RubyGems - github-ldap - Versions diffs - 1.3.3 → 1.4.0 - Mend

github-ldap 1.3.3 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

checksums.yaml +4 -4
data/.travis.yml +15 -2
data/CHANGELOG.md +13 -0
data/Gemfile +4 -0
data/README.md +15 -1
data/Rakefile +1 -1
data/github-ldap.gemspec +2 -2
data/lib/github/ldap.rb +55 -12
data/lib/github/ldap/domain.rb +6 -2
data/lib/github/ldap/filter.rb +15 -7
data/lib/github/ldap/group.rb +1 -1
data/lib/github/ldap/instrumentation.rb +28 -0
data/lib/github/ldap/membership_validators.rb +18 -0
data/lib/github/ldap/membership_validators/active_directory.rb +56 -0
data/lib/github/ldap/membership_validators/base.rb +37 -0
data/lib/github/ldap/membership_validators/classic.rb +34 -0
data/lib/github/ldap/membership_validators/recursive.rb +93 -0
data/lib/github/ldap/server.rb +2 -0
data/script/changelog +29 -0
data/script/cibuild-apacheds +7 -0
data/script/cibuild-openldap +7 -0
data/script/install-openldap +44 -0
data/script/package +7 -0
data/script/release +16 -0
data/test/domain_test.rb +71 -89
data/test/filter_test.rb +12 -1
data/test/fixtures/common/seed.ldif +369 -0
data/test/fixtures/openldap/memberof.ldif +33 -0
data/test/fixtures/openldap/slapd.conf.ldif +67 -0
data/test/fixtures/posixGroup.schema.ldif +34 -8
data/test/group_test.rb +19 -25
data/test/ldap_test.rb +28 -21
data/test/membership_validators/active_directory_test.rb +68 -0
data/test/membership_validators/classic_test.rb +51 -0
data/test/membership_validators/recursive_test.rb +56 -0
data/test/membership_validators_test.rb +46 -0
data/test/posix_group_test.rb +25 -28
data/test/support/vm/openldap/.gitignore +1 -0
data/test/support/vm/openldap/README.md +32 -0
data/test/support/vm/openldap/Vagrantfile +35 -0
data/test/test_helper.rb +72 -10
metadata +52 -27
data/test/fixtures/github-with-looped-subgroups.ldif +0 -82
data/test/fixtures/github-with-missing-entries.ldif +0 -85
data/test/fixtures/github-with-posixGroups.ldif +0 -50
data/test/fixtures/github-with-subgroups.ldif +0 -146

data/test/filter_test.rb CHANGED Viewed

@@ -20,7 +20,8 @@ class FilterTest < Minitest::Test
     @subject = Subject.new(@ldap)
     @me      = 'uid=calavera,dc=github,dc=com'
     @uid     = "calavera"
-    @entry   = Entry.new(@me, @uid)
+    @entry   = Net::LDAP::Entry.new(@me)
+    @entry[:uid] = @uid
   end
   def test_member_present
@@ -32,6 +33,11 @@ class FilterTest < Minitest::Test
                  @subject.member_filter(@entry).to_s
   end
+  def test_member_equal_with_string
+    assert_equal "(|(member=#{@me})(uniqueMember=#{@me}))",
+                 @subject.member_filter(@entry.dn).to_s
+  end
   def test_posix_member_without_uid
     @entry.uid = nil
     assert_nil @subject.posix_member_filter(@entry, @ldap.uid)
@@ -42,6 +48,11 @@ class FilterTest < Minitest::Test
                  @subject.posix_member_filter(@entry, @ldap.uid).to_s
   end
+  def test_posix_member_equal_string
+    assert_equal "(memberUid=#{@uid})",
+                 @subject.posix_member_filter(@uid).to_s
+  end
   def test_groups_reduced
     assert_equal "(|(cn=Enterprise)(cn=People))",
       @subject.group_filter(%w(Enterprise People)).to_s

