ldap_fluff 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ldap_fluff might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/lib/ldap_fluff/active_directory.rb +10 -15
- data/lib/ldap_fluff/ad_member_service.rb +8 -8
- data/lib/ldap_fluff/config.rb +84 -11
- data/lib/ldap_fluff/freeipa.rb +9 -11
- data/lib/ldap_fluff/freeipa_member_service.rb +4 -3
- data/lib/ldap_fluff/ldap_fluff.rb +1 -4
- data/lib/ldap_fluff/posix.rb +8 -9
- data/lib/ldap_fluff/posix_member_service.rb +7 -11
- data/lib/ldap_fluff.rb +8 -8
- data/test/ad_member_services_test.rb +26 -18
- data/test/ad_test.rb +32 -29
- data/test/config_test.rb +2 -2
- data/test/ipa_member_services_test.rb +16 -9
- data/test/ipa_test.rb +28 -25
- data/test/ldap_test.rb +16 -15
- data/test/lib/ldap_test_helper.rb +2 -2
- data/test/posix_member_services_test.rb +2 -2
- data/test/posix_test.rb +25 -27
- metadata +53 -33
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 9025796dd4a1f338793d0f813f3c75fbd2f23391
|
4
|
+
data.tar.gz: 44db9035ffacf95dd8012bab889db8bb28b0a148
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 574443464695fe4e9ec619673be621a9c1470dc63347a381df512331fd3f987fd679414155db1954a4d8d054ba390609b4bee23b4e5d5b83afa5d8f4c98a6f46
|
7
|
+
data.tar.gz: 02c1b51bf08d46532da8301eb068a86e2539b1124fd353eef60d047cf35eff202afd9b1263c8ffe7c4dfb9b1941869fe985e6e57a69c109b115d0f38bb85e4e1
|
@@ -1,13 +1,12 @@
|
|
1
1
|
class LdapFluff::ActiveDirectory
|
2
2
|
attr_accessor :ldap, :member_service
|
3
3
|
|
4
|
-
def initialize(config={})
|
5
|
-
@ldap = Net::LDAP.new
|
4
|
+
def initialize(config = {})
|
5
|
+
@ldap = Net::LDAP.new(:host => config.host,
|
6
6
|
:base => config.base_dn,
|
7
7
|
:port => config.port,
|
8
|
-
:encryption => config.encryption
|
9
|
-
@group_base = config.group_base
|
10
|
-
@group_base ||= config.base_dn
|
8
|
+
:encryption => config.encryption)
|
9
|
+
@group_base = config.group_base || config.base_dn
|
11
10
|
@ad_domain = config.ad_domain
|
12
11
|
@bind_user = config.service_user
|
13
12
|
@bind_pass = config.service_pass
|
@@ -16,8 +15,8 @@ class LdapFluff::ActiveDirectory
|
|
16
15
|
@member_service = MemberService.new(@ldap, @group_base)
|
17
16
|
end
|
18
17
|
|
19
|
-
def bind?(uid=nil, password=nil)
|
20
|
-
@ldap.auth
|
18
|
+
def bind?(uid = nil, password = nil)
|
19
|
+
@ldap.auth("#{uid}@#{@ad_domain}", password)
|
21
20
|
@ldap.bind
|
22
21
|
end
|
23
22
|
|
@@ -41,18 +40,14 @@ class LdapFluff::ActiveDirectory
|
|
41
40
|
end
|
42
41
|
|
43
42
|
# active directory stores group membership on a users model
|
44
|
-
# TODO query by group individually not like this
|
43
|
+
# TODO: query by group individually not like this
|
45
44
|
def is_in_groups(uid, gids = [], all = false)
|
46
45
|
service_bind
|
47
46
|
return true if gids == []
|
48
47
|
begin
|
49
48
|
groups = @member_service.find_user_groups(uid)
|
50
49
|
intersection = gids & groups
|
51
|
-
|
52
|
-
return intersection == gids
|
53
|
