Module: UCB::LDAP

Defined in:

lib/ucb_ldap.rb,
lib/ucb_ldap/org.rb,
lib/ucb_ldap/entry.rb,
lib/ucb_ldap/person.rb,
lib/ucb_ldap/schema.rb,
lib/ucb_ldap/address.rb,
lib/ucb_ldap/service.rb,
lib/ucb_ldap/namespace.rb,
lib/ucb_ldap/affiliation.rb,
lib/ucb_ldap/student_term.rb,
lib/ucb_ldap/expired_person.rb,
lib/ucb_ldap/job_appointment.rb,
lib/ucb_ldap/schema_attribute.rb,
lib/ucb_ldap/person/common_attributes.rb,
lib/ucb_ldap/person/affiliation_methods.rb

Overview

:nodoc:

UCB::LDAP

If you are doing searches that don’t require a privileged bind and are accessing the default (production) server you probably don’t need to call any of the methods in this module.

Methods in this module are about making connections to the LDAP directory.

Interaction with the directory (searches and updates) is usually through the search() and other methods of UCB::LDAP::Entry and its sub-classes.

Defined Under Namespace

Modules: AffiliationMethods, CommonAttributes, Schema Classes: Address, Affiliation, BindFailedException, ConnectionFailedException, DirectoryNotUpdatedException, Entry, ExpiredPerson, JobAppointment, Namespace, Org, Person, Service, StudentTerm

Constant Summary

BadAttributeNameException =

:nodoc:

Class.new(Exception)

HOST_PRODUCTION =

'ldap.berkeley.edu'

Class Method Summary

• .authenticate(username, password) ⇒ Object

  Give (new) bind credentials to LDAP.

• .authentication_information ⇒ Object

  The value of the :auth parameter for Net::LDAP.new.

• .bind(bind_file, environment) ⇒ Object
• .clear_authentication ⇒ Object

  Removes current bind (username, password).

• .clear_instance_variables ⇒ Object

  Used for testing.

• .host ⇒ Object

  Returns LDAP host used for lookups.

• .host=(host) ⇒ Object

  Setter for #host.

• .initialize(username, password, host = HOST_PRODUCTION) ⇒ Object

  Sets the config values we want to use, but doesn’t actually connect to the server.

• .ldap_ping ⇒ Object

  Returns true if connection simple search works.

• .local_date_parse(arg) ⇒ Object

  Returns arg as a Ruby Date in local time zone.

• .local_datetime_parse(arg) ⇒ Object

  Returns arg as a Ruby DateTime in local time zone.

• .net_ldap ⇒ Object

  Returns Net::LDAP instance that is used by UCB::LDAP::Entry and subclasses for directory searches.

• .new_net_ldap ⇒ Object

  Returns new Net::LDAP instance.

• .password ⇒ Object

  :nodoc:.

• .username ⇒ Object

  :nodoc:.

• .with_credentials(username_to_use, password_to_use) ⇒ Object

  Execute UCB::LDAP commands with a different username and password.

Class Method Details

.authenticate(username, password) ⇒ Object

Give (new) bind credentials to LDAP. An attempt will be made to bind and will raise BindFailedException if bind fails.

Call clear_authentication() to remove privileged bind.

# File 'lib/ucb_ldap.rb', line 91

def authenticate(username, password)
  @username, @password = username, password
  new_net_ldap() # to force bind()
end

.authentication_information ⇒ Object

The value of the :auth parameter for Net::LDAP.new.

# File 'lib/ucb_ldap.rb', line 175

def authentication_information
  password.nil? ?
      { :method => :anonymous } :
      { :method => :simple, :username => username, :password => password }
end

.bind(bind_file, environment) ⇒ Object

# File 'lib/ucb_ldap.rb', line 148

def bind(bind_file, environment)
  raise "Can't find bind file: #{bind_file}" unless FileTest.exists?(bind_file)
  binds = YAML.load(IO.read(bind_file))
  bind = binds[environment] || raise("Can't find environment=#{environment} in bind file")
  authenticate(bind['username'], bind['password'])
end

.clear_authentication ⇒ Object

Removes current bind (username, password).

