ldap_fluff 0.4.3 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.rdoc +4 -2
- data/lib/ldap_fluff.rb +2 -0
- data/lib/ldap_fluff/active_directory.rb +6 -2
- data/lib/ldap_fluff/config.rb +3 -2
- data/lib/ldap_fluff/freeipa.rb +12 -23
- data/lib/ldap_fluff/freeipa_member_service.rb +13 -1
- data/lib/ldap_fluff/freeipa_netgroup_member_service.rb +14 -0
- data/lib/ldap_fluff/generic.rb +40 -5
- data/lib/ldap_fluff/generic_member_service.rb +7 -1
- data/lib/ldap_fluff/posix.rb +11 -18
- data/lib/ldap_fluff/posix_member_service.rb +3 -3
- data/lib/ldap_fluff/posix_netgroup_member_service.rb +16 -0
- data/test/ad_test.rb +13 -0
- data/test/ipa_netgroup_member_services_test.rb +68 -0
- data/test/ipa_test.rb +6 -0
- data/test/lib/ldap_test_helper.rb +13 -1
- data/test/posix_member_services_test.rb +12 -3
- data/test/posix_netgroup_member_services_test.rb +74 -0
- data/test/posix_test.rb +2 -8
- metadata +29 -38
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: ba638e83446c1328ec6d7880ccf1528f1a42db4dab9a8884bbd4c8974512632c
|
|
4
|
+
data.tar.gz: 69c6c3752b330047a953b9e8c4a2c7441f39edb28bccaef32b49fef56b0d21c4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b108ae2845030a2e3ea119716b11e7023cd52f4afad32cc48945c8d455a3cf3608755b82bb583373892a6ba0255b030a3750d9f367840e4912860d93e1f8e900
|
|
7
|
+
data.tar.gz: 315aebba32f13f1f8a62c4f7ce7dd5f49c395fc4950e197029c7818a43eb94fd8ec04c8cb7626c717db4fcb60b1dd61ff8d2d87332140a3c2ecf7a081b7ec682
|
data/README.rdoc
CHANGED
|
@@ -51,7 +51,9 @@ Your global configuration must provide information about your LDAP host to funct
|
|
|
51
51
|
encryption: # blank, :simple_tls, or :start_tls
|
|
52
52
|
base_dn: # base DN for LDAP auth, eg dc=redhat,dc=com
|
|
53
53
|
group_base: # base DN for your LDAP groups, eg ou=Groups,dc=redhat,dc=com
|
|
54
|
-
|
|
54
|
+
use_netgroups: # false by default, use true if you want to use netgroup triples,
|
|
55
|
+
# supported only for server type :free_ipa and :posix
|
|
56
|
+
server_type: # type of server. default == :posix. :active_directory, :posix, :free_ipa
|
|
55
57
|
ad_domain: # domain for your users if using active directory, eg redhat.com
|
|
56
58
|
service_user: # service account for authenticating LDAP calls. required unless you enable anon
|
|
57
59
|
service_pass: # service password for authenticating LDAP calls. required unless you enable anon
|
|
@@ -61,7 +63,7 @@ Your global configuration must provide information about your LDAP host to funct
|
|
|
61
63
|
You can pass these arguments as a hash to LdapFluff to get a valid LdapFluff object.
|
|
62
64
|
|
|
63
65
|
ldap_config = { :host => "freeipa.localdomain", :port => 389, :encryption => nil, :base_dn => "DC=mydomain,DC=com",
|
|
64
|
-
:group_base => "DC=groups,DC=mydomain,DC=com", :attr_login => "uid", :server_type => :
|
|
66
|
+
:group_base => "DC=groups,DC=mydomain,DC=com", :attr_login => "uid", :server_type => :free_ipa,
|
|
65
67
|
:service_user => "admin", :search_filter => "(objectClass=*)", :service_pass => "mypass",
|
|
66
68
|
:anon_queries => false }
|
|
67
69
|
|
data/lib/ldap_fluff.rb
CHANGED
|
@@ -7,5 +7,7 @@ require 'ldap_fluff/active_directory'
|
|
|
7
7
|
require 'ldap_fluff/ad_member_service'
|
|
8
8
|
require 'ldap_fluff/posix'
|
|
9
9
|
require 'ldap_fluff/posix_member_service'
|
|
10
|
+
require 'ldap_fluff/posix_netgroup_member_service'
|
|
10
11
|
require 'ldap_fluff/freeipa'
|
|
11
12
|
require 'ldap_fluff/freeipa_member_service'
|
|
13
|
+
require 'ldap_fluff/freeipa_netgroup_member_service'
|
|
@@ -30,10 +30,14 @@ class LdapFluff::ActiveDirectory < LdapFluff::Generic
|
|
|
30
30
|
users = []
|
|
31
31
|
|
|
32
32
|
search.send(method).each do |member|
|
|
33
|
-
|
|
33
|
+
begin
|
|
34
|
+
entry = @member_service.find_by_dn(member).first
|
|
35
|
+
rescue MemberService::UIDNotFoundException
|
|
36
|
+
next
|
|
37
|
+
end
|
|
34
38
|
objectclasses = entry.objectclass.map(&:downcase)
|
|
35
39
|
|
|
36
|
-
if (%w(organizationalperson person) & objectclasses).present?
