ldap_fluff 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ldap_fluff might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/ldap_fluff/active_directory.rb +9 -30
- data/lib/ldap_fluff/config.rb +1 -1
- data/lib/ldap_fluff/freeipa.rb +10 -22
- data/lib/ldap_fluff/generic.rb +10 -3
- data/lib/ldap_fluff/generic_member_service.rb +18 -2
- data/lib/ldap_fluff/posix.rb +11 -8
- data/lib/ldap_fluff/posix_member_service.rb +1 -1
- data/test/ad_member_services_test.rb +27 -0
- data/test/ad_test.rb +35 -7
- data/test/ipa_test.rb +19 -2
- data/test/lib/ldap_test_helper.rb +4 -0
- data/test/posix_member_services_test.rb +3 -3
- data/test/posix_test.rb +36 -4
- metadata +30 -36
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e2c324b59a41c9c84c20302097ac61466fe94db5
|
4
|
+
data.tar.gz: a38ca5f778bbd5ca11fd008bd022d119afdb5c7c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cf3d45867bf6feffabb0843d723ad45cfd2f3eef2068d2b9fee100b5bb25e10d1f12c71f9f5c12953235d654a4a432c564c92d0673e3235b3a27071e528d44b1
|
7
|
+
data.tar.gz: 8678e45d973ef170e4cdeb6d104fe1c9092c9af9449c477eb694f5b496e79dac974cbd128e02c672fd942018a43404b1e46e1d15bb219f82cb9505f568d518ca
|
@@ -1,24 +1,15 @@
|
|
1
1
|
class LdapFluff::ActiveDirectory < LdapFluff::Generic
|
2
2
|
|
3
|
-
def
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
def bind?(uid = nil, password = nil)
|
3
|
+
def bind?(uid = nil, password = nil, opts = {})
|
4
|
+
unless uid.include?(',') || uid.include?('\\') || opts[:search] == false
|
5
|
+
service_bind
|
6
|
+
user = @member_service.find_user(uid)
|
7
|
+
uid = user.first.dn if user && user.first
|
8
|
+
end
|
11
9
|
@ldap.auth(uid, password)
|
12
10
|
@ldap.bind
|
13
11
|
end
|
14
12
|
|
15
|
-
# returns the list of groups to which a user belongs
|
16
|
-
# this query is simpler in active directory
|
17
|
-
def groups_for_uid(uid)
|
18
|
-
service_bind
|
19
|
-
super
|
20
|
-
end
|
21
|
-
|
22
13
|
# active directory stores group membership on a users model
|
23
14
|
# TODO: query by group individually not like this
|
24
15
|
def is_in_groups(uid, gids = [], all = false)
|
@@ -33,31 +24,19 @@ class LdapFluff::ActiveDirectory < LdapFluff::Generic
|
|
33
24
|
end
|
34
25
|
end
|
35
26
|
|
36
|
-
def user_exists?(uid)
|
37
|
-
service_bind
|
38
|
-
super
|
39
|
-
end
|
40
|
-
|
41
|
-
def group_exists?(gid)
|
42
|
-
service_bind
|
43
|
-
super
|
44
|
-
end
|
45
|
-
|
46
27
|
private
|
47
28
|
|
48
29
|
def users_from_search_results(search, method)
|
49
30
|
users = []
|
50
31
|
|
51
32
|
search.send(method).each do |member|
|
52
|
-
|
53
|
-
entry = @member_service.find_user(cn).first
|
54
|
-
|
33
|
+
entry = @member_service.find_by_dn(member).first
|
55
34
|
objectclasses = entry.objectclass.map(&:downcase)
|
56
35
|
|
57
36
|
if (%w(organizationalperson person) & objectclasses).present?
|
58
|
-
users << @member_service.
|
37
|
+
users << @member_service.get_login_from_entry(entry)
|
59
38
|
elsif (%w(organizationalunit group) & objectclasses).present?
|
60
|
-
users << users_for_gid(cn)
|
39
|
+
users << users_for_gid(entry.cn.first)
|
61
40
|
end
|
62
41
|
end
|
63
42
|
|
data/lib/ldap_fluff/config.rb
CHANGED
@@ -49,7 +49,7 @@ class LdapFluff::Config
|
|
49
49
|
end
|
50
50
|
|
51
51
|
%w[service_user service_pass].all? do |key|
|
52
|
-
if !config['anon_queries'] && config[
|
52
|
+
if !config['anon_queries'] && config[key].nil?
