Class: Ldap::RubyLdapFacade

Inherits:

Object

• Object
• Ldap::RubyLdapFacade

Includes:

Slf4r::Logger

Defined in:

lib/ldap/unboundid_ldap_facade.rb,
lib/ldap/ruby_ldap_facade.rb

Overview

end

Class Method Summary

• .open(config) {|ldap| ... } ⇒ Object

Instance Method Summary

• #authenticate(dn, password) ⇒ Object
• #base(treebase = nil, ldap_base = @ldap2.base) ⇒ Object

  helper to concat the base from the various parts.

• #create_object(dn_prefix, treebase, key_field, props, silence = false) ⇒ Object

  Nil in case of an error or the new id of the created object.

• #delete_object(dn_prefix, treebase) ⇒ Object

  Nil in case of an error or true.

• #dn(dn_prefix, treebase) ⇒ Object

  helper to concat the dn from the various parts.

• #initialize(config) ⇒ RubyLdapFacade constructor

  A new instance of RubyLdapFacade.

• #read_objects(treebase, key_fields, conditions, field_names, order_field = '') ⇒ Object

  Array of Hashes with a name/values pair for each attribute.

• #retrieve_next_id(treebase, key_field) ⇒ Object
• #update_object(dn_prefix, treebase, actions) ⇒ Object

  Nil in case of an error or true.

Constructor Details

#initialize(config) ⇒ RubyLdapFacade

Returns a new instance of RubyLdapFacade.

Parameters:

• config —

  Hash for the ldap connection

# File 'lib/ldap/ruby_ldap_facade.rb', line 34

def initialize(config)
  if config.is_a? Hash
    @ldap2 = Connection.new(config)
    @ldap2.bind(config[:auth][:username], config[:auth][:password])
  else
    @ldap2 = config
  end
end

Class Method Details

.open(config) {|ldap| ... } ⇒ Object

Parameters:

• config —

  Hash for the ldap connection

Yields:

• (ldap)

# File 'lib/ldap/ruby_ldap_facade.rb', line 24

def self.open(config)
  ldap2 = Connection.new(config)
  ldap2.bind(config[:auth][:username], config[:auth][:password]) do |ldap|
    yield ldap
  end
end

Instance Method Details

#authenticate(dn, password) ⇒ Object

Parameters:

• dn —

  String for identifying the ldap object

• password —

  String to be used for authenticate to the dn

# File 'lib/ldap/ruby_ldap_facade.rb', line 164

def authenticate(dn, password)
  bound = false
  ldap_con = LDAP::Conn.new(@ldap2.host, @ldap2.port)
  ldap_con.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
  begin
    ldap_con.bind(dn, password, LDAP::LDAP_AUTH_SIMPLE) do
      bound = true
    end
  rescue LDAP::ResultError => msg
    if msg.to_s =~ /Invalid\ credentials/i
      logger.info("Invalid Credentials: #{dn}")
    else 
      logger.warn "Authentication Error: #{msg.to_s}"
    end
  end
  bound
end

#base(treebase = nil, ldap_base = @ldap2.base) ⇒ Object

helper to concat the base from the various parts

Parameters:

• treebase (defaults to: nil)
• ldap_base (defaults to: @ldap2.base) —

  the ldap_base defaulting to connection ldap_base

Returns:

• the complete base String

# File 'lib/ldap/ruby_ldap_facade.rb', line 194

def base(treebase = nil, ldap_base = @ldap2.base)
  [ treebase, ldap_base ].compact.join(",")
end

#create_object(dn_prefix, treebase, key_field, props, silence = false) ⇒ Object

Returns nil in case of an error or the new id of the created object.

Parameters:

• dn_prefix —

  String the prefix of the dn

• treebase —

  the treebase of the dn or any search

• key_field —

  field which carries the integer unique id of the entity

• props —

  Hash of the ldap attributes of the new ldap object

Returns:

• nil in case of an error or the new id of the created object

# File 'lib/ldap/ruby_ldap_facade.rb', line 60

def create_object(dn_prefix, treebase, key_field, props, silence = false)
  mods = props.collect do |k,v|
    LDAP.mod(LDAP::LDAP_MOD_ADD, k.to_s, v.is_a?(::Array) ? v : [v.to_s] )
  end
  if @ldap2.add( dn(dn_prefix, treebase), mods)
    props[key_field.to_sym]
  else
    unless silence
      msg = ldap_error("create",
                         dn(dn_prefix, treebase)) + "\n\t#{props.inspect}"
      # TODO maybe raise always an error
      if @ldap2.get_operation_result.code.to_s == "68"
        raise ::DataMapper::PersistenceError.new(msg)
      else
        logger.warn(msg)
      end
    end
    nil
  end
end

#delete_object(dn_prefix, treebase) ⇒ Object

Returns nil in case of an error or true.