-
else
|
54
|
-
return intersection.size > 0
|
55
|
-
end
|
50
|
+
return (all ? intersection == gids : intersection.size > 0)
|
56
51
|
rescue MemberService::UIDNotFoundException
|
57
52
|
return false
|
58
53
|
end
|
@@ -61,7 +56,7 @@ class LdapFluff::ActiveDirectory
|
|
61
56
|
def user_exists?(uid)
|
62
57
|
begin
|
63
58
|
service_bind
|
64
|
-
|
59
|
+
@member_service.find_user(uid)
|
65
60
|
rescue MemberService::UIDNotFoundException
|
66
61
|
return false
|
67
62
|
end
|
@@ -71,7 +66,7 @@ class LdapFluff::ActiveDirectory
|
|
71
66
|
def group_exists?(gid)
|
72
67
|
begin
|
73
68
|
service_bind
|
74
|
-
|
69
|
+
@member_service.find_group(gid)
|
75
70
|
rescue MemberService::GIDNotFoundException
|
76
71
|
return false
|
77
72
|
end
|
@@ -19,20 +19,20 @@ class LdapFluff::ActiveDirectory::MemberService
|
|
19
19
|
|
20
20
|
def find_user(uid)
|
21
21
|
data = @ldap.search(:filter => name_filter(uid))
|
22
|
-
raise UIDNotFoundException if (data
|
22
|
+
raise UIDNotFoundException if (data.nil? || data.empty?)
|
23
23
|
data
|
24
24
|
end
|
25
25
|
|
26
26
|
def find_group(gid)
|
27
27
|
data = @ldap.search(:filter => group_filter(gid), :base => @group_base)
|
28
|
-
raise GIDNotFoundException if (data
|
28
|
+
raise GIDNotFoundException if (data.nil? || data.empty?)
|
29
29
|
data
|
30
30
|
end
|
31
31
|
|
32
32
|
# return the :memberof attrs + parents, recursively
|
33
33
|
def _groups_from_ldap_data(payload)
|
34
34
|
data = []
|
35
|
-
if payload
|
35
|
+
if !payload.nil?
|
36
36
|
first_level = _group_names_from_cn(payload[:memberof])
|
37
37
|
total_groups = _walk_group_ancestry(first_level)
|
38
38
|
data = (first_level + total_groups).uniq
|
@@ -41,15 +41,15 @@ class LdapFluff::ActiveDirectory::MemberService
|
|
41
41
|
end
|
42
42
|
|
43
43
|
# recursively loop over the parent list
|
44
|
-
def _walk_group_ancestry(gids=[])
|
44
|
+
def _walk_group_ancestry(gids = [])
|
45
45
|
set = []
|
46
46
|
gids.each do |g|
|
47
47
|
filter = group_filter(g) & class_filter
|
48
48
|
search = @ldap.search(:filter => filter, :base => @group_base)
|
49
|
-
if search
|
49
|
+
if !search.nil? && !search.first.nil?
|
50
50
|
group = search.first
|
51
|
-
set
|
52
|
-
set
|
51
|
+
set += _group_names_from_cn(group[:memberof])
|
52
|
+
set += _walk_group_ancestry(set)
|
53
53
|
end
|
54
54
|
end
|
55
55
|
set
|
@@ -77,7 +77,7 @@ class LdapFluff::ActiveDirectory::MemberService
|
|
77
77
|
# I think we would normally want to just do the collect at the end,
|
78
78
|
# but we need the individual names for recursive queries
|
79
79
|
def _group_names_from_cn(grouplist)
|
80
|
-
p =
|
80
|
+
p = proc { |g| g.sub(/.*?CN=(.*?),.*/, '\1') }
|
81
81
|
grouplist.collect(&p)
|
82
82
|
end
|
83
83
|
|
data/lib/ldap_fluff/config.rb
CHANGED
@@ -1,17 +1,90 @@
|
|
1
1
|
require 'yaml'
|
2
|
+
require 'active_support/core_ext/hash'
|
2
3
|
|
3
4
|
class LdapFluff
|
5
|
+
class ConfigError < StandardError
|
6
|
+
end
|
7
|
+
|
