be warned.
+    # :retry_on_timeout - whether to reconnect when timeouts occur. Defaults to true
     # See lib/configuration.rb for defaults for each option
     def Base.connect(config={})
       # Process config
@@ -203,10 +211,16 @@ module ActiveLDAP
       ## These will be replace by configuration.rb defaults if defined
       @@config = DEFAULT_CONFIG.dup
       config.keys.each do |key|
-        if key == :base
+        case key
+        when :base
           # Scrub before inserting
           base = config[:base].gsub(/['}{#]/, '')
           Base.class_eval("def Base.base();'#{base}';end")
+        when :ldap_scope
+          if config[:ldap_scope].class != Fixnum
+            raise ConfigurationError, ':ldap_scope must be a Fixnum'
+          end
+          Base.class_eval("def Base.ldap_scope();#{config[:ldap_scope]};end")
         else
           @@config[key] = config[key]
         end
@@ -242,11 +256,79 @@ module ActiveLDAP
       end
       @@conn = nil
       # Make sure it is cleaned up
-      ObjectSpace.garbage_collect
+      # This causes Ruby/LDAP memory corruption.
+      # ObjectSpace.garbage_collect
     end
 
     # Return the LDAP connection object currently in use
-    def Base.connection
+    # Alternately execute a command against the connection
+    # object "safely" using a given block. Use the given 
+    # "errmsg" for any error conditions.
+    def Base.connection(exc=RuntimeError.new('unknown error'), try_reconnect = true)
+      # Block was given! Let's safely provide access.
+      if block_given?
+        begin
+          Timeout.alarm(@@config[:timeout]) do 
+            begin
+              yield @@conn
+            rescue => e
+              # Raise an LDAP error instead of RuntimeError or whatever
+              
+              raise *LDAP::err2exception(@@conn.err) if @@conn.err != 0
+              # Else reraise
+              
+              raise e
+            end
+          end
+        rescue Timeout::Error => e
+          @@logger.error('Requested action timed out.')
+          retry if try_reconnect and @@config[:retry_on_timeout] and Base.reconnect()
+          message = e.message
+          message = exc.message unless exc.nil?
+          @@logger.error(message)
+          raise TimeoutError, message
+        rescue RuntimeError => e
+          @@logger.error("#{e.class} exception occurred in connection block")
+          @@logger.error("Exception message: #{e.message}")
+          @@logger.error("Exception backtrace: #{e.backtrace}")
+          @@logger.error(exc.message) unless exc.nil?
+          retry if try_reconnect and Base.reconnect()
+          raise exc unless exc.nil?
+          return nil
+        rescue LDAP::ServerDown => e
+          @@logger.error("#{e.class} exception occurred in connection block")
+          @@logger.error("Exception message: #{e.message}")
+          @@logger.error("Exception backtrace: #{e.backtrace}")
+          @@logger.error(exc.message) unless exc.nil?
+          retry if try_reconnect and Base.reconnect()
+          raise exc unless exc.nil?
+          return nil
+        rescue LDAP::ResultError => e
+          @@logger.error("#{e.class} exception occurred in connection block")
+          @@logger.error("Exception message: #{e.message}")
+          @@logger.error("Exception backtrace: #{e.backtrace}")
+          @@logger.error(exc.message) unless exc.nil?
+          retry if try_reconnect and Base.reconnect()
+          raise exc unless exc.nil?
+          return nil
+        rescue LDAP::UndefinedType => e
+          @@logger.error("#{e.class} exception occurred in connection block")
+          @@logger.error("Exception message: #{e.message}")
+          @@logger.error("Exception backtrace: #{e.backtrace}")
+          # Do not retry - not a connection error
+          raise exc unless exc.nil?
+          return nil
+        # Catch all - to be remedied later
+        rescue => e
+          @@logger.error("#{e.class} exception occurred in connection block")
+          @@logger.error("Exception message: #{e.message}")
+          @@logger.error("Exception backtrace: #{e.backtrace}")
+          @@logger.error("Error in catch all: please send debug log to ActiveLDAP author")
+          @@logger.error(exc.message) unless exc.nil?
+          raise exc unless exc.nil?
+          return nil
+        end
+      end
       return @@conn
     end
 
