Module: UCB::LDAP

Defined in:
lib/ucb_ldap.rb,
lib/ucb_ldap_org.rb,
lib/ucb_ldap_entry.rb,
lib/ucb_ldap_person.rb,
lib/ucb_ldap_schema.rb,
lib/ucb_ldap_address.rb,
lib/ucb_ldap_service.rb,
lib/ucb_ldap_namespace.rb,
lib/ucb_ldap_exceptions.rb,
lib/ucb_ldap_affiliation.rb,
lib/ucb_ldap_student_term.rb,
lib/ucb_simple_ldap_entry.rb,
lib/person/generic_attributes.rb,
lib/ucb_ldap_schema_attribute.rb,
lib/person/affiliation_methods.rb,
lib/ucb_ldap_person_job_appointment.rb

Overview

UCB::LDAP

If you are doing searches that don’t require a privileged bind and are accessing the default (production) server you probably don’t need to call any of the methods in this module.

Methods in this module are about making connections to the LDAP directory.

Interaction with the directory (searches and updates) is usually through the search() and other methods of UCB::LDAP::Entry and its sub-classes.

Defined Under Namespace

Modules: AffiliationMethods, GenericAttributes, Schema Classes: Address, Affiliation, BadAttributeNameException, BindFailedException, ConnectionFailedException, DirectoryNotUpdatedException, Entry, JobAppointment, Namespace, Org, Person, Service, SimpleEntry, StudentTerm

Constant Summary collapse

HOST_PRODUCTION = 
'ldap.berkeley.edu'
HOST_TEST = 
'ldap-test.berkeley.edu'

Class Method Summary collapse

Class Method Details

.authenticate(username, password) ⇒ Object

Give (new) bind credentials to LDAP. An attempt will be made to bind and will raise BindFailedException if bind fails.

Call clear_authentication() to remove privileged bind.



51
52
53
54
 
# File 'lib/ucb_ldap.rb', line 51

def authenticate(username, password)
  @username, @password = username, password
  new_net_ldap # to force bind()
end

.authentication_informationObject

The value of the :auth parameter for Net::LDAP.new().



143
144
145
146
147
 
# File 'lib/ucb_ldap.rb', line 143

def authentication_information()
  password.nil? ? 
    {:method => :anonymous} : 
    {:method => :simple, :username => username, :password => password}
end

.bind(bind_file, environment) ⇒ Object 



123
124
125
126
127
128
 
# File 'lib/ucb_ldap.rb', line 123

def bind(bind_file, environment)
  raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file)
  binds = YAML.load(IO.read(bind_file))
  bind = binds[environment] || raise("Can't find environment=#{environment} in bind file")
  authenticate(bind['username'], bind['password'])
end

.bind_for_rails(bind_file = "#{RAILS_ROOT}/config/ldap.yml", environment = RAILS_ENV) ⇒ Object

If you are using UCB::LDAP in a Rails application you can specify binds on a per-environment basis, just as you can with database credentials.

# in ../config/ldap.yml

development:
  username: user_dev
  password: pass_dev

# etc.

# in ../config/environment.rb

require 'ucb_ldap'
UCB::LDAP.bind_for_rails()

Runtime error will be raised if bind_file not found or if environment key not found in bind_file.



119
120
121
 
# File 'lib/ucb_ldap.rb', line 119

def bind_for_rails(bind_file = "#{RAILS_ROOT}/config/ldap.yml", environment = RAILS_ENV)
  bind(bind_file, environment)
end

.clear_authenticationObject

Removes current bind (username, password).



57
58
59
 
# File 'lib/ucb_ldap.rb', line 57

def clear_authentication()
  authenticate(nil, nil)
end

.clear_instance_variablesObject

Used for testing



166
167
168
169
170
171
 
# File 'lib/ucb_ldap.rb', line 166

def clear_instance_variables()
  @host = nil
  @net_ldap = nil
  @username = nil
  @password = nil
end

.hostObject

Returns LDAP host used for lookups. Default is HOST_PRODUCTION.



62
63
64
 
# File 'lib/ucb_ldap.rb', line 62

def host()
  @host || HOST_PRODUCTION
end

.host=(host) ⇒ Object

Setter for #host.

Note: validation of host is deferred until a search is performed or #authenticate() is called at which time a bad host will raise ConnectionFailedException.

Don’t want to reconnect unless host really changed.



73
74
75
76
77
78
 
# File 'lib/ucb_ldap.rb', line 73

def host=(host)
  if host != @host
    @host = host
    @net_ldap = nil
  end
end

.local_date_parse(arg) ⇒ Object

Returns arg as a Ruby Date in local time zone. Returns nil if arg is nil.



131
132
133
 
# File 'lib/ucb_ldap.rb', line 131

def local_date_parse(arg)        
  arg.nil? ? nil : Date.parse(Time.parse(arg.to_s).localtime.to_s)
end

.local_datetime_parse(arg) ⇒ Object

Returns arg as a Ruby DateTime in local time zone. Returns nil if arg is nil.



136
137
138
 
# File 'lib/ucb_ldap.rb', line 136

def local_datetime_parse(arg)        
  arg.nil? ? nil : DateTime.parse(Time.parse(arg.to_s).localtime.to_s)
end

.net_ldapObject

Returns Net::LDAP instance that is used by UCB::LDAP::Entry and subclasses for directory searches.

You might need this to perform searches not supported by sub-classes of Entry.

Note: callers should not cache the results of this call unless they are prepared to handle timed-out connections (which this method does).



88
89
90
 
# File 'lib/ucb_ldap.rb', line 88

def net_ldap()
  @net_ldap ||= new_net_ldap()
end

.new_net_ldapObject

Returns new Net::LDAP instance. Note: Calling Net::LDAP.new does not result in a connection to the LDAP server. Rather, it stores the connection and binding parameters in the object. Later calls to: [search, add_attribute, rename_attribute, delete_attribute] will each result result in a new connection to the LDAP server.

Raises:



154
155
156
157
158
159
160
161
162
163
 
# File 'lib/ucb_ldap.rb', line 154

def new_net_ldap()
  @net_ldap = Net::LDAP.new(
    :host => host,
    :auth => authentication_information,
    :port => 636, 
    :encryption => {:method =>:simple_tls}
  )
  raise(BindFailedException, @net_ldap.get_operation_result.to_s) unless @net_ldap.bind
  @net_ldap
end

.passwordObject

:nodoc:



92
93
94
 
# File 'lib/ucb_ldap.rb', line 92

def password() #:nodoc:
  @password
end

.usernameObject

:nodoc:



96
97
98
 
# File 'lib/ucb_ldap.rb', line 96

def username() #:nodoc:
  @username
end