devise_ldap_authenticatable 0.4.2 → 0.4.3

data/README.md

@@ -7,15 +7,19 @@ If you are building applications for use within your organization which require
 
 For a screencast with an example application, please visit: [http://random-rails.blogspot.com/2010/07/ldap-authentication-with-devise.html](http://random-rails.blogspot.com/2010/07/ldap-authentication-with-devise.html)
 
+**_Please Note_**
+
+If you are using rails 2.x then use 0.1.x series of gem, and see the rails2 branch README for instructions.
+
 Requirements
 ------------
 
 - An LDAP server (tested on OpenLDAP)
-- Rails 3.0.0.beta4
+- Rails 3.0.0.rc
 
 These gems are dependencies of the gem:
 
-- Devise 1.1.rc2
+- Devise 1.1.1
 - net-ldap 0.1.1
 
 Installation
@@ -27,12 +31,12 @@ This will *only* work for Rails 3 applications.
 
 In the Gemfile for your application:
 
-    gem "devise", "1.1.rc2"
-    gem "devise_ldap_authenticatable", "0.4.2"
+    gem "devise", "1.1.1"
+    gem "devise_ldap_authenticatable", "0.4.3"
     
 To get the latest version, pull directly from github instead of the gem:
 
-    gem "devise_ldap_authenticatable", :git => "git://github.com/cschiewek/devise_ldap_authenticatable.git", :branch => "rails3"
+    gem "devise_ldap_authenticatable", :git => "git://github.com/cschiewek/devise_ldap_authenticatable.git"
 
 
 Setup
@@ -101,7 +105,36 @@ This has been tested using the following setup:
 * OpenLDAP 2.4.11
 * REE 1.8.7 (2010.02)
 
-All unit and functional tests are part of a sample rails application under test/rails_app and requires a working LDAP sever. There are config files and setup instructions under test/ldap
+All unit and functional tests are part of a sample rails application under test/rails_app and requires a working LDAP sever.
+
+Build / Start Instructions for Test LDAP Server
+-----------------------------------------------
+
+Make sure that directories test/ldap/openldap-data and test/ldap/openldap-data/run exist.
+
+  1. To start the server, run `./run_server.sh`
+  2. Add the basic structure: `ldapadd -x -h localhost -p 3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif`
+    * this creates the users / passwords:
+      * cn=admin,dc=test,com / secret
+      * cn=example.user@test.com,ou=people,dc=test,dc=com / secret
+  3. You should now be able to run the tests in test/rails_app by running: `rake`
+  
+  _For a LDAP server running SSL_
+  
+  1. To start the server, run: `./run_server.sh --ssl`
+  2. Add the basic structure: `ldapadd -x -H ldaps://localhost:3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif`
+    * this creates the users / passwords:
+      * cn=admin,dc=test,com / secret
+      * cn=example.user@test.com,ou=people,dc=test,dc=com / secret
+  3. You should now be able to run the tests in test/rails_app by running: `LDAP_SSL=true rake`
+
+**_Please Note_**
+
+In your system LDAP config file (on OSX it's /etc/openldap/ldap.conf) make sure you have the following setting:
+
+    TLS_REQCERT	never
+
+This will allow requests to go to the test LDAP server without being signed by a trusted root (it uses a self-signed cert)
 