|
|
40
|
+
if (%w(organizationalperson person userproxy) & objectclasses).present?
|
|
37
41
|
users << @member_service.get_login_from_entry(entry)
|
|
38
42
|
elsif (%w(organizationalunit group) & objectclasses).present?
|
|
39
43
|
users << users_for_gid(entry.cn.first)
|
data/lib/ldap_fluff/config.rb
CHANGED
|
@@ -4,7 +4,7 @@ require 'active_support/core_ext/hash'
|
|
|
4
4
|
class LdapFluff::Config
|
|
5
5
|
ATTRIBUTES = %w[host port encryption base_dn group_base server_type service_user
|
|
6
6
|
service_pass anon_queries attr_login search_filter
|
|
7
|
-
instrumentation_service ]
|
|
7
|
+
instrumentation_service use_netgroups]
|
|
8
8
|
ATTRIBUTES.each { |attr| attr_reader attr.to_sym }
|
|
9
9
|
|
|
10
10
|
DEFAULT_CONFIG = { 'port' => 389,
|
|
@@ -13,7 +13,8 @@ class LdapFluff::Config
|
|
|
13
13
|
'group_base' => 'dc=company,dc=com',
|
|
14
14
|
'server_type' => :free_ipa,
|
|
15
15
|
'anon_queries' => false,
|
|
16
|
-
'instrumentation_service' => nil
|
|
16
|
+
'instrumentation_service' => nil,
|
|
17
|
+
'use_netgroups' => false }
|
|
17
18
|
|
|
18
19
|
def initialize(config)
|
|
19
20
|
raise ArgumentError unless config.respond_to?(:to_hash)
|
data/lib/ldap_fluff/freeipa.rb
CHANGED
|
@@ -20,35 +20,24 @@ class LdapFluff::FreeIPA < LdapFluff::Generic
|
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
# In freeipa, a simple user query returns a full set
|
|
24
|
-
# of nested groups! yipee
|
|
25
|
-
#
|
|
26
|
-
# gids should be an array of group common names
|
|
27
|
-
#
|
|
28
|
-
# returns true if owner is in ALL of the groups if all=true, otherwise
|
|
29
|
-
# returns true if owner is in ANY of the groups
|
|
30
|
-
def is_in_groups(uid, gids = [], all = true)
|
|
31
|
-
service_bind
|
|
32
|
-
groups = @member_service.find_user_groups(uid)
|
|
33
|
-
if all
|
|
34
|
-
return groups & gids == gids
|
|
35
|
-
else
|
|
36
|
-
return groups & gids != []
|
|
37
|
-
end
|
|
38
|
-
end
|
|
39
|
-
|
|
40
23
|
private
|
|
41
24
|
|
|
42
25
|
def users_from_search_results(search, method)
|
|
43
26
|
# Member results come in the form uid=sampleuser,cn=users, etc.. or gid=samplegroup,cn=groups
|
|
44
27
|
users = []
|
|
45
28
|
|
|
46
|
-
search.send(method)
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
29
|
+
members = search.send(method)
|
|
30
|
+
|
|
31
|
+
if method == :nisnetgrouptriple
|
|
32
|
+
users = @member_service.get_netgroup_users(members)
|
|
33
|
+
else
|
|
34
|
+
members.each do |member|
|
|
35
|
+
type = member.downcase.split(',')[1]
|
|
36
|
+
if type == 'cn=users'
|
|
37
|
+
users << @member_service.get_logins([member])
|
|
38
|
+
elsif type == 'cn=groups'
|
|
39
|
+
users << users_for_gid(member.split(',')[0].split('=')[1])
|
|
40
|
+
end
|
|
52
41
|
end
|
|
53
42
|
end
|
|
54
43
|
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
require 'net/ldap'
|
|
2
2
|
|
|
3
|
-
# handles the naughty bits of posix ldap
|
|
4
3
|
class LdapFluff::FreeIPA::MemberService < LdapFluff::GenericMemberService
|
|
5
4
|
|
|
6
5
|
def initialize(ldap, config)
|
|
@@ -19,6 +18,19 @@ class LdapFluff::FreeIPA::MemberService < LdapFluff::GenericMemberService
|
|
|
19
18
|
get_groups(user[0][:memberof])
|
|
20
19
|
end
|
|
21
20
|
|
|
21
|
+
# extract the group names from the LDAP style response,
|
|
22
|
+
# return string will be something like
|
|
23
|
+
# CN=bros,OU=bropeeps,DC=jomara,DC=redhat,DC=com
|
|
24
|
+
def get_groups(grouplist)
|
|
25
|
+
grouplist.map(&:downcase).collect do |g|
|
|
26
|
+
if g.match(/.*?ipauniqueid=(.*?)/)
|
|
27
|
+
@ldap.search(:base => g)[0][:cn][0]
|
|
28
|
+
else
|
|
29
|
+
g.sub(/.*?cn=(.*?),.*/, '\1')
|
|
30
|
+
end
|
|
31
|
+
end.compact
|
|
32
|
+
end
|
|
33
|
+
|
|
22
34
|
class UIDNotFoundException < LdapFluff::Error
|
|
23
35
|
end
|
|
24
36
|
