ladle 0.1.0-java → 0.1.1-java

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+0.1.1
+=====
+
+- Allowed disabling anonymous access to the server.  See the
+  `:allow_anonymous` option on {Ladle::Server#initialize}.
+- Added passwords to default people.
+- Internal: ensured that specs properly close sockets so that the
+  suite will pass on Linux.
+
 0.1.0
 =====
 

data/README.md

@@ -14,7 +14,7 @@ It is a wrapper around [ApacheDS][] (a pure-java embeddable LDAP
 server), so it needs Java 1.5 or later available whether you are using
 JRuby or not.
 
-[ApacheDS]: http://directory.apache.org/apacheds/1.5/index.html
+[ApacheDS]: http://directory.apache.org/apacheds/1.0/index.html
 
 Ladle in 30 seconds
 -------------------
@@ -106,11 +106,20 @@ default data.  You can peruse it in `lib/ladle/default.ldif`.
 
 Note also that you will usually need to provide both the `:ldif` and
 `:domain` configuration parameters.  The latter must be the domain
-matching the data in the former.  (N.b. the implicit restriction of
-the data to a single domain.)
+component (dc) matching the data in the former.  (N.b. the implicit
+restriction of the data to a single domain.)
 
 [rfc2849]: http://tools.ietf.org/rfc/rfc2849.txt
 
+Project links
+-------------
+
+* [API documentation](http://rubydoc.info/github/rsutphin/ladle/master/frames)
+* [Continuous integration](https://ctms-ci.nubic.northwestern.edu/hudson/job/ladle/)
+* [Issue tracking](http://github.com/rsutphin/ladle/issues)
+
+Non-issue questions can be sent to rhett@detailedbalance.net.
+
 About
 -----
 

data/lib/ladle/default.ldif

@@ -15,6 +15,8 @@ sn: Adams
 givenName: Alexandra
 mail: alexandra@example.org
 uid: aa729
+# Password is "smada"
+userpassword: {SHA}pGlmZX1VOEdHHb30HZezeVNFxGM=
 
 dn: uid=bb459,ou=people,dc=example,dc=org
 objectClass: top
@@ -26,6 +28,8 @@ sn: Baldwin
 givenName: Belle
 mail: belle@example.org
 uid: bb459
+# Password is "niwdlab"
+userpassword: {SHA}LRif2N+5TDSaO/rdkH2HHF8fF74=
 
 dn: uid=cc414,ou=people,dc=example,dc=org
 objectClass: top
@@ -37,6 +41,8 @@ sn: Carpenter
 givenName: Claire
 mail: claire@example.org
 uid: cc414
+# Password is "retneprac"
+userpassword: {SHA}UL/iS+2R7GhwbhXOWoTHd4/qoMA=
 
 dn: uid=dd945,ou=people,dc=example,dc=org
 objectClass: top
@@ -48,6 +54,8 @@ sn: Dawson
 givenName: Dorothy
 mail: dorothy@example.org
 uid: dd945
+# Password is "noswad"
+userpassword: {SHA}D0UlcTfbCddFLwih04ig4DEilAc=
 
 dn: uid=ee855,ou=people,dc=example,dc=org
 objectClass: top
@@ -59,6 +67,8 @@ sn: Emerson
 givenName: Elizabeth
 mail: elizabeth@example.org
 uid: ee855
+# Password is "nosreme"
+userpassword: {SHA}pheE9wd/iTps6f8bJjM6AePjwrU=
 
 dn: uid=ff531,ou=people,dc=example,dc=org
 objectClass: top
@@ -70,6 +80,8 @@ sn: Fuller
 givenName: Freya
 mail: freya@example.org
 uid: ff531
+# Password is "relluf"
+userpassword: {SHA}HLU2WZjFf/PF0Pp4qSDzoB3x+bs=
 
 dn: uid=gg855,ou=people,dc=example,dc=org
 objectClass: top
@@ -81,6 +93,8 @@ sn: Gonzales
 givenName: Grace
 mail: grace@example.org
 uid: gg855
+# Password is "selaznog"
+userpassword: {SHA}zT4oO9pFXIj+ISIc60bvM8A5+UQ=
 
