ldap_fluff 0.1.7 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ldap_fluff might be problematic. Click here for more details.
- data/lib/ldap_fluff/active_directory.rb +10 -10
- data/lib/ldap_fluff/ad_member_service.rb +8 -8
- data/lib/ldap_fluff/config.rb +9 -43
- data/lib/ldap_fluff/freeipa.rb +9 -9
- data/lib/ldap_fluff/freeipa_member_service.rb +4 -4
- data/lib/ldap_fluff/ldap_fluff.rb +13 -14
- data/lib/ldap_fluff/posix.rb +7 -8
- data/lib/ldap_fluff/posix_member_service.rb +5 -5
- data/test/ad_member_services_test.rb +5 -5
- data/test/ad_test.rb +11 -11
- data/test/config_test.rb +8 -16
- data/test/ipa_member_services_test.rb +3 -3
- data/test/ipa_test.rb +11 -11
- data/test/ldap_test.rb +6 -6
- data/test/lib/ldap_test_helper.rb +24 -20
- data/test/posix_member_services_test.rb +11 -36
- data/test/posix_test.rb +3 -3
- metadata +41 -19
- data/etc/ldap_fluff.yml +0 -11
@@ -2,18 +2,18 @@ class LdapFluff::ActiveDirectory
|
|
2
2
|
attr_accessor :ldap, :member_service
|
3
3
|
|
4
4
|
def initialize(config={})
|
5
|
-
@ldap
|
6
|
-
|
7
|
-
|
8
|
-
|
5
|
+
@ldap = Net::LDAP.new :host => config.host,
|
6
|
+
:base => config.base_dn,
|
7
|
+
:port => config.port,
|
8
|
+
:encryption => config.encryption
|
9
9
|
@group_base = config.group_base
|
10
10
|
@group_base ||= config.base_dn
|
11
|
-
@ad_domain
|
12
|
-
@bind_user
|
13
|
-
@bind_pass
|
14
|
-
@anon
|
11
|
+
@ad_domain = config.ad_domain
|
12
|
+
@bind_user = config.service_user
|
13
|
+
@bind_pass = config.service_pass
|
14
|
+
@anon = config.anon_queries
|
15
15
|
|
16
|
-
@member_service = MemberService.new(@ldap
|
16
|
+
@member_service = MemberService.new(@ldap, @group_base)
|
17
17
|
end
|
18
18
|
|
19
19
|
def bind?(uid=nil, password=nil)
|
@@ -46,7 +46,7 @@ class LdapFluff::ActiveDirectory
|
|
46
46
|
service_bind
|
47
47
|
return true if gids == []
|
48
48
|
begin
|
49
|
-
groups
|
49
|
+
groups = @member_service.find_user_groups(uid)
|
50
50
|
intersection = gids & groups
|
51
51
|
if all
|
52
52
|
return intersection == gids
|
@@ -5,8 +5,8 @@ class LdapFluff::ActiveDirectory::MemberService
|
|
5
5
|
|
6
6
|
attr_accessor :ldap
|
7
7
|
|
8
|
-
def initialize(ldap,group_base)
|
9
|
-
@ldap
|
8
|
+
def initialize(ldap, group_base)
|
9
|
+
@ldap = ldap
|
10
10
|
@group_base = group_base
|
11
11
|
end
|
12
12
|
|
@@ -33,9 +33,9 @@ class LdapFluff::ActiveDirectory::MemberService
|
|
33
33
|
def _groups_from_ldap_data(payload)
|
34
34
|
data = []
|
35
35
|
if payload != nil
|
36
|
-
first_level
|
36
|
+
first_level = _group_names_from_cn(payload[:memberof])
|
37
37
|
total_groups = _walk_group_ancestry(first_level)
|
38
|
-
data
|
38
|
+
data = (first_level + total_groups).uniq
|
39
39
|
end
|
40
40
|
data
|
41
41
|
end
|
@@ -48,8 +48,8 @@ class LdapFluff::ActiveDirectory::MemberService
|
|
48
48
|
search = @ldap.search(:filter => filter, :base => @group_base)
|
49
49
|
if search != nil && search.first != nil
|
50
50
|
group = search.first
|
51
|
-
set
|
52
|
-
set
|
51
|
+
set += _group_names_from_cn(group[:memberof])
|
52
|
+
set += _walk_group_ancestry(set)
|
53
53
|
end
|
54
54
|
end
|
55
55
|
set
|
@@ -60,11 +60,11 @@ class LdapFluff::ActiveDirectory::MemberService
|
|
60
60
|
end
|
61
61
|
|
62
62
|
def class_filter
|
63
|
-
Net::LDAP::Filter.eq("objectclass","group")
|
63
|
+
Net::LDAP::Filter.eq("objectclass", "group")
|
64
64
|
end
|
65
65
|
|
66
66
|
def name_filter(uid)
|
67
|
-
Net::LDAP::Filter.eq("samaccountname",uid)
|
67
|
+
Net::LDAP::Filter.eq("samaccountname", uid)
|
68
68
|
end
|
69
69
|
|
70
70
|
# extract the group names from the LDAP style response,
|
data/lib/ldap_fluff/config.rb
CHANGED
@@ -1,51 +1,17 @@
|
|
1
|
-
require 'singleton'
|
2
1
|
require 'yaml'
|
3
2
|
|
4
3
|
class LdapFluff
|
5
|
-
####################################################################
|
6
|
-
# Module constants
|
7
|
-
####################################################################
|
8
|
-
CONFIG = "/etc/ldap_fluff.yml"
|
9
|
-
