RubyGems - ldap_fluff - Versions diffs - 0.6.0 → 0.7.0 - Mend

ldap_fluff 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

checksums.yaml +4 -4
data/lib/ldap_fluff/ad_member_service.rb +2 -2
data/lib/ldap_fluff/config.rb +2 -2
data/lib/ldap_fluff/ldap_fluff.rb +2 -0
data/lib/ldap_fluff/netiq.rb +6 -0
data/lib/ldap_fluff/netiq_member_service.rb +43 -0
data/lib/ldap_fluff/posix_member_service.rb +4 -22
data/lib/ldap_fluff.rb +2 -0
data/test/ad_member_services_test.rb +1 -1
data/test/ad_test.rb +11 -11
data/test/config_test.rb +1 -1
data/test/ipa_member_services_test.rb +1 -1
data/test/ipa_netgroup_member_services_test.rb +1 -1
data/test/ipa_test.rb +9 -9
data/test/ldap_test.rb +1 -1
data/test/lib/ldap_test_helper.rb +18 -3
data/test/netiq_member_services_test.rb +81 -0
data/test/netiq_test.rb +145 -0
data/test/posix_member_services_test.rb +5 -3
data/test/posix_netgroup_member_services_test.rb +1 -1
data/test/posix_test.rb +11 -10
metadata +41 -20

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c3b572c980fa3c48ede92f936858eb045cf54f6b507e6c7767de0751f85d9cc
-  data.tar.gz: 9280821c5a7ecc20c2300421d9a5947820de407da3480143b08c6ec146675dcb
+  metadata.gz: 80bbd37fc8123c1481d81117015acae3ba22aaaf95c6d87ef064c124c7f8f6f0
+  data.tar.gz: '0899615a301cc6569a3e036b136f27c73a68accf270aa4842b2bf17164bcf2ac'
 SHA512:
-  metadata.gz: 4d74d42c9156af61cc485d6e8c1a99d1945aa97157659e627323f60e5b09807ea2c860fd10c62e9ce209d393200a5b57ef20205e8fc66eecf7762af7be56ee22
-  data.tar.gz: 1228b0a8730546ec3e38658bb3a86166bc10cb2af607a8d6e3ee77e3dd8c9ee465c0bbd2383ff1d8f5cdeed3053fd6a649dbdc8b145ccb29e47321ec7ef3e973
+  metadata.gz: c288887b87abb0136d093d61924ddb646234135509cd95bccb4a29c2df149a19855e81eec321cfa3b69a34aeb95934e60c158d088b8a348e7c67d4fb10909334
+  data.tar.gz: 3ba66326d622afcfa64a15adc8ff87398726d38d775ed46c35ebe5e3b4026c3d01731ffcb8768af01ea5cf5ada903a8c5d246816b99fcfc4e7545a29f409fc79

data/lib/ldap_fluff/ad_member_service.rb CHANGED Viewed

@@ -26,7 +26,7 @@ class LdapFluff::ActiveDirectory::MemberService < LdapFluff::GenericMemberServic
   # return the domain functionality level, default to 0
   def _get_domain_func_level
-    return @domain_functionality unless @domain_functionality.nil?
+    return @domain_functionality if defined?(@domain_functionality)
     @domain_functionality = 0
@@ -57,7 +57,7 @@ class LdapFluff::ActiveDirectory::MemberService < LdapFluff::GenericMemberServic
       next unless !search.nil? && !search.first.nil?
       groups = search.first[:memberof] - known_groups
       known_groups                += groups
-      next_level, new_known_groups = _walk_group_ancestry(groups, known_groups)
+      next_level, _new_known_groups = _walk_group_ancestry(groups, known_groups)
       set                         += next_level
       set                         += groups
       known_groups                += next_level