 dn: uid=hh153,ou=people,dc=example,dc=org
 objectClass: top
@@ -92,6 +106,8 @@ sn: Hatfield
 givenName: Hilda
 mail: hilda@example.org
 uid: hh153
+# Password is "dleiftah"
+userpassword: {SHA}PTDJLPy4kwa7VZ/sGLyCPzZ7d3o=
 
 dn: uid=ii711,ou=people,dc=example,dc=org
 objectClass: top
@@ -103,6 +119,8 @@ sn: Ingram
 givenName: Iona
 mail: iona@example.org
 uid: ii711
+# Password is "margni"
+userpassword: {SHA}L7qElLblWuLNFPrFku60uCuCr7Q=
 
 dn: uid=jj243,ou=people,dc=example,dc=org
 objectClass: top
@@ -114,6 +132,8 @@ sn: Jackson
 givenName: Josephine
 mail: josephine@example.org
 uid: jj243
+# Password is "noskcaj"
+userpassword: {SHA}ElqdCxdbvRNqXBgdUdkCmGZlQmk=
 
 dn: uid=kk891,ou=people,dc=example,dc=org
 objectClass: top
@@ -125,6 +145,8 @@ sn: Kline
 givenName: Kelly
 mail: kelly@example.org
 uid: kk891
+# Password is "enilk"
+userpassword: {SHA}WlNzQqBB/QoEKh3LRcLZHgnCGNw=
 
 dn: uid=ll819,ou=people,dc=example,dc=org
 objectClass: top
@@ -136,6 +158,8 @@ sn: Lawrence
 givenName: Leah
 mail: leah@example.org
 uid: ll819
+# Password is "ecnerwal"
+userpassword: {SHA}CzyyPOSrIxgFCm24nSv2FA8wihQ=
 
 dn: uid=mm405,ou=people,dc=example,dc=org
 objectClass: top
@@ -147,6 +171,8 @@ sn: Maddox
 givenName: Mona
 mail: mona@example.org
 uid: mm405
+# Password is "xoddam"
+userpassword: {SHA}WiCnxkOb4kpy16ON7ZC6mD/iqII=
 
 dn: uid=nn297,ou=people,dc=example,dc=org
 objectClass: top
@@ -158,6 +184,8 @@ sn: Nash
 givenName: Noel
 mail: noel@example.org
 uid: nn297
+# Password is "hsan"
+userpassword: {SHA}1zOsG076wDkikQbnK5vAMM1BM/o=
 
 dn: uid=oo981,ou=people,dc=example,dc=org
 objectClass: top
@@ -169,6 +197,8 @@ sn: Osborn
 givenName: Ophelia
 mail: ophelia@example.org
 uid: oo981
+# Password is "nrobso"
+userpassword: {SHA}w8mQw0kEa1UiWzMsNclD/LWzlgs=
 
 dn: uid=pp468,ou=people,dc=example,dc=org
 objectClass: top
@@ -180,6 +210,8 @@ sn: Patel
 givenName: Penelope
 mail: penelope@example.org
 uid: pp468
+# Password is "letap"
+userpassword: {SHA}p7jaVoRIV9o8gDPbN10sEhXaYHk=
 
 dn: uid=qq612,ou=people,dc=example,dc=org
 objectClass: top
@@ -191,6 +223,8 @@ sn: Queen
 givenName: Quin
 mail: quin@example.org
 uid: qq612
+# Password is "neeuq"
+userpassword: {SHA}v9ibNIx42giCH4tQnwUHJy6LeJg=
 
 dn: uid=rr477,ou=people,dc=example,dc=org
 objectClass: top
@@ -202,6 +236,8 @@ sn: Rowland
 givenName: Ruth
 mail: ruth@example.org
 uid: rr477
+# Password is "dnalwor"
+userpassword: {SHA}S3eMb2C/ctXzbFnlgcH7ZQ/fozU=
 
