RubyGems - hydra-ldap - Versions diffs - 0.0.3 → 0.0.4 - Mend

hydra-ldap 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/.gitignore +2 -0
data/README.md +52 -6
data/config/hydra-ldap.yml +13 -6
data/hydra-ldap-example.ldif +362 -0
data/hydra-ldap.gemspec +2 -1
data/lib/hydra-ldap.rb +87 -46
data/lib/hydra/ldap/version.rb +1 -1
data/spec/integration/ldap_spec.rb +85 -26
data/spec/spec_helper.rb +2 -0
metadata +36 -3

data/.gitignore CHANGED

@@ -18,3 +18,5 @@ _yardoc
 doc/
 *.swp
+Gemfile.lock
+.rvmrc

data/README.md CHANGED

@@ -22,13 +22,59 @@ Create the config file (config/ldap.yml) by running:
 <pre>rails generate hydra-ldap</pre>
+Made the filters, attributes and result parsing all parameters as frequently as possible, to try and make this
+usable to many LDAP directory set ups.
-<pre>Hydra::LDAP.create_group(group_code, description, owner, users)</pre>
-<pre>Hydra::LDAP.groups_for_user(user_id)</pre>
-<pre>Hydra::LDAP.groups_owned_by_user(user_id)</pre>
-<pre>Hydra::LDAP.delete_group(group_code)</pre>
-<pre>Hydra::LDAP.add_users_to_group(group_code, users)</pre>
-<pre>Hydra::LDAP.remove_users_from_group(group_code, users)</pre>
+It might be helpful to look at the hydra-ldap-example.ldif, config/hydra-ldap.yml and spec/integration/ldap_spec.rb to see what type of configuration the tests are running for comparison purposes.
+The attributes here would change based on LDAP configuration.
+<pre>
+attrs = {
+  :cn => 'Test'
+  :objectclass => 'groupofnames'
+  :description => 'my test group contains users, and owners'
+  :owner => 'uid=abc123'
+  :member => ['john', 'jane', 'fido']
+  }
+Hydra::LDAP.create_group(group_code, attributes{})
+</pre>
+Examples of how to customize the results being returned, print out the cn attribute for
+the groups owned by this user (hoping these are helpful for NU).
+<pre>
+filter = Net::LDAP::Filter.construct("(owner=uid=quentin,ou=people,dc=example,dc=org)")
+Hydra::LDAP.groups_owned_by_user(filter, ['owner', 'cn']){ |result| result.map{ |r| puts r[:cn].first } }
+</pre>
+<pre>
+uid = 'uid'
+filter=Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(member=uid=#{uid}))")
+attributes = ['cn']
+Hydra::LDAP.groups_for_user(filter, attributes){ |result| result.map { |r| r[:cn].first }}
+</pre>
+<pre>
+filter = Net::LDAP::Filter.construct("(cn=#{group_code})")
+attributes = ['default attribute is description']
+Hydra::LDAP.title_of_group(group_code, filter, attributes){ |result| result.first[:description].first }
+</pre>
+<pre>
+filter = Net::LDAP::Filter.construct("(cn=#{group_code})")
+Hydra::LDAP.users_for_group(group_code, filter, ['member']){ |result| result.first[:uniquemember].map{ |r| r.sub(/^uid=/, '') }}
+</pre>
+<pre>
+filter = Net::LDAP::Filter.construct("(cn=#{group_code})")
+Hydra::LDAP.owner_for_group(group_code, filter, ['owner']) { |result| result.first[:owner].map{ |r| r.sub(/^uid=/, '') }}
+</pre>
+These are all pretty similar to previous calls, if not the same signatures.
+<pre>Hydra::LDAP.delete_group(group_code).should be_true</pre>
+<pre>Hydra::LDAP.add_users_to_group(group_code, ['bruce', 'beth'])</pre>
+<pre>Hydra::LDAP.remove_users_from_group(group_code, ['bruce'])</pre>
 ## Contributing

