datacom-net-ldap 0.5.0.datacom

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +7 -0
  2. data/.autotest +11 -0
  3. data/.rspec +2 -0
  4. data/Contributors.rdoc +22 -0
  5. data/Hacking.rdoc +68 -0
  6. data/History.rdoc +198 -0
  7. data/License.rdoc +29 -0
  8. data/Manifest.txt +50 -0
  9. data/README.rdoc +49 -0
  10. data/Rakefile +74 -0
  11. data/autotest/discover.rb +1 -0
  12. data/lib/net-ldap.rb +2 -0
  13. data/lib/net/ber.rb +320 -0
  14. data/lib/net/ber/ber_parser.rb +168 -0
  15. data/lib/net/ber/core_ext.rb +62 -0
  16. data/lib/net/ber/core_ext/array.rb +96 -0
  17. data/lib/net/ber/core_ext/bignum.rb +22 -0
  18. data/lib/net/ber/core_ext/false_class.rb +10 -0
  19. data/lib/net/ber/core_ext/fixnum.rb +66 -0
  20. data/lib/net/ber/core_ext/string.rb +78 -0
  21. data/lib/net/ber/core_ext/true_class.rb +12 -0
  22. data/lib/net/ldap.rb +1646 -0
  23. data/lib/net/ldap/dataset.rb +154 -0
  24. data/lib/net/ldap/dn.rb +225 -0
  25. data/lib/net/ldap/entry.rb +185 -0
  26. data/lib/net/ldap/filter.rb +781 -0
  27. data/lib/net/ldap/password.rb +37 -0
  28. data/lib/net/ldap/pdu.rb +273 -0
  29. data/lib/net/ldap/version.rb +5 -0
  30. data/lib/net/snmp.rb +270 -0
  31. data/net-ldap.gemspec +61 -0
  32. data/spec/integration/ssl_ber_spec.rb +36 -0
  33. data/spec/spec.opts +2 -0
  34. data/spec/spec_helper.rb +5 -0
  35. data/spec/unit/ber/ber_spec.rb +141 -0
  36. data/spec/unit/ber/core_ext/string_spec.rb +51 -0
  37. data/spec/unit/ldap/dn_spec.rb +80 -0
  38. data/spec/unit/ldap/entry_spec.rb +51 -0
  39. data/spec/unit/ldap/filter_spec.rb +115 -0
  40. data/spec/unit/ldap_spec.rb +78 -0
  41. data/test/common.rb +3 -0
  42. data/test/test_entry.rb +59 -0
  43. data/test/test_filter.rb +122 -0
  44. data/test/test_ldap_connection.rb +24 -0
  45. data/test/test_ldif.rb +79 -0
  46. data/test/test_password.rb +17 -0
  47. data/test/test_rename.rb +77 -0
  48. data/test/test_snmp.rb +114 -0
  49. data/test/testdata.ldif +101 -0
  50. data/testserver/ldapserver.rb +210 -0
  51. data/testserver/testdata.ldif +101 -0
  52. metadata +213 -0
@@ -0,0 +1,114 @@
1
+ # $Id: testsnmp.rb 231 2006-12-21 15:09:29Z blackhedd $
2
+
3
+ require 'common'
4
+ require 'net/snmp'
5
+
6
+ class TestSnmp < Test::Unit::TestCase
7
+ SnmpGetRequest = "0'\002\001\000\004\006public\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000"
8
+ SnmpGetResponse = "0+\002\001\000\004\006public\242\036\002\002'\017\002\001\000\002\001\0000\0220\020\006\b+\006\001\002\001\001\001\000\004\004test"
9
+
10
+ SnmpGetRequestXXX = "0'\002\001\000\004\006xxxxxx\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000"
11
+
12
+ def test_invalid_packet
13
+ data = "xxxx"
14
+ assert_raise(Net::BER::BerError) {
15
+ ary = data.read_ber(Net::SNMP::AsnSyntax)
16
+ }
17
+ end
18
+
19
+ # The method String#read_ber! added by Net::BER consumes a well-formed BER
20
+ # object from the head of a string. If it doesn't find a complete,
21
+ # well-formed BER object, it returns nil and leaves the string unchanged.
22
+ # If it finds an object, it returns the object and removes it from the
23
+ # head of the string. This is good for handling partially-received data
24
+ # streams, such as from network connections.
25
+ def _test_consume_string
26
+ data = "xxx"
27
+ assert_equal(nil, data.read_ber!)
28
+ assert_equal("xxx", data)
29
+
30
+ data = SnmpGetRequest + "!!!"