@@ -255,24 +337,36 @@ module ActiveLDAP
       @@conn = conn
     end
 
+    # Determine if we have exceed the retry limit or not.
+    # True is reconnecting is allowed - False if not.
+    def Base.can_reconnect?
+      # Allow connect if we've never connected.
+      return true unless @@config
+      if @@reconnect_attempts < (@@config[:retries] - 1) or
+         @@config[:retries] < 0
+        return true
+      end
+      return false
+    end
+
     # Attempts to reconnect up to the number of times allowed
     # If forced, try once then fail with ConnectionError if not connected.
     def Base.reconnect(force=false)
+      unless @@config
+        @@logger.error('Ignoring force: Base.reconnect called before Base.connect') if force
+        
+        Base.connect
+        return true
+      end
       not_connected = true
       while not_connected
-        # Just to be clean, unbind if possible
-        begin
-          @@conn.unbind() if not @@conn.nil? and @@conn.bound?
-        rescue
-          # Ignore complaints.
-        end
-        @@conn = nil
-
-        if @@config[:retries] == -1 or force == true
+        if Base.can_reconnect?
           
+          Base.close()
 
           # Reset the attempts if this was forced.
-          @@reconnect_attempts = 0 if @@reconnect_attempts != 0
+          @@reconnect_attempts = 0 if force
+          @@reconnect_attempts += 1 if @@config[:retries] >= 0
           begin
             do_connect() 
             not_connected = false
@@ -282,18 +376,6 @@ module ActiveLDAP
             # Do not loop if forced
             raise ConnectionError, detail.message if force
           end
-        elsif @@reconnect_attempts < @@config[:retries]
-          
-          @@reconnect_attempts += 1
-          begin
-            do_connect() 
-            not_connected = false
-            # Reset to 0 if a connection was made. 
-            @@reconnect_attempts = 0
-          rescue => detail
-            @@logger.error("Reconnect to server failed: #{detail.exception}")
-            @@logger.error("Reconnect to server failed backtrace: #{detail.backtrace}")
-          end
         else
           # Raise a warning
           raise ConnectionError, 'Giving up trying to reconnect to LDAP server.'
@@ -315,13 +397,7 @@ module ActiveLDAP
     # Wraps Ruby/LDAP connection.search to make it easier to search for specific
     # data without cracking open Base.connection
     def Base.search(config={})
-      unless Base.connection
-        if @@config
-          ActiveLDAP::Base.connect(@@config)
-        else
-          ActiveLDAP::Base.connect
-        end
-      end
+      Base.reconnect if Base.connection.nil? and Base.can_reconnect?
 
       config[:filter] = 'objectClass=*' unless config.has_key? :filter
       config[:attrs] = [] unless config.has_key? :attrs
@@ -331,8 +407,8 @@ module ActiveLDAP
       values = []
       config[:attrs] = config[:attrs].to_a # just in case
 
-      begin
-        @@conn.search(config[:base], config[:scope], config[:filter], config[:attrs])  do |m|
+      result = Base.connection() do |conn|
+        conn.search(config[:base], config[:scope], config[:filter], config[:attrs])  do |m|
           res = {}
           res['dn'] = [m.dn.dup] # For consistency with the below
           m.attrs.each do |attr|
@@ -342,18 +418,10 @@ module ActiveLDAP
           end
           values.push(res)
         end
-      rescue RuntimeError => detail
-        #TODO# Check for 'No message' when retrying
-        # The connection may have gone stale. Let's reconnect and retry. 
-        retry if Base.reconnect()
+      end
+      if result.nil?
         # Do nothing on failure
         
-      rescue => detail
-        if LDAP::err2exception(@@conn.err)[0] == LDAP::ServerDown
-          
-          retry if Base.reconnect()
-        end
-        raise detail
       end
       return values
     end
@@ -365,14 +433,8 @@ module ActiveLDAP
     # usage: Subclass.find(:attribute => "cn", :value => "some*val", :objects => true)
     #        Subclass.find('some*val')
     #
-    def Base.find(config = {})
-      unless Base.connection
-        if @@config
-          ActiveLDAP::Base.connect(@@config)
-        else
-          ActiveLDAP::Base.connect
-        end
-      end
+    def Base.find(config='*')
+      Base.reconnect if Base.connection.nil? and Base.can_reconnect?
 