4
8
|
class Config
|
5
|
-
ATTRIBUTES = [
|
6
|
-
|
7
|
-
ATTRIBUTES.each { |attr| attr_reader attr }
|
9
|
+
ATTRIBUTES = %w[host port encryption base_dn group_base server_type ad_domain service_user
|
10
|
+
service_pass anon_queries]
|
11
|
+
ATTRIBUTES.each { |attr| attr_reader attr.to_sym }
|
12
|
+
|
13
|
+
DEFAULT_CONFIG = { 'port' => 389,
|
14
|
+
'encryption' => nil,
|
15
|
+
'base_dn' => 'dc=company,dc=com',
|
16
|
+
'group_base' => 'dc=company,dc=com',
|
17
|
+
'server_type' => :free_ipa,
|
18
|
+
'ad_domain' => nil,
|
19
|
+
'anon_queries' => false }
|
20
|
+
|
21
|
+
def initialize(config)
|
22
|
+
raise ArgumentError unless config.respond_to?(:to_hash)
|
23
|
+
config = validate(convert(config))
|
8
24
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
ATTRIBUTES.each { |attr| instance_variable_set :"@#{attr}", options[attr.to_s] }
|
13
|
-
@encryption = @encryption.to_sym if @encryption
|
14
|
-
@server_type = @server_type.to_sym if @server_type
|
25
|
+
ATTRIBUTES.each do |attr|
|
26
|
+
instance_variable_set(:"@#{attr}", config[attr])
|
27
|
+
end
|
15
28
|
end
|
16
|
-
|
17
|
-
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
# @param [#to_hash] config
|
33
|
+
def convert(config)
|
34
|
+
config.to_hash.with_indifferent_access.tap do |conf|
|
35
|
+
%w[encryption server_type].each do |key|
|
36
|
+
conf[key] = conf[key].to_sym if conf[key]
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def missing_keys?(config)
|
42
|
+
missing_keys = ATTRIBUTES - config.keys
|
43
|
+
raise ConfigError, "missing configuration for keys: #{missing_keys.join(',')}" unless missing_keys.empty?
|
44
|
+
end
|
45
|
+
|
46
|
+
def unknown_keys?(config)
|
47
|
+
unknown_keys = config.keys - ATTRIBUTES
|
48
|
+
raise ConfigError, "unknown configuration keys: #{unknown_keys.join(',')}" unless unknown_keys.empty?
|
49
|
+
end
|
50
|
+
|
51
|
+
def all_required_keys?(config)
|
52
|
+
%w[host port base_dn group_base server_type].all? do |key|
|
53
|
+
raise ConfigError, "config key #{key} has to be set, it was nil" if config[key].nil?
|
54
|
+
end
|
55
|
+
|
56
|
+
%w[service_user service_pass].all? do |key|
|
57
|
+
if !config['anon_queries'] && config['server_type'] != :posix && config[key].nil?
|
58
|
+
raise ConfigError, "config key #{key} has to be set, it was nil"
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def anon_queries_set?(config)
|
64
|
+
unless [false, true].include?(config['anon_queries'])
|
65
|
+
raise ConfigError, "config key anon_queries has to be true or false but was #{config['anon_queries']}"
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
def correct_server_type?(config)
|
70
|
+
unless [:posix, :active_directory, :free_ipa].include?(config['server_type'])
|
71
|
+
raise ConfigError, 'config key server_type has to be :active_directory, :posix, :free_ipa ' +
|
72
|
+
"but was #{config['server_type']}"
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def validate(config)