Parameters:

• dn_prefix —

  String the prefix of the dn

• treebase —

  the treebase of the dn or any search

Returns:

• nil in case of an error or true

# File 'lib/ldap/ruby_ldap_facade.rb', line 150

def delete_object(dn_prefix, treebase)
  if @ldap2.delete( dn(dn_prefix, treebase) )
    true
  else
    logger.warn(ldap_error("delete",
                           dn(dn_prefix, treebase)))

    nil
  end
end

#dn(dn_prefix, treebase) ⇒ Object

helper to concat the dn from the various parts

Parameters:

• dn_prefix —

  String the prefix of the dn

• treebase —

  the treebase of the dn or any search

Returns:

• the complete dn String

# File 'lib/ldap/ruby_ldap_facade.rb', line 186

def dn(dn_prefix, treebase)
  [ dn_prefix, base(treebase) ].compact.join(",")
end

#read_objects(treebase, key_fields, conditions, field_names, order_field = '') ⇒ Object

Returns Array of Hashes with a name/values pair for each attribute.

Parameters:

• treebase —

  the treebase of the search

• key_fields —

  Array of fields which carries the integer unique id(s) of the entity

• Array —

  of conditions for the search

Returns:

• Array of Hashes with a name/values pair for each attribute

# File 'lib/ldap/ruby_ldap_facade.rb', line 85

def read_objects(treebase, key_fields, conditions, field_names, order_field = '')      
  
  if !conditions.nil? and conditions.size > 0
    filter = Conditions2Filter.convert(conditions).to_s
  else
    filter = "(objectclass=*)"
  end

  searchbase = base(treebase)

  # If there is a :dn in the filter skip everything and look it up
  if dn = conditions.detect { |c| c[1] == "dn" } then
    searchbase = dn[2]
    filter = nil
  end

  result = []
  begin
  @ldap2.search(searchbase,
                LDAP::LDAP_SCOPE_SUBTREE,
                filter,
                field_names, false, 0, 0, order_field) do |res|
    mapp = to_map(field_names, res)
    # TODO maybe make filter which removes this unless
    # TODO move this into the ldap_Adapter to make it more general, so that
    # all field with Integer gets converted, etc
    # NOTE: somehow the fields are downcase coming from query.model
    result << mapp if key_fields.detect do |key_field|
        mapp.keys.detect {|k| k.to_s.downcase == key_field.downcase }
      end
    end
  end
  result
end

#retrieve_next_id(treebase, key_field) ⇒ Object

# File 'lib/ldap/ruby_ldap_facade.rb', line 43

def retrieve_next_id(treebase, key_field)
  max = 0
  @ldap2.search(base(treebase),
                LDAP::LDAP_SCOPE_SUBTREE,
                "(objectclass=*)",
                 [key_field]) do |entry|
    n = (entry.vals(key_field) || [0]).first.to_i
    max = n if max < n
  end
  max + 1
end

#update_object(dn_prefix, treebase, actions) ⇒ Object

Returns nil in case of an error or true.

Parameters:

• dn_prefix —

  String the prefix of the dn

• treebase —

  the treebase of the dn or any search

• actions —

  the add/replace/delete actions on the attributes

Returns:

• nil in case of an error or true

# File 'lib/ldap/ruby_ldap_facade.rb', line 125

def update_object(dn_prefix, treebase, actions)
  mods = actions.collect do |act|
    mod_op = case act[0]
          when :add
            LDAP::LDAP_MOD_ADD
          when :replace
            LDAP::LDAP_MOD_REPLACE
          when :delete
            LDAP::LDAP_MOD_DELETE
          end
    LDAP.mod(mod_op, act[1].to_s, act[2] == [] ? [] : [act[2].to_s])
  end
  if @ldap2.modify( dn(dn_prefix, treebase),
                   mods )
    true
  else
    logger.warn(ldap_error("update",
                           dn(dn_prefix, treebase) + "\n\t#{actions.inspect}"))
    nil
  end
end