ldap_fluff 0.4.6 → 0.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 11ad7cdc6f2febae65680c15ad1649f54f949085
-  data.tar.gz: a34667350a400be3b50742c34b7e4d269a4e4e9c
+  metadata.gz: cb5468e64650eb4e6401f65f96bb3e789a22c357
+  data.tar.gz: db56c2456bbdb72e9314f53a0e536deb18c2b812
 SHA512:
-  metadata.gz: 250bdde42a707b3d253f93430e45d6979326f6ab58e67af99798b4e5a05df67f5bd1a4c1aa8888155480f16890c0ae5d9ecc1ed731cb7e60f0db9460a2f077a1
-  data.tar.gz: 1f605000dd7800eebb73a76c0ceab30cba2f039378a87a17b470c8d92ba246c61ca99928e1308017946c834f3ac19661e874aacb585dd99b0cbd505bdf028eb3
+  metadata.gz: 8133e1177808f3e230be45307582563b78c938159a68ece937c667053cc5fc86f3076da3ad81956ed568dff0ddc3d755afa3f6c9ca26bf40f02855bde8c7c8ce
+  data.tar.gz: cb8ea2d582fc0353fc3336091e10893a0c95766f60f43d71a8ece0591bc72dc72176afb465a5d6480de524ec2212b89bcc927664a541321c10dd9c377be3ce24

data/README.rdoc

@@ -51,7 +51,9 @@ Your global configuration must provide information about your LDAP host to funct
   encryption: # blank, :simple_tls, or :start_tls
   base_dn: # base DN for LDAP auth, eg dc=redhat,dc=com
   group_base: # base DN for your LDAP groups, eg ou=Groups,dc=redhat,dc=com
-  server_type: # type of server. default == posix. :active_directory, :posix, :free_ipa
+  use_netgroups: # false by default, use true if you want to use netgroup triples,
+                 # supported only for server type :free_ipa and :posix
+  server_type: # type of server. default == :posix. :active_directory, :posix, :free_ipa
   ad_domain: # domain for your users if using active directory, eg redhat.com
   service_user: # service account for authenticating LDAP calls. required unless you enable anon
   service_pass: # service password for authenticating LDAP calls. required unless you enable anon
@@ -61,7 +63,7 @@ Your global configuration must provide information about your LDAP host to funct
 You can pass these arguments as a hash to LdapFluff to get a valid LdapFluff object.
 
   ldap_config = { :host => "freeipa.localdomain", :port => 389, :encryption => nil, :base_dn => "DC=mydomain,DC=com",
-                  :group_base => "DC=groups,DC=mydomain,DC=com", :attr_login => "uid", :server_type => :freeipa,
+                  :group_base => "DC=groups,DC=mydomain,DC=com", :attr_login => "uid", :server_type => :free_ipa,
                   :service_user => "admin", :search_filter => "(objectClass=*)", :service_pass => "mypass",
                   :anon_queries => false }
 

data/lib/ldap_fluff.rb

@@ -7,5 +7,7 @@ require 'ldap_fluff/active_directory'
 require 'ldap_fluff/ad_member_service'
 require 'ldap_fluff/posix'
 require 'ldap_fluff/posix_member_service'
+require 'ldap_fluff/posix_netgroup_member_service'
 require 'ldap_fluff/freeipa'
 require 'ldap_fluff/freeipa_member_service'
+require 'ldap_fluff/freeipa_netgroup_member_service'

data/lib/ldap_fluff/config.rb

@@ -4,7 +4,7 @@ require 'active_support/core_ext/hash'
 class LdapFluff::Config
   ATTRIBUTES = %w[host port encryption base_dn group_base server_type service_user
                     service_pass anon_queries attr_login search_filter
-                    instrumentation_service ]
+                    instrumentation_service use_netgroups]
   ATTRIBUTES.each { |attr| attr_reader attr.to_sym }
 
