Project

General

Profile

« Previous | Next » 

Revision 98217996

Added by Marc Dequènes over 13 years ago

  • ID 9821799643b84c1515f3c342036686bd3a266f73

[evol] switched to a higher activeldap library (closes #27)

View differences:

conf/ldap_shadows/shadows/MilkyPond/aspects/fs.conf
type: belongs_to
object: group
many: uniqueMember
foreign_key: dn
primary_key: dn
plugin:
min_uid: 10000
max_uid: 65535
conf/ldap_shadows/shadows/MilkyPond/objects/group.conf
type: belongs_to
object: individual
many: gidNumber
foreign_key: gidNumber
primary_key: gidNumber
botsPrimaryMembers:
type: belongs_to
object: bot
many: gidNumber
foreign_key: gidNumber
primary_key: gidNumber
individualsSecondaryMembers:
type: has_many
object: individual
data/ldap_shadows/schema/aspect.yaml
mapping:
"type": {type: str, required: true, enum: [belongs_to, has_many]}
"object": {type: str, required: true}
"foreign_key": {type: str, required: true}
"foreign_key": {type: str}
"many": {type: str}
"primary_key": {type: str}
"plugin":
data/ldap_shadows/schema/object.yaml
mapping:
"type": {type: str, required: true, enum: [belongs_to, has_many]}
"object": {type: str, required: true}
"foreign_key": {type: str, required: true}
"foreign_key": {type: str}
"many": {type: str}
"primary_key": {type: str}
"plugin":
lib/ldap_shadows/activeldap_fixes.rb
#++
module ActiveLdap
# patch for activeldap#26824
class Schema
class Attribute
# operational?
#
# Returns true if an attribute is operational
# USAGE contains directoryOperation
# Duck: new method
def operational?
@operational
end
def collect_info
@description = attribute("DESC")[0]
@super_attribute = attribute("SUP")[0]
if @super_attribute
@super_attribute = @schema.attribute(@super_attribute)
@super_attribute = nil if @super_attribute.id.nil?
end
@read_only = attribute('NO-USER-MODIFICATION')[0] == 'TRUE'
@single_value = attribute('SINGLE-VALUE')[0] == 'TRUE'
@syntax = attribute("SYNTAX")[0]
@syntax = @schema.ldap_syntax(@syntax) if @syntax
if @syntax
@binary_required = @syntax.binary_transfer_required?
@binary = (@binary_required or !@syntax.human_readable?)
@derived_syntax = @syntax
else
@binary_required = false
@binary = false
@derived_syntax = nil
@derived_syntax = @super_attribute.syntax if @super_attribute
end
# Duck: newly collected data
@operational = attribute("USAGE").include?("directoryOperation")
end
end
end
class Base
# temporary method until active_ldap is fixed: return a DN object (see activeldap#23932)
def dn_obj
ActiveLdap::DistinguishedName.parse(self.dn)
end
# temporary method until active_ldap is fixed: return a DN object (see activeldap#23932)
def self.base_obj
ActiveLdap::DistinguishedName.parse(self.base)
end
# patch for activeldap#26745
def collect_modified_attributes(ldap_data, data)
attributes = []
# Now that all the options will be treated as unique attributes
# we can see what's changed and add anything that is brand-spankin'
# new.
ldap_data.each do |k, v|
next if schema.attribute(k).read_only?
value = data[k] || []
next if v == value
x = value
value = self.class.remove_blank_value(value) || []
next if v == value
# Create mod entries
if self.class.blank_value?(value)
# Since some types do not have equality matching rules,
# delete doesn't work
# Replacing with nothing is equivalent.
if !data.has_key?(k) and schema.attribute(k).binary_required?
value = [{'binary' => []}]
end
else
# Ditched delete then replace because attribs with no equality
# match rules will fails
end
attributes.push([:replace, k, value])
end
data.each do |k, v|
value = v || []
next if ldap_data.has_key?(k)
value = self.class.remove_blank_value(value) || []
next if self.class.blank_value?(value)
# Detect subtypes and account for them
# REPLACE will function like ADD, but doesn't hit EQUALITY problems
# TODO: Added equality(attr) to Schema
attributes.push([:replace, k, value])
end
attributes
end
end
module Validations
# unfinished workaround for activeldap#26720 (not sure it would work in all cases)
def validate_required_ldap_values