####################################################################
|
10
|
-
# Module class definitions
|
11
|
-
####################################################################
|
12
4
|
class Config
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
:encryption,
|
17
|
-
:base_dn,
|
18
|
-
:group_base,
|
19
|
-
:server_type,
|
20
|
-
:ad_domain,
|
21
|
-
:service_user,
|
22
|
-
:service_pass,
|
23
|
-
:anon_queries
|
5
|
+
ATTRIBUTES = [:host, :port, :encryption, :base_dn, :group_base, :server_type, :ad_domain, :service_user,
|
6
|
+
:service_pass, :anon_queries]
|
7
|
+
ATTRIBUTES.each { |attr| attr_reader attr }
|
24
8
|
|
25
|
-
def initialize
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
@encryption = config["encryption"].to_sym
|
32
|
-
else
|
33
|
-
@encryption = nil
|
34
|
-
end
|
35
|
-
@base_dn = config["base_dn"]
|
36
|
-
@group_base = config["group_base"]
|
37
|
-
@ad_domain = config["ad_domain"]
|
38
|
-
@service_user = config["service_user"]
|
39
|
-
@service_pass = config["service_pass"]
|
40
|
-
@anon_queries = config["anon_queries"]
|
41
|
-
@server_type = config["server_type"]
|
42
|
-
rescue Errno::ENOENT
|
43
|
-
$stderr.puts("The #{LdapFluff::CONFIG} config file you specified was not found")
|
44
|
-
exit
|
45
|
-
rescue Errno::EACCES
|
46
|
-
$stderr.puts("The #{LdapFluff::CONFIG} config file you specified is not readable")
|
47
|
-
exit
|
48
|
-
end
|
9
|
+
def initialize(options)
|
10
|
+
raise ArgumentError unless options.kind_of? Hash
|
11
|
+
options = options.inject({}) { |hash, (k, v)| hash.update k.to_s => v }
|
12
|
+
ATTRIBUTES.each { |attr| instance_variable_set :"@#{attr}", options[attr.to_s] }
|
13
|
+
@encryption = @encryption.to_sym if @encryption
|
14
|
+
@server_type = @server_type.to_sym if @server_type
|
49
15
|
end
|
50
16
|
end
|
51
17
|
end
|
data/lib/ldap_fluff/freeipa.rb
CHANGED
@@ -3,18 +3,18 @@ class LdapFluff::FreeIPA
|
|
3
3
|
attr_accessor :ldap, :member_service
|
4
4
|
|
5
5
|
def initialize(config={})
|
6
|
-
@ldap
|
7
|
-
|
8
|
-
|
9
|
-
|
6
|
+
@ldap = Net::LDAP.new :host => config.host,
|
7
|
+
:base => config.base_dn,
|
8
|
+
:port => config.port,
|
9
|
+
:encryption => config.encryption
|
10
10
|
@group_base = config.group_base
|
11
11
|
@group_base ||= config.base_dn
|
12
|
-
@base
|
13
|
-
@bind_user
|
14
|
-
@bind_pass
|
15
|
-
@anon
|
12
|
+
@base = config.base_dn
|
13
|
+
@bind_user = config.service_user
|
14
|
+
@bind_pass = config.service_pass
|
15
|
+
@anon = config.anon_queries
|
16
16
|
|
17
|
-
@member_service = MemberService.new(@ldap
|
17
|
+
@member_service = MemberService.new(@ldap, @group_base)
|
18
18
|
end
|
19
19
|
|
20
20
|
def bind?(uid=nil, password=nil)
|
@@ -5,8 +5,8 @@ class LdapFluff::FreeIPA::MemberService
|
|
5
5
|
|
6
6
|
attr_accessor :ldap
|
7
7
|
|
8
|
-
def initialize(ldap,group_base)
|
9
|
-
@ldap
|
8
|
+
def initialize(ldap, group_base)
|
9
|
+
@ldap = ldap
|
10
10
|
@group_base = group_base
|
11
11
|
end
|
12
12
|
|
@@ -33,11 +33,11 @@ class LdapFluff::FreeIPA::MemberService
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def name_filter(uid)
|
36
|
-
Net::LDAP::Filter.eq("uid",uid)
|
36
|
+
Net::LDAP::Filter.eq("uid", uid)
|
37
37
|
end
|
38
38
|
|
39
39
|
def group_filter(gid)
|
40
|
-
Net::LDAP::Filter.eq("cn",gid)
|
40
|
+
Net::LDAP::Filter.eq("cn", gid)
|
41
41
|
end
|
42
42
|
|
43
43
|
def _group_names_from_cn(grouplist)
|
@@ -2,23 +2,22 @@ require 'rubygems'
|
|
2
2
|
require 'net/ldap'
|
3
3
|
|
4
4
|
class LdapFluff
|
5
|
-
class ConfigError < StandardError
|
5
|
+
class ConfigError < StandardError
|
6
|
+
end
|
6
7
|
|
7
8
|
attr_accessor :ldap
|
8
9
|
|
9
|
-
def initialize(config=
|
10
|
-
config
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
raise ConfigError, "Unsupported connection type. Supported types = :active_directory, :posix, :free_ipa"
|
21
|
-
end
|
10
|
+
def initialize(config = {})
|
11
|
+
config = LdapFluff::Config.new(config)
|
12
|
+
case config.server_type
|
13
|
+
when :posix
|
14
|
+
