1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
|
require 'java'
java.util.Enumeration.module_eval do
include Enumerable
def each
while has_more_elements
yield(next_element)
end
end
end
module ActiveLdap
module Adapter
class JndiConnection
HashTable = java.util.Hashtable
naming = javax.naming
directory = naming.directory
ldap = naming.ldap
InitialDirContext = directory.InitialDirContext
InitialLdapContext = ldap.InitialLdapContext
SearchControls = directory.SearchControls
ModificationItem = directory.ModificationItem
BasicAttributes = directory.BasicAttributes
Context = naming.Context
StartTlsRequest = ldap.StartTlsRequest
Control = ldap.Control
PagedResultsControl = ldap.PagedResultsControl
PagedResultsResponseControl = ldap.PagedResultsResponseControl
CommunicationException = naming.CommunicationException
ServiceUnavailableException = naming.ServiceUnavailableException
NamingException = naming.NamingException
NameNotFoundException = naming.NameNotFoundException
module Scope
OBJECT = SearchControls::OBJECT_SCOPE
ONE_LEVEL = SearchControls::ONELEVEL_SCOPE
SUBTREE = SearchControls::SUBTREE_SCOPE
end
class ModifyRecord
directory = javax.naming.directory
DirContext = directory.DirContext
BasicAttribute = directory.BasicAttribute
ADD_ATTRIBUTE = DirContext::ADD_ATTRIBUTE
REPLACE_ATTRIBUTE = DirContext::REPLACE_ATTRIBUTE
REMOVE_ATTRIBUTE = DirContext::REMOVE_ATTRIBUTE
attr_reader :type, :name, :values
def initialize(type, name, values, binary)
@type = self.class.const_get("#{type.to_s.upcase}_ATTRIBUTE")
@name = name
@values = values
@binary = binary
end
def binary?
@binary
end
def to_java_modification_item
ModificationItem.new(@type, to_java_attribute)
end
def to_java_attribute
attribute = BasicAttribute.new(@name)
values = @values
values = values.collect(&:to_java_bytes) if binary?
values.each do |value|
attribute.add(value)
end
attribute
end
end
def initialize(host, port, method, timeout, follow_referrals)
@host = host
@port = port
@method = method
@timeout = timeout
@context = nil
@tls = nil
@follow_referrals = follow_referrals
end
def unbind
@tls.close if @tls
@tls = nil
@context.close if @context
@context = nil
end
def bound?
not @context.nil?
end
def sasl_bind(bind_dn, mechanism, quiet)
setup_context(bind_dn, password, mechanism)
bound?
end
def simple_bind(bind_dn, password)
setup_context(bind_dn, password, "simple")
bound?
end
def bind_as_anonymous
setup_context(nil, nil, "none")
bound?
end
def search(options)
base = options[:base]
scope = options[:scope]
filter = options[:filter]
attributes = options[:attributes]
limit = options[:limit]
use_paged_results = options[:use_paged_results]
page_size = options[:page_size]
controls = SearchControls.new
controls.search_scope = scope
controls.count_limit = limit if limit
unless attributes.blank?
controls.returning_attributes = attributes.to_java(:string)
end
page_cookie = nil
if use_paged_results
# https://devdocs.io/openjdk~8/javax/naming/ldap/pagedresultscontrol
@context.set_request_controls([build_paged_results_control(page_size)])
else
@context.set_request_controls([])
end
escaped_base = escape_dn(base)
loop do
@context.search(escaped_base, filter, controls).each do |search_result|
yield(build_raw_search_result(search_result))
end
break unless use_paged_results
# Find the paged search cookie
response_controls = @context.get_response_controls
break unless response_controls
response_controls.each do |response_control|
next unless response_control.is_a?(PagedResultsResponseControl)
page_cookie = response_control.get_cookie
break
end
break unless page_cookie
# Set paged results control so we can keep getting results.
paged_results_control =
build_paged_results_control(page_size, page_cookie)
@context.set_request_controls([paged_results_control])
end
end
def add(dn, records)
attributes = BasicAttributes.new
records.each do |record|
attributes.put(record.to_java_attribute)
end
@context.set_request_controls([])
@context.create_subcontext(escape_dn(dn), attributes)
end
def modify(dn, records)
items = records.collect(&:to_java_modification_item)
@context.set_request_controls([])
@context.modify_attributes(escape_dn(dn), items.to_java(ModificationItem))
end
def modify_rdn(dn, new_rdn, delete_old_rdn)
# should use mutex
delete_rdn_key = "java.naming.ldap.deleteRDN"
@context.set_request_controls([])
begin
@context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
@context.rename(escape_dn(dn), escape_dn(new_rdn))
ensure
@context.remove_from_environment(delete_rdn_key)
end
end
def delete(dn)
escaped_dn = escape_dn(dn)
@context.set_request_controls([])
@context.destroy_subcontext(escaped_dn)
end
private
def setup_context(bind_dn, password, authentication)
unbind
environment = {
Context::INITIAL_CONTEXT_FACTORY => "com.sun.jndi.ldap.LdapCtxFactory",
Context::PROVIDER_URL => ldap_uri,
'com.sun.jndi.ldap.connect.timeout' => (@timeout * 1000).to_i.to_s,
'com.sun.jndi.ldap.read.timeout' => (@timeout * 1000).to_i.to_s,
'java.naming.ldap.derefAliases' => 'never',
'java.naming.referral' => @follow_referrals ? 'follow' : 'ignore',
}
context = InitialLdapContext.new(HashTable.new(environment), nil)
if @method == :start_tls
@tls = context.extended_operation(StartTlsRequest.new)
@tls.negotiate
end
context.add_to_environment(Context::SECURITY_AUTHENTICATION,
authentication)
if bind_dn
context.add_to_environment(Context::SECURITY_PRINCIPAL, bind_dn)
end
if password
context.add_to_environment(Context::SECURITY_CREDENTIALS, password)
end
context.reconnect(nil)
@context = context
end
def ldap_uri
protocol = @method == :ssl ? "ldaps" : "ldap"
"#{protocol}://#{@host}:#{@port}/"
end
def escape_dn(dn)
javax.naming.ldap.LdapName.new(dn)
rescue Java::JavaLang::IllegalArgumentException, Java::JavaxNaming::InvalidNameException
dn
end
def build_paged_results_control(page_size, page_cookie=nil)
PagedResultsControl.new(page_size, page_cookie, Control::CRITICAL)
end
def build_raw_search_result(search_result)
attributes = {}
search_result.attributes.get_all.each do |attribute|
attributes[attribute.get_id] = attribute.get_all.collect do |value|
value.is_a?(String) ? value : String.from_java_bytes(value)
end
end
[search_result.name_in_namespace, attributes]
end
end
end
end
|
