ucb_ldap 2.0.0 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/.irbrc +8 -0
- data/.travis.yml +19 -0
- data/CHANGELOG +8 -0
- data/README.md +27 -15
- data/lib/ucb_ldap.rb +11 -27
- data/lib/ucb_ldap/address.rb +14 -9
- data/lib/ucb_ldap/affiliation.rb +5 -3
- data/lib/ucb_ldap/entry.rb +6 -101
- data/lib/ucb_ldap/job_appointment.rb +22 -13
- data/lib/ucb_ldap/namespace.rb +4 -2
- data/lib/ucb_ldap/person.rb +8 -6
- data/lib/ucb_ldap/person/affiliation_methods.rb +6 -3
- data/lib/ucb_ldap/person/common_attributes.rb +6 -3
- data/lib/ucb_ldap/schema.rb +2 -2
- data/lib/ucb_ldap/schema_attribute.rb +3 -3
- data/lib/ucb_ldap/service.rb +2 -3
- data/lib/ucb_ldap/student_term.rb +34 -19
- data/lib/ucb_ldap/version.rb +1 -1
- data/ucb_ldap.gemspec +8 -5
- metadata +10 -36
- data/spec/rails_binds.yml +0 -9
- data/spec/spec_helper.rb +0 -43
- data/spec/ucb_ldap/address_spec.rb +0 -54
- data/spec/ucb_ldap/affiliation_spec.rb +0 -85
- data/spec/ucb_ldap/entry_spec.rb +0 -241
- data/spec/ucb_ldap/job_appointment_spec.rb +0 -65
- data/spec/ucb_ldap/namespace_spec.rb +0 -72
- data/spec/ucb_ldap/org_spec.rb +0 -217
- data/spec/ucb_ldap/person_spec.rb +0 -225
- data/spec/ucb_ldap/schema_attribute_spec.rb +0 -122
- data/spec/ucb_ldap/schema_spec.rb +0 -104
- data/spec/ucb_ldap/service_spec.rb +0 -127
- data/spec/ucb_ldap/student_term_spec.rb +0 -121
- data/spec/ucb_ldap_spec.rb +0 -182
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f8a64f18cecc3faf0a7cf1036676c320cd0fb0bc
|
4
|
+
data.tar.gz: e7304221307c10cce40a5ceae24a14f7d46f8221
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 847bb2360827f0f63e5f4183a1373d1afa262c92876ca1d0c5b00d9825d87f34aed9c29a9bb4adf6181b13bb9609cbb6558f0533935bebbf13eb71f79faa478d
|
7
|
+
data.tar.gz: 92c7b45f88bad26a06ae74b82780fc7c41818a0ffe760787e792cc2d2b3d5f8663e52fca7385de1b815c7e91b23dc87105a1ef611a78551d3968877f291f9734
|
data/.gitignore
CHANGED
data/.irbrc
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
if File.exists?("spec/ldap_config.yml")
|
2
|
+
require "rubygems"
|
3
|
+
require "yaml"
|
4
|
+
require "ucb_ldap"
|
5
|
+
config = YAML.load(IO.read("spec/ldap_config.yml"))["ldap"]
|
6
|
+
UCB::LDAP.initialize(config["username"], config["password"], config["host"])
|
7
|
+
UCB::LDAP::Person.include_test_entries = config["include_test_entries"]
|
8
|
+
end
|
data/.travis.yml
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
branches:
|
2
|
+
except:
|
3
|
+
- "/^.*\\/.*+$/"
|
4
|
+
language: ruby
|
5
|
+
rvm:
|
6
|
+
- 2.4.2
|
7
|
+
install:
|
8
|
+
- bundle install --full-index --path vendor/bundle --jobs=3 --retry=3
|
9
|
+
before_install:
|
10
|
+
- export TZ=America/Los_Angeles
|
11
|
+
- openssl aes-256-cbc -K $encrypted_4db5a3dd3a6f_key -iv $encrypted_4db5a3dd3a6f_iv
|
12
|
+
-in spec/ldap_config.yml.enc -out spec/ldap_config.yml -d
|
13
|
+
script:
|
14
|
+
- bundle exec rspec
|
15
|
+
cache:
|
16
|
+
directories:
|
17
|
+
- vendor/bundle
|
18
|
+
notifications:
|
19
|
+
slack: infinitered:vEwHyTPtHfTgpT5xdCA2ZkgX