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
require 'net/ldap'
|
|
2
|
+
|
|
3
|
+
class LdapFluff::FreeIPA::NetgroupMemberService < LdapFluff::FreeIPA::MemberService
|
|
4
|
+
|
|
5
|
+
def find_user_groups(uid)
|
|
6
|
+
groups = []
|
|
7
|
+
@ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base).each do |entry|
|
|
8
|
+
members = get_netgroup_users(entry[:nisnetgrouptriple])
|
|
9
|
+
groups << entry[:cn][0] if members.include? uid
|
|
10
|
+
end
|
|
11
|
+
groups
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
data/lib/ldap_fluff/generic.rb
CHANGED
|
@@ -13,7 +13,8 @@ class LdapFluff::Generic
|
|
|
13
13
|
@attr_login = config.attr_login
|
|
14
14
|
@base = config.base_dn
|
|
15
15
|
@group_base = (config.group_base.empty? ? config.base_dn : config.group_base)
|
|
16
|
-
@
|
|
16
|
+
@use_netgroups = config.use_netgroups
|
|
17
|
+
@member_service = create_member_service(config)
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def user_exists?(uid)
|
|
@@ -42,13 +43,29 @@ class LdapFluff::Generic
|
|
|
42
43
|
def users_for_gid(gid)
|
|
43
44
|
return [] unless group_exists?(gid)
|
|
44
45
|
search = @member_service.find_group(gid).last
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
return []
|
|
48
|
-
|
|
46
|
+
method = select_member_method(search)
|
|
47
|
+
return [] if method.nil?
|
|
49
48
|
users_from_search_results(search, method)
|
|
50
49
|
end
|
|
51
50
|
|
|
51
|
+
# returns whether a user is a member of ALL or ANY particular groups
|
|
52
|
+
# note: this method is much faster than groups_for_uid
|
|
53
|
+
#
|
|
54
|
+
# gids should be an array of group common names
|
|
55
|
+
#
|
|
56
|
+
# returns true if owner is in ALL of the groups if all=true, otherwise
|
|
57
|
+
# returns true if owner is in ANY of the groups
|
|
58
|
+
def is_in_groups(uid, gids = [], all = true)
|
|
59
|
+
service_bind
|
|
60
|
+
groups = @member_service.find_user_groups(uid).sort
|
|
61
|
+
gids = gids.sort
|
|
62
|
+
if all
|
|
63
|
+
return groups & gids == gids
|
|
64
|
+
else
|
|
65
|
+
return (groups & gids).any?
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
52
69
|
def includes_cn?(cn)
|
|
53
70
|
filter = Net::LDAP::Filter.eq('cn', cn)
|
|
54
71
|
@ldap.search(:base => @ldap.base, :filter => filter).present?
|
|
@@ -62,6 +79,22 @@ class LdapFluff::Generic
|
|
|
62
79
|
end
|
|
63
80
|
|
|
64
81
|
private
|
|
82
|
+
def select_member_method(search_result)
|
|
83
|
+
if @use_netgroups
|
|
84
|
+
:nisnetgrouptriple
|
|
85
|
+
else
|
|
86
|
+
[:member, :memberuid, :uniquemember].find { |m| search_result.respond_to? m }
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def create_member_service(config)
|
|
91
|
+
if @use_netgroups
|
|
92
|
+
self.class::NetgroupMemberService.new(@ldap, config)
|
|
93
|
+
else
|
|
94
|
+
self.class::MemberService.new(@ldap, config)
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
|
|
65
98
|
def class_name
|
|
66
99
|
self.class.name.split('::').last
|
|
67
100
|
end
|
|
@@ -71,6 +104,8 @@ class LdapFluff::Generic
|
|
|
71
104
|
if method == :memberuid
|
|
72
105
|
# memberuid contains an array ['user1','user2'], no need to parse it
|
|
73
106
|
members
|
|
107
|
+
elsif method == :nisnetgrouptriple
|
|
108
|
+
@member_service.get_netgroup_users(members)
|
|
74
109
|
else
|
|
75
110
|
@member_service.get_logins(members)
|
|
76
111
|
end
|
|
@@ -8,9 +8,10 @@ class LdapFluff::GenericMemberService
|
|
|
8
8
|
@ldap = ldap
|
|
9
9
|
@base = config.base_dn
|
|
10
10
|
@group_base = (config.group_base.empty? ? config.base_dn : config.group_base)
|
|
11
|
+
@search_filter = nil
|
|
11
12
|
begin
|
|
12
13
|
@search_filter = Net::LDAP::Filter.construct(config.search_filter) unless (config.search_filter.nil? || config.search_filter.empty?)