 References
 ----------

data/VERSION

@@ -1 +1 @@
-0.4.2
+0.4.3

data/devise_ldap_authenticatable.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_ldap_authenticatable}
-  s.version = "0.4.2"
+  s.version = "0.4.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Curtis Schiewek", "Daniel McNevin"]
-  s.date = %q{2010-08-03}
+  s.date = %q{2010-08-05}
   s.description = %q{LDAP authentication module for Devise}
   s.email = %q{curtis.schiewek@gmail.com}
   s.extra_rdoc_files = [
@@ -39,8 +39,11 @@ Gem::Specification.new do |s|
      "test/ldap/clear.ldif",
      "test/ldap/local.schema",
      "test/ldap/run-server.sh",
+     "test/ldap/server.pem",
+     "test/ldap/slapd-ssl-test.conf",
      "test/ldap/slapd-test.conf",
      "test/rails_app/Gemfile",
+     "test/rails_app/Gemfile.lock",
      "test/rails_app/Rakefile",
      "test/rails_app/app/controllers/application_controller.rb",
      "test/rails_app/app/controllers/posts_controller.rb",
@@ -66,10 +69,14 @@ Gem::Specification.new do |s|
      "test/rails_app/config/initializers/secret_token.rb",
      "test/rails_app/config/initializers/session_store.rb",
      "test/rails_app/config/ldap.yml",
+     "test/rails_app/config/ldap_with_erb.yml",
      "test/rails_app/config/ldap_with_uid.yml",
      "test/rails_app/config/locales/devise.en.yml",
      "test/rails_app/config/locales/en.yml",
      "test/rails_app/config/routes.rb",
+     "test/rails_app/config/ssl_ldap.yml",
+     "test/rails_app/config/ssl_ldap_with_erb.yml",
+     "test/rails_app/config/ssl_ldap_with_uid.yml",
      "test/rails_app/db/migrate/20100708120302_create_posts.rb",
      "test/rails_app/db/migrate/20100708120448_devise_create_users.rb",
      "test/rails_app/db/schema.rb",

data/lib/devise_ldap_authenticatable/ldap_adapter.rb

@@ -26,10 +26,11 @@ module Devise
       attr_reader :ldap, :login
 
       def initialize(params = {})
-        ldap_config = YAML.load_file(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")[Rails.env]
+        ldap_config = YAML.load(ERB.new(File.read(::Devise.ldap_config || "#{Rails.root}/config/ldap.yml")).result)[Rails.env]
+        ldap_options = params
         ldap_options[:encryption] = :simple_tls if ldap_config["ssl"]
 
-        @ldap = Net::LDAP.new # (ldap_options)
+        @ldap = Net::LDAP.new(ldap_options)
         @ldap.host = ldap_config["host"]
         @ldap.port = ldap_config["port"]
         @ldap.base = ldap_config["base"]
@@ -40,7 +41,7 @@ module Devise
         @required_attributes = ldap_config["require_attribute"]
         
         @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin] 
-        
+                
         @login = params[:login]
         @password = params[:password]
         @new_password = params[:new_password]

data/lib/devise_ldap_authenticatable/version.rb

@@ -1,4 +1,4 @@
 module DeviseLdapAuthenticatable
-  VERSION = "0.4.2"
+  VERSION = "0.4.3"
 end
 

data/test/ldap/run-server.sh

@@ -1,4 +1,10 @@
+#!/usr/bin/env bash
+
 ## For OSX:
 PATH=$PATH:/usr/libexec
 
-slapd -d 1 -f slapd-test.conf -h ldap://localhost:3389
+if [[ $1 == "--ssl" ]]; then
+    slapd -d 1 -f slapd-ssl-test.conf -h ldaps://localhost:3389
+  else
+    slapd -d 1 -f slapd-test.conf -h ldap://localhost:3389 
+fi

