|
module ActiveLdap
|
|
# patch for activeldap#26824
|
|
class Schema
|
|
class Attribute
|
|
# operational?
|
|
#
|
|
# Returns true if an attribute is operational
|
|
# USAGE contains directoryOperation
|
|
# Duck: new method
|
|
def operational?
|
|
@operational
|
|
end
|
|
|
|
def collect_info
|
|
@description = attribute("DESC")[0]
|
|
@super_attribute = attribute("SUP")[0]
|
|
if @super_attribute
|
|
@super_attribute = @schema.attribute(@super_attribute)
|
|
@super_attribute = nil if @super_attribute.id.nil?
|
|
end
|
|
@read_only = attribute('NO-USER-MODIFICATION')[0] == 'TRUE'
|
|
@single_value = attribute('SINGLE-VALUE')[0] == 'TRUE'
|
|
@syntax = attribute("SYNTAX")[0]
|
|
@syntax = @schema.ldap_syntax(@syntax) if @syntax
|
|
if @syntax
|
|
@binary_required = @syntax.binary_transfer_required?
|
|
@binary = (@binary_required or !@syntax.human_readable?)
|
|
@derived_syntax = @syntax
|
|
else
|
|
@binary_required = false
|
|
@binary = false
|
|
@derived_syntax = nil
|
|
@derived_syntax = @super_attribute.syntax if @super_attribute
|
|
end
|
|
# Duck: newly collected data
|
|
@operational = attribute("USAGE").include?("directoryOperation")
|
|
end
|
|
end
|
|
end
|
|
|
|
class Base
|
|
# temporary method until active_ldap is fixed: return a DN object (see activeldap#23932)
|
|
def dn_obj
|
|
ActiveLdap::DistinguishedName.parse(self.dn)
|
|
end
|
|
|
|
# temporary method until active_ldap is fixed: return a DN object (see activeldap#23932)
|
|
def self.base_obj
|
|
ActiveLdap::DistinguishedName.parse(self.base)
|
|
end
|
|
|
|
# patch for activeldap#26745
|
|
def collect_modified_attributes(ldap_data, data)
|
|
attributes = []
|
|
# Now that all the options will be treated as unique attributes
|
|
# we can see what's changed and add anything that is brand-spankin'
|
|
# new.
|
|
ldap_data.each do |k, v|
|
|
next if schema.attribute(k).read_only?
|
|
|
|
value = data[k] || []
|
|
|
|
next if v == value
|
|
|
|
x = value
|
|
value = self.class.remove_blank_value(value) || []
|
|
next if v == value
|
|
|
|
# Create mod entries
|
|
if self.class.blank_value?(value)
|
|
# Since some types do not have equality matching rules,
|
|
# delete doesn't work
|
|
# Replacing with nothing is equivalent.
|
|
if !data.has_key?(k) and schema.attribute(k).binary_required?
|
|
value = [{'binary' => []}]
|
|
end
|
|
else
|
|
# Ditched delete then replace because attribs with no equality
|
|
# match rules will fails
|
|
end
|
|
attributes.push([:replace, k, value])
|
|
end
|
|
data.each do |k, v|
|
|
value = v || []
|
|
next if ldap_data.has_key?(k)
|
|
|
|
value = self.class.remove_blank_value(value) || []
|
|
next if self.class.blank_value?(value)
|
|
|
|
|
|
# Detect subtypes and account for them
|
|
# REPLACE will function like ADD, but doesn't hit EQUALITY problems
|
|
# TODO: Added equality(attr) to Schema
|
|
attributes.push([:replace, k, value])
|
|
end
|
|
|
|
attributes
|
|
end
|
|
end
|
|
|
|
# unfinished workaround for activeldap#26720 (not sure it would work in all cases)
|
|
module Validations
|
|
def validate_required_ldap_values
|
|
_schema = nil
|
|
# Make sure all MUST attributes have a value
|
|
entry_attribute.object_classes.each do |object_class|
|
|
object_class.must.each do |required_attribute|
|
|
# Normalize to ensure we catch schema problems
|
|
# needed?
|
|
real_name = to_real_attribute_name(required_attribute.name, true)
|
|
raise UnknownAttribute.new(required_attribute) if real_name.nil?
|
|
|
|
next if required_attribute.read_only?
|
|
|
|
value = @data[real_name] || []
|
|
next unless self.class.blank_value?(value)
|
|
|
|
# Duck: ignore attributes which were not present, as they may not
|
|
# be available because of ACL
|
|
next unless @initial_attribute_list.nil? or @initial_attribute_list.include?(real_name)
|
|
|
|
_schema ||= schema
|
|
aliases = required_attribute.aliases.collect do |name|
|
|
self.class.human_attribute_name(name)
|
|
end
|
|
args = [self.class.human_object_class_name(object_class)]
|
|
if aliases.empty?
|
|
format = _("%{fn} is required attribute by objectClass '%s'")
|
|
else
|
|
format = _("%{fn} is required attribute by objectClass " \
|
|
"'%s': aliases: %s")
|
|
args << aliases.join(', ')
|
|
end
|
|
unless ActiveLdap.get_text_supported?
|
|
format = format.sub(/^%\{fn\} /, '')
|
|
end
|
|
errors.add(real_name, format % args)
|
|
end
|
|
end
|
|
end
|
|
|
|
# Duck: new method, should be hooked somewhere
|
|
def load_initial_attribute_list
|
|
@initial_attribute_list ||= self.nonempty_attributes
|
|
end
|
|
end
|
|
|
|
# This is useful with Base.search()
|
|
module Adapter
|
|
class Base
|
|
public :escape_filter_value
|
|
end
|
|
end
|
|
end
|