 dn: uid=ss198,ou=people,dc=example,dc=org
 objectClass: top
@@ -213,6 +249,8 @@ sn: Solomon
 givenName: Serena
 mail: serena@example.org
 uid: ss198
+# Password is "nomolos"
+userpassword: {SHA}EizIKlU79Kz1Y2WIV4deIh0MSA8=
 
 dn: uid=tt882,ou=people,dc=example,dc=org
 objectClass: top
@@ -224,6 +262,8 @@ sn: Torres
 givenName: Talia
 mail: talia@example.org
 uid: tt882
+# Password is "serrot"
+userpassword: {SHA}yO0DcSZ4fTMcx3sTHnAPQGvMkwg=
 
 dn: uid=uu972,ou=people,dc=example,dc=org
 objectClass: top
@@ -235,6 +275,8 @@ sn: Underwood
 givenName: Ursula
 mail: ursula@example.org
 uid: uu972
+# Password is "doowrednu"
+userpassword: {SHA}GQWGu8IvIEFU1PP34qGi5DyDF/c=
 
 dn: uid=vv180,ou=people,dc=example,dc=org
 objectClass: top
@@ -246,6 +288,8 @@ sn: Vickers
 givenName: Vera
 mail: vera@example.org
 uid: vv180
+# Password is "srekciv"
+userpassword: {SHA}3UrzY38O4R1GLK6ccSSfL4D0efQ=
 
 dn: uid=ww369,ou=people,dc=example,dc=org
 objectClass: top
@@ -257,6 +301,8 @@ sn: Wise
 givenName: Wendy
 mail: wendy@example.org
 uid: ww369
+# Password is "esiw"
+userpassword: {SHA}8gU4KSqUeeLRPov2tmXZXgOZw78=
 
 dn: uid=xx396,ou=people,dc=example,dc=org
 objectClass: top
@@ -268,6 +314,8 @@ sn: Xiong
 givenName: Xara
 mail: xara@example.org
 uid: xx396
+# Password is "gnoix"
+userpassword: {SHA}Yc2En2R/sbdjlEOitkLlkwY4jAY=
 
 dn: uid=yy423,ou=people,dc=example,dc=org
 objectClass: top
@@ -279,6 +327,8 @@ sn: Yates
 givenName: Yvette
 mail: yvette@example.org
 uid: yy423
+# Password is "setay"
+userpassword: {SHA}iKBhwF+Mbbct6mlmy6AvodIek3E=
 
 dn: uid=zz882,ou=people,dc=example,dc=org
 objectClass: top
@@ -290,3 +340,6 @@ sn: Zimmerman
 givenName: Zana
 mail: zana@example.org
 uid: zz882
+# Password is "namremmiz"
+userpassword: {SHA}KlsWojnknRWCHXGoBOTlEZxxrG8=
+

data/lib/ladle/java/net/detailedbalance/ladle/Main.java

@@ -40,7 +40,8 @@ public class Main {
                 new Integer(commandLine.getOptionValue("p")),
                 commandLine.getOptionValue("d"),
                 new File(commandLine.getOptionValue("l")),
-                new File(commandLine.getOptionValue("t")));
+                new File(commandLine.getOptionValue('t')),
+                !commandLine.hasOption('A'));
 
             Runtime.getRuntime().addShutdownHook(new Thread(new Runnable() {
                 public void run() {
@@ -110,6 +111,10 @@ public class Main {
                 withLongOpt("tmpdir").hasArg().isRequired().
                 withDescription("Specify the temporary directory to use").
                 create('t'))
+            .addOption(OptionBuilder.
+                withLongOpt("no-anonymous").
+                withDescription("Disable anonymous access").
+                create('A'))
             ;
         CommandLineParser parser = new GnuParser();
 

data/lib/ladle/java/net/detailedbalance/ladle/Server.java

@@ -35,13 +35,17 @@ public class Server {
 
     private final int port;
     private final String domainComponent;
+    private final boolean allowAnonymous;
     private final File tempDir;
     private final File ldifDir;
     private boolean running = false;
 