data/test/ldap/server.pem

@@ -0,0 +1,38 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC/hxFetCTh++3sEwchxuscH5TID0Wj2S/heBjY6RuK5rPrAcUg
+rA7jFEFilEQYpfGe3LIMBkr5pP4aR1NrLuvKZaHuBvRLwOcU7SbuFQ3FQLaJA3UK
+E2IOH9wMg1BMcG1WbzB1nKc650omKo7KqOAIYFFVq3gzlDRUmHF6dCAnvwIDAQAB
+AoGAcOBJfGbu1cCEF/2e1mlFZu214bIeeNInRdphynSXpuUQZBBG/Vpp66qkXlTD
+TUN/gwDObgfHaBm1KAehQioFC9ys1Iymlt8IeRYXH9Tkl7URe30QGAGjdIPohWpZ
+xl/aMrpQVvQukaStRNoJXA32j+tuR2KbxAK6bu9iLzXvCQECQQD6AOzHVDB06ZjF
+iJYB1/CyZBg0Q2aIOwGXwle1t1O7q6nJ6UWkurQF/inBdJdE5SWNEzYsI1tEP0n2
+1ZBIWQxtAkEAxB8WgFjRqYdmUYGQ1k8yxMUTLbZFd6t2UZyB/LAw9CtjH9lrU0z9
+81UK/ywVHkoDDPHbFyvd1jludqbz+suRWwJBAPEL9UCXfwUquf8zm5b5cv09n0y8
+895ELlv5qQHvWg+oC1Q/08NptOvWTMJXPQbTfepQ7LmP+Y6LCzCwZ6YqHd0CQFiW
+flB9Tj9YhNQ+RVE4twMAzhfw5FIY5joZCvI8F/DDBGRnjj4zYeafPHdkzyk+X0Bi
+owdFblAM4yO/aCeZ+k8CQQDdBi+WnpaaSL0NXmAb6+7aQRZ/Gc2O9S2JL/Fxw4EQ
+i7KTRdH/d6Db9SeQEc/uCbJW7fM4KbZcjFdncHFytakt
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAyugAwIBAgIJAP+plC/uCHKkMA0GCSqGSIb3DQEBBQUAMIGdMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkFsZXhhbmRyaWEx
+DTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QxJDAiBgNVBAMUG2RldmlzZV9s
+ZGFwX2F1dGhlbnRpY2F0YWJsZTEiMCAGCSqGSIb3DQEJARYTZHBtY25ldmluQGdt
+YWlsLmNvbTAeFw0xMDA4MDUyMTU1MDVaFw0xMTA4MDUyMTU1MDVaMIGdMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkFsZXhhbmRyaWEx
+DTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QxJDAiBgNVBAMUG2RldmlzZV9s
+ZGFwX2F1dGhlbnRpY2F0YWJsZTEiMCAGCSqGSIb3DQEJARYTZHBtY25ldmluQGdt
+YWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv4cRXrQk4fvt7BMH
+IcbrHB+UyA9Fo9kv4XgY2Okbiuaz6wHFIKwO4xRBYpREGKXxntyyDAZK+aT+GkdT
+ay7rymWh7gb0S8DnFO0m7hUNxUC2iQN1ChNiDh/cDINQTHBtVm8wdZynOudKJiqO
+yqjgCGBRVat4M5Q0VJhxenQgJ78CAwEAAaOCAQYwggECMB0GA1UdDgQWBBRcCNxq
+0PNXgMfYN2RQ2uIrBY03ADCB0gYDVR0jBIHKMIHHgBRcCNxq0PNXgMfYN2RQ2uIr
+BY03AKGBo6SBoDCBnTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMw
+EQYDVQQHEwpBbGV4YW5kcmlhMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0
+MSQwIgYDVQQDFBtkZXZpc2VfbGRhcF9hdXRoZW50aWNhdGFibGUxIjAgBgkqhkiG
+9w0BCQEWE2RwbWNuZXZpbkBnbWFpbC5jb22CCQD/qZQv7ghypDAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBBQUAA4GBABjztpAgr6QxVCNxhgklrILH+RLxww3dgdra
+J6C6pXl9lbM+XIWiUtzD3Y8z2+tkJtjWCCN7peM2OYFvdChIvRz8XoxHqNB9W8wj
+xZOqBHN8MdI1g6PCD5Z8lK1TDvchTeskqCulE6tMHKaslByhfZS94uWY+NG5JY/Z
+traWmtWh
+-----END CERTIFICATE-----

