pvincent
/
rails-ldap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
94 KiB
 
Branch: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
rails-ldap/lib/ldap/server/schema.rb

592 lines
24 KiB
Raw Permalink Blame History

require 'ldap/server/syntax'
require 'ldap/server/result'
module LDAP
class Server
# This object represents an LDAP schema: that is, a collection of
# objectclasses and attributetypes. Methods are provided for loading
# the schema (from a string or a disk file), and validating an av-hash
# against it.
class Schema
SUBSCHEMA_ENTRY_ATTR = 'cn'
SUBSCHEMA_ENTRY_VALUE = 'Subschema'
def initialize
@attrtypes = {} # name/alias/oid => AttributeType instance
@objectclasses = {} # name/alias/oid => ObjectClass instance
@subschema_cache = nil
end
# return the DN of the subschema subentry
def subschema_dn
"#{SUBSCHEMA_ENTRY_ATTR}=#{SUBSCHEMA_ENTRY_VALUE}"
end
# Return an av hash object giving the subschema subentry. This is cached, so
# call Schema#changed if it needs to be rebuilt
def subschema_subentry
@subschema_cache ||= {
'objectClass' => ['top','subschema','extensibleObject'],
SUBSCHEMA_ENTRY_ATTR => [SUBSCHEMA_ENTRY_VALUE],
'objectClasses' => all_objectclasses.collect { |s| s.to_def },
'attributeTypes' => all_attrtypes.collect { |s| s.to_def },
'ldapSyntaxes' => LDAP::Server::Syntax.all_syntaxes.collect { |s| s.to_def },
#'matchingRules' =>
#'matchingRuleUse' =>
}
end
# Clear the subschema subentry cache, so the next time someone requests
# it, it will be rebuilt
def changed
@subschema_cache = nil
end
# Add an AttributeType to the schema
def add_attrtype(str)
a = AttributeType.new(str)
@attrtypes[a.oid] = a if a.oid
a.names.each do |n|
@attrtypes[n.downcase] = a
end
end
# Locate an attributetype object by name/alias/oid (or raise exception)
def find_attrtype(n)
return n if n.nil? or n.is_a?(LDAP::Server::Schema::AttributeType)
r = @attrtypes[n.downcase]
raise LDAP::ResultError::UndefinedAttributeType, "Unknown AttributeType #{n.inspect}" unless r
r
end
# Return array of all AttributeType objects in this schema
def all_attrtypes
@attrtypes.values.uniq
end
# Add an ObjectClass to the schema
def add_objectclass(str)
o = ObjectClass.new(str)
@objectclasses[o.oid] = o if o.oid
o.names.each do |n|
@objectclasses[n.downcase] = o
end
end
# Locate an objectclass object by name/alias/oid (or raise exception)
def find_objectclass(n)
return n if n.nil? or n.is_a?(LDAP::Server::Schema::ObjectClass)
r = @objectclasses[n.downcase]
raise LDAP::ResultError::ObjectClassViolation, "Unknown ObjectClass #{n.inspect}" unless r
r
end
# Return array of all ObjectClass objects in this schema
def all_objectclasses
@objectclasses.values.uniq
end
# Load an OpenLDAP-format schema from a named file (see notes under 'load')
def load_file(filename)
File.open(filename) { |f| load(f) }
end
# Load an OpenLDAP-format schema from a string or IO object (anything
# which responds to 'each_line'). Lines starting 'attributetype'
# or 'objectclass' contain one of those objects. Does not implement
# named objectIdentifier prefixes (used in the dyngroup.schema file
# supplied with openldap, but not documented in RFC2252)
#
# Note: RFC2252 is strict about the order in which the elements appear,
# and so are we, but OpenLDAP is not. This means that a schema which
# works in OpenLDAP might not load here. For example, RFC2252 says
# that in an objectclass description, "SUP" must come before "MAY";
# if they are the other way round, our regexp-based parser will not
# accept it. The solution is simply to modify the definition so that
# the elements appear in the correct order.
def load(str_or_io)
meth = :junk_line
data = ""
str_or_io.each_line do |line|
case line
when /^\s*#/, /^\s*$/
next
when /^objectclass\s*(.*)$/i
m = $~
send(meth, data)
meth, data = :add_objectclass, m[1]
when /^attributetype\s*(.*)$/i
m = $~
send(meth, data)
meth, data = :add_attrtype, m[1]
else
data << line
end
end
send(meth,data)
self
end
def junk_line(data)
return if data.empty?