       if self.class == Class
         klass = self.ancestors[0].to_s.split(':').last
@@ -384,20 +446,18 @@ module ActiveLDAP
 
       # Allow a single string argument
       attr = dnattr()
-      objects = false
+      objects = @@config[:return_objects]
       val = config
       # Or a hash
-      if config.respond_to?"has_key?"
+      if config.respond_to?(:has_key?)
         attr = config[:attribute] || dnattr()
         val = config[:value] || '*'
-        objects = config[:objects]
+        objects = config[:objects] || @@config[:return_objects]
       end
 
-      matches = []
-
-      begin
+      Base.connection(ConnectionError.new("Failed in #{self.class}#find(#{config.inspect})")) do |conn|
         # Get some attributes
-        @@conn.search(base(), @@config[:ldap_scope], "(#{attr}=#{val})")  do |m|
+        conn.search(base(), ldap_scope(), "(#{attr}=#{val})")  do |m|
           # Extract the dnattr value
           dnval = m.dn.split(/,/)[0].split(/=/)[1]
 
@@ -407,20 +467,8 @@ module ActiveLDAP
             return dnval
           end
         end
-      rescue RuntimeError => detail
-        #TODO# Check for 'No message' when retrying
-        # The connection may have gone stale. Let's reconnect and retry. 
-        retry if Base.reconnect()
-
-        # Do nothing on failure
-        
-      rescue => detail
-        if LDAP::err2exception(@@conn.err)[0] == LDAP::ServerDown
-          
-          retry if Base.reconnect()
-        end
-        raise detail
       end
+      # If we're here, there were no results
       return nil
     end
     private_class_method :find
@@ -429,14 +477,8 @@ module ActiveLDAP
     #
     # Finds all matches for value where |value| is the value of some 
     # |field|, or the wildcard match. This is only useful for derived classes.
-    def Base.find_all(config = {})
-      unless Base.connection
-        if @@config
-          ActiveLDAP::Base.connect(@@config)
-        else
-          ActiveLDAP::Base.connect
-        end
-      end
+    def Base.find_all(config='*')
+      Base.reconnect if Base.connection.nil? and Base.can_reconnect?
 
       if self.class == Class
         real_klass = self.ancestors[0]
@@ -447,20 +489,18 @@ module ActiveLDAP
       # Allow a single string argument
       val = config
       attr = dnattr()
-      objects = false
+      objects = @@config[:return_objects]
       # Or a hash
-      if config.respond_to?"has_key?"
+      if config.respond_to?(:has_key?)
         val = config[:value] || '*'
         attr = config[:attribute] || dnattr()
-        objects = config[:objects]
+        objects = config[:objects] || @@config[:return_objects]
       end
 
       matches = []
-
-      begin
+      Base.connection(ConnectionError.new("Failed in #{self.class}#find_all(#{config.inspect})")) do |conn|
         # Get some attributes
-        @@conn.search(base(), @@config[:ldap_scope],
-          "(#{attr}=#{val})")  do |m|
+        conn.search(base(), ldap_scope(), "(#{attr}=#{val})") do |m|
           # Extract the dnattr value
           dnval = m.dn.split(/,/)[0].split(/=/)[1]
 
@@ -470,19 +510,6 @@ module ActiveLDAP
             matches.push(dnval)
           end
         end
-      rescue RuntimeError => detail
-        #TODO# Check for 'No message' when retrying
-        # The connection may have gone stale. Let's reconnect and retry. 
-        retry if Base.reconnect()
-
-        # Do nothing on failure
-        
-      rescue => detail
-        if LDAP::err2exception(@@conn.err)[0] == LDAP::ServerDown
-          
-          retry if Base.reconnect()
-        end
-        raise detail
       end
       return matches
     end
@@ -499,7 +526,7 @@ module ActiveLDAP
     # configuration.rb into this class.
     # When subclassing, the specified prefix will be concatenated.
     def Base.base
-      'dc=example,dc=com'
+      'dc=localdomain'
     end
 
     # Base.dnattr
@@ -526,6 +553,17 @@ module ActiveLDAP
       []
     end
 
+    # Base.ldap_scope
+    #
+    # This method when included into Base provides
+    # an inheritable, overwritable configuration setting
+    #
+    # This value should be the default LDAP scope behavior
+    # desired.
+    def Base.ldap_scope
+      LDAP::LDAP_SCOPE_ONELEVEL
+    end
+
 
