module ROM::LDAP::Client::Authentication

Adds authentication capability to the client.

@api private

Public Instance Methods

bind(username:, password:) click to toggle source

The Bind request is defined as follows:

BindRequest ::= [APPLICATION 0] SEQUENCE {
     version                 INTEGER (1 ..  127),
     name                    LDAPDN,
     authentication          AuthenticationChoice }

AuthenticationChoice ::= CHOICE {
     simple                  [0] OCTET STRING,
                             -- 1 and 2 reserved
     sasl                    [3] SaslCredentials,
     ...  }

SaslCredentials ::= SEQUENCE {
     mechanism               LDAPString,
     credentials             OCTET STRING OPTIONAL }

@see tools.ietf.org/html/rfc4511#section-4.2 @see tools.ietf.org/html/rfc4513

@option :username [String]

@option :password [String]

@return [PDU] result object

@raise [BindError]

@api public

# File lib/rom/ldap/client/authentication.rb, line 52
def bind(username:, password:)
  request_type = pdu_lookup(:bind_request)

  request = [
    3.to_ber,
    username.to_ber,
    password.to_ber_contextspecific(0)
  ].to_ber_appsequence(request_type)

  pdu = submit(:bind_result, request)
  raise(BindError, username) if pdu.failure?

  pdu
end
sasl_bind(mechanism:, credentials:, challenge:) click to toggle source

@return

@raise [SecureBindError]

@api private

# File lib/rom/ldap/client/authentication.rb, line 88
def sasl_bind(mechanism:, credentials:, challenge:)
  request_type = pdu_lookup(:bind_request)
  n = 0

  loop do
    sasl = [
      mechanism.to_ber,
      credentials.to_ber
    ].to_ber_contextspecific(3)

    request = [
      3.to_ber,
      EMPTY_STRING.to_ber,
      sasl
    ].to_ber_appsequence(request_type)

    raise SecureBindError, 'sasl-challenge overflow' if (n += 1) > 10

    pdu = submit(:bind_request, request)

    credentials = challenge.call(pdu.result_server_sasl_creds)
  end
end
start_tls() click to toggle source

@return [PDU] result object

@api private

# File lib/rom/ldap/client/authentication.rb, line 72
def start_tls
  request_type = pdu_lookup(:extended_request)

  request = [
    OID[:start_tls].to_ber_contextspecific(0)
  ].to_ber_appsequence(request_type)

  submit(:extended_response, request)
end