data/test/fixtures/common/seed.ldif ADDED Viewed

@@ -0,0 +1,369 @@
+dn: ou=People,dc=github,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: People
+dn: ou=Groups,dc=github,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Groups
+# Directory Superuser
+dn: uid=admin,dc=github,dc=com
+uid: admin
+cn: system administrator
+sn: administrator
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+displayName: Directory Superuser
+userPassword: passworD1
+# Users 1-10
+dn: uid=user1,ou=People,dc=github,dc=com
+uid: user1
+cn: user1
+sn: user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user1@github.com
+dn: uid=user2,ou=People,dc=github,dc=com
+uid: user2
+cn: user2
+sn: user2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user2@github.com
+dn: uid=user3,ou=People,dc=github,dc=com
+uid: user3
+cn: user3
+sn: user3
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user3@github.com
+dn: uid=user4,ou=People,dc=github,dc=com
+uid: user4
+cn: user4
+sn: user4
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user4@github.com
+dn: uid=user5,ou=People,dc=github,dc=com
+uid: user5
+cn: user5
+sn: user5
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user5@github.com
+dn: uid=user6,ou=People,dc=github,dc=com
+uid: user6
+cn: user6
+sn: user6
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user6@github.com
+dn: uid=user7,ou=People,dc=github,dc=com
+uid: user7
+cn: user7
+sn: user7
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user7@github.com
+dn: uid=user8,ou=People,dc=github,dc=com
+uid: user8
+cn: user8
+sn: user8
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user8@github.com
+dn: uid=user9,ou=People,dc=github,dc=com
+uid: user9
+cn: user9
+sn: user9
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user9@github.com
+dn: uid=user10,ou=People,dc=github,dc=com
+uid: user10
+cn: user10
+sn: user10
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user10@github.com
+# Emailless User
+dn: uid=emailless-user1,ou=People,dc=github,dc=com
+uid: emailless-user1
+cn: emailless-user1
+sn: emailless-user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+# Groupless User
+dn: uid=groupless-user1,ou=People,dc=github,dc=com
+uid: groupless-user1
+cn: groupless-user1
+sn: groupless-user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+# Admin User
+dn: uid=admin1,ou=People,dc=github,dc=com
+uid: admin1
+cn: admin1
+sn: admin1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: admin1@github.com
+# Groups
+dn: cn=ghe-users,ou=Groups,dc=github,dc=com
+cn: ghe-users
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=emailless-user1,ou=People,dc=github,dc=com
+dn: cn=all-users,ou=Groups,dc=github,dc=com
+cn: all-users
+objectClass: groupOfNames
+member: cn=ghe-users,ou=Groups,dc=github,dc=com
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+member: uid=emailless-user1,ou=People,dc=github,dc=com
+dn: cn=ghe-admins,ou=Groups,dc=github,dc=com
+cn: ghe-admins
+objectClass: groupOfNames
+member: uid=admin1,ou=People,dc=github,dc=com
+dn: cn=all-admins,ou=Groups,dc=github,dc=com
+cn: all-admins
+objectClass: groupOfNames
+member: cn=ghe-admins,ou=Groups,dc=github,dc=com
+member: uid=admin1,ou=People,dc=github,dc=com
+dn: cn=n-member-group10,ou=Groups,dc=github,dc=com
+cn: n-member-group10
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+dn: cn=nested-group1,ou=Groups,dc=github,dc=com
+cn: nested-group1
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+dn: cn=nested-groups,ou=Groups,dc=github,dc=com
+cn: nested-groups
+objectClass: groupOfNames
+member: cn=nested-group1,ou=Groups,dc=github,dc=com
+dn: cn=n-member-nested-group1,ou=Groups,dc=github,dc=com
+cn: n-member-nested-group1
+objectClass: groupOfNames
+member: cn=nested-group1,ou=Groups,dc=github,dc=com
+dn: cn=deeply-nested-group0.0.0,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0.0.0
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+dn: cn=deeply-nested-group0.0.1,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0.0.1
+objectClass: groupOfNames
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+dn: cn=deeply-nested-group0.0,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0.0
+objectClass: groupOfNames
+member: cn=deeply-nested-group0.0.0,ou=Groups,dc=github,dc=com
+member: cn=deeply-nested-group0.0.1,ou=Groups,dc=github,dc=com
+dn: cn=deeply-nested-group0,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0
+objectClass: groupOfNames
+member: cn=deeply-nested-group0.0,ou=Groups,dc=github,dc=com
+dn: cn=deeply-nested-groups,ou=Groups,dc=github,dc=com
+cn: deeply-nested-groups
+objectClass: groupOfNames
+member: cn=deeply-nested-group0,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group1,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group1
+objectClass: groupOfNames
+member: cn=nested-group1,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group2
+objectClass: groupOfNames
+member: cn=n-depth-nested-group1,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group3,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group3
+objectClass: groupOfNames
+member: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group4,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group4
+objectClass: groupOfNames
+member: cn=n-depth-nested-group3,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group5,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group5
+objectClass: groupOfNames
+member: cn=n-depth-nested-group4,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group6,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group6
+objectClass: groupOfNames
+member: cn=n-depth-nested-group5,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group7,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group7
+objectClass: groupOfNames
+member: cn=n-depth-nested-group6,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group8,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group8
+objectClass: groupOfNames
+member: cn=n-depth-nested-group7,ou=Groups,dc=github,dc=com
+dn: cn=n-depth-nested-group9,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group9
+objectClass: groupOfNames
+member: cn=n-depth-nested-group8,ou=Groups,dc=github,dc=com
+dn: cn=head-group,ou=Groups,dc=github,dc=com
+cn: head-group
+objectClass: groupOfNames
+member: cn=tail-group,ou=Groups,dc=github,dc=com
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+dn: cn=tail-group,ou=Groups,dc=github,dc=com
+cn: tail-group
+objectClass: groupOfNames
+member: cn=head-group,ou=Groups,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+dn: cn=recursively-nested-groups,ou=Groups,dc=github,dc=com
+cn: recursively-nested-groups
+objectClass: groupOfNames
+member: cn=head-group,ou=Groups,dc=github,dc=com
+member: cn=tail-group,ou=Groups,dc=github,dc=com
+# posixGroup
+dn: cn=posix-group1,ou=Groups,dc=github,dc=com
+cn: posix-group1
+objectClass: posixGroup
+gidNumber: 1001
+memberUid: user1
+memberUid: user2
+memberUid: user3
+memberUid: user4
+memberUid: user5
+# missing members
+dn: cn=missing-users,ou=Groups,dc=github,dc=com
+cn: missing-users
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=nonexistent-user,ou=People,dc=github,dc=com