@ldap = Posix.new(config)
|
15
|
+
when :active_directory
|
16
|
+
@ldap = ActiveDirectory.new(config)
|
17
|
+
when :free_ipa
|
18
|
+
@ldap = FreeIPA.new(config)
|
19
|
+
else
|
20
|
+
raise ConfigError, "Unsupported connection type #{config.server_type.inspect}. Supported types = :active_directory, :posix, :free_ipa"
|
22
21
|
end
|
23
22
|
end
|
24
23
|
|
data/lib/ldap_fluff/posix.rb
CHANGED
@@ -3,14 +3,13 @@ class LdapFluff::Posix
|
|
3
3
|
attr_accessor :ldap, :member_service
|
4
4
|
|
5
5
|
def initialize(config={})
|
6
|
-
@ldap
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
@group_base
|
11
|
-
@
|
12
|
-
@
|
13
|
-
@member_service = MemberService.new(@ldap,@group_base)
|
6
|
+
@ldap = Net::LDAP.new :host => config.host,
|
7
|
+
:base => config.base_dn,
|
8
|
+
:port => config.port,
|
9
|
+
:encryption => config.encryption
|
10
|
+
@group_base = config.group_base || config.base
|
11
|
+
@base = config.base_dn
|
12
|
+
@member_service = MemberService.new(@ldap, @group_base)
|
14
13
|
end
|
15
14
|
|
16
15
|
def bind?(uid=nil, password=nil)
|
@@ -5,8 +5,8 @@ class LdapFluff::Posix::MemberService
|
|
5
5
|
|
6
6
|
attr_accessor :ldap
|
7
7
|
|
8
|
-
def initialize(ldap,group_base)
|
9
|
-
@ldap
|
8
|
+
def initialize(ldap, group_base)
|
9
|
+
@ldap = ldap
|
10
10
|
@group_base = group_base
|
11
11
|
end
|
12
12
|
|
@@ -38,13 +38,13 @@ class LdapFluff::Posix::MemberService
|
|
38
38
|
gids.each do |cn|
|
39
39
|
filters << group_filter(cn)
|
40
40
|
end
|
41
|
-
group_filters = merge_filters(filters,all)
|
42
|
-
filter
|
41
|
+
group_filters = merge_filters(filters, all)
|
42
|
+
filter = name_filter(uid) & group_filters
|
43
43
|
@ldap.search(:base => @group_base, :filter => filter).size
|
44
44
|
end
|
45
45
|
|
46
46
|
def name_filter(uid)
|
47
|
-
Net::LDAP::Filter.eq("memberUid",uid)
|
47
|
+
Net::LDAP::Filter.eq("memberUid", uid)
|
48
48
|
end
|
49
49
|
|
50
50
|
def group_filter(cn)
|
@@ -5,8 +5,8 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
5
5
|
|
6
6
|
def setup
|
7
7
|
config
|
8
|
-
@ldap
|
9
|
-
@adms
|
8
|
+
@ldap = MiniTest::Mock.new
|
9
|
+
@adms = LdapFluff::ActiveDirectory::MemberService.new(@ldap, @config.group_base)
|
10
10
|
@gfilter = group_filter('group') & group_class_filter
|
11
11
|
end
|
12
12
|
|
@@ -26,7 +26,7 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
26
26
|
@ldap.expect(:search, ad_parent_payload(i+1), [:filter => gfilter_bros, :base => @config.group_base])
|
27
27
|
end
|
28
28
|
# terminate or we loop FOREVER
|
29
|
-
@ldap.expect(:search,[], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
|
29
|
+
@ldap.expect(:search, [], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
|
30
30
|
end
|
31
31
|
|
32
32
|
def double_nested(n)
|
@@ -36,10 +36,10 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
36
36
|
@ldap.expect(:search, ad_double_payload(i+1), [:filter => gfilter_bros, :base => @config.group_base])
|
37
37
|
end
|
38
38
|
# terminate or we loop FOREVER
|
39
|
-
@ldap.expect(:search,[], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
|
39
|
+
@ldap.expect(:search, [], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
|
40
40
|
(n-1).downto(1) do |i|
|
41
41
|
gfilter_bros = group_filter("broskies#{i+1}") & group_class_filter
|
42
|
-
@ldap.expect(:search,[], [:filter => gfilter_bros, :base => @config.group_base])
|
42
|
+
@ldap.expect(:search, [], [:filter => gfilter_bros, :base => @config.group_base])
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
data/test/ad_test.rb
CHANGED
@@ -5,13 +5,13 @@ class TestAD < MiniTest::Unit::TestCase
|
|
5
5
|
|
6
6
|
def setup
|
7
7
|
config
|
8
|
-
@ad
|
8
|
+
@ad = LdapFluff::ActiveDirectory.new(@config)
|
9
9
|
@ldap = MiniTest::Mock.new
|
10
10
|
end
|
11
11
|
|
12
12
|
# default setup for service bind users
|
13
13
|
def service_bind
|
14
|
-
@ldap.expect(:auth, nil, ["service@internet.com","pass"])
|
14
|
+
@ldap.expect(:auth, nil, ["service@internet.com", "pass"])
|
15
15
|
@ldap.expect(:bind, true)
