Module: UCB::LDAP

Defined in:

lib/ucb_ldap.rb,
lib/ucb_ldap/org.rb,
lib/ucb_ldap/entry.rb,
lib/ucb_ldap/person.rb,
lib/ucb_ldap/schema.rb,
lib/ucb_ldap/address.rb,
lib/ucb_ldap/service.rb,
lib/ucb_ldap/namespace.rb,
lib/ucb_ldap/affiliation.rb,
lib/ucb_ldap/student_term.rb,
lib/ucb_ldap/expired_person.rb,
lib/ucb_ldap/job_appointment.rb,
lib/ucb_ldap/schema_attribute.rb,
lib/ucb_ldap/person/common_attributes.rb,
lib/ucb_ldap/person/affiliation_methods.rb

Overview

:nodoc:

UCB::LDAP

If you are doing searches that don’t require a privileged bind and are accessing the default (production) server you probably don’t need to call any of the methods in this module.

Methods in this module are about making connections to the LDAP directory.

Interaction with the directory (searches and updates) is usually through the search() and other methods of UCB::LDAP::Entry and its sub-classes.

Defined Under Namespace

Modules: AffiliationMethods, CommonAttributes, Schema Classes: Address, Affiliation, BindFailedException, ConnectionFailedException, DirectoryNotUpdatedException, Entry, ExpiredPerson, JobAppointment, Namespace, Org, Person, Service, StudentTerm

Constant Summary

BadAttributeNameException =

:nodoc:

Class.new(Exception)

HOST_PRODUCTION =

'nds.berkeley.edu'

HOST_TEST =

'nds-test.berkeley.edu'

Class Method Summary

• .authenticate(username, password) ⇒ Object

  Give (new) bind credentials to LDAP.

• .authentication_information ⇒ Object

  The value of the :auth parameter for Net::LDAP.new.

• .bind(bind_file, environment) ⇒ Object
• .bind_for_rails(bind_file = "#{::Rails.root}/config/ldap.yml", environment = ::Rails.env) ⇒ Object

  If you are using UCB::LDAP in a Rails application you can specify binds on a per-environment basis, just as you can with database credentials.

• .clear_authentication ⇒ Object

  Removes current bind (username, password).

• .clear_instance_variables ⇒ Object

  Used for testing.

• .host ⇒ Object

  Returns LDAP host used for lookups.

• .host=(host) ⇒ Object

  Setter for #host.

• .ldap_ping ⇒ Object

  Returns true if connection simple search works.

• .local_date_parse(arg) ⇒ Object

  Returns arg as a Ruby Date in local time zone.

• .local_datetime_parse(arg) ⇒ Object

  Returns arg as a Ruby DateTime in local time zone.

• .net_ldap ⇒ Object

  Returns Net::LDAP instance that is used by UCB::LDAP::Entry and subclasses for directory searches.

• .new_net_ldap ⇒ Object

  Returns new Net::LDAP instance.

• .password ⇒ Object

  :nodoc:.

• .username ⇒ Object

  :nodoc:.

• .with_credentials(username_to_use, password_to_use) ⇒ Object

  Execute UCB::LDAP commands with a different username and password.

Class Method Details

.authenticate(username, password) ⇒ Object

Give (new) bind credentials to LDAP. An attempt will be made to bind and will raise BindFailedException if bind fails.

Call clear_authentication() to remove privileged bind.

# File 'lib/ucb_ldap.rb', line 82

def authenticate(username, password)
  @username, @password = username, password
  new_net_ldap() # to force bind()
end

.authentication_information ⇒ Object

The value of the :auth parameter for Net::LDAP.new.

# File 'lib/ucb_ldap.rb', line 191

def authentication_information
  password.nil? ?
      { :method => :anonymous } :
      { :method => :simple, :username => username, :password => password }
end

.bind(bind_file, environment) ⇒ Object

# File 'lib/ucb_ldap.rb', line 164

def bind(bind_file, environment)
  raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file)
  binds = YAML.load(IO.read(bind_file))
  bind = binds[environment] || raise("Can't find environment=#{environment} in bind file")
  authenticate(bind['username'], bind['password'])
end

.bind_for_rails(bind_file = "#{::Rails.root}/config/ldap.yml", environment = ::Rails.env) ⇒ Object

If you are using UCB::LDAP in a Rails application you can specify binds on a per-environment basis, just as you can with database credentials.