data/lib/ldap_fluff/config.rb CHANGED Viewed

@@ -65,8 +65,8 @@ class LdapFluff::Config
   end
   def correct_server_type?(config)
-    unless %i[posix active_directory free_ipa].include?(config['server_type'])
-      raise ConfigError, 'config key server_type has to be :active_directory, :posix, :free_ipa ' +
+    unless %i[posix active_directory free_ipa netiq].include?(config['server_type'])
+      raise ConfigError, 'config key server_type has to be :active_directory, :posix, :free_ipa, :netiq ' +
                          "but was #{config['server_type']}"
     end
   end

data/lib/ldap_fluff/ldap_fluff.rb CHANGED Viewed

@@ -13,6 +13,8 @@ class LdapFluff
       @ldap = ActiveDirectory.new(config)
     when :free_ipa
       @ldap = FreeIPA.new(config)
+    when :netiq
+      @ldap = NetIQ.new(config)
     else
       raise 'unknown server_type'
     end

data/lib/ldap_fluff/netiq.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class LdapFluff::NetIQ < LdapFluff::Posix
+  def create_member_service(config)
+    service_bind
+    super(config)
+  end
+end

data/lib/ldap_fluff/netiq_member_service.rb ADDED Viewed

@@ -0,0 +1,43 @@
+require 'net/ldap'
+# handles the naughty bits of posix ldap
+class LdapFluff::NetIQ::MemberService < LdapFluff::Posix::MemberService
+  def initialize(ldap, config)
+    super
+    # set default after super, because Posix' initialize would overwrite it otherwise
+    @attr_login = (config.attr_login || 'uid')
+  end
+  def find_by_dn(search_dn)
+    entry, base = search_dn.split(/(?<!\\),/, 2)
+    _entry_attr, entry_value = entry.split('=', 2)
+    entry_value = entry_value.gsub('\,', ',')
+    user = @ldap.search(:filter => name_filter(entry_value, 'workforceid'), :base => base)
+    raise self.class::UIDNotFoundException if (user.nil? || user.empty?)
+    user
+  end
+  def get_logins(userlist)
+    userlist.map do |current_user|
+      find_by_dn(current_user&.downcase)[0][@attr_login][0]
+    end
+  end
+  # return an ldap user with groups attached
+  # note : this method is not particularly fast for large ldap systems
+  def find_user_groups(uid)
+    filter = Net::LDAP::Filter.eq('memberuid', uid)
+    begin
+      user = find_user(uid)[0][:dn][0]
+      filter |= Net::LDAP::Filter.eq('member', user)
+    rescue UIDNotFoundException
+      # do nothing
+    end
+    @ldap.search(
+      :filter => filter,
+      :base => @group_base,
+      :attributes => ['cn']
+    ).map { |entry| entry[:cn][0] }
+  end
+end

data/lib/ldap_fluff/posix_member_service.rb CHANGED Viewed

@@ -17,33 +17,15 @@ class LdapFluff::Posix::MemberService < LdapFluff::GenericMemberService
   # note : this method is not particularly fast for large ldap systems
   def find_user_groups(uid)
     groups = []
-    @ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid), :base => @group_base).each do |entry|
+    @ldap.search(
+      :filter => Net::LDAP::Filter.eq('memberuid', uid),
+      :base => @group_base, :attributes => ["cn"]
+    ).each do |entry|
       groups << entry[:cn][0]
     end
     groups
   end
-  def times_in_groups(uid, gids, all)
-    filters = []
-    gids.each do |cn|
-      filters << group_filter(cn)
-    end
-    group_filters = merge_filters(filters, all)
-    filter        = name_filter(uid) & group_filters
-    @ldap.search(:base => @group_base, :filter => filter).size
-  end
-  # AND or OR all of the filters together
-  def merge_filters(filters = [], all = false)
-    if !filters.nil? && filters.size >= 1
-      filter = filters[0]
-      filters[1..(filters.size - 1)].each do |gfilter|
-        filter = (all ? filter & gfilter : filter | gfilter)
-      end
-      filter
-    end
-  end
   class UIDNotFoundException < LdapFluff::Error
   end

