Class: Identizer::Ldap::Handler

Inherits:

Object

• Object
• Identizer::Ldap::Handler

Defined in:

lib/identizer/ldap/handler.rb

Overview

Turns the directory into LDAP semantics: simple-bind authentication and subtree search with attribute projection. Protocol-agnostic — the Server handles BER; this handler only deals in DNs, attributes and result codes.

Constant Summary

SUCCESS =

0

INVALID_CREDENTIALS =

49

OBJECT_CLASSES =

%w[top person organizationalPerson inetOrgPerson].freeze

Instance Method Summary

• #bind(dn, password) ⇒ Object

  Simple bind: anonymous (empty dn+password) succeeds; otherwise the DN must resolve to a directory entry and the password must match the shared one.

• #initialize(config) ⇒ Handler constructor

  A new instance of Handler.

• #search(base, filter) ⇒ Object

  Returns [{ dn:, attributes: }] for entries under ‘base` matching `filter`.

Constructor Details

#initialize(config) ⇒ Handler

Returns a new instance of Handler.

# File 'lib/identizer/ldap/handler.rb', line 14

def initialize(config)
  @config = config
end

Instance Method Details

#bind(dn, password) ⇒ Object

Simple bind: anonymous (empty dn+password) succeeds; otherwise the DN must resolve to a directory entry and the password must match the shared one.

# File 'lib/identizer/ldap/handler.rb', line 20

def bind(dn, password)
  return SUCCESS if dn.to_s.empty? && password.to_s.empty?
  return INVALID_CREDENTIALS unless password == @config.shared_password

  entry_for_dn(dn) ? SUCCESS : INVALID_CREDENTIALS
end

#search(base, filter) ⇒ Object

Returns [{ dn:, attributes: }] for entries under ‘base` matching `filter`.

# File 'lib/identizer/ldap/handler.rb', line 28

def search(base, filter)
  base = base.to_s.downcase
  store.entries.filter_map do |entry|
    attributes = attributes_for(entry)
    next unless within_base?(entry, base)
    next unless Filter.match?(filter, attributes)

    { dn: entry.dn, attributes: attributes }
  end
end