lib/net/ldap/connection.rb in net-ldap-0.15.0 vs lib/net/ldap/connection.rb in net-ldap-0.16.0
- old
+ new
@@ -5,11 +5,10 @@
# Seconds before failing for socket connect timeout
DefaultConnectTimeout = 5
LdapVersion = 3
- MaxSaslChallenges = 10
# Initialize a connection to an LDAP server
#
# :server
# :hosts Array of tuples specifying host, port
@@ -50,10 +49,19 @@
errors = []
hosts.each do |host, port|
begin
prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout)
+ if encryption
+ if encryption[:tls_options] &&
+ encryption[:tls_options][:verify_mode] &&
+ encryption[:tls_options][:verify_mode] == OpenSSL::SSL::VERIFY_NONE
+ warn "not verifying SSL hostname of LDAPS server '#{host}:#{port}'"
+ else
+ @conn.post_connection_check(host)
+ end
+ end
return
rescue Net::LDAP::Error, SocketError, SystemCallError,
OpenSSL::SSL::SSLError => e
# Ensure the connection is closed in the event a setup failure.
close
@@ -93,21 +101,17 @@
conn.connect_nonblock
else
conn.connect
end
rescue IO::WaitReadable
- if IO.select([conn], nil, nil, timeout)
- retry
- else
- raise Errno::ETIMEDOUT, "OpenSSL connection read timeout"
- end
+ raise Errno::ETIMEDOUT, "OpenSSL connection read timeout" unless
+ IO.select([conn], nil, nil, timeout)
+ retry
rescue IO::WaitWritable
- if IO.select(nil, [conn], nil, timeout)
- retry
- else
- raise Errno::ETIMEDOUT, "OpenSSL connection write timeout"
- end
+ raise Errno::ETIMEDOUT, "OpenSSL connection write timeout" unless
+ IO.select(nil, [conn], nil, timeout)
+ retry
end
# Doesn't work:
# conn.sync_close = true
@@ -161,15 +165,13 @@
if pdu.nil? || pdu.app_tag != Net::LDAP::PDU::ExtendedResponse
raise Net::LDAP::NoStartTLSResultError, "no start_tls result"
end
- if pdu.result_code.zero?
- @conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
- else
- raise Net::LDAP::StartTLSError, "start_tls failed: #{pdu.result_code}"
- end
+ raise Net::LDAP::StartTLSError,
+ "start_tls failed: #{pdu.result_code}" unless pdu.result_code.zero?
+ @conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
else
raise Net::LDAP::EncMethodUnsupportedError, "unsupported encryption method #{args[:method]}"
end
end
@@ -195,16 +197,14 @@
return pdu
end
# read messages until we have a match for the given message_id
while pdu = read
- if pdu.message_id == message_id
- return pdu
- else
- message_queue[pdu.message_id].push pdu
- next
- end
+ return pdu if pdu.message_id == message_id
+
+ message_queue[pdu.message_id].push pdu
+ next
end
pdu
end
@@ -398,15 +398,14 @@
attributes: attrs do |payload|
loop do
# should collect this into a private helper to clarify the structure
query_limit = 0
if size > 0
- if paged
- query_limit = (((size - n_results) < 126) ? (size -
- n_results) : 0)
- else
- query_limit = size
- end
+ query_limit = if paged
+ (((size - n_results) < 126) ? (size - n_results) : 0)
+ else
+ size
+ end
end
request = [
base.to_ber,
scope.to_ber_enumerated,