ActiveLdap::Adapter::Base

# File lib/active_ldap/adapter/jndi.rb, line 7
def jndi_connection(options)
  require 'active_ldap/adapter/jndi_connection'
  Jndi.new(options)
end

# File lib/active_ldap/adapter/ldap.rb, line 7
def ldap_connection(options)
  require 'active_ldap/adapter/ldap_ext'
  Ldap.new(options)
end

# File lib/active_ldap/adapter/net_ldap.rb, line 9
def net_ldap_connection(options)
  require 'active_ldap/adapter/net_ldap_ext'
  NetLdap.new(options)
end

# File lib/active_ldap/adapter/base.rb, line 23
def initialize(configuration={})
  @runtime = 0
  @connection = nil
  @disconnected = false
  @bound = false
  @bind_tried = false
  @entry_attributes = {}
  @configuration = configuration.dup
  @logger = @configuration.delete(:logger)
  @configuration.assert_valid_keys(VALID_ADAPTER_CONFIGURATION_KEYS)
  VALID_ADAPTER_CONFIGURATION_KEYS.each do |name|
    instance_variable_set("@#{name}", configuration[name])
  end
  @instrumenter = ActiveSupport::Notifications.instrumenter
end

# File lib/active_ldap/adapter/base.rb, line 198
def add(dn, entries, options={})
  dn = ensure_dn_string(dn)
  begin
    operation(options) do
      yield(dn, entries)
    end
  rescue LdapError::NoSuchObject
    raise EntryNotFound, _("No such entry: %s") % dn
  rescue LdapError::InvalidDnSyntax
    raise DistinguishedNameInvalid.new(dn)
  rescue LdapError::AlreadyExists
    raise EntryAlreadyExist, _("%s: %s") % [$!.message, dn]
  rescue LdapError::StrongAuthRequired
    raise StrongAuthenticationRequired, _("%s: %s") % [$!.message, dn]
  rescue LdapError::ObjectClassViolation
    raise RequiredAttributeMissed, _("%s: %s") % [$!.message, dn]
  rescue LdapError::UnwillingToPerform
    raise OperationNotPermitted, _("%s: %s") % [$!.message, dn]
  end
end

# File lib/active_ldap/adapter/base.rb, line 68
def bind(options={})
  @bind_tried = true

  bind_dn = ensure_dn_string(options[:bind_dn] || @bind_dn)
  try_sasl = options.has_key?(:try_sasl) ? options[:try_sasl] : @try_sasl
  if options.has_key?(:allow_anonymous)
    allow_anonymous = options[:allow_anonymous]
  else
    allow_anonymous = @allow_anonymous
  end
  options = options.merge(:allow_anonymous => allow_anonymous)

  # Rough bind loop:
  # Attempt 1: SASL if available
  # Attempt 2: SIMPLE with credentials if password block
  # Attempt 3: SIMPLE ANONYMOUS if 1 and 2 fail (or pwblock returns '')
  if try_sasl and sasl_bind(bind_dn, options)
    @logger.info {_('Bound to %s by SASL as %s') % [target, bind_dn]}
  elsif simple_bind(bind_dn, options)
    @logger.info {_('Bound to %s by simple as %s') % [target, bind_dn]}
  elsif allow_anonymous and bind_as_anonymous(options)
    @logger.info {_('Bound to %s as anonymous') % target}
  else
    message = yield if block_given?
    message ||= _('All authentication methods for %s exhausted.') % target
    raise AuthenticationError, message
  end

  @bound = true
  @bound
end

# File lib/active_ldap/adapter/base.rb, line 105
def bind_as_anonymous(options={})
  yield
end

# File lib/active_ldap/adapter/base.rb, line 113
def bound?
  connecting? and @bound
end

# File lib/active_ldap/adapter/base.rb, line 44
def connect(options={})
  host = options[:host] || @host
  method = options[:method] || @method || :plain
  port = options[:port] || @port || ensure_port(method)
  method = ensure_method(method)
  @disconnected = false
  @bound = false
  @bind_tried = false
  @connection, @uri, @with_start_tls = yield(host, port, method)
  prepare_connection(options)
  bind(options)
end