|
16
16
|
@ad.ldap = @ldap
|
17
17
|
end
|
@@ -24,12 +24,12 @@ class TestAD < MiniTest::Unit::TestCase
|
|
24
24
|
|
25
25
|
def bigtime_user
|
26
26
|
@md = MiniTest::Mock.new
|
27
|
-
@md.expect(:find_user_groups, ['bros','broskies'], ["john"])
|
27
|
+
@md.expect(:find_user_groups, ['bros', 'broskies'], ["john"])
|
28
28
|
@ad.member_service = @md
|
29
29
|
end
|
30
30
|
|
31
31
|
def test_good_bind
|
32
|
-
@ldap.expect(:auth, nil, ["internet@internet.com","password"])
|
32
|
+
@ldap.expect(:auth, nil, ["internet@internet.com", "password"])
|
33
33
|
@ldap.expect(:bind, true)
|
34
34
|
@ad.ldap = @ldap
|
35
35
|
assert_equal @ad.bind?("internet", "password"), true
|
@@ -37,7 +37,7 @@ class TestAD < MiniTest::Unit::TestCase
|
|
37
37
|
end
|
38
38
|
|
39
39
|
def test_bad_bind
|
40
|
-
@ldap.expect(:auth, nil, ["internet@internet.com","password"])
|
40
|
+
@ldap.expect(:auth, nil, ["internet@internet.com", "password"])
|
41
41
|
@ldap.expect(:bind, false)
|
42
42
|
@ad.ldap = @ldap
|
43
43
|
assert_equal @ad.bind?("internet", "password"), false
|
@@ -62,7 +62,7 @@ class TestAD < MiniTest::Unit::TestCase
|
|
62
62
|
end
|
63
63
|
|
64
64
|
def test_bad_service_user
|
65
|
-
@ldap.expect(:auth, nil, ["service@internet.com","pass"])
|
65
|
+
@ldap.expect(:auth, nil, ["service@internet.com", "pass"])
|
66
66
|
@ldap.expect(:bind, false)
|
67
67
|
@ad.ldap = @ldap
|
68
68
|
assert_raises(LdapFluff::ActiveDirectory::UnauthenticatedActiveDirectoryException) { @ad.groups_for_uid('john') }
|
@@ -71,31 +71,31 @@ class TestAD < MiniTest::Unit::TestCase
|
|
71
71
|
def test_is_in_groups
|
72
72
|
service_bind
|
73
73
|
basic_user
|
74
|
-
assert_equal @ad.is_in_groups("john",["bros"],false), true
|
74
|
+
assert_equal @ad.is_in_groups("john", ["bros"], false), true
|
75
75
|
end
|
76
76
|
|
77
77
|
def test_is_some_groups
|
78
78
|
service_bind
|
79
79
|
basic_user
|
80
|
-
assert_equal @ad.is_in_groups("john",["bros","buds"],false), true
|
80
|
+
assert_equal @ad.is_in_groups("john", ["bros", "buds"], false), true
|
81
81
|
end
|
82
82
|
|
83
83
|
def test_isnt_in_all_groups
|
84
84
|
service_bind
|
85
85
|
basic_user
|
86
|
-
assert_equal @ad.is_in_groups("john",["bros","buds"],true), false
|
86
|
+
assert_equal @ad.is_in_groups("john", ["bros", "buds"], true), false
|
87
87
|
end
|
88
88
|
|
89
89
|
def test_isnt_in_groups
|
90
90
|
service_bind
|
91
91
|
basic_user
|
92
|
-
assert_equal @ad.is_in_groups("john", ["broskies"],false), false
|
92
|
+
assert_equal @ad.is_in_groups("john", ["broskies"], false), false
|
93
93
|
end
|
94
94
|
|
95
95
|
def test_group_subset
|
96
96
|
service_bind
|
97
97
|
bigtime_user
|
98
|
-
assert_equal @ad.is_in_groups("john", ["broskies"],true), true
|
98
|
+
assert_equal @ad.is_in_groups("john", ["broskies"], true), true
|
99
99
|
end
|
100
100
|
|
101
101
|
def test_user_exists
|
data/test/config_test.rb
CHANGED
@@ -3,31 +3,23 @@ require_relative './lib/ldap_test_helper'
|
|
3
3
|
class ConfigTest < MiniTest::Unit::TestCase
|
4
4
|
include LdapTestHelper
|
5
5
|
|
6
|
-
def setup
|
7
|
-
config
|
8
|
-
end
|
9
|
-
|
10
6
|
def test_unsupported_type
|
11
|
-
|
12
|
-
assert_raises(LdapFluff::ConfigError) { LdapFluff.new(@config) }
|
7
|
+
assert_raises(LdapFluff::ConfigError) { LdapFluff.new(config_hash.update :server_type => 'inactive_directory') }
|
13
8
|
end
|
14
9
|
|
15
10
|
def test_load_posix
|
16
|
-
|
17
|
-
|
18
|
-
assert_instance_of LdapFluff::Posix, l.ldap
|
11
|
+
ldap = LdapFluff.new(config_hash.update :server_type => 'posix')
|
12
|
+
assert_instance_of LdapFluff::Posix, ldap.ldap
|
19
13
|
end
|
20
14
|
|
21
15
|
def test_load_ad
|
22
|
-
|
23
|
-
|
24
|
-
assert_instance_of LdapFluff::ActiveDirectory, l.ldap
|
16
|
+
ldap = LdapFluff.new(config_hash.update :server_type => 'active_directory')
|
17
|
+
assert_instance_of LdapFluff::ActiveDirectory, ldap.ldap
|
25
18
|
end
|
26
19
|
|
27
|
-
def
|
28
|
-
|
29
|
-
|
30
|
-
assert_instance_of LdapFluff::FreeIPA, l.ldap
|
20
|
+