# File 'lib/ucb_ldap.rb', line 99

def clear_authentication
  authenticate(nil, nil)
end

.clear_instance_variables ⇒ Object

Used for testing

# File 'lib/ucb_ldap.rb', line 215

def clear_instance_variables
  @host = nil
  @net_ldap = nil
  @username = nil
  @password = nil
end

.host ⇒ Object

Returns LDAP host used for lookups. Default is HOST_PRODUCTION.

# File 'lib/ucb_ldap.rb', line 106

def host
  @host || HOST_PRODUCTION
end

.host=(host) ⇒ Object

Setter for #host.

Note: validation of host is deferred until a search is performed or #authenticate() is called at which time a bad host will raise ConnectionFailedException.

---

Don’t want to reconnect unless host really changed.

# File 'lib/ucb_ldap.rb', line 119

def host=(host)
  if host != @host
    @host = host
    @net_ldap = nil
  end
end

.initialize(username, password, host = HOST_PRODUCTION) ⇒ Object

Sets the config values we want to use, but doesn’t actually connect to the server

# File 'lib/ucb_ldap.rb', line 79

def initialize(username, password, host=HOST_PRODUCTION)
  @username = username
  @password = password
  @host = host
end

.ldap_ping ⇒ Object

Returns true if connection simple search works.

# File 'lib/ucb_ldap.rb', line 184

def ldap_ping
  search_attrs = {
      :base => "",
      :scope => Net::LDAP::SearchScope_BaseObject,
      :attributes => [1.1]
  }
  result = false
  @net_ldap.search(search_attrs) { result = true }
  result
end

.local_date_parse(arg) ⇒ Object

Returns arg as a Ruby Date in local time zone. Returns nil if arg is nil.

# File 'lib/ucb_ldap.rb', line 158

def local_date_parse(arg)
  arg.nil? ? nil : Date.parse(Time.parse(arg.to_s).localtime.to_s)
end

.local_datetime_parse(arg) ⇒ Object

Returns arg as a Ruby DateTime in local time zone. Returns nil if arg is nil.

# File 'lib/ucb_ldap.rb', line 165

def local_datetime_parse(arg)
  arg.nil? ? nil : DateTime.parse(Time.parse(arg.to_s).localtime.to_s)
end

.net_ldap ⇒ Object

Returns Net::LDAP instance that is used by UCB::LDAP::Entry and subclasses for directory searches.

You might need this to perform searches not supported by sub-classes of Entry.

Note: callers should not cache the results of this call unless they are prepared to handle timed-out connections (which this method does).

# File 'lib/ucb_ldap.rb', line 136

def net_ldap
  @net_ldap ||= new_net_ldap
end

.new_net_ldap ⇒ Object

Returns new Net::LDAP instance.

# File 'lib/ucb_ldap.rb', line 198

def new_net_ldap
  params = {
      :host => host,
      :auth => authentication_information,
      :port => 636,
      :encryption => { :method => :simple_tls }
  }
  @net_ldap = Net::LDAP.new(params)
  @net_ldap.bind || raise(BindFailedException)
  @net_ldap
rescue Net::LDAP::Error => e
  raise(BindFailedException)
end

.password ⇒ Object

:nodoc:

# File 'lib/ucb_ldap.rb', line 140

def password #:nodoc:
  @password
end

.username ⇒ Object

:nodoc:

# File 'lib/ucb_ldap.rb', line 144

def username #:nodoc:
  @username
end

.with_credentials(username_to_use, password_to_use) ⇒ Object

Execute UCB::LDAP commands with a different username and password. Original credentials are restored.

# File 'lib/ucb_ldap.rb', line 64

def with_credentials(username_to_use, password_to_use)
  original_username = username
  original_password = password

  UCB::LDAP.authenticate(username_to_use, password_to_use)

  yield
ensure
  UCB::LDAP.authenticate(original_username, original_password)
end