ucb_ldap 2.0.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 43abcac9ec2f5227cd7282f266fb1e0fe5db152b
-  data.tar.gz: 0cb22bda40bba61f409047a6f758f6d3476d79ef
+  metadata.gz: f8a64f18cecc3faf0a7cf1036676c320cd0fb0bc
+  data.tar.gz: e7304221307c10cce40a5ceae24a14f7d46f8221
 SHA512:
-  metadata.gz: d65e464427b092ef898c49bf9c58626f0312f50f3622b77e15f2420d1e9e6bc0261e7a831ce52f971b28e5bcade861196b1f30e08e870fbe431b80e41c66f2f8
-  data.tar.gz: 72e4ea3e014d27e1ea058003ab31088873c1414df834b046b24ae8e5ca2fda4b38a646f7fcdd05543227fd06cc5ead5d551aec8675744990cebd185c546cef0b
+  metadata.gz: 847bb2360827f0f63e5f4183a1373d1afa262c92876ca1d0c5b00d9825d87f34aed9c29a9bb4adf6181b13bb9609cbb6558f0533935bebbf13eb71f79faa478d
+  data.tar.gz: 92c7b45f88bad26a06ae74b82780fc7c41818a0ffe760787e792cc2d2b3d5f8663e52fca7385de1b815c7e91b23dc87105a1ef611a78551d3968877f291f9734

data/.gitignore

@@ -18,4 +18,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
-spec/binds.yml
+spec/ldap_config.yml

data/.irbrc

@@ -0,0 +1,8 @@
+if File.exists?("spec/ldap_config.yml")
+  require "rubygems"
+  require "yaml"
+  require "ucb_ldap"
+  config = YAML.load(IO.read("spec/ldap_config.yml"))["ldap"]
+  UCB::LDAP.initialize(config["username"], config["password"], config["host"])
+  UCB::LDAP::Person.include_test_entries = config["include_test_entries"]
+end

data/.travis.yml

@@ -0,0 +1,19 @@
+branches:
+  except:
+  - "/^.*\\/.*+$/"
+language: ruby
+rvm:
+- 2.4.2
+install:
+- bundle install --full-index --path vendor/bundle --jobs=3 --retry=3
+before_install:
+- export TZ=America/Los_Angeles
+- openssl aes-256-cbc -K $encrypted_4db5a3dd3a6f_key -iv $encrypted_4db5a3dd3a6f_iv
+  -in spec/ldap_config.yml.enc -out spec/ldap_config.yml -d
+script:
+- bundle exec rspec
+cache:
+  directories:
+  - vendor/bundle
+notifications:
+  slack: infinitered:vEwHyTPtHfTgpT5xdCA2ZkgX

data/CHANGELOG

@@ -1,5 +1,13 @@
 # UCB::LDAP Changelog
 
+## Version 3.0.0, May 2, 2018
+* Deprecate many classes and methods per the campus [LDAP Simplification and Standardization effort](https://calnetweb.berkeley.edu/calnet-technologists/ldap-directory-service/ldap-simplification-and-standardization)
+* Upgrade net-ldap to latest version (0.16.1)
+* Remove all hard-coded binds and replace with standard user-configured bind
+* Add `initialize` method to allow for setting configuration without actually connecting
+* Fix all failing specs
+* Add Travis integration
+
 ## Version 2.0.0.pre3, June 8, 2013
 * Reorganize file layout
 * Fix bug where credentials get switched when building org tree

data/README.md

@@ -1,18 +1,33 @@
-#UC Berkeley LDAP
+# UC Berkeley LDAP
 
 UCB::LDAP is a wrapper module around Net::LDAP intended to simplify searching the UC Berkeley
 LDAP directory: http://directory.berkeley.edu
 
-##Introduction to LDAP
+## Introduction to LDAP
 If you are blissfully ignorant of LDAP, you should familiarize yourself with some of the basics.
 Here is a great online resource: http://www.zytrax.com/books/ldap
 
-The RDoc for the ruby-net-ldap Gem (http://rubyfurnace.com/docs/ruby-net-ldap-0.0.4/classes/Net/LDAP.html) also has a good introduction to LDAP.
+The RDoc for the ruby-net-ldap Gem (http://rubyfurnace.com/docs/ruby-net-ldap-0.16.1/classes/Net/LDAP.html) also has a good introduction to LDAP.
 