data/config/hydra-ldap.yml CHANGED

@@ -1,9 +1,16 @@
 test:
-  host: ldap.example.com
-  port: 389
-  username: cn=Manager,dc=example,dc=com
-  password: <%= ENV['LDAP_PASSWORD'] %>
-  group_base: ou=groups,dc=example,dc=com
-  base: ou=people,dc=example,dc=com
+  host: localhost
+  port: 3897
+  group_base: ou=groups,dc=example,dc=org
+  base: ou=people,dc=example,dc=org
   uid: uid
+development:
+  host: localhost
+  port: 3897
+  group_base: ou=groups,dc=example,dc=org
+  base: ou=people,dc=example,dc=org
+  uid: uid
+  group_member: uniquemember  # attribute name in a group to identify a member
+  group_owner: owner          # attribute name to identify group owner

data/hydra-ldap-example.ldif ADDED

@@ -0,0 +1,362 @@
+version: 1
+dn: ou=people,dc=example,dc=org
+objectClass: top
+objectClass: organizationalUnit
+ou: people
+dn: ou=groups,dc=example,dc=org
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+dn: uid=aa729,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Alexandra Adams
+sn: Adams
+givenName: Alexandra
+mail: alexandra@example.org
+uid: aa729
+# Password is "smada"
+userpassword: {SHA}pGlmZX1VOEdHHb30HZezeVNFxGM=
+dn: uid=bb459,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Belle Baldwin
+sn: Baldwin
+givenName: Belle
+mail: belle@example.org
+uid: bb459
+# Password is "niwdlab"
+userpassword: {SHA}LRif2N+5TDSaO/rdkH2HHF8fF74=
+dn: uid=cc414,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Claire Carpenter
+sn: Carpenter
+givenName: Claire
+mail: claire@example.org
+uid: cc414
+# Password is "retneprac"
+userpassword: {SHA}UL/iS+2R7GhwbhXOWoTHd4/qoMA=
+dn: uid=dd945,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Dorothy Dawson
+sn: Dawson
+givenName: Dorothy
+mail: dorothy@example.org
+uid: dd945
+# Password is "noswad"
+userpassword: {SHA}D0UlcTfbCddFLwih04ig4DEilAc=
+dn: uid=ee855,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Elizabeth Emerson
+sn: Emerson
+givenName: Elizabeth
+mail: elizabeth@example.org
+uid: ee855
+# Password is "nosreme"
+userpassword: {SHA}pheE9wd/iTps6f8bJjM6AePjwrU=
+dn: uid=ff531,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Freya Fuller
+sn: Fuller
+givenName: Freya
+mail: freya@example.org
+uid: ff531
+# Password is "relluf"
+userpassword: {SHA}HLU2WZjFf/PF0Pp4qSDzoB3x+bs=
+dn: uid=gg855,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Grace Gonzales
+sn: Gonzales
+givenName: Grace
+mail: grace@example.org
+uid: gg855
+# Password is "selaznog"
+userpassword: {SHA}zT4oO9pFXIj+ISIc60bvM8A5+UQ=
+dn: uid=hh153,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Hilda Hatfield
+sn: Hatfield
+givenName: Hilda
+mail: hilda@example.org
+uid: hh153
+# Password is "dleiftah"
+userpassword: {SHA}PTDJLPy4kwa7VZ/sGLyCPzZ7d3o=
+dn: uid=ii711,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Iona Ingram
+sn: Ingram
+givenName: Iona
+mail: iona@example.org
+uid: ii711
+# Password is "margni"
+userpassword: {SHA}L7qElLblWuLNFPrFku60uCuCr7Q=
+dn: uid=jj243,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Josephine Jackson
+sn: Jackson
+givenName: Josephine
+mail: josephine@example.org
+uid: jj243
+# Password is "noskcaj"
+userpassword: {SHA}ElqdCxdbvRNqXBgdUdkCmGZlQmk=
+dn: uid=kk891,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Kelly Kline
+sn: Kline
+givenName: Kelly
+mail: kelly@example.org
+uid: kk891
+# Password is "enilk"
+userpassword: {SHA}WlNzQqBB/QoEKh3LRcLZHgnCGNw=
+dn: uid=ll819,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Leah Lawrence
+sn: Lawrence
+givenName: Leah
+mail: leah@example.org
+uid: ll819