|
|
13
|
-
rescue Net::LDAP::
|
|
14
|
+
rescue Net::LDAP::Error => error
|
|
14
15
|
puts "Search filter unavailable - #{error}"
|
|
15
16
|
end
|
|
16
17
|
end
|
|
@@ -57,6 +58,11 @@ class LdapFluff::GenericMemberService
|
|
|
57
58
|
grouplist.map(&:downcase).collect { |g| g.sub(/.*?cn=(.*?),.*/, '\1') }
|
|
58
59
|
end
|
|
59
60
|
|
|
61
|
+
def get_netgroup_users(netgroup_triples)
|
|
62
|
+
return [] if netgroup_triples.nil?
|
|
63
|
+
netgroup_triples.map { |m| m.split(',')[1] }
|
|
64
|
+
end
|
|
65
|
+
|
|
60
66
|
def get_logins(userlist)
|
|
61
67
|
userlist.map(&:downcase!)
|
|
62
68
|
[@attr_login, 'uid', 'cn'].map do |attribute|
|
data/lib/ldap_fluff/posix.rb
CHANGED
|
@@ -10,18 +10,6 @@ class LdapFluff::Posix < LdapFluff::Generic
|
|
|
10
10
|
@ldap.bind
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
# returns whether a user is a member of ALL or ANY particular groups
|
|
14
|
-
# note: this method is much faster than groups_for_uid
|
|
15
|
-
#
|
|
16
|
-
# gids should be an array of group common names
|
|
17
|
-
#
|
|
18
|
-
# returns true if owner is in ALL of the groups if all=true, otherwise
|
|
19
|
-
# returns true if owner is in ANY of the groups
|
|
20
|
-
def is_in_groups(uid, gids = [], all = true)
|
|
21
|
-
service_bind
|
|
22
|
-
(gids.empty? || @member_service.times_in_groups(uid, gids, all) > 0)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
13
|
private
|
|
26
14
|
|
|
27
15
|
def users_from_search_results(search, method)
|
|
@@ -29,16 +17,21 @@ class LdapFluff::Posix < LdapFluff::Generic
|
|
|
29
17
|
# we have to look for OUs or posixGroups within the current group scope,
|
|
30
18
|
# i.e: cn=ldapusers,ou=groups,dc=example,dc=com -> cn=myusers,cn=ldapusers,ou=gr...
|
|
31
19
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
20
|
+
if @use_netgroups
|
|
21
|
+
filter = Net::LDAP::Filter.eq('objectClass', 'nisNetgroup')
|
|
22
|
+
else
|
|
23
|
+
filter = Net::LDAP::Filter.eq('objectClass','posixGroup') |
|
|
24
|
+
Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
|
|
25
|
+
Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') |
|
|
26
|
+
Net::LDAP::Filter.eq('objectClass', 'groupOfNames')
|
|
27
|
+
end
|
|
28
|
+
groups = @ldap.search(:base => search.dn, :filter => filter)
|
|
38
29
|
members = groups.map { |group| group.send(method) }.flatten.uniq
|
|
39
30
|
|
|
40
31
|
if method == :memberuid
|
|
41
32
|
members
|
|
33
|
+
elsif method == :nisnetgrouptriple
|
|
34
|
+
@member_service.get_netgroup_users(members)
|
|
42
35
|
else
|
|
43
36
|
@member_service.get_logins(members)
|
|
44
37
|
end
|
|
@@ -8,8 +8,8 @@ class LdapFluff::Posix::MemberService < LdapFluff::GenericMemberService
|
|
|
8
8
|
super
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
def find_user(uid)
|
|
12
|
-
user = @ldap.search(:filter => name_filter(uid), :base =>
|
|
11
|
+
def find_user(uid, base_dn = @base)
|
|
12
|
+
user = @ldap.search(:filter => name_filter(uid), :base => base_dn)
|
|
13
13
|
raise UIDNotFoundException if (user.nil? || user.empty?)