lib/ldap_shadows/elements/object.rb
end
def handle
name = self[dn_attribute] || self.attributes[dn_attribute] || self.dn
name = self[dn_attribute] || self.attributes[dn_attribute] || self.dn.to_s
name = name.first if name.is_a? Array
name.strip
end
......
end
rel[:class_name] = foreign_klass.to_s
rel_attr_val = rel[:foreign_key]
case rel[:type]
when 'belongs_to'
belongs_to field_name, rel.reject {|key, val| not ActiveLdap::Associations::ClassMethods::VALID_BELONGS_TO_OPTIONS.include?(key) }
rel_attr_val = rel[:primary_key] if rel[:many] and rel[:primary_key]
when 'has_many'
has_many field_name, rel.reject {|key, val| not ActiveLdap::Associations::ClassMethods::VALID_HAS_MANY_OPTIONS.include?(key) }
else
......
object_relations_info[field_name] = {
:foreign_klass => foreign_klass,
:single_value => ActiveLdap::Base.schema.attribute(rel[:foreign_key]).single_value?,
:single_value => ActiveLdap::Base.schema.attribute(rel_attr_val).single_value?,
:read_only => rel[:read_only] || false
}
end
......
attr_list.unshift(name_attribute) unless name_attribute.nil?
attr_list.each do |attr|
if attr == 'dn'
return self.dn
return self.dn.to_s
elsif self.attribute_present?(attr)
val = self.send(attr, true)
return val[0].strip
......
expert_attributes = self.class.parameters[:presentation][:expert_attributes]
admin_attributes = attr_list.select do |attr|
ActiveLdap::Base.schema.attribute(attr).operational?
ActiveLdap::Base.schema.attribute(attr).directory_operation?
end
rel_list = self.possible_relations
......
parent_item = Manipulation.find_item_by_full_handle(self.class.shadow, parent_full_handle)
if self.new_entry?
self.base = parent_item.dn_obj - parent_item.class.base_obj
self.base = parent_item.dn - parent_item.class.base
else
raise PreProcessingError, _("Moving items is not yet implemented")
end
......
begin
parent_item = Manipulation.find_item_by_full_handle(self.class.shadow, parent_full_handle)
self.base = parent_item.dn_obj - parent_item.class.base_obj
self.base = parent_item.dn - parent_item.class.base
rescue
raise PreProcessingError, _("Cannot create the item: bad default parent for this kind of object: %s") % $!
end
lib/ldap_shadows/lang_additions.rb
# for ActiveLDAP
module ActiveLdap
class DistinguishedName
def shift
@rdns.shift
end
end
class Base
def family_parent_dn
pdn = self.dn_obj.dup
pdn.shift
pdn
self.dn.parent
end
def family_parent
ActiveLdap::Base.find(:first, :base => self.family_parent_dn.to_s, :scope => :base)
ActiveLdap::Base.find(:first, :base => self.family_parent_dn, :scope => :base)
end
def family_children
......
end
def family_siblings
ActiveLdap::Base.find(:all, :base => self.family_parent_dn.to_s, :scope => :one).select{|obj| obj.dn != self.dn }
ActiveLdap::Base.find(:all, :base => self.family_parent_dn, :scope => :one).select{|obj| obj.dn != self.dn }
end
def family_siblings_dn
lib/ldap_shadows/manipulation_helper.rb
def self.items_find_from_strings(shadow, str_list)
ldap_search_objects = "(objectClass=*)"
ldap_search_aspects = ""
ldap_search_fields = []
ldap_search_where = []
ldap_search_exclude = []
ldap_search_fields = Set.new
ldap_search_where =Set.new
ldap_search_exclude =Set.new
str_list.each do |str|
unless str =~ /^([a-zA-Z]*(?::[a-zA-Z]+)?)(=|~=)(.*)$/
raise SyntaxError, _("search parameter '%s' is invalid") % str
......
when 'parents'
val.split(",").each do |parent_fh|
parent = find_item_by_full_handle(shadow, parent_fh)
ldap_search_where << [parent.dn.to_s, :one]
ldap_search_where << [parent.dn, :one]
end
when 'siblings'
val.split(",").each do |sibling_fh|
sibling = find_item_by_full_handle(shadow, sibling_fh)
ldap_search_where << [sibling.family_parent_dn.to_s, :one]
ldap_search_exclude << sibling.dn.to_s
ldap_search_where << [sibling.family_parent_dn, :one]
ldap_search_exclude << sibling.dn
end
when 'children'
val.split(",").each do |child_fh|
child = find_item_by_full_handle(shadow, child_fh)
ldap_search_where << [child.family_parent_dn.to_s, :base]