|
53
53
|
raise ConfigError, "config key #{key} has to be set, it was nil"
|
54
54
|
end
|
55
55
|
end
|
data/lib/ldap_fluff/freeipa.rb
CHANGED
@@ -1,22 +1,20 @@
|
|
1
1
|
class LdapFluff::FreeIPA < LdapFluff::Generic
|
2
2
|
|
3
|
-
def
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
@ldap.auth("uid=#{uid},cn=users,cn=accounts,#{@base}", password)
|
3
|
+
def bind?(uid = nil, password = nil, opts = {})
|
4
|
+
unless uid.include?(',')
|
5
|
+
unless opts[:search] == false
|
6
|
+
service_bind
|
7
|
+
user = @member_service.find_user(uid)
|
8
|
+
end
|
9
|
+
uid = user && user.first ? user.first.dn : "uid=#{uid},cn=users,cn=accounts,#{@base}"
|
10
|
+
end
|
11
|
+
@ldap.auth(uid, password)
|
13
12
|
@ldap.bind
|
14
13
|
end
|
15
14
|
|
16
15
|
def groups_for_uid(uid)
|
17
16
|
begin
|
18
|
-
|
19
|
-
super
|
17
|
+
super
|
20
18
|
rescue MemberService::InsufficientQueryPrivilegesException
|
21
19
|
raise UnauthenticatedException, "Insufficient Privileges to query groups data"
|
22
20
|
end
|
@@ -39,16 +37,6 @@ class LdapFluff::FreeIPA < LdapFluff::Generic
|
|
39
37
|
end
|
40
38
|
end
|
41
39
|
|
42
|
-
def user_exists?(uid)
|
43
|
-
service_bind
|
44
|
-
super
|
45
|
-
end
|
46
|
-
|
47
|
-
def group_exists?(gid)
|
48
|
-
service_bind
|
49
|
-
super
|
50
|
-
end
|
51
|
-
|
52
40
|
private
|
53
41
|
|
54
42
|
def users_from_search_results(search, method)
|
data/lib/ldap_fluff/generic.rb
CHANGED
@@ -6,12 +6,17 @@ class LdapFluff::Generic
|
|
6
6
|
:base => config.base_dn,
|
7
7
|
:port => config.port,
|
8
8
|
:encryption => config.encryption)
|
9
|
+
@bind_user = config.service_user
|
10
|
+
@bind_pass = config.service_pass
|
11
|
+
@anon = config.anon_queries
|
9
12
|
@attr_login = config.attr_login
|
13
|
+
@base = config.base_dn
|
10
14
|
@group_base = (config.group_base.empty? ? config.base_dn : config.group_base)
|
11
15
|
@member_service = self.class::MemberService.new(@ldap, config)
|
12
16
|
end
|
13
17
|
|
14
18
|
def user_exists?(uid)
|
19
|
+
service_bind
|
15
20
|
@member_service.find_user(uid)
|
16
21
|
true
|
17
22
|
rescue self.class::MemberService::UIDNotFoundException
|
@@ -19,6 +24,7 @@ class LdapFluff::Generic
|
|
19
24
|
end
|
20
25
|
|
21
26
|
def group_exists?(gid)
|
27
|
+
service_bind
|
22
28
|
@member_service.find_group(gid)
|
23
29
|
true
|
24
30
|
rescue self.class::MemberService::GIDNotFoundException
|
@@ -26,6 +32,7 @@ class LdapFluff::Generic
|
|
26
32
|
end
|
27
33
|
|
28
34
|
def groups_for_uid(uid)
|
35
|
+
service_bind
|
29
36
|
@member_service.find_user_groups(uid)
|
30
37
|
rescue self.class::MemberService::UIDNotFoundException
|
31
38
|
return []
|
@@ -35,8 +42,8 @@ class LdapFluff::Generic
|
|
35
42
|
return [] unless group_exists?(gid)
|
36
43
|
search = @member_service.find_group(gid).last
|
37
44
|
|
38
|
-
method = [:member, :ismemberof,
|
39
|
-
:
|
45
|
+
method = [:member, :ismemberof, :memberof,
|
46
|
+
:memberuid, :uniquemember].find { |m| search.respond_to? m } or
|
40
47
|
raise 'Group does not have any members'
|
41
48
|
|
42
49
|
users_from_search_results(search, method)
|
@@ -48,7 +55,7 @@ class LdapFluff::Generic
|
|
48
55
|
end
|
49
56
|
|
50
57
|
def service_bind
|
51
|
-
unless @anon || bind?(@bind_user, @bind_pass)
|
58
|
+
unless @anon || bind?(@bind_user, @bind_pass, :search => false)
|
52
59
|
raise UnauthenticatedException,
|
53
60
|
"Could not bind to #{class_name} user #{@bind_user}"
|
54
61
|
end
|
@@ -6,6 +6,7 @@ class LdapFluff::GenericMemberService
|
|
6
6
|
|
7
7
|
def initialize(ldap, config)
|
8
8
|
@ldap = ldap
|
9
|
+
@base = config.base_dn
|
9
10
|
@group_base = (config.group_base.empty? ? config.base_dn : config.group_base)
|
10
11
|
begin
|
11
12
|
@search_filter = Net::LDAP::Filter.construct(config.search_filter) unless (config.search_filter.nil? || config.search_filter.empty?)