|
77
|
+
config = DEFAULT_CONFIG.merge(config)
|
78
|
+
|
79
|
+
correct_server_type?(config)
|
80
|
+
missing_keys?(config)
|
81
|
+
unknown_keys?(config)
|
82
|
+
all_required_keys?(config)
|
83
|
+
anon_queries_set?(config)
|
84
|
+
|
85
|
+
config
|
86
|
+
end
|
87
|
+
|
88
|
+
end # Config
|
89
|
+
|
90
|
+
end # LdapFluff
|
data/lib/ldap_fluff/freeipa.rb
CHANGED
@@ -2,13 +2,12 @@ class LdapFluff::FreeIPA
|
|
2
2
|
|
3
3
|
attr_accessor :ldap, :member_service
|
4
4
|
|
5
|
-
def initialize(config={})
|
6
|
-
@ldap = Net::LDAP.new
|
5
|
+
def initialize(config = {})
|
6
|
+
@ldap = Net::LDAP.new(:host => config.host,
|
7
7
|
:base => config.base_dn,
|
8
8
|
:port => config.port,
|
9
|
-
:encryption => config.encryption
|
10
|
-
@group_base = config.group_base
|
11
|
-
@group_base ||= config.base_dn
|
9
|
+
:encryption => config.encryption)
|
10
|
+
@group_base = config.group_base || config.base_dn
|
12
11
|
@base = config.base_dn
|
13
12
|
@bind_user = config.service_user
|
14
13
|
@bind_pass = config.service_pass
|
@@ -17,8 +16,8 @@ class LdapFluff::FreeIPA
|
|
17
16
|
@member_service = MemberService.new(@ldap, @group_base)
|
18
17
|
end
|
19
18
|
|
20
|
-
def bind?(uid=nil, password=nil)
|
21
|
-
@ldap.auth
|
19
|
+
def bind?(uid = nil, password = nil)
|
20
|
+
@ldap.auth("uid=#{uid},cn=users,cn=accounts,#{@base}", password)
|
22
21
|
@ldap.bind
|
23
22
|
end
|
24
23
|
|
@@ -48,7 +47,7 @@ class LdapFluff::FreeIPA
|
|
48
47
|
#
|
49
48
|
# returns true if owner is in ALL of the groups if all=true, otherwise
|
50
49
|
# returns true if owner is in ANY of the groups
|
51
|
-
def is_in_groups(uid, gids = [], all=true)
|
50
|
+
def is_in_groups(uid, gids = [], all = true)
|
52
51
|
service_bind
|
53
52
|
groups = @member_service.find_user_groups(uid)
|
54
53
|
if all
|
@@ -61,7 +60,7 @@ class LdapFluff::FreeIPA
|
|
61
60
|
def user_exists?(uid)
|
62
61
|
begin
|
63
62
|
service_bind
|
64
|
-
|
63
|
+
@member_service.find_user(uid)
|
65
64
|
rescue MemberService::UIDNotFoundException
|
66
65
|
return false
|
67
66
|
end
|
@@ -71,7 +70,7 @@ class LdapFluff::FreeIPA
|
|
71
70
|
def group_exists?(gid)
|
72
71
|
begin
|
73
72
|
service_bind
|
74
|
-
|
73
|
+
@member_service.find_group(gid)
|
75
74
|
rescue MemberService::GIDNotFoundException
|
76
75
|
return false
|
77
76
|
end
|
@@ -82,4 +81,3 @@ class LdapFluff::FreeIPA
|
|
82
81
|
end
|
83
82
|
|
84
83
|
end
|
85
|
-
|
@@ -22,13 +22,13 @@ class LdapFluff::FreeIPA::MemberService
|
|
22
22
|
|
23
23
|
def find_user(uid)
|
24
24
|
user = @ldap.search(:filter => name_filter(uid))
|
25
|
-
raise UIDNotFoundException if (user
|
25
|
+
raise UIDNotFoundException if (user.nil? || user.empty?)
|
26
26
|
user
|
27
27
|
end
|
28
28
|
|
29
29
|
def find_group(gid)
|
30
30
|
group = @ldap.search(:filter => group_filter(gid), :base => @group_base)
|
31
|
-
raise GIDNotFoundException if (group
|
31
|
+
raise GIDNotFoundException if (group.nil? || group.empty?)
