ruby-ldap3 0.10.0

data/saslconn.c

@@ -0,0 +1,242 @@
+/*
+ * saslconn.c
+ * $Id: saslconn.c,v 1.25 2006/02/13 17:20:32 ianmacd Exp $
+ */
+
+#include "ruby.h"
+#include "rbldap.h"
+#if defined(HAVE_SYS_TIME_H)
+# include <sys/time.h>
+#endif
+#if defined(HAVE_UNISTD_H)
+# include <unistd.h>
+#endif
+
+extern VALUE rb_ldap_conn_initialize (int argc, VALUE argv[], VALUE self);
+extern VALUE rb_ldap_conn_rebind (VALUE self);
+
+#if defined(HAVE_LDAP_SASL_BIND_S)
+#include <sasl/sasl.h>
+VALUE
+rb_ldap_indifferent_hash_aref(VALUE hash, const char *key)
+{
+  VALUE symval = rb_hash_aref(hash, ID2SYM(rb_intern(key)));
+  if (!NIL_P(symval))
+    {
+      return symval;
+    }
+  return rb_hash_aref(hash, rb_str_new2(key)); /* this could be Qnil */
+}
+
+int
+rb_ldap_sasl_interaction (LDAP * ld, unsigned flags, void *de, void *in)
+{
+  sasl_interact_t *interact = in;
+  VALUE options   = (VALUE)de;
+
+  VALUE defvalue;
+  const char *dflt = NULL;
+
+  if (ld == NULL)
+    {
+      return LDAP_PARAM_ERROR;
+    }
+  if (flags == LDAP_SASL_INTERACTIVE)
+    {
+      rb_raise (rb_eLDAP_Error, "interactive bind not supported.");
+    }
+  while (!NIL_P(options) && interact->id != SASL_CB_LIST_END)
+    {
+      dflt = interact->defresult;
+      switch (interact->id)
+        {
+          case SASL_CB_GETREALM:
+            if (!NIL_P(defvalue = rb_ldap_indifferent_hash_aref(options, "realm")))
+            {
+              dflt = StringValuePtr(defvalue);
+            }
+            break;
+          case SASL_CB_AUTHNAME:
+            if (!NIL_P(defvalue = rb_ldap_indifferent_hash_aref(options, "authcid")))
+            {
+              dflt = StringValuePtr(defvalue);
+            }
+            break;
+          case SASL_CB_USER:
+            if (!NIL_P(defvalue = rb_ldap_indifferent_hash_aref(options, "authzid")))
+            {
+              dflt = StringValuePtr(defvalue);
+            }
+            break;
+          default:
+            /* Nothing. */
+            break;
+        }
+      if (dflt != NULL)
+        {
+          interact->result = dflt;
+          interact->len    = strlen(dflt);
+        }
+      interact++;
+    }
+  return LDAP_SUCCESS;
+}
+
+/*
+ * call-seq:
+ * conn.sasl_bind(dn=nil, mech=nil, cred=nil, sctrls=nil, cctrls=nil, sasl_options=nil)  => self
+ * conn.sasl_bind(dn=nil, mech=nil, cred=nil, sctrls=nil, cctrls=nil, sasl_options=nil)
+ *   { |conn| }  => nil
+ *
+ * Bind an LDAP connection, using the DN, +dn+, the mechanism, +mech+, and the
+ * credential, +cred+.
+ *
+ * +sctrls+ is an array of server controls, whilst +cctrls+ is an array of
+ * client controls.
+ *
+ * sasl_options is a hash which should have the following keys:
+ *
+ * - +:authcid+ and +:authzid+ for alternate SASL authentication
+ * - +realm+ to specify the SASL realm
+ *
+ * If a block is given, +self+ is yielded to the block.