+# Password is "ecnerwal"
+userpassword: {SHA}CzyyPOSrIxgFCm24nSv2FA8wihQ=
+dn: uid=mm405,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Mona Maddox
+sn: Maddox
+givenName: Mona
+mail: mona@example.org
+uid: mm405
+# Password is "xoddam"
+userpassword: {SHA}WiCnxkOb4kpy16ON7ZC6mD/iqII=
+dn: uid=nn297,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Noel Nash
+sn: Nash
+givenName: Noel
+mail: noel@example.org
+uid: nn297
+# Password is "hsan"
+userpassword: {SHA}1zOsG076wDkikQbnK5vAMM1BM/o=
+dn: uid=oo981,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Ophelia Osborn
+sn: Osborn
+givenName: Ophelia
+mail: ophelia@example.org
+uid: oo981
+# Password is "nrobso"
+userpassword: {SHA}w8mQw0kEa1UiWzMsNclD/LWzlgs=
+dn: uid=pp468,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Penelope Patel
+sn: Patel
+givenName: Penelope
+mail: penelope@example.org
+uid: pp468
+# Password is "letap"
+userpassword: {SHA}p7jaVoRIV9o8gDPbN10sEhXaYHk=
+dn: uid=qq612,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Quin Queen
+sn: Queen
+givenName: Quin
+mail: quin@example.org
+uid: qq612
+# Password is "neeuq"
+userpassword: {SHA}v9ibNIx42giCH4tQnwUHJy6LeJg=
+dn: uid=rr477,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Ruth Rowland
+sn: Rowland
+givenName: Ruth
+mail: ruth@example.org
+uid: rr477
+# Password is "dnalwor"
+userpassword: {SHA}S3eMb2C/ctXzbFnlgcH7ZQ/fozU=
+dn: uid=ss198,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Serena Solomon
+sn: Solomon
+givenName: Serena
+mail: serena@example.org
+uid: ss198
+# Password is "nomolos"
+userpassword: {SHA}EizIKlU79Kz1Y2WIV4deIh0MSA8=
+dn: uid=tt882,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Talia Torres
+sn: Torres
+givenName: Talia
+mail: talia@example.org
+uid: tt882
+# Password is "serrot"
+userpassword: {SHA}yO0DcSZ4fTMcx3sTHnAPQGvMkwg=
+dn: uid=uu972,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Ursula Underwood
+sn: Underwood
+givenName: Ursula
+mail: ursula@example.org
+uid: uu972
+# Password is "doowrednu"
+userpassword: {SHA}GQWGu8IvIEFU1PP34qGi5DyDF/c=
+dn: uid=vv180,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Vera Vickers
+sn: Vickers
+givenName: Vera
+mail: vera@example.org
+uid: vv180
+# Password is "srekciv"
+userpassword: {SHA}3UrzY38O4R1GLK6ccSSfL4D0efQ=
+dn: uid=ww369,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Wendy Wise
+sn: Wise
+givenName: Wendy
+mail: wendy@example.org
+uid: ww369
+# Password is "esiw"
+userpassword: {SHA}8gU4KSqUeeLRPov2tmXZXgOZw78=
+dn: uid=xx396,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Xara Xiong
+sn: Xiong
+givenName: Xara
+mail: xara@example.org
+uid: xx396
+# Password is "gnoix"
+userpassword: {SHA}Yc2En2R/sbdjlEOitkLlkwY4jAY=
+dn: uid=yy423,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Yvette Yates
+sn: Yates
+givenName: Yvette
+mail: yvette@example.org
+uid: yy423
+# Password is "setay"
+userpassword: {SHA}iKBhwF+Mbbct6mlmy6AvodIek3E=
+dn: uid=zz882,ou=people,dc=example,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Zana Zimmerman
+sn: Zimmerman
+givenName: Zana
+mail: zana@example.org
+uid: zz882
+# Password is "namremmiz"
+userpassword: {SHA}KlsWojnknRWCHXGoBOTlEZxxrG8=
+#dn: cn=group1,ou=people,dc=example,dc=org
+dn: cn=group1,ou=groups,dc=example,dc=org
+objectClass: top
+objectclass: groupOfuniqueNames
+cn: Group1
+description: Test Group1
+owner: uid=xx396,ou=people,dc=example,dc=org
+uniqueMember: uid=zz882,ou=people,dc=example,dc=org
+uniqueMember: uid=yy423,ou=people,dc=example,dc=org
+uniqueMember: uid=ww369,ou=people,dc=example,dc=org