|
data/CHANGELOG
CHANGED
@@ -1,5 +1,13 @@
|
|
1
1
|
# UCB::LDAP Changelog
|
2
2
|
|
3
|
+
## Version 3.0.0, May 2, 2018
|
4
|
+
* Deprecate many classes and methods per the campus [LDAP Simplification and Standardization effort](https://calnetweb.berkeley.edu/calnet-technologists/ldap-directory-service/ldap-simplification-and-standardization)
|
5
|
+
* Upgrade net-ldap to latest version (0.16.1)
|
6
|
+
* Remove all hard-coded binds and replace with standard user-configured bind
|
7
|
+
* Add `initialize` method to allow for setting configuration without actually connecting
|
8
|
+
* Fix all failing specs
|
9
|
+
* Add Travis integration
|
10
|
+
|
3
11
|
## Version 2.0.0.pre3, June 8, 2013
|
4
12
|
* Reorganize file layout
|
5
13
|
* Fix bug where credentials get switched when building org tree
|
data/README.md
CHANGED
@@ -1,18 +1,33 @@
|
|
1
|
-
#UC Berkeley LDAP
|
1
|
+
# UC Berkeley LDAP
|
2
2
|
|
3
3
|
UCB::LDAP is a wrapper module around Net::LDAP intended to simplify searching the UC Berkeley
|
4
4
|
LDAP directory: http://directory.berkeley.edu
|
5
5
|
|
6
|
-
##Introduction to LDAP
|
6
|
+
## Introduction to LDAP
|
7
7
|
If you are blissfully ignorant of LDAP, you should familiarize yourself with some of the basics.
|
8
8
|
Here is a great online resource: http://www.zytrax.com/books/ldap
|
9
9
|
|
10
|
-
The RDoc for the ruby-net-ldap Gem (http://rubyfurnace.com/docs/ruby-net-ldap-0.
|
10
|
+
The RDoc for the ruby-net-ldap Gem (http://rubyfurnace.com/docs/ruby-net-ldap-0.16.1/classes/Net/LDAP.html) also has a good introduction to LDAP.
|
11
11
|
|
12
|
+
## Upgrading To Version 3
|
12
13
|
|
13
|
-
|
14
|
+
Version 3 and higher of this gem support changes made to LDAP in 2017 [as described here.](https://calnetweb.berkeley.edu/calnet-technologists/ldap-directory-service/ldap-simplification-and-standardization) This involved a substantial reduction of data that had been available in older versions.
|
14
15
|
|
15
|
-
|
16
|
+
To upgrade, point your Gemfile to the latest version of ucb-ldap, run your test suite and look for deprecation warnings. All of the methods that wrapped deprecated LDAP attributes are still in place, but they will emit warnings and will be remove in version 4.
|
17
|
+
|
18
|
+
Most of the `Person` attributes are still in place, but the following classes have been deprecated completely:
|
19
|
+
|
20
|
+
* `Address`
|
21
|
+
* `JobAppointment`
|
22
|
+
* `Namespace`
|
23
|
+
* `Service`
|
24
|
+
* `StudentTerm`
|
25
|
+
|
26
|
+
If you need access to any data that used to be in these modules, check with other campus resources (e.g. HCM)
|
27
|
+
|
28
|
+
## Examples
|
29
|
+
|
30
|
+
### General Search
|
16
31
|
|
17
32
|
Search the directory specifying tree base and filter, getting back generic `UCB::LDAP::Entry` instances:
|
18
33
|
|
@@ -27,7 +42,7 @@ Search the directory specifying tree base and filter, getting back generic `UCB:
|
|
27
42
|
|
28
43
|
See `UCB::LDAP::Entry` for more information.
