RubyGems - ldap_fluff - Versions diffs - 0.6.0 → 0.8.0 - Mend

ldap_fluff 0.6.0 → 0.8.0

Files changed (22) hide show

checksums.yaml +4 -4
data/lib/ldap_fluff/ad_member_service.rb +2 -2
data/lib/ldap_fluff/config.rb +2 -2
data/lib/ldap_fluff/ldap_fluff.rb +2 -0
data/lib/ldap_fluff/netiq.rb +6 -0
data/lib/ldap_fluff/netiq_member_service.rb +43 -0
data/lib/ldap_fluff/posix_member_service.rb +4 -26
data/lib/ldap_fluff.rb +2 -0
data/test/ad_member_services_test.rb +1 -1
data/test/ad_test.rb +11 -11
data/test/config_test.rb +1 -1
data/test/ipa_member_services_test.rb +1 -1
data/test/ipa_netgroup_member_services_test.rb +1 -1
data/test/ipa_test.rb +9 -9
data/test/ldap_test.rb +1 -1
data/test/lib/ldap_test_helper.rb +18 -3
data/test/netiq_member_services_test.rb +81 -0
data/test/netiq_test.rb +145 -0
data/test/posix_member_services_test.rb +5 -3
data/test/posix_netgroup_member_services_test.rb +1 -1
data/test/posix_test.rb +11 -10
metadata +41 -20

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c3b572c980fa3c48ede92f936858eb045cf54f6b507e6c7767de0751f85d9cc
-  data.tar.gz: 9280821c5a7ecc20c2300421d9a5947820de407da3480143b08c6ec146675dcb
+  metadata.gz: c6a3d7c2ebc986e4ff3738e42f1539a93611fedff9eb399a6fc606f14f11a40a
+  data.tar.gz: 9d53b1528ff20d5c44d547b3fc6dec041d3aa6bb6e915d8d7e96186fc77ec04d
 SHA512:
-  metadata.gz: 4d74d42c9156af61cc485d6e8c1a99d1945aa97157659e627323f60e5b09807ea2c860fd10c62e9ce209d393200a5b57ef20205e8fc66eecf7762af7be56ee22
-  data.tar.gz: 1228b0a8730546ec3e38658bb3a86166bc10cb2af607a8d6e3ee77e3dd8c9ee465c0bbd2383ff1d8f5cdeed3053fd6a649dbdc8b145ccb29e47321ec7ef3e973
+  metadata.gz: 85a888d7da528bfe2f4f2dfe4dea9793c5adf9812fe054c3467eba3873b9fa838dde18a44844a888beea02bf178b0f2b71b4de3c1d79444e4bf513c2c9c185af
+  data.tar.gz: 19076c83f5ef10f0e334f430d9393b2f4bb855bedc1e2a601ccd9e59ead89600957f3469508caee8fb6b04e5a255fad3f17eae068fa41fb732fbc25bfc3eb2c2

data/lib/ldap_fluff/ad_member_service.rb CHANGED Viewed

@@ -26,7 +26,7 @@ class LdapFluff::ActiveDirectory::MemberService < LdapFluff::GenericMemberServic
   # return the domain functionality level, default to 0
   def _get_domain_func_level
-    return @domain_functionality unless @domain_functionality.nil?
+    return @domain_functionality if defined?(@domain_functionality)
     @domain_functionality = 0
@@ -57,7 +57,7 @@ class LdapFluff::ActiveDirectory::MemberService < LdapFluff::GenericMemberServic
       next unless !search.nil? && !search.first.nil?
       groups = search.first[:memberof] - known_groups
       known_groups                += groups
-      next_level, new_known_groups = _walk_group_ancestry(groups, known_groups)
+      next_level, _new_known_groups = _walk_group_ancestry(groups, known_groups)
       set                         += next_level
       set                         += groups
       known_groups                += next_level

