ldap_fluff 0.2.2 → 0.2.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9025796dd4a1f338793d0f813f3c75fbd2f23391
+  data.tar.gz: 44db9035ffacf95dd8012bab889db8bb28b0a148
+SHA512:
+  metadata.gz: 574443464695fe4e9ec619673be621a9c1470dc63347a381df512331fd3f987fd679414155db1954a4d8d054ba390609b4bee23b4e5d5b83afa5d8f4c98a6f46
+  data.tar.gz: 02c1b51bf08d46532da8301eb068a86e2539b1124fd353eef60d047cf35eff202afd9b1263c8ffe7c4dfb9b1941869fe985e6e57a69c109b115d0f38bb85e4e1

data/lib/ldap_fluff/active_directory.rb

@@ -1,13 +1,12 @@
 class LdapFluff::ActiveDirectory
   attr_accessor :ldap, :member_service
 
-  def initialize(config={})
-    @ldap       = Net::LDAP.new :host       => config.host,
+  def initialize(config = {})
+    @ldap       = Net::LDAP.new(:host       => config.host,
                                 :base       => config.base_dn,
                                 :port       => config.port,
-                                :encryption => config.encryption
-    @group_base = config.group_base
-    @group_base ||= config.base_dn
+                                :encryption => config.encryption)
+    @group_base = config.group_base || config.base_dn
     @ad_domain  = config.ad_domain
     @bind_user  = config.service_user
     @bind_pass  = config.service_pass
@@ -16,8 +15,8 @@ class LdapFluff::ActiveDirectory
     @member_service = MemberService.new(@ldap, @group_base)
   end
 
-  def bind?(uid=nil, password=nil)
-    @ldap.auth "#{uid}@#{@ad_domain}", password
+  def bind?(uid = nil, password = nil)
+    @ldap.auth("#{uid}@#{@ad_domain}", password)
     @ldap.bind
   end
 
@@ -41,18 +40,14 @@ class LdapFluff::ActiveDirectory
   end
 
   # active directory stores group membership on a users model
-  # TODO query by group individually not like this
+  # TODO: query by group individually not like this
   def is_in_groups(uid, gids = [], all = false)
     service_bind
     return true if gids == []
     begin
       groups       = @member_service.find_user_groups(uid)
       intersection = gids & groups
-      if all
-        return intersection == gids
-      else
-        return intersection.size > 0
-      end
+      return (all ? intersection == gids : intersection.size > 0)
     rescue MemberService::UIDNotFoundException
       return false
     end
@@ -61,7 +56,7 @@ class LdapFluff::ActiveDirectory
   def user_exists?(uid)
     begin
       service_bind
-      user = @member_service.find_user(uid)
+      @member_service.find_user(uid)
     rescue MemberService::UIDNotFoundException
       return false
     end
@@ -71,7 +66,7 @@ class LdapFluff::ActiveDirectory
   def group_exists?(gid)
     begin
       service_bind
-      group = @member_service.find_group(gid)
+      @member_service.find_group(gid)
     rescue MemberService::GIDNotFoundException
       return false
     end

data/lib/ldap_fluff/ad_member_service.rb

@@ -19,20 +19,20 @@ class LdapFluff::ActiveDirectory::MemberService
 
   def find_user(uid)
     data = @ldap.search(:filter => name_filter(uid))
-    raise UIDNotFoundException if (data == nil || data.empty?)
+    raise UIDNotFoundException if (data.nil? || data.empty?)
     data
   end
 
   def find_group(gid)
     data = @ldap.search(:filter => group_filter(gid), :base => @group_base)
-    raise GIDNotFoundException if (data == nil || data.empty?)
+    raise GIDNotFoundException if (data.nil? || data.empty?)
     data
   end
 
   # return the :memberof attrs + parents, recursively
   def _groups_from_ldap_data(payload)
     data = []
-    if payload != nil
+    if !payload.nil?
       first_level  = _group_names_from_cn(payload[:memberof])
       total_groups = _walk_group_ancestry(first_level)
       data         = (first_level + total_groups).uniq
@@ -41,15 +41,15 @@ class LdapFluff::ActiveDirectory::MemberService
   end
 