|
29
44
|
|
30
|
-
###Person Search
|
45
|
+
### Person Search
|
31
46
|
|
32
47
|
Search the Person tree getting back UCB::LDAP::Person instances:
|
33
48
|
|
@@ -43,7 +58,7 @@ Search the Person tree getting back UCB::LDAP::Person instances:
|
|
43
58
|
|
44
59
|
See `UCB::LDAP::Person` for more information.
|
45
60
|
|
46
|
-
###Org Unit Search
|
61
|
+
### Org Unit Search
|
47
62
|
|
48
63
|
Search the Org Unit tree getting back `UCB::LDAP::Org` instances:
|
49
64
|
|
@@ -55,7 +70,7 @@ Search the Org Unit tree getting back `UCB::LDAP::Org` instances:
|
|
55
70
|
|
56
71
|
See `UCB::LDAP::Org` for more information.
|
57
72
|
|
58
|
-
###Privileged Binds
|
73
|
+
### Privileged Binds
|
59
74
|
|
60
75
|
If you want access the directory anonymously, no credentials are required.
|
61
76
|
If you want to access via a privileged bind, authenticate before querying:
|
@@ -69,16 +84,13 @@ If you want to access via a privileged bind, authenticate before querying:
|
|
69
84
|
p.non_public_attr #=> "some value"
|
70
85
|
```
|
71
86
|
|
72
|
-
|
73
|
-
|
74
|
-
See `UCB::LDAP.bind_for_rails`
|
75
|
-
|
76
|
-
##Dependencies
|
87
|
+
## Dependencies
|
77
88
|
|
78
89
|
* Net::LDAP
|
79
|
-
* Ruby
|
90
|
+
* Ruby 2.2 or higher
|
80
91
|
|
81
|
-
##Maintainers
|
92
|
+
## Maintainers
|
82
93
|
|
83
94
|
* Steven Hansen
|
84
95
|
* Steve Downey
|
96
|
+
* Darin Wilson
|
data/lib/ucb_ldap.rb
CHANGED
@@ -57,7 +57,6 @@ module UCB
|
|
57
57
|
|
58
58
|
|
59
59
|
HOST_PRODUCTION = 'nds.berkeley.edu'
|
60
|
-
HOST_TEST = 'nds-test.berkeley.edu'
|
61
60
|
|
62
61
|
class << self
|
63
62
|
# Execute UCB::LDAP commands with a different username and password.
|
@@ -73,6 +72,16 @@ module UCB
|
|
73
72
|
UCB::LDAP.authenticate(original_username, original_password)
|
74
73
|
end
|
75
74
|
|
75
|
+
##
|
76
|
+
# Sets the config values we want to use, but doesn't actually connect
|
77
|
+
# to the server
|
78
|
+
#
|
79
|
+
def initialize(username, password, host=HOST_PRODUCTION)