data/lib/ldap_fluff/config.rb CHANGED Viewed

@@ -65,8 +65,8 @@ class LdapFluff::Config
   end
   def correct_server_type?(config)
-    unless %i[posix active_directory free_ipa].include?(config['server_type'])
-      raise ConfigError, 'config key server_type has to be :active_directory, :posix, :free_ipa ' +
+    unless %i[posix active_directory free_ipa netiq].include?(config['server_type'])
+      raise ConfigError, 'config key server_type has to be :active_directory, :posix, :free_ipa, :netiq ' +
                          "but was #{config['server_type']}"
     end
   end

data/lib/ldap_fluff/ldap_fluff.rb CHANGED Viewed

@@ -13,6 +13,8 @@ class LdapFluff
       @ldap = ActiveDirectory.new(config)
     when :free_ipa
       @ldap = FreeIPA.new(config)
+    when :netiq
+      @ldap = NetIQ.new(config)
     else
       raise 'unknown server_type'
     end

data/lib/ldap_fluff/netiq.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class LdapFluff::NetIQ < LdapFluff::Posix
+  def create_member_service(config)
+    service_bind
+    super(config)
+  end
+end

data/lib/ldap_fluff/netiq_member_service.rb ADDED Viewed

@@ -0,0 +1,43 @@
+require 'net/ldap'
+# handles the naughty bits of posix ldap
+class LdapFluff::NetIQ::MemberService < LdapFluff::Posix::MemberService
+  def initialize(ldap, config)
+    super
+    # set default after super, because Posix' initialize would overwrite it otherwise
+    @attr_login = (config.attr_login || 'uid')
+  end
+  def find_by_dn(search_dn)
+    entry, base = search_dn.split(/(?<!\\),/, 2)
+    _entry_attr, entry_value = entry.split('=', 2)
+    entry_value = entry_value.gsub('\,', ',')
+    user = @ldap.search(:filter => name_filter(entry_value, 'workforceid'), :base => base)
+    raise self.class::UIDNotFoundException if (user.nil? || user.empty?)
+    user
+  end
+  def get_logins(userlist)
+    userlist.map do |current_user|
+      find_by_dn(current_user&.downcase)[0][@attr_login][0]
+    end
+  end
+  # return an ldap user with groups attached
+  # note : this method is not particularly fast for large ldap systems
+  def find_user_groups(uid)
+    filter = Net::LDAP::Filter.eq('memberuid', uid)
+    begin
+      user = find_user(uid)[0][:dn][0]
+      filter |= Net::LDAP::Filter.eq('member', user)
+    rescue UIDNotFoundException
+      # do nothing
+    end
+    @ldap.search(
+      :filter => filter,
+      :base => @group_base,
+      :attributes => ['cn']
+    ).map { |entry| entry[:cn][0] }
+  end
+end

data/lib/ldap_fluff/posix_member_service.rb CHANGED Viewed

@@ -16,32 +16,10 @@ class LdapFluff::Posix::MemberService < LdapFluff::GenericMemberService
   # return an ldap user with groups attached
   # note : this method is not particularly fast for large ldap systems
   def find_user_groups(uid)
-    groups = []
-    @ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid), :base => @group_base).each do |entry|
-      groups << entry[:cn][0]
-    end
-    groups
-  end
-  def times_in_groups(uid, gids, all)
-    filters = []
-    gids.each do |cn|
-      filters << group_filter(cn)
-    end
-    group_filters = merge_filters(filters, all)
-    filter        = name_filter(uid) & group_filters
-    @ldap.search(:base => @group_base, :filter => filter).size
-  end
-  # AND or OR all of the filters together
-  def merge_filters(filters = [], all = false)
-    if !filters.nil? && filters.size >= 1
-      filter = filters[0]
-      filters[1..(filters.size - 1)].each do |gfilter|
-        filter = (all ? filter & gfilter : filter | gfilter)
-      end
-      filter
-    end
+    @ldap.search(
+      :filter => Net::LDAP::Filter.eq('memberuid', uid),
+      :base => @group_base, :attributes => ["cn"]
+    ).map { |entry| entry[:cn][0] }
   end
   class UIDNotFoundException < LdapFluff::Error