raise LDAP::ResultError::InvalidAttributeSyntax,
"Expected 'attributetype' or 'objectclass', got #{data}"
end
private :junk_line
# Load in the base set of objectclasses and attributetypes, being
# the same set as OpenLDAP preloads internally. Includes objectclasses
# 'top', 'objectclass'; attributetypes 'objectclass' , 'cn',
# 'userPassword' and 'distinguishedName'; common operational attributes
# such as 'modifyTimestamp'; plus extras needed for publishing a v3
# schema via LDAP
def load_system
load(<<EOS)
attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.5.4.35 NAME 'userPassword' DESC 'RFC2256/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC2256: common name(s) for which the entity is known by' SUP name )
attributetype ( 2.5.4.41 NAME 'name' DESC 'RFC2256: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC2256: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'namedref: subordinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation )
attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC2256: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC2252: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
attributetype ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC2252: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
attributetype ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC2252: object classes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
attributetype ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC2252: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
attributetype ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC2252: matching rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
attributetype ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC2252: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC2252: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC2252: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC2252: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC2252: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC2252: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
attributetype ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC2252: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
attributetype ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
attributetype ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC2252: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
attributetype ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC2252: name of creator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
attributetype ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC2252: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
attributetype ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC2252: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
attributetype ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'X.500(93): structural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
# These ones aren't published by OpenLDAP, but are referenced by the 'subschema' objectclass
attributetype ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
attributetype ( 2.5.21.7 NAME 'nameForms' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
attributetype ( 2.5.21.2 NAME 'dITContentRules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
objectclass ( 2.5.20.1 NAME 'subschema' DESC 'RFC2252: controlling subschema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ ditContentRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
#Don't have definition for subtreeSpecification:
#objectClass ( 2.5.17.0 NAME 'subentry' SUP top STRUCTURAL MUST ( cn $ subtreeSpecification ) )
objectClass ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )
objectClass ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: named subordinate referral' SUP top STRUCTURAL MUST ref )
objectClass ( 2.5.6.1 NAME 'alias' DESC 'RFC2256: an alias' SUP top STRUCTURAL MUST aliasedObjectName )
objectClass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC 'RFC2252: extensible object' SUP top AUXILIARY )
objectClass ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' ABSTRACT MUST objectClass )
EOS
end
# After loading object classes and attr types: resolve oid strings to point
# to objects. This will expose schema inconsistencies (e.g. objectclass
# has unknown SUP class or points to unknown attributeType). However,
# unknown Syntaxes just create new Syntax objects.
def resolve_oids
all_attrtypes.each do |a|
if a.sup
s = find_attrtype(a.sup)
a.instance_eval {
@sup = s
# inherit properties (FIXME: This breaks to_def)
@equality ||= s.equality
@ordering ||= s.ordering
@substr ||= s.substr
@syntax ||= s.syntax
@maxlen ||= s.maxlen
@singlevalue ||= s.singlevalue
@collective ||= s.collective
@nousermod ||= s.nousermod
@usage ||= s.usage
}
end
a.instance_eval do
@syntax = LDAP::Server::Syntax.find(@syntax) if @syntax
@equality = LDAP::Server::MatchingRule.find(@equality) if @equality
@ordering = LDAP::Server::MatchingRule.find(@ordering) if @ordering
@substr = LDAP::Server::MatchingRule.find(@substr) if @substr
end
end
all_objectclasses.each do |o|
if o.sup
s = o.sup.collect { |ss| find_objectclass(ss) }
o.instance_eval { @sup = s }
end
if o.must
s = o.must.collect { |ss| find_attrtype(ss) }
o.instance_eval { @must = s }
end
if o.may
s = o.may.collect { |ss| find_attrtype(ss) }
o.instance_eval { @may = s }
end
end
end
# Validate a new entry or update. For a new entry, just pass a hash
# of attr=>[val, val, ...]; for an update, the first parameter is
# a hash of attr=>[:modtype, val, val...] and the second parameter
# is the existing entry, where it is assumed that the attribute names
# are already in their standard string forms (as returned by attr#name)
#
# Returns a hash containing the updated entry.
#
# If a block is given, it is called to decide whether the user is
# allowed to update an attribute; parameter is the attr *object*
# (not name; use #name if you need its name instead). Return false
# if the update is not permitted. Otherwise, the only restriction
# will be that updates to attributes declared 'nousermod' are forbidden.
#
# No DN checks are done here, since we don't know the DN.
# Checking that the entry contains an attribute for the RDN is the
# responsibility of the caller.
def validate(mods, entry={})
# Run through the mods, make the normalized names, and perform any
# updates
# FIXME: I don't know if these are the right results to return
# for the various types of validation errors
oc_changed = false
res = entry.dup
mods.each do |attrname, nv|
attr = find_attrtype(attrname)
attrname = attr.to_s
raise LDAP::ResultError::ConstraintViolation,
"Cannot modify #{attrname}" if attr.nousermod or
(block_given? and !yield(attr))
# Perform the update
vals = res[attrname] || []
checkvals = []
nv = [nv] unless nv.is_a?(Array)
case nv.first
when :add
checkvals = nv[1..-1]
vals += checkvals
vals.uniq! # FIXME: ?? error if duplicate values
# FIXME: normalize values? e.g. c: gb and c: GB are same value.
when :delete
nv = nv[1..-1]
if nv.empty?