   # recursively loop over the parent list
-  def _walk_group_ancestry(gids=[])
+  def _walk_group_ancestry(gids = [])
     set = []
     gids.each do |g|
       filter = group_filter(g) & class_filter
       search = @ldap.search(:filter => filter, :base => @group_base)
-      if search != nil && search.first != nil
+      if !search.nil? && !search.first.nil?
         group = search.first
-        set   += _group_names_from_cn(group[:memberof])
-        set   += _walk_group_ancestry(set)
+        set  += _group_names_from_cn(group[:memberof])
+        set  += _walk_group_ancestry(set)
       end
     end
     set
@@ -77,7 +77,7 @@ class LdapFluff::ActiveDirectory::MemberService
   # I think we would normally want to just do the collect at the end,
   # but we need the individual names for recursive queries
   def _group_names_from_cn(grouplist)
-    p = Proc.new { |g| g.sub(/.*?CN=(.*?),.*/, '\1') }
+    p = proc { |g| g.sub(/.*?CN=(.*?),.*/, '\1') }
     grouplist.collect(&p)
   end
 

data/lib/ldap_fluff/config.rb

@@ -1,17 +1,90 @@
 require 'yaml'
+require 'active_support/core_ext/hash'
 
 class LdapFluff
+  class ConfigError < StandardError
+  end
+
   class Config
-    ATTRIBUTES = [:host, :port, :encryption, :base_dn, :group_base, :server_type, :ad_domain, :service_user,
-                  :service_pass, :anon_queries]
-    ATTRIBUTES.each { |attr| attr_reader attr }
+    ATTRIBUTES = %w[host port encryption base_dn group_base server_type ad_domain service_user
+                    service_pass anon_queries]
+    ATTRIBUTES.each { |attr| attr_reader attr.to_sym }
+
+    DEFAULT_CONFIG = { 'port'         => 389,
+                       'encryption'   => nil,
+                       'base_dn'      => 'dc=company,dc=com',
+                       'group_base'   => 'dc=company,dc=com',
+                       'server_type'  => :free_ipa,
+                       'ad_domain'    => nil,
+                       'anon_queries' => false }
+
+    def initialize(config)
+      raise ArgumentError unless config.respond_to?(:to_hash)
+      config = validate(convert(config))
 
-    def initialize(options)
-      raise ArgumentError unless options.respond_to?(:to_hash)
-      options = options.to_hash.inject({}) { |hash, (k, v)| hash.update k.to_s => v }
-      ATTRIBUTES.each { |attr| instance_variable_set :"@#{attr}", options[attr.to_s] }
-      @encryption = @encryption.to_sym if @encryption
-      @server_type = @server_type.to_sym if @server_type
+      ATTRIBUTES.each do |attr|
+        instance_variable_set(:"@#{attr}", config[attr])
+      end
     end
-  end
-end
+
+    private
+
+    # @param [#to_hash] config
+    def convert(config)
+      config.to_hash.with_indifferent_access.tap do |conf|
+        %w[encryption server_type].each do |key|
+          conf[key] = conf[key].to_sym if conf[key]
+        end
+      end
+    end
+
+    def missing_keys?(config)
+      missing_keys = ATTRIBUTES - config.keys
+      raise ConfigError, "missing configuration for keys: #{missing_keys.join(',')}" unless missing_keys.empty?
+    end
+
+    def unknown_keys?(config)
+      unknown_keys = config.keys - ATTRIBUTES
+      raise ConfigError, "unknown configuration keys: #{unknown_keys.join(',')}" unless unknown_keys.empty?
+    end
+
+    def all_required_keys?(config)
+      %w[host port base_dn group_base server_type].all? do |key|
+        raise ConfigError, "config key #{key} has to be set, it was nil" if config[key].nil?
+      end
+
+      %w[service_user service_pass].all? do |key|
+        if !config['anon_queries'] && config['server_type'] != :posix && config[key].nil?
+          raise ConfigError, "config key #{key} has to be set, it was nil"
+        end
+      end
+    end
+
+    def anon_queries_set?(config)
+      unless [false, true].include?(config['anon_queries'])
+        raise ConfigError, "config key anon_queries has to be true or false but was #{config['anon_queries']}"
+      end
+    end
+
+    def correct_server_type?(config)
+      unless [:posix, :active_directory, :free_ipa].include?(config['server_type'])
+        raise ConfigError, 'config key server_type has to be :active_directory, :posix, :free_ipa ' +
+          "but was #{config['server_type']}"
+      end
+    end
+
+    def validate(config)
+      config = DEFAULT_CONFIG.merge(config)
+
+      correct_server_type?(config)
+      missing_keys?(config)
+      unknown_keys?(config)
+      all_required_keys?(config)
+      anon_queries_set?(config)
+
+      config
+    end
+
+  end # Config
+
+end # LdapFluff