-    public Server(int port, String domainComponent, File ldifFile, File tempDirBase) {
+    public Server(
+        int port, String domainComponent, File ldifFile, File tempDirBase, boolean allowAnonymous
+    ) {
         this.port = port;
         this.domainComponent = domainComponent;
+        this.allowAnonymous = allowAnonymous;
         this.tempDir = createTempDir(tempDirBase);
         this.ldifDir = prepareLdif(ldifFile);
     }
@@ -98,7 +102,7 @@ public class Server {
             cfg.setLdifDirectory(ldifDir);
             cfg.setEnableNetworking(true);
             cfg.setLdapPort(port);
-            cfg.setAllowAnonymousAccess(true);
+            cfg.setAllowAnonymousAccess(allowAnonymous);
             cfg.setAccessControlEnabled(false);
             cfg.setShutdownHookEnabled(false);
             cfg.setContextPartitionConfigurations(

data/lib/ladle/server.rb

@@ -47,6 +47,8 @@ module Ladle
     #   :domain option to match.
     # @option opts [String] :domain ("dc=example,dc=org") the domain
     #   for the data provided in the :ldif option.
+    # @option opts [Boolean] :allow_anonymous (true) whether anonymous
+    #   users will be able to query the server.
     # @option opts [Boolean] :verbose (false) if true, detailed
     #   information about the execution of the server will be printed
     #   to standard error.
@@ -66,6 +68,7 @@ module Ladle
       @port = opts[:port] || 3897
       @domain = opts[:domain] || "dc=example,dc=org"
       @ldif = opts[:ldif] || File.expand_path("../default.ldif", __FILE__)
+      @allow_anonymous = opts[:allow_anonymous].nil? ? true : opts[:allow_anonymous]
       @quiet = opts[:quiet]
       @verbose = opts[:verbose]
       @timeout = opts[:timeout] || 15
@@ -193,6 +196,15 @@ module Ladle
       @verbose
     end
 
+    ##
+    # Whether anonymous users will be allowed access to the server
+    # once it is running.
+    #
+    # @return [Boolean]
+    def allow_anonymous?
+      @allow_anonymous
+    end
+
     private
 
     def create_process(*cmd)
@@ -216,8 +228,9 @@ module Ladle
         "--port", port,
         "--domain", domain,
         "--ldif", ldif,
-        "--tmpdir", tmpdir
-      ] + @additional_args
+        "--tmpdir", tmpdir,
+        ("--no-anonymous" unless allow_anonymous?)
+      ].compact + @additional_args
     end
 
     def classpath

data/lib/ladle/version.rb

@@ -1,5 +1,5 @@
 module Ladle
   ##
   # The current version number for Ladle.
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

data/spec/ladle/server_spec.rb

@@ -4,11 +4,28 @@ require 'net/ldap'
 
 describe Ladle, "::Server" do
   def create_server(opts = {})
-    Ladle::Server.new({ :quiet => true, :tmpdir => tmpdir }.merge(opts))
+    default_opts = { :tmpdir => tmpdir }.merge(
+      ENV['LADLE_TRACE'] ? { :verbose => true } : { :quiet => true })
+    Ladle::Server.new(default_opts.merge(opts))
+  end
+
+  def should_be_running
+    s = nil
+    lambda { s = TCPSocket.new('localhost', @server.port) }.
+      should_not raise_error
+    s.close if s
+  end
+
+  def should_not_be_running
+    s = nil
+    lambda { s = TCPSocket.new('localhost', @server.port) }.
+      should raise_error(/Connection refused/)
+    s.close if s
   end
 
   before do
     @server = create_server
+    should_not_be_running # fail early
   end
 
   after do
@@ -166,14 +183,19 @@ describe Ladle, "::Server" do
           should == "#{tmpdir}/openjdk/jre"
       end
     end
-  end
 
