ruby-ldapserver 0.5.3 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 13158eb5295138dfdbb01e8cb277458235ccbab1
-  data.tar.gz: 70edb984eda164cc752e967429a348c2370ff852
+SHA256:
+  metadata.gz: d5209f7e7a72b098ddf53b8453101e78becafc0ca2561d3bb32f8bdb57e804ad
+  data.tar.gz: 1a04b501ad27a22aa8f54813ff5839196e0b50d0abfc751fd1e13b1cc75b2515
 SHA512:
-  metadata.gz: b085680909cc6b880a148a15e343d72204ccf2833c627b293d6d803289713a9e27c661e7637b173fe86f03863e3918e2309a0e768c3386b677bbac0eec3233c4
-  data.tar.gz: 8370ea4fade64ee468dc835aa7dd8bc0113cae914f8f9e07fa8e1e420ad875a2b2a2055eba6b6f4203361fcdf05408bbd970160e78d370b7caf44091217c867e
+  metadata.gz: b9c1e36a98f53e56148d5d18a9ff66dad70e923ec33458d7624fbaab8ddbdaf14eceae277cae816c15246e23c9394acc459ba7245fe1252b3a6908583d6398b3
+  data.tar.gz: 2392b6af8469f13771e0eac4f8545a0485f4eead94a711b0c30217ed33368c3f60300852241a2e49e0644eb0753f73a4eabcaa573283e81335846d6c87416ec4

checksums.yaml.gz.sig

@@ -0,0 +1,3 @@
+�$���Uop!mW{��qGgP=IAmb�p7�H��_d���Uc/�ƺ�fAŅ����'�PT�9B@�����z��:[X��5!�
+"�,��v�a��i��Eb*�+�7�
 �9�"���Lp��Mm�/K���IUW�C�uk
+	��B�7�a�*No&�=�|��b���ű�ڿyN��e�q�'>vXOv���C����c�e
#Sp)1;���p��;��@�4�	�ҽV ��Q�9	�cL��-|l�[�@�96�z

data/.github/workflows/ci.yml

@@ -0,0 +1,43 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  job_test_gem:
+    name: Test in source tree
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: windows
+            ruby: "head"
+          - os: windows
+            ruby: "2.4"
+          - os: ubuntu
+            ruby: "head"
+          - os: ubuntu
+            ruby: "3.1"
+          - os: ubuntu
+            ruby: "2.3"
+          - os: macos
+            ruby: "head"
+
+    runs-on: ${{ matrix.os }}-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}      # passed to ruby/setup-ruby
+
+      - name: Print tool versions
+        run: |
+          ruby -v
+          gem env
+
+      - name: Bundle install
+        run: bundle install
+
+      - name: Run tests
+        run: bundle exec rake

data/.gitignore

@@ -1,3 +1,4 @@
 Gemfile.lock
 pkg
 .idea
+doc/

data/{ChangeLog → CHANGELOG.md}

@@ -1,21 +1,36 @@
-0.5.3
+## 0.7.0 / 2022-12-06
+
+* Support optional attribute range retrieval according to
+  https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/searching-using-range-retrieval
+* Add an experimental yet incomplete request router as alternative to using OperationClass
+* Add support for listening on UNIX domain sockets.
+  Use `LDAP::Server.new(socket: '/tmp/server.sock')`
+* Add LDAP::Server::DN to work with LDAP distinguished names
+* Add CI on Github
+* Use net-ldap for tests instead of unmaintained ruby-ldap.
+
+
+## 0.5.3 / 2015-08-16
 * Handle BN as client_timelimit; fixes incompatibility with some LDAP
 implementations (notably Shibboleth IdP v2 and proftpd).
 (Patch by Pete Birkinshaw.)
 
-0.5.2
+
+## 0.5.2 / 2015-06-24
 * Make sure the exception used to stop the child doesn't propagate up (patch by Kasumi Hanazuki)
 
-0.3.1 - 2008-01-16
+
+## 0.3.1 - 2008-01-16
 * First release as a gem [Brandon Keepers]
 
-RELEASE_0_3
+
+## RELEASE_0_3
 
 Filters now return nil instead of LDAP::Server::MatchingRule::DefaultMatch
 in the case that there's no schema.
 Minor changes to syntax.rb to support OpenLDAP extensions.
 