   DEFAULT_CONFIG = { 'port' => 389,
@@ -13,7 +13,8 @@ class LdapFluff::Config
                      'group_base' => 'dc=company,dc=com',
                      'server_type' => :free_ipa,
                      'anon_queries' => false,
-                     'instrumentation_service' => nil }
+                     'instrumentation_service' => nil,
+                     'use_netgroups' => false }
 
   def initialize(config)
     raise ArgumentError unless config.respond_to?(:to_hash)

data/lib/ldap_fluff/freeipa.rb

@@ -20,35 +20,24 @@ class LdapFluff::FreeIPA < LdapFluff::Generic
     end
   end
 
-  # In freeipa, a simple user query returns a full set
-  # of nested groups! yipee
-  #
-  # gids should be an array of group common names
-  #
-  # returns true if owner is in ALL of the groups if all=true, otherwise
-  # returns true if owner is in ANY of the groups
-  def is_in_groups(uid, gids = [], all = true)
-    service_bind
-    groups = @member_service.find_user_groups(uid)
-    if all
-      return groups & gids == gids
-    else
-      return groups & gids != []
-    end
-  end
-
   private
 
   def users_from_search_results(search, method)
     # Member results come in the form uid=sampleuser,cn=users, etc.. or gid=samplegroup,cn=groups
     users = []
 
-    search.send(method).each do |member|
-      type = member.downcase.split(',')[1]
-      if type == 'cn=users'
-        users << @member_service.get_logins([member])
-      elsif type == 'cn=groups'
-        users << users_for_gid(member.split(',')[0].split('=')[1])
+    members = search.send(method)
+
+    if method == :nisnetgrouptriple
+      users = @member_service.get_netgroup_users(members)
+    else
+      members.each do |member|
+        type = member.downcase.split(',')[1]
+        if type == 'cn=users'
+          users << @member_service.get_logins([member])
+        elsif type == 'cn=groups'
+          users << users_for_gid(member.split(',')[0].split('=')[1])
+        end
       end
     end
 

data/lib/ldap_fluff/freeipa_member_service.rb

@@ -1,6 +1,5 @@
 require 'net/ldap'
 
-# handles the naughty bits of posix ldap
 class LdapFluff::FreeIPA::MemberService < LdapFluff::GenericMemberService
 
   def initialize(ldap, config)
@@ -19,6 +18,19 @@ class LdapFluff::FreeIPA::MemberService < LdapFluff::GenericMemberService
     get_groups(user[0][:memberof])
   end
 
+  # extract the group names from the LDAP style response,
+  # return string will be something like
+  # CN=bros,OU=bropeeps,DC=jomara,DC=redhat,DC=com
+  def get_groups(grouplist)
+    grouplist.map(&:downcase).collect do |g|
+      if g.match(/.*?ipauniqueid=(.*?)/)
+        @ldap.search(:base => g)[0][:cn][0]
+      else
+        g.sub(/.*?cn=(.*?),.*/, '\1')
+      end
+    end.compact
+  end
+
   class UIDNotFoundException < LdapFluff::Error
   end
 

data/lib/ldap_fluff/freeipa_netgroup_member_service.rb

@@ -0,0 +1,14 @@
+require 'net/ldap'
+
+class LdapFluff::FreeIPA::NetgroupMemberService < LdapFluff::FreeIPA::MemberService
+
+  def find_user_groups(uid)
+    groups = []
+    @ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base).each do |entry|
+      members = get_netgroup_users(entry[:nisnetgrouptriple])
+      groups << entry[:cn][0] if members.include? uid
+    end
+    groups
+  end
+end
+

data/lib/ldap_fluff/generic.rb

@@ -13,7 +13,8 @@ class LdapFluff::Generic
     @attr_login = config.attr_login
     @base       = config.base_dn
     @group_base = (config.group_base.empty? ? config.base_dn : config.group_base)
-    @member_service = self.class::MemberService.new(@ldap, config)
+    @use_netgroups = config.use_netgroups
+    @member_service = create_member_service(config)
   end
 
   def user_exists?(uid)
@@ -42,13 +43,29 @@ class LdapFluff::Generic
   def users_for_gid(gid)
     return [] unless group_exists?(gid)
     search = @member_service.find_group(gid).last
-
-    method = [:member, :memberuid, :uniquemember].find { |m| search.respond_to? m } or
-             return []
-
+    method = select_member_method(search)
+    return [] if method.nil?
     users_from_search_results(search, method)
   end
 
