Class: Net::LDAP::PDU

Inherits:

Object

• Object
• Net::LDAP::PDU

Defined in:

lib/net/ldap/pdu.rb

Overview

Defines the Protocol Data Unit (PDU) for LDAP. An LDAP PDU always looks like a BER SEQUENCE with at least two elements: an INTEGER message ID number and an application-specific SEQUENCE. Some LDAPv3 packets also include an optional third element, a sequence of “controls” (see RFC 2251 section 4.1.12 for more information).

The application-specific tag in the sequence tells us what kind of packet it is, and each kind has its own format, defined in RFC-1777.

Observe that many clients (such as ldapsearch) do not necessarily enforce the expected application tags on received protocol packets. This implementation does interpret the RFC strictly in this regard, and it remains to be seen whether there are servers out there that will not work well with our approach.

Currently, we only support controls on SearchResult.

tools.ietf.org/html/rfc4511#section-4.1.1 tools.ietf.org/html/rfc4511#section-4.1.9

Defined Under Namespace

Classes: Error

Constant Summary

BindRequest =

tools.ietf.org/html/rfc4511#section-4.2

0

BindResult =

tools.ietf.org/html/rfc4511#section-4.2.2

1

UnbindRequest =

tools.ietf.org/html/rfc4511#section-4.3

2

SearchRequest =

tools.ietf.org/html/rfc4511#section-4.5.1

3

SearchReturnedData =

tools.ietf.org/html/rfc4511#section-4.5.2

4

SearchResult =

5

ModifyRequest =

see also SearchResultReferral (19) tools.ietf.org/html/rfc4511#section-4.6

6

ModifyResponse =

7

AddRequest =

tools.ietf.org/html/rfc4511#section-4.7

8

AddResponse =

9

DeleteRequest =

tools.ietf.org/html/rfc4511#section-4.8

10

DeleteResponse =

11

ModifyRDNRequest =

tools.ietf.org/html/rfc4511#section-4.9

12

ModifyRDNResponse =

13

CompareRequest =

tools.ietf.org/html/rfc4511#section-4.10

14

CompareResponse =

15

AbandonRequest =

tools.ietf.org/html/rfc4511#section-4.11

16

SearchResultReferral =

tools.ietf.org/html/rfc4511#section-4.5.2

19

ExtendedRequest =

tools.ietf.org/html/rfc4511#section-4.12

23

ExtendedResponse =

24

IntermediateResponse =

unused: tools.ietf.org/html/rfc4511#section-4.13

25

Instance Attribute Summary

• #app_tag ⇒ Object readonly

  The application protocol format tag.

• #bind_parameters ⇒ Object readonly

  Returns the value of attribute bind_parameters.

• #extended_response ⇒ Object readonly

  Returns the value of attribute extended_response.

• #ldap_controls ⇒ Object (also: #result_controls) readonly

  Returns RFC-2251 Controls if any.

• #message_id ⇒ Object (also: #msg_id) readonly

  The LDAP packet message ID.

• #search_entry ⇒ Object readonly

  Returns the value of attribute search_entry.

• #search_parameters ⇒ Object readonly

  Returns the value of attribute search_parameters.

• #search_referrals ⇒ Object readonly

  Returns the value of attribute search_referrals.

Instance Method Summary

• #error_message ⇒ Object
• #failure? ⇒ Boolean
• #initialize(ber_object) ⇒ PDU constructor

  Messy.

• #result ⇒ Object

  Returns a hash which (usually) defines the members :resultCode, :errorMessage, and :matchedDN.

• #result_code(code = :resultCode) ⇒ Object

  This returns an LDAP result code taken from the PDU, but it will be nil if there wasn’t a result code.

• #result_server_sasl_creds ⇒ Object

  Return serverSaslCreds, which are only present in BindResponse packets.

• #status ⇒ Object
• #success? ⇒ Boolean

Constructor Details

#initialize(ber_object) ⇒ PDU

Messy. Does this functionality belong somewhere else?