data/lib/ldap_fluff/freeipa.rb

@@ -2,13 +2,12 @@ class LdapFluff::FreeIPA
 
   attr_accessor :ldap, :member_service
 
-  def initialize(config={})
-    @ldap       = Net::LDAP.new :host       => config.host,
+  def initialize(config = {})
+    @ldap       = Net::LDAP.new(:host       => config.host,
                                 :base       => config.base_dn,
                                 :port       => config.port,
-                                :encryption => config.encryption
-    @group_base = config.group_base
-    @group_base ||= config.base_dn
+                                :encryption => config.encryption)
+    @group_base = config.group_base || config.base_dn
     @base       = config.base_dn
     @bind_user  = config.service_user
     @bind_pass  = config.service_pass
@@ -17,8 +16,8 @@ class LdapFluff::FreeIPA
     @member_service = MemberService.new(@ldap, @group_base)
   end
 
-  def bind?(uid=nil, password=nil)
-    @ldap.auth "uid=#{uid},cn=users,cn=accounts,#{@base}", password
+  def bind?(uid = nil, password = nil)
+    @ldap.auth("uid=#{uid},cn=users,cn=accounts,#{@base}", password)
     @ldap.bind
   end
 
@@ -48,7 +47,7 @@ class LdapFluff::FreeIPA
   #
   # returns true if owner is in ALL of the groups if all=true, otherwise
   # returns true if owner is in ANY of the groups
-  def is_in_groups(uid, gids = [], all=true)
+  def is_in_groups(uid, gids = [], all = true)
     service_bind
     groups = @member_service.find_user_groups(uid)
     if all
@@ -61,7 +60,7 @@ class LdapFluff::FreeIPA
   def user_exists?(uid)
     begin
       service_bind
-      user = @member_service.find_user(uid)
+      @member_service.find_user(uid)
     rescue MemberService::UIDNotFoundException
       return false
     end
@@ -71,7 +70,7 @@ class LdapFluff::FreeIPA
   def group_exists?(gid)
     begin
       service_bind
-      group = @member_service.find_group(gid)
+      @member_service.find_group(gid)
     rescue MemberService::GIDNotFoundException
       return false
     end
@@ -82,4 +81,3 @@ class LdapFluff::FreeIPA
   end
 
 end
-

data/lib/ldap_fluff/freeipa_member_service.rb

@@ -22,13 +22,13 @@ class LdapFluff::FreeIPA::MemberService
 
   def find_user(uid)
     user = @ldap.search(:filter => name_filter(uid))
-    raise UIDNotFoundException if (user == nil || user.empty?)
+    raise UIDNotFoundException if (user.nil? || user.empty?)
     user
   end
 
   def find_group(gid)
     group = @ldap.search(:filter => group_filter(gid), :base => @group_base)
-    raise GIDNotFoundException if (group == nil || group.empty?)
+    raise GIDNotFoundException if (group.nil? || group.empty?)
     group
   end
 
@@ -41,7 +41,7 @@ class LdapFluff::FreeIPA::MemberService
   end
 
   def _group_names_from_cn(grouplist)
-    p = Proc.new { |g| g.sub(/.*?cn=(.*?),.*/, '\1') }
+    p = proc { |g| g.sub(/.*?cn=(.*?),.*/, '\1') }
     grouplist.collect(&p)
   end
 
@@ -53,5 +53,6 @@ class LdapFluff::FreeIPA::MemberService
 
   class InsufficientQueryPrivilegesException < StandardError
   end
+
 end
 

data/lib/ldap_fluff/ldap_fluff.rb

@@ -2,9 +2,6 @@ require 'rubygems'
 require 'net/ldap'
 
 class LdapFluff
-  class ConfigError < StandardError
-  end
-
   attr_accessor :ldap
 
   def initialize(config = {})
@@ -17,7 +14,7 @@ class LdapFluff
     when :free_ipa
       @ldap = FreeIPA.new(config)
     else
-      raise ConfigError, "Unsupported connection type #{config.server_type.inspect}. Supported types = :active_directory, :posix, :free_ipa"
+      raise 'unknown server_type'
     end
   end
 

data/lib/ldap_fluff/posix.rb

@@ -2,19 +2,18 @@ class LdapFluff::Posix
 
   attr_accessor :ldap, :member_service
 
-  def initialize(config={})
-    @ldap           = Net::LDAP.new :host       => config.host,
+  def initialize(config = {})
+    @ldap           = Net::LDAP.new(:host       => config.host,
                                     :base       => config.base_dn,
                                     :port       => config.port,
-                                    :encryption => config.encryption
+                                    :encryption => config.encryption)
     @group_base     = config.group_base || config.base
     @base           = config.base_dn
     @member_service = MemberService.new(@ldap, @group_base)
   end
 