+ */
+VALUE
+rb_ldap_conn_sasl_bind (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+
+  VALUE arg1, arg2, arg3, arg4, arg5, sasl_options, other_options = Qnil;
+  int version;
+  char *dn = NULL;
+  char *mechanism = NULL;
+  struct berval *cred = ALLOCA_N (struct berval, 1);
+  LDAPControl **serverctrls = NULL;
+  LDAPControl **clientctrls = NULL;
+
+  /*
+  struct berval *servercred = NULL;
+  char *sasl_realm = NULL;
+  char *sasl_authc_id = NULL;
+  char *sasl_authz_id = NULL;
+  char *sasl_secprops = NULL;
+  struct berval passwd = { 0, NULL };
+  */
+
+  unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (!ldapdata->ldap)
+    {
+      if (rb_iv_get (self, "@args") != Qnil)
+	{
+	  rb_ldap_conn_rebind (self);
+	  GET_LDAP_DATA (self, ldapdata);
+	}
+      else
+	{
+	  rb_raise (rb_eLDAP_InvalidDataError,
+		    "The LDAP handler has already unbound.");
+	}
+    }
+
+  if (ldapdata->bind)
+    {
+      rb_raise (rb_eLDAP_Error, "already bound.");
+    };
+
+  switch (rb_scan_args (argc, argv, "25", &arg1, &arg2, &arg3, &arg4, &arg5, &sasl_options, &other_options))
+    {
+    case 7:
+      /* Parse through the hash.  Currently there's only one option, nothing fancy needed. */
+      if (!NIL_P(rb_ldap_indifferent_hash_aref(other_options, "nocanon")))
+        {
+          /* Inspired by the ldapsearch -N option, inspired by the code in OpenLDAP (BSD style license) in clients/tools/common.c */
+          ldapdata->err = ldap_set_option( ldapdata->ldap, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
+          Check_LDAP_Result(ldapdata->err); 
+        }
+    case 6:
+      /* nothing. this requires credentials to be parsed first. we'll get defaults after arg-scanning */
+    case 5:
+      if(!NIL_P(arg5))
+        clientctrls = rb_ldap_get_controls (arg5);
+      /* down seems more likely */
+    case 4:
+      if(!NIL_P(arg4))
+        serverctrls = rb_ldap_get_controls (arg4);
+      /* down seems more likely */
+    case 3:
+      if(!NIL_P(arg3))
+        {
+          cred->bv_val = StringValueCStr (arg3);
+          cred->bv_len = RSTRING_LEN (arg3);
+        }
+      /* down seems more likely */
+    case 2:			/* don't need the cred for GSSAPI */
+      dn = StringValuePtr (arg1);
+      mechanism = StringValuePtr (arg2);
+      if (rb_iv_get (self, "@sasl_quiet") == Qtrue)
+        sasl_flags = LDAP_SASL_QUIET;
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_bind_s");
+    }
+
+  ldap_get_option (ldapdata->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+  if (version < LDAP_VERSION3)
+    {
+      version = LDAP_VERSION3;
+      ldapdata->err =
+	ldap_set_option (ldapdata->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+      Check_LDAP_Result (ldapdata->err);
+    }
+
+  /* the following works for GSSAPI, at least */
+  ldapdata->err =
+    ldap_sasl_interactive_bind_s (ldapdata->ldap, dn, mechanism,
+				  serverctrls, clientctrls, sasl_flags,
+				  rb_ldap_sasl_interaction, (void*)sasl_options);
+
+  if (ldapdata->err == LDAP_SASL_BIND_IN_PROGRESS)
+    {
+      rb_raise (rb_eNotImpError,
+		"SASL authentication is not fully supported.");
+      /* How can I implement this with portability? */
+      /* 
+         VALUE scred;
+	 scred = rb_tainted_str_new(servercred->bv_val,
+         servercred->bv_len);
+      */
+    }
+  else
+    {
+      Check_LDAP_Result (ldapdata->err);
+      ldapdata->bind = 1;
+    }
+
+  if (rb_block_given_p ())
+    {
+      rb_ensure (rb_yield, self, rb_ldap_conn_unbind, self);
+      return Qnil;
+    }
+  else
+    {
+      return self;
+    };
+}
+