data/test/ldap/slapd-ssl-test.conf

@@ -0,0 +1,107 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/inetorgperson.schema
+include		/etc/openldap/schema/nis.schema
+
+## Local definitions
+# include		/etc/openldap/schema/local.schema
+include   local.schema
+
+# Allow LDAPv2 client connections.  This is NOT the default.
+allow bind_v2
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+pidfile         openldap-data/run/slapd.pid
+argsfile        openldap-data/run/slapd.args
+
+# Load dynamic backend modules:
+modulepath	/usr/lib/openldap
+
+# modules available in openldap-servers-overlays RPM package:
+# moduleload accesslog.la
+# moduleload auditlog.la
+# moduleload denyop.la
+# moduleload dyngroup.la
+# moduleload dynlist.la
+# moduleload lastmod.la
+# moduleload pcache.la
+# moduleload ppolicy.la
+# moduleload refint.la
+# moduleload retcode.la
+# moduleload rwm.la
+# moduleload smbk5pwd.la
+# moduleload syncprov.la
+# moduleload translucent.la
+# moduleload unique.la
+# moduleload valsort.la
+
+# modules available in openldap-servers-sql RPM package:
+# moduleload back_sql.la
+
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it.  Your client software
+# may balk at self-signed certificates, however.
+
+## For LDAPS
+TLSCACertificateFile server.pem
+TLSCertificateFile server.pem
+TLSCertificateKeyFile server.pem
+
+# TLSVerifyClient never
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+
+# access to dn.base="dc=esc" by * read
+# access to dn.base="cn=Subschema" by * read
+access to *
+	by self write
+	by * read
+	by anonymous auth
+
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# ldbm and/or bdb database definitions
+#######################################################################
+
+database	bdb
+
+suffix          "dc=test,dc=com"
+directory       openldap-data
+rootdn          "cn=admin,dc=test,dc=com"
+## rootpw = secret
+rootpw          {SSHA}fFjKcZb4cfOAcwSjJer8nCGOEVRUnwCC
+
+# Indices to maintain for this database
+index objectClass                       eq,pres
+index ou,cn,mail,surname,givenname      eq,pres,sub
+index uidNumber,gidNumber,loginShell    eq,pres
+index uid,memberUid                     eq,pres,sub
+index nisMapName,nisMapEntry            eq,pres,sub

data/test/ldap/slapd-test.conf

@@ -51,10 +51,11 @@ modulepath	/usr/lib/openldap
 # slapd.pem so that the ldap user or group can read it.  Your client software
 # may balk at self-signed certificates, however.
 
-# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
-# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
-# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
-
+# ## For LDAPS
+# TLSCACertificateFile server.pem
+# TLSCertificateFile server.pem
+# TLSCertificateKeyFile server.pem
+# 
 # TLSVerifyClient demand
 
 # Sample security restrictions

data/test/rails_app/Gemfile

@@ -3,7 +3,7 @@ source 'http://rubygems.org'
 gem 'rails', '3.0.0.rc'
 gem 'sqlite3-ruby', :require => 'sqlite3'
 
-gem "devise", "1.1.rc2"
+gem "devise", "1.1.1"
 gem "devise_ldap_authenticatable", :path => "../../"
 