+  # returns whether a user is a member of ALL or ANY particular groups
+  # note: this method is much faster than groups_for_uid
+  #
+  # gids should be an array of group common names
+  #
+  # returns true if owner is in ALL of the groups if all=true, otherwise
+  # returns true if owner is in ANY of the groups
+  def is_in_groups(uid, gids = [], all = true)
+    service_bind
+    groups = @member_service.find_user_groups(uid).sort
+    gids = gids.sort
+    if all
+      return groups & gids == gids
+    else
+      return (groups & gids).any?
+    end
+  end
+
   def includes_cn?(cn)
     filter = Net::LDAP::Filter.eq('cn', cn)
     @ldap.search(:base => @ldap.base, :filter => filter).present?
@@ -62,6 +79,22 @@ class LdapFluff::Generic
   end
 
   private
+  def select_member_method(search_result)
+    if @use_netgroups
+      :nisnetgrouptriple
+    else
+      [:member, :memberuid, :uniquemember].find { |m| search_result.respond_to? m }
+    end
+  end
+
+  def create_member_service(config)
+    if @use_netgroups
+      self.class::NetgroupMemberService.new(@ldap, config)
+    else
+      self.class::MemberService.new(@ldap, config)
+    end
+  end
+
   def class_name
     self.class.name.split('::').last
   end
@@ -71,6 +104,8 @@ class LdapFluff::Generic
     if method == :memberuid
       # memberuid contains an array ['user1','user2'], no need to parse it
       members
+    elsif method == :nisnetgrouptriple
+      @member_service.get_netgroup_users(members)
     else
       @member_service.get_logins(members)
     end

data/lib/ldap_fluff/generic_member_service.rb

@@ -8,6 +8,7 @@ class LdapFluff::GenericMemberService
     @ldap       = ldap
     @base       = config.base_dn
     @group_base = (config.group_base.empty? ? config.base_dn : config.group_base)
+    @search_filter = nil
     begin
       @search_filter = Net::LDAP::Filter.construct(config.search_filter) unless (config.search_filter.nil? || config.search_filter.empty?)
     rescue Net::LDAP::LdapError => error
@@ -57,6 +58,11 @@ class LdapFluff::GenericMemberService
     grouplist.map(&:downcase).collect { |g| g.sub(/.*?cn=(.*?),.*/, '\1') }
   end
 
+  def get_netgroup_users(netgroup_triples)
+    return [] if netgroup_triples.nil?
+    netgroup_triples.map { |m| m.split(',')[1] }
+  end
+
   def get_logins(userlist)
     userlist.map(&:downcase!)
     [@attr_login, 'uid', 'cn'].map do |attribute|

data/lib/ldap_fluff/posix.rb

@@ -10,18 +10,6 @@ class LdapFluff::Posix < LdapFluff::Generic
     @ldap.bind
   end
 
-  # returns whether a user is a member of ALL or ANY particular groups
-  # note: this method is much faster than groups_for_uid
-  #
-  # gids should be an array of group common names
-  #
-  # returns true if owner is in ALL of the groups if all=true, otherwise
-  # returns true if owner is in ANY of the groups
-  def is_in_groups(uid, gids = [], all = true)
-    service_bind
-    (gids.empty? || @member_service.times_in_groups(uid, gids, all) > 0)
-  end
-
   private
 
   def users_from_search_results(search, method)
@@ -29,16 +17,21 @@ class LdapFluff::Posix < LdapFluff::Generic
     # we have to look for OUs or posixGroups within the current group scope,
     # i.e: cn=ldapusers,ou=groups,dc=example,dc=com -> cn=myusers,cn=ldapusers,ou=gr...
 
