github-ldap 1.3.3 → 1.4.0

data/test/filter_test.rb

@@ -20,7 +20,8 @@ class FilterTest < Minitest::Test
     @subject = Subject.new(@ldap)
     @me      = 'uid=calavera,dc=github,dc=com'
     @uid     = "calavera"
-    @entry   = Entry.new(@me, @uid)
+    @entry   = Net::LDAP::Entry.new(@me)
+    @entry[:uid] = @uid
   end
 
   def test_member_present
@@ -32,6 +33,11 @@ class FilterTest < Minitest::Test
                  @subject.member_filter(@entry).to_s
   end
 
+  def test_member_equal_with_string
+    assert_equal "(|(member=#{@me})(uniqueMember=#{@me}))",
+                 @subject.member_filter(@entry.dn).to_s
+  end
+
   def test_posix_member_without_uid
     @entry.uid = nil
     assert_nil @subject.posix_member_filter(@entry, @ldap.uid)
@@ -42,6 +48,11 @@ class FilterTest < Minitest::Test
                  @subject.posix_member_filter(@entry, @ldap.uid).to_s
   end
 
+  def test_posix_member_equal_string
+    assert_equal "(memberUid=#{@uid})",
+                 @subject.posix_member_filter(@uid).to_s
+  end
+
   def test_groups_reduced
     assert_equal "(|(cn=Enterprise)(cn=People))",
       @subject.group_filter(%w(Enterprise People)).to_s

data/test/fixtures/common/seed.ldif

@@ -0,0 +1,369 @@
+dn: ou=People,dc=github,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups,dc=github,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Groups
+
+# Directory Superuser
+dn: uid=admin,dc=github,dc=com
+uid: admin
+cn: system administrator
+sn: administrator
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+displayName: Directory Superuser
+userPassword: passworD1
+
+# Users 1-10
+
+dn: uid=user1,ou=People,dc=github,dc=com
+uid: user1
+cn: user1
+sn: user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user1@github.com
+
+dn: uid=user2,ou=People,dc=github,dc=com
+uid: user2
+cn: user2
+sn: user2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user2@github.com
+
+dn: uid=user3,ou=People,dc=github,dc=com
+uid: user3
+cn: user3
+sn: user3
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user3@github.com
+
+dn: uid=user4,ou=People,dc=github,dc=com
+uid: user4
+cn: user4
+sn: user4
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user4@github.com
+
+dn: uid=user5,ou=People,dc=github,dc=com
+uid: user5
+cn: user5
+sn: user5
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user5@github.com
+
+dn: uid=user6,ou=People,dc=github,dc=com
+uid: user6
+cn: user6
+sn: user6
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user6@github.com
+
+dn: uid=user7,ou=People,dc=github,dc=com
+uid: user7
+cn: user7
+sn: user7
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user7@github.com
+
+dn: uid=user8,ou=People,dc=github,dc=com
+uid: user8
+cn: user8
+sn: user8
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user8@github.com
+
+dn: uid=user9,ou=People,dc=github,dc=com
+uid: user9
+cn: user9
+sn: user9
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user9@github.com
+
+dn: uid=user10,ou=People,dc=github,dc=com
+uid: user10
+cn: user10
+sn: user10
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: user10@github.com
+
+# Emailless User
+
+dn: uid=emailless-user1,ou=People,dc=github,dc=com
+uid: emailless-user1
+cn: emailless-user1
+sn: emailless-user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+
+# Groupless User
+
+dn: uid=groupless-user1,ou=People,dc=github,dc=com
+uid: groupless-user1
+cn: groupless-user1
+sn: groupless-user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+
+# Admin User
+
+dn: uid=admin1,ou=People,dc=github,dc=com
+uid: admin1
+cn: admin1
+sn: admin1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+userPassword: passworD1
+mail: admin1@github.com
+
+# Groups
+
+dn: cn=ghe-users,ou=Groups,dc=github,dc=com
+cn: ghe-users
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=emailless-user1,ou=People,dc=github,dc=com
+
+dn: cn=all-users,ou=Groups,dc=github,dc=com
+cn: all-users
+objectClass: groupOfNames
+member: cn=ghe-users,ou=Groups,dc=github,dc=com
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+member: uid=emailless-user1,ou=People,dc=github,dc=com
+
+dn: cn=ghe-admins,ou=Groups,dc=github,dc=com
+cn: ghe-admins
+objectClass: groupOfNames
+member: uid=admin1,ou=People,dc=github,dc=com
+
+dn: cn=all-admins,ou=Groups,dc=github,dc=com
+cn: all-admins
+objectClass: groupOfNames
+member: cn=ghe-admins,ou=Groups,dc=github,dc=com
+member: uid=admin1,ou=People,dc=github,dc=com
+
+dn: cn=n-member-group10,ou=Groups,dc=github,dc=com
+cn: n-member-group10
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+
+dn: cn=nested-group1,ou=Groups,dc=github,dc=com
+cn: nested-group1
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+
+dn: cn=nested-groups,ou=Groups,dc=github,dc=com
+cn: nested-groups
+objectClass: groupOfNames
+member: cn=nested-group1,ou=Groups,dc=github,dc=com
+
+dn: cn=n-member-nested-group1,ou=Groups,dc=github,dc=com
+cn: n-member-nested-group1
+objectClass: groupOfNames
+member: cn=nested-group1,ou=Groups,dc=github,dc=com
+
+dn: cn=deeply-nested-group0.0.0,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0.0.0
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+
+dn: cn=deeply-nested-group0.0.1,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0.0.1
+objectClass: groupOfNames
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+
+dn: cn=deeply-nested-group0.0,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0.0
+objectClass: groupOfNames
+member: cn=deeply-nested-group0.0.0,ou=Groups,dc=github,dc=com
+member: cn=deeply-nested-group0.0.1,ou=Groups,dc=github,dc=com
+
+dn: cn=deeply-nested-group0,ou=Groups,dc=github,dc=com
+cn: deeply-nested-group0
+objectClass: groupOfNames
+member: cn=deeply-nested-group0.0,ou=Groups,dc=github,dc=com
+
+dn: cn=deeply-nested-groups,ou=Groups,dc=github,dc=com
+cn: deeply-nested-groups
+objectClass: groupOfNames
+member: cn=deeply-nested-group0,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group1,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group1
+objectClass: groupOfNames
+member: cn=nested-group1,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group2
+objectClass: groupOfNames
+member: cn=n-depth-nested-group1,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group3,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group3
+objectClass: groupOfNames
+member: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group4,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group4
+objectClass: groupOfNames
+member: cn=n-depth-nested-group3,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group5,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group5
+objectClass: groupOfNames
+member: cn=n-depth-nested-group4,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group6,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group6
+objectClass: groupOfNames
+member: cn=n-depth-nested-group5,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group7,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group7
+objectClass: groupOfNames
+member: cn=n-depth-nested-group6,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group8,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group8
+objectClass: groupOfNames
+member: cn=n-depth-nested-group7,ou=Groups,dc=github,dc=com
+
+dn: cn=n-depth-nested-group9,ou=Groups,dc=github,dc=com
+cn: n-depth-nested-group9
+objectClass: groupOfNames
+member: cn=n-depth-nested-group8,ou=Groups,dc=github,dc=com
+
+dn: cn=head-group,ou=Groups,dc=github,dc=com
+cn: head-group
+objectClass: groupOfNames
+member: cn=tail-group,ou=Groups,dc=github,dc=com
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=user3,ou=People,dc=github,dc=com
+member: uid=user4,ou=People,dc=github,dc=com
+member: uid=user5,ou=People,dc=github,dc=com
+
+dn: cn=tail-group,ou=Groups,dc=github,dc=com
+cn: tail-group
+objectClass: groupOfNames
+member: cn=head-group,ou=Groups,dc=github,dc=com
+member: uid=user6,ou=People,dc=github,dc=com
+member: uid=user7,ou=People,dc=github,dc=com
+member: uid=user8,ou=People,dc=github,dc=com
+member: uid=user9,ou=People,dc=github,dc=com
+member: uid=user10,ou=People,dc=github,dc=com
+
+dn: cn=recursively-nested-groups,ou=Groups,dc=github,dc=com
+cn: recursively-nested-groups
+objectClass: groupOfNames
+member: cn=head-group,ou=Groups,dc=github,dc=com
+member: cn=tail-group,ou=Groups,dc=github,dc=com
+
+# posixGroup
+
+dn: cn=posix-group1,ou=Groups,dc=github,dc=com
+cn: posix-group1
+objectClass: posixGroup
+gidNumber: 1001
+memberUid: user1
+memberUid: user2
+memberUid: user3
+memberUid: user4
+memberUid: user5
+
+# missing members
+
+dn: cn=missing-users,ou=Groups,dc=github,dc=com
+cn: missing-users
+objectClass: groupOfNames
+member: uid=user1,ou=People,dc=github,dc=com
+member: uid=user2,ou=People,dc=github,dc=com
+member: uid=nonexistent-user,ou=People,dc=github,dc=com