data/hydra-ldap.gemspec CHANGED

@@ -9,10 +9,11 @@ Gem::Specification.new do |gem|
   gem.homepage      = "https://github.com/projecthydra/hydra-ldap"
   gem.add_dependency('net-ldap')
+  gem.add_dependency('rails')
   gem.add_development_dependency('rake')
   gem.add_development_dependency('rspec')
+  gem.add_development_dependency('ladle')
   gem.files         = `git ls-files`.split($\)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }

data/lib/hydra-ldap.rb CHANGED

@@ -3,17 +3,16 @@ require "net/ldap"
 require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/indifferent_access'
 require 'yaml'
+require 'rails'
 module Hydra
   module LDAP
-    # Your code goes here...
     class NoUsersError < StandardError; end
     class MissingOwnerError < StandardError; end
     class GroupNotFound < StandardError; end
     def self.connection
-      @ldap_conn ||= Net::LDAP.new(ldap_connection_config)
+      @ldap_conn ||= Net::LDAP.new(ldap_connection_config)
     end
     def self.ldap_connection_config
@@ -31,8 +30,8 @@ module Hydra
     end
     def self.ldap_config
-      root = defined?(Rails) ? Rails.root : '.'
-      env = defined?(Rails) ?  Rails.env : 'test'
+      root = Rails.root || '.'
+      env = Rails.env || 'test'
       @ldap_config ||= YAML::load(ERB.new(IO.read(File.join(root, 'config', 'hydra-ldap.yml'))).result)[env].with_indifferent_access
     end
@@ -48,54 +47,73 @@ module Hydra
       dn = "cn=#{code},#{group_base}"
     end
-    def self.create_group(code, description, owner, users)
-      raise NoUsersError, "Unable to persist a group without users" unless users.present?
-      raise MissingOwnerError, "Unable to persist a group without owner" unless owner
-      attributes = {
-        :cn => code,
-        :objectclass => "groupofnames",
-        :description => description,
-        :member=>users.map {|u| "uid=#{u}"},
-        :owner=>"uid=#{owner}"
-      }
+    #def self.create_group(code, description, owner, users)
+    # dn => dn(code)
+    # attributes = {
+    #  :cn => code,
+    #  :objectclass => "groupofnames",
+    #  :description => description,
+    #  :member=>users.map {|u| "uid=#{u}"},
+    #  :owner=>"uid=#{owner}"
+    # }
+    def self.create_group(code, attributes)
+      raise NoUsersError, "Unable to persist a group without users" unless attributes[:uniquemember]
+      raise MissingOwnerError, "Unable to persist a group without owner" unless attributes[:owner]
       connection.add(:dn=>dn(code), :attributes=>attributes)
     end
     def self.delete_group(code)
-      Hydra::LDAP.connection.delete(:dn=>dn(code))
+      connection.delete(:dn=>dn(code))
     end
     # same as
     # ldapsearch -h ec2-107-20-53-121.compute-1.amazonaws.com -p 389 -x -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -W "(&(objectClass=groupofnames)(member=uid=vanessa))" cn
-    def self.groups_for_user(uid)
-      result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(member=uid=#{uid}))"), :attributes=>['cn'])
-      result.map{|r| r[:cn].first}
-    end
-    def self.groups_owned_by_user(uid)
-      result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(owner=uid=#{uid}))"), :attributes=>['cn'])
-      result.map{|r| r[:cn].first}
-    end
-    def self.title_of_group(group_code)
-      result = find_group(group_code)
-      result[:description].first
+    # Northwestern passes attributes=['cn']
+    # PSU filter=Net::LDAP::Filter.eq('uid', uid)
+    # NW filter=Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(member=uid=#{uid}))"))
+    def self.groups_for_user(filter, attributes=['psMemberOf'], &block)
+      result = connection.search(:base=>group_base, :filter => filter, :attributes => attributes)
+      block.call(result) if block_given?
+    end
+    # NW - return result.map{|r| r[:cn].first}
+    def self.groups_owned_by_user(filter, attributes=['cn'], &block)
+      result = connection.search(:base=>group_base, :filter=> filter, :attributes=>attributes)