+#else /* HAVE_LDAP_SASL_BIND_S */
+
+VALUE
+rb_ldap_conn_sasl_bind (int argc, VALUE argv[], VALUE self)
+{
+  rb_notimplement ();
+}
+
+#endif /* HAVE_LDAP_SASL_BIND_S */
+
+void
+Init_ldap_saslconn ()
+{
+  rb_define_method (rb_cLDAP_Conn, "sasl_bind", rb_ldap_conn_sasl_bind, -1);
+}

data/sslconn.c

@@ -0,0 +1,377 @@
+/*
+ * sslconn.c
+ * $Id: sslconn.c,v 1.18 2006/04/19 22:13:26 ianmacd Exp $
+ */
+
+#include "ruby.h"
+#include "rbldap.h"
+#if defined(HAVE_SYS_TIME_H)
+# include <sys/time.h>
+#endif
+#if defined(HAVE_UNISTD_H)
+# include <unistd.h>
+#endif
+
+#if defined(HAVE_LDAP_START_TLS_S)
+# define USE_OPENLDAP_SSLCONN
+#elif defined(HAVE_LDAPSSL_INIT)
+# define USE_NSSLDAP_SSLCONN
+#elif defined(HAVE_LDAP_SSLINIT)
+# define USE_WLDAP32_SSLCONN
+#endif
+
+VALUE rb_cLDAP_SSLConn;
+
+#ifdef USE_OPENLDAP_SSLCONN
+static VALUE
+rb_openldap_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+  LDAP *cldap;
+  char *chost = NULL;
+  int cport = LDAP_PORT;
+
+  VALUE arg1, arg2, arg3, arg4, arg5;
+
+  LDAPControl **serverctrls = NULL;
+  LDAPControl **clientctrls = NULL;
+  int version;
+  int start_tls;
+
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (ldapdata->ldap)
+    return Qnil;
+
+  switch (rb_scan_args (argc, argv, "05", &arg1, &arg2, &arg3, &arg4, &arg5))
+    {
+    case 0:
+      chost = ALLOCA_N (char, strlen ("localhost") + 1);
+      strcpy (chost, "localhost");
+      cport = LDAP_PORT;
+      start_tls = 0;
+      break;
+    case 1:
+      chost = StringValueCStr (arg1);
+      cport = LDAP_PORT;
+      start_tls = 0;
+      break;
+    case 2:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = 0;
+      break;
+    case 3:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = (arg3 == Qtrue) ? 1 : 0;
+      break;
+    case 4:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = (arg3 == Qtrue) ? 1 : 0;
+      serverctrls = rb_ldap_get_controls (arg4);
+      break;
+    case 5:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = (arg3 == Qtrue) ? 1 : 0;
+      serverctrls = rb_ldap_get_controls (arg4);
+      clientctrls = rb_ldap_get_controls (arg5);
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_new");
+    }
+
+  cldap = ldap_init (chost, cport);
+  if (!cldap)
+    rb_raise (rb_eLDAP_ResultError, "can't initialise an LDAP session");
+
+  ldapdata->ldap = cldap;
+
+  if (rb_block_given_p ())
+    {
+      rb_yield (self);
+    }
+
+  ldap_get_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+  if (version < LDAP_VERSION3)
+    {
+      version = LDAP_VERSION3;
+      ldapdata->err =
+	ldap_set_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+      Check_LDAP_Result (ldapdata->err);
+    }
+
+  if (start_tls)
+    {
+      ldapdata->err = ldap_start_tls_s (cldap, serverctrls, clientctrls);
+      Check_LDAP_Result (ldapdata->err);
+    }
+  else
+    {
+      int opt = LDAP_OPT_X_TLS_HARD;
+      ldapdata->err = ldap_set_option (cldap, LDAP_OPT_X_TLS, &opt);
+      Check_LDAP_Result (ldapdata->err);
+    }
+
+  rb_iv_set (self, "@args", rb_ary_new4 (argc, argv));
+  rb_iv_set (self, "@sasl_quiet", Qfalse);
+
+  return Qnil;
+}
+#endif /* USE_OPENLDAP_SSLCONN */
+
+
+#ifdef USE_NSSLDAP_SSLCONN
+static VALUE
+rb_nssldap_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+  LDAP *cldap;
+  char *chost = NULL;
+  char *certpath = NULL;
+  int cport = LDAP_PORT;
+  int csecure = 0;
+
+  VALUE arg1, arg2, arg3, arg4;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (ldapdata->ldap)
+    return Qnil;
+
+  switch (rb_scan_args (argc, argv, "04", &arg1, &arg2, &arg3, &arg4))
+    {
+    case 0:
