github-ldap 1.4.0 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 053a59e45e7ee63a06ee943da318bf9362455306
-  data.tar.gz: d2b435150ad904b336490fa9e5bc863b6ab6d38d
+  metadata.gz: f94f5af944845beec077b7ae4f67f73bcdcd3324
+  data.tar.gz: d0cbf4bb74c1fedfce35a886967b084061c95cfb
 SHA512:
-  metadata.gz: 195ae9040327fb236460618d6efeaf5588f07d33edc06220d312790643d81b6892ec063045dac7e4de5dd73444e8cead35baf1555ed57659855d519d0e297a15
-  data.tar.gz: a5a047f799e6653cfbfc83749ed452ea2e3b0af1452930cdae78b51bf94461ce0bbb23ebe5a2b1672f348a1826a21633552680ae16cff56ddfffcc0a249e1b07
+  metadata.gz: cd8ca33063aff485c5e0d4df63ca8e5d6c83641d202d3dddc02ace9d373710e511f152197a2d9c36e71e9dfe67ce56692859183a7ced2fe7fb847caeb2fcc1bb
+  data.tar.gz: 75a413369b9d935499bae900382569314b90f71259ac5b813cd059328ca92f6533acdb106947c7d9139228f4f3597599d405a4be5bada4609d1aaef7e43c521d

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## v1.5.0
+
+* Automatically detect membership validator strategy by default [#58](https://github.com/github/github-ldap/pull/58) [#62](https://github.com/github/github-ldap/pull/62)
+* Document local integration testing with Active Directory [#61](https://github.com/github/github-ldap/pull/61)
+
 ## v1.4.0
 
 * Document constructor options [#57](https://github.com/github/github-ldap/pull/57)

data/github-ldap.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |spec|
   spec.name          = "github-ldap"
-  spec.version       = "1.4.0"
+  spec.version       = "1.5.0"
   spec.authors       = ["David Calavera"]
   spec.email         = ["david.calavera@gmail.com"]
   spec.description   = %q{Ldap authentication for humans}

data/lib/github/ldap.rb

@@ -34,6 +34,7 @@ module GitHub
     def_delegator :@connection, :open
 
     attr_reader :uid, :search_domains, :virtual_attributes,
+                :membership_validator,
                 :instrumentation_service
 
     # Build a new GitHub::Ldap instance
@@ -87,6 +88,9 @@ module GitHub
       # when a base is not explicitly provided.
       @search_domains = Array(options[:search_domains])
 
+      # configure which strategy should be used to validate user membership
+      configure_membership_validation_strategy(options[:membership_validator])
+
       # enables instrumenting queries
       @instrumentation_service = options[:instrumentation_service]
     end
@@ -182,6 +186,23 @@ module GitHub
       end
     end
 
+    # Internal: Searches the host LDAP server's Root DSE for capabilities and
+    # extensions.
+    #
+    # Returns a Net::LDAP::Entry object.
+    def capabilities
+      @capabilities ||=
+        instrument "capabilities.github_ldap" do |payload|
+          begin
+            @connection.search_root_dse
+          rescue Net::LDAP::LdapError => error
+            payload[:error] = error
+            # stubbed result
+            Net::LDAP::Entry.new
+          end
+        end
+    end
+
     # Internal - Determine whether to use encryption or not.
     #
     # encryption: is the encryption method, either 'ssl', 'tls', 'simple_tls' or 'start_tls'.
@@ -214,5 +235,24 @@ module GitHub
         VirtualAttributes.new(false)
       end
     end
+
+    # Internal: Configure the membership validation strategy.
+    #
+    # Used by GitHub::Ldap::MembershipValidators::Detect to force a specific
+    # strategy (instead of detecting host capabilities and deciding at runtime).
+    #
+    # If `strategy` is not provided, or doesn't match a known strategy,
+    # defaults to `:detect`. Otherwise the configured strategy is selected.
+    #
+    # Returns the selected membership validator strategy Symbol.
+    def configure_membership_validation_strategy(strategy = nil)
+      @membership_validator =
+        case strategy.to_s
+        when "classic", "recursive", "active_directory"
+          strategy.to_sym
+        else
+          :detect
+        end
+    end
   end
 end