 
     ### All instance methods, etc
@@ -539,20 +577,12 @@ module ActiveLDAP
     # val can be a dn attribute value, a full DN, or a LDAP::Entry.  The use
     # with a LDAP::Entry is primarily meant for internal use by find and
     # find_all.
+    #
     def initialize(val)
       @exists = false
-      # Try a default connection if none made explicitly
-      if Base.connection.nil? and @@reconnect_attempts < @@config[:retries]
-        # Use @@config if it has been prepopulated and the conn is down.
-        if @@config
-          ActiveLDAP::Base.reconnect
-        else
-          ActiveLDAP::Base.connect
-        end
-      elsif Base.connection.nil?
-        @@logger.error('Attempted to initialize a new object with no connection')
-        raise ConnectionError, 'Number of reconnect attempts exceeded.'
-      end
+      # Make sure we're connected
+      Base.reconnect if Base.connection.nil? and Base.can_reconnect?
+
       if val.class == LDAP::Entry
         # Call import, which is basically initialize
         # without accessing LDAP.
@@ -569,11 +599,11 @@ module ActiveLDAP
       @attr_methods = {} # list of valid method calls for attributes used for dereferencing
       @last_oc = false # for use in other methods for "caching"
       if dnattr().empty?
-        raise RuntimeError, "dnattr() not set for this class."
+        raise ConfigurationError, "dnattr() not set for this class: #{self.class}"
       end
 
-      # Break val apart if it is a dn
-      if val.match(/^#{dnattr()}=([^,=]+),#{base()}$/i)
+      # Extract dnattr if val looks like a dn
+      if val.match(/^#{dnattr()}=([^,=]+),/i)
         val = $1
       elsif val.match(/[=,]/)
         @@logger.info "initialize: Changing val from '#{val}' to '' because it doesn't match the DN."
@@ -589,9 +619,9 @@ module ActiveLDAP
         @dn = "#{dnattr()}=#{val},#{base()}"
 
         # Search for the existing entry
-        begin
+        Base.connection(ConnectionError.new("Failed in #{self.class}#new(#{val.inspect})")) do |conn|
           # Get some attributes
-          Base.connection.search(base(), @@config[:ldap_scope], "(#{dnattr()}=#{val})")  do |m|
+          conn.search(base(), ldap_scope(), "(#{dnattr()}=#{val})")  do |m|
             @exists = true
             # Save DN
             @dn = m.dn
@@ -612,20 +642,22 @@ module ActiveLDAP
               end
             end
           end
-        rescue RuntimeError => detail
-          #TODO# Check for 'No message' when retrying
-          # The connection may have gone stale. Let's reconnect and retry. 
-          retry if Base.reconnect()
-
-          # Do nothing on failure
-          @@logger.error('new: unable to search for entry')
-          raise detail
-        rescue LDAP::ResultError
         end
       end
 
       # Do the actual object setup work.
       if @exists
+        # Make sure the server uses objectClass and not objectclass
+        unless @ldap_data.has_key?('objectClass')
+          real_objc = @ldap_data.grep(/^objectclass$/i)
+          if real_objc.size == 1
+            @ldap_data['objectClass'] = @ldap_data[real_objc]
+            @ldap_data.delete(real_objc)
+          else
+            raise AttributeEmpty, 'objectClass was not sent by LDAP server!'
+          end
+        end
+
         # Populate schema data
         send(:apply_objectclass, @ldap_data['objectClass'])
 
@@ -633,6 +665,10 @@ module ActiveLDAP
         @ldap_data.each do |pair|
           real_attr = @attr_methods[pair[0]]
           
+          if real_attr.nil?
+            @@logger.error("Unable to resolve attribute value #{pair[0].inspect}. " +
+                           "Unpredictable behavior likely!")
+          end
           @data[real_attr] = pair[1].dup
           
         end
@@ -656,7 +692,7 @@ module ActiveLDAP
     def attributes
       
       send(:apply_objectclass, @data['objectClass']) if @data['objectClass'] != @last_oc
-      return @attr_methods.keys
+      return @attr_methods.keys.map {|x|x.downcase}.uniq
     end
 