data/lib/ldap_fluff.rb CHANGED Viewed

@@ -11,3 +11,5 @@ require 'ldap_fluff/posix_netgroup_member_service'
 require 'ldap_fluff/freeipa'
 require 'ldap_fluff/freeipa_member_service'
 require 'ldap_fluff/freeipa_netgroup_member_service'
+require 'ldap_fluff/netiq'
+require 'ldap_fluff/netiq_member_service'

data/test/ad_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestADMemberService < MiniTest::Test
+class TestADMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/ad_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestAD < MiniTest::Test
+class TestAD < Minitest::Test
   include LdapTestHelper
   def setup
@@ -34,8 +34,8 @@ class TestAD < MiniTest::Test
   def test_good_bind_with_account_name
     # looks up the account name's full DN via the service account
-    @md = MiniTest::Mock.new
-    user_result = MiniTest::Mock.new
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
     user_result.expect(:dn, ad_user_dn('Internet User'))
     @md.expect(:find_user, [user_result], %w[internet])
     @ad.member_service = @md
@@ -62,7 +62,7 @@ class TestAD < MiniTest::Test
   def test_bad_user
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user_groups, nil, %w[john])
     def md.find_user_groups(*_args)
       raise LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException
@@ -112,7 +112,7 @@ class TestAD < MiniTest::Test
   def test_subgroups_in_groups_are_ignored
     group = Net::LDAP::Entry.new('foremaners')
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { service_bind }
     def md.find_by_dn(_dn)
@@ -124,7 +124,7 @@ class TestAD < MiniTest::Test
   end
   def test_user_exists
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, 'notnilluser', %w[john])
     @ad.member_service = md
     service_bind
@@ -132,7 +132,7 @@ class TestAD < MiniTest::Test
   end
   def test_missing_user
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, nil, %w[john])
     def md.find_user(_uid)
       raise LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException
@@ -143,7 +143,7 @@ class TestAD < MiniTest::Test
   end
   def test_group_exists
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, 'notnillgroup', %w[broskies])
     @ad.member_service = md
     service_bind
@@ -151,7 +151,7 @@ class TestAD < MiniTest::Test
   end
   def test_missing_group
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, nil, %w[broskies])
     def md.find_group(_uid)
       raise LdapFluff::ActiveDirectory::MemberService::GIDNotFoundException
@@ -172,7 +172,7 @@ class TestAD < MiniTest::Test
     nested_group[:objectclass] = ['organizationalunit']
     nested_user[:objectclass]  = ['person']
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { md.expect(:find_group, [nested_group], ['katellers']) }
     2.times { service_bind }
@@ -196,7 +196,7 @@ class TestAD < MiniTest::Test
     nested_group[:memberof] = ['CN=foremaners,DC=corp,DC=windows,DC=com']
     nested_user[:objectclass] = ['person']
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { md.expect(:find_group, [nested_group], ['katellers']) }
     2.times { service_bind }

data/test/config_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class ConfigTest < MiniTest::Test
+class ConfigTest < Minitest::Test
   include LdapTestHelper
   def test_unsupported_type