|
32
32
|
group
|
33
33
|
end
|
34
34
|
|
@@ -41,7 +41,7 @@ class LdapFluff::FreeIPA::MemberService
|
|
41
41
|
end
|
42
42
|
|
43
43
|
def _group_names_from_cn(grouplist)
|
44
|
-
p =
|
44
|
+
p = proc { |g| g.sub(/.*?cn=(.*?),.*/, '\1') }
|
45
45
|
grouplist.collect(&p)
|
46
46
|
end
|
47
47
|
|
@@ -53,5 +53,6 @@ class LdapFluff::FreeIPA::MemberService
|
|
53
53
|
|
54
54
|
class InsufficientQueryPrivilegesException < StandardError
|
55
55
|
end
|
56
|
+
|
56
57
|
end
|
57
58
|
|
@@ -2,9 +2,6 @@ require 'rubygems'
|
|
2
2
|
require 'net/ldap'
|
3
3
|
|
4
4
|
class LdapFluff
|
5
|
-
class ConfigError < StandardError
|
6
|
-
end
|
7
|
-
|
8
5
|
attr_accessor :ldap
|
9
6
|
|
10
7
|
def initialize(config = {})
|
@@ -17,7 +14,7 @@ class LdapFluff
|
|
17
14
|
when :free_ipa
|
18
15
|
@ldap = FreeIPA.new(config)
|
19
16
|
else
|
20
|
-
raise
|
17
|
+
raise 'unknown server_type'
|
21
18
|
end
|
22
19
|
end
|
23
20
|
|
data/lib/ldap_fluff/posix.rb
CHANGED
@@ -2,19 +2,18 @@ class LdapFluff::Posix
|
|
2
2
|
|
3
3
|
attr_accessor :ldap, :member_service
|
4
4
|
|
5
|
-
def initialize(config={})
|
6
|
-
@ldap = Net::LDAP.new
|
5
|
+
def initialize(config = {})
|
6
|
+
@ldap = Net::LDAP.new(:host => config.host,
|
7
7
|
:base => config.base_dn,
|
8
8
|
:port => config.port,
|
9
|
-
:encryption => config.encryption
|
9
|
+
:encryption => config.encryption)
|
10
10
|
@group_base = config.group_base || config.base
|
11
11
|
@base = config.base_dn
|
12
12
|
@member_service = MemberService.new(@ldap, @group_base)
|
13
13
|
end
|
14
14
|
|
15
|
-
def bind?(uid=nil, password=nil)
|
16
|
-
@ldap.
|
17
|
-
@ldap.bind
|
15
|
+
def bind?(uid = nil, password = nil)
|
16
|
+
@ldap.bind_as(:filter => "(uid=#{uid})", :password => password)
|
18
17
|
end
|
19
18
|
|
20
19
|
def groups_for_uid(uid)
|
@@ -28,13 +27,13 @@ class LdapFluff::Posix
|
|
28
27
|
#
|
29
28
|
# returns true if owner is in ALL of the groups if all=true, otherwise
|
30
29
|
# returns true if owner is in ANY of the groups
|
31
|
-
def is_in_groups(uid, gids = [], all=true)
|
30
|
+
def is_in_groups(uid, gids = [], all = true)
|
32
31
|
(gids.empty? || @member_service.times_in_groups(uid, gids, all) > 0)
|
33
32
|
end
|
34
33
|
|
35
34
|
def user_exists?(uid)
|
36
35
|
begin
|
37
|
-
|
36
|
+
@member_service.find_user(uid)
|
38
37
|
rescue MemberService::UIDNotFoundException
|
39
38
|
return false
|
40
39
|
end
|
@@ -43,7 +42,7 @@ class LdapFluff::Posix
|
|
43
42
|
|
44
43
|
def group_exists?(gid)
|
45
44
|
begin
|
46
|
-
|
45
|
+
@member_service.find_group(gid)
|
47
46
|
rescue MemberService::GIDNotFoundException
|
48
47
|
return false
|
49
48
|
end
|
@@ -22,18 +22,17 @@ class LdapFluff::Posix::MemberService
|
|
22
22
|
|
23
23
|
def find_user(uid)
|
24
24
|
user = @ldap.search(:filter => name_filter(uid), :base => @group_base)
|
25
|
-
raise UIDNotFoundException if (user
|
25
|
+
raise UIDNotFoundException if (user.nil? || user.empty?)
|
26
26
|
user
|
27
27
|
end
|
28
28
|
|
29
29
|
def find_group(gid)
|
30
30
|
group = @ldap.search(:filter => group_filter(gid), :base => @group_base)
|
31
|
-
raise GIDNotFoundException if (group
|
31
|
+
raise GIDNotFoundException if (group.nil? || group.empty?)