def test_load_free_ipa
|
21
|
+
ldap = LdapFluff.new(config_hash.update :server_type => 'free_ipa')
|
22
|
+
assert_instance_of LdapFluff::FreeIPA, ldap.ldap
|
31
23
|
end
|
32
24
|
|
33
25
|
end
|
@@ -5,8 +5,8 @@ class TestIPAMemberService < MiniTest::Unit::TestCase
|
|
5
5
|
|
6
6
|
def setup
|
7
7
|
config
|
8
|
-
@ldap
|
9
|
-
@ipams = LdapFluff::FreeIPA::MemberService.new(@ldap
|
8
|
+
@ldap = MiniTest::Mock.new
|
9
|
+
@ipams = LdapFluff::FreeIPA::MemberService.new(@ldap, @config.group_base)
|
10
10
|
end
|
11
11
|
|
12
12
|
def basic_user
|
@@ -32,7 +32,7 @@ class TestIPAMemberService < MiniTest::Unit::TestCase
|
|
32
32
|
end
|
33
33
|
|
34
34
|
def test_no_groups
|
35
|
-
@ldap.expect(:search, ['',{:memberof=>[]}], [:filter => ipa_name_filter("john")])
|
35
|
+
@ldap.expect(:search, ['', { :memberof => [] }], [:filter => ipa_name_filter("john")])
|
36
36
|
@ipams.ldap = @ldap
|
37
37
|
assert_equal [], @ipams.find_user_groups('john')
|
38
38
|
@ldap.verify
|
data/test/ipa_test.rb
CHANGED
@@ -5,13 +5,13 @@ class TestIPA < MiniTest::Unit::TestCase
|
|
5
5
|
|
6
6
|
def setup
|
7
7
|
config
|
8
|
-
@ipa
|
8
|
+
@ipa = LdapFluff::FreeIPA.new(@config)
|
9
9
|
@ldap = MiniTest::Mock.new
|
10
10
|
end
|
11
11
|
|
12
12
|
# default setup for service bind users
|
13
13
|
def service_bind
|
14
|
-
@ldap.expect(:auth, nil, [ipa_user_bind('service'),"pass"])
|
14
|
+
@ldap.expect(:auth, nil, [ipa_user_bind('service'), "pass"])
|
15
15
|
@ldap.expect(:bind, true)
|
16
16
|
@ipa.ldap = @ldap
|
17
17
|
end
|
@@ -24,12 +24,12 @@ class TestIPA < MiniTest::Unit::TestCase
|
|
24
24
|
|
25
25
|
def bigtime_user
|
26
26
|
@md = MiniTest::Mock.new
|
27
|
-
@md.expect(:find_user_groups, ['bros','broskies'], ["john"])
|
27
|
+
@md.expect(:find_user_groups, ['bros', 'broskies'], ["john"])
|
28
28
|
@ipa.member_service = @md
|
29
29
|
end
|
30
30
|
|
31
31
|
def test_good_bind
|
32
|
-
@ldap.expect(:auth, nil, [ipa_user_bind('internet'),"password"])
|
32
|
+
@ldap.expect(:auth, nil, [ipa_user_bind('internet'), "password"])
|
33
33
|
@ldap.expect(:bind, true)
|
34
34
|
@ipa.ldap = @ldap
|
35
35
|
assert_equal @ipa.bind?("internet", "password"), true
|
@@ -37,7 +37,7 @@ class TestIPA < MiniTest::Unit::TestCase
|
|
37
37
|
end
|
38
38
|
|
39
39
|
def test_bad_bind
|
40
|
-
@ldap.expect(:auth, nil, [ipa_user_bind('internet'),"password"])
|
40
|
+
@ldap.expect(:auth, nil, [ipa_user_bind('internet'), "password"])
|
41
41
|
@ldap.expect(:bind, false)
|
42
42
|
@ipa.ldap = @ldap
|
43
43
|
assert_equal @ipa.bind?("internet", "password"), false
|
@@ -62,7 +62,7 @@ class TestIPA < MiniTest::Unit::TestCase
|
|
62
62
|
end
|
63
63
|
|
64
64
|
def test_bad_service_user
|
65
|
-
@ldap.expect(:auth, nil, [ipa_user_bind('service'),"pass"])
|
65
|
+
@ldap.expect(:auth, nil, [ipa_user_bind('service'), "pass"])
|
66
66
|
@ldap.expect(:bind, false)
|
67
67
|
@ipa.ldap = @ldap
|
68
68
|
assert_raises(LdapFluff::FreeIPA::UnauthenticatedFreeIPAException) { @ipa.groups_for_uid('john') }
|
@@ -71,31 +71,31 @@ class TestIPA < MiniTest::Unit::TestCase
|
|
71
71
|
def test_is_in_groups
|
72
72
|
service_bind
|
73
73
|
basic_user
|
74
|
-
assert_equal @ipa.is_in_groups("john",["bros"],false), true
|
74
|
+
assert_equal @ipa.is_in_groups("john", ["bros"], false), true
|
75
75
|
end
|
76
76
|
|
77
77
|
def test_is_some_groups
|
78
78
|
service_bind
|
79
79
|
basic_user
|
80
|
-
assert_equal @ipa.is_in_groups("john",["bros","buds"],false), true
|
80
|
+
assert_equal @ipa.is_in_groups("john", ["bros", "buds"], false), true
|
81
81
|
end
|
82
82
|
|
83
83
|
def test_isnt_in_all_groups
|
84
84
|
service_bind
|
85
85
|
basic_user
|
86
|
-
assert_equal @ipa.is_in_groups("john",["bros","buds"],true), false
|
86
|
+
assert_equal @ipa.is_in_groups("john", ["bros", "buds"], true), false
|
87
87
|
end
|
88
88
|
|
89
89
|
def test_isnt_in_groups
|
90
90
|
service_bind
|
91
91
|
basic_user
|
92
|
-
assert_equal @ipa.is_in_groups("john", ["broskies"],false), false
|
92
|
+