|
@@ -20,14 +21,22 @@ class LdapFluff::GenericMemberService
|
|
20
21
|
user
|
21
22
|
end
|
22
23
|
|
24
|
+
def find_by_dn(dn)
|
25
|
+
entry, base = dn.split(',', 2)
|
26
|
+
entry_attr, entry_value = entry.split('=', 2)
|
27
|
+
user = @ldap.search(:filter => name_filter(entry_value, entry_attr), :base => base)
|
28
|
+
raise self.class::UIDNotFoundException if (user.nil? || user.empty?)
|
29
|
+
user
|
30
|
+
end
|
31
|
+
|
23
32
|
def find_group(gid)
|
24
33
|
group = @ldap.search(:filter => group_filter(gid), :base => @group_base)
|
25
34
|
raise self.class::GIDNotFoundException if (group.nil? || group.empty?)
|
26
35
|
group
|
27
36
|
end
|
28
37
|
|
29
|
-
def name_filter(uid)
|
30
|
-
filter = Net::LDAP::Filter.eq(
|
38
|
+
def name_filter(uid, attr = @attr_login)
|
39
|
+
filter = Net::LDAP::Filter.eq(attr, uid)
|
31
40
|
|
32
41
|
if @search_filter.nil?
|
33
42
|
filter
|
@@ -59,4 +68,11 @@ class LdapFluff::GenericMemberService
|
|
59
68
|
end.compact.flatten
|
60
69
|
end
|
61
70
|
|
71
|
+
def get_login_from_entry(entry)
|
72
|
+
[@attr_login, 'uid', 'cn'].each do |attribute|
|
73
|
+
return entry.send(attribute) if entry.respond_to? attribute
|
74
|
+
end
|
75
|
+
nil
|
76
|
+
end
|
77
|
+
|
62
78
|
end
|
data/lib/ldap_fluff/posix.rb
CHANGED
@@ -1,12 +1,13 @@
|
|
1
1
|
class LdapFluff::Posix < LdapFluff::Generic
|
2
2
|
|
3
|
-
def
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
@ldap.
|
3
|
+
def bind?(uid = nil, password = nil, opts = {})
|
4
|
+
unless uid.include?(',') || opts[:search] == false
|
5
|
+
service_bind
|
6
|
+
user = @member_service.find_user(uid)
|
7
|
+
uid = user.first.dn if user && user.first
|
8
|
+
end
|
9
|
+
@ldap.auth(uid, password)
|
10
|
+
@ldap.bind
|
10
11
|
end
|
11
12
|
|
12
13
|
# returns whether a user is a member of ALL or ANY particular groups
|
@@ -17,6 +18,7 @@ class LdapFluff::Posix < LdapFluff::Generic
|
|
17
18
|
# returns true if owner is in ALL of the groups if all=true, otherwise
|
18
19
|
# returns true if owner is in ANY of the groups
|
19
20
|
def is_in_groups(uid, gids = [], all = true)
|
21
|
+
service_bind
|
20
22
|
(gids.empty? || @member_service.times_in_groups(uid, gids, all) > 0)
|
21
23
|
end
|
22
24
|
|
@@ -29,7 +31,8 @@ class LdapFluff::Posix < LdapFluff::Generic
|
|
29
31
|
|
30
32
|
groups = @ldap.search(:base => search.dn,
|
31
33
|
:filter => Net::LDAP::Filter.eq('objectClass','posixGroup') |
|
32
|
-
Net::LDAP::Filter.eq('objectClass', 'organizationalunit')
|
34
|
+
Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
|
35
|
+
Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames'))
|
33
36
|
|
34
37
|
members = groups.map { |group| group.send(method) }.flatten.uniq
|
35
38
|
|
@@ -9,7 +9,7 @@ class LdapFluff::Posix::MemberService < LdapFluff::GenericMemberService
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def find_user(uid)
|
12
|
-
user = @ldap.search(:filter => name_filter(uid), :base => @
|
12
|
+
user = @ldap.search(:filter => name_filter(uid), :base => @base)
|
13
13
|
raise UIDNotFoundException if (user.nil? || user.empty?)