data/lib/ldap_fluff.rb CHANGED Viewed

@@ -11,3 +11,5 @@ require 'ldap_fluff/posix_netgroup_member_service'
 require 'ldap_fluff/freeipa'
 require 'ldap_fluff/freeipa_member_service'
 require 'ldap_fluff/freeipa_netgroup_member_service'
+require 'ldap_fluff/netiq'
+require 'ldap_fluff/netiq_member_service'

data/test/ad_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestADMemberService < MiniTest::Test
+class TestADMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/ad_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestAD < MiniTest::Test
+class TestAD < Minitest::Test
   include LdapTestHelper
   def setup
@@ -34,8 +34,8 @@ class TestAD < MiniTest::Test
   def test_good_bind_with_account_name
     # looks up the account name's full DN via the service account
-    @md = MiniTest::Mock.new
-    user_result = MiniTest::Mock.new
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
     user_result.expect(:dn, ad_user_dn('Internet User'))
     @md.expect(:find_user, [user_result], %w[internet])
     @ad.member_service = @md
@@ -62,7 +62,7 @@ class TestAD < MiniTest::Test
   def test_bad_user
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user_groups, nil, %w[john])
     def md.find_user_groups(*_args)
       raise LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException
@@ -112,7 +112,7 @@ class TestAD < MiniTest::Test
   def test_subgroups_in_groups_are_ignored
     group = Net::LDAP::Entry.new('foremaners')
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { service_bind }
     def md.find_by_dn(_dn)
@@ -124,7 +124,7 @@ class TestAD < MiniTest::Test
   end
   def test_user_exists
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, 'notnilluser', %w[john])
     @ad.member_service = md
     service_bind
@@ -132,7 +132,7 @@ class TestAD < MiniTest::Test
   end
   def test_missing_user
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, nil, %w[john])
     def md.find_user(_uid)
       raise LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException
@@ -143,7 +143,7 @@ class TestAD < MiniTest::Test
   end
   def test_group_exists
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, 'notnillgroup', %w[broskies])
     @ad.member_service = md
     service_bind
@@ -151,7 +151,7 @@ class TestAD < MiniTest::Test
   end
   def test_missing_group
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, nil, %w[broskies])
     def md.find_group(_uid)
       raise LdapFluff::ActiveDirectory::MemberService::GIDNotFoundException
@@ -172,7 +172,7 @@ class TestAD < MiniTest::Test
     nested_group[:objectclass] = ['organizationalunit']
     nested_user[:objectclass]  = ['person']
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { md.expect(:find_group, [nested_group], ['katellers']) }
     2.times { service_bind }
@@ -196,7 +196,7 @@ class TestAD < MiniTest::Test
     nested_group[:memberof] = ['CN=foremaners,DC=corp,DC=windows,DC=com']
     nested_user[:objectclass] = ['person']
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { md.expect(:find_group, [nested_group], ['katellers']) }
     2.times { service_bind }

data/test/config_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class ConfigTest < MiniTest::Test
+class ConfigTest < Minitest::Test
   include LdapTestHelper
   def test_unsupported_type