     # exists?
@@ -706,7 +742,8 @@ module ActiveLDAP
       # Make sure all MUST attributes have a value
       @data['objectClass'].each do |objc|
         @must.each do |req_attr|
-          deref = @attr_methods[req_attr]
+          # Downcase to ensure we catch schema problems
+          deref = @attr_methods[req_attr.downcase]
           # Set default if it wasn't yet set.
           @data[deref] = [] if @data[deref].nil?
           # Check for missing requirements.
@@ -724,20 +761,10 @@ module ActiveLDAP
     # Delete this entry from LDAP
     def delete
       
-      begin
-        @@conn.delete(@dn)
+      Base.connection(DeleteError.new(
+                        "Failed to delete LDAP entry: '#{@dn}'")) do |conn|
+        conn.delete(@dn)
         @exists = false
-      rescue RuntimeError => detail
-        #todo# check for 'no message' when retrying
-        # the connection may have gone stale. let's reconnect and retry. 
-        retry if Base.reconnect()
-        raise DeleteError, "Failed to delete LDAP entry: '#{@dn}'"
-      rescue LDAP::ResultError => detail
-        if LDAP::err2exception(@@conn.err)[0] == LDAP::ServerDown
-          
-          retry if Base.reconnect()
-        end
-        raise DeleteError, "Failed to delete LDAP entry: '#{@dn}'"
       end
     end
 
@@ -784,6 +811,15 @@ module ActiveLDAP
       
       data = Marshal.load(Marshal.dump(@data))
       
+
+      
+      bad_attrs = @data.keys - (@must+@may)
+      bad_attrs.each do |removeme|
+        data.delete(removeme) 
+      end
+      
+
+
       
       data.keys.each do |key|
         data[key].each do |value|
@@ -800,7 +836,6 @@ module ActiveLDAP
       end
       
 
-
       if @exists
         # Cycle through all attrs to determine action
         action = {}
@@ -865,23 +900,11 @@ module ActiveLDAP
           end
         end
         
-        begin
+        Base.connection(WriteError.new(
+                        "Failed to modify: '#{entry}'")) do |conn|
           
-          @@conn.modify(@dn, entry)
+          conn.modify(@dn, entry)
           
-        rescue RuntimeError => detail
-          #todo# check for SERVER_DOWN
-          # the connection may have gone stale. let's reconnect and retry. 
-          retry if Base.reconnect()
-          raise WriteError, "Could not update LDAP entry: #{detail}"
-        rescue => detail
-          
-          if LDAP::err2exception(@@conn.err)[0] == LDAP::ServerDown
-            
-            retry if Base.reconnect()
-          end
-          
-          raise WriteError, "Could not update LDAP entry: #{detail}"
         end
       else # add everything!
         
@@ -903,30 +926,26 @@ module ActiveLDAP
             entry.push(LDAP.mod(LDAP::LDAP_MOD_ADD|binary, pair[0], pair[1]))
           end
         end
-        begin
+        Base.connection(WriteError.new(
+                        "Failed to add: '#{entry}'")) do |conn|
           
-          @@conn.add(@dn, entry)
+          conn.add(@dn, entry)
           
           @exists = true
-        rescue RuntimeError => detail
-          # The connection may have gone stale. Let's reconnect and retry. 
-          retry if Base.reconnect()
-          raise WriteError, "Could not add LDAP entry[#{Base.connection.err2string(Base.connection.err)}]: #{detail}"
-        rescue LDAP::ResultError => detail
-          if LDAP::err2exception(@@conn.err)[0] == LDAP::ServerDown
-            
-            retry if Base.reconnect()
-          end
-          raise WriteError, "Could not add LDAP entry[#{Base.connection.err2string(Base.connection.err)}]: #{detail}"
         end
       end
       
-      @ldap_data = Marshal.load(Marshal.dump(@data))
+      @ldap_data = Marshal.load(Marshal.dump(data))
+      # Delete items disallowed by objectclasses. 
+      # They should have been removed from ldap.
+      
+      bad_attrs.each do |removeme|
+        @ldap_data.delete(removeme) 
+      end
       
       
     end
 
-
     # method_missing
     #
     # If a given method matches an attribute or an attribute alias
@@ -970,7 +989,7 @@ module ActiveLDAP
     end
 