|
14
14
|
user
|
15
15
|
end
|
@@ -117,4 +117,31 @@ class TestADMemberService < MiniTest::Test
|
|
117
117
|
end
|
118
118
|
end
|
119
119
|
|
120
|
+
def test_find_by_dn
|
121
|
+
@ldap.expect(:search, [:result], [:filter => Net::LDAP::Filter.eq('cn', 'Foo Bar'), :base => 'dc=example,dc=com'])
|
122
|
+
@adms.ldap = @ldap
|
123
|
+
assert_equal([:result], @adms.find_by_dn('cn=Foo Bar,dc=example,dc=com'))
|
124
|
+
@ldap.verify
|
125
|
+
end
|
126
|
+
|
127
|
+
def test_find_by_dn_missing_entry
|
128
|
+
@ldap.expect(:search, nil, [:filter => Net::LDAP::Filter.eq('cn', 'Foo Bar'), :base => 'dc=example,dc=com'])
|
129
|
+
@adms.ldap = @ldap
|
130
|
+
assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do
|
131
|
+
@adms.find_by_dn('cn=Foo Bar,dc=example,dc=com')
|
132
|
+
end
|
133
|
+
@ldap.verify
|
134
|
+
end
|
135
|
+
|
136
|
+
def test_get_login_from_entry
|
137
|
+
entry = Net::LDAP::Entry.new('Example User')
|
138
|
+
entry['sAMAccountName'] = 'example'
|
139
|
+
assert_equal(['example'], @adms.get_login_from_entry(entry))
|
140
|
+
end
|
141
|
+
|
142
|
+
def test_get_login_from_entry_missing_attr
|
143
|
+
entry = Net::LDAP::Entry.new('Example User')
|
144
|
+
assert_nil(@adms.get_login_from_entry(entry))
|
145
|
+
end
|
146
|
+
|
120
147
|
end
|
data/test/ad_test.rb
CHANGED
@@ -15,16 +15,42 @@ class TestAD < MiniTest::Test
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def test_good_bind
|
18
|
+
# no expectation on the service account
|
19
|
+
@ldap.expect(:auth, nil, ['EXAMPLE\\internet', "password"])
|
20
|
+
@ldap.expect(:bind, true)
|
21
|
+
@ad.ldap = @ldap
|
22
|
+
assert_equal(@ad.bind?('EXAMPLE\\internet', 'password'), true)
|
23
|
+
@ldap.verify
|
24
|
+
end
|
25
|
+
|
26
|
+
def test_good_bind_with_dn
|
27
|
+
# no expectation on the service account
|
28
|
+
@ldap.expect(:auth, nil, [ad_user_bind('Internet User'), "password"])
|
29
|
+
@ldap.expect(:bind, true)
|
30
|
+
@ad.ldap = @ldap
|
31
|
+
assert_equal(@ad.bind?(ad_user_bind('Internet User'), 'password'), true)
|
32
|
+
@ldap.verify
|
33
|
+
end
|
34
|
+
|
35
|
+
def test_good_bind_with_account_name
|
36
|
+
# looks up the account name's full DN via the service account
|
37
|
+
@md = MiniTest::Mock.new
|
38
|
+
user_result = MiniTest::Mock.new
|
39
|
+
user_result.expect(:dn, ad_user_bind('Internet User'))
|
40
|
+
@md.expect(:find_user, [user_result], %w(internet))
|
41
|
+
@ad.member_service = @md
|
18
42
|
service_bind
|
19
|
-
|
43
|
+
@ldap.expect(:auth, nil, [ad_user_bind('Internet User'), "password"])
|
44
|
+
@ldap.expect(:bind, true)
|
45
|
+
assert_equal(@ad.bind?('internet', 'password'), true)
|
20
46
|
@ldap.verify
|
21
47
|
end
|
22
48
|
|
23
49
|
def test_bad_bind
|
24
|
-
@ldap.expect(:auth, nil, %w(internet password))
|
50
|
+
@ldap.expect(:auth, nil, %w(EXAMPLE\\internet password))
|
25
51
|
@ldap.expect(:bind, false)
|
26
52
|
@ad.ldap = @ldap
|
27
|
-
assert_equal(@ad.bind?("internet", "password"), false)