|
32
32
|
group
|
33
33
|
end
|
34
34
|
|
35
35
|
def times_in_groups(uid, gids, all)
|
36
|
-
matches = 0
|
37
36
|
filters = []
|
38
37
|
gids.each do |cn|
|
39
38
|
filters << group_filter(cn)
|
@@ -52,15 +51,11 @@ class LdapFluff::Posix::MemberService
|
|
52
51
|
end
|
53
52
|
|
54
53
|
# AND or OR all of the filters together
|
55
|
-
def merge_filters(filters = [], all=false)
|
56
|
-
if filters
|
54
|
+
def merge_filters(filters = [], all = false)
|
55
|
+
if !filters.nil? && filters.size >= 1
|
57
56
|
filter = filters[0]
|
58
|
-
filters[1..filters.size-1].each do |gfilter|
|
59
|
-
|
60
|
-
filter = filter & gfilter
|
61
|
-
else
|
62
|
-
filter = filter | gfilter
|
63
|
-
end
|
57
|
+
filters[1..(filters.size - 1)].each do |gfilter|
|
58
|
+
filter = (all ? filter & gfilter : filter | gfilter)
|
64
59
|
end
|
65
60
|
return filter
|
66
61
|
end
|
@@ -71,4 +66,5 @@ class LdapFluff::Posix::MemberService
|
|
71
66
|
|
72
67
|
class GIDNotFoundException < StandardError
|
73
68
|
end
|
69
|
+
|
74
70
|
end
|
data/lib/ldap_fluff.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
1
|
+
require 'ldap_fluff/config'
|
2
|
+
require 'ldap_fluff/ldap_fluff'
|
3
|
+
require 'ldap_fluff/active_directory'
|
4
|
+
require 'ldap_fluff/ad_member_service'
|
5
|
+
require 'ldap_fluff/posix'
|
6
|
+
require 'ldap_fluff/posix_member_service'
|
7
|
+
require 'ldap_fluff/freeipa'
|
8
|
+
require 'ldap_fluff/freeipa_member_service'
|
@@ -1,6 +1,6 @@
|
|
1
|
-
|
1
|
+
require 'lib/ldap_test_helper'
|
2
2
|
|
3
|
-
class TestADMemberService < MiniTest::
|
3
|
+
class TestADMemberService < MiniTest::Test
|
4
4
|
include LdapTestHelper
|
5
5
|
|
6
6
|
def setup
|
@@ -21,9 +21,9 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
21
21
|
|
22
22
|
def nest_deep(n)
|
23
23
|
# add all the expects
|
24
|
-
|
24
|
+
1.upto(n - 1) do |i|
|
25
25
|
gfilter_bros = group_filter("bros#{i}") & group_class_filter
|
26
|
-
@ldap.expect(:search, ad_parent_payload(i+1), [:filter => gfilter_bros, :base => @config.group_base])
|
26
|
+
@ldap.expect(:search, ad_parent_payload(i + 1), [:filter => gfilter_bros, :base => @config.group_base])
|
27
27
|
end
|
28
28
|
# terminate or we loop FOREVER
|
29
29
|
@ldap.expect(:search, [], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
|
@@ -31,14 +31,14 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
31
31
|
|
32
32
|
def double_nested(n)
|
33
33
|
# add all the expects
|
34
|
-
|
34
|
+
1.upto(n - 1) do |i|
|
35
35
|
gfilter_bros = group_filter("bros#{i}") & group_class_filter
|
36
|
-
@ldap.expect(:search, ad_double_payload(i+1), [:filter => gfilter_bros, :base => @config.group_base])
|
36
|
+
@ldap.expect(:search, ad_double_payload(i + 1), [:filter => gfilter_bros, :base => @config.group_base])
|
37
37
|
end
|
38
38
|
# terminate or we loop FOREVER
|
39
39
|
@ldap.expect(:search, [], [:filter => group_filter("bros#{n}") & group_class_filter, :base => @config.group_base])
|
40
|
-
(n-1).downto(1) do |
|
41
|
-
gfilter_bros = group_filter("broskies#{
|
40
|
+
(n - 1).downto(1) do |j|