-20050722
+## 20050722
 
 Change the 'validate' API so it works for updates too.
 Change the 'modify' API so it sends a hash of attr=>[:op,data] which makes
@@ -23,14 +38,14 @@ it easier to determine which entries have been modified.
 Fix modify, add and compare to normalise attribute names using the schema if
 there is one.
 
-20050721
+## 20050721
 
 Added a whole loada Schema stuff.
 Moved exceptions under LDAP::ResultError for consistency with ruby-ldap.
 Changed the parsed [filter] format to include a MatchingRule object always
 (even if no schema is present)
 
-20050711
+## 20050711
 
 Changed LDAPserver to LDAP::Server and rejigged the repository to match.
 In your code you will have to change:
@@ -40,7 +55,7 @@ In your code you will have to change:
 I have added require 'ldap/server' which pulls in the things a basic server
 will need (minus schema)
 
-20050626
+## 20050626
 
 Factored out the SSL stuff into Connection, which should also allow the
 STARTTLS extension to be implemented later
@@ -49,7 +64,7 @@ Added a Server class, with methods run_tcpserver and run_prefork.
 
 Created an explicit preforkserver method.
 
-20050625
+## 20050625
 
 tcpserver: add ability to drop privileges
 
@@ -57,7 +72,7 @@ examples/rbslapd3.rb: make work if ldapdb.yaml does not exist. Also bind
 explicitly to 0.0.0.0; it seems that TCPSocket doesn't work properly in
 some circumstances without it (FreeBSD 5.4 with IPv6 disabled in kernel)
 
-20050620
+## 20050620
 
 RELEASE_0_2
 
@@ -76,7 +91,7 @@ removes 100ms of latency in responses.
 
 Added examples/speedtest.rb
 
-20050619
+## 20050619
 
 Modify connection.rb to ensure no memory leak in the event of exceptions
 being raised in operation threads.
@@ -84,8 +99,8 @@ being raised in operation threads.
 Fix examples/rbslapd2.rb SQLPool so that it always puts connections back
 into the pool (using 'ensure' this time :-)
 