data/test/ipa_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestIPAMemberService < MiniTest::Test
+class TestIPAMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/ipa_netgroup_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestIPANetgroupMemberService < MiniTest::Test
+class TestIPANetgroupMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/ipa_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestIPA < MiniTest::Test
+class TestIPA < Minitest::Test
   include LdapTestHelper
   def setup
@@ -16,8 +16,8 @@ class TestIPA < MiniTest::Test
   def test_good_bind
     # looks up the uid's full DN via the service account
-    @md = MiniTest::Mock.new
-    user_result = MiniTest::Mock.new
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
     user_result.expect(:dn, ipa_user_bind('internet'))
     @md.expect(:find_user, [user_result], %w[internet])
     @ipa.member_service = @md
@@ -53,7 +53,7 @@ class TestIPA < MiniTest::Test
   def test_bad_user
     service_bind
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user_groups, nil, %w[john])
     def @md.find_user_groups(*_args)
       raise LdapFluff::FreeIPA::MemberService::UIDNotFoundException
@@ -108,7 +108,7 @@ class TestIPA < MiniTest::Test
   end
   def test_user_exists
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user, 'notnilluser', %w[john])
     @ipa.member_service = @md
     service_bind
@@ -116,7 +116,7 @@ class TestIPA < MiniTest::Test
   end
   def test_missing_user
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user, nil, %w[john])
     def @md.find_user(_uid)
       raise LdapFluff::FreeIPA::MemberService::UIDNotFoundException
@@ -127,7 +127,7 @@ class TestIPA < MiniTest::Test
   end
   def test_group_exists
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_group, 'notnillgroup', %w[broskies])
     @ipa.member_service = @md
     service_bind
@@ -135,7 +135,7 @@ class TestIPA < MiniTest::Test
   end
   def test_missing_group
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_group, nil, %w[broskies])
     def @md.find_group(_uid)
       raise LdapFluff::FreeIPA::MemberService::GIDNotFoundException
@@ -151,7 +151,7 @@ class TestIPA < MiniTest::Test
     nested_group = Net::LDAP::Entry.new('gid=katellers,cn=Groups,cn=accounts,dc=localdomain')
     nested_group[:member] = ['uid=testuser,cn=users,cn=accounts,dc=localdomain']
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { md.expect(:find_group, [nested_group], ['katellers']) }
     2.times { service_bind }

data/test/ldap_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestLDAP < MiniTest::Test
+class TestLDAP < Minitest::Test
   include LdapTestHelper
   def setup

data/test/lib/ldap_test_helper.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module LdapTestHelper
   def setup
     config
-    @ldap = MiniTest::Mock.new
+    @ldap = Minitest::Mock.new
   end
   def config
@@ -38,13 +38,13 @@ module LdapTestHelper
   end
   def basic_user
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user_groups, %w[bros], %w[john])
     get_test_instance_variable.member_service = @md
   end
   def bigtime_user
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user_groups, %w[bros broskies], %w[john])
     get_test_instance_variable.member_service = @md
   end
@@ -105,6 +105,21 @@ module LdapTestHelper
     [{ :memberof => [ad_group_dn("bros#{num}"), ad_group_dn("broskies#{num}")] }]
   end
+  def netiq_user_payload
+    [{ :uid => ["john"],
+       # necessary, because Net::LDAP::Entry would allow both
+       'uid' => ["john"],
+       :dn => ["cn=42,ou=usr,o=employee"],
+       :workeforceid => ["42"] }]
+  end
+  def netiq_group_payload
+    [{ :cn => ["broze"],
+       :dn => ["cn=broze,ou=mygroup,ou=apps,o=global"],
+       :member => ["cn=42,ou=usr,o=employee"],
+       :workforceid => ["21"] }]
+  end
   def posix_user_payload
     [{ :cn => ["john"] }]
   end