|
53
|
+
assert_equal(@ad.bind?("EXAMPLE\\internet", "password"), false)
|
28
54
|
@ldap.verify
|
29
55
|
end
|
30
56
|
|
@@ -128,7 +154,8 @@ class TestAD < MiniTest::Test
|
|
128
154
|
nested_user = Net::LDAP::Entry.new('testuser')
|
129
155
|
|
130
156
|
group[:member] = ['CN=katellers,DC=corp,DC=windows,DC=com']
|
131
|
-
nested_group[:
|
157
|
+
nested_group[:cn] = ['katellers']
|
158
|
+
nested_group[:member] = ['CN=Test User,CN=Users,DC=corp,DC=windows,DC=com']
|
132
159
|
nested_group[:objectclass] = ['organizationalunit']
|
133
160
|
nested_user[:objectclass] = ['person']
|
134
161
|
|
@@ -137,11 +164,12 @@ class TestAD < MiniTest::Test
|
|
137
164
|
2.times { md.expect(:find_group, [nested_group], ['katellers']) }
|
138
165
|
2.times { service_bind }
|
139
166
|
|
140
|
-
md.expect(:
|
141
|
-
md.expect(:
|
142
|
-
md.expect(:
|
167
|
+
md.expect(:find_by_dn, [nested_group], ['CN=katellers,DC=corp,DC=windows,DC=com'])
|
168
|
+
md.expect(:find_by_dn, [nested_user], ['CN=Test User,CN=Users,DC=corp,DC=windows,DC=com'])
|
169
|
+
md.expect(:get_login_from_entry, 'testuser', [nested_user])
|
143
170
|
@ad.member_service = md
|
144
171
|
assert_equal @ad.users_for_gid('foremaners'), ['testuser']
|
172
|
+
md.verify
|
145
173
|
end
|
146
174
|
|
147
175
|
end
|
data/test/ipa_test.rb
CHANGED
@@ -15,8 +15,25 @@ class TestIPA < MiniTest::Test
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def test_good_bind
|
18
|
+
# looks up the uid's full DN via the service account
|
19
|
+
@md = MiniTest::Mock.new
|
20
|
+
user_result = MiniTest::Mock.new
|
21
|
+
user_result.expect(:dn, ipa_user_bind('internet'))
|
22
|
+
@md.expect(:find_user, [user_result], %w(internet))
|
23
|
+
@ipa.member_service = @md
|
18
24
|
service_bind
|
19
|
-
|
25
|
+
@ldap.expect(:auth, nil, [ipa_user_bind('internet'), "password"])
|
26
|
+
@ldap.expect(:bind, true)
|
27
|
+
assert_equal(@ipa.bind?('internet', 'password'), true)
|
28
|
+
@ldap.verify
|
29
|
+
end
|
30
|
+
|
31
|
+
def test_good_bind_with_dn
|
32
|
+
# no expectation on the service account
|
33
|
+
@ldap.expect(:auth, nil, [ipa_user_bind('internet'), "password"])
|
34
|
+
@ldap.expect(:bind, true)
|
35
|
+
@ipa.ldap = @ldap
|
36
|
+
assert_equal(@ipa.bind?(ipa_user_bind('internet'), 'password'), true)
|
20
37
|
@ldap.verify
|
21
38
|
end
|
22
39
|
|
@@ -24,7 +41,7 @@ class TestIPA < MiniTest::Test
|
|
24
41
|
@ldap.expect(:auth, nil, [ipa_user_bind('internet'), "password"])
|
25
42
|
@ldap.expect(:bind, false)
|
26
43
|
@ipa.ldap = @ldap
|
27
|
-
assert_equal(@ipa.bind?("internet", "password"), false)
|
44
|
+
assert_equal(@ipa.bind?(ipa_user_bind("internet"), "password"), false)
|
28
45
|
@ldap.verify
|
29
46
|
end
|
30
47
|
|
@@ -11,7 +11,7 @@ class TestPosixMemberService < MiniTest::Test
|
|
11
11
|
def test_find_user
|
12
12
|
user = posix_user_payload
|
13
13
|
@ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
|
14
|
-
:base => config.