-    groups = @ldap.search(:base   => search.dn,
-                          :filter => Net::LDAP::Filter.eq('objectClass','posixGroup') |
-                                     Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
-                                     Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') |
-                                     Net::LDAP::Filter.eq('objectClass', 'groupOfNames'))
-
+    if @use_netgroups
+      filter = Net::LDAP::Filter.eq('objectClass', 'nisNetgroup')
+    else
+      filter = Net::LDAP::Filter.eq('objectClass','posixGroup') |
+               Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
+               Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') |
+               Net::LDAP::Filter.eq('objectClass', 'groupOfNames')
+    end
+    groups = @ldap.search(:base => search.dn, :filter => filter)
     members = groups.map { |group| group.send(method) }.flatten.uniq
 
     if method == :memberuid
       members
+    elsif method == :nisnetgrouptriple
+      @member_service.get_netgroup_users(members)
     else
       @member_service.get_logins(members)
     end

data/lib/ldap_fluff/posix_member_service.rb

@@ -18,8 +18,7 @@ class LdapFluff::Posix::MemberService < LdapFluff::GenericMemberService
   # note : this method is not particularly fast for large ldap systems
   def find_user_groups(uid)
     groups = []
-    @ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid),
-                 :base => @group_base).each do |entry|
+    @ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid), :base => @group_base).each do |entry|
       groups << entry[:cn][0]
     end
     groups

data/lib/ldap_fluff/posix_netgroup_member_service.rb

@@ -0,0 +1,16 @@
+require 'net/ldap'
+
+# handles the naughty bits of posix ldap
+class LdapFluff::Posix::NetgroupMemberService < LdapFluff::Posix::MemberService
+
+  # return list of group CNs for a user
+  def find_user_groups(uid)
+    groups = []
+    @ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base).each do |entry|
+      members = get_netgroup_users(entry[:nisnetgrouptriple])
+      groups << entry[:cn][0] if members.include? uid
+    end
+    groups
+  end
+
+end

data/test/ipa_netgroup_member_services_test.rb

@@ -0,0 +1,68 @@
+require 'lib/ldap_test_helper'
+
+class TestIPANetgroupMemberService < MiniTest::Test
+  include LdapTestHelper
+
+  def setup
+    netgroups_config
+    super
+    @ipams = LdapFluff::FreeIPA::NetgroupMemberService.new(@ldap, netgroups_config)
+  end
+
+  def basic_user
+    @ldap.expect(:search, ipa_user_payload, [:filter => ipa_name_filter("john")])
+  end
+
+  def basic_group
+    @ldap.expect(:search, ipa_netgroup_payload('broze'), [:filter => ipa_group_filter("broze"), :base => @config.group_base])
+  end
+
+  def test_find_user
+    basic_user
+    @ipams.ldap = @ldap
+    assert_equal ipa_user_payload, @ipams.find_user('john')
+    @ldap.verify
+  end
+
+  def test_find_missing_user
+    @ldap.expect(:search, nil, [:filter => ipa_name_filter("john")])
+    @ipams.ldap = @ldap
+    assert_raises(LdapFluff::FreeIPA::MemberService::UIDNotFoundException) do
+      @ipams.find_user('john')
+    end
+  end
+
+  def test_find_user_groups
+    response = ipa_netgroup_payload('bros', ['(,john,)', '(,joe,)'])
+    @ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
+                                     :base => @config.group_base])
+
+    @ipams.ldap = @ldap
+    assert_equal(['bros'], @ipams.find_user_groups('john'))
+    @ldap.verify
+  end
+
+  def test_find_no_user_groups
+    response = ipa_netgroup_payload('bros', ['(,joe,)'])
+    @ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
+                                     :base => @config.group_base])
+    @ipams.ldap = @ldap
+    assert_equal([], @ipams.find_user_groups('john'))
+    @ldap.verify
+  end
+
+  def test_find_group
+    basic_group
+    @ipams.ldap = @ldap
+    assert_equal(ipa_netgroup_payload('broze'), @ipams.find_group('broze'))
+  end
+
+  def test_find_missing_group
+    @ldap.expect(:search, nil, [:filter => ipa_group_filter("broze"), :base => @config.group_base])
+    @ipams.ldap = @ldap
+    assert_raises(LdapFluff::FreeIPA::MemberService::GIDNotFoundException) do
+      @ipams.find_group('broze')
+    end
+  end
+
+end

data/test/ipa_test.rb

@@ -83,6 +83,12 @@ class TestIPA < MiniTest::Test
     assert_equal(@ipa.is_in_groups("john", %w(bros buds), false), true)
   end
 