 
-     private
+  private
 
       # import(LDAP::Entry)
       #
@@ -1072,14 +1091,6 @@ module ActiveLDAP
             # Update attr_method with appropriate
             define_attribute_methods(attr)
         end
-
-        # Delete all now innew_ocid attributes given the new objectClasses
-        @data.keys.each do |key|
-          # If it's not a proper aliased attribute, drop it
-          unless @attr_methods.has_key? key
-            @data.delete(key)
-          end
-        end
       end
 
 
@@ -1198,21 +1209,18 @@ module ActiveLDAP
       end
 
       # Enforce LDAPv3
-      @@conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+      Base.connection(nil, false) do |conn|
+        conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+      end
 
       # Authenticate
       do_bind
 
       # Retrieve the schema. We need this to automagically determine attributes
-      begin
-        @@schema = @@conn.schema() if @@schema.nil?
-      rescue => e
-        @@logger.error("Failed to retrieve the schema (#{@@config[:method]})")
-        @@logger.error("Schema failure exception: #{e.exception}")
-        @@logger.error("Schema failure backtrace: #{e.backtrace}")
-        raise ConnectionError, "#{e.exception} - LDAP connection failure, or server does not support schema queries."
+      exc = ConnectionError.new("Unable to retrieve schema from server (#{@@config[:method]})")
+      Base.connection(exc, false) do |conn|
+        @@schema = @@conn.schema2() if @@schema.nil?
       end
-
       
     end
 
@@ -1228,39 +1236,35 @@ module ActiveLDAP
        elsif do_simple_bind(bind_dn)
          @@logger.info('Bound simple')
        elsif @@config[:allow_anonymous] and do_anonymous_bind(bind_dn)
-         @@logger.info('Bound simple')
+         @@logger.info('Bound anonymous')
        else
-         @@logger.error('Failed to bind using any available method')
          raise *LDAP::err2exception(@@conn.err) if @@conn.err != 0
+         raise AuthenticationError, 'All authentication methods exhausted.'
        end
 
        return @@conn.bound?
      end
+     private_class_method :do_bind
 
      # Base.do_anonymous_bind
      #
      # Bind to LDAP with the given DN, but with no password. (anonymous!)
      def Base.do_anonymous_bind(bind_dn)
        @@logger.info "Attempting anonymous authentication"
-       begin
-         @@conn.bind()
+       Base.connection(nil, false) do |conn|
+         conn.bind()
          return true
-       rescue => e
-         
-         
-         
-         @@logger.warn "Warning: Anonymous authentication failed."
-         @@logger.warn "message: #{e.message}"
-         return false
        end
+       return false
      end
+     private_class_method :do_anonymous_bind
 
      # Base.do_simple_bind
      #
      # Bind to LDAP with the given DN and password
      def Base.do_simple_bind(bind_dn)
        # Bail if we have no password or password block
-       if not @@config[:password_block].nil? and not @@config[:password].nil?
+       if @@config[:password_block].nil? and @@config[:password].nil?
          return false
        end
 
@@ -1282,50 +1286,46 @@ module ActiveLDAP
          return false 
        end
 
-       begin
-         @@conn.bind(bind_dn, password)
-       rescue => e
-         
-         # TODO: replace this with LDAP::err2exception()
-         if @@conn.err == LDAP::LDAP_SERVER_DOWN
-           @@logger.error "Warning: " + e.message
-         else
-           @@logger.warn "Warning: SIMPLE authentication failed."
-         end
-         return false
-       end
        # Store the password for quick reference later
        if @@config[:store_password]
          @@config[:password] = password
        elsif @@config[:store_password] == false
          @@config[:password] = nil
        end
-       return true
+
+       Base.connection(nil, false) do |conn|
+         conn.bind(bind_dn, password)
+         return true
+       end
+       return false
      end
+     private_class_method :do_simple_bind
 