|
14
|
+
:base => config.base_dn])
|
15
15
|
@ms.ldap = @ldap
|
16
16
|
assert_equal posix_user_payload, @ms.find_user('john')
|
17
17
|
@ldap.verify
|
@@ -28,7 +28,7 @@ class TestPosixMemberService < MiniTest::Test
|
|
28
28
|
def test_user_exists
|
29
29
|
user = posix_user_payload
|
30
30
|
@ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
|
31
|
-
:base => config.
|
31
|
+
:base => config.base_dn])
|
32
32
|
@ms.ldap = @ldap
|
33
33
|
assert @ms.find_user('john')
|
34
34
|
@ldap.verify
|
@@ -36,7 +36,7 @@ class TestPosixMemberService < MiniTest::Test
|
|
36
36
|
|
37
37
|
def test_user_doesnt_exists
|
38
38
|
@ldap.expect(:search, nil, [:filter => @ms.name_filter('john'),
|
39
|
-
:base => config.
|
39
|
+
:base => config.base_dn])
|
40
40
|
@ms.ldap = @ldap
|
41
41
|
assert_raises(LdapFluff::Posix::MemberService::UIDNotFoundException) { @ms.find_user('john') }
|
42
42
|
@ldap.verify
|
data/test/posix_test.rb
CHANGED
@@ -8,7 +8,13 @@ class TestPosix < MiniTest::Test
|
|
8
8
|
@posix = LdapFluff::Posix.new(@config)
|
9
9
|
end
|
10
10
|
|
11
|
+
def service_bind
|
12
|
+
@ldap.expect(:auth, nil, %w[service pass])
|
13
|
+
super
|
14
|
+
end
|
15
|
+
|
11
16
|
def test_groups
|
17
|
+
service_bind
|
12
18
|
basic_user
|
13
19
|
assert_equal(@posix.groups_for_uid("john"), %w(bros))
|
14
20
|
end
|
@@ -21,6 +27,7 @@ class TestPosix < MiniTest::Test
|
|
21
27
|
end
|
22
28
|
|
23
29
|
def test_isnt_in_groups
|
30
|
+
service_bind
|
24
31
|
basic_user
|
25
32
|
md = MiniTest::Mock.new
|
26
33
|
md.expect(:times_in_groups, 0, ['john', %w(bros), true])
|
@@ -29,6 +36,7 @@ class TestPosix < MiniTest::Test
|
|
29
36
|
end
|
30
37
|
|
31
38
|
def test_is_in_groups
|
39
|
+
service_bind
|
32
40
|
basic_user
|
33
41
|
md = MiniTest::Mock.new
|
34
42
|
md.expect(:times_in_groups, 1, ['john', %w(bros), true])
|
@@ -37,23 +45,42 @@ class TestPosix < MiniTest::Test
|
|
37
45
|
end
|
38
46
|
|
39
47
|
def test_is_in_no_groups
|
48
|
+
service_bind
|
40
49
|
basic_user
|
41
50
|
assert_equal(@posix.is_in_groups('john', [], true), true)
|
42
51
|
end
|
43
52
|
|
44
53
|
def test_good_bind
|
45
|
-
|
54
|
+
# looks up the uid's full DN via the service account
|
55
|
+
@md = MiniTest::Mock.new
|
56
|
+
user_result = MiniTest::Mock.new
|
57
|
+
user_result.expect(:dn, 'uid=internet,dn=example')
|
58
|
+
@md.expect(:find_user, [user_result], %w(internet))
|
59
|
+
@posix.member_service = @md
|
60
|
+
service_bind
|
61
|
+
@ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
|
62
|
+
@ldap.expect(:bind, true)
|
46
63
|
@posix.ldap = @ldap
|
47
64
|
assert_equal(@posix.bind?("internet", "password"), true)
|
48
65
|
end
|
49
66
|
|
67
|
+
def test_good_bind_with_dn
|
68
|
+
# no expectation on the service account
|
69
|
+
@ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
|
70
|
+
@ldap.expect(:bind, true)
|
71
|
+
@posix.ldap = @ldap
|
72
|
+
assert_equal(@posix.bind?("uid=internet,dn=example", "password"), true)
|
73
|
+
end
|
74
|
+
|
50
75
|
def test_bad_bind
|
51
|
-
@ldap.expect(:
|
76
|
+
@ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
|
77
|
+
@ldap.expect(:bind, false)
|
52
78
|
@posix.ldap = @ldap
|
53
|
-
assert_equal(@posix.bind?("internet", "password"), false)