 group :test do

data/test/rails_app/Gemfile.lock

@@ -0,0 +1,157 @@
+PATH
+  remote: /Users/dpmcnevin/Rails/devise_ldap_authenticatable
+  specs:
+    devise_ldap_authenticatable (0.4.2)
+      devise (> 1.0.4)
+      net-ldap (>= 0.1.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    ZenTest (4.3.3)
+    abstract (1.0.0)
+    actionmailer (3.0.0.rc)
+      actionpack (= 3.0.0.rc)
+      mail (~> 2.2.5)
+    actionpack (3.0.0.rc)
+      activemodel (= 3.0.0.rc)
+      activesupport (= 3.0.0.rc)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.4.1)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.9)
+      rack-test (~> 0.5.4)
+      tzinfo (~> 0.3.22)
+    activemodel (3.0.0.rc)
+      activesupport (= 3.0.0.rc)
+      builder (~> 2.1.2)
+      i18n (~> 0.4.1)
+    activerecord (3.0.0.rc)
+      activemodel (= 3.0.0.rc)
+      activesupport (= 3.0.0.rc)
+      arel (~> 0.4.0)
+      tzinfo (~> 0.3.22)
+    activeresource (3.0.0.rc)
+      activemodel (= 3.0.0.rc)
+      activesupport (= 3.0.0.rc)
+    activesupport (3.0.0.rc)
+    arel (0.4.0)
+      activesupport (>= 3.0.0.beta)
+    autotest (4.3.2)
+    autotest-growl (0.2.4)
+      autotest (>= 4.2.4)
+    autotest-rails (4.1.0)
+      ZenTest
+    bcrypt-ruby (2.1.2)
+    builder (2.1.2)
+    capybara (0.3.9)
+      culerity (>= 0.2.4)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (>= 0.0.3)
+    columnize (0.3.1)
+    configuration (1.1.0)
+    cucumber (0.8.5)
+      builder (~> 2.1.2)
+      diff-lcs (~> 1.1.2)
+      gherkin (~> 2.1.4)
+      json_pure (~> 1.4.3)
+      term-ansicolor (~> 1.0.4)
+    cucumber-rails (0.3.2)
+      cucumber (>= 0.8.0)
+    culerity (0.2.10)
+    database_cleaner (0.5.2)
+    devise (1.1.1)
+      bcrypt-ruby (~> 2.1.2)
+      warden (~> 0.10.7)
+    diff-lcs (1.1.2)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    factory_girl (1.3.1)
+    factory_girl_rails (1.0)
+      factory_girl (~> 1.3)
+      rails (>= 3.0.0.beta4)
+    ffi (0.6.3)
+      rake (>= 0.8.7)
+    gherkin (2.1.5)
+      trollop (~> 1.16.2)
+    i18n (0.4.1)
+    json_pure (1.4.3)
+    launchy (0.3.7)
+      configuration (>= 0.0.5)
+      rake (>= 0.8.1)
+    linecache (0.43)
+    mail (2.2.5)
+      activesupport (>= 2.3.6)
+      mime-types
+      treetop (>= 1.4.5)
+    mime-types (1.16)
+    mocha (0.9.8)
+      rake
+    net-ldap (0.1.1)
+    nokogiri (1.4.3.1)
+    polyglot (0.3.1)
+    rack (1.2.1)
+    rack-mount (0.6.9)
+      rack (>= 1.0.0)
+    rack-test (0.5.4)
+      rack (>= 1.0)
+    rails (3.0.0.rc)
+      actionmailer (= 3.0.0.rc)
+      actionpack (= 3.0.0.rc)
+      activerecord (= 3.0.0.rc)
+      activeresource (= 3.0.0.rc)
+      activesupport (= 3.0.0.rc)
+      bundler (>= 1.0.0.rc.1)
+      railties (= 3.0.0.rc)
+    railties (3.0.0.rc)
+      actionpack (= 3.0.0.rc)
+      activesupport (= 3.0.0.rc)
+      rake (>= 0.8.3)
+      thor (~> 0.14.0)
+    rake (0.8.7)
+    redgreen (1.2.2)
+    ruby-debug (0.10.3)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.3.0)
+    ruby-debug-base (0.10.3)
+      linecache (>= 0.3)
+    rubyzip (0.9.4)
+    selenium-webdriver (0.0.27)
+      ffi (>= 0.6.1)
+      json_pure
+      rubyzip
+    shoulda (2.11.1)
+    sqlite3-ruby (1.3.1)
+    term-ansicolor (1.0.5)
+    thor (0.14.0)
+    treetop (1.4.8)
+      polyglot (>= 0.3.1)
+    trollop (1.16.2)
+    tzinfo (0.3.22)
+    warden (0.10.7)
+      rack (>= 1.0.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  ZenTest
+  autotest-growl
+  autotest-rails
+  capybara
+  cucumber-rails
+  database_cleaner
+  devise (= 1.1.1)
+  devise_ldap_authenticatable!
+  factory_girl_rails
+  launchy
+  mocha
+  rails (= 3.0.0.rc)
+  redgreen
+  ruby-debug
+  shoulda
+  sqlite3-ruby

data/test/rails_app/config/ldap.yml

@@ -1,15 +1,3 @@
-## Build / start instructions for LDAP
-
-# cd test/ldap
-# mkdir openldap-data
-# mkdir openldap-data/run
-# ./run-server.sh &
-# ldapadd -h localhost -p 3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif
-# 
-# this creates the users:
-#   cn=admin,dc=test,com / secret
-#   cn=example.user@test.com,ou=people,dc=test,dc=com / secret
-
 authorizations: &AUTHORIZATIONS
   ## Authorization
   group_base: ou=groups,dc=test,dc=com

data/test/rails_app/config/ldap_with_erb.yml

@@ -0,0 +1,23 @@
+<% @base = "dc=test,dc=com" %>
+
+authorizations: &AUTHORIZATIONS
+  ## Authorization
+  group_base: <%= "ou=groups,#{@base}" %>
+  required_groups:
+    - cn=admins,<%= "ou=groups,#{@base}" %>
+  require_attribute:
+    objectClass: inetOrgPerson
+    authorizationRole: blogAdmin
+    
+test: &TEST
+  host: <%= "localhost" %>
+  port: 3389
+  attribute: cn
+  base: <%= "ou=people,#{@base}" %>
+  admin_user: <%= "cn=admin,#{@base}" %>
+  admin_password: secret
+  ssl: false
+  <<: *AUTHORIZATIONS
+  
+development:
+  <<: *TEST

