+++ /dev/null
-require 'active_ldap/adapter/base'
-
-module ActiveLdap
- module Adapter
- class Base
- class << self
- def ldap_connection(options)
- require 'active_ldap/adapter/ldap_ext'
- Ldap.new(options)
- end
- end
- end
-
- class Ldap < Base
- module Method
- class Base
- def ssl?
- false
- end
-
- def start_tls?
- false
- end
- end
-
- class SSL < Base
- def connect(host, port)
- LDAP::SSLConn.new(host, port, false)
- end
-
- def ssl?
- true
- end
- end
-
- class TLS < Base
- def connect(host, port)
- LDAP::SSLConn.new(host, port, true)
- end
-
- def start_tls?
- true
- end
- end
-
- class Plain < Base
- def connect(host, port)
- LDAP::Conn.new(host, port)
- end
- end
- end
-
- def connect(options={})
- super do |host, port, method|
- uri = construct_uri(host, port, method.ssl?)
- with_start_tls = method.start_tls?
- info = {:uri => uri, :with_start_tls => with_start_tls}
- [log("connect", info) {method.connect(host, port)},
- uri, with_start_tls]
- end
- end
-
- def unbind(options={})
- super do
- execute(:unbind)
- end
- end
-
- def bind(options={})
- super do
- @connection.error_message
- end
- end
-
- def bind_as_anonymous(options={})
- super do
- execute(:bind, :name => "bind: anonymous")
- true
- end
- end
-
- def search(options={}, &block)
- super(options) do |base, scope, filter, attrs, limit, callback|
- begin
- i = 0
- info = {
- :base => base, :scope => scope_name(scope),
- :filter => filter, :attributes => attrs,
- }
- execute(:search, info, base, scope, filter, attrs) do |entry|
- i += 1
- attributes = {}
- entry.attrs.each do |attr|
- attributes[attr] = entry.vals(attr)
- end
- callback.call([entry.dn, attributes], block)
- break if limit and limit <= i
- end
- rescue RuntimeError
- begin
- @connection.assert_error_code
- rescue LDAP::ServerDown
- raise ConnectionError, $!.message
- end
- if $!.message == "no result returned by search"
- @logger.debug do
- args = [filter, attrs.inspect]
- _("No matches: filter: %s: attributes: %s") % args
- end
- else
- raise
- end
- end
- end
- end
-
- def delete(targets, options={})
- super do |target|
- controls = options[:controls]
- info = {:dn => target}
- if controls
- info.merge!(:name => :delete, :controls => controls)
- execute(:delete_ext, info,
- target, controls, [])
- else
- execute(:delete, info, target)
- end
- end
- end
-
- def add(dn, entries, options={})
- super do |_dn, _entries|
- controls = options[:controls]
- attributes = parse_entries(_entries)
- info = {:dn => _dn, :attributes => _entries}
- if controls
- info.merge!(:name => :add, :controls => controls)
- execute(:add_ext, info, _dn, attributes, controls, [])
- else
- execute(:add, info, _dn, attributes)
- end
- end
- end
-
- def modify(dn, entries, options={})
- super do |_dn, _entries|
- controls = options[:controls]
- attributes = parse_entries(_entries)
- info = {:dn => _dn, :attributes => _entries}
- if controls
- info.merge!(:name => :modify, :controls => controls)
- execute(:modify_ext, info, _dn, attributes, controls, [])
- else
- execute(:modify, info, _dn, attributes)
- end
- end
- end
-
- def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
- super do |_dn, _new_rdn, _delete_old_rdn, _new_superior|
- if _new_superior
- raise NotImplemented.new(_("modify RDN with new superior"))
- end
- info = {
- :name => "modify: RDN",
- :dn => _dn,
- :new_rdn => _new_rdn,
- :new_superior => _new_superior,
- :delete_old_rdn => _delete_old_rdn
- }
- execute(:modrdn, info, _dn, _new_rdn, _delete_old_rdn)
- end
- end
-
- private
- def prepare_connection(options={})
- operation(options) do
- @connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
- end
- end
-
- def execute(method, info=nil, *args, &block)
- begin
- name = (info || {}).delete(:name) || method
- log(name, info) {@connection.send(method, *args, &block)}
- rescue LDAP::ResultError
- @connection.assert_error_code
- raise $!.message
- end
- end
-
- def ensure_method(method)
- normalized_method = method.to_s.downcase
- Method.constants.each do |name|
- if normalized_method == name.to_s.downcase
- return Method.const_get(name).new
- end
- end
-
- available_methods = Method.constants.collect do |name|
- name.downcase.to_sym.inspect
- end.join(", ")
- format = _("%s is not one of the available connect methods: %s")
- raise ConfigurationError, format % [method.inspect, available_methods]
- end
-
- def ensure_scope(scope)
- scope_map = {
- :base => LDAP::LDAP_SCOPE_BASE,
- :sub => LDAP::LDAP_SCOPE_SUBTREE,
- :one => LDAP::LDAP_SCOPE_ONELEVEL,
- }
- value = scope_map[scope || :sub]
- if value.nil?
- available_scopes = scope_map.keys.inspect
- format = _("%s is not one of the available LDAP scope: %s")
- raise ArgumentError, format % [scope.inspect, available_scopes]
- end
- value
- end
-
- def scope_name(scope)
- {
- LDAP::LDAP_SCOPE_BASE => :base,
- LDAP::LDAP_SCOPE_SUBTREE => :sub,
- LDAP::LDAP_SCOPE_ONELEVEL => :one,
- }[scope]
- end
-
- def sasl_bind(bind_dn, options={})
- super do |_bind_dn, mechanism, quiet|
- begin
- _bind_dn ||= ''
- sasl_quiet = @connection.sasl_quiet
- @connection.sasl_quiet = quiet unless quiet.nil?
- args = [_bind_dn, mechanism]
- if need_credential_sasl_mechanism?(mechanism)
- args << password(_bind_dn, options)
- end
- info = {
- :name => "bind: SASL", :dn => _bind_dn, :mechanism => mechanism
- }
- execute(:sasl_bind, info, *args)
- true
- ensure
- @connection.sasl_quiet = sasl_quiet
- end
- end
- end
-
- def simple_bind(bind_dn, options={})
- super do |_bind_dn, password|
- execute(:bind, {:dn => _bind_dn}, _bind_dn, password)
- true
- end
- end
-
- def parse_entries(entries)
- result = []
- entries.each do |type, key, attributes|
- mod_type = ensure_mod_type(type)
- binary = schema.attribute(key).binary?
- mod_type |= LDAP::LDAP_MOD_BVALUES if binary
- attributes.each do |name, values|
- additional_mod_type = 0
- if values.any? {|value| Ldif::Attribute.binary_value?(value)}
- additional_mod_type |= LDAP::LDAP_MOD_BVALUES
- end
- result << LDAP.mod(mod_type | additional_mod_type, name, values)
- end
- end
- result
- end
-
- def ensure_mod_type(type)
- case type
- when :replace, :add, :delete
- LDAP.const_get("LDAP_MOD_#{type.to_s.upcase}")
- else
- raise ArgumentError, _("unknown type: %s") % type
- end
- end
- end
- end
-end