|
79
|
+
assert_equal(@posix.bind?("uid=internet,dn=example", "password"), false)
|
54
80
|
end
|
55
81
|
|
56
82
|
def test_user_exists
|
83
|
+
service_bind
|
57
84
|
md = MiniTest::Mock.new
|
58
85
|
md.expect(:find_user, 'notnilluser', %w(john))
|
59
86
|
@posix.member_service = md
|
@@ -61,6 +88,7 @@ class TestPosix < MiniTest::Test
|
|
61
88
|
end
|
62
89
|
|
63
90
|
def test_missing_user
|
91
|
+
service_bind
|
64
92
|
md = MiniTest::Mock.new
|
65
93
|
md.expect(:find_user, nil, %w(john))
|
66
94
|
def md.find_user(uid)
|
@@ -71,6 +99,7 @@ class TestPosix < MiniTest::Test
|
|
71
99
|
end
|
72
100
|
|
73
101
|
def test_group_exists
|
102
|
+
service_bind
|
74
103
|
md = MiniTest::Mock.new
|
75
104
|
md.expect(:find_group, 'notnillgroup', %w(broskies))
|
76
105
|
@posix.member_service = md
|
@@ -78,6 +107,7 @@ class TestPosix < MiniTest::Test
|
|
78
107
|
end
|
79
108
|
|
80
109
|
def test_missing_group
|
110
|
+
service_bind
|
81
111
|
md = MiniTest::Mock.new
|
82
112
|
md.expect(:find_group, nil, %w(broskies))
|
83
113
|
def md.find_group(uid)
|
@@ -88,6 +118,7 @@ class TestPosix < MiniTest::Test
|
|
88
118
|
end
|
89
119
|
|
90
120
|
def test_find_users_in_nested_groups
|
121
|
+
service_bind
|
91
122
|
group = Net::LDAP::Entry.new('CN=foremaners,DC=example,DC=com')
|
92
123
|
group[:memberuid] = ['katellers']
|
93
124
|
nested_group = Net::LDAP::Entry.new('CN=katellers,CN=foremaners,DC=example,DC=com')
|
@@ -97,7 +128,8 @@ class TestPosix < MiniTest::Test
|
|
97
128
|
[nested_group],
|
98
129
|
[{ :base => group.dn,
|
99
130
|
:filter => Net::LDAP::Filter.eq('objectClass','posixGroup') |
|
100
|
-
Net::LDAP::Filter.eq('objectClass', 'organizationalunit')
|
131
|
+
Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
|
132
|
+
Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames')}])
|
101
133
|
@posix.ldap = @ldap
|
102
134
|
|
103
135
|
md = MiniTest::Mock.new
|
metadata
CHANGED
@@ -1,87 +1,82 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ldap_fluff
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
-
|
9
|
-
-
|
10
|
-
-
|
11
|
-
-
|
12
|
-
- Chalupa',
|
13
|
-
- "'Adam"
|
14
|
-
- Price'
|
15
|
-
- "'Marek"
|
16
|
-
- Hulan'
|
7
|
+
- Jordan O'Mara
|
8
|
+
- Daniel Lobato
|
9
|
+
- Petr Chalupa
|
10
|
+
- Adam Price
|
11
|
+
- Marek Hulan
|
17
12
|
autorequire:
|
18
13
|
bindir: bin
|
19
14
|
cert_chain: []
|
20
|
-
date: 2014-
|
15
|
+
date: 2014-08-27 00:00:00.000000000 Z
|
21
16
|
dependencies:
|
22
17
|
- !ruby/object:Gem::Dependency
|
23
18
|
name: net-ldap
|
24
19
|
requirement: !ruby/object:Gem::Requirement
|
25
20
|
requirements:
|
26
|
-
- -
|
21
|
+
- - '>='
|
27
22
|
- !ruby/object:Gem::Version
|
28
23
|
version: 0.3.1
|
29
24
|
type: :runtime
|
30
25
|
prerelease: false
|
31
26
|
version_requirements: !ruby/object:Gem::Requirement
|
32
27
|
requirements:
|
33
|
-
- -
|
28
|
+
- - '>='
|
34
29
|
- !ruby/object:Gem::Version
|
35
30
|
version: 0.3.1
|
36
31
|
- !ruby/object:Gem::Dependency
|
37
32
|
name: activesupport
|
38
33
|
requirement: !ruby/object:Gem::Requirement
|
39
34
|
requirements:
|
40
|
-
- -
|
35
|
+
- - '>='
|
41
36
|
- !ruby/object:Gem::Version
|
42
37
|
version: '0'