-  def bind?(uid=nil, password=nil)
-    @ldap.auth "uid=#{uid},#{@base}", password
-    @ldap.bind
+  def bind?(uid = nil, password = nil)
+    @ldap.bind_as(:filter => "(uid=#{uid})", :password => password)
   end
 
   def groups_for_uid(uid)
@@ -28,13 +27,13 @@ class LdapFluff::Posix
   #
   # returns true if owner is in ALL of the groups if all=true, otherwise
   # returns true if owner is in ANY of the groups
-  def is_in_groups(uid, gids = [], all=true)
+  def is_in_groups(uid, gids = [], all = true)
     (gids.empty? || @member_service.times_in_groups(uid, gids, all) > 0)
   end
 
   def user_exists?(uid)
     begin
-      user = @member_service.find_user(uid)
+      @member_service.find_user(uid)
     rescue MemberService::UIDNotFoundException
       return false
     end
@@ -43,7 +42,7 @@ class LdapFluff::Posix
 
   def group_exists?(gid)
     begin
-      group = @member_service.find_group(gid)
+      @member_service.find_group(gid)
     rescue MemberService::GIDNotFoundException
       return false
     end

data/lib/ldap_fluff/posix_member_service.rb

@@ -22,18 +22,17 @@ class LdapFluff::Posix::MemberService
 
   def find_user(uid)
     user = @ldap.search(:filter => name_filter(uid), :base => @group_base)
-    raise UIDNotFoundException if (user == nil || user.empty?)
+    raise UIDNotFoundException if (user.nil? || user.empty?)
     user
   end
 
   def find_group(gid)
     group = @ldap.search(:filter => group_filter(gid), :base => @group_base)
-    raise GIDNotFoundException if (group == nil || group.empty?)
+    raise GIDNotFoundException if (group.nil? || group.empty?)
     group
   end
 
   def times_in_groups(uid, gids, all)
-    matches = 0
     filters = []
     gids.each do |cn|
       filters << group_filter(cn)
@@ -52,15 +51,11 @@ class LdapFluff::Posix::MemberService
   end
 
   # AND or OR all of the filters together
-  def merge_filters(filters = [], all=false)
-    if filters != nil && filters.size >= 1
+  def merge_filters(filters = [], all = false)
+    if !filters.nil? && filters.size >= 1
       filter = filters[0]
-      filters[1..filters.size-1].each do |gfilter|
-        if all
-          filter = filter & gfilter
-        else
-          filter = filter | gfilter
-        end
+      filters[1..(filters.size - 1)].each do |gfilter|
+        filter = (all ? filter & gfilter : filter | gfilter)
       end
       return filter
     end
@@ -71,4 +66,5 @@ class LdapFluff::Posix::MemberService
 
   class GIDNotFoundException < StandardError
   end
+
 end

data/lib/ldap_fluff.rb

@@ -1,8 +1,8 @@
-require_relative 'ldap_fluff/config'
-require_relative 'ldap_fluff/ldap_fluff'
-require_relative 'ldap_fluff/active_directory'
-require_relative 'ldap_fluff/ad_member_service'
-require_relative 'ldap_fluff/posix'
-require_relative 'ldap_fluff/posix_member_service'
-require_relative 'ldap_fluff/freeipa'
-require_relative 'ldap_fluff/freeipa_member_service'
+require 'ldap_fluff/config'
+require 'ldap_fluff/ldap_fluff'
+require 'ldap_fluff/active_directory'
+require 'ldap_fluff/ad_member_service'
+require 'ldap_fluff/posix'
+require 'ldap_fluff/posix_member_service'
+require 'ldap_fluff/freeipa'
+require 'ldap_fluff/freeipa_member_service'

data/test/ad_member_services_test.rb

@@ -1,6 +1,6 @@
-require_relative './lib/ldap_test_helper'
+require 'lib/ldap_test_helper'
 