31
+ ary = data.read_ber!(Net::SNMP::AsnSyntax)
32
+ assert_equal("!!!", data)
33
+ assert ary.is_a?(Array)
34
+ assert ary.is_a?(Net::BER::BerIdentifiedArray)
35
+ end
36
+
37
+ def test_weird_packet
38
+ assert_raise(Net::SnmpPdu::Error) {
39
+ Net::SnmpPdu.parse("aaaaaaaaaaaaaa")
40
+ }
41
+ end
42
+
43
+ def test_get_request
44
+ data = SnmpGetRequest.dup
45
+ pkt = data.read_ber(Net::SNMP::AsnSyntax)
46
+ assert pkt.is_a?(Net::BER::BerIdentifiedArray)
47
+ assert_equal(48, pkt.ber_identifier) # Constructed [0], signifies GetRequest
48
+
49
+ pdu = Net::SnmpPdu.parse(pkt)
50
+ assert_equal(:get_request, pdu.pdu_type)
51
+ assert_equal(16170, pdu.request_id) # whatever was in the test data. 16170 is not magic.
52
+ assert_equal([[[1, 3, 6, 1, 2, 1, 1, 1, 0], nil]], pdu.variables)
53
+
54
+ assert_equal(pdu.to_ber_string, SnmpGetRequest)
55
+ end
56
+
57
+ def test_empty_pdu
58
+ pdu = Net::SnmpPdu.new
59
+ assert_raise(Net::SnmpPdu::Error) { pdu.to_ber_string }
60
+ end
61
+
62
+ def test_malformations
63
+ pdu = Net::SnmpPdu.new
64
+ pdu.version = 0
65
+ pdu.version = 2
66
+ assert_raise(Net::SnmpPdu::Error) { pdu.version = 100 }
67
+
68
+ pdu.pdu_type = :get_request
69
+ pdu.pdu_type = :get_next_request
70
+ pdu.pdu_type = :get_response
71
+ pdu.pdu_type = :set_request
72
+ pdu.pdu_type = :trap
73
+ assert_raise(Net::SnmpPdu::Error) { pdu.pdu_type = :something_else }
74
+ end
75
+
76
+ def test_make_response
77
+ pdu = Net::SnmpPdu.new
78
+ pdu.version = 0
79
+ pdu.community = "public"
80
+ pdu.pdu_type = :get_response
81
+ pdu.request_id = 9999
82
+ pdu.error_status = 0
83
+ pdu.error_index = 0
84
+ pdu.add_variable_binding [1, 3, 6, 1, 2, 1, 1, 1, 0], "test"
85
+
86
+ assert_equal(SnmpGetResponse, pdu.to_ber_string)
87
+ end
88
+
89
+ def test_make_bad_response
90
+ pdu = Net::SnmpPdu.new
91
+ assert_raise(Net::SnmpPdu::Error) {pdu.to_ber_string}
92
+ pdu.pdu_type = :get_response
93
+ pdu.request_id = 999
94
+ pdu.to_ber_string
95
+ # Not specifying variables doesn't create an error. (Maybe it should?)
96
+ end
97
+
98
+ def test_snmp_integers
99
+ c32 = Net::SNMP::Counter32.new(100)
100
+ assert_equal("A\001d", c32.to_ber)
101
+ g32 = Net::SNMP::Gauge32.new(100)
102
+ assert_equal("B\001d", g32.to_ber)
103
+ t32 = Net::SNMP::TimeTicks32.new(100)
104
+ assert_equal("C\001d", t32.to_ber)
105
+ end
106
+
107
+ def test_community
108
+ data = SnmpGetRequestXXX.dup
109
+ ary = data.read_ber(Net::SNMP::AsnSyntax)
110
+ pdu = Net::SnmpPdu.parse(ary)
111
+ assert_equal("xxxxxx", pdu.community)
112
+ end
113
+
114
+ end
@@ -0,0 +1,101 @@
1
+ # $Id: testdata.ldif 50 2006-04-17 17:57:33Z blackhedd $
2
+ #
3
+ # This is test-data for an LDAP server in LDIF format.