data/test/netiq_member_services_test.rb ADDED Viewed

@@ -0,0 +1,81 @@
+require 'lib/ldap_test_helper'
+class TestNetIQMemberService < Minitest::Test
+  include LdapTestHelper
+  def setup
+    super
+    @ms = LdapFluff::NetIQ::MemberService.new(@ldap, @config)
+  end
+  def test_find_user
+    user = netiq_user_payload
+    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+                                 :base => config.base_dn])
+    @ms.ldap = @ldap
+    assert_equal netiq_user_payload, @ms.find_user('john')
+    @ldap.verify
+  end
+  def test_find_user_groups
+    user = netiq_group_payload
+    @ldap.expect(:search, netiq_user_payload, [:filter => @ms.name_filter('john'), :base => config.base_dn])
+    @ldap.expect(:search, user, [:filter => Net::LDAP::Filter.eq('memberuid', 'john') |
+                                            Net::LDAP::Filter.eq('member', 'cn=42,ou=usr,o=employee'),
+                                 :base => config.group_base, :attributes => ['cn']])
+    @ms.ldap = @ldap
+    assert_equal ['broze'], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+  def test_find_no_groups
+    @ldap.expect(:search, [], [:filter => @ms.name_filter('john'), :base => config.base_dn])
+    @ldap.expect(:search, [], [:filter => Net::LDAP::Filter.eq('memberuid', 'john'),
+                               :base => config.group_base, :attributes => ['cn']])
+    @ms.ldap = @ldap
+    assert_equal [], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+  def test_user_exists
+    user = netiq_user_payload
+    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+                                 :base => config.base_dn])
+    @ms.ldap = @ldap
+    assert @ms.find_user('john')
+    @ldap.verify
+  end
+  def test_user_doesnt_exists
+    @ldap.expect(:search, nil, [:filter => @ms.name_filter('john'),
+                                :base => config.base_dn])
+    @ms.ldap = @ldap
+    assert_raises(LdapFluff::NetIQ::MemberService::UIDNotFoundException) { @ms.find_user('john') }
+    @ldap.verify
+  end
+  def test_group_exists
+    group = netiq_group_payload
+    @ldap.expect(:search, group, [:filter => @ms.group_filter('broze'),
+                                  :base => config.group_base])
+    @ms.ldap = @ldap
+    assert @ms.find_group('broze')
+    @ldap.verify
+  end
+  def test_group_doesnt_exists
+    @ldap.expect(:search, nil, [:filter => @ms.group_filter('broze'),
+                                :base => config.group_base])
+    @ms.ldap = @ldap
+    assert_raises(LdapFluff::NetIQ::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
+    @ldap.verify
+  end
+  def test_get_logins
+    @ldap.expect(:search, netiq_user_payload,
+                 [:filter => @ms.name_filter('42', "workforceid"),
+                  :base => 'ou=usr,o=employee'])
+    assert_equal ['john'], @ms.get_logins(['cn=42,ou=usr,o=employee'])
+  end
+end