data/test/fixtures/openldap/memberof.ldif

@@ -0,0 +1,33 @@
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+objectClass: top
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: memberof.la
+
+dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: cn=module,cn=config
+cn: module
+objectclass: olcModuleList
+objectclass: top
+olcmoduleload: refint.la
+olcmodulepath: /usr/lib/ldap
+
+dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: {1}refint
+olcRefintAttribute: memberof member manager owner

data/test/fixtures/openldap/slapd.conf.ldif

@@ -0,0 +1,67 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcPidFile: /var/run/slapd/slapd.pid
+olcArgsFile: /var/run/slapd/slapd.args
+olcLogLevel: none
+olcToolThreads: 1
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcSizeLimit: 500
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: back_hdb
+
+dn: olcBackend=hdb,cn=config
+objectClass: olcBackendConfig
+olcBackend: hdb
+
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: hdb
+olcDbCheckpoint: 512 30
+olcDbConfig: set_cachesize 1 0 0
+olcDbConfig: set_lk_max_objects 1500
+olcDbConfig: set_lk_max_locks 1500
+olcDbConfig: set_lk_max_lockers 1500
+olcLastMod: TRUE
+olcSuffix: dc=github,dc=com
+olcDbDirectory: /var/lib/ldap
+olcRootDN: cn=admin,dc=github,dc=com
+# admin's password: "passworD1"
+olcRootPW: {SHA}LFSkM9eegU6j3PeGG7UuHrT/KZM=
+olcDbIndex: objectClass eq
+olcAccess: to attrs=userPassword,shadowLastChange
+  by self write
+  by anonymous auth
+  by dn="cn=admin,dc=github,dc=com" write
+  by * none
+olcAccess: to dn.base="" by * read
+olcAccess: to *
+  by self write
+  by dn="cn=admin,dc=github,dc=com" write
+  by * read