data/test/ipa_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestIPAMemberService < MiniTest::Test
+class TestIPAMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/ipa_netgroup_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestIPANetgroupMemberService < MiniTest::Test
+class TestIPANetgroupMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/ipa_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestIPA < MiniTest::Test
+class TestIPA < Minitest::Test
   include LdapTestHelper
   def setup
@@ -16,8 +16,8 @@ class TestIPA < MiniTest::Test
   def test_good_bind
     # looks up the uid's full DN via the service account
-    @md = MiniTest::Mock.new
-    user_result = MiniTest::Mock.new
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
     user_result.expect(:dn, ipa_user_bind('internet'))
     @md.expect(:find_user, [user_result], %w[internet])
     @ipa.member_service = @md
@@ -53,7 +53,7 @@ class TestIPA < MiniTest::Test
   def test_bad_user
     service_bind
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user_groups, nil, %w[john])
     def @md.find_user_groups(*_args)
       raise LdapFluff::FreeIPA::MemberService::UIDNotFoundException
@@ -108,7 +108,7 @@ class TestIPA < MiniTest::Test
   end
   def test_user_exists
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user, 'notnilluser', %w[john])
     @ipa.member_service = @md
     service_bind
@@ -116,7 +116,7 @@ class TestIPA < MiniTest::Test
   end
   def test_missing_user
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user, nil, %w[john])
     def @md.find_user(_uid)
       raise LdapFluff::FreeIPA::MemberService::UIDNotFoundException
@@ -127,7 +127,7 @@ class TestIPA < MiniTest::Test
   end
   def test_group_exists
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_group, 'notnillgroup', %w[broskies])
     @ipa.member_service = @md
     service_bind
@@ -135,7 +135,7 @@ class TestIPA < MiniTest::Test
   end
   def test_missing_group
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_group, nil, %w[broskies])
     def @md.find_group(_uid)
       raise LdapFluff::FreeIPA::MemberService::GIDNotFoundException
@@ -151,7 +151,7 @@ class TestIPA < MiniTest::Test
     nested_group = Net::LDAP::Entry.new('gid=katellers,cn=Groups,cn=accounts,dc=localdomain')
     nested_group[:member] = ['uid=testuser,cn=users,cn=accounts,dc=localdomain']
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     2.times { md.expect(:find_group, [nested_group], ['katellers']) }
     2.times { service_bind }

data/test/ldap_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestLDAP < MiniTest::Test
+class TestLDAP < Minitest::Test
   include LdapTestHelper
   def setup

data/test/lib/ldap_test_helper.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module LdapTestHelper
   def setup
     config
-    @ldap = MiniTest::Mock.new
+    @ldap = Minitest::Mock.new
   end
   def config
@@ -38,13 +38,13 @@ module LdapTestHelper
   end
   def basic_user
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user_groups, %w[bros], %w[john])
     get_test_instance_variable.member_service = @md
   end
   def bigtime_user
-    @md = MiniTest::Mock.new
+    @md = Minitest::Mock.new
     @md.expect(:find_user_groups, %w[bros broskies], %w[john])
     get_test_instance_variable.member_service = @md
   end
@@ -105,6 +105,21 @@ module LdapTestHelper
     [{ :memberof => [ad_group_dn("bros#{num}"), ad_group_dn("broskies#{num}")] }]
   end
+  def netiq_user_payload
+    [{ :uid => ["john"],
+       # necessary, because Net::LDAP::Entry would allow both
+       'uid' => ["john"],
+       :dn => ["cn=42,ou=usr,o=employee"],
+       :workeforceid => ["42"] }]
+  end
+  def netiq_group_payload
+    [{ :cn => ["broze"],
+       :dn => ["cn=broze,ou=mygroup,ou=apps,o=global"],
+       :member => ["cn=42,ou=usr,o=employee"],
+       :workforceid => ["21"] }]
+  end
   def posix_user_payload
     [{ :cn => ["john"] }]
   end