# File 'lib/net/ldap/pdu.rb', line 85

def initialize(ber_object)
  begin
    @message_id = ber_object[0].to_i
    # Grab the bottom five bits of the identifier so we know which type of
    # PDU this is.
    #
    # This is safe enough in LDAP-land, but it is recommended that other
    # approaches be taken for other protocols in the case that there's an
    # app-specific tag that has both primitive and constructed forms.
    @app_tag = ber_object[1].ber_identifier & 0x1f
    @ldap_controls = []
  rescue Exception => ex
    raise Net::LDAP::PDU::Error, "LDAP PDU Format Error: #{ex.message}"
  end

  case @app_tag
  when BindResult
    parse_bind_response(ber_object[1])
  when SearchReturnedData
    parse_search_return(ber_object[1])
  when SearchResultReferral
    parse_search_referral(ber_object[1])
  when SearchResult
    parse_ldap_result(ber_object[1])
  when ModifyResponse
    parse_ldap_result(ber_object[1])
  when AddResponse
    parse_ldap_result(ber_object[1])
  when DeleteResponse
    parse_ldap_result(ber_object[1])
  when ModifyRDNResponse
    parse_ldap_result(ber_object[1])
  when SearchRequest
    parse_ldap_search_request(ber_object[1])
  when BindRequest
    parse_bind_request(ber_object[1])
  when UnbindRequest
    parse_unbind_request(ber_object[1])
  when ExtendedResponse
    parse_extended_response(ber_object[1])
  else
    raise Error.new("unknown pdu-type: #{@app_tag}")
  end

  parse_controls(ber_object[2]) if ber_object[2]
end

Instance Attribute Details

#app_tag ⇒ Object (readonly)

The application protocol format tag.

# File 'lib/net/ldap/pdu.rb', line 71

def app_tag
  @app_tag
end

#bind_parameters ⇒ Object (readonly)

Returns the value of attribute bind_parameters.

# File 'lib/net/ldap/pdu.rb', line 76

def bind_parameters
  @bind_parameters
end

#extended_response ⇒ Object (readonly)

Returns the value of attribute extended_response.

# File 'lib/net/ldap/pdu.rb', line 77

def extended_response
  @extended_response
end

#ldap_controls ⇒ Object (readonly) Also known as: result_controls

Returns RFC-2251 Controls if any.

# File 'lib/net/ldap/pdu.rb', line 81

def ldap_controls
  @ldap_controls
end

#message_id ⇒ Object (readonly) Also known as: msg_id

The LDAP packet message ID.

# File 'lib/net/ldap/pdu.rb', line 66

def message_id
  @message_id
end

#search_entry ⇒ Object (readonly)

Returns the value of attribute search_entry.

# File 'lib/net/ldap/pdu.rb', line 73

def search_entry
  @search_entry
end

#search_parameters ⇒ Object (readonly)

Returns the value of attribute search_parameters.

# File 'lib/net/ldap/pdu.rb', line 75

def search_parameters
  @search_parameters
end

#search_referrals ⇒ Object (readonly)

Returns the value of attribute search_referrals.

# File 'lib/net/ldap/pdu.rb', line 74

def search_referrals
  @search_referrals
end

Instance Method Details

#error_message ⇒ Object

# File 'lib/net/ldap/pdu.rb', line 140

def error_message
  result[:errorMessage] || ""
end

#failure? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/net/ldap/pdu.rb', line 160

def failure?
  !success?
end

#result ⇒ Object

Returns a hash which (usually) defines the members :resultCode, :errorMessage, and :matchedDN. These values come directly from an LDAP response packet returned by the remote peer. Also see #result_code.

# File 'lib/net/ldap/pdu.rb', line 136

def result
  @ldap_result || {}
end

#result_code(code = :resultCode) ⇒ Object

This returns an LDAP result code taken from the PDU, but it will be nil if there wasn’t a result code. That can easily happen depending on the type of packet.

# File 'lib/net/ldap/pdu.rb', line 148

def result_code(code = :resultCode)
  @ldap_result and @ldap_result[code]
end

#result_server_sasl_creds ⇒ Object

Return serverSaslCreds, which are only present in BindResponse packets. – Messy. Does this functionality belong somewhere else? We ought to refactor the accessors of this class before they get any kludgier.

# File 'lib/net/ldap/pdu.rb', line 169

def result_server_sasl_creds
  @ldap_result && @ldap_result[:serverSaslCreds]
end

#status ⇒ Object

# File 'lib/net/ldap/pdu.rb', line 152

def status
  Net::LDAP::ResultCodesNonError.include?(result_code) ? :success : :failure
end

#success? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/net/ldap/pdu.rb', line 156

def success?
  status == :success
end