data/test/rails_app/config/ldap_with_uid.yml

@@ -1,15 +1,3 @@
-## Build / start instructions for LDAP
-
-# cd test/ldap
-# mkdir openldap-data
-# mkdir openldap-data/run
-# ./run-server.sh &
-# ldapadd -h localhost -p 3389 -x -D "cn=admin,dc=test,dc=com" -w secret -f base.ldif
-# 
-# this creates the users:
-#   cn=admin,dc=test,com / secret
-#   cn=example.user@test.com,ou=people,dc=test,dc=com / secret
-
 authorizations: &AUTHORIZATIONS
   ## Authorization
   group_base: ou=groups,dc=test,dc=com

data/test/rails_app/config/ssl_ldap.yml

@@ -0,0 +1,21 @@
+authorizations: &AUTHORIZATIONS
+  ## Authorization
+  group_base: ou=groups,dc=test,dc=com
+  required_groups:
+    - cn=admins,ou=groups,dc=test,dc=com
+  require_attribute:
+    objectClass: inetOrgPerson
+    authorizationRole: blogAdmin
+    
+test: &TEST
+  host: localhost
+  port: 3389
+  attribute: cn
+  base: ou=people,dc=test,dc=com
+  admin_user: cn=admin,dc=test,dc=com
+  admin_password: secret
+  ssl: true
+  <<: *AUTHORIZATIONS
+  
+development:
+  <<: *TEST

data/test/rails_app/config/ssl_ldap_with_erb.yml

@@ -0,0 +1,23 @@
+<% @base = "dc=test,dc=com" %>
+
+authorizations: &AUTHORIZATIONS
+  ## Authorization
+  group_base: <%= "ou=groups,#{@base}" %>
+  required_groups:
+    - cn=admins,<%= "ou=groups,#{@base}" %>
+  require_attribute:
+    objectClass: inetOrgPerson
+    authorizationRole: blogAdmin
+    
+test: &TEST
+  host: <%= "localhost" %>
+  port: 3389
+  attribute: cn
+  base: <%= "ou=people,#{@base}" %>
+  admin_user: <%= "cn=admin,#{@base}" %>
+  admin_password: secret
+  ssl: true
+  <<: *AUTHORIZATIONS
+  
+development:
+  <<: *TEST

data/test/rails_app/config/ssl_ldap_with_uid.yml

@@ -0,0 +1,18 @@
+authorizations: &AUTHORIZATIONS
+  ## Authorization
+  group_base: ou=groups,dc=test,dc=com
+  required_groups:
+    - cn=admins,ou=groups,dc=test,dc=com
+  require_attribute:
+    objectClass: inetOrgPerson
+    authorizationRole: blogAdmin
+    
+test:
+  host: localhost
+  port: 3389
+  attribute: uid
+  base: ou=people,dc=test,dc=com
+  admin_user: cn=admin,dc=test,dc=com
+  admin_password: secret
+  ssl: true
+  <<: *AUTHORIZATIONS

data/test/rails_app/features/manage_logins.feature

@@ -4,6 +4,7 @@ Feature: Manage logins
   I want to login with LDAP
 
   Background:
+    Given I check for SSL
     Given the following logins:
       | email                 | password |
       | example.user@test.com | secret  |

data/test/rails_app/features/step_definitions/login_steps.rb

@@ -4,6 +4,10 @@ Given /^the following logins:$/ do |logins|
   end
 end
 
+Given /^I check for SSL$/ do
+  ::Devise.ldap_config = "#{Rails.root}/config/ssl_ldap.yml" if ENV["LDAP_SSL"]
+end
+
 When /^I delete the (\d+)(?:st|nd|rd|th) login$/ do |pos|
   visit logins_path
   within("table tr:nth-child(#{pos.to_i+1})") do
@@ -14,3 +18,4 @@ end
 Then /^I should see the following logins:$/ do |expected_logins_table|
   expected_logins_table.diff!(tableish('table tr', 'td,th'))
 end
+