vals = [] # ?? error if does not exist
else
nv.each { |v| vals.delete(v) } # ?? error if value missing
end
when :replace
vals = checkvals = nv[1..-1]
else
vals = checkvals = nv
end
if vals == []
res.delete(attrname)
else
res[attrname] = vals
end
# Attribute validation
raise LDAP::ResultError::ObjectClassViolation,
"Attribute #{attr} is SINGLE-VALUE" if attr.singlevalue and vals.size > 1
checkvals.each do |val|
raise LDAP::ResultError::InvalidAttributeSyntax,
"Nil or empty value for attribute #{attr}" if val.nil? or val.empty?
raise LDAP::ResultError::InvalidAttributeSyntax,
"Bad value for #{attr}: #{val.inspect}" if attr.syntax and ! attr.syntax.match(val)
raise LDAP::ResultError::InvalidAttributeSyntax,
"Value too long for #{attr} (max #{attr.maxlen})" if attr.maxlen and val.length > attr.maxlen
end
oc_changed = true if attrname == 'objectClass'
end
# Now do objectClass checks
oc = res['objectClass']
unless oc
raise LDAP::ResultError::ObjectClassViolation,
"objectClass attribute missing"
end
oc = oc.collect { |val| find_objectclass(val) }
if oc_changed
# Add superior objectClasses (note: growing an array while you
# iterate over it seems to work, in ruby-1.8.2 anyway!)
oc.each do |objectclass|
objectclass.sup.each do |s|
oc.push(s) unless oc.include?(s)
end
end
res['objectClass'] = oc.collect { |oo| oo.to_s }
# Check that exactly one structural objectClass is present
unless oc.find_all { |s| s.struct == :structural }.size >= 1
raise LDAP::ResultError::ObjectClassViolation,
"Entry must have at least one structural objectClass"
# Exactly one? But you have to sort out the inheritance problem
# (e.g. both person and organizationalPerson are declared
# structural)
end
end
# Ensure that all MUST attributes are present
allow_attr = {}
oc.each do |objectclass|
objectclass.must.each do |m|
unless res[m.name] and res[m.name] != []
raise LDAP::ResultError::ObjectClassViolation, "Missing attribute #{m} required by objectClass #{objectclass}"
end
allow_attr[m.name] = true
end
objectclass.may.each do |m|
allow_attr[m.name] = true
end
end
unless oc.find { |objectclass| objectclass.name == 'extensibleObject' }
# Now check all the attributes given are permitted by MUST or MAY
res.each_key do |attr|
unless allow_attr[attr] or find_attrtype(attr).usage == :directoryOperation
raise LDAP::ResultError::ObjectClassViolation, "Attribute #{attr} not permitted by objectClass"
end
end
end
return res
end
# Hopefully backwards-compatible API for ruby-ldap's LDAP::Schema.
# Since MUST/MAY/SUP may point to schema objects, convert them back
# to strings.
def names(key)
case key
when 'objectClasses'
return all_objectclasses.collect { |e| e.name }
when 'attributeTypes'
return all_attrtypes.collect { |e| e.name }
when 'ldapSyntaxes'
return LDAP::Server::Syntax.all_syntaxes.collect { |e| e.name }
when 'matchingRules'
return LDAP::Server::MatchingRule.all_matching_rules.collect { |e| e.name }
# TODO: matchingRuleUse
end
return nil
end
# Backwards-compatible for ruby-ldap LDAP::Schema
def attr(oc,at)
o = find_objectclass(oc)
case at.upcase
when 'MUST'
return o.must.collect { |e| e.to_s }
when 'MAY'
return o.may.collect { |e| e.to_s }
when 'SUP'
return o.sup.collect { |e| e.to_s }
when 'NAME'
return o.names.collect { |e| e.to_s }
when 'DESC'
return [o.desc]
end
return nil
rescue LDAP::ResultError
return nil
end
# Backwards-compatible for ruby-ldap LDAP::Schema
def must(oc)
attr(oc, "MUST")
end
# Backwards-compatible for ruby-ldap LDAP::Schema
def may(oc)
attr(oc, "MAY")
end
# Backwards-compatible for ruby-ldap LDAP::Schema
def sup(oc)
attr(oc, "SUP")
end
#####################################################################
# Class holding an instance of an AttributeTypeDescription (RFC2252 4.2)
class AttributeType
attr_reader :oid, :names, :desc, :obsolete, :sup, :equality, :ordering
attr_reader :substr, :syntax, :maxlen, :singlevalue, :collective
attr_reader :nousermod, :usage
def initialize(str)
m = LDAP::Server::Syntax::AttributeTypeDescription.match(str)
raise LDAP::ResultError::InvalidAttributeSyntax,
"Bad AttributeTypeDescription #{str.inspect}" unless m
@oid = m[1]
@names = (m[2]||"").scan(/'(.*?)'/).flatten
@desc = m[3]
@obsolete = ! m[4].nil?
