Class: Net::LDAP::Connection

Inherits:
Object
  • Object
show all
Defined in:
vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb

Overview

This is a private class used internally by the library. It should not be called by user code.

Constant Summary

LdapVersion =
3

Instance Method Summary

Constructor Details

- (Connection) initialize(server) {|_self| ... }

— initialize

Yields:

  • (_self)

Yield Parameters:



1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1017

def initialize server
  begin
    @conn = TCPsocket.new( server[:host], server[:port] )
  rescue
    raise LdapError.new( "no connection to server" )
  end

  if server[:encryption]
    setup_encryption server[:encryption]
  end

  yield self if block_given?
end

Instance Method Details

- (Object) add(args)

— add TODO, need to support a time limit, in case the server fails to respond.



1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1255

def add args
  add_dn = args[:dn] or raise LdapError.new("Unable to add empty DN")
  add_attrs = []
  a = args[:attributes] and a.each {|k,v|
    add_attrs << [ k.to_s.to_ber, v.to_a.map {|m| m.to_ber}.to_ber_set ].to_ber_sequence
  }

  request = [add_dn.to_ber, add_attrs.to_ber_sequence].to_ber_appsequence(8)
  pkt = [next_msgid.to_ber, request].to_ber_sequence
  @conn.write pkt

  (be = @conn.read_ber(AsnSyntax)) && (pdu = LdapPdu.new( be )) && (pdu.app_tag == 9) or raise LdapError.new( "response missing or invalid" )
  pdu.result_code
end

- (Object) bind(auth)

— bind

Raises:



1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1090

def bind auth
  user,psw = case auth[:method]
  when :anonymous
    ["",""]
  when :simple
    [auth[:username] || auth[:dn], auth[:password]]
  end
  raise LdapError.new( "invalid binding information" ) unless (user && psw)

  msgid = next_msgid.to_ber
  request = [LdapVersion.to_ber, user.to_ber, psw.to_ber_contextspecific(0)].to_ber_appsequence(0)
  request_pkt = [msgid, request].to_ber_sequence
  @conn.write request_pkt

  (be = @conn.read_ber(AsnSyntax) and pdu = Net::LdapPdu.new( be )) or raise LdapError.new( "no bind result" )
  pdu.result_code
end

- (Object) close

— close This is provided as a convenience method to make sure a connection object gets closed without waiting for a GC to happen. Clients shouldn’t have to call it, but perhaps it will come in handy someday.



1073
1074
1075
1076
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1073

def close
  @conn.close
  @conn = nil
end

- (Object) delete(args)

— delete TODO, need to support a time limit, in case the server fails to respond.



1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1293

def delete args
  dn = args[:dn] or raise "Unable to delete empty DN"

  request = dn.to_s.to_ber_application_string(10)
  pkt = [next_msgid.to_ber, request].to_ber_sequence
  @conn.write pkt

  (be = @conn.read_ber(AsnSyntax)) && (pdu = LdapPdu.new( be )) && (pdu.app_tag == 11) or raise LdapError.new( "response missing or invalid" )
  pdu.result_code
end

- (Object) modify(args)

— modify TODO, need to support a time limit, in case the server fails to respond. TODO!!! We’re throwing an exception here on empty DN. Should return a proper error instead, probaby from farther up the chain. TODO!!! If the user specifies a bogus opcode, we’ll throw a confusing error here ("to_ber_enumerated is not defined on nil").



1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1232

def modify args
  modify_dn = args[:dn] or raise "Unable to modify empty DN"
  modify_ops = []
  a = args[:operations] and a.each {|op, attr, values|
    # TODO, fix the following line, which gives a bogus error
    # if the opcode is invalid.
    op_1 = {:add => 0, :delete => 1, :replace => 2} [op.to_sym].to_ber_enumerated
    modify_ops << [op_1, [attr.to_s.to_ber, values.to_a.map {|v| v.to_ber}.to_ber_set].to_ber_sequence].to_ber_sequence
  }

  request = [modify_dn.to_ber, modify_ops.to_ber_sequence].to_ber_appsequence(6)
  pkt = [next_msgid.to_ber, request].to_ber_sequence
  @conn.write pkt

  (be = @conn.read_ber(AsnSyntax)) && (pdu = LdapPdu.new( be )) && (pdu.app_tag == 7) or raise LdapError.new( "response missing or invalid" )
  pdu.result_code
end

- (Object) next_msgid

— next_msgid



1081
1082
1083
1084
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1081

def next_msgid
  @msgid ||= 0
  @msgid += 1
end

- (Object) rename(args)

— rename TODO, need to support a time limit, in case the server fails to respond.



1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1275

def rename args
  old_dn = args[:olddn] or raise "Unable to rename empty DN"
  new_rdn = args[:newrdn] or raise "Unable to rename to empty RDN"
  delete_attrs = args[:delete_attributes] ? true : false

  request = [old_dn.to_ber, new_rdn.to_ber, delete_attrs.to_ber].to_ber_appsequence(12)
  pkt = [next_msgid.to_ber, request].to_ber_sequence
  @conn.write pkt

  (be = @conn.read_ber(AsnSyntax)) && (pdu = LdapPdu.new( be )) && (pdu.app_tag == 13) or raise LdapError.new( "response missing or invalid" )
  pdu.result_code
end

- (Object) search(args = {})

— search Alternate implementation, this yields each search entry to the caller as it are received. TODO, certain search parameters are hardcoded. TODO, if we mis-parse the server results or the results are wrong, we can block forever. That’s because we keep reading results until we get a type-5 packet, which might never come. We need to support the time-limit in the protocol. — WARNING: this code substantially recapitulates the searchx method.

02May06: Well, I added support for RFC-2696-style paged searches. This is used on all queries because the extension is marked non-critical. As far as I know, only A/D uses this, but it’s required for A/D. Otherwise you won’t get more than 1000 results back from a query. This implementation is kindof clunky and should probably be refactored. Also, is it my imagination, or are A/Ds the slowest directory servers ever???



1126
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1126

def search args = {}

- (Object) setup_encryption(args)

— Helper method called only from new, and only after we have a successfully-opened



1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
# File 'vendor/plugins/ruby-net-ldap-0.0.4/lib/net/ldap.rb', line 1053

def setup_encryption args
  case args[:method]
  when :simple_tls
    raise LdapError.new("openssl unavailable") unless $net_ldap_openssl_available
    ctx = OpenSSL::SSL::SSLContext.new
    @conn = OpenSSL::SSL::SSLSocket.new(@conn, ctx)
    @conn.connect
    @conn.sync_close = true
  # additional branches requiring server validation and peer certs, etc. go here.
  else
    raise LdapError.new( "unsupported encryption method #{args[:method]}" )
  end
end