data/lib/github/ldap/membership_validators.rb

@@ -1,4 +1,5 @@
 require 'github/ldap/membership_validators/base'
+require 'github/ldap/membership_validators/detect'
 require 'github/ldap/membership_validators/classic'
 require 'github/ldap/membership_validators/recursive'
 require 'github/ldap/membership_validators/active_directory'
@@ -13,6 +14,13 @@ module GitHub
     #   validator = GitHub::Ldap::MembershipValidators::Classic.new(ldap, groups)
     #   validator.perform(entry) #=> true
     #
-    module MembershipValidators; end
+    module MembershipValidators
+      # Internal: Mapping of strategy name to class.
+      STRATEGIES = {
+        :classic          => GitHub::Ldap::MembershipValidators::Classic,
+        :recursive        => GitHub::Ldap::MembershipValidators::Recursive,
+        :active_directory => GitHub::Ldap::MembershipValidators::ActiveDirectory
+      }
+    end
   end
 end

data/lib/github/ldap/membership_validators/detect.rb

@@ -0,0 +1,69 @@
+module GitHub
+  class Ldap
+    module MembershipValidators
+      # Detects the LDAP host's capabilities and determines the appropriate
+      # membership validation strategy at runtime. Currently detects for
+      # ActiveDirectory in-chain membership validation. An explicit strategy can
+      # also be defined via `GitHub::Ldap#membership_validator=`. See also
+      # `GitHub::Ldap#configure_membership_validation_strategy`.
+      class Detect < Base
+        # Internal: The capability required to use the ActiveDirectory strategy.
+        # See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
+        ACTIVE_DIRECTORY_V61_R2_OID = "1.2.840.113556.1.4.2080".freeze
+
+        def perform(entry)
+          # short circuit validation if there are no groups to check against
+          return true if groups.empty?
+
+          strategy.perform(entry)
+        end
+
+        # Internal: Returns the membership validation strategy object.
+        def strategy
+          @strategy ||= begin
+            strategy = detect_strategy
+            strategy.new(ldap, groups)
+          end
+        end
+
+        # Internal: Detects LDAP host's capabilities and chooses the best
+        # strategy for the host.
+        #
+        # If the strategy has been set explicitly, skips detection and uses the
+        # configured strategy instead.
+        #
+        # Returns the strategy class.
+        def detect_strategy
+          case
+          when GitHub::Ldap::MembershipValidators::STRATEGIES.key?(strategy_config)
+            GitHub::Ldap::MembershipValidators::STRATEGIES[strategy_config]
+          when active_directory_capability?
+            GitHub::Ldap::MembershipValidators::STRATEGIES[:active_directory]
+          else
+            GitHub::Ldap::MembershipValidators::STRATEGIES[:recursive]
+          end
+        end
+
+        # Internal: Returns the configured membership validator strategy Symbol.
+        def strategy_config
+          ldap.membership_validator
+        end
+
+        # Internal: Detect whether the LDAP host is an ActiveDirectory server.
+        #
+        # See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
+        #
+        # Returns true if the host is an ActiveDirectory server, false otherwise.
+        def active_directory_capability?
+          capabilities[:supportedcapabilities].include?(ACTIVE_DIRECTORY_V61_R2_OID)
+        end
+
+        # Internal: Returns the Net::LDAP::Entry object describing the LDAP
+        # host's capabilities (via the Root DSE).
+        def capabilities
+          ldap.capabilities
+        end
+      end
+    end
+  end
+end

data/script/changelog

@@ -13,16 +13,16 @@ set -e
 [ $# -eq 0 ] && set -- --help
 
 # parse args
-repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4-)
+repo=$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4- | sed 's/\.git//')
 base=$(git tag -l | sort -n | tail -n 1)
 head="HEAD"
 api_url="https://api.github.com"
 
-echo "# $base..$head"
+echo "# $repo $base..$head"
 echo
 
 # get merged PR's. Better way is to query the API for these, but this is easier
-for pr in $(git log --oneline v1.3.6..HEAD | grep "Merge pull request" | awk '{gsub("#",""); print $5}')
+for pr in $(git log --oneline $base..$head | grep "Merge pull request" | awk '{gsub("#",""); print $5}')
 do
   # frustrated with trying to pull out the right values, fell back to ruby
   curl -s "$api_url/repos/$repo/pulls/$pr" | ruby -rjson -e 'pr=JSON.parse(STDIN.read); puts "* #{pr[%q(title)]} [##{pr[%q(number)]}](#{pr[%q(html_url)]})"'