# in ../config/ldap.yml

development:
  username: user_dev
  password: pass_dev

# etc.

# in ../config/environment.rb

require 'ucb_ldap'
UCB::LDAP.bind_for_rails()

Runtime error will be raised if bind_file not found or if environment key not found in bind_file.

# File 'lib/ucb_ldap.rb', line 160

def bind_for_rails(bind_file = "#{::Rails.root}/config/ldap.yml", environment = ::Rails.env)
  bind(bind_file, environment)
end

.clear_authentication ⇒ Object

Removes current bind (username, password).

# File 'lib/ucb_ldap.rb', line 90

def clear_authentication
  authenticate(nil, nil)
end

.clear_instance_variables ⇒ Object

Used for testing

# File 'lib/ucb_ldap.rb', line 231

def clear_instance_variables
  @host = nil
  @net_ldap = nil
  @username = nil
  @password = nil
end

.host ⇒ Object

Returns LDAP host used for lookups. Default is HOST_PRODUCTION.

# File 'lib/ucb_ldap.rb', line 97

def host
  @host || HOST_PRODUCTION
end

.host=(host) ⇒ Object

Setter for #host.

Note: validation of host is deferred until a search is performed or #authenticate() is called at which time a bad host will raise ConnectionFailedException.

---

Don’t want to reconnect unless host really changed.

# File 'lib/ucb_ldap.rb', line 110

def host=(host)
  if host != @host
    @host = host
    @net_ldap = nil
  end
end

.ldap_ping ⇒ Object

Returns true if connection simple search works.

# File 'lib/ucb_ldap.rb', line 200

def ldap_ping
  search_attrs = {
      :base => "",
      :scope => Net::LDAP::SearchScope_BaseObject,
      :attributes => [1.1]
  }
  result = false
  @net_ldap.search(search_attrs) { result = true }
  result
end

.local_date_parse(arg) ⇒ Object

Returns arg as a Ruby Date in local time zone. Returns nil if arg is nil.

# File 'lib/ucb_ldap.rb', line 174

def local_date_parse(arg)
  arg.nil? ? nil : Date.parse(Time.parse(arg.to_s).localtime.to_s)
end

.local_datetime_parse(arg) ⇒ Object

Returns arg as a Ruby DateTime in local time zone. Returns nil if arg is nil.

# File 'lib/ucb_ldap.rb', line 181

def local_datetime_parse(arg)
  arg.nil? ? nil : DateTime.parse(Time.parse(arg.to_s).localtime.to_s)
end

.net_ldap ⇒ Object

Returns Net::LDAP instance that is used by UCB::LDAP::Entry and subclasses for directory searches.

You might need this to perform searches not supported by sub-classes of Entry.

Note: callers should not cache the results of this call unless they are prepared to handle timed-out connections (which this method does).

# File 'lib/ucb_ldap.rb', line 127

def net_ldap
  @net_ldap ||= new_net_ldap
end

.new_net_ldap ⇒ Object

Returns new Net::LDAP instance.

# File 'lib/ucb_ldap.rb', line 214

def new_net_ldap
  params = {
      :host => host,
      :auth => authentication_information,
      :port => 636,
      :encryption => { :method => :simple_tls }
  }
  @net_ldap = Net::LDAP.new(params)
  @net_ldap.bind || raise(BindFailedException)
  @net_ldap
rescue Net::LDAP::LdapError => e
  raise(BindFailedException)
end

.password ⇒ Object

:nodoc:

# File 'lib/ucb_ldap.rb', line 131

def password #:nodoc:
  @password
end

.username ⇒ Object

:nodoc:

# File 'lib/ucb_ldap.rb', line 135

def username #:nodoc:
  @username
end

.with_credentials(username_to_use, password_to_use) ⇒ Object

Execute UCB::LDAP commands with a different username and password. Original credentials are restored.

# File 'lib/ucb_ldap.rb', line 65

def with_credentials(username_to_use, password_to_use)
  original_username = username
  original_password = password

  UCB::LDAP.authenticate(username_to_use, password_to_use)

  yield
ensure
  UCB::LDAP.authenticate(original_username, original_password)
end