data/test/fixtures/openldap/memberof.ldif ADDED Viewed

@@ -0,0 +1,33 @@
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+objectClass: top
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: memberof.la
+dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+dn: cn=module,cn=config
+cn: module
+objectclass: olcModuleList
+objectclass: top
+olcmoduleload: refint.la
+olcmodulepath: /usr/lib/ldap
+dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: {1}refint
+olcRefintAttribute: memberof member manager owner

data/test/fixtures/openldap/slapd.conf.ldif ADDED Viewed

@@ -0,0 +1,67 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcPidFile: /var/run/slapd/slapd.pid
+olcArgsFile: /var/run/slapd/slapd.args
+olcLogLevel: none
+olcToolThreads: 1
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcSizeLimit: 500
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: back_hdb
+dn: olcBackend=hdb,cn=config
+objectClass: olcBackendConfig
+olcBackend: hdb
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: hdb
+olcDbCheckpoint: 512 30
+olcDbConfig: set_cachesize 1 0 0
+olcDbConfig: set_lk_max_objects 1500
+olcDbConfig: set_lk_max_locks 1500
+olcDbConfig: set_lk_max_lockers 1500
+olcLastMod: TRUE
+olcSuffix: dc=github,dc=com
+olcDbDirectory: /var/lib/ldap
+olcRootDN: cn=admin,dc=github,dc=com
+# admin's password: "passworD1"
+olcRootPW: {SHA}LFSkM9eegU6j3PeGG7UuHrT/KZM=
+olcDbIndex: objectClass eq
+olcAccess: to attrs=userPassword,shadowLastChange
+  by self write
+  by anonymous auth
+  by dn="cn=admin,dc=github,dc=com" write
+  by * none
+olcAccess: to dn.base="" by * read
+olcAccess: to *
+  by self write
+  by dn="cn=admin,dc=github,dc=com" write
+  by * read