4
+ #
5
+ dn: dc=bayshorenetworks,dc=com
6
+ objectClass: dcObject
7
+ objectClass: organization
8
+ o: Bayshore Networks LLC
9
+ dc: bayshorenetworks
10
+
11
+ dn: cn=Manager,dc=bayshorenetworks,dc=com
12
+ objectClass: organizationalrole
13
+ cn: Manager
14
+
15
+ dn: ou=people,dc=bayshorenetworks,dc=com
16
+ objectClass: organizationalunit
17
+ ou: people
18
+
19
+ dn: ou=privileges,dc=bayshorenetworks,dc=com
20
+ objectClass: organizationalunit
21
+ ou: privileges
22
+
23
+ dn: ou=roles,dc=bayshorenetworks,dc=com
24
+ objectClass: organizationalunit
25
+ ou: roles
26
+
27
+ dn: ou=office,dc=bayshorenetworks,dc=com
28
+ objectClass: organizationalunit
29
+ ou: office
30
+
31
+ dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
32
+ cn: Bob Fosse
33
+ mail: nogoodnik@steamheat.net
34
+ sn: Fosse
35
+ ou: people
36
+ objectClass: top
37
+ objectClass: inetorgperson
38
+ objectClass: authorizedperson
39
+ hasAccessRole: uniqueIdentifier=engineer,ou=roles
40
+ hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
41
+ hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
42
+ hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
43
+ hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
44
+ hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
45
+ hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
46
+ hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
47
+ hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
48
+ hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
49
+ hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
50
+ hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
51
+
52
+ dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
53
+ cn: Gwen Verdon
54
+ mail: elephant@steamheat.net
55
+ sn: Verdon
56
+ ou: people
57
+ objectClass: top
58
+ objectClass: inetorgperson
59
+ objectClass: authorizedperson
60
+ hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
61
+ hasAccessRole: uniqueIdentifier=engineer,ou=roles
62
+ hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
63
+ hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
64
+ hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
65
+
66
+ dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
67
+ uniqueIdentifier: engineering
68
+ ou: privileges
69
+ objectClass: accessPrivilege
70
+
71
+ dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
72
+ uniqueIdentifier: engineer
73
+ ou: roles
74
+ objectClass: accessRole
75
+ hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
76
+
77
+ dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
78
+ uniqueIdentifier: ldapadmin
79
+ ou: roles
80
+ objectClass: accessRole
81
+
82
+ dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
83
+ uniqueIdentifier: ldapsuperadmin
84
+ ou: roles
85
+ objectClass: accessRole
86
+
87
+ dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
88
+ cn: Sid Sorokin
89
+ mail: catperson@steamheat.net
90
+ sn: Sorokin
91
+ ou: people
92
+ objectClass: top
93
+ objectClass: inetorgperson
94
+ objectClass: authorizedperson
95
+ hasAccessRole: uniqueIdentifier=engineer,ou=roles
96
+ hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
97
+ hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
98
+ hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
99
+ hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
100
+ hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
101
+
@@ -0,0 +1,210 @@
1
+ # $Id$
2
+ #
3
+ # Copyright (C) 2006 by Francis Cianfrocca. All Rights Reserved.
4
+ # Gmail account: garbagecat10.
5
+ #
6
+ # This is an LDAP server intended for unit testing of Net::LDAP.
7
+ # It implements as much of the protocol as we have the stomach
8
+ # to implement but serves static data. Use ldapsearch to test
9
+ # this server!
10
+ #
11
+ # To make this easier to write, we use the Ruby/EventMachine
12
+ # reactor library.
13
+ #
14
+
15
+ #------------------------------------------------
16
+
17
+ module LdapServer
18
+
19
+ LdapServerAsnSyntax = {
20
+ :application => {
21
+ :constructed => {
22
+ 0 => :array, # LDAP BindRequest
23
+ 3 => :array # LDAP SearchRequest
24
+ },
25
+ :primitive => {
26
+ 2 => :string, # ldapsearch sends this to unbind
27
+ }
28
+ },
29
+ :context_specific => {
30
+ :primitive => {
31
+ 0 => :string, # simple auth (password)
32
+ 7 => :string # present filter
33
+ },
34
+ :constructed => {
35
+ 3 => :array # equality filter
36
+ },
37
+ }
38
+ }
39
+
40
+ def post_init
41
+ $logger.info "Accepted LDAP connection"
42
+ @authenticated = false
43
+ end
44
+
45
+ def receive_data data
46
+ @data ||= ""; @data << data
47
+ while pdu = @data.read_ber!(LdapServerAsnSyntax)
48
+ begin
49
+ handle_ldap_pdu pdu
50
+ rescue
51
+ $logger.error "closing connection due to error #{$!}"
52
+ close_connection
53
+ end
54
+ end
55
+ end
56
+
57
+ def handle_ldap_pdu pdu
58
+ tag_id = pdu[1].ber_identifier
59
+ case tag_id
60
+ when 0x60
61
+ handle_bind_request pdu
62
+ when 0x63
63
+ handle_search_request pdu
64
+ when 0x42
65
+ # bizarre thing, it's a null object (primitive application-2)
66
+ # sent by ldapsearch to request an unbind (or a kiss-off, not sure which)
67
+ close_connection_after_writing
68
+ else
69
+ $logger.error "received unknown packet-type #{tag_id}"
70
+ close_connection_after_writing
71
+ end
72
+ end
73
+
74
+ def handle_bind_request pdu
75
+ # TODO, return a proper LDAP error instead of blowing up on version error
76
+ if pdu[1][0] != 3
77
+ send_ldap_response 1, pdu[0].to_i, 2, "", "We only support version 3"
78
+ elsif pdu[1][1] != "cn=bigshot,dc=bayshorenetworks,dc=com"
79
+ send_ldap_response 1, pdu[0].to_i, 48, "", "Who are you?"