@sup = m[5]
@equality = m[6]
@ordering = m[7]
@substr = m[8]
@syntax = m[9]
@maxlen = m[10] && m[10].to_i
@singlevalue = ! m[11].nil?
@collective = ! m[12].nil?
@nousermod = ! m[13].nil?
@usage = m[14] && m[14].intern
# This is the cache of the stringified version. Rather than
# initialize to str, we set nil to force it to be rebuilt
@def = nil
end
def name
@names.first
end
def to_s
(@names && @names.first) || @oid
end
def changed
@def = nil
end
def to_def
return @def if @def
ans = "( #{@oid} "
if @names.nil? or @names.empty?
# nothing
elsif @names.size == 1
ans << "NAME '#{@names.first}' "
else
ans << "NAME ( "
@names.each { |n| ans << "'#{n}' " }
ans << ") "
end
ans << "DESC '#{@desc}' " if @desc
ans << "OBSOLETE " if @obsolete
ans << "SUP #{@sup} " if @sup # oid
ans << "EQUALITY #{@equality} " if @equality # oid
ans << "ORDERING #{@ordering} " if @ordering # oid
ans << "SUBSTR #{@substr} " if @substr # oid
ans << "SYNTAX #{@syntax}#{@maxlen && "{#{@maxlen}}"} " if @syntax
ans << "SINGLE-VALUE " if @singlevalue
ans << "COLLECTIVE " if @collective
ans << "NO-USER-MODIFICATION " if @nousermod
ans << "USAGE #{@usage} " if @usage
ans << ")"
@def = ans
end
end # class AttributeType
#####################################################################
# Class holding an instance of an ObjectClassDescription (RFC2252 4.4)
class ObjectClass
attr_reader :oid, :names, :desc, :obsolete, :sup, :struct, :must, :may
SCAN_WOID = /#{LDAP::Server::Syntax::WOID}/x
def initialize(str)
m = LDAP::Server::Syntax::ObjectClassDescription.match(str)
raise LDAP::ResultError::InvalidAttributeSyntax,
"Bad ObjectClassDescription #{str.inspect}" unless m
@oid = m[1]
@names = (m[2]||"").scan(/'(.*?)'/).flatten
@desc = m[3]
@obsolete = ! m[4].nil?
@sup = (m[5]||"").scan(SCAN_WOID).flatten
@struct = m[6] ? m[6].downcase.intern : :structural
@must = (m[7]||"").scan(SCAN_WOID).flatten
@may = (m[8]||"").scan(SCAN_WOID).flatten
@def = nil
end
def name
@names.first
end
def to_s
(@names && @names.first) || @oid
end
def changed
@def = nil
end
def to_def
return @def if @def
ans = "( #{@oid} "
if @names.nil? or @names.empty?
# nothing
elsif @names.size == 1
ans << "NAME '#{@names.first}' "
else
ans << "NAME ( "
@names.each { |n| ans << "'#{n}' " }
ans << ") "
end
ans << "DESC '#{@desc}' " if @desc
ans << "OBSOLETE " if @obsolete
ans << joinoids("SUP ",@sup," ")
ans << "#{@struct.to_s.upcase} " if @struct
ans << joinoids("MUST ",@must," ")
ans << joinoids("MAY ",@may," ")
ans << ")"
@def = ans
end
def joinoids(pfx,arr,sfx)
return "" unless arr and !arr.empty?
return "#{pfx}#{arr}#{sfx}" unless arr.is_a?(Array)
a = arr.collect { |elem| elem.to_s }
if a.size == 1
return "#{pfx}#{a.first}#{sfx}"
else
return "#{pfx}( #{a.join(" $ ")} )#{sfx}"
end
end
end # class ObjectClass
end # class Schema
end # class Server
end # module LDAP