-class TestADMemberService < MiniTest::Unit::TestCase
+class TestADMemberService < MiniTest::Test
   include LdapTestHelper
 
   def setup
@@ -21,9 +21,9 @@ class TestADMemberService < MiniTest::Unit::TestCase
 
   def nest_deep(n)
     # add all the expects
-    for i in 1..(n-1)
+    1.upto(n - 1) do |i|
       gfilter_bros = group_filter("bros#{i}") & group_class_filter
-      @ldap.expect(:search, ad_parent_payload(i+1), [:filter => gfilter_bros, :base => @config.group_base])
+      @ldap.expect(:search, ad_parent_payload(i + 1), [:filter => gfilter_bros, :base => @config.group_base])
     end
     # terminate or we loop FOREVER
     @ldap.expect(:search, [], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
@@ -31,14 +31,14 @@ class TestADMemberService < MiniTest::Unit::TestCase
 
   def double_nested(n)
     # add all the expects
-    for i in 1..(n-1)
+    1.upto(n - 1) do |i|
       gfilter_bros = group_filter("bros#{i}") & group_class_filter
-      @ldap.expect(:search, ad_double_payload(i+1), [:filter => gfilter_bros, :base => @config.group_base])
+      @ldap.expect(:search, ad_double_payload(i + 1), [:filter => gfilter_bros, :base => @config.group_base])
     end
     # terminate or we loop FOREVER
     @ldap.expect(:search, [], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
-    (n-1).downto(1) do |i|
-      gfilter_bros = group_filter("broskies#{i+1}") & group_class_filter
+    (n - 1).downto(1) do |j|
+      gfilter_bros = group_filter("broskies#{j + 1}") & group_class_filter
       @ldap.expect(:search, [], [:filter => gfilter_bros, :base => @config.group_base])
     end
   end
@@ -48,14 +48,16 @@ class TestADMemberService < MiniTest::Unit::TestCase
     gfilter_bros = group_filter('bros1') & group_class_filter
     @ldap.expect(:search, [], [:filter => gfilter_bros, :base => @config.group_base])
     @adms.ldap = @ldap
-    assert_equal ['group', 'bros1'], @adms.find_user_groups("john")
+    assert_equal(%w(group bros1), @adms.find_user_groups("john"))
     @ldap.verify
   end
 
   def test_missing_user
     @ldap.expect(:search, nil, [:filter => ad_name_filter("john")])
     @adms.ldap = @ldap
-    assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) { @adms.find_user_groups("john").data }
+    assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do
+      @adms.find_user_groups("john").data
+    end
     @ldap.verify
   end
 
@@ -63,7 +65,7 @@ class TestADMemberService < MiniTest::Unit::TestCase
     basic_user
     nest_deep(25)
     @adms.ldap = @ldap
-    assert_equal 26, @adms.find_user_groups('john').size
+    assert_equal(26, @adms.find_user_groups('john').size)
     @ldap.verify
   end
 
@@ -71,43 +73,49 @@ class TestADMemberService < MiniTest::Unit::TestCase
     basic_user
     double_nested(5)
     @adms.ldap = @ldap
-    assert_equal 10, @adms.find_user_groups('john').size
+    assert_equal(10, @adms.find_user_groups('john').size)
     @ldap.verify
   end
 
   def test_nil_payload
-    assert_equal [], @adms._groups_from_ldap_data(nil)
+    assert_equal([], @adms._groups_from_ldap_data(nil))
   end
 
   def test_empty_user
     @ldap.expect(:search, [], [:filter => ad_name_filter("john")])
     @adms.ldap = @ldap
-    assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) { @adms.find_user_groups("john").data }
+    assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do
+      @adms.find_user_groups("john").data
+    end
     @ldap.verify
   end
 
   def test_find_good_user
     basic_user
     @adms.ldap = @ldap
-    assert_equal ad_user_payload, @adms.find_user('john')
+    assert_equal(ad_user_payload, @adms.find_user('john'))
   end
 
   def test_find_missing_user
     @ldap.expect(:search, nil, [:filter => ad_name_filter("john")])
     @adms.ldap = @ldap
-    assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) { @adms.find_user('john') }
+    assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do
+      @adms.find_user('john')
+    end
   end
 
   def test_find_good_group
     basic_group
     @adms.ldap = @ldap
-    assert_equal ad_group_payload, @adms.find_group('broze')
+    assert_equal(ad_group_payload, @adms.find_group('broze'))
   end
 
   def test_find_missing_group
     @ldap.expect(:search, nil, [:filter => ad_group_filter("broze"), :base => @config.group_base])
     @adms.ldap = @ldap
-    assert_raises(LdapFluff::ActiveDirectory::MemberService::GIDNotFoundException) { @adms.find_group('broze') }
+    assert_raises(LdapFluff::ActiveDirectory::MemberService::GIDNotFoundException) do
+      @adms.find_group('broze')
+    end
   end
 
 end