+      chost = ALLOCA_N (char, strlen ("localhost") + 1);
+      strcpy (chost, "localhost");
+      cport = LDAP_PORT;
+      csecure = 0;
+      certpath = NULL;
+      break;
+    case 1:
+      chost = StringValueCStr (arg1);
+      cport = LDAP_PORT;
+      csecure = 0;
+      certpath = NULL;
+      break;
+    case 2:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = 0;
+      certpath = NULL;
+      break;
+    case 3:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = (arg3 == Qtrue) ? 1 : 0;
+      certpath = NULL;
+      break;
+    case 4:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = (arg3 == Qtrue) ? 1 : 0;
+      certpath = (arg4 == Qnil) ? NULL : StringValueCStr (arg4);
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_new");
+    }
+
+  /***
+    ldapssl_client_init():
+     http://docs.iplanet.com/docs/manuals/dirsdk/csdk41/html/function.htm#25963
+     ldapssl_client_authinit():
+     http://docs.iplanet.com/docs/manuals/dirsdk/csdk41/html/function.htm#26024
+  ***/
+  ldapssl_client_init (certpath, NULL);
+  cldap = ldapssl_init (chost, cport, csecure);
+  ldapdata->ldap = cldap;
+
+  rb_iv_set (self, "@args", Qnil);
+
+  return Qnil;
+}
+#endif /* USE_NSSLDAP_SSLCONN */
+
+#if defined(USE_WLDAP32_SSLCONN)
+static VALUE
+rb_wldap32_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+  LDAP *cldap;
+  char *chost;
+  int cport;
+  int csecure;
+  int version;
+
+  VALUE arg1, arg2, arg3;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (ldapdata->ldap)
+    return Qnil;
+
+  switch (rb_scan_args (argc, argv, "02", &arg1, &arg2, &arg3))
+    {
+    case 0:
+      chost = ALLOCA_N (char, strlen ("localhost") + 1);
+      strcpy (chost, "localhost");
+      cport = LDAP_PORT;
+      csecure = 1;
+      break;
+    case 1:
+      chost = StringValueCStr (arg1);
+      cport = LDAP_PORT;
+      csecure = 1;
+      break;
+    case 2:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = 1;
+      break;
+    case 3:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = (arg3 == Qtrue) ? 1 : 0;
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_new");
+    }
+
+  cldap = ldap_sslinit (chost, cport, csecure);
+  ldapdata->ldap = cldap;
+
+#if defined(HAVE_LDAP_GET_OPTION) && defined(HAVE_LDAP_SET_OPTION)
+  ldap_get_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+  if (version < LDAP_VERSION3)
+    {
+      version = LDAP_VERSION3;
+      ldapdata->err =
+	ldap_set_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+      Check_LDAP_Result (ldapdata->err);
+    }
+#endif
+
+  rb_iv_set (self, "@args", Qnil);
+
+  return Qnil;
+}
+
+VALUE
+rb_ldap_sslconn_bind_f (int argc, VALUE argv[], VALUE self,
+			VALUE (*rb_ldap_sslconn_bind_func) (int, VALUE[],
+							    VALUE))
+{
+  RB_LDAP_DATA *ldapdata;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (!ldapdata->ldap)
+    {
+      if (rb_iv_get (self, "@args") != Qnil)
+	{
+	  rb_ldap_conn_rebind (self);
+	  GET_LDAP_DATA (self, ldapdata);
+	}
+      else
+	{
+	  rb_raise (rb_eLDAP_InvalidDataError,
+		    "The LDAP handler has already unbound.");
+	}
+    }
+
+  ldapdata->err = ldap_connect (ldapdata->ldap, NULL);
+  Check_LDAP_Result (ldapdata->err);
+
+  return rb_ldap_sslconn_bind_func (argc, argv, self);
+}
+
+/*
+ * call-seq:
+ * conn.bind(dn=nil, password=nil, method=LDAP::LDAP_AUTH_SIMPLE)  => self
+ * conn.bind(dn=nil, password=nil, method=LDAP::LDAP_AUTH_SIMPLE)
+ *   { |conn| }  => self
+ *
+ * Bind an LDAP connection, using the DN, +dn+, the credential, +password+,
+ * and the bind method, +method+. If a block is given, +self+ is yielded to
+ * the block.