+      block.call(result) if block_given?
+    end
+    # result[:description].first
+    def self.title_of_group(group_code, filter, attributes=['description'], &block)
+      if block_given?
+        find_group(group_code, filter, attributes, &block)
+      else
+        find_group(group_code, filter, attributes)
+      end
     end
-    def self.users_for_group(group_code)
-      result = find_group(group_code)
-      result[:member].map { |v| v.sub(/^uid=/, '') }
+    # result[:member].map { |v| v.sub(/^uid=/, '') }
+    def self.users_for_group(group_code, filter, attributes=['member'], &block)
+      if block_given?
+        find_group(group_code, filter, attributes, &block)
+      else
+        find_group(group_code, filter, attributes)
+      end
     end
-    def self.owner_for_group(group_code)
-      result = find_group(group_code)
-      result[:owner].first.sub(/^uid=/, '')
+    # result[:owner].first.sub(/^uid=/, '')
+    def self.owner_for_group(group_code, filter, attributes=['owner'], &block)
+      if block_given?
+        find_group(group_code, filter, attributes, &block)
+      else
+        find_group(group_code, filter, attributes)
+      end
     end
     def self.add_users_to_group(group_code, users)
       invalidate_cache(group_code)
       ops = []
       users.each do |u|
-        ops << [:add, :member, "uid=#{u}"]
+        ops << [:add, ldap_config[:group_member], "uid=#{u}"]
       end
       connection.modify(:dn=>dn(group_code), :operations=>ops)
     end
@@ -104,7 +122,7 @@ module Hydra
       invalidate_cache(group_code)
       ops = []
       users.each do |u|
-        ops << [:delete, :member, "uid=#{u}"]
+        ops << [:delete, ldap_config[:group_member], "uid=#{u}"]
       end
       connection.modify(:dn=>dn(group_code), :operations=>ops)
     end
@@ -113,18 +131,41 @@ module Hydra
       @cache ||= {}
       @cache[group_code] = nil
     end
-    def self.find_group(group_code)
+    # NW result = connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(cn=#{group_code}))"), :attributes=>['member', 'owner', 'description'])
+    # result.first.each do |k, v|
+    #  val[k] = v
+    # end
+    def self.find_group(group_code, filter, attributes, &block)
       @cache ||= {}
-      return @cache[group_code] if @cache[group_code]
-      result = Hydra::LDAP.connection.search(:base=>group_base, :filter=> Net::LDAP::Filter.construct("(&(objectClass=groupofnames)(cn=#{group_code}))"), :attributes=>['member', 'owner', 'description'])
-      val = {}
+      return @cache[[group_code, filter, attributes]] if @cache[[group_code, filter, attributes]]
+      result = connection.search(:base=>group_base, :filter=> filter, :attributes=>attributes)
       raise GroupNotFound, "Can't find group '#{group_code}' in ldap" unless result.first
-      result.first.each do |k, v|
-        val[k] = v
-      end
-      #puts "Val is: #{val}"
-      @cache[group_code] = val
+      @cache[[group_code, filter, attributes]] = result
+      block.call(result) if block_given?
+    end
+    def self.get_user(filter, attribute=[])
+      result = connection.search(:base=>treebase, :filter => filter, :attributes => attribute)
+      return result
+    end
+    # hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq('uid', uid))
+    def self.does_user_exist?(filter)
+      hits = connection.search(:base=>treebase, :filter=>filter)
+      return !hits.empty?
+    end
+    # hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq('uid', uid))
+    def self.is_user_unique?(filter)
+      hits = connection.search(:base=>treebase, :filter=>filter)
+      return hits.count == 1
+    end
+    # hits = connection.search(:base=>group_base, :filter=>Net::LDAP::Filter.eq('cn', cn))
+    def self.does_group_exist?(filter)
+      hits = connection.search(:base=>group_base, :filter=>filter)
+      return hits.count == 1
     end
   end