assert_equal @ipa.is_in_groups("john", ["broskies"], false), false
|
93
93
|
end
|
94
94
|
|
95
95
|
def test_group_subset
|
96
96
|
service_bind
|
97
97
|
bigtime_user
|
98
|
-
assert_equal @ipa.is_in_groups('john',["broskies"],true), true
|
98
|
+
assert_equal @ipa.is_in_groups('john', ["broskies"], true), true
|
99
99
|
end
|
100
100
|
|
101
101
|
def test_user_exists
|
data/test/ldap_test.rb
CHANGED
@@ -5,14 +5,14 @@ class TestLDAP < MiniTest::Unit::TestCase
|
|
5
5
|
|
6
6
|
def setup
|
7
7
|
config
|
8
|
-
@ldap
|
9
|
-
@fluff = LdapFluff.new(
|
8
|
+
@ldap = MiniTest::Mock.new
|
9
|
+
@fluff = LdapFluff.new(config_hash)
|
10
10
|
end
|
11
11
|
|
12
12
|
def test_bind
|
13
|
-
@ldap.expect(:bind?, true, ['john','password'])
|
13
|
+
@ldap.expect(:bind?, true, ['john', 'password'])
|
14
14
|
@fluff.ldap = @ldap
|
15
|
-
assert_equal @fluff.authenticate?("john","password"), true
|
15
|
+
assert_equal @fluff.authenticate?("john", "password"), true
|
16
16
|
@ldap.verify
|
17
17
|
end
|
18
18
|
|
@@ -24,9 +24,9 @@ class TestLDAP < MiniTest::Unit::TestCase
|
|
24
24
|
end
|
25
25
|
|
26
26
|
def test_group_membership
|
27
|
-
@ldap.expect(:is_in_groups, false, ['john',['broskies','girlfriends'],true])
|
27
|
+
@ldap.expect(:is_in_groups, false, ['john', ['broskies', 'girlfriends'], true])
|
28
28
|
@fluff.ldap = @ldap
|
29
|
-
assert_equal @fluff.is_in_groups?('john',['broskies','girlfriends']), false
|
29
|
+
assert_equal @fluff.is_in_groups?('john', ['broskies', 'girlfriends']), false
|
30
30
|
@ldap.verify
|
31
31
|
end
|
32
32
|
|
@@ -6,33 +6,37 @@ require 'minitest/autorun'
|
|
6
6
|
module LdapTestHelper
|
7
7
|
attr_accessor :group_base, :class_filter, :user
|
8
8
|
|
9
|
+
def config_hash
|
10
|
+
{ :host => "internet.com",
|
11
|
+
:port => "387",
|
12
|
+
:encryption => :start_tls,
|
13
|
+
:base_dn => "dc=internet,dc=com",
|
14
|
+
:group_base => "ou=group,dc=internet,dc=com",
|
15
|
+
:service_user => "service",
|
16
|
+
:service_pass => "pass",
|
17
|
+
:ad_domain => "internet.com",
|
18
|
+
:server_type => :free_ipa
|
19
|
+
}
|
20
|
+
end
|
21
|
+
|
9
22
|
def config
|
10
|
-
@config
|
11
|
-
:host => "internet.com",
|
12
|
-
:port => "387",
|
13
|
-
:encryption => :start_tls,
|
14
|
-
:base_dn => "dc=internet,dc=com",
|
15
|
-
:group_base => "ou=group,dc=internet,dc=com",
|
16
|
-
:service_user => "service",
|
17
|
-
:service_pass => "pass",
|
18
|
-
:ad_domain => "internet.com"
|
19
|
-
)
|
23
|
+
@config ||= OpenStruct.new config_hash
|
20
24
|
end
|
21
25
|
|
22
26
|
def ad_name_filter(name)
|
23
|
-
Net::LDAP::Filter.eq("samaccountname",name)
|
27
|
+
Net::LDAP::Filter.eq("samaccountname", name)
|
24
28
|
end
|
25
29
|
|
26
30
|
def ad_group_filter(name)
|
27
|
-
Net::LDAP::Filter.eq("cn",name)
|
31
|
+
Net::LDAP::Filter.eq("cn", name)
|
28
32
|
end
|
29
33
|
|
30
34
|
def ipa_name_filter(name)
|
31
|
-
Net::LDAP::Filter.eq("uid",name)
|
35
|
+
Net::LDAP::Filter.eq("uid", name)
|
32
36
|
end
|
33
37
|
|
34
38
|
def ipa_group_filter(name)
|
35
|
-
Net::LDAP::Filter.eq("cn",name)
|
39
|
+
Net::LDAP::Filter.eq("cn", name)
|
36
40
|
end
|
37
41
|
|
38
42
|
def group_filter(g)
|
@@ -40,7 +44,7 @@ module LdapTestHelper
|
|
40
44
|
end
|
41
45
|
|
42
46
|
def group_class_filter
|
43
|
-
Net::LDAP::Filter.eq("objectclass","group")
|
47
|
+
Net::LDAP::Filter.eq("objectclass", "group")
|
44
48
|
end
|
45
49
|
|
46
50
|
def ipa_user_bind(uid)
|
@@ -52,7 +56,7 @@ module LdapTestHelper
|
|
52
56
|
end
|
53
57
|
|
54
58
|
def ad_group_payload
|
55
|
-
[{:cn => "broze",
|
59
|
+
[{ :cn => "broze", :memberof => ["CN=group,dc=internet,dc=com"] }]
|
56
60
|
end
|
57
61
|
|
58
62
|
def ad_parent_payload(num)
|
@@ -64,18 +68,18 @@ module LdapTestHelper
|
|
64
68
|
end
|
65
69
|
|
66
70
|
def posix_user_payload
|
67
|
-
[{:cn => ["bros"]}]
|
71
|
+
[{ :cn => ["bros"] }]
|
68
72
|
end
|
69
73
|
|
70
74
|
def posix_group_payload
|
71
|
-
[{:cn => ["broze"]}]
|
75
|
+
[{ :cn => ["broze"] }]
|
72
76
|
end
|
73
77
|
|
74
78
|
def ipa_user_payload