data/test/ldap_test.rb

@@ -72,6 +72,34 @@ module GitHubLdapTestCases
     assert_equal "(uid=user1)",      payload[:filter].to_s
     assert_equal "dc=github,dc=com", payload[:base]
   end
+
+  def test_membership_validator_default
+    assert_equal :detect, @ldap.membership_validator
+  end
+
+  def test_membership_validator_configured_to_classic_strategy
+    @ldap.configure_membership_validation_strategy :classic
+    assert_equal :classic, @ldap.membership_validator
+  end
+
+  def test_membership_validator_configured_to_recursive_strategy
+    @ldap.configure_membership_validation_strategy :recursive
+    assert_equal :recursive, @ldap.membership_validator
+  end
+
+  def test_membership_validator_configured_to_active_directory_strategy
+    @ldap.configure_membership_validation_strategy :active_directory
+    assert_equal :active_directory, @ldap.membership_validator
+  end
+
+  def test_membership_validator_misconfigured_to_unrecognized_strategy_falls_back_to_default
+    @ldap.configure_membership_validation_strategy :unknown
+    assert_equal :detect, @ldap.membership_validator
+  end
+
+  def test_capabilities
+    assert_kind_of Net::LDAP::Entry, @ldap.capabilities
+  end
 end
 
 class GitHubLdapTest < GitHub::Ldap::Test

data/test/membership_validators/active_directory_test.rb

@@ -1,10 +1,11 @@
 require_relative '../test_helper'
 
-# NOTE: Since this strategy is targeted at ActiveDirectory and we don't have
-# AD setup in CI, we stub out actual queries and test against what AD *would*
-# respond with.
+class GitHubLdapActiveDirectoryMembershipValidatorsStubbedTest < GitHub::Ldap::Test
+  # Only run when AD integration tests aren't run
+  def run(*)
+    self.class.test_env != "activedirectory" ? super : self
+  end
 
-class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
   def setup
     @ldap      = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
     @domain    = @ldap.domain("dc=github,dc=com")
@@ -66,3 +67,60 @@ class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
     end
   end
 end
+
+# See test/support/vm/activedirectory/README.md for details
+class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Ldap::Test
+  # Only run this test suite if ActiveDirectory is configured
+  def run(*)
+    self.class.test_env == "activedirectory" ? super : self
+  end
+
+  def setup
+    @ldap      = GitHub::Ldap.new(options)
+    @domain    = @ldap.domain(options[:search_domains])
+    @entry     = @domain.user?('user1')
+    @validator = GitHub::Ldap::MembershipValidators::ActiveDirectory
+  end
+
+  def make_validator(groups)
+    groups = @domain.groups(groups)
+    @validator.new(@ldap, groups)
+  end
+
+  def test_validates_user_in_group
+    validator = make_validator(%w(nested-group1))
+    assert validator.perform(@entry)
+  end
+
+  def test_validates_user_in_child_group
+    validator = make_validator(%w(n-depth-nested-group1))
+    assert validator.perform(@entry)
+  end
+
+  def test_validates_user_in_grandchild_group
+    validator = make_validator(%w(n-depth-nested-group2))
+    assert validator.perform(@entry)
+  end
+
+  def test_validates_user_in_great_grandchild_group
+    validator = make_validator(%w(n-depth-nested-group3))
+    assert validator.perform(@entry)
+  end
+
+  def test_does_not_validate_user_not_in_group
+    validator = make_validator(%w(ghe-admins))
+    refute validator.perform(@entry)
+  end
+
+  def test_does_not_validate_user_not_in_any_group
+    skip "update AD ldif to have a groupless user"
+    @entry = @domain.user?('groupless-user1')
+    validator = make_validator(%w(all-users))
+    refute validator.perform(@entry)
+  end
+
+  def test_validates_user_in_posix_group
+    validator = make_validator(%w(posix-group1))
+    assert validator.perform(@entry)
+  end
+end