-20050618
+## 20050618
 
 RELEASE_0_1
 
-20050616
+## 20050616

data/README.md

@@ -0,0 +1,141 @@
+# ruby-ldapserver
+
+ruby-ldapserver is a lightweight, pure Ruby framework for implementing LDAP server applications. It is intended primarily for building a gateway from LDAP queries into some other protocol or database. It does not attempt to be a full or correct implementation of the standard LDAP data model itself (although you could build one using this as a frontend).
+
+Since it's written entirely in Ruby, it benefits from Ruby's threading engine.
+
+## Target audience
+
+Technically-savvy Ruby applications developers; the sort of people who are happy to read RFCs and read code to work out what it does :-)
+
+The examples/ directory contains a few minimal LDAP servers which you can use as a starting point.
+
+## Status
+
+This is still an early release. It works for me as an LDAP protocol layer; the Schema stuff has not been heavily tested.
+
+## Request router
+
+The request router is a simple mapping of potentially parameterized routes (DNs) and actions to a *controller* action, allowing for simple, flexible and maintainable code. Alternatively the legacy `Operation` class can be used. See the `examples/` directory for more details and sample implementations.
+
+## Configuration
+
+```ruby
+params = {
+  # Bind to address (cannot be combined with socket)
+  :bindaddr => '127.0.0.1', # defaults to 0.0.0.0
+  :port => 1389,
+  
+  # Bind to socket (cannot be combined with address)
+  :socket => '/tmp/ldap.sock',
+  
+  # Drop process and socket privileges to user and/or group (cannot be combined with uid/gid)
+  :user => 'ldap',
+  :group => 'ldap',
+  
+  # Drop process and socket privileges to UID and/or GID (cannot be combined with user/group)
+  :uid => 1000,
+  :gid => 1000,
+  
+  # TCP_NODELAY option
+  :nodelay => true,
+  
+  # Socket backlog
+  :listen => 10,
+  
+  # SSL/TLS
+  :ssl_key_file => 'key.pem',
+  :ssl_cert_file => 'cert.pem',
+  :ssl_on_connect => true,
+  
+  # Request router (cannot be combined with legacy operation)
+  :router => MyAppRouter,
+  
+  # Legacy Operation class (cannot be combined with request router)
+  :operation_class => MyAppOperation,
+  :operation_args => ['my', 'arguments'],
+  
+  # Schema
+  :schema => my_schema,
+  :namingContexts => ['dc=example,dc=com']
+}
+```
+
+## Libraries
+
+ASN1 encoding and decoding is done using the 'openssl' extension, which is standard in the Ruby 1.8.2 base distribution. To check you have it, you should be able to run `ruby -ropenssl -e puts` with no error.
+
+However, I've found in the past that Linux machines don't always build the openssl extension when compiling Ruby from source. With Red Hat 9, the solution for me was, when building Ruby itself:
+
+```
+$ export CPPFLAGS="-I/usr/kerberos/include"
+$ export LDFLAGS="-L/usr/kerberos/lib"
+$ ./configure ...etc
+```
+
+If you want to run the test suite then you'll need to install the `ruby-ldap` client library, and if you want to run `examples/rbslapd3.rb` then you'll need the `prefork` library. Both are available from <http://raa.ruby-lang.org/>.
+
+## Protocol implementation
+
+ruby-ldapserver tries to be a reasonably complete implementation of the message decoding and encoding components of LDAP. However, it does not synthesise or directly enforce the LDAP data model. It will advertise a schema in the root DSE if you configure one, and it provides helper functions which allow you to validate add and modify operations against a schema; but it's up to you to use them, if you wish. If you're just using LDAP as a convenient query interface into some other database, you probably don't care about schemas.
+
+If your clients permit it, you can violate the LDAP specification further, eliminating some of the gross design flaws of LDAP. For example, you can ditch the LDAP idea that a Distinguished Name must consist of attr=val,attr=val,attr=val... and use whatever is convenient as a primary key (e.g. "val1,val2,val3" or "id,table_name"). The 'add' operation could allocate DNs automatically from a sequence. There's no need for the data duplication where an LDAP entry must contain the same attr=val pair which is also the entry's RDN. Violations of the LDAP spec in this way are at your own risk.
+
+## Threading issues
+
+The core of this library is the `LDAP::Server::Connection` object which handles communication with a single client, and the `LDAP::Server::Operation` object which handles a single request. Because the LDAP protocol allows a client to send multiple overlapping requests down the same TCP connection, I start a new Ruby thread for each Operation.
+
+If your Operation object deals with any global shared data, then it needs to do so in a thread-safe way. If this is new to you then see
+
+[http://www.rubycentral.com/book/tut_threads.html](http://www.rubycentral.com/book/tut_threads.html)
+[http://www.rubygarden.org/ruby?MultiThreading](http://www.rubygarden.org/ruby?MultiThreading)
+
+For incoming client connections, I have supplied a simple tcpserver method which starts a new Ruby thread for each client. This works fine, but in a multi-CPU system, all LDAP server operations will be processed on one CPU; also with a very large number of concurrent client connections, you may find you hit the a max-filedescriptors-per-process limit.
+
+I have also provided a preforking server; see `examples/rbslapd3.rb`. In this case, your connections are handled in separate processes so they cannot share data directly in RAM.
+
+If you are using the default threading tcpserver, then beware that a number of Ruby extension libraries block the threading interpreter. In particular, the client library `ruby-ldap` blocks when waiting for a response from a remote server, since it's a wrapper around a C library which is unaware of Ruby's threading engine. This can cause your application to 'freeze' periodically. Either choose client libraries which play well with threading, or make sure each client is handled in a different process.
+
+For example, when talking to a MySQL database, you might want to choose `ruby-mysql` (which is a pure Ruby implementation of the MySQL protocol) rather than `mysql-ruby` (which is a wrapper around the C API, and blocks while waiting for responses from the server)
+
+Even with something like `ruby-mysql`, beware DNS lookups: resolver libraries can block too. There is a pure Ruby resolver replacement in the standard library: if you do
+
+```
+require 'resolv-replace'
+```
+
+This changes TCPSocket and friends to use it instead of the default C resolver. Or you could just hard-code IP addresses, or put entries in /etc/hosts for the machines you want to contact.
+
+Another threading issue to think about is abandoned and timed-out LDAP operations. The `Connection` object handles these by raising an `LDAP::Server::Abandon` or `LDAP::Server::TimeLimitExceeded` exception in the `Operation` thread, which you can either ignore or rescue. However, if in rescuing it you end up putting (say) a SQL connection back into a pool, you should beware that the SQL connection may still be mid-query, so it's probably better to discard it and use a fresh one next time.
+
+## Performance
+
+`examples/speedtest.rb` is a simple client which forks N processes, and in each process opens an LDAP connection, binds, and sends M search requests down it.
+
+Using speedtest.rb and rbslapd1.rb, running on the *same* machine (single-processor AMD Athlon 2500+) I achieve around 800 searches per second with N=1,M=1000 and 300-400 searches per second with N=10,M=100.
+
+## To-do list
+
+- handle and test generation of LDAP referrals properly
+- more cases in test suite: abandon, concurrency, performance tests, error
+  handling
+- extensible match filters
+- extended operations
+  RFC 2830 - Start TLS
+  RFC 3062 - password modify
+  RFC 2839 - whoami
+  RFC 3909 - cancel
+
+## References
+
+- [RFC2251](ftp://ftp.isi.edu/in-notes/rfc2251.txt) (base protocol)
+- [RFC2252](ftp://ftp.isi.edu/in-notes/rfc2252.txt) (schema)
+- [RFC2253](ftp://ftp.isi.edu/in-notes/rfc2253.txt) (DN encoding)
+- [X.680](http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf)
+- [X.690](http://www.itu.int/ITU-T/studygroups/com10/languages/X.690_1297.pdf)
+
+## Contact
+
+You are very welcome to E-mail me with bug reports, patches, comments and suggestions for this software. However, please DON'T send me any general questions about LDAP, how LDAP works, how to apply LDAP in your particular situation, or questions about any other LDAP software. The [`ldap@umich.edu` mailing list](http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap) is probably the correct place to ask such questions.
+
+Brian Candler <B.Candler@pobox.com>