|
80
|
+
@username = username
|
81
|
+
@password = password
|
82
|
+
@host = host
|
83
|
+
end
|
84
|
+
|
76
85
|
##
|
77
86
|
# Give (new) bind credentials to LDAP. An attempt will be made
|
78
87
|
# to bind and will raise BindFailedException if bind fails.
|
@@ -136,31 +145,6 @@ module UCB
|
|
136
145
|
@username
|
137
146
|
end
|
138
147
|
|
139
|
-
##
|
140
|
-
# If you are using UCB::LDAP in a Rails application you can specify binds on a
|
141
|
-
# per-environment basis, just as you can with database credentials.
|
142
|
-
#
|
143
|
-
# # in ../config/ldap.yml
|
144
|
-
#
|
145
|
-
# development:
|
146
|
-
# username: user_dev
|
147
|
-
# password: pass_dev
|
148
|
-
#
|
149
|
-
# # etc.
|
150
|
-
#
|
151
|
-
#
|
152
|
-
# # in ../config/environment.rb
|
153
|
-
#
|
154
|
-
# require 'ucb_ldap'
|
155
|
-
# UCB::LDAP.bind_for_rails()
|
156
|
-
#
|
157
|
-
# Runtime error will be raised if bind_file not found or if environment key not
|
158
|
-
# found in bind_file.
|
159
|
-
#
|
160
|
-
def bind_for_rails(bind_file = "#{::Rails.root}/config/ldap.yml", environment = ::Rails.env)
|
161
|
-
bind(bind_file, environment)
|
162
|
-
end
|
163
|
-
|
164
148
|
def bind(bind_file, environment)
|
165
149
|
raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file)
|
166
150
|
binds = YAML.load(IO.read(bind_file))
|
@@ -221,7 +205,7 @@ module UCB
|
|
221
205
|
@net_ldap = Net::LDAP.new(params)
|
222
206
|
@net_ldap.bind || raise(BindFailedException)
|
223
207
|
@net_ldap
|
224
|
-
rescue Net::LDAP::
|
208
|
+
rescue Net::LDAP::Error => e
|
225
209
|
raise(BindFailedException)
|
226
210
|
end
|
227
211
|
|
data/lib/ucb_ldap/address.rb
CHANGED
@@ -25,11 +25,13 @@ module UCB
|
|
25
25
|
end
|
26
26
|
|
27
27
|
def address_type
|
28
|
-
|
28
|
+
warn "DEPRECATED: address_type is no longer supported"
|
29
|
+
[]
|
29
30
|
end
|
30
31
|
|
31
32
|
def building_code
|
32
|
-
|
33
|
+
warn "DEPRECATED: building_code is no longer supported"
|
34
|
+
[]
|
33
35
|
end
|
34
36
|
|
35
37
|
def city
|
@@ -37,11 +39,13 @@ module UCB
|
|
37
39
|
end
|
38
40
|
|
39
41
|
def country_code
|
40
|
-
|
42
|
+
warn "DEPRECATED: country_code is no longer supported"
|
43
|
+
[]
|
41
44
|
end
|
42
45
|
|
43
46
|
def department_name
|
44
|
-
|
47
|
+
warn "DEPRECATED: department_name is no longer supported"
|
48
|
+
[]
|
45
49
|
end
|
46
50
|
|
47
51
|
def department_acronym
|
@@ -49,7 +53,8 @@ module UCB
|
|
49
53
|
end
|
50
54
|
|
51
55
|
def directories
|
52
|
-
|
56
|
+
warn "DEPRECATED: directories is no longer supported"
|
57
|
+
[]
|
53
58
|
end
|
54
59
|
|
55
60
|
# Returns email address associated with this Address.
|
@@ -79,7 +84,8 @@ module UCB
|
|
79
84
|
end
|
80
85
|
|
81
86
|
def sort_order
|
82
|
-
|
87
|
+
warn "DEPRECATED: sort_order is no longer supported"