data/test/membership_validators/detect_test.rb

@@ -0,0 +1,49 @@
+require_relative '../test_helper'
+
+# NOTE: Since this strategy is targeted at detecting ActiveDirectory
+# capabilities, and we don't have AD setup in CI, we stub out actual queries
+# and test against what AD *would* respond with.
+
+class GitHubLdapDetectMembershipValidatorsTest < GitHub::Ldap::Test
+  def setup
+    @ldap      = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
+    @domain    = @ldap.domain("dc=github,dc=com")
+    @entry     = @domain.user?('user1')
+    @validator = GitHub::Ldap::MembershipValidators::Detect
+  end
+
+  def make_validator(groups)
+    groups = @domain.groups(groups)
+    @validator.new(@ldap, groups)
+  end
+
+  def test_defers_to_configured_strategy
+    @ldap.configure_membership_validation_strategy(:classic)
+    validator = make_validator(%w(group))
+
+    assert_kind_of GitHub::Ldap::MembershipValidators::Classic, validator.strategy
+  end
+
+  def test_detects_active_directory
+    caps = Net::LDAP::Entry.new
+    caps[:supportedcapabilities] =
+      [GitHub::Ldap::MembershipValidators::Detect::ACTIVE_DIRECTORY_V61_R2_OID]
+
+    validator = make_validator(%w(group))
+    @ldap.stub :capabilities, caps do
+      assert_kind_of GitHub::Ldap::MembershipValidators::ActiveDirectory,
+        validator.strategy
+    end
+  end
+
+  def test_falls_back_to_recursive
+    caps = Net::LDAP::Entry.new
+    caps[:supportedcapabilities] = []
+
+    validator = make_validator(%w(group))
+    @ldap.stub :capabilities, caps do
+      assert_kind_of GitHub::Ldap::MembershipValidators::Recursive,
+        validator.strategy
+    end
+  end
+end

data/test/support/vm/activedirectory/.gitignore

@@ -0,0 +1 @@
+env.sh

data/test/support/vm/activedirectory/README.md

@@ -0,0 +1,26 @@
+# Local ActiveDirectory Integration Testing
+
+Integration tests are not run for ActiveDirectory in continuous integration
+because we cannot install a Windows VM on TravisCI. To test ActiveDirectory,
+configure a local VM with AD running (this is left as an exercise for the
+reader).
+
+To run integration tests against the local ActiveDirectory VM, from the project
+root run:
+
+``` bash
+# duplicate example env.sh for specific config
+$ cp test/support/vm/activedirectory/env.sh{.example,}
+
+# edit env.sh and fill in with your VM's values, then
+$ source test/support/vm/activedirectory/env.sh
+
+# run all tests against AD
+$ time bundle exec rake
+
+# run a specific test file against AD
+$ time bundle exec ruby test/membership_validators/active_directory_test.rb
+
+# reset environment to test other LDAP servers
+$ source test/support/vm/activedirectory/reset-env.sh
+```

data/test/support/vm/activedirectory/env.sh.example

@@ -0,0 +1,8 @@
+# Copy this to ad-env.sh, and fill in with your own values
+
+export TESTENV=activedirectory
+export INTEGRATION_HOST=123.123.123.123
+export INTEGRATION_PORT=389
+export INTEGRATION_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com"
+export INTEGRATION_PASSWORD='passworD1'
+export INTEGRATION_SEARCH_DOMAINS='CN=Users,DC=example,DC=com'

data/test/support/vm/activedirectory/reset-env.sh

@@ -0,0 +1,6 @@
+unset TESTENV
+unset INTEGRATION_HOST
+unset INTEGRATION_PORT
+unset INTEGRATION_USER
+unset INTEGRATION_PASSWORD
+unset INTEGRATION_SEARCH_DOMAINS

data/test/support/vm/openldap/README.md

@@ -16,10 +16,10 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
 $ cd ../../../..
 
 # run all tests against OpenLDAP
-$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec rake
+$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec rake
 
 # run a specific test file against OpenLDAP
-$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
+$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
 
 # run OpenLDAP tests by default
 $ export TESTENV=openldap

data/test/test_helper.rb

@@ -71,7 +71,7 @@ class GitHub::Ldap::Test < Minitest::Test
           instrumentation_service: @service
       when "openldap"
         {
-          host: ENV.fetch("OPENLDAP_HOST", "localhost"),
+          host: ENV.fetch("INTEGRATION_HOST", "localhost"),
           port: 389,
           admin_user:     'uid=admin,dc=github,dc=com',
           admin_password: 'passworD1',
@@ -79,6 +79,15 @@ class GitHub::Ldap::Test < Minitest::Test
           uid: 'uid',
           instrumentation_service: @service
         }
+      when "activedirectory"
+        {
+          host: ENV.fetch("INTEGRATION_HOST"),
+          port: ENV.fetch("INTEGRATION_PORT", 389),
+          admin_user: ENV.fetch("INTEGRATION_USER"),
+          admin_password: ENV.fetch("INTEGRATION_PASSWORD"),
+          search_domains: ENV.fetch("INTEGRATION_SEARCH_DOMAINS"),
+          instrumentation_service: @service
+        }
       end
   end
 end