+## Upgrading To Version 3
 
-##Examples
+Version 3 and higher of this gem support changes made to LDAP in 2017 [as described here.](https://calnetweb.berkeley.edu/calnet-technologists/ldap-directory-service/ldap-simplification-and-standardization) This involved a substantial reduction of data that had been available in older versions.
 
-###General Search
+To upgrade, point your Gemfile to the latest version of ucb-ldap, run your test suite and look for deprecation warnings. All of the methods that wrapped deprecated LDAP attributes are still in place, but they will emit warnings and will be remove in version 4.
+
+Most of the `Person` attributes are still in place, but the following classes have been deprecated completely:
+
+  * `Address`
+  * `JobAppointment`
+  * `Namespace`
+  * `Service`
+  * `StudentTerm`
+
+If you need access to any data that used to be in these modules, check with other campus resources (e.g. HCM)
+
+## Examples
+
+### General Search
 
 Search the directory specifying tree base and filter, getting back generic `UCB::LDAP::Entry` instances:
 
@@ -27,7 +42,7 @@ Search the directory specifying tree base and filter, getting back generic `UCB:
 
 See `UCB::LDAP::Entry` for more information.
 
-###Person Search
+### Person Search
 
 Search the Person tree getting back UCB::LDAP::Person instances:
 
@@ -43,7 +58,7 @@ Search the Person tree getting back UCB::LDAP::Person instances:
 
 See `UCB::LDAP::Person` for more information.
 
-###Org Unit Search
+### Org Unit Search
 
 Search the Org Unit tree getting back `UCB::LDAP::Org` instances:
 
@@ -55,7 +70,7 @@ Search the Org Unit tree getting back `UCB::LDAP::Org` instances:
 
 See `UCB::LDAP::Org` for more information.
 