|
88
|
+
0
|
83
89
|
end
|
84
90
|
|
85
91
|
def state
|
@@ -95,9 +101,8 @@ module UCB
|
|
95
101
|
# Returns an empty Array ([]) if nothing is found.
|
96
102
|
#
|
97
103
|
def find_by_uid(uid)
|
98
|
-
|
99
|
-
|
100
|
-
search(:base => base, :filter => filter).sort_by{|addr| addr.sort_order}
|
104
|
+
warn "DEPRECATED: Addresses are no longer supported by LDAP. This method will always return an empty Array"
|
105
|
+
[]
|
101
106
|
end
|
102
107
|
|
103
108
|
end
|
data/lib/ucb_ldap/affiliation.rb
CHANGED
@@ -21,7 +21,8 @@ module UCB
|
|
21
21
|
@entity_name = 'personAffiliateAffiliation'
|
22
22
|
|
23
23
|
def create_datetime
|
24
|
-
|
24
|
+
warn "DEPRECATED: create_datetime is no longer supported"
|
25
|
+
[]
|
25
26
|
end
|
26
27
|
|
27
28
|
def expired_by
|
@@ -29,7 +30,8 @@ module UCB
|
|
29
30
|
end
|
30
31
|
|
31
32
|
def expiration_date
|
32
|
-
|
33
|
+
warn "DEPRECATED: expiration_date is no longer supported"
|
34
|
+
[]
|
33
35
|
end
|
34
36
|
|
35
37
|
def affiliate_id
|
@@ -65,7 +67,7 @@ module UCB
|
|
65
67
|
end
|
66
68
|
|
67
69
|
def dept_name
|
68
|
-
|
70
|
+
warn "DEPRECATED: dept_name is no longer supported"
|
69
71
|
end
|
70
72
|
|
71
73
|
class << self
|
data/lib/ucb_ldap/entry.rb
CHANGED
@@ -32,7 +32,7 @@ module UCB
|
|
32
32
|
#
|
33
33
|
# Entry subclasses may have convenience
|
34
34
|
# methods that return scalars even though the schema defines
|
35
|
-
# the
|
35
|
+
# the underlying attribute as multi-valued becuase in practice the are single-valued.
|
36
36
|
#
|
37
37
|
# === Attribute Types
|
38
38
|
#
|
@@ -54,27 +54,9 @@ module UCB
|
|
54
54
|
# * empty booleans return +false+
|
55
55
|
# * everything else returns +nil+ if empty
|
56
56
|
#
|
57
|
-
# Attempting to get
|
57
|
+
# Attempting to get an attribute value for an invalid attribute name
|
58
58
|
# will raise a BadAttributeNameException.
|
59
59
|
#
|
60
|
-
# == Updating LDAP
|
61
|
-
#
|
62
|
-
# If your bind has privleges for updating the directory you can update
|
63
|
-
# the directory using methods of Entry sub-classes. Make sure you call
|
64
|
-
# UCB::LDAP.authenticate before calling any update methods.
|
65
|
-
#
|
66
|
-
# There are three pairs of update methods that behave like Rails ActiveRecord
|
67
|
-
# methods of the same name. These methods are fairly thin wrappers around
|
68
|
-
# standard LDAP update commands.
|
69
|
-
#
|
70
|
-
# The "bang" methods (those ending in "!") differ from their bangless
|
71
|
-
# counterparts in that the bang methods raise +DirectoryNotUpdatedException+
|
72
|
-
# on failure, while the bangless return +false+.
|
73
|
-
#
|
74
|
-
# * #create/#create! - class methods that do LDAP add
|
75
|
-
# * #update_attributes/#update_attributes! - instance methods that do LDAP modify
|
76
|
-
# * #delete/#delete! - instance methods that do LDAP delete
|
77
|
-
#
|
78
60
|
class Entry
|
79
61
|
TESTING = false
|
80
62
|
|
@@ -119,108 +101,31 @@ module UCB
|
|
119
101
|
self.class.canonical(string_or_symbol)
|
120
102
|
end
|
121
103
|
|
122
|
-
##
|
123
|
-
# Update an existing entry. Returns entry if successful else false.
|
124
|
-
#
|
125
|
-
# attrs = {:attr1 => "new_v1", :attr2 => "new_v2"}
|
126
|
-
# entry.update_attributes(attrs)
|
127
|
-
#
|
128
|
-
def update_attributes(attrs)
