Fix paged search rfc2696_cookie for Microsoft Active Directory

[amuta]

When building the cookie of a paged search we are currently calling to_ber when we should be calling to_ber_bin to avoid encoding it to UTF-8 and 'breaking' the cookie format. When looking at the method to_ber_bin, it seems to be build with this in mind.

> lib/net/ldap/connection.rb:20
# Converts a string to a BER string but does *not* encode to UTF-8 first.
# This is required for proper representation of binary data for Microsoft
# Active Directory
def to_ber_bin(code = 0x04)
  [code].pack('C') + length.to_ber_length_encoding + self
end

Without this change, when trying to do a paged search the behavior is the same as described in this issue: #36 Wrong paged result from search

#36 (comment)

Even though the page size is set to 126 and the possible result set is generally much larger than 1000 entries (I set the size to a very large number as I want the whole result set) the behaviour I'm seeing with AD is:

a first page containing 126 results
a 2nd page up until 1126 results
then Size Limit exceeded error
as if it was not actually doing any paging (126 results at a time).

The issue is very likely to be related #313 rfc2696 paging not working when server returns additional, empty pagedResultsControl items, because after sending the broken cookie the AD still reponds with what would be the first page after the initial query but wont send the cookie required for continuing the paged search.

The comment below seems to imply that this issue was known and disabling paging was a solution, but the paging is not disabled and it breaks silently.

> lib/net/ldap/connection.rb:241
 # rfc2696_cookie sometimes contains binary data from Microsoft Active Directory
 # this breaks when calling to_ber. (Can't force binary data to UTF-8)
 # we have to disable paging (even though server supports it) to get around this...

I've only tested this against Microsoft Active Directory, and it enabled me to used the paged search.

[HarlemSquirrel]

@amuta could you please update this from the latest master branch when you have a moment?

[amuta]

@HarlemSquirrel sorry for taking soooo long, but I rebased it and changed it with the code that we are working with. We are using this change at our org for more than 1 year and it is working, but if anyone can try it out with Active Directory and a search with >1.2k results it should be evident.

[amuta]

The tests are breaking because of lint rules, is it possible to make the linter skip that method? @HarlemSquirrel

[HarlemSquirrel]

@amuta This should be refactored but for now we could up the limit to 117 in

ruby-net-ldap/.rubocop_todo.yml

Lines 207 to 209 in 626c312

	# Offense count: 48
	Metrics/AbcSize:
	Max: 116

I don't have access to any Active Directory to test this myself and don't work with LDAP at all right now so we really should get someone to try this out on a real directory before merging in as well.

Are you able to write a test for this use case?