|
75
|
-
[{:cn => 'john'},{:memberof => ['cn=group,dc=internet,dc=com','cn=bros,dc=internet,dc=com']}]
|
79
|
+
[{ :cn => 'john' }, { :memberof => ['cn=group,dc=internet,dc=com', 'cn=bros,dc=internet,dc=com'] }]
|
76
80
|
end
|
77
81
|
|
78
82
|
def ipa_group_payload
|
79
|
-
[{:cn => 'group'},{:memberof => ['cn=group,dc=internet,dc=com','cn=bros,dc=internet,dc=com']}]
|
83
|
+
[{ :cn => 'group' }, { :memberof => ['cn=group,dc=internet,dc=com', 'cn=bros,dc=internet,dc=com'] }]
|
80
84
|
end
|
81
85
|
end
|
@@ -6,18 +6,13 @@ class TestPosixMemberService < MiniTest::Unit::TestCase
|
|
6
6
|
def setup
|
7
7
|
config
|
8
8
|
@ldap = MiniTest::Mock.new
|
9
|
-
@ms
|
9
|
+
@ms = LdapFluff::Posix::MemberService.new(@ldap, @config.group_base)
|
10
10
|
end
|
11
11
|
|
12
12
|
def test_find_user
|
13
13
|
user = posix_user_payload
|
14
|
-
@ldap.expect(:search,
|
15
|
-
|
16
|
-
[
|
17
|
-
:filter => @ms.name_filter('john'),
|
18
|
-
:base =>config.group_base
|
19
|
-
]
|
20
|
-
)
|
14
|
+
@ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
|
15
|
+
:base => config.group_base])
|
21
16
|
@ms.ldap = @ldap
|
22
17
|
assert_equal ['bros'], @ms.find_user_groups('john')
|
23
18
|
@ldap.verify
|
@@ -25,26 +20,16 @@ class TestPosixMemberService < MiniTest::Unit::TestCase
|
|
25
20
|
|
26
21
|
def test_user_exists
|
27
22
|
user = posix_user_payload
|
28
|
-
@ldap.expect(:search,
|
29
|
-
|
30
|
-
[
|
31
|
-
:filter => @ms.name_filter('john'),
|
32
|
-
:base =>config.group_base
|
33
|
-
]
|
34
|
-
)
|
23
|
+
@ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
|
24
|
+
:base => config.group_base])
|
35
25
|
@ms.ldap = @ldap
|
36
26
|
assert @ms.find_user('john')
|
37
27
|
@ldap.verify
|
38
28
|
end
|
39
29
|
|
40
30
|
def test_user_doesnt_exists
|
41
|
-
@ldap.expect(:search,
|
42
|
-
|
43
|
-
[
|
44
|
-
:filter => @ms.name_filter('john'),
|
45
|
-
:base =>config.group_base
|
46
|
-
]
|
47
|
-
)
|
31
|
+
@ldap.expect(:search, nil, [:filter => @ms.name_filter('john'),
|
32
|
+
:base => config.group_base])
|
48
33
|
@ms.ldap = @ldap
|
49
34
|
assert_raises(LdapFluff::Posix::MemberService::UIDNotFoundException) { @ms.find_user('john') }
|
50
35
|
@ldap.verify
|
@@ -52,26 +37,16 @@ class TestPosixMemberService < MiniTest::Unit::TestCase
|
|
52
37
|
|
53
38
|
def test_group_exists
|
54
39
|
group = posix_group_payload
|
55
|
-
@ldap.expect(:search,
|
56
|
-
|
57
|
-
[
|
58
|
-
:filter => @ms.group_filter('broze'),
|
59
|
-
:base =>config.group_base
|
60
|
-
]
|
61
|
-
)
|
40
|
+
@ldap.expect(:search, group, [:filter => @ms.group_filter('broze'),
|
41
|
+
:base => config.group_base])
|
62
42
|
@ms.ldap = @ldap
|
63
43
|
assert @ms.find_group('broze')
|
64
44
|
@ldap.verify
|
65
45
|
end
|
66
46
|
|
67
47
|
def test_group_doesnt_exists
|
68
|
-
@ldap.expect(:search,
|
69
|
-
|
70
|
-
[
|
71
|
-
:filter => @ms.group_filter('broze'),
|
72
|
-
:base =>config.group_base
|
73
|
-
]
|
74
|
-
)
|
48
|
+
@ldap.expect(:search, nil, [:filter => @ms.group_filter('broze'),
|
49
|
+
:base => config.group_base])
|
75
50
|
@ms.ldap = @ldap
|
76
51
|
assert_raises(LdapFluff::Posix::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
|
77
52
|
@ldap.verify
|
data/test/posix_test.rb
CHANGED
@@ -6,7 +6,7 @@ class TestPosix < MiniTest::Unit::TestCase
|
|
6
6
|
def setup
|
7
7
|
config
|
8
8
|
@posix = LdapFluff::Posix.new(@config)
|
9
|
-
@ldap
|
9
|
+
@ldap = MiniTest::Mock.new
|
10
10
|
end
|
11
11
|
|
12
12
|
def basic_user
|
@@ -49,14 +49,14 @@ class TestPosix < MiniTest::Unit::TestCase
|
|
49
49
|
end
|
50
50
|
|
51
51
|
def test_good_bind
|
52
|
-
@ldap.expect(:auth, nil, ["uid=internet,dc=internet,dc=com","password"])
|
52
|
+
@ldap.expect(:auth, nil, ["uid=internet,dc=internet,dc=com", "password"])
|
53
53
|
@ldap.expect(:bind, true)
|
54
54
|
@posix.ldap = @ldap
|
55
55
|
assert_equal @posix.bind?("internet", "password"), true
|
56
56
|
end
|
57
57
|
|
58
58
|
def test_bad_bind
|
59
|
-
@ldap.expect(:auth, nil, ["uid=internet,dc=internet,dc=com","password"])