-  describe "running" do
-    def should_be_running
-      lambda { TCPSocket.new('localhost', @server.port) }.
-        should_not raise_error
+    describe ":allow_anonymous" do
+      it "defaults to true" do
+        Ladle::Server.new.allow_anonymous?.should be_true
+      end
+
+      it "can be overridden" do
+        Ladle::Server.new(:allow_anonymous => false).allow_anonymous?.should be_false
+      end
     end
+  end
 
+  describe "running" do
     it "blocks until the server is up" do
       @server.start
       should_be_running
@@ -192,8 +214,7 @@ describe Ladle, "::Server" do
       @server.start
       @server.stop
       @server.start
-      lambda { TCPSocket.new('localhost', @server.port) }.
-        should_not raise_error
+      should_be_running
     end
 
     it "throws an exception when the server doesn't start up" do
@@ -231,16 +252,20 @@ describe Ladle, "::Server" do
     end
   end
 
-  describe "data" do
+  describe "LDAP implementation" do
     before do
       pending "Net::LDAP doesn't work on 1.9" if RUBY_VERSION =~ /1.9/
     end
 
-    def with_ldap
+    def with_ldap(params={})
       @server.start
-      Net::LDAP.open(ldap_parameters) do |ldap|
-        return yield ldap
-      end
+      # We don't use Net::LDAP.open because it seems to leak sockets,
+      # at least on Linux and with version 0.0.4 of the library.
+      ldap = Net::LDAP.new({
+          :host => 'localhost', :port => @server.port,
+          :auth => { :method => :anonymous }
+        }.merge(params))
+      yield ldap
     end
 
     def ldap_search(filter, base=nil)
@@ -248,58 +273,108 @@ describe Ladle, "::Server" do
         ldap.search(
           :base => base || 'dc=example,dc=org',
           :filter => filter
-        )
-      }
-    end
-
-    def ldap_parameters
-      @ldap_parameters ||= {
-        :host => 'localhost', :port => @server.port,
-        :auth => { :method => :anonymous }
+        ).tap {
+          ldap.get_operation_result.code.should == 0 # success
+        }
       }
     end
 
-    describe "the default set" do
-      it "has 26 people" do
-        ldap_search(Net::LDAP::Filter.pres('uid')).should have(26).people
-      end
-
-      it "has 1 group" do
-        ldap_search(Net::LDAP::Filter.pres('ou')).should have(1).group
-      end
-
-      it "has given names" do
-        ldap_search(Net::LDAP::Filter.pres('uid')).
-          select { |res| !res[:givenname] || res[:givenname].empty? }.should == []
-      end
-
-      it "has e-mail addresses" do
-        ldap_search(Net::LDAP::Filter.pres('uid')).
-          select { |res| !res[:mail] || res[:mail].empty? }.should == []
-      end
-
-      it "can be searched by value" do
-        ldap_search(Net::LDAP::Filter.eq(:givenname, 'Josephine')).
-          collect { |res| res[:uid].first }.should == %w(jj243)
+    describe "data" do
+      describe "the default set" do
+        it "has 26 people" do
+          ldap_search(Net::LDAP::Filter.pres('uid')).should have(26).people
+        end
+
+        it "has 1 group" do
+          ldap_search(Net::LDAP::Filter.pres('ou')).should have(1).group
+        end
+
+        it "has given names" do
+          ldap_search(Net::LDAP::Filter.pres('uid')).
+            select { |res| !res[:givenname] || res[:givenname].empty? }.should == []
+        end
+
+        it "has e-mail addresses" do
+          ldap_search(Net::LDAP::Filter.pres('uid')).
+            select { |res| !res[:mail] || res[:mail].empty? }.should == []
+        end
+
+        it "can be searched by value" do
+          ldap_search(Net::LDAP::Filter.eq(:givenname, 'Josephine')).
+            collect { |res| res[:uid].first }.should == %w(jj243)
+        end
+      end
+
+      describe "with a provided set" do
+        before do
+          @server = create_server(
+            :domain => "dc=example,dc=net",
+            :ldif => File.expand_path("../animals.ldif", __FILE__)
+          )
+        end
+
+        it "has the groups provided by the other LDIF" do
+          ldap_search(Net::LDAP::Filter.pres('ou'), 'dc=example,dc=net').
+            collect { |result| result[:ou].first }.should == ["animals"]
+        end
+
+        it "has the individuals provided by the other LDIF" do
+          ldap_search(Net::LDAP::Filter.pres('uid'), 'dc=example,dc=net').
+            collect { |result| result[:givenname].first }.sort.should == %w(Ada Bob)
+        end
       end
     end
 