data/examples/rbslapd1.rb

@@ -18,7 +18,7 @@ class HashOperation < LDAP::Server::Operation
   end
 
   def search(basedn, scope, deref, filter)
-    basedn.downcase!
+    basedn = basedn.downcase
 
     case scope
     when LDAP::Server::BaseObject
@@ -41,23 +41,24 @@ class HashOperation < LDAP::Server::Operation
   end
 
   def add(dn, av)
-    dn.downcase!
+    dn = dn.downcase
     raise LDAP::ResultError::EntryAlreadyExists if @hash[dn]
     @hash[dn] = av
   end
 
   def del(dn)
-    dn.downcase!
+    dn = dn.downcase
     raise LDAP::ResultError::NoSuchObject unless @hash.has_key?(dn)
     @hash.delete(dn)
   end
 
   def modify(dn, ops)
+    dn = dn.downcase
     entry = @hash[dn]
     raise LDAP::ResultError::NoSuchObject unless entry
     ops.each do |attr, vals|
       op = vals.shift
-      case op 
+      case op
       when :add
         entry[attr] ||= []
         entry[attr] += vals

data/examples/rbslapd2.rb

@@ -54,7 +54,7 @@ class SQLPool
   ensure
     @pool.push conn
   end
-end    
+end
 
 # An simple LRU cache of username->password. It's linearly searched
 # so don't make it too big.

data/examples/rbslapd3.rb

@@ -80,7 +80,7 @@ class DirOperation < LDAP::Server::Operation
 
   def search(basedn, scope, deref, filter)
     $debug << "Search: basedn=#{basedn.inspect}, scope=#{scope.inspect}, deref=#{deref.inspect}, filter=#{filter.inspect}\n" if $debug
-    basedn.downcase!
+    basedn = basedn.downcase
 