data/test/netiq_member_services_test.rb ADDED Viewed

@@ -0,0 +1,81 @@
+require 'lib/ldap_test_helper'
+class TestNetIQMemberService < Minitest::Test
+  include LdapTestHelper
+  def setup
+    super
+    @ms = LdapFluff::NetIQ::MemberService.new(@ldap, @config)
+  end
+  def test_find_user
+    user = netiq_user_payload
+    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+                                 :base => config.base_dn])
+    @ms.ldap = @ldap
+    assert_equal netiq_user_payload, @ms.find_user('john')
+    @ldap.verify
+  end
+  def test_find_user_groups
+    user = netiq_group_payload
+    @ldap.expect(:search, netiq_user_payload, [:filter => @ms.name_filter('john'), :base => config.base_dn])
+    @ldap.expect(:search, user, [:filter => Net::LDAP::Filter.eq('memberuid', 'john') |
+                                            Net::LDAP::Filter.eq('member', 'cn=42,ou=usr,o=employee'),
+                                 :base => config.group_base, :attributes => ['cn']])
+    @ms.ldap = @ldap
+    assert_equal ['broze'], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+  def test_find_no_groups
+    @ldap.expect(:search, [], [:filter => @ms.name_filter('john'), :base => config.base_dn])
+    @ldap.expect(:search, [], [:filter => Net::LDAP::Filter.eq('memberuid', 'john'),
+                               :base => config.group_base, :attributes => ['cn']])
+    @ms.ldap = @ldap
+    assert_equal [], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+  def test_user_exists
+    user = netiq_user_payload
+    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+                                 :base => config.base_dn])
+    @ms.ldap = @ldap
+    assert @ms.find_user('john')
+    @ldap.verify
+  end
+  def test_user_doesnt_exists
+    @ldap.expect(:search, nil, [:filter => @ms.name_filter('john'),
+                                :base => config.base_dn])
+    @ms.ldap = @ldap
+    assert_raises(LdapFluff::NetIQ::MemberService::UIDNotFoundException) { @ms.find_user('john') }
+    @ldap.verify
+  end
+  def test_group_exists
+    group = netiq_group_payload
+    @ldap.expect(:search, group, [:filter => @ms.group_filter('broze'),
+                                  :base => config.group_base])
+    @ms.ldap = @ldap
+    assert @ms.find_group('broze')
+    @ldap.verify
+  end
+  def test_group_doesnt_exists
+    @ldap.expect(:search, nil, [:filter => @ms.group_filter('broze'),
+                                :base => config.group_base])
+    @ms.ldap = @ldap
+    assert_raises(LdapFluff::NetIQ::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
+    @ldap.verify
+  end
+  def test_get_logins
+    @ldap.expect(:search, netiq_user_payload,
+                 [:filter => @ms.name_filter('42', "workforceid"),
+                  :base => 'ou=usr,o=employee'])
+    assert_equal ['john'], @ms.get_logins(['cn=42,ou=usr,o=employee'])
+  end
+end

