Add controls for modify and add operations (#426)

* Allow controls for add and modify * Add tests for add and modify --------- Co-authored-by: Kevin McCormack <kevin@mccormack.tech>
ruby-ldap · Oct 29, 2024 · 75c0bcb · 75c0bcb
1 parent a515dad
commit 75c0bcb
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 2 deletions.
diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb
@@ -569,7 +569,12 @@ def modify(args)
       ops.to_ber_sequence,
     ].to_ber_appsequence(Net::LDAP::PDU::ModifyRequest)
 
-    write(request, nil, message_id)
+    controls = args.fetch(:controls, nil)
+    unless controls.nil?
+      controls = controls.to_ber_contextspecific(0)
+    end
+
+    write(request, controls, message_id)
     pdu = queued_read(message_id)
 
     if !pdu || pdu.app_tag != Net::LDAP::PDU::ModifyResponse
@@ -641,7 +646,12 @@ def add(args)
     message_id = next_msgid
     request    = [add_dn.to_ber, add_attrs.to_ber_sequence].to_ber_appsequence(Net::LDAP::PDU::AddRequest)
 
-    write(request, nil, message_id)
+    controls = args.fetch(:controls, nil)
+    unless controls.nil?
+      controls = controls.to_ber_contextspecific(0)
+    end
+
+    write(request, controls, message_id)
     pdu = queued_read(message_id)
 
     if !pdu || pdu.app_tag != Net::LDAP::PDU::AddResponse

diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb
@@ -502,6 +502,40 @@ def test_search_net_ldap_connection_event
     assert unread.empty?, "should not have any leftover unread messages"
   end
 
+  def test_add_with_controls
+    dacl_flag = 0x4 # DACL_SECURITY_INFORMATION
+    control_values = [dacl_flag].map(&:to_ber).to_ber_sequence.to_s.to_ber
+    controls = []
+    # LDAP_SERVER_SD_FLAGS constant definition, taken from https://ldapwiki.com/wiki/LDAP_SERVER_SD_FLAGS_OID
+    ldap_server_sd_flags = '1.2.840.113556.1.4.801'.freeze
+    controls << [ldap_server_sd_flags.to_ber, true.to_ber, control_values].to_ber_sequence
+
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::AddResponse
+    @tcp_socket.should_receive(:read_ber).and_return([1, ber])
+
+    result = @connection.add(:dn => "uid=added-user1,ou=People,dc=rubyldap,dc=com", :controls => controls)
+    assert result.success?, "should be success"
+    assert_equal "", result.error_message
+  end
+
+  def test_modify_with_controls
+    dacl_flag = 0x4 # DACL_SECURITY_INFORMATION
+    control_values = [dacl_flag].map(&:to_ber).to_ber_sequence.to_s.to_ber
+    controls = []
+    # LDAP_SERVER_SD_FLAGS constant definition, taken from https://ldapwiki.com/wiki/LDAP_SERVER_SD_FLAGS_OID
+    ldap_server_sd_flags = '1.2.840.113556.1.4.801'.freeze
+    controls << [ldap_server_sd_flags.to_ber, true.to_ber, control_values].to_ber_sequence
+
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::ModifyResponse
+    @tcp_socket.should_receive(:read_ber).and_return([1, ber])
+
+    result = @connection.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]], :controls => controls)
+    assert result.success?, "should be success"
+    assert_equal "", result.error_message
+  end
+
   def test_search_with_controls
     # search data
     search_data_ber = Net::BER::BerIdentifiedArray.new([1, [