|
43
38
|
type: :runtime
|
44
39
|
prerelease: false
|
45
40
|
version_requirements: !ruby/object:Gem::Requirement
|
46
41
|
requirements:
|
47
|
-
- -
|
42
|
+
- - '>='
|
48
43
|
- !ruby/object:Gem::Version
|
49
44
|
version: '0'
|
50
45
|
- !ruby/object:Gem::Dependency
|
51
46
|
name: rake
|
52
47
|
requirement: !ruby/object:Gem::Requirement
|
53
48
|
requirements:
|
54
|
-
- -
|
49
|
+
- - '>='
|
55
50
|
- !ruby/object:Gem::Version
|
56
51
|
version: '0'
|
57
52
|
type: :development
|
58
53
|
prerelease: false
|
59
54
|
version_requirements: !ruby/object:Gem::Requirement
|
60
55
|
requirements:
|
61
|
-
- -
|
56
|
+
- - '>='
|
62
57
|
- !ruby/object:Gem::Version
|
63
58
|
version: '0'
|
64
59
|
- !ruby/object:Gem::Dependency
|
65
60
|
name: minitest
|
66
61
|
requirement: !ruby/object:Gem::Requirement
|
67
62
|
requirements:
|
68
|
-
- -
|
63
|
+
- - '>='
|
69
64
|
- !ruby/object:Gem::Version
|
70
65
|
version: '0'
|
71
66
|
type: :development
|
72
67
|
prerelease: false
|
73
68
|
version_requirements: !ruby/object:Gem::Requirement
|
74
69
|
requirements:
|
75
|
-
- -
|
70
|
+
- - '>='
|
76
71
|
- !ruby/object:Gem::Version
|
77
72
|
version: '0'
|
78
|
-
description: Simple library for binding & group querying on top of various
|
73
|
+
description: Simple library for binding & group querying on top of various LDAP implementations
|
79
74
|
email:
|
80
|
-
-
|
81
|
-
-
|
82
|
-
-
|
83
|
-
-
|
84
|
-
-
|
75
|
+
- jomara@redhat.com
|
76
|
+
- elobatocs@gmail.com
|
77
|
+
- pchalupa@redhat.com
|
78
|
+
- komidore64@gmail.com
|
79
|
+
- mhulan@redhat.com
|
85
80
|
executables: []
|
86
81
|
extensions: []
|
87
82
|
extra_rdoc_files: []
|
@@ -107,7 +102,7 @@ files:
|
|
107
102
|
- test/lib/ldap_test_helper.rb
|
108
103
|
- test/posix_member_services_test.rb
|
109
104
|
- test/posix_test.rb
|
110
|
-
homepage: https://github.com/
|
105
|
+
homepage: https://github.com/theforeman/ldap_fluff
|
111
106
|
licenses:
|
112
107
|
- GPLv2
|
113
108
|
metadata: {}
|
@@ -117,12 +112,12 @@ require_paths:
|
|
117
112
|
- lib
|
118
113
|
required_ruby_version: !ruby/object:Gem::Requirement
|
119
114
|
requirements:
|
120
|
-
- -
|
115
|
+
- - '>='
|
121
116
|
- !ruby/object:Gem::Version
|
122
117
|
version: '0'
|
123
118
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
124
119
|
requirements:
|
125
|
-
- -
|
120
|
+
- - '>='
|
126
121
|
- !ruby/object:Gem::Version
|
127
122
|
version: '0'
|
128
123
|
requirements: []
|
@@ -130,15 +125,14 @@ rubyforge_project:
|
|
130
125
|
rubygems_version: 2.2.2
|
131
126
|
signing_key:
|
132
127
|
specification_version: 4
|
133
|
-
summary: LDAP
|
128
|
+
summary: LDAP querying tools for Active Directory, FreeIPA and POSIX-style
|
134
129
|
test_files:
|
135
|
-
- test/
|
130
|
+
- test/ipa_member_services_test.rb
|
136
131
|
- test/posix_member_services_test.rb
|
137
|
-
- test/ad_member_services_test.rb
|
138
|
-
- test/ipa_test.rb
|
139
132
|
- test/ad_test.rb
|
140
|
-
- test/
|
133
|
+
- test/ipa_test.rb
|
141
134
|
- test/ldap_test.rb
|
142
135
|
- test/lib/ldap_test_helper.rb
|
143
|
-
- test/
|
144
|
-
|
136
|
+
- test/posix_test.rb
|
137
|
+
- test/ad_member_services_test.rb
|
138
|
+
- test/config_test.rb
|