      # Base.do_sasl_bind
      #
      # Bind to LDAP with the given DN using any available SASL methods
      def Base.do_sasl_bind(bind_dn)
        # Get all SASL mechanisms
-       mechanisms = @@conn.root_dse[0]['supportedSASLMechanisms']
+       #
+       mechanisms = []
+       exc = ConnectionError.new('Root DSE query failed')
+       Base.connection(exc, false) do |conn|
+         mechanisms = conn.root_dse[0]['supportedSASLMechanisms']
+       end
        # Use GSSAPI if available
        # Currently only GSSAPI is supported with Ruby/LDAP from
        # http://caliban.org/files/redhat/RPMS/i386/ruby-ldap-0.8.2-4.i386.rpm
        # TODO: Investigate further SASL support
        if mechanisms.respond_to? :member? and mechanisms.member? 'GSSAPI'
-         begin
-           @@conn.sasl_quiet = @@config[:sasl_quiet] if @@config.has_key?(:sasl_quiet)
-           @@conn.sasl_bind(bind_dn, 'GSSAPI')
+         Base.connection(nil, false) do |conn|
+           conn.sasl_quiet = @@config[:sasl_quiet] if @@config.has_key?(:sasl_quiet)
+           conn.sasl_bind(bind_dn, 'GSSAPI')
            return true
-         rescue
-           
-           @@logger.warn "Warning: SASL GSSAPI authentication failed."
-           return false
          end
        end
        return false
      end
+     private_class_method :do_sasl_bind
 
      # base
      #
@@ -1336,6 +1336,15 @@ module ActiveLDAP
        self.class.base
      end
 
+     # ldap_scope
+     #
+     # Returns the value of self.class.ldap_scope
+     # This is just syntactic sugar
+     def ldap_scope
+       
+       self.class.ldap_scope
+     end
+
      # required_classes
      #
      # Returns the value of self.class.required_classes
@@ -1419,6 +1428,8 @@ module ActiveLDAP
        aliases.each do |ali|
          
          @attr_methods[ali] = attr
+         
+         @attr_methods[ali.downcase] = attr
        end
        
      end

data/lib/activeldap/configuration.rb

@@ -22,10 +22,28 @@ module ActiveLDAP
 
     DEFAULT_CONFIG[:retries] = 3
     DEFAULT_CONFIG[:retry_wait] = 3
+    DEFAULT_CONFIG[:timeout] = 0 # in seconds; 0 <= Never timeout
+    # Whether or not to retry on timeouts
+    DEFAULT_CONFIG[:retry_on_timeout] = true
+
+    # Whether to return objects by default from find/find_all
+    DEFAULT_CONFIG[:return_objects] = false
 
     DEFAULT_CONFIG[:logger] = nil
-    DEFAULT_CONFIG[:ldap_scope] = LDAP::LDAP_SCOPE_ONELEVEL
 
+    # On connect, this is overriden by the :base argument
+    #
+    # Set this to LDAP_SCOPE_SUBTREE if you have a LDAP tree where all 
+    # objects of the same class living in different parts of the same subtree, but
+    # not. LDAP_SCOPE_ONELEVEL is for use when all the objects in your classes live
+    # under one shared level (e.g. ou=People,dc=localdomain)
+    #
+    # This can be overriden on a per class basis in ldap_mapping :scope
+    def Base.ldap_scope
+      LDAP::LDAP_SCOPE_ONELEVEL
+    end
+
+    # On connect, this is overriden by the :base argument
     # Make the return value the string that is your LDAP base
     def Base.base
       'dc=localdomain'

data/lib/activeldap/ldap.rb

@@ -6,6 +6,9 @@
 
 
 module LDAP
+  class PrettyError < RuntimeError
+  end
+
   ERRORS = [
     "LDAP_SUCCESS",
     "LDAP_OPERATIONS_ERROR",
@@ -75,7 +78,7 @@ module LDAP
         exc = exc.split('_').collect {|w| w.capitalize }.join('')
         # Doesn't exist :-)
         LDAP.module_eval(<<-end_module_eval)
-          class #{exc} < LDAP::ResultError
+          class #{exc} < LDAP::PrettyError
           end
         end_module_eval
         hash[val] = exc
@@ -103,3 +106,6 @@ module LDAP
     return [exc, err2string(errno)]
   end
 end
+
+# Generate!
+LDAP::generate_err2exceptions()

data/lib/activeldap/schema2.rb

@@ -18,6 +18,8 @@ module LDAP
       return [] if type.empty?
       return [] if at.empty?
 