|
|
14
14
|
user
|
|
15
15
|
end
|
|
@@ -18,7 +18,7 @@ class LdapFluff::Posix::MemberService < LdapFluff::GenericMemberService
|
|
|
18
18
|
# note : this method is not particularly fast for large ldap systems
|
|
19
19
|
def find_user_groups(uid)
|
|
20
20
|
groups = []
|
|
21
|
-
@ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid)).each do |entry|
|
|
21
|
+
@ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid), :base => @group_base).each do |entry|
|
|
22
22
|
groups << entry[:cn][0]
|
|
23
23
|
end
|
|
24
24
|
groups
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
require 'net/ldap'
|
|
2
|
+
|
|
3
|
+
# handles the naughty bits of posix ldap
|
|
4
|
+
class LdapFluff::Posix::NetgroupMemberService < LdapFluff::Posix::MemberService
|
|
5
|
+
|
|
6
|
+
# return list of group CNs for a user
|
|
7
|
+
def find_user_groups(uid)
|
|
8
|
+
groups = []
|
|
9
|
+
@ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base).each do |entry|
|
|
10
|
+
members = get_netgroup_users(entry[:nisnetgrouptriple])
|
|
11
|
+
groups << entry[:cn][0] if members.include? uid
|
|
12
|
+
end
|
|
13
|
+
groups
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
data/test/ad_test.rb
CHANGED
|
@@ -110,6 +110,19 @@ class TestAD < MiniTest::Test
|
|
|
110
110
|
assert_equal(@ad.is_in_groups("john", %w(broskies), true), true)
|
|
111
111
|
end
|
|
112
112
|
|
|
113
|
+
def test_subgroups_in_groups_are_ignored
|
|
114
|
+
group = Net::LDAP::Entry.new('foremaners')
|
|
115
|
+
md = MiniTest::Mock.new
|
|
116
|
+
2.times { md.expect(:find_group, [group], ['foremaners']) }
|
|
117
|
+
2.times { service_bind }
|
|
118
|
+
def md.find_by_dn(dn)
|
|
119
|
+
raise LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException
|
|
120
|
+
end
|
|
121
|
+
@ad.member_service = md
|
|
122
|
+
assert_equal @ad.users_for_gid('foremaners'), []
|
|
123
|
+
md.verify
|
|
124
|
+
end
|
|
125
|
+
|
|
113
126
|
def test_user_exists
|
|
114
127
|
md = MiniTest::Mock.new
|
|
115
128
|
md.expect(:find_user, 'notnilluser', %w(john))
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
require 'lib/ldap_test_helper'
|
|
2
|
+
|
|
3
|
+
class TestIPANetgroupMemberService < MiniTest::Test
|
|
4
|
+
include LdapTestHelper
|
|
5
|
+
|
|
6
|
+
def setup
|
|
7
|
+
netgroups_config
|
|
8
|
+
super
|
|
9
|
+
@ipams = LdapFluff::FreeIPA::NetgroupMemberService.new(@ldap, netgroups_config)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def basic_user
|
|
13
|
+
@ldap.expect(:search, ipa_user_payload, [:filter => ipa_name_filter("john")])
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def basic_group
|
|
17
|
+
@ldap.expect(:search, ipa_netgroup_payload('broze'), [:filter => ipa_group_filter("broze"), :base => @config.group_base])
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def test_find_user
|
|
21
|
+
basic_user
|
|
22
|
+
@ipams.ldap = @ldap
|
|
23
|
+
assert_equal ipa_user_payload, @ipams.find_user('john')
|
|
24
|
+
@ldap.verify
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def test_find_missing_user
|
|
28
|
+
@ldap.expect(:search, nil, [:filter => ipa_name_filter("john")])
|
|
29
|
+
@ipams.ldap = @ldap
|
|
30
|
+
assert_raises(LdapFluff::FreeIPA::MemberService::UIDNotFoundException) do
|
|
31
|
+
@ipams.find_user('john')
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def test_find_user_groups
|
|
36
|
+
response = ipa_netgroup_payload('bros', ['(,john,)', '(,joe,)'])
|
|
37
|
+
@ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
|
|
38
|
+
:base => @config.group_base])
|
|
39
|
+
|
|
40
|
+
@ipams.ldap = @ldap
|
|
41
|
+
assert_equal(['bros'], @ipams.find_user_groups('john'))
|
|
42
|
+
@ldap.verify
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def test_find_no_user_groups
|
|
46
|
+
response = ipa_netgroup_payload('bros', ['(,joe,)'])
|
|
47
|
+
@ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
|
|
48
|
+
:base => @config.group_base])
|
|
49
|
+
@ipams.ldap = @ldap
|
|
50
|
+
assert_equal([], @ipams.find_user_groups('john'))
|
|
51
|
+
@ldap.verify
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def test_find_group
|
|
55
|
+
basic_group
|
|
56
|
+