     case scope
     when LDAP::Server::BaseObject
@@ -115,7 +115,7 @@ class DirOperation < LDAP::Server::Operation
     # FIXME: normalize the DN and check it's below our root DN
     # FIXME: validate that a superior object exists
     # FIXME: validate that entry contains the RDN attribute (yuk)
-    dn.downcase!
+    dn = dn.downcase
     @dir.lock do
       @dir.update
       raise LDAP::ResultError::EntryAlreadyExists if @dir.data[dn]
@@ -125,7 +125,7 @@ class DirOperation < LDAP::Server::Operation
   end
 
   def del(dn)
-    dn.downcase!
+    dn = dn.downcase
     @dir.lock do
       @dir.update
       raise LDAP::ResultError::NoSuchObject unless @dir.data.has_key?(dn)
@@ -135,7 +135,7 @@ class DirOperation < LDAP::Server::Operation
   end
 
   def modify(dn, ops)
-    dn.downcase!
+    dn = dn.downcase
     @dir.lock do
       @dir.update
       entry = @dir.data[dn]

data/examples/rbslapd4.rb

@@ -0,0 +1,90 @@
+#!/usr/local/bin/ruby -w
+
+# This is a modified version of rbslapd1.rb which uses a Router instead of
+# subclassing the LDAP::Server::Operation class.
+
+# This is a trivial LDAP server which just stores directory entries in RAM.
+# It does no validation or authentication. This is intended just to
+# demonstrate the API, it's not for real-world use!!
+
+$:.unshift('../lib')
+$debug = true
+
+require 'ldap/server'
+require 'ldap/server/router'
+
+$logger = Logger.new($stderr)
+
+class LDAPController
+  def self.bind(request, version, dn, password, params)
+    $logger.debug "Catchall bind request"
+    raise LDAP::ResultError::UnwillingToPerform, "Invalid bind DN"
+  end
+
+  def self.bindUser(request, version, dn, password, params)
+    if params[:uid].nil? or
+        params[:uid] != 'admin' or
+        password != 'adminpassword'
+      $logger.warn "Denied access for user #{params[:uid]}: Invalid credentials"
+      raise LDAP::ResultError::InvalidCredentials, "Invalid credentials"
+    end
+
+    $logger.info "Authenticated user #{params[:uid]}"
+  end
+
+  def self.search(request, baseObject, scope, deref, filter, params)
+    $logger.info "Catchall search request for #{baseObject}"
+    raise LDAP::ResultError::UnwillingToPerform, "Invalid search DN"
+  end
+
+  def self.searchUsers(request, baseObject, scope, deref, filter, params)
+    $logger.info "Search users"
+  end
+end
+
+router = LDAP::Server::Router.new($logger) do
+  # Different syntax but same thing
+  bind    nil => "LDAPController#bind"
+  route   :bind, nil => "LDAPController#bind"
+
+  # Bind a route using variables. A hash with the variables will be passed
+  # to your function as last argument.
+  bind    "uid=:uid,ou=Users,dc=mydomain,dc=com" => "LDAPController#bindUser"
+
+  search  nil => "LDAPController#search"
+  search  "ou=Users,dc=mydomain,dc=com" => "LDAPController#searchUsers"
+end
+
+
+# This is the shared object which carries our actual directory entries.
+# It's just a hash of {dn=>entry}, where each entry is {attr=>[val,val,...]}
+
+directory = {}
+
+# Let's put some backing store on it
+
+require 'yaml'
+begin
+  File.open("ldapdb.yaml") { |f| directory = YAML::load(f.read) }
+rescue Errno::ENOENT
+end
+
+at_exit do
+  File.open("ldapdb.new","w") { |f| f.write(YAML::dump(directory)) }
+  File.rename("ldapdb.new","ldapdb.yaml")
+end
+
+# Listen for incoming LDAP connections. For each one, create a Connection
+# object, which will invoke a HashOperation object for each request.
+
+s = LDAP::Server.new(
+  :port       => 1389,
+  :nodelay    => true,
+  :listen     => 10,
+# :ssl_key_file   => "key.pem",
+# :ssl_cert_file  => "cert.pem",
+# :ssl_on_connect => true,
+  :router     => router
+)
+s.run_tcpserver
+s.join