data/test/rails_app/test/test_helper.rb

@@ -5,15 +5,20 @@ require 'rails/test_help'
 class ActiveSupport::TestCase
   
   def reset_ldap_server!
-    `ldapmodify -x -h localhost -p 3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/clear.ldif`
-    `ldapadd -x -h localhost -p 3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/base.ldif`
+    if ENV["LDAP_SSL"]
+      `ldapmodify -x -H ldaps://localhost:3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/clear.ldif`
+      `ldapadd -x -H ldaps://localhost:3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/base.ldif`
+    else
+      `ldapmodify -x -h localhost -p 3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/clear.ldif`
+      `ldapadd -x -h localhost -p 3389 -D "cn=admin,dc=test,dc=com" -w secret -f ../ldap/base.ldif`
+    end
   end
   
   def default_devise_settings!
     ::Devise.ldap_logger = true
     ::Devise.ldap_create_user = false
     ::Devise.ldap_update_password = true
-    ::Devise.ldap_config = "#{Rails.root}/config/ldap.yml"
+    ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap.yml"
     ::Devise.ldap_check_group_membership = false
     ::Devise.ldap_check_attributes = false
     ::Devise.authentication_keys = [:email]

data/test/rails_app/test/unit/user_test.rb

@@ -12,8 +12,8 @@ class UserTest < ActiveSupport::TestCase
 
   context "With default settings" do
     setup do
-      reset_ldap_server!
       default_devise_settings!
+      reset_ldap_server!
     end
   
     context "create a basic user" do
@@ -137,9 +137,9 @@ class UserTest < ActiveSupport::TestCase
   
   context "use uid for login" do
     setup do
-      reset_ldap_server!
       default_devise_settings!
-      ::Devise.ldap_config = "#{Rails.root}/config/ldap_with_uid.yml"
+      reset_ldap_server!
+      ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_uid.yml"
       ::Devise.authentication_keys = [:uid]
     end
 
@@ -168,5 +168,26 @@ class UserTest < ActiveSupport::TestCase
     end    
   end
   
+  context "using ERB in the config file" do
+    setup do
+      default_devise_settings!
+      reset_ldap_server!
+      ::Devise.ldap_config = "#{Rails.root}/config/#{"ssl_" if ENV["LDAP_SSL"]}ldap_with_erb.yml"
+    end
+
+    context "authenticate" do
+      setup do
+        @admin = Factory(:admin)
+        @user = Factory(:user)
+      end
+
+      should "be able to authenticate" do
+        should_be_validated @user, "secret"
+        should_be_validated @admin, "admin_secret"
+      end
+    end
+  end
+  
+  
   
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_ldap_authenticatable
 version: !ruby/object:Gem::Version 
-  hash: 11
+  hash: 9
   prerelease: false
   segments: 
   - 0
   - 4
-  - 2
-  version: 0.4.2
+  - 3
+  version: 0.4.3
 platform: ruby
 authors: 
 - Curtis Schiewek
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-03 00:00:00 -04:00
+date: 2010-08-05 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -83,8 +83,11 @@ files:
 - test/ldap/clear.ldif
 - test/ldap/local.schema
 - test/ldap/run-server.sh
+- test/ldap/server.pem
+- test/ldap/slapd-ssl-test.conf
 - test/ldap/slapd-test.conf
 - test/rails_app/Gemfile
+- test/rails_app/Gemfile.lock
 - test/rails_app/Rakefile
 - test/rails_app/app/controllers/application_controller.rb
 - test/rails_app/app/controllers/posts_controller.rb
@@ -110,10 +113,14 @@ files:
 - test/rails_app/config/initializers/secret_token.rb
 - test/rails_app/config/initializers/session_store.rb
 - test/rails_app/config/ldap.yml
+- test/rails_app/config/ldap_with_erb.yml
 - test/rails_app/config/ldap_with_uid.yml
 - test/rails_app/config/locales/devise.en.yml
 - test/rails_app/config/locales/en.yml
 - test/rails_app/config/routes.rb
+- test/rails_app/config/ssl_ldap.yml
+- test/rails_app/config/ssl_ldap_with_erb.yml
+- test/rails_app/config/ssl_ldap_with_uid.yml
 - test/rails_app/db/migrate/20100708120302_create_posts.rb
 - test/rails_app/db/migrate/20100708120448_devise_create_users.rb
 - test/rails_app/db/schema.rb