@ipams.ldap = @ldap
|
|
57
|
+
assert_equal(ipa_netgroup_payload('broze'), @ipams.find_group('broze'))
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def test_find_missing_group
|
|
61
|
+
@ldap.expect(:search, nil, [:filter => ipa_group_filter("broze"), :base => @config.group_base])
|
|
62
|
+
@ipams.ldap = @ldap
|
|
63
|
+
assert_raises(LdapFluff::FreeIPA::MemberService::GIDNotFoundException) do
|
|
64
|
+
@ipams.find_group('broze')
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
end
|
data/test/ipa_test.rb
CHANGED
|
@@ -83,6 +83,12 @@ class TestIPA < MiniTest::Test
|
|
|
83
83
|
assert_equal(@ipa.is_in_groups("john", %w(bros buds), false), true)
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
+
def test_is_in_all_groupss
|
|
87
|
+
service_bind
|
|
88
|
+
bigtime_user
|
|
89
|
+
assert_equal(true, @ipa.is_in_groups("john", %w(broskies bros), true))
|
|
90
|
+
end
|
|
91
|
+
|
|
86
92
|
def test_isnt_in_all_groups
|
|
87
93
|
service_bind
|
|
88
94
|
basic_user
|
|
@@ -29,6 +29,10 @@ module LdapTestHelper
|
|
|
29
29
|
@config ||= LdapFluff::Config.new config_hash
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
def netgroups_config
|
|
33
|
+
@config ||= LdapFluff::Config.new config_hash.merge(:use_netgroups => true)
|
|
34
|
+
end
|
|
35
|
+
|
|
32
36
|
def service_bind
|
|
33
37
|
@ldap.expect(:bind, true)
|
|
34
38
|
get_test_instance_variable.ldap = @ldap
|
|
@@ -99,13 +103,17 @@ module LdapTestHelper
|
|
|
99
103
|
end
|
|
100
104
|
|
|
101
105
|
def posix_user_payload
|
|
102
|
-
[{ :cn => ["
|
|
106
|
+
[{ :cn => ["john"] }]
|
|
103
107
|
end
|
|
104
108
|
|
|
105
109
|
def posix_group_payload
|
|
106
110
|
[{ :cn => ["broze"] }]
|
|
107
111
|
end
|
|
108
112
|
|
|
113
|
+
def posix_netgroup_payload(cn, netgroups=[])
|
|
114
|
+
[{ :cn => [cn], :nisnetgrouptriple => netgroups }]
|
|
115
|
+
end
|
|
116
|
+
|
|
109
117
|
def ipa_user_payload
|
|
110
118
|
@ipa_user_payload_cache ||= begin
|
|
111
119
|
entry_1 = Net::LDAP::Entry.new
|
|
@@ -120,6 +128,10 @@ module LdapTestHelper
|
|
|
120
128
|
[{ :cn => 'group' }, { :memberof => ['cn=group,dc=internet,dc=com', 'cn=bros,dc=internet,dc=com'] }]
|
|
121
129
|
end
|
|
122
130
|
|
|
131
|
+
def ipa_netgroup_payload(cn, netgroups=[])
|
|
132
|
+
[{ :cn => [cn], :nisnetgrouptriple => netgroups }]
|
|
133
|
+
end
|
|
134
|
+
|
|
123
135
|
private
|
|
124
136
|
|
|
125
137
|
def get_test_instance_variable
|
|
@@ -18,10 +18,19 @@ class TestPosixMemberService < MiniTest::Test
|
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
def test_find_user_groups
|
|
21
|
-
user =
|
|
22
|
-
@ldap.expect(:search, user, [:filter => @ms.name_filter('john')
|
|
21
|
+
user = posix_group_payload
|
|
22
|
+
@ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
|
|
23
|
+
:base => config.group_base])
|
|
24
|
+
@ms.ldap = @ldap
|
|
25
|
+
assert_equal ['broze'], @ms.find_user_groups('john')
|
|
26
|
+
@ldap.verify
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def test_find_no_groups
|
|
30
|
+
@ldap.expect(:search, [], [:filter => @ms.name_filter("john"),
|
|
31
|
+
:base => config.group_base])
|
|
23
32
|
@ms.ldap = @ldap
|
|
24
|
-
assert_equal [
|
|
33
|
+
assert_equal [], @ms.find_user_groups('john')
|
|
25
34
|
@ldap.verify
|
|
26
35
|
end
|
|
27
36
|
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
require 'lib/ldap_test_helper'
|
|
2
|
+
|
|
3
|
+
class TestPosixNetgroupMemberService < MiniTest::Test
|
|
4
|
+
include LdapTestHelper
|
|
5
|
+
|
|
6
|
+
def setup
|
|
7
|
+
netgroups_config
|
|
8
|
+
super
|
|
9
|
+
@ms = LdapFluff::Posix::NetgroupMemberService.new(@ldap, netgroups_config)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def test_find_user
|
|
13
|
+
user = posix_user_payload
|
|
14
|
+
@ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
|
|
15
|
+
:base => config.base_dn])
|
|
16
|
+
@ms.ldap = @ldap
|
|
17
|
+
assert_equal posix_user_payload, @ms.find_user('john')
|
|
18
|
+
@ldap.verify
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def test_find_user_groups
|
|
22
|
+
response = posix_netgroup_payload('bros', ['(,john,)', '(,joe,)'])
|
|
23
|
+
@ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
|
|
24
|
+
:base => config.group_base])
|
|
25
|
+
|
|
26
|
+
@ms.ldap = @ldap
|
|
27
|
+
assert_equal ['bros'], @ms.find_user_groups('john')
|
|
28
|
+
@ldap.verify
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def test_find_no_user_groups
|
|
32
|
+
response = posix_netgroup_payload('bros', ['(,joe,)'])
|
|
33
|
+
@ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
|
|
34
|
+
:base => config.group_base])
|
|
35
|
+
|
|
36
|
+
@ms.ldap = @ldap
|
|
37
|
+
assert_equal [], @ms.find_user_groups('john')
|
|
38
|
+
@ldap.verify
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def test_user_exists
|
|
42
|
+
user = posix_user_payload
|
|
43
|
+
@ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
|
|
44
|
+
:base => config.base_dn])
|
|
45
|
+
@ms.ldap = @ldap
|
|
46
|
+
assert @ms.find_user('john')
|
|
47
|
+
@ldap.verify
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def test_user_doesnt_exists
|
|
51
|
+
@ldap.expect(:search, nil, [:filter => @ms.name_filter('john'),
|
|
52
|
+
:base => config.base_dn])
|
|
53
|
+
@ms.ldap = @ldap
|
|
54
|
+
assert_raises(LdapFluff::Posix::MemberService::UIDNotFoundException) { @ms.find_user('john') }
|
|
55
|
+
@ldap.verify
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def test_group_exists
|
|
59
|
+
group = posix_netgroup_payload('broze')
|
|
60
|
+
@ldap.expect(:search, group, [:filter => @ms.group_filter('broze'),
|
|
61
|
+
:base => config.group_base])
|
|
62
|
+
@ms.ldap = @ldap
|
|
63
|
+
assert @ms.find_group('broze')
|
|
64
|
+
@ldap.verify
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def test_group_doesnt_exists
|
|
68
|
+
@ldap.expect(:search, nil, [:filter => @ms.group_filter('broze'),
|
|
69
|
+
:base => config.group_base])
|
|
70
|
+
@ms.ldap = @ldap
|
|
71
|
+
assert_raises(LdapFluff::Posix::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
|
|
72
|
+
@ldap.verify
|
|
73
|
+
end
|
|
74
|
+
end
|
data/test/posix_test.rb
CHANGED
|
@@ -29,18 +29,12 @@ class TestPosix < MiniTest::Test
|
|
|
29
29
|
def test_isnt_in_groups
|
|
30
30
|
service_bind
|
|
31
31
|
basic_user
|
|
32
|
-
|
|
33
|
-
md.expect(:times_in_groups, 0, ['john', %w(bros), true])
|
|
34
|
-
@posix.member_service = md
|
|
35
|
-
assert_equal(@posix.is_in_groups('john', %w(bros), true), false)
|
|
32
|
+
assert_equal(@posix.is_in_groups('john', %w(broskies), true), false)
|
|
36
33
|
end
|
|
37
34
|
|
|
38
35
|
def test_is_in_groups
|
|
39
36
|
service_bind
|
|
40
37
|
basic_user
|
|
41
|
-
md = MiniTest::Mock.new
|
|
42
|
-
md.expect(:times_in_groups, 1, ['john', %w(bros), true])
|
|
43
|
-
@posix.member_service = md
|
|
44
38
|
assert_equal(@posix.is_in_groups('john', %w(bros), true), true)
|
|
45
39
|
end
|
|
46
40
|
|
|
@@ -127,7 +121,7 @@ class TestPosix < MiniTest::Test
|
|
|
127
121
|
@ldap.expect(:search,
|
|
128
122
|
[nested_group],
|
|
129
123
|
[{ :base => group.dn,
|
|
130
|
-
:filter => Net::LDAP::Filter.eq('objectClass','posixGroup') |
|
|
124
|
+
:filter => Net::LDAP::Filter.eq('objectClass', 'posixGroup') |
|
|
131
125
|
Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
|
|
132
126
|
Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') |
|
|
133
127
|
Net::LDAP::Filter.eq('objectClass', 'groupOfNames')}])
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ldap_fluff
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jordan O'Mara
|
|
@@ -10,79 +10,65 @@ authors:
|
|
|
10
10
|
- Adam Price
|
|
11
11
|
- Marek Hulan
|
|
12
12
|
- Dominic Cleal
|
|
13
|
-
autorequire:
|
|
13
|
+
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date:
|
|
16
|
+
date: 2020-12-16 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: net-ldap
|
|
20
20
|
requirement: !ruby/object:Gem::Requirement
|
|
21
21
|
requirements:
|
|
22
|
-
- -
|
|
22
|
+
- - ">="
|
|
23
23
|
- !ruby/object:Gem::Version
|
|
24
|
-
version: 0.
|
|
24
|
+
version: '0.11'
|
|
25
25
|
type: :runtime
|
|
26
26
|
prerelease: false
|
|
27
27
|
version_requirements: !ruby/object:Gem::Requirement
|
|
28
28
|
requirements:
|
|
29
|
-
- -
|
|
29
|
+
- - ">="
|
|
30
30
|
- !ruby/object:Gem::Version
|
|
31
|
-
version: 0.