data/test/netiq_test.rb ADDED Viewed

@@ -0,0 +1,145 @@
+require 'lib/ldap_test_helper'
+class TestNetIQ < Minitest::Test
+  include LdapTestHelper
+  def setup
+    super
+    @ldap.expect(:bind, true)
+    @ldap.expect(:auth, nil, %w[service pass])
+    Net::LDAP.stub :new, @ldap do
+      @netiq = LdapFluff::NetIQ.new(@config)
+    end
+  end
+  def service_bind
+    @ldap.expect(:auth, nil, %w[service pass])
+    super
+  end
+  def test_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.groups_for_uid("john"), %w[bros])
+  end
+  def test_missing_user
+    md = Minitest::Mock.new
+    md.expect(:find_user_groups, [], %w[john])
+    @netiq.member_service = md
+    @ldap.expect(:bind, true)
+    @ldap.expect(:auth, nil, %w[service pass])
+    assert_equal([], @netiq.groups_for_uid('john'))
+  end
+  def test_isnt_in_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.is_in_groups('john', %w[broskies], true), false)
+  end
+  def test_is_in_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.is_in_groups('john', %w[bros], true), true)
+  end
+  def test_is_in_no_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.is_in_groups('john', [], true), true)
+  end
+  def test_good_bind
+    # looks up the uid's full DN via the service account
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
+    user_result.expect(:dn, 'uid=internet,dn=example')
+    @md.expect(:find_user, [user_result], %w[internet])
+    @netiq.member_service = @md
+    service_bind
+    @ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
+    @ldap.expect(:bind, true)
+    @netiq.ldap = @ldap
+    assert_equal(@netiq.bind?("internet", "password"), true)
+  end
+  def test_good_bind_with_dn
+    # no expectation on the service account
+    @ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
+    @ldap.expect(:bind, true)
+    @netiq.ldap = @ldap
+    assert_equal(@netiq.bind?("uid=internet,dn=example", "password"), true)
+  end
+  def test_bad_bind
+    @ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
+    @ldap.expect(:bind, false)
+    @netiq.ldap = @ldap
+    assert_equal(@netiq.bind?("uid=internet,dn=example", "password"), false)
+  end
+  def test_user_exists
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_user, 'notnilluser', %w[john])
+    @netiq.member_service = md
+    assert(@netiq.user_exists?('john'))
+  end
+  def test_user_not_exists
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_user, nil, %w[john])
+    def md.find_user(_uid)
+      raise LdapFluff::NetIQ::MemberService::UIDNotFoundException
+    end
+    @netiq.member_service = md
+    refute(@netiq.user_exists?('john'))
+  end
+  def test_group_exists
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_group, 'notnillgroup', %w[broskies])
+    @netiq.member_service = md
+    assert(@netiq.group_exists?('broskies'))
+  end
+  def test_missing_group
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_group, nil, %w[broskies])
+    def md.find_group(_uid)
+      raise LdapFluff::NetIQ::MemberService::GIDNotFoundException
+    end
+    @netiq.member_service = md
+    refute(@netiq.group_exists?('broskies'))
+  end
+  def test_find_users_in_nested_groups
+    service_bind
+    group = Net::LDAP::Entry.new('CN=foremaners,DC=example,DC=com')
+    group[:memberuid] = ['katellers']
+    nested_group = Net::LDAP::Entry.new('CN=katellers,CN=foremaners,DC=example,DC=com')
+    nested_group[:memberuid] = ['testuser']
+    @ldap.expect(:search,
+      [nested_group],
+      [{ :base => group.dn,
+         :filter => Net::LDAP::Filter.eq('objectClass', 'posixGroup') |
+                    Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
+                    Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') |
+                    Net::LDAP::Filter.eq('objectClass', 'groupOfNames') }])
+    @netiq.ldap = @ldap
+    md = Minitest::Mock.new
+    2.times { md.expect(:find_group, [group], ['foremaners']) }
+    @netiq.member_service = md
+    assert_equal @netiq.users_for_gid('foremaners'), ['testuser']
+    md.verify
+    @ldap.verify
+  end
+end

data/test/posix_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestPosixMemberService < MiniTest::Test
+class TestPosixMemberService < Minitest::Test
   include LdapTestHelper
   def setup
@@ -20,7 +20,8 @@ class TestPosixMemberService < MiniTest::Test
   def test_find_user_groups
     user = posix_group_payload
     @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
-                                 :base => config.group_base])
+                                 :base => config.group_base,
+                                 :attributes => ["cn"]])
     @ms.ldap = @ldap
     assert_equal ['broze'], @ms.find_user_groups('john')
     @ldap.verify
@@ -28,7 +29,8 @@ class TestPosixMemberService < MiniTest::Test
   def test_find_no_groups
     @ldap.expect(:search, [], [:filter => @ms.name_filter("john"),
-                               :base => config.group_base])
+                               :base => config.group_base,
+                               :attributes => ["cn"]])
     @ms.ldap = @ldap
     assert_equal [], @ms.find_user_groups('john')
     @ldap.verify