ldap_search_where << [child.family_parent_dn, :base]
end
when 'ancestors'
val.split(",").each do |parent_fh|
parent = find_item_by_full_handle(shadow, parent_fh)
ldap_search_where << [parent.dn.to_s, :sub]
ldap_search_exclude << parent.dn.to_s
ldap_search_where << [parent.dn, :sub]
ldap_search_exclude << parent.dn
end
when 'successors'
val.split(",").each do |child_fh|
child = find_item_by_full_handle(shadow, child_fh)
dn = child.dn_obj.dup
while dn.to_s != ActiveLdap::Base.base.to_s
dn = child.dn.dup
while dn != ActiveLdap::Base.base
dn.shift
ldap_search_where << [dn.to_s, :base]
ldap_search_where << [dn, :base]
end
end
else
......
raise PreProcessingError, _("Unknown type '%s' for field '%s'") % [type, field]
end
end
ldap_search_string = "(&" + ldap_search_objects + ldap_search_aspects + ldap_search_fields.join + ")"
ldap_search_string = "(&" + ldap_search_objects + ldap_search_aspects + ldap_search_fields.to_a.join + ")"
if ldap_search_where.empty?
ldap_search_where << [ActiveLdap::Base.base.to_s, :sub]
ldap_search_where << [ActiveLdap::Base.base, :sub]
end
res = []
res = Set.new
ldap_search_where.each do |where|
res += ActiveLdap::Base.find(:all, :base => where[0], :scope => where[1], :filter => ldap_search_string, :attributes => ["objectClass"])
end
res.uniq.select {|item| not ldap_search_exclude.include?(item.dn.to_s) }
return res.select {|item| not ldap_search_exclude.include?(item.dn) }
end
def self.find_raw_item_object(shadow, raw_item)
......
return {:full_handle => item.full_handle, :name => name, :item => item, :object => obj_klass, :is_root => is_root}
end
item_fake_hdl = raw_item.dn
item_fake_hdl = raw_item.dn.to_s
else
item_fake_hdl = dn || "???"
item_fake_hdl = dn.to_s || "???"
end
{:full_handle => nil, :name => "unknown/#{item_fake_hdl}", :is_root => is_root}
......
def self.interpret_field_value(shadow, syntax, val)
case syntax
when "1.3.6.1.4.1.1466.115.121.1.12"
raw_item = ActiveLdap::Base.find(:first, :base => val.to_s, :scope => :base)
raw_item = ActiveLdap::Base.find(:first, :base => val, :scope => :base)
LdapShadows::Manipulation.raw_item_info(shadow, raw_item, val.to_s)[:full_handle]
else
val
......
def self.find_item_by_full_handle(shadow, full_handle, with_admin_fields = false)
if full_handle == "root"
raw_item_dn = ActiveLdap::Base.base.to_s
raw_item_dn = ActiveLdap::Base.base
raw_item = ActiveLdap::Base.find(:first, :base => raw_item_dn, :scope => :base)
info = raw_item_info(shadow, raw_item, raw_item_dn)
if info.nil?
lib/ldap_shadows/shadow.rb
item_list = {}
if all_objects
ActiveLdap::Base.find(:all, :base => search_base, :scope => :sub, :attributes => ['']).each do |item|
item_list[ActiveLdap::DistinguishedName.parse(item.dn)]= item
item_list[item.dn]= item
end
else
self.get_config[:presentation][:tree_objects].each do |obj_hdl|
......
end
obj_klass.find(:all, :base => search_base, :scope => :sub).each do |item|
item_list[item.dn_obj] = item
item_list[item.dn] = item
end
end
end
......
raw_tree = {}
tree = {}
base_dn = ActiveLdap::DistinguishedName.parse(ActiveLdap::Base.base)
base_dn = ActiveLdap::Base.base
dn_list = item_list.keys
dn_list.each do |dn|
......
current_dn = ActiveLdap::DistinguishedName.parse(current_dn_parts.join(","))
current_item = item_list[current_dn]
if current_item.nil?
current_item = ActiveLdap::Base.find(:first, :base => current_dn.to_s, :scope => :base, :attributes => [''])
current_item = ActiveLdap::Base.find(:first, :base => current_dn, :scope => :base, :attributes => [''])
item_list[current_dn] = current_item
end
p_item = LdapShadows::Manipulation.raw_item_info(self, item_list[current_dn])[:name]
......
if raw
res = {base_dn.to_s => raw_tree}
else
base_obj = ActiveLdap::Base.find(:first, :base => base_dn.to_s, :scope => :base, :attributes => [''])
base_obj = ActiveLdap::Base.find(:first, :base => base_dn, :scope => :base, :attributes => [''])
res = {LdapShadows::Manipulation.raw_item_info(self, base_obj)[:name] => tree}
end

Also available in: Unified diff