# File lib/active_ldap/adapter/base.rb, line 109
def connecting?
  !@connection.nil? and !@disconnected
end

# File lib/active_ldap/adapter/base.rb, line 179
def delete(targets, options={})
  targets = [targets] unless targets.is_a?(Array)
  return if targets.empty?
  begin
    operation(options) do
      targets.each do |target|
        target = ensure_dn_string(target)
        begin
          yield(target)
        rescue LdapError::UnwillingToPerform, LdapError::InsufficientAccess
          raise OperationNotPermitted, _("%s: %s") % [$!.message, target]
        end
      end
    end
  rescue LdapError::NoSuchObject
    raise EntryNotFound, _("No such entry: %s") % target
  end
end

# File lib/active_ldap/adapter/base.rb, line 57
def disconnect!(options={})
  unbind(options)
  @connection = @uri = @with_start_tls = nil
  @disconnected = true
end

# File lib/active_ldap/adapter/base.rb, line 151
def entry_attribute(object_classes)
  @entry_attributes[object_classes.uniq.sort] ||=
    EntryAttribute.new(schema, object_classes)
end

# File lib/active_ldap/adapter/base.rb, line 243
def log_info(name, runtime_in_seconds, info=nil)
  return unless @logger
  return unless @logger.debug?
  message = "LDAP: #{name} (#{'%.1f' % (runtime_in_seconds * 1000)}ms)"
  @logger.debug(format_log_entry(message, info))
end

# File lib/active_ldap/adapter/base.rb, line 219
def modify(dn, entries, options={})
  dn = ensure_dn_string(dn)
  begin
    operation(options) do
      begin
        yield(dn, entries)
      rescue LdapError::UnwillingToPerform, LdapError::InsufficientAccess
        raise OperationNotPermitted, _("%s: %s") % [$!.message, target]
      end
    end
  rescue LdapError::UndefinedType
    raise
  rescue LdapError::ObjectClassViolation
    raise RequiredAttributeMissed, _("%s: %s") % [$!.message, dn]
  end
end

# File lib/active_ldap/adapter/base.rb, line 236
def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
  dn = ensure_dn_string(dn)
  operation(options) do
    yield(dn, new_rdn, delete_old_rdn, new_superior)
  end
end

# File lib/active_ldap/adapter/base.rb, line 147
def naming_contexts
  root_dse_values('namingContexts')
end

# File lib/active_ldap/adapter/base.rb, line 63
def rebind(options={})
  unbind(options) if bound?
  connect(options)
end

# File lib/active_ldap/adapter/base.rb, line 39
def reset_runtime
  runtime, @runtime = @runtime, 0
  runtime
end

# File lib/active_ldap/adapter/base.rb, line 117
def schema(options={})
  @schema ||= operation(options) do
    base = options[:base]
    attrs = options[:attributes]

    attrs ||= [
      'objectClasses',
      'attributeTypes',
      'matchingRules',
      'matchingRuleUse',
      'dITStructureRules',
      'dITContentRules',
      'nameForms',
      'ldapSyntaxes',
      #'extendedAttributeInfo', # if we need RANGE-LOWER/UPPER.
    ]
    base ||= root_dse_values('subschemaSubentry', options)[0]
    base ||= 'cn=schema'
    schema = nil
    search(:base => base,
           :scope => :base,
           :filter => '(objectClass=subschema)',
           :attributes => attrs,
           :limit => 1) do |dn, attributes|
      schema = Schema.new(attributes)
    end
    schema || Schema.new([])
  end
end

# File lib/active_ldap/adapter/base.rb, line 156
def search(options={})
  filter = parse_filter(options[:filter]) || 'objectClass=*'
  attrs = options[:attributes] || []
  scope = ensure_scope(options[:scope] || @scope)
  base = options[:base]
  limit = options[:limit] || 0
  limit = nil if limit <= 0

  attrs = attrs.to_a # just in case
  base = ensure_dn_string(base)
  begin
    operation(options) do
      yield(base, scope, filter, attrs, limit)
    end
  rescue LdapError::NoSuchObject, LdapError::InvalidDnSyntax
    # Do nothing on failure
    @logger.info do
      args = [$!.class, $!.message, filter, attrs.inspect]
      _("Ignore error %s(%s): filter %s: attributes: %s") % args
    end
  end
end

# File lib/active_ldap/adapter/base.rb, line 100
def unbind(options={})
  yield if @connection and (@bind_tried or bound?)
  @bind_tried = @bound = false
end