|
|
31
|
+
version: '0.11'
|
|
32
32
|
- !ruby/object:Gem::Dependency
|
|
33
33
|
name: activesupport
|
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
|
35
35
|
requirements:
|
|
36
|
-
- -
|
|
36
|
+
- - ">="
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
38
|
version: '0'
|
|
39
39
|
type: :runtime
|
|
40
40
|
prerelease: false
|
|
41
41
|
version_requirements: !ruby/object:Gem::Requirement
|
|
42
42
|
requirements:
|
|
43
|
-
- -
|
|
43
|
+
- - ">="
|
|
44
44
|
- !ruby/object:Gem::Version
|
|
45
45
|
version: '0'
|
|
46
46
|
- !ruby/object:Gem::Dependency
|
|
47
47
|
name: rake
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
49
|
requirements:
|
|
50
|
-
- -
|
|
50
|
+
- - ">="
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
52
|
version: '0'
|
|
53
53
|
type: :development
|
|
54
54
|
prerelease: false
|
|
55
55
|
version_requirements: !ruby/object:Gem::Requirement
|
|
56
56
|
requirements:
|
|
57
|
-
- -
|
|
57
|
+
- - ">="
|
|
58
58
|
- !ruby/object:Gem::Version
|
|
59
59
|
version: '0'
|
|
60
60
|
- !ruby/object:Gem::Dependency
|
|
61
61
|
name: minitest
|
|
62
62
|
requirement: !ruby/object:Gem::Requirement
|
|
63
63
|
requirements:
|
|
64
|
-
- -
|
|
64
|
+
- - ">="
|
|
65
65
|
- !ruby/object:Gem::Version
|
|
66
66
|
version: '0'
|
|
67
67
|
type: :development
|
|
68
68
|
prerelease: false
|
|
69
69
|
version_requirements: !ruby/object:Gem::Requirement
|
|
70
70
|
requirements:
|
|
71
|
-
- -
|
|
72
|
-
- !ruby/object:Gem::Version
|
|
73
|
-
version: '0'
|
|
74
|
-
- !ruby/object:Gem::Dependency
|
|
75
|
-
name: rubocop
|
|
76
|
-
requirement: !ruby/object:Gem::Requirement
|
|
77
|
-
requirements:
|
|
78
|
-
- - '>='
|
|
79
|
-
- !ruby/object:Gem::Version
|
|
80
|
-
version: '0'
|
|
81
|
-
type: :development
|
|
82
|
-
prerelease: false
|
|
83
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
84
|
-
requirements:
|
|
85
|
-
- - '>='
|
|
71
|
+
- - ">="
|
|
86
72
|
- !ruby/object:Gem::Version
|
|
87
73
|
version: '0'
|
|
88
74
|
description: Simple library for binding & group querying on top of various LDAP implementations
|
|
@@ -108,51 +94,56 @@ files:
|
|
|
108
94
|
- lib/ldap_fluff/error.rb
|
|
109
95
|
- lib/ldap_fluff/freeipa.rb
|
|
110
96
|
- lib/ldap_fluff/freeipa_member_service.rb
|
|
97
|
+
- lib/ldap_fluff/freeipa_netgroup_member_service.rb
|
|
111
98
|
- lib/ldap_fluff/generic.rb
|
|
112
99
|
- lib/ldap_fluff/generic_member_service.rb
|
|
113
100
|
- lib/ldap_fluff/ldap_fluff.rb
|
|
114
101
|
- lib/ldap_fluff/posix.rb
|
|
115
102
|
- lib/ldap_fluff/posix_member_service.rb
|
|
103
|
+
- lib/ldap_fluff/posix_netgroup_member_service.rb
|
|
116
104
|
- test/ad_member_services_test.rb
|
|
117
105
|
- test/ad_test.rb
|
|
118
106
|
- test/config_test.rb
|
|
119
107
|
- test/ipa_member_services_test.rb
|
|
108
|
+
- test/ipa_netgroup_member_services_test.rb
|
|
120
109
|
- test/ipa_test.rb
|
|
121
110
|
- test/ldap_test.rb
|
|
122
111
|
- test/lib/ldap_test_helper.rb
|
|
123
112
|
- test/posix_member_services_test.rb
|
|
113
|
+
- test/posix_netgroup_member_services_test.rb
|
|
124
114
|
- test/posix_test.rb
|
|
125
115
|
homepage: https://github.com/theforeman/ldap_fluff
|
|
126
116
|
licenses:
|
|
127
117
|
- GPLv2
|
|
128
118
|
metadata: {}
|
|
129
|
-
post_install_message:
|
|
119
|
+
post_install_message:
|
|
130
120
|
rdoc_options: []
|
|
131
121
|
require_paths:
|
|
132
122
|
- lib
|
|
133
123
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
134
124
|
requirements:
|
|
135
|
-
- -
|
|
125
|
+
- - ">="
|
|
136
126
|
- !ruby/object:Gem::Version
|
|
137
|
-
version:
|
|
127
|
+
version: 2.4.0
|
|
138
128
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
139
129
|
requirements:
|
|
140
|
-
- -
|
|
130
|
+
- - ">="
|
|
141
131
|
- !ruby/object:Gem::Version
|
|
142
132
|
version: '0'
|
|
143
133
|
requirements: []
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
signing_key:
|
|
134
|
+
rubygems_version: 3.1.2
|
|
135
|
+
signing_key:
|
|
147
136
|
specification_version: 4
|
|
148
137
|
summary: LDAP querying tools for Active Directory, FreeIPA and POSIX-style
|
|
149
138
|
test_files:
|
|
150
|
-
- test/
|
|
151
|
-
- test/posix_member_services_test.rb
|
|
139
|
+
- test/ad_member_services_test.rb
|
|
152
140
|
- test/ad_test.rb
|
|
141
|
+
- test/config_test.rb
|
|
142
|
+
- test/ipa_member_services_test.rb
|
|
143
|
+
- test/ipa_netgroup_member_services_test.rb
|
|
153
144
|
- test/ipa_test.rb
|
|
154
145
|
- test/ldap_test.rb
|
|
155
146
|
- test/lib/ldap_test_helper.rb
|
|
147
|
+
- test/posix_member_services_test.rb
|
|
148
|
+
- test/posix_netgroup_member_services_test.rb
|
|
156
149
|
- test/posix_test.rb
|
|
157
|
-
- test/ad_member_services_test.rb
|
|
158
|
-
- test/config_test.rb
|