80
+ elsif pdu[1][2].ber_identifier != 0x80
81
+ send_ldap_response 1, pdu[0].to_i, 7, "", "Keep it simple, man"
82
+ elsif pdu[1][2] != "opensesame"
83
+ send_ldap_response 1, pdu[0].to_i, 49, "", "Make my day"
84
+ else
85
+ @authenticated = true
86
+ send_ldap_response 1, pdu[0].to_i, 0, pdu[1][1], "I'll take it"
87
+ end
88
+ end
89
+
90
+
91
+
92
+ #--
93
+ # Search Response ::=
94
+ # CHOICE {
95
+ # entry [APPLICATION 4] SEQUENCE {
96
+ # objectName LDAPDN,
97
+ # attributes SEQUENCE OF SEQUENCE {
98
+ # AttributeType,
99
+ # SET OF AttributeValue
100
+ # }
101
+ # },
102
+ # resultCode [APPLICATION 5] LDAPResult
103
+ # }
104
+ def handle_search_request pdu
105
+ unless @authenticated
106
+ # NOTE, early exit.
107
+ send_ldap_response 5, pdu[0].to_i, 50, "", "Who did you say you were?"
108
+ return
109
+ end
110
+
111
+ treebase = pdu[1][0]
112
+ if treebase != "dc=bayshorenetworks,dc=com"
113
+ send_ldap_response 5, pdu[0].to_i, 32, "", "unknown treebase"
114
+ return
115
+ end
116
+
117
+ msgid = pdu[0].to_i.to_ber
118
+
119
+ # pdu[1][7] is the list of requested attributes.
120
+ # If it's an empty array, that means that *all* attributes were requested.
121
+ requested_attrs = if pdu[1][7].length > 0
122
+ pdu[1][7].map {|a| a.downcase}
123
+ else
124
+ :all
125
+ end
126
+
127
+ filters = pdu[1][6]
128
+ if filters.length == 0
129
+ # NOTE, early exit.
130
+ send_ldap_response 5, pdu[0].to_i, 53, "", "No filter specified"
131
+ end
132
+
133
+ # TODO, what if this returns nil?
134
+ filter = Net::LDAP::Filter.parse_ldap_filter( filters )
135
+
136
+ $ldif.each {|dn, entry|
137
+ if filter.match( entry )
138
+ attrs = []
139
+ entry.each {|k, v|
140
+ if requested_attrs == :all or requested_attrs.include?(k.downcase)
141
+ attrvals = v.map {|v1| v1.to_ber}.to_ber_set
142
+ attrs << [k.to_ber, attrvals].to_ber_sequence
143
+ end
144
+ }
145
+
146
+ appseq = [dn.to_ber, attrs.to_ber_sequence].to_ber_appsequence(4)
147
+ pkt = [msgid.to_ber, appseq].to_ber_sequence
148
+ send_data pkt
149
+ end
150
+ }
151
+
152
+
153
+ send_ldap_response 5, pdu[0].to_i, 0, "", "Was that what you wanted?"
154
+ end
155
+
156
+
157
+
158
+ def send_ldap_response pkt_tag, msgid, code, dn, text
159
+ send_data( [msgid.to_ber, [code.to_ber, dn.to_ber, text.to_ber].to_ber_appsequence(pkt_tag) ].to_ber )
160
+ end
161
+
162
+ end
163
+
164
+
165
+ #------------------------------------------------
166
+
167
+ # Rather bogus, a global method, which reads a HARDCODED filename
168
+ # parses out LDIF data. It will be used to serve LDAP queries out of this server.