metadata

@@ -1,83 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: github-ldap
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - David Calavera
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-04 00:00:00.000000000 Z
+date: 2014-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: ladle
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Ldap authentication for humans
@@ -87,8 +87,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -105,6 +105,7 @@ files:
 - lib/github/ldap/membership_validators/active_directory.rb
 - lib/github/ldap/membership_validators/base.rb
 - lib/github/ldap/membership_validators/classic.rb
+- lib/github/ldap/membership_validators/detect.rb
 - lib/github/ldap/membership_validators/recursive.rb
 - lib/github/ldap/posix_group.rb
 - lib/github/ldap/server.rb
@@ -126,9 +127,13 @@ files:
 - test/ldap_test.rb
 - test/membership_validators/active_directory_test.rb
 - test/membership_validators/classic_test.rb
+- test/membership_validators/detect_test.rb
 - test/membership_validators/recursive_test.rb
-- test/membership_validators_test.rb
 - test/posix_group_test.rb
+- test/support/vm/activedirectory/.gitignore
+- test/support/vm/activedirectory/README.md
+- test/support/vm/activedirectory/env.sh.example
+- test/support/vm/activedirectory/reset-env.sh
 - test/support/vm/openldap/.gitignore
 - test/support/vm/openldap/README.md
 - test/support/vm/openldap/Vagrantfile
@@ -143,17 +148,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Ldap client authentication wrapper without all the boilerplate
@@ -168,9 +173,13 @@ test_files:
 - test/ldap_test.rb
 - test/membership_validators/active_directory_test.rb
 - test/membership_validators/classic_test.rb
+- test/membership_validators/detect_test.rb
 - test/membership_validators/recursive_test.rb
-- test/membership_validators_test.rb
 - test/posix_group_test.rb
+- test/support/vm/activedirectory/.gitignore
+- test/support/vm/activedirectory/README.md
+- test/support/vm/activedirectory/env.sh.example
+- test/support/vm/activedirectory/reset-env.sh
 - test/support/vm/openldap/.gitignore
 - test/support/vm/openldap/README.md
 - test/support/vm/openldap/Vagrantfile

data/test/membership_validators_test.rb

@@ -1,46 +0,0 @@
-require_relative 'test_helper'
-
-module GitHubLdapMembershipValidatorsTestCases
-  def make_validator(groups)
-    groups = @domain.groups(groups)
-    @validator.new(@ldap, groups)
-  end
-
-  def test_validates_user_in_group
-    validator = make_validator(%w(ghe-users))
-    assert validator.perform(@entry)
-  end
-
-  def test_does_not_validate_user_not_in_group
-    validator = make_validator(%w(ghe-admins))
-    refute validator.perform(@entry)
-  end
-
-  def test_does_not_validate_user_not_in_any_group
-    @entry = @domain.user?('groupless-user1')
-    validator = make_validator(%w(ghe-users ghe-admins))
-    refute validator.perform(@entry)
-  end
-end
-
-class GitHubLdapMembershipValidatorsClassicTest < GitHub::Ldap::Test
-  include GitHubLdapMembershipValidatorsTestCases
-
-  def setup
-    @ldap      = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
-    @domain    = @ldap.domain("dc=github,dc=com")
-    @entry     = @domain.user?('user1')
-    @validator = GitHub::Ldap::MembershipValidators::Classic
-  end
-end
-
-class GitHubLdapMembershipValidatorsRecursiveTest < GitHub::Ldap::Test
-  include GitHubLdapMembershipValidatorsTestCases
-
-  def setup
-    @ldap      = GitHub::Ldap.new(options.merge(search_domains: "dc=github,dc=com"))
-    @domain    = @ldap.domain("dc=github,dc=com")
-    @entry     = @domain.user?('user1')
-    @validator = GitHub::Ldap::MembershipValidators::Recursive
-  end
-end