-###Privileged Binds
+### Privileged Binds
 
 If you want access the directory anonymously, no credentials are required.
 If you want to access via a privileged bind, authenticate before querying:
@@ -69,16 +84,13 @@ If you want to access via a privileged bind, authenticate before querying:
   p.non_public_attr    #=> "some value"
 ```
 
-###Privileged Binds and Rails
-
-See `UCB::LDAP.bind_for_rails`
-
-##Dependencies
+## Dependencies
 
 * Net::LDAP
-* Ruby 1.9.2 or better
+* Ruby 2.2 or higher
 
-##Maintainers
+## Maintainers
 
 * Steven Hansen
 * Steve Downey
+* Darin Wilson

data/lib/ucb_ldap.rb

@@ -57,7 +57,6 @@ module UCB
 
 
     HOST_PRODUCTION = 'nds.berkeley.edu'
-    HOST_TEST = 'nds-test.berkeley.edu'
 
     class << self
       # Execute UCB::LDAP commands with a different username and password.
@@ -73,6 +72,16 @@ module UCB
         UCB::LDAP.authenticate(original_username, original_password)
       end
 
+      ##
+      # Sets the config values we want to use, but doesn't actually connect
+      # to the server
+      #
+      def initialize(username, password, host=HOST_PRODUCTION)
+        @username = username
+        @password = password
+        @host = host
+      end
+
       ##
       # Give (new) bind credentials to LDAP.  An attempt will be made
       # to bind and will raise BindFailedException if bind fails.
@@ -136,31 +145,6 @@ module UCB
         @username
       end
 
-      ##
-      # If you are using UCB::LDAP in a Rails application you can specify binds on a
-      # per-environment basis, just as you can with database credentials.
-      #
-      #   # in ../config/ldap.yml
-      #
-      #   development:
-      #     username: user_dev
-      #     password: pass_dev
-      #
-      #   # etc.
-      #
-      #
-      #   # in ../config/environment.rb
-      #
-      #   require 'ucb_ldap'
-      #   UCB::LDAP.bind_for_rails()
-      #
-      # Runtime error will be raised if bind_file not found or if environment key not
-      # found in bind_file.
-      #
-      def bind_for_rails(bind_file = "#{::Rails.root}/config/ldap.yml", environment = ::Rails.env)
-        bind(bind_file, environment)
-      end
-
       def bind(bind_file, environment)
         raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file)
         binds = YAML.load(IO.read(bind_file))
@@ -221,7 +205,7 @@ module UCB
         @net_ldap = Net::LDAP.new(params)
         @net_ldap.bind || raise(BindFailedException)
         @net_ldap
-      rescue Net::LDAP::LdapError => e
+      rescue Net::LDAP::Error => e
         raise(BindFailedException)
       end
 

data/lib/ucb_ldap/address.rb

@@ -25,11 +25,13 @@ module UCB
       end
 
       def address_type
-        berkeleyEduPersonAddressType
+        warn "DEPRECATED: address_type is no longer supported"
+        []
       end
 
       def building_code
-        berkeleyEduPersonAddressBuildingCode
+        warn "DEPRECATED: building_code is no longer supported"
+        []
       end
 
       def city
@@ -37,11 +39,13 @@ module UCB
       end
 
       def country_code
-        berkeleyEduPersonAddressCountryCode
+        warn "DEPRECATED: country_code is no longer supported"
+        []
       end
 
       def department_name
-        berkeleyEduPersonAddressUnitCalNetDeptName
+        warn "DEPRECATED: department_name is no longer supported"
+        []
       end
 
       def department_acronym
@@ -49,7 +53,8 @@ module UCB
       end
 
       def directories
-        berkeleyEduPersonAddressPublications
+        warn "DEPRECATED: directories is no longer supported"
+        []
       end
 
       # Returns email address associated with this Address.
@@ -79,7 +84,8 @@ module UCB
       end
 
       def sort_order
-        berkeleyEduPersonAddressSortOrder.first || 0
+        warn "DEPRECATED: sort_order is no longer supported"
+        0
       end
 
       def state
@@ -95,9 +101,8 @@ module UCB
         # Returns an empty Array ([]) if nothing is found.
         #
         def find_by_uid(uid)
-          base = "uid=#{uid},ou=people,dc=berkeley,dc=edu"
-          filter = Net::LDAP::Filter.eq("objectclass", 'berkeleyEduPersonAddress')
-          search(:base => base, :filter => filter).sort_by{|addr| addr.sort_order}
+          warn "DEPRECATED: Addresses are no longer supported by LDAP. This method will always return an empty Array"
+          []
         end
 
       end

data/lib/ucb_ldap/affiliation.rb

@@ -21,7 +21,8 @@ module UCB
       @entity_name = 'personAffiliateAffiliation'
 
       def create_datetime
-        berkeleyEduAffCreateDate
+        warn "DEPRECATED: create_datetime is no longer supported"
+        []
       end
 
       def expired_by
@@ -29,7 +30,8 @@ module UCB
       end
 
       def expiration_date
-         UCB::LDAP.local_date_parse(berkeleyEduAffExpDate)
+        warn "DEPRECATED: expiration_date is no longer supported"
+        []
       end
 
       def affiliate_id
@@ -65,7 +67,7 @@ module UCB
       end
 
       def dept_name