169
+ #
170
+ def load_test_data
171
+ ary = File.readlines( "./testdata.ldif" )
172
+ hash = {}
173
+ while line = ary.shift and line.chomp!
174
+ if line =~ /^dn:[\s]*/i
175
+ dn = $'
176
+ hash[dn] = {}
177
+ while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
178
+ hash[dn][$1.downcase] ||= []
179
+ hash[dn][$1.downcase] << $'
180
+ end
181
+ end
182
+ end
183
+ hash
184
+ end
185
+
186
+
187
+ #------------------------------------------------
188
+
189
+ if __FILE__ == $0
190
+
191
+ require 'rubygems'
192
+ require 'eventmachine'
193
+
194
+ require 'logger'
195
+ $logger = Logger.new $stderr
196
+
197
+ $logger.info "adding ../lib to loadpath, to pick up dev version of Net::LDAP."
198
+ $:.unshift "../lib"
199
+
200
+ $ldif = load_test_data
201
+
202
+ require 'net/ldap'
203
+
204
+ EventMachine.run {
205
+ $logger.info "starting LDAP server on 127.0.0.1 port 3890"
206
+ EventMachine.start_server "127.0.0.1", 3890, LdapServer
207
+ EventMachine.add_periodic_timer 60, proc {$logger.info "heartbeat"}
208
+ }
209
+ end
210
+
@@ -0,0 +1,101 @@
1
+ # $Id$
2
+ #
3
+ # This is test-data for an LDAP server in LDIF format.
4
+ #
5
+ dn: dc=bayshorenetworks,dc=com
6
+ objectClass: dcObject
7
+ objectClass: organization
8
+ o: Bayshore Networks LLC
9
+ dc: bayshorenetworks
10
+
11
+ dn: cn=Manager,dc=bayshorenetworks,dc=com
12
+ objectClass: organizationalrole
13
+ cn: Manager
14
+
15
+ dn: ou=people,dc=bayshorenetworks,dc=com
16
+ objectClass: organizationalunit
17
+ ou: people
18
+
19
+ dn: ou=privileges,dc=bayshorenetworks,dc=com
20
+ objectClass: organizationalunit
21
+ ou: privileges
22
+
23
+ dn: ou=roles,dc=bayshorenetworks,dc=com
24
+ objectClass: organizationalunit
25
+ ou: roles
26
+
27
+ dn: ou=office,dc=bayshorenetworks,dc=com
28
+ objectClass: organizationalunit
29
+ ou: office
30
+
31
+ dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
32
+ cn: Bob Fosse
33
+ mail: nogoodnik@steamheat.net
34
+ sn: Fosse
35
+ ou: people
36
+ objectClass: top
37
+ objectClass: inetorgperson
38
+ objectClass: authorizedperson
39
+ hasAccessRole: uniqueIdentifier=engineer,ou=roles
40
+ hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
41
+ hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
42
+ hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
43
+ hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
44
+ hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
45
+ hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
46
+ hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
47
+ hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
48
+ hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
49
+ hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
50
+ hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
51
+
52
+ dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
53
+ cn: Gwen Verdon
54
+ mail: elephant@steamheat.net
55
+ sn: Verdon
56
+ ou: people
57
+ objectClass: top
58
+ objectClass: inetorgperson
59
+ objectClass: authorizedperson
60
+ hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
61
+ hasAccessRole: uniqueIdentifier=engineer,ou=roles
62
+ hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
63
+ hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
64
+ hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
65
+
66
+ dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
67
+ uniqueIdentifier: engineering
68
+ ou: privileges
69
+ objectClass: accessPrivilege
70
+
71
+ dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
72
+ uniqueIdentifier: engineer
73
+ ou: roles
74
+ objectClass: accessRole
75
+ hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
76
+
77
+ dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
78
+ uniqueIdentifier: ldapadmin
79
+ ou: roles
80
+ objectClass: accessRole
81
+
82
+ dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
83
+ uniqueIdentifier: ldapsuperadmin
84
+ ou: roles
85
+ objectClass: accessRole
86
+
87
+ dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
88
+ cn: Sid Sorokin
89
+ mail: catperson@steamheat.net
90
+ sn: Sorokin
91
+ ou: people
92
+ objectClass: top
93
+ objectClass: inetorgperson
94
+ objectClass: authorizedperson
95
+ hasAccessRole: uniqueIdentifier=engineer,ou=roles
96
+ hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
97
+ hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
98
+ hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
99
+ hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
100
+ hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
101
+