Module: ROM::LDAP::Client::Authentication Private

Included in:

ROM::LDAP::Client

Defined in:

lib/rom/ldap/client/authentication.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Adds authentication capability to the client.

Instance Method Summary

• #bind(username:, password:) ⇒ PDU

  The Bind request is defined as follows:.

• #sasl_bind(mechanism:, credentials:, challenge:) ⇒ Object private
• #start_tls ⇒ PDU private

  Result object.

Instance Method Details

#bind(username:, password:) ⇒ PDU

The Bind request is defined as follows:

BindRequest ::= [APPLICATION 0] SEQUENCE {
     version                 INTEGER (1 ..  127),
     name                    LDAPDN,
     authentication          AuthenticationChoice }

AuthenticationChoice ::= CHOICE {
     simple                  [0] OCTET STRING,
                             -- 1 and 2 reserved
     sasl                    [3] SaslCredentials,
     ...  }

SaslCredentials ::= SEQUENCE {
     mechanism               LDAPString,
     credentials             OCTET STRING OPTIONAL }

Parameters:

• :username (Hash) —

  a customizable set of options

• :password (Hash) —

  a customizable set of options

Returns:

• (PDU) —

  result object

Raises:

• (BindError)

See Also:

• https://tools.ietf.org/html/rfc4511#section-4.2
• https://tools.ietf.org/html/rfc4513

# File 'lib/rom/ldap/client/authentication.rb', line 55

def bind(username:, password:)
  request_type = pdu_lookup(:bind_request)

  request = [
    3.to_ber,
    username.to_ber,
    password.to_ber_contextspecific(0)
  ].to_ber_appsequence(request_type)

  pdu = submit(:bind_result, request)
  raise(BindError, username) if pdu.failure?

  pdu
end

#sasl_bind(mechanism:, credentials:, challenge:) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

Raises:

• (SecureBindError)

# File 'lib/rom/ldap/client/authentication.rb', line 91

def sasl_bind(mechanism:, credentials:, challenge:)
  request_type = pdu_lookup(:bind_request)
  n = 0

  loop do
    sasl = [
      mechanism.to_ber,
      credentials.to_ber
    ].to_ber_contextspecific(3)

    request = [
      3.to_ber,
      EMPTY_STRING.to_ber,
      sasl
    ].to_ber_appsequence(request_type)

    raise SecureBindError, 'sasl-challenge overflow' if (n += 1) > 10

    pdu = submit(:bind_request, request)

    credentials = challenge.call(pdu.result_server_sasl_creds)
  end
end

#start_tls ⇒ PDU

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns result object.

Returns:

• (PDU) —

  result object

# File 'lib/rom/ldap/client/authentication.rb', line 75

def start_tls
  request_type = pdu_lookup(:extended_request)

  request = [
    OID[:start_tls].to_ber_contextspecific(0)
  ].to_ber_appsequence(request_type)

  submit(:extended_response, request)
end