+  def test_is_in_all_groupss
+    service_bind
+    bigtime_user
+    assert_equal(true, @ipa.is_in_groups("john", %w(broskies bros), true))
+  end
+
   def test_isnt_in_all_groups
     service_bind
     basic_user

data/test/lib/ldap_test_helper.rb

@@ -29,6 +29,10 @@ module LdapTestHelper
     @config ||= LdapFluff::Config.new config_hash
   end
 
+  def netgroups_config
+    @config ||= LdapFluff::Config.new config_hash.merge(:use_netgroups => true)
+  end
+
   def service_bind
     @ldap.expect(:bind, true)
     get_test_instance_variable.ldap = @ldap
@@ -99,13 +103,17 @@ module LdapTestHelper
   end
 
   def posix_user_payload
-    [{ :cn => ["bros"] }]
+    [{ :cn => ["john"] }]
   end
 
   def posix_group_payload
     [{ :cn => ["broze"] }]
   end
 
+  def posix_netgroup_payload(cn, netgroups=[])
+    [{ :cn => [cn], :nisnetgrouptriple => netgroups }]
+  end
+
   def ipa_user_payload
     @ipa_user_payload_cache ||= begin
       entry_1 = Net::LDAP::Entry.new
@@ -120,6 +128,10 @@ module LdapTestHelper
     [{ :cn => 'group' }, { :memberof => ['cn=group,dc=internet,dc=com', 'cn=bros,dc=internet,dc=com'] }]
   end
 
+  def ipa_netgroup_payload(cn, netgroups=[])
+    [{ :cn => [cn], :nisnetgrouptriple => netgroups }]
+  end
+
   private
 
   def get_test_instance_variable

data/test/posix_member_services_test.rb

@@ -18,11 +18,19 @@ class TestPosixMemberService < MiniTest::Test
   end
 
   def test_find_user_groups
-    user = posix_user_payload
+    user = posix_group_payload
     @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
                                  :base => config.group_base])
     @ms.ldap = @ldap
-    assert_equal ['bros'], @ms.find_user_groups('john')
+    assert_equal ['broze'], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+
+  def test_find_no_groups
+    @ldap.expect(:search, [], [:filter => @ms.name_filter("john"),
+                               :base => config.group_base])
+    @ms.ldap = @ldap
+    assert_equal [], @ms.find_user_groups('john')
     @ldap.verify
   end
 

data/test/posix_netgroup_member_services_test.rb

@@ -0,0 +1,74 @@
+require 'lib/ldap_test_helper'
+
+class TestPosixNetgroupMemberService < MiniTest::Test
+  include LdapTestHelper
+
+  def setup
+    netgroups_config
+    super
+    @ms = LdapFluff::Posix::NetgroupMemberService.new(@ldap, netgroups_config)
+  end
+
+  def test_find_user
+    user = posix_user_payload
+    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+                                 :base   => config.base_dn])
+    @ms.ldap = @ldap
+    assert_equal posix_user_payload, @ms.find_user('john')
+    @ldap.verify
+  end
+
+  def test_find_user_groups
+    response = posix_netgroup_payload('bros', ['(,john,)', '(,joe,)'])
+    @ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
+                                     :base => config.group_base])
+
+    @ms.ldap = @ldap
+    assert_equal ['bros'], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+
+  def test_find_no_user_groups
+    response = posix_netgroup_payload('bros', ['(,joe,)'])
+    @ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
+                                     :base => config.group_base])
+
+    @ms.ldap = @ldap
+    assert_equal [], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+
+  def test_user_exists
+    user = posix_user_payload
+    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+                                 :base   => config.base_dn])
+    @ms.ldap = @ldap
+    assert @ms.find_user('john')
+    @ldap.verify
+  end
+
+  def test_user_doesnt_exists
+    @ldap.expect(:search, nil, [:filter => @ms.name_filter('john'),
+                                :base   => config.base_dn])
+    @ms.ldap = @ldap
+    assert_raises(LdapFluff::Posix::MemberService::UIDNotFoundException) { @ms.find_user('john') }
+    @ldap.verify
+  end
+
+  def test_group_exists
+    group = posix_netgroup_payload('broze')
+    @ldap.expect(:search, group, [:filter => @ms.group_filter('broze'),
+                                  :base   => config.group_base])
+    @ms.ldap = @ldap
+    assert @ms.find_group('broze')
+    @ldap.verify
+  end
+
+  def test_group_doesnt_exists
+    @ldap.expect(:search, nil, [:filter => @ms.group_filter('broze'),
+                                :base   => config.group_base])
+    @ms.ldap = @ldap
+    assert_raises(LdapFluff::Posix::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
+    @ldap.verify
+  end
+end