data/test/posix_netgroup_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestPosixNetgroupMemberService < MiniTest::Test
+class TestPosixNetgroupMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/posix_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestPosix < MiniTest::Test
+class TestPosix < Minitest::Test
   include LdapTestHelper
   def setup
@@ -19,8 +19,9 @@ class TestPosix < MiniTest::Test
     assert_equal(@posix.groups_for_uid("john"), %w[bros])
   end
-  def test_missing_user
-    md = MiniTest::Mock.new
+  def test_groups_missing_user
+    service_bind
+    md = Minitest::Mock.new
     md.expect(:find_user_groups, [], %w[john])
     @posix.member_service = md
     assert_equal([], @posix.groups_for_uid('john'))
@@ -46,8 +47,8 @@ class TestPosix < MiniTest::Test
   def test_good_bind
     # looks up the uid's full DN via the service account
-    @md = MiniTest::Mock.new
-    user_result = MiniTest::Mock.new
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
     user_result.expect(:dn, 'uid=internet,dn=example')
     @md.expect(:find_user, [user_result], %w[internet])
     @posix.member_service = @md
@@ -75,7 +76,7 @@ class TestPosix < MiniTest::Test
   def test_user_exists
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, 'notnilluser', %w[john])
     @posix.member_service = md
     assert(@posix.user_exists?('john'))
@@ -83,7 +84,7 @@ class TestPosix < MiniTest::Test
   def test_missing_user
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, nil, %w[john])
     def md.find_user(_uid)
       raise LdapFluff::Posix::MemberService::UIDNotFoundException
@@ -94,7 +95,7 @@ class TestPosix < MiniTest::Test
   def test_group_exists
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, 'notnillgroup', %w[broskies])
     @posix.member_service = md
     assert(@posix.group_exists?('broskies'))
@@ -102,7 +103,7 @@ class TestPosix < MiniTest::Test
   def test_missing_group
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, nil, %w[broskies])
     def md.find_group(_uid)
       raise LdapFluff::Posix::MemberService::GIDNotFoundException
@@ -127,7 +128,7 @@ class TestPosix < MiniTest::Test
                     Net::LDAP::Filter.eq('objectClass', 'groupOfNames')}])
     @posix.ldap = @ldap
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     @posix.member_service = md

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ldap_fluff
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Jordan O'Mara
@@ -10,10 +10,10 @@ authors:
 - Adam Price
 - Marek Hulan
 - Dominic Cleal
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-25 00:00:00.000000000 Z
+date: 2024-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -21,14 +21,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7'
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
@@ -36,6 +42,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,34 +52,37 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.1'
 description: Simple library for binding & group querying on top of various LDAP implementations
 email:
 - jomara@redhat.com
@@ -98,6 +110,8 @@ files:
 - lib/ldap_fluff/generic.rb
 - lib/ldap_fluff/generic_member_service.rb
 - lib/ldap_fluff/ldap_fluff.rb
+- lib/ldap_fluff/netiq.rb
+- lib/ldap_fluff/netiq_member_service.rb
 - lib/ldap_fluff/posix.rb
 - lib/ldap_fluff/posix_member_service.rb
 - lib/ldap_fluff/posix_netgroup_member_service.rb
@@ -109,14 +123,16 @@ files:
 - test/ipa_test.rb
 - test/ldap_test.rb
 - test/lib/ldap_test_helper.rb
+- test/netiq_member_services_test.rb
+- test/netiq_test.rb
 - test/posix_member_services_test.rb
 - test/posix_netgroup_member_services_test.rb
 - test/posix_test.rb
 homepage: https://github.com/theforeman/ldap_fluff
 licenses:
-- GPLv2
+- GPL-2.0-only
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -124,26 +140,31 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: '2.7'
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.3.27
+signing_key:
 specification_version: 4
 summary: LDAP querying tools for Active Directory, FreeIPA and POSIX-style
 test_files:
-- test/lib/ldap_test_helper.rb
+- test/ad_member_services_test.rb
 - test/ad_test.rb
 - test/config_test.rb
 - test/ipa_member_services_test.rb
 - test/ipa_netgroup_member_services_test.rb
 - test/ipa_test.rb
 - test/ldap_test.rb
+- test/lib/ldap_test_helper.rb
+- test/netiq_member_services_test.rb
+- test/netiq_test.rb
 - test/posix_member_services_test.rb
 - test/posix_netgroup_member_services_test.rb
 - test/posix_test.rb
-- test/ad_member_services_test.rb