data/lib/hydra/ldap/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Hydra
   module LDAP
-    VERSION = "0.0.3"
+    VERSION = "0.0.4"
   end
 end

data/spec/integration/ldap_spec.rb CHANGED

@@ -1,42 +1,101 @@
 require 'spec_helper'
-describe 'Ldap service' do
-  before do
-    # If this line isn't true, there was a problem creating (probably already exists.
-    Hydra::LDAP.create_group('justin1', 'Test Group', 'quentin', ['kacey', 'larry', 'ursula']).should be_true
+describe 'Ldap service' do
+  before(:all) do
+    tmpdir = ENV['TMPDIR'] || ENV['TEMPDIR'] || '/tmp'
+    @ldap_server = Ladle::Server.new(:port => 3897,
+                                     :domain => "dc=example,dc=org",
+                                     :allow_anonymous => true,
+                                     :verbose => false,
+                                     :ldif => 'hydra-ldap-example.ldif',
+                                     :tmpdir => tmpdir
+                                     ).start
   end
-  after do
-    Hydra::LDAP.delete_group('justin1').should be_true
+  after(:all) do
+    @ldap_server.stop if @ldap_server
   end
-  it "should have description, users, owners of a group" do
-    Hydra::LDAP.title_of_group('justin1').should == 'Test Group'
-    Hydra::LDAP.users_for_group('justin1').should == ['kacey', 'larry', 'ursula']
-    Hydra::LDAP.owner_for_group('justin1').should == 'quentin'
+  describe  "Querying for users and attribute values" do
+    it "should return true dd945 exists" do
+      filter = Net::LDAP::Filter.eq('uid', 'dd945')
+      Hydra::LDAP.does_user_exist?(filter).should be_true
+    end
+    it "should return false abc123 does not exist" do
+      filter = Net::LDAP::Filter.eq('uid', 'abc123')
+      Hydra::LDAP.does_user_exist?(filter).should_not be_true
+    end
+    it "should return true dd945 is unique user" do
+      filter = Net::LDAP::Filter.eq('uid', 'dd945')
+      Hydra::LDAP.is_user_unique?(filter).should be_true
+    end
+    it "should return user values for dd945" do
+      filter = Net::LDAP::Filter.eq('uid', 'dd945')
+      Hydra::LDAP.get_user(filter, ['givenName']).first[:givenname] == 'Dorothy'
+    end
   end
-  describe "#groups_owned_by_user" do
+  describe "Query groups for group info" do
+    it "should find a group and map the result" do
+      group_code = 'Group1'
+      filter = Net::LDAP::Filter.construct("(cn=#{group_code})")
+      Hydra::LDAP.find_group(group_code, filter, ['cn']){ |result| result.first[:cn].first }.downcase.should == 'group1'
+    end
+    it "should have description, users, owners of a group" do
+      group_code = 'Group1'
+      filter = Net::LDAP::Filter.construct("(cn=#{group_code})")
+      Hydra::LDAP.title_of_group(group_code, filter){ |result| result.first[:description].first }.should == 'Test Group1'
+      Hydra::LDAP.users_for_group(group_code, filter, ['uniquemember']){ |result| result.first[:uniquemember].map{ |r| r.sub(/^uid=/, '').sub(/,ou=people,dc=example,dc=org/, '') }}.should == ['zz882', 'yy423', 'ww369']
+      Hydra::LDAP.owner_for_group(group_code, filter, ['owner']) { |result| result.first[:owner].map{ |r| r.sub(/^uid=/, '').sub(/,ou=people,dc=example,dc=org/, '') }}.should == ['xx396']
+    end
+  end
+  describe "Managing Groups" do
     before do
-      Hydra::LDAP.create_group('justin2', 'Test Group', 'quentin', ['kacey', 'larry']).should be_true
-      Hydra::LDAP.create_group('justin3', 'Test Group', 'theresa', ['kacey', 'larry']).should be_true
+      attrs = {
+        :cn => 'PulpFiction',