data/examples/rbslapd5.rb

@@ -0,0 +1,73 @@
+#!/usr/local/bin/ruby -w
+
+# Example server that listens on both a port and a UNIX domain socket
+# Try it using:
+#   $ ldapsearch -LLL -H ldap://localhost:1389 -D uid=whatever -b ou=Users,dc=mydomain,dc=com
+#   $ ldapsearch -LLL -H ldapi://%2ftmp%2frbslapd5.sock -D uid=whatever -b ou=Users,dc=mydomain,dc=com
+
+$:.unshift('../lib')
+$debug = true
+
+require 'fileutils'
+
+require 'ldap/server'
+require 'ldap/server/router'
+
+$logger = Logger.new($stderr)
+
+class LDAPController
+  def self.bind(request, version, dn, password, params)
+    $logger.info "Processing bind route for \'#{dn}\' with password \'#{password}\'"
+  end
+
+  def self.search(request, baseObject, scope, deref, filter, params)
+    $logger.info "Processing search route for #{baseObject}"
+
+    h = {
+        'uid' => 'jdoe',
+        'objectClass' => 'userAccount',
+        'givenName' => 'John',
+        'sn' => 'Doe'
+    }
+    request.send_SearchResultEntry("uid=jdoe,#{baseObject}", h)
+  end
+end
+
+router = LDAP::Server::Router.new($logger) do
+  bind    nil => "LDAPController#bind"
+
+  search  "ou=Users,dc=mydomain,dc=com" => "LDAPController#search"
+end
+
+params = {
+  :nodelay => true,
+  :listen => 10,
+  :router => router
+}
+
+# Listen on IP address and port
+
+params[:bindaddr] = '127.0.0.1' # Leave this blank to listen on 0.0.0.0
+params[:port] = 1389
+
+addr_server = LDAP::Server.new params
+addr_server.run_tcpserver
+
+# Listen on socket
+
+params.delete :bindaddr
+params.delete :port
+params[:socket] = '/tmp/rbslapd5.sock'
+
+FileUtils::rm_f params[:socket]
+
+socket_server = LDAP::Server.new params
+socket_server.run_tcpserver
+
+trap 'INT' do
+  addr_server.stop
+  socket_server.stop
+end
+
+addr_server.join
+socket_server.join

data/examples/rbslapd6.rb

@@ -0,0 +1,75 @@
+#!/usr/local/bin/ruby -w
+
+# Slightly modified version of rbslapd5.rb which demonstrates dropping
+# root privileges after binding to port 389
+#
+# Run this script with `sudo`
+
+$:.unshift('../lib')
+$debug = true
+
+require 'fileutils'
+
+require 'ldap/server'
+require 'ldap/server/router'
+
+$logger = Logger.new($stderr)
+
+class LDAPController
+  def self.bind(request, version, dn, password, params)
+    $logger.info "Processing bind route for \'#{dn}\' with password \'#{password}\'"
+  end
+
+  def self.search(request, baseObject, scope, deref, filter, params)
+    $logger.info "Processing search route for #{baseObject}"
+
+    h = {
+        'uid' => 'jdoe',
+        'objectClass' => 'userAccount',
+        'givenName' => 'John',
+        'sn' => 'Doe'
+    }
+    request.send_SearchResultEntry("uid=jdoe,#{baseObject}", h)
+  end
+end
+
+router = LDAP::Server::Router.new($logger) do
+  bind    nil => "LDAPController#bind"
+
+  search  "ou=Users,dc=mydomain,dc=com" => "LDAPController#search"
+end
+
+params = {
+  :nodelay => true,
+  :listen => 10,
+  :router => router
+}
+
+# Listen on IP address and port
+
+params[:bindaddr] = '127.0.0.1' # Leave this blank to listen on 0.0.0.0
+params[:port] = 389
+params[:user] = 'ldap'
+params[:group] = 'ldap'
+
+addr_server = LDAP::Server.new params
+addr_server.run_tcpserver
+
+# Listen on socket
+
+params.delete :bindaddr
+params.delete :port
+params[:socket] = '/tmp/rbslapd6.sock'
+
+FileUtils::rm_f params[:socket]
+
+socket_server = LDAP::Server.new params
+socket_server.run_tcpserver
+
+trap 'INT' do
+  addr_server.stop
+  socket_server.stop
+end
+
+addr_server.join
+socket_server.join