|
59
|
+
@ldap.expect(:auth, nil, ["uid=internet,dc=internet,dc=com", "password"])
|
60
60
|
@ldap.expect(:bind, false)
|
61
61
|
@posix.ldap = @ldap
|
62
62
|
assert_equal @posix.bind?("internet", "password"), false
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ldap_fluff
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 0.2.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-05-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: net-ldap
|
@@ -18,9 +18,25 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version:
|
21
|
+
version: 0.3.1
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: 0.3.1
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: rake
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
24
40
|
version_requirements: !ruby/object:Gem::Requirement
|
25
41
|
none: false
|
26
42
|
requirements:
|
@@ -43,35 +59,31 @@ dependencies:
|
|
43
59
|
- - ! '>='
|
44
60
|
- !ruby/object:Gem::Version
|
45
61
|
version: '0'
|
46
|
-
description:
|
47
|
-
implementations
|
48
|
-
|
49
|
-
'
|
62
|
+
description: Simple library for binding & group querying on top of various ldap implementations
|
50
63
|
email: jomara@redhat.com
|
51
64
|
executables: []
|
52
65
|
extensions: []
|
53
66
|
extra_rdoc_files: []
|
54
67
|
files:
|
55
|
-
- etc/ldap_fluff.yml
|
56
68
|
- lib/ldap_fluff.rb
|
57
|
-
- lib/ldap_fluff/active_directory.rb
|
58
|
-
- lib/ldap_fluff/ad_member_service.rb
|
59
|
-
- lib/ldap_fluff/config.rb
|
60
69
|
- lib/ldap_fluff/freeipa.rb
|
61
70
|
- lib/ldap_fluff/freeipa_member_service.rb
|
62
71
|
- lib/ldap_fluff/ldap_fluff.rb
|
63
|
-
- lib/ldap_fluff/
|
72
|
+
- lib/ldap_fluff/active_directory.rb
|
64
73
|
- lib/ldap_fluff/posix_member_service.rb
|
74
|
+
- lib/ldap_fluff/config.rb
|
75
|
+
- lib/ldap_fluff/posix.rb
|
76
|
+
- lib/ldap_fluff/ad_member_service.rb
|
65
77
|
- test/ad_member_services_test.rb
|
66
|
-
- test/ad_test.rb
|
67
78
|
- test/config_test.rb
|
68
|
-
- test/ipa_member_services_test.rb
|
69
|
-
- test/ipa_test.rb
|
70
79
|
- test/ldap_test.rb
|
71
|
-
- test/lib/ldap_test_helper.rb
|
72
80
|
- test/posix_member_services_test.rb
|
81
|
+
- test/ad_test.rb
|
82
|
+
- test/ipa_test.rb
|
83
|
+
- test/ipa_member_services_test.rb
|
84
|
+
- test/lib/ldap_test_helper.rb
|
73
85
|
- test/posix_test.rb
|
74
|
-
homepage:
|
86
|
+
homepage: https://github.com/Katello/ldap_fluff
|
75
87
|
licenses: []
|
76
88
|
post_install_message:
|
77
89
|
rdoc_options: []
|
@@ -91,8 +103,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
103
|
version: '0'
|
92
104
|
requirements: []
|
93
105
|
rubyforge_project:
|
94
|
-
rubygems_version: 1.8.
|
106
|
+
rubygems_version: 1.8.23
|
95
107
|
signing_key:
|
96
108
|
specification_version: 3
|
97
109
|
summary: LDAP Querying tools for Active Directory, FreeIPA and Posix-style
|
98
|
-
test_files:
|
110
|
+
test_files:
|
111
|
+
- test/ad_member_services_test.rb
|
112
|
+
- test/config_test.rb
|
113
|
+
- test/ldap_test.rb
|
114
|
+
- test/posix_member_services_test.rb
|
115
|
+
- test/ad_test.rb
|
116
|
+
- test/ipa_test.rb
|
117
|
+
- test/ipa_member_services_test.rb
|
118
|
+
- test/lib/ldap_test_helper.rb
|
119
|
+
- test/posix_test.rb
|
120
|
+
has_rdoc: true
|
data/etc/ldap_fluff.yml
DELETED
@@ -1,11 +0,0 @@
|
|
1
|
-
---
|
2
|
-
host: ## ip address or hostname
|
3
|
-
port: ## ip address or hostname
|
4
|
-
encryption: ## blank or :start_tls
|
5
|
-
base_dn: ## baseDN for ldap auth, eg dc=redhat,dc=com
|
6
|
-
group_base: ##baseDN for your ldap groups, eg ou=Groups,dc=redhat,dc=com
|
7
|
-
server_type: ## type of server. default == posix. :active_directory, :posix, :free_ipa
|
8
|
-
ad_domain: ## domain for your users if using active directory, eg redhat.com
|
9
|
-
service_user: ## service account for authenticating ldap calls in active directory or ipa
|
10
|
-
service_pass: ## service password for authenticating ldap calls in active directory or ipa
|
11
|
-
anon_queries: ## allow anonymous queries for AD or FreeIPA
|