data/test/netiq_test.rb ADDED Viewed

@@ -0,0 +1,145 @@
+require 'lib/ldap_test_helper'
+class TestNetIQ < Minitest::Test
+  include LdapTestHelper
+  def setup
+    super
+    @ldap.expect(:bind, true)
+    @ldap.expect(:auth, nil, %w[service pass])
+    Net::LDAP.stub :new, @ldap do
+      @netiq = LdapFluff::NetIQ.new(@config)
+    end
+  end
+  def service_bind
+    @ldap.expect(:auth, nil, %w[service pass])
+    super
+  end
+  def test_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.groups_for_uid("john"), %w[bros])
+  end
+  def test_missing_user
+    md = Minitest::Mock.new
+    md.expect(:find_user_groups, [], %w[john])
+    @netiq.member_service = md
+    @ldap.expect(:bind, true)
+    @ldap.expect(:auth, nil, %w[service pass])
+    assert_equal([], @netiq.groups_for_uid('john'))
+  end
+  def test_isnt_in_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.is_in_groups('john', %w[broskies], true), false)
+  end
+  def test_is_in_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.is_in_groups('john', %w[bros], true), true)
+  end
+  def test_is_in_no_groups
+    service_bind
+    basic_user
+    assert_equal(@netiq.is_in_groups('john', [], true), true)
+  end
+  def test_good_bind
+    # looks up the uid's full DN via the service account
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
+    user_result.expect(:dn, 'uid=internet,dn=example')
+    @md.expect(:find_user, [user_result], %w[internet])
+    @netiq.member_service = @md
+    service_bind
+    @ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
+    @ldap.expect(:bind, true)
+    @netiq.ldap = @ldap
+    assert_equal(@netiq.bind?("internet", "password"), true)
+  end
+  def test_good_bind_with_dn
+    # no expectation on the service account
+    @ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
+    @ldap.expect(:bind, true)
+    @netiq.ldap = @ldap
+    assert_equal(@netiq.bind?("uid=internet,dn=example", "password"), true)
+  end
+  def test_bad_bind
+    @ldap.expect(:auth, nil, %w[uid=internet,dn=example password])
+    @ldap.expect(:bind, false)
+    @netiq.ldap = @ldap
+    assert_equal(@netiq.bind?("uid=internet,dn=example", "password"), false)
+  end
+  def test_user_exists
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_user, 'notnilluser', %w[john])
+    @netiq.member_service = md
+    assert(@netiq.user_exists?('john'))
+  end
+  def test_user_not_exists
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_user, nil, %w[john])
+    def md.find_user(_uid)
+      raise LdapFluff::NetIQ::MemberService::UIDNotFoundException
+    end
+    @netiq.member_service = md
+    refute(@netiq.user_exists?('john'))
+  end
+  def test_group_exists
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_group, 'notnillgroup', %w[broskies])
+    @netiq.member_service = md
+    assert(@netiq.group_exists?('broskies'))
+  end
+  def test_missing_group
+    service_bind
+    md = Minitest::Mock.new
+    md.expect(:find_group, nil, %w[broskies])
+    def md.find_group(_uid)
+      raise LdapFluff::NetIQ::MemberService::GIDNotFoundException
+    end
+    @netiq.member_service = md
+    refute(@netiq.group_exists?('broskies'))
+  end
+  def test_find_users_in_nested_groups
+    service_bind
+    group = Net::LDAP::Entry.new('CN=foremaners,DC=example,DC=com')
+    group[:memberuid] = ['katellers']
+    nested_group = Net::LDAP::Entry.new('CN=katellers,CN=foremaners,DC=example,DC=com')
+    nested_group[:memberuid] = ['testuser']
+    @ldap.expect(:search,
+      [nested_group],
+      [{ :base => group.dn,
+         :filter => Net::LDAP::Filter.eq('objectClass', 'posixGroup') |
+                    Net::LDAP::Filter.eq('objectClass', 'organizationalunit') |
+                    Net::LDAP::Filter.eq('objectClass', 'groupOfUniqueNames') |
+                    Net::LDAP::Filter.eq('objectClass', 'groupOfNames') }])
+    @netiq.ldap = @ldap
+    md = Minitest::Mock.new
+    2.times { md.expect(:find_group, [group], ['foremaners']) }
+    @netiq.member_service = md
+    assert_equal @netiq.users_for_gid('foremaners'), ['testuser']
+    md.verify
+    @ldap.verify
+  end
+end

data/test/posix_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestPosixMemberService < MiniTest::Test
+class TestPosixMemberService < Minitest::Test
   include LdapTestHelper
   def setup
@@ -20,7 +20,8 @@ class TestPosixMemberService < MiniTest::Test
   def test_find_user_groups
     user = posix_group_payload
     @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
-                                 :base => config.group_base])
+                                 :base => config.group_base,
+                                 :attributes => ["cn"]])
     @ms.ldap = @ldap
     assert_equal ['broze'], @ms.find_user_groups('john')
     @ldap.verify
@@ -28,7 +29,8 @@ class TestPosixMemberService < MiniTest::Test
   def test_find_no_groups
     @ldap.expect(:search, [], [:filter => @ms.name_filter("john"),
-                               :base => config.group_base])
+                               :base => config.group_base,
+                               :attributes => ["cn"]])
     @ms.ldap = @ldap
     assert_equal [], @ms.find_user_groups('john')
     @ldap.verify

data/test/posix_netgroup_member_services_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestPosixNetgroupMemberService < MiniTest::Test
+class TestPosixNetgroupMemberService < Minitest::Test
   include LdapTestHelper
   def setup