-    describe "with a provided set" do
-      before do
-        @server = create_server(
-          :domain => "dc=example,dc=net",
-          :ldif => File.expand_path("../animals.ldif", __FILE__)
-        )
-      end
-
-      it "has the groups provided by the other LDIF" do
-        ldap_search(Net::LDAP::Filter.pres('ou'), 'dc=example,dc=net').
-          collect { |result| result[:ou].first }.should == ["animals"]
-      end
-
-      it "has the individuals provided by the other LDIF" do
-        ldap_search(Net::LDAP::Filter.pres('uid'), 'dc=example,dc=net').
-          collect { |result| result[:givenname].first }.sort.should == %w(Ada Bob)
+    describe "binding" do
+      it "works with a valid password" do
+        with_ldap do |ldap|
+          ldap.authenticate("uid=hh153,ou=people,dc=example,dc=org", "hatfield".reverse)
+          ldap.bind.should be_true
+        end
+      end
+
+      it "does not work with an invalid password" do
+        with_ldap do |ldap|
+          ldap.authenticate("uid=hh153,ou=people,dc=example,dc=org", "mccoy".reverse)
+          ldap.bind.should be_false
+        end
+      end
+
+      describe "with anonymous binding disabled" do
+        before do
+          @server = create_server(:allow_anonymous => false)
+        end
+
+        it "will not bind anonymously" do
+          with_ldap do |ldap|
+            # anonymous bind is successful even with anonymous access
+            # off, but searches fail appropriately
+            ldap.search(:filter => Net::LDAP::Filter.pres('uid'), :base => 'dc=example,dc=org')
+            ldap.get_operation_result.code.should == 50 # insufficient access
+          end
+        end
+
+        it "will bind with a username and valid password" do
+          with_ldap do |ldap|
+            ldap.authenticate("uid=kk891,ou=people,dc=example,dc=org", "enilk")
+            ldap.bind.should be_true
+          end
+        end
+
+        it "will not bind with a username and invalid password" do
+          with_ldap do |ldap|
+            ldap.authenticate("uid=kk891,ou=people,dc=example,dc=org", "kevin")
+            ldap.bind.should be_false
+          end
+        end
+
+        it "permits searches for authenticated users" do
+          with_ldap do |ldap|
+            ldap.authenticate("uid=kk891,ou=people,dc=example,dc=org", "enilk")
+            ldap.search(:filter => Net::LDAP::Filter.pres('uid'), :base => 'dc=example,dc=org').
+              should have(26).results
+          end
+        end
       end
     end
   end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
     - 0
     - 1
-    - 0
-  version: 0.1.0
+    - 1
+  version: 0.1.1
 platform: java
 authors: 
   - Rhett Sutphin
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-21 00:00:00 -05:00
+date: 2010-10-27 00:00:00 -05:00
 default_executable: 
 dependencies: 
   - !ruby/object:Gem::Dependency 
@@ -71,6 +71,19 @@ dependencies:
             version: 0.0.4
     type: :development
     version_requirements: *id004
+  - !ruby/object:Gem::Dependency 
+    name: ci_reporter
+    prerelease: false
+    requirement: &id005 !ruby/object:Gem::Requirement 
+      requirements: 
+        - - ~>
+          - !ruby/object:Gem::Version 
+            segments: 
+              - 1
+              - 6
+            version: "1.6"
+    type: :development
+    version_requirements: *id005
 description: Provides an embedded LDAP server for BDD.  The embedded server is built with ApacheDS.
 email: 
   - rhett@detailedbalance.net