+ */
+VALUE
+rb_ldap_sslconn_bind_s (int argc, VALUE argv[], VALUE self)
+{
+  return rb_ldap_sslconn_bind_f (argc, argv, self, rb_ldap_conn_bind_s);
+}
+
+/*
+ * call-seq:
+ * conn.simple_bind(dn=nil, password=nil)  => self
+ * conn.simple_bind(dn=nil, password=nil) { |conn| }  => self
+ *
+ * Bind an LDAP connection, using the DN, +dn+, and the credential, +password+.
+ * If a block is given, +self+ is yielded to the block.
+ */
+VALUE
+rb_ldap_sslconn_simple_bind_s (int argc, VALUE argv[], VALUE self)
+{
+  return rb_ldap_sslconn_bind_f (argc, argv, self,
+				 rb_ldap_conn_simple_bind_s);
+}
+#endif /* USE_WLDAP32_SSLCONN */
+
+/*
+ * call-seq:
+ * LDAP::SSLConn.new(host='localhost', port=LDAP_PORT,
+ *                   start_tls=false, sctrls=nil, cctrls=nil)
+ *   => LDAP::SSLConn
+ * LDAP::SSLConn.new(host='localhost', port=LDAP_PORT,
+ *                   start_tls=false, sctrls=nil, cctrls=nil) { |conn| }
+ *   => LDAP::SSLConn
+ *
+ * Return a new LDAP::SSLConn connection to the server, +host+, on port +port+.
+ * If +start_tls+ is *true*, START_TLS will be used to establish the
+ * connection, automatically setting the LDAP protocol version to v3 if it is
+ * not already set.
+ *
+ * +sctrls+ is an array of server controls, whilst +cctrls+ is an array of
+ * client controls.
+ */
+VALUE
+rb_ldap_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+#if defined(USE_OPENLDAP_SSLCONN)
+  return rb_openldap_sslconn_initialize (argc, argv, self);
+#elif defined(USE_NSSLDAP_SSLCONN)
+  return rb_nssldap_sslconn_initialize (argc, argv, self);
+#elif defined(USE_WLDAP32_SSLCONN)
+  return rb_wldap32_sslconn_initialize (argc, argv, self);
+#else
+  rb_notimplement ();
+#endif
+}
+
+/* :nodoc: */
+VALUE
+rb_ldap_sslconn_s_open (int argc, VALUE argv[], VALUE klass)
+{
+  rb_notimplement ();
+}
+
+/* Document-class: LDAP::SSLConn
+ *
+ * Create and manipulate encrypted LDAP connections. LDAP::SSLConn is a
+ * subclass of LDAP::Conn and so has access to the same methods, except for
+ * LDAP::SSLConn.open, which is not implemented.
+ */
+void
+Init_ldap_sslconn ()
+{
+  rb_cLDAP_SSLConn =
+    rb_define_class_under (rb_mLDAP, "SSLConn", rb_cLDAP_Conn);
+  rb_define_singleton_method (rb_cLDAP_SSLConn, "open",
+			      rb_ldap_sslconn_s_open, -1);
+  rb_define_method (rb_cLDAP_SSLConn, "initialize",
+		    rb_ldap_sslconn_initialize, -1);
+#ifdef USE_WLDAP32_SSLCONN
+  rb_define_method (rb_cLDAP_SSLConn, "bind", rb_ldap_sslconn_bind_s, -1);
+  rb_define_method (rb_cLDAP_SSLConn, "simple_bind",
+		    rb_ldap_sslconn_simple_bind_s, -1);
+#endif
+}

data/test/add.rb

@@ -0,0 +1,31 @@
+# -*- ruby -*-
+# This file is a part of test scripts of LDAP extension module.