+      type = type.downcase # We're going case insensitive.
+
       # Check already parsed options first
       if @@attr_cache.has_key? sub \
         and @@attr_cache[sub].has_key? type \
@@ -38,9 +40,13 @@ module LDAP
       self[sub].each do |s|
         line = '' 
         if type[0..0] =~ /[0-9]/
-          line = s if s =~ /\(\s+#{type}\s+(?:[A-Z]|\))/
+          if s =~ /\(\s+(?i:#{type})\s+(?:[A-Z]|\))/
+            line = s
+          end
         else
-          line = s if s =~ /NAME\s+\(?.*'#{type}'.*\)?\s+(?:[A-Z]|\))/
+          if s =~ /NAME\s+\(?.*'(?i:#{type})'.*\)?\s+(?:[A-Z]|\))/
+            line = s
+          end
         end
 
         # I need to check, but I think some of these matchs
@@ -190,7 +196,7 @@ module LDAP
   end # Schema2
 
   class Conn
-    def schema(base = nil, attrs = nil, sec = 0, usec = 0)
+    def schema2(base = nil, attrs = nil, sec = 0, usec = 0)
       attrs ||= [
         'objectClasses',
         'attributeTypes',

data/lib/activeldap/timeout.rb

@@ -0,0 +1,75 @@
+require 'timeout'
+
+module Timeout
+
+  # A forking timeout implementation that relies on
+  # signals to interrupt blocking I/O instead of passing
+  # that code to run in a separate process.
+  #
+  # A process is fork()ed, sleeps for _sec_,
+  # then sends a ALRM signal to the Process.ppid
+  # process. ALRM is used to avoid conflicts with sleep()
+  #
+  # This overwrites any signal
+  def Timeout.alarm(sec, exception=Timeout::Error, &block)
+    return block.call if sec == nil or sec.zero?
+ 
+  
+    # Trap an alarm in case it comes before we're ready
+    orig_alrm = trap(:ALRM, 'IGNORE')
+
+    # Setup a fallback in case of a race condition of an
+    # alarm before we set the other trap
+    trap(:ALRM) do 
+      # Don't leave zombies
+      Process.wait2()
+      # Restore the original handler
+      trap('ALRM', orig_alrm)
+      # Now raise an exception!
+      raise exception, 'execution expired'
+    end
+
+    # Spawn the sleeper
+    pid = Process.fork {
+      begin
+        # Sleep x seconds then send SIGALRM 
+        sleep(sec)
+        # Send alarm!
+        Process.kill(:ALRM, Process.ppid)
+      end
+      exit! 0
+    }
+
+    # Setup the real handler
+    trap(:ALRM) do
+      # Make sure we clean up any zombies
+      Process.waitpid(pid)
+      # Restore the original handler
+      trap(:ALRM, orig_alrm)
+      # Now raise an exception!
+      raise exception, 'execution expired'
+    end
+
+    begin
+      # Run the code!
+      return block.call
+    ensure
+      # Restore old alarm handler since we're done
+      trap(:ALRM, orig_alrm)
+      # Make sure the process is dead
+      # This may be run twice (trap occurs during execution) so ignore ESRCH
+      Process.kill(:TERM, pid) rescue Errno::ESRCH
+      # Don't leave zombies
+      Process.waitpid(pid) rescue Errno::ECHILD
+    end
+  end
+end # Timeout
+
+if __FILE__ == $0
+  require 'time'
+  Timeout.alarm(2) do 
+    loop do 
+      p Time.now
+    end
+  end
+end

data/lib/activeldap/timeout_stub.rb

@@ -0,0 +1,17 @@
+require 'timeout'
+
+module Timeout
+  # STUB
+  def Timeout.alarm(sec, exception=Timeout::Error, &block)
+    return block.call
+  end
+end # Timeout
+
+if __FILE__ == $0
+  require 'time'
+  Timeout.alarm(2) do 
+    loop do 
+      p Time.now
+    end
+  end
+end

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.8.11
 specification_version: 1
 name: ruby-activeldap
 version: !ruby/object:Gem::Version 
-  version: 0.7.1
-date: 2006-05-04 00:00:00 +01:00
+  version: 0.7.2
+date: 2006-05-22 00:00:00 +01:00
 summary: Ruby/ActiveLDAP is a object-oriented API to LDAP
 require_paths: 
 - lib
@@ -35,6 +35,8 @@ files:
 - lib/activeldap/configuration.rb
 - lib/activeldap/ldap.rb
 - lib/activeldap/schema2.rb
+- lib/activeldap/timeout.rb
+- lib/activeldap/timeout_stub.rb
 test_files: []
 
 rdoc_options: []