Module: UCB::LDAP

Defined in:
lib/ucb_ldap.rb,
lib/ucb_ldap_org.rb,
lib/ucb_ldap_entry.rb,
lib/ucb_ldap_person.rb,
lib/ucb_ldap_schema.rb,
lib/ucb_ldap_address.rb,
lib/ucb_ldap_service.rb,
lib/ucb_ldap_namespace.rb,
lib/ucb_ldap_exceptions.rb,
lib/ucb_ldap_affiliation.rb,
lib/ucb_ldap_student_term.rb,
lib/person/generic_attributes.rb,
lib/ucb_ldap_schema_attribute.rb,
lib/person/affiliation_methods.rb,
lib/ucb_ldap_person_job_appointment.rb

Overview

UCB::LDAP

If you are doing searches that don’t require a privileged bind and are accessing the default (production) server you probably don’t need to call any of the methods in this module.

Methods in this module are about making connections to the LDAP directory.

Interaction with the directory (searches and updates) is usually through the search() and other methods of UCB::LDAP::Entry and its sub-classes.

Defined Under Namespace

Modules: AffiliationMethods, GenericAttributes, Schema Classes: Address, Affiliation, BadAttributeNameException, BindFailedException, ConnectionFailedException, DirectoryNotUpdatedException, Entry, JobAppointment, Namespace, Org, Person, Service, StudentTerm

Constant Summary collapse

HOST_PRODUCTION = 
'ldap.berkeley.edu'
HOST_TEST = 
'ldap-test.berkeley.edu'

Class Method Summary collapse

Class Method Details

.authenticate(username, password) ⇒ Object

Give (new) bind credentials to LDAP. An attempt will be made to bind and will raise BindFailedException if bind fails.

Call clear_authentication() to remove privileged bind.



47
48
49
50
 
# File 'lib/ucb_ldap.rb', line 47

def authenticate(username, password)
  @username, @password = username, password
  new_net_ldap() # to force bind()
end

.authentication_informationObject

The value of the :auth parameter for Net::LDAP.new().



155
156
157
158
159
 
# File 'lib/ucb_ldap.rb', line 155

def authentication_information()
  password.nil? ? 
    {:method => :anonymous} : 
    {:method => :simple, :username => username, :password => password}
end

.bind(bind_file, environment) ⇒ Object 



129
130
131
132
133
134
 
# File 'lib/ucb_ldap.rb', line 129

def bind(bind_file, environment)
  raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file)
  binds = YAML.load(IO.read(bind_file))
  bind = binds[environment] || raise("Can't find environment=#{environment} in bind file")
  authenticate(bind['username'], bind['password'])
end

.bind_for_rails(bind_file = "#{RAILS_ROOT}/config/ldap.yml", environment = RAILS_ENV) ⇒ Object

If you are using UCB::LDAP in a Rails application you can specify binds on a per-environment basis, just as you can with database credentials.

# in ../config/ldap.yml

development:
  username: user_dev
  password: pass_dev

# etc.

# in ../config/environment.rb

require 'ucb_ldap'
UCB::LDAP.bind_for_rails()

Runtime error will be raised if bind_file not found or if environment key not found in bind_file.



125
126
127
 
# File 'lib/ucb_ldap.rb', line 125

def bind_for_rails(bind_file = "#{RAILS_ROOT}/config/ldap.yml", environment = RAILS_ENV)
  bind(bind_file, environment)
end

.clear_authenticationObject

Removes current bind (username, password).



55
56
57
 
# File 'lib/ucb_ldap.rb', line 55

def clear_authentication()
  authenticate(nil, nil)
end

.clear_instance_variablesObject

Used for testing



195
196
197
198
199
200
 
# File 'lib/ucb_ldap.rb', line 195

def clear_instance_variables()
  @host = nil
  @net_ldap = nil
  @username = nil
  @password = nil
end

.hostObject

Returns LDAP host used for lookups. Default is HOST_PRODUCTION.



62
63
64
 
# File 'lib/ucb_ldap.rb', line 62

def host()
  @host || HOST_PRODUCTION
end

.host=(host) ⇒ Object

Setter for #host.

Note: validation of host is deferred until a search is performed or #authenticate() is called at which time a bad host will raise ConnectionFailedException.

Don’t want to reconnect unless host really changed.



75
76
77
78
79
80
 
# File 'lib/ucb_ldap.rb', line 75

def host=(host)
  if host != @host
    @host = host
    @net_ldap = nil
  end
end

.ldap_pingObject

Returns true if connection simple search works.



164
165
166
167
168
169
170
171
172
173
 
# File 'lib/ucb_ldap.rb', line 164

def ldap_ping()
  search_attrs = {
    :base => "",
    :scope => Net::LDAP::SearchScope_BaseObject,
    :attributes => [1.1]
  }
  result = false
  @net_ldap.search(search_attrs) { result = true }
  result
end

.local_date_parse(arg) ⇒ Object

Returns arg as a Ruby Date in local time zone. Returns nil if arg is nil.



139
140
141
 
# File 'lib/ucb_ldap.rb', line 139

def local_date_parse(arg)        
  arg.nil? ? nil : Date.parse(Time.parse(arg.to_s).localtime.to_s)
end

.local_datetime_parse(arg) ⇒ Object

Returns arg as a Ruby DateTime in local time zone. Returns nil if arg is nil.



146
147
148
 
# File 'lib/ucb_ldap.rb', line 146

def local_datetime_parse(arg)        
  arg.nil? ? nil : DateTime.parse(Time.parse(arg.to_s).localtime.to_s)
end

.net_ldapObject

Returns Net::LDAP instance that is used by UCB::LDAP::Entry and subclasses for directory searches.

You might need this to perform searches not supported by sub-classes of Entry.

Note: callers should not cache the results of this call unless they are prepared to handle timed-out connections (which this method does).



92
93
94
 
# File 'lib/ucb_ldap.rb', line 92

def net_ldap()
  @net_ldap ||= new_net_ldap
end

.new_net_ldapObject

Returns new Net::LDAP instance.



178
179
180
181
182
183
184
185
186
187
188
189
190
 
# File 'lib/ucb_ldap.rb', line 178

def new_net_ldap()
  params = {
    :host => host,
    :auth => authentication_information,
    :port => 636, 
    :encryption => {:method =>:simple_tls}
  }
  @net_ldap = Net::LDAP.new(params)
  @net_ldap.bind || raise(BindFailedException)
  @net_ldap
rescue Net::LDAP::LdapError => e
  raise(BindFailedException)
end

.passwordObject

:nodoc:



96
97
98
 
# File 'lib/ucb_ldap.rb', line 96

def password() #:nodoc:
  @password
end

.usernameObject

:nodoc:



100
101
102
 
# File 'lib/ucb_ldap.rb', line 100

def username() #:nodoc:
  @username
end