|
129
|
-
attrs.each { |k, v| self.send("#{k}=", v) }
|
130
|
-
if modify
|
131
|
-
@attributes = self.class.find_by_dn(dn).attributes.dup
|
132
|
-
return true
|
133
|
-
end
|
134
|
-
false
|
135
|
-
end
|
136
|
-
|
137
|
-
##
|
138
|
-
# Same as #update_attributes(), but raises DirectoryNotUpdated on failure.
|
139
|
-
#
|
140
|
-
def update_attributes!(attrs)
|
141
|
-
update_attributes(attrs) || raise(DirectoryNotUpdatedException)
|
142
|
-
end
|
143
|
-
|
144
|
-
##
|
145
|
-
# Delete entry. Returns +true+ on sucess, +false+ on failure.
|
146
|
-
#
|
147
|
-
def delete
|
148
|
-
net_ldap.delete(:dn => dn)
|
149
|
-
end
|
150
|
-
|
151
|
-
##
|
152
|
-
# Same as #delete() except raises DirectoryNotUpdated on failure.
|
153
|
-
#
|
154
|
-
def delete!
|
155
|
-
delete || raise(DirectoryNotUpdatedException)
|
156
|
-
end
|
157
|
-
|
158
104
|
def net_ldap
|
159
105
|
self.class.net_ldap
|
160
106
|
end
|
161
107
|
|
162
|
-
|
108
|
+
# TODO: these should definitely be private - we shouldn't test private methods
|
163
109
|
#private unless TESTING
|
164
110
|
|
165
111
|
##
|
166
|
-
# Used to get
|
112
|
+
# Used to get attribute values.
|
167
113
|
#
|
168
114
|
# If we can't make an attribute name out of method, let
|
169
115
|
# regular method_missing() handle it.
|
170
116
|
#
|
171
117
|
def method_missing(method, *args) #:nodoc:
|
172
|
-
setter_method?(method) ? value_setter(method, *args) : value_getter(method)
|
173
|
-
rescue BadAttributeNameException
|
174
|
-
return super
|
175
|
-
end
|
176
|
-
|
177
|
-
##
|
178
|
-
# Returns +true+ if _method_ is a "setter", i.e., ends in "=".
|
179
|
-
#
|
180
|
-
def setter_method?(method)
|
181
|
-
method.to_s[-1, 1] == "="
|
182
|
-
end
|
183
|
-
|
184
|
-
##
|
185
|
-
# Called by method_missing() to get an attribute value.
|
186
|
-
#
|
187
|
-
def value_getter(method)
|
188
118
|
schema_attribute = self.class.schema_attribute(method)
|
189
119
|
raw_value = attributes[canonical(schema_attribute.name)]
|
190
120
|
schema_attribute.get_value(raw_value)
|
191
|
-
|
192
|
-
|
193
|
-
##
|
194
|
-
# Called by method_missing() to set an attribute value.
|
195
|
-
#
|
196
|
-
def value_setter(method, *args)
|
197
|
-
schema_attribute = self.class.schema_attribute(method.to_s.chop)
|
198
|
-
attr_key = canonical(schema_attribute.name)
|
199
|
-
assigned_attributes[attr_key] = schema_attribute.ldap_value(args[0])
|
121
|
+
rescue BadAttributeNameException
|
122
|
+
return super
|
200
123
|
end
|
201
124
|
|
202
125
|
def assigned_attributes
|
203
126
|
@assigned_attributes ||= {}
|
204
127
|
end
|
205
128
|
|
206
|
-
def modify_operations
|
207
|
-
ops = []
|
208
|
-
assigned_attributes.keys.sort_by { |k| k.to_s }.each do |key|
|
209
|
-
value = assigned_attributes[key]
|
210
|
-
op = value.nil? ? :delete : :replace
|
211
|
-
ops << [op, key, value]
|
212
|
-
end
|
213
|
-
ops
|
214
|
-
end
|
215
|
-
|
216
|
-
def modify()
|
217
|
-
if UCB::LDAP.net_ldap.modify(:dn => dn, :operations => modify_operations)
|
218
|
-
@assigned_attributes = nil
|
219
|
-
return true
|
220
|
-
end
|
221
|
-
false
|
222
|
-
end
|
223
|
-
|
224
129
|
# Class methods
|
225
130
|
class << self
|
226
131
|
|