data/test/posix_test.rb

@@ -29,18 +29,12 @@ class TestPosix < MiniTest::Test
   def test_isnt_in_groups
     service_bind
     basic_user
-    md = MiniTest::Mock.new
-    md.expect(:times_in_groups, 0, ['john', %w(bros), true])
-    @posix.member_service = md
-    assert_equal(@posix.is_in_groups('john', %w(bros), true), false)
+    assert_equal(@posix.is_in_groups('john', %w(broskies), true), false)
   end
 
   def test_is_in_groups
     service_bind
     basic_user
-    md = MiniTest::Mock.new
-    md.expect(:times_in_groups, 1, ['john', %w(bros), true])
-    @posix.member_service = md
     assert_equal(@posix.is_in_groups('john', %w(bros), true), true)
   end
 
@@ -127,7 +121,7 @@ class TestPosix < MiniTest::Test
     @ldap.expect(:search,
                  [nested_group],
                  [{ :base   => group.dn,
-                    :filter => Net::LDAP::Filter.eq('objectClass','posixGroup') |
+                    :filter => Net::LDAP::Filter.eq('objectClass', 'posixGroup') |
                                Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
                                Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') |
                                Net::LDAP::Filter.eq('objectClass', 'groupOfNames')}])

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ldap_fluff
 version: !ruby/object:Gem::Version
-  version: 0.4.6
+  version: 0.4.7
 platform: ruby
 authors:
 - Jordan O'Mara
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-22 00:00:00.000000000 Z
+date: 2017-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
@@ -94,19 +94,23 @@ files:
 - lib/ldap_fluff/error.rb
 - lib/ldap_fluff/freeipa.rb
 - lib/ldap_fluff/freeipa_member_service.rb
+- lib/ldap_fluff/freeipa_netgroup_member_service.rb
 - lib/ldap_fluff/generic.rb
 - lib/ldap_fluff/generic_member_service.rb
 - lib/ldap_fluff/ldap_fluff.rb
 - lib/ldap_fluff/posix.rb
 - lib/ldap_fluff/posix_member_service.rb
+- lib/ldap_fluff/posix_netgroup_member_service.rb
 - test/ad_member_services_test.rb
 - test/ad_test.rb
 - test/config_test.rb
 - test/ipa_member_services_test.rb
+- test/ipa_netgroup_member_services_test.rb
 - test/ipa_test.rb
 - test/ldap_test.rb
 - test/lib/ldap_test_helper.rb
 - test/posix_member_services_test.rb
+- test/posix_netgroup_member_services_test.rb
 - test/posix_test.rb
 homepage: https://github.com/theforeman/ldap_fluff
 licenses:
@@ -128,17 +132,19 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: LDAP querying tools for Active Directory, FreeIPA and POSIX-style
 test_files:
-- test/ad_member_services_test.rb
-- test/ldap_test.rb
-- test/config_test.rb
-- test/posix_member_services_test.rb
 - test/ipa_member_services_test.rb
+- test/config_test.rb
+- test/posix_netgroup_member_services_test.rb
+- test/ipa_test.rb
 - test/lib/ldap_test_helper.rb
 - test/ad_test.rb
+- test/ipa_netgroup_member_services_test.rb
+- test/ldap_test.rb
+- test/ad_member_services_test.rb
 - test/posix_test.rb
-- test/ipa_test.rb
+- test/posix_member_services_test.rb