+
+$test = File.dirname($0)
+require "#{$test}/conf"
+require "./ldap"
+
+conn = LDAP::Conn.new($HOST, $PORT)
+conn.bind('cn=root, dc=localhost, dc=localdomain','secret'){
+  conn.perror("bind")
+  entry1 = [
+    LDAP.mod(LDAP::LDAP_MOD_ADD, 'objectclass', ['top', 'domain']),
+    LDAP.mod(LDAP::LDAP_MOD_ADD, 'o', ['TTSKY.NET']),
+    LDAP.mod(LDAP::LDAP_MOD_ADD, 'dc', ['localhost']),
+  ]
+
+  entry2 = [
+    LDAP.mod(LDAP::LDAP_MOD_ADD, 'objectclass', ['top', 'person']),
+    LDAP.mod(LDAP::LDAP_MOD_ADD, 'cn', ['Takaaki Tateishi']),
+    LDAP.mod(LDAP::LDAP_MOD_ADD | LDAP::LDAP_MOD_BVALUES, 'sn', ['ttate','Tateishi', "zero\000zero"]),
+  ]
+
+  begin
+    conn.add("dc=localhost, dc=localdomain", entry1)
+    conn.add("cn=Takaaki Tateishi, dc=localhost, dc=localdomain", entry2)
+  rescue LDAP::ResultError
+    conn.perror("add")
+    exit
+  end
+  conn.perror("add")
+}

data/test/add2.rb

@@ -0,0 +1,31 @@
+# -*- ruby -*-
+# This file is a part of test scripts of LDAP extension module.
+
+$test = File.dirname($0)
+require "#{$test}/conf"
+require "./ldap"
+
+conn = LDAP::Conn.new($HOST, $PORT)
+conn.bind('cn=root, dc=localhost, dc=localdomain','secret'){
+  conn.perror("bind")
+  entry1 = {
+    'objectclass' => ['top', 'person'],
+    'cn'          => ['Tatsuya Kawai'],
+    'sn'          => ['kawai'],
+  }
+
+  entry2 = {
+    'objectclass' => ['top', 'person'],
+    'cn'          => ['Mio Tanaka'],
+    'sn'          => ['mit','mio'],
+  }
+
+  begin
+    conn.add("cn=#{entry1['cn'][0]}, dc=localhost, dc=localdomain", entry1)
+    conn.add("cn=#{entry2['cn'][0]}, dc=localhost, dc=localdomain", entry2)
+  rescue LDAP::ResultError
+    conn.perror("add")
+    exit
+  end
+  conn.perror("add")
+}

data/test/add3.rb

@@ -0,0 +1,33 @@
+# -*- ruby -*-
+# This file is a part of test scripts of LDAP extension module.
+
+$test = File.dirname($0)
+require "#{$test}/conf"
+require "./ldap"
+
+$KCODE = "UTF8"
+
+conn = LDAP::Conn.new($HOST, $PORT)
+conn.bind('cn=root, dc=localhost, dc=localdomain','secret'){
+  conn.perror("bind")
+  entry1 = {
+    'objectclass' => ['top', 'person'],
+    'cn'          => ['立石 孝彰'],
+    'sn'          => ['孝彰'],
+  }
+
+  entry2 = {
+    'objectclass' => ['top', 'person'],
+    'cn'          => ['たていし たかあき'],
+    'sn'          => ['たていし','たかあき'],
+  }
+
+  begin
+    conn.add("cn=#{entry1['cn'][0]}, dc=localhost, dc=localdomain", entry1)
+    conn.add("cn=#{entry2['cn'][0]}, dc=localhost, dc=localdomain", entry2)
+  rescue LDAP::ResultError
+    conn.perror("add")
+    exit
+  end
+  conn.perror("add")
+}