+        :objectclass => 'groupofuniquenames',
+        :description => 'Pulp Fiction is a movie by quentin',
+        :owner => 'uid=quentin,ou=people,dc=example,dc=org',
+        :uniquemember => ['uid=samuel', 'uid=uma', 'uid=john']
+      }
+      Hydra::LDAP.create_group('PulpFiction', attrs).should be_true
     end
     after do
-      Hydra::LDAP.delete_group('justin2').should be_true
-      Hydra::LDAP.delete_group('justin3').should be_true
+      Hydra::LDAP.delete_group('PulpFiction').should be_true
     end
-    it "should return the list" do
-      Hydra::LDAP.groups_owned_by_user('quentin').should == ['justin1', 'justin2']
+    it "should return a list of groups owned by quentin" do
+      attrs = {
+        :cn => 'TR',
+        :objectclass => 'groupofuniquenames',
+        :description => 'True Romance is another movie by Q',
+        :owner => 'uid=quentin,ou=people,dc=example,dc=org',
+        :uniquemember => ['uid=christian', 'uid=patricia', 'uid=dennis']
+      }
+      Hydra::LDAP.create_group('TrueRomance', attrs).should be_true
+      filter = Net::LDAP::Filter.construct("(owner=uid=quentin,ou=people,dc=example,dc=org)")
+      Hydra::LDAP.groups_owned_by_user(filter, ['owner', 'cn']){ |result| result.map{ |r| r[:cn].first } }.should == ['PulpFiction', 'TrueRomance']
+      Hydra::LDAP.delete_group('TrueRomance').should be_true
     end
-  end
-  describe "#adding_members" do
-    it "should have users and owners of a group" do
-      Hydra::LDAP.add_users_to_group('justin1', ['theresa', 'penelope']).should be_true
-      Hydra::LDAP.users_for_group('justin1').should == ['kacey', 'larry', 'ursula', 'theresa', 'penelope']
+    it "should add users to a group" do
+      Hydra::LDAP.add_users_to_group('PulpFiction', ['bruce', 'ving']).should be_true
     end
-  end
-  describe "#removing_members" do
     it "should remove users from the group" do
-      Hydra::LDAP.remove_users_from_group('justin1', ['kacey', 'larry']).should be_true
-      Hydra::LDAP.users_for_group('justin1').should == ['ursula']
+      Hydra::LDAP.remove_users_from_group('PulpFiction', ['uma', 'john']).should be_true
+      group_code = 'PulpFiction'
+      filter = Net::LDAP::Filter.construct("(cn=#{group_code})")
+      Hydra::LDAP.users_for_group(group_code, filter, ['uniquemember']){ |result| result.first[:uniquemember].map{ |r| r.sub(/^uid=/, '').sub(/,ou=people,dc=example,dc=org/, '') }}.should == ['samuel']
     end
   end
 end

data/spec/spec_helper.rb CHANGED

@@ -3,6 +3,8 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
 require 'rspec/autorun'
 require 'hydra-ldap'
+require 'ladle'
 RSpec.configure do |config|
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hydra-ldap
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-06-14 00:00:00.000000000 Z
+date: 2012-08-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
@@ -27,6 +27,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -59,6 +75,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ladle
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A gem for managing groups with ldap
 email:
 - justin.coyne@yourmediashelf.com
@@ -72,6 +104,7 @@ files:
 - README.md
 - Rakefile
 - config/hydra-ldap.yml
+- hydra-ldap-example.ldif
 - hydra-ldap.gemspec
 - lib/generators/hydra-ldap/config_generator.rb
 - lib/generators/hydra-ldap/templates/hydra-ldap.yml
@@ -100,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.24
+rubygems_version: 1.8.23
 signing_key:
 specification_version: 3
 summary: Create, Read and Update LDAP groups