-        berkeleyEduUnitCalNetDeptName
+        warn "DEPRECATED: dept_name is no longer supported"
       end
 
       class << self

data/lib/ucb_ldap/entry.rb

@@ -32,7 +32,7 @@ module UCB
     #
     # Entry subclasses may have convenience
     # methods that return scalars even though the schema defines
-    # the unerlying attribute as multi-valued becuase in practice the are single-valued.
+    # the underlying attribute as multi-valued becuase in practice the are single-valued.
     #
     # === Attribute Types
     #
@@ -54,27 +54,9 @@ module UCB
     # * empty booleans return +false+
     # * everything else returns +nil+ if empty
     #
-    # Attempting to get or set an attribute value for an invalid attriubte name
+    # Attempting to get an attribute value for an invalid attribute name
     # will raise a BadAttributeNameException.
     #
-    # == Updating LDAP
-    #
-    # If your bind has privleges for updating the directory you can update
-    # the directory using methods of Entry sub-classes.  Make sure you call
-    # UCB::LDAP.authenticate before calling any update methods.
-    #
-    # There are three pairs of update methods that behave like Rails ActiveRecord
-    # methods of the same name.  These methods are fairly thin wrappers around
-    # standard LDAP update commands.
-    #
-    # The "bang" methods (those ending in "!") differ from their bangless
-    # counterparts in that the bang methods raise +DirectoryNotUpdatedException+
-    # on failure, while the bangless return +false+.
-    #
-    # * #create/#create! - class methods that do LDAP add
-    # * #update_attributes/#update_attributes! - instance methods that do LDAP modify
-    # * #delete/#delete! - instance methods that do LDAP delete
-    #
     class Entry
       TESTING = false
 
@@ -119,108 +101,31 @@ module UCB
         self.class.canonical(string_or_symbol)
       end
 
-      ##
-      # Update an existing entry.  Returns entry if successful else false.
-      #
-      #   attrs = {:attr1 => "new_v1", :attr2 => "new_v2"}
-      #   entry.update_attributes(attrs)
-      #
-      def update_attributes(attrs)
-        attrs.each { |k, v| self.send("#{k}=", v) }
-        if modify
-          @attributes = self.class.find_by_dn(dn).attributes.dup
-          return true
-        end
-        false
-      end
-
-      ##
-      # Same as #update_attributes(), but raises DirectoryNotUpdated on failure.
-      #
-      def update_attributes!(attrs)
-        update_attributes(attrs) || raise(DirectoryNotUpdatedException)
-      end
-
-      ##
-      # Delete entry.  Returns +true+ on sucess, +false+ on failure.
-      #
-      def delete
-        net_ldap.delete(:dn => dn)
-      end
-
-      ##
-      # Same as #delete() except raises DirectoryNotUpdated on failure.
-      #
-      def delete!
-        delete || raise(DirectoryNotUpdatedException)
-      end
-
       def net_ldap
         self.class.net_ldap
       end
 
-
+      # TODO: these should definitely be private - we shouldn't test private methods
       #private unless TESTING
 
       ##
-      # Used to get/set attribute values.
+      # Used to get attribute values.
       #
       # If we can't make an attribute name out of method, let
       # regular method_missing() handle it.
       #
       def method_missing(method, *args) #:nodoc:
-        setter_method?(method) ? value_setter(method, *args) : value_getter(method)
-      rescue BadAttributeNameException
-        return super
-      end
-
-      ##
-      # Returns +true+ if _method_ is a "setter", i.e., ends in "=".
-      #
-      def setter_method?(method)
-        method.to_s[-1, 1] == "="
-      end
-
-      ##
-      # Called by method_missing() to get an attribute value.
-      #
-      def value_getter(method)
         schema_attribute = self.class.schema_attribute(method)
         raw_value = attributes[canonical(schema_attribute.name)]
         schema_attribute.get_value(raw_value)
-      end
-
-      ##
-      # Called by method_missing() to set an attribute value.
-      #
-      def value_setter(method, *args)
-        schema_attribute = self.class.schema_attribute(method.to_s.chop)
-        attr_key = canonical(schema_attribute.name)
-        assigned_attributes[attr_key] = schema_attribute.ldap_value(args[0])
+      rescue BadAttributeNameException
+        return super
       end
 
       def assigned_attributes
         @assigned_attributes ||= {}
       end
 
-      def modify_operations
-        ops = []
-        assigned_attributes.keys.sort_by { |k| k.to_s }.each do |key|
-          value = assigned_attributes[key]
-          op = value.nil? ? :delete : :replace
-          ops << [op, key, value]
-        end
-        ops
-      end
-
-      def modify()
-        if UCB::LDAP.net_ldap.modify(:dn => dn, :operations => modify_operations)
-          @assigned_attributes = nil
-          return true
-        end
-        false
-      end
-
       # Class methods
       class << self