data/test/posix_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'lib/ldap_test_helper'
-class TestPosix < MiniTest::Test
+class TestPosix < Minitest::Test
   include LdapTestHelper
   def setup
@@ -19,8 +19,9 @@ class TestPosix < MiniTest::Test
     assert_equal(@posix.groups_for_uid("john"), %w[bros])
   end
-  def test_missing_user
-    md = MiniTest::Mock.new
+  def test_groups_missing_user
+    service_bind
+    md = Minitest::Mock.new
     md.expect(:find_user_groups, [], %w[john])
     @posix.member_service = md
     assert_equal([], @posix.groups_for_uid('john'))
@@ -46,8 +47,8 @@ class TestPosix < MiniTest::Test
   def test_good_bind
     # looks up the uid's full DN via the service account
-    @md = MiniTest::Mock.new
-    user_result = MiniTest::Mock.new
+    @md = Minitest::Mock.new
+    user_result = Minitest::Mock.new
     user_result.expect(:dn, 'uid=internet,dn=example')
     @md.expect(:find_user, [user_result], %w[internet])
     @posix.member_service = @md
@@ -75,7 +76,7 @@ class TestPosix < MiniTest::Test
   def test_user_exists
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, 'notnilluser', %w[john])
     @posix.member_service = md
     assert(@posix.user_exists?('john'))
@@ -83,7 +84,7 @@ class TestPosix < MiniTest::Test
   def test_missing_user
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_user, nil, %w[john])
     def md.find_user(_uid)
       raise LdapFluff::Posix::MemberService::UIDNotFoundException
@@ -94,7 +95,7 @@ class TestPosix < MiniTest::Test
   def test_group_exists
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, 'notnillgroup', %w[broskies])
     @posix.member_service = md
     assert(@posix.group_exists?('broskies'))
@@ -102,7 +103,7 @@ class TestPosix < MiniTest::Test
   def test_missing_group
     service_bind
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     md.expect(:find_group, nil, %w[broskies])
     def md.find_group(_uid)
       raise LdapFluff::Posix::MemberService::GIDNotFoundException
@@ -127,7 +128,7 @@ class TestPosix < MiniTest::Test
                     Net::LDAP::Filter.eq('objectClass', 'groupOfNames')}])
     @posix.ldap = @ldap
-    md = MiniTest::Mock.new
+    md = Minitest::Mock.new
     2.times { md.expect(:find_group, [group], ['foremaners']) }
     @posix.member_service = md

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ldap_fluff
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Jordan O'Mara
@@ -10,10 +10,10 @@ authors:
 - Adam Price
 - Marek Hulan
 - Dominic Cleal
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-25 00:00:00.000000000 Z
+date: 2024-10-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -21,14 +21,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8'
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
@@ -36,6 +42,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,34 +52,37 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0.11'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '13.1'
 description: Simple library for binding & group querying on top of various LDAP implementations
 email:
 - jomara@redhat.com
@@ -98,6 +110,8 @@ files:
 - lib/ldap_fluff/generic.rb
 - lib/ldap_fluff/generic_member_service.rb
 - lib/ldap_fluff/ldap_fluff.rb
+- lib/ldap_fluff/netiq.rb
+- lib/ldap_fluff/netiq_member_service.rb
 - lib/ldap_fluff/posix.rb
 - lib/ldap_fluff/posix_member_service.rb
 - lib/ldap_fluff/posix_netgroup_member_service.rb
@@ -109,14 +123,16 @@ files:
 - test/ipa_test.rb
 - test/ldap_test.rb
 - test/lib/ldap_test_helper.rb
+- test/netiq_member_services_test.rb
+- test/netiq_test.rb
 - test/posix_member_services_test.rb
 - test/posix_netgroup_member_services_test.rb
 - test/posix_test.rb
 homepage: https://github.com/theforeman/ldap_fluff
 licenses:
-- GPLv2
+- GPL-2.0-only
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -124,26 +140,31 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: '2.7'
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.3.27
+signing_key:
 specification_version: 4
 summary: LDAP querying tools for Active Directory, FreeIPA and POSIX-style
 test_files:
-- test/lib/ldap_test_helper.rb
+- test/ad_member_services_test.rb
 - test/ad_test.rb
 - test/config_test.rb
 - test/ipa_member_services_test.rb
 - test/ipa_netgroup_member_services_test.rb
 - test/ipa_test.rb
 - test/ldap_test.rb
+- test/lib/ldap_test_helper.rb
+- test/netiq_member_services_test.rb
+- test/netiq_test.rb
 - test/posix_member_services_test.rb
 - test/posix_netgroup_member_services_test.rb
 - test/posix_test.rb
-- test/ad_member_services_test.rb