|
41
|
+
gfilter_bros = group_filter("broskies#{j + 1}") & group_class_filter
|
42
42
|
@ldap.expect(:search, [], [:filter => gfilter_bros, :base => @config.group_base])
|
43
43
|
end
|
44
44
|
end
|
@@ -48,14 +48,16 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
48
48
|
gfilter_bros = group_filter('bros1') & group_class_filter
|
49
49
|
@ldap.expect(:search, [], [:filter => gfilter_bros, :base => @config.group_base])
|
50
50
|
@adms.ldap = @ldap
|
51
|
-
assert_equal
|
51
|
+
assert_equal(%w(group bros1), @adms.find_user_groups("john"))
|
52
52
|
@ldap.verify
|
53
53
|
end
|
54
54
|
|
55
55
|
def test_missing_user
|
56
56
|
@ldap.expect(:search, nil, [:filter => ad_name_filter("john")])
|
57
57
|
@adms.ldap = @ldap
|
58
|
-
assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException)
|
58
|
+
assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do
|
59
|
+
@adms.find_user_groups("john").data
|
60
|
+
end
|
59
61
|
@ldap.verify
|
60
62
|
end
|
61
63
|
|
@@ -63,7 +65,7 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
63
65
|
basic_user
|
64
66
|
nest_deep(25)
|
65
67
|
@adms.ldap = @ldap
|
66
|
-
assert_equal
|
68
|
+
assert_equal(26, @adms.find_user_groups('john').size)
|
67
69
|
@ldap.verify
|
68
70
|
end
|
69
71
|
|
@@ -71,43 +73,49 @@ class TestADMemberService < MiniTest::Unit::TestCase
|
|
71
73
|
basic_user
|
72
74
|
double_nested(5)
|
73
75
|
@adms.ldap = @ldap
|
74
|
-
assert_equal
|
76
|
+
assert_equal(10, @adms.find_user_groups('john').size)
|
75
77
|
@ldap.verify
|
76
78
|
end
|
77
79
|
|
78
80
|
def test_nil_payload
|
79
|
-
assert_equal
|
81
|
+
assert_equal([], @adms._groups_from_ldap_data(nil))
|
80
82
|
end
|
81
83
|
|
82
84
|
def test_empty_user
|
83
85
|
@ldap.expect(:search, [], [:filter => ad_name_filter("john")])
|
84
86
|
@adms.ldap = @ldap
|
85
|
-
assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException)
|
87
|
+
assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do
|
88
|
+
@adms.find_user_groups("john").data
|
89
|
+
end
|
86
90
|
@ldap.verify
|
87
91
|
end
|
88
92
|
|
89
93
|
def test_find_good_user
|
90
94
|
basic_user
|
91
95
|
@adms.ldap = @ldap
|
92
|
-
assert_equal
|
96
|
+
assert_equal(ad_user_payload, @adms.find_user('john'))
|
93
97
|
end
|
94
98
|
|
95
99
|
def test_find_missing_user
|
96
100
|
@ldap.expect(:search, nil, [:filter => ad_name_filter("john")])
|
97
101
|
@adms.ldap = @ldap
|
98
|
-
assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException)
|
102
|
+
assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do
|
103
|
+
@adms.find_user('john')
|
104
|
+
end
|
99
105
|
end
|
100
106
|
|
101
107
|
def test_find_good_group
|
102
108
|
basic_group
|
103
109
|
@adms.ldap = @ldap
|
104
|
-
assert_equal
|
110
|
+
assert_equal(ad_group_payload, @adms.find_group('broze'))
|
105
111
|
end
|
106
112
|
|
107
113
|
def test_find_missing_group
|
108
114
|
@ldap.expect(:search, nil, [:filter => ad_group_filter("broze"), :base => @config.group_base])
|
109
115
|
@adms.ldap = @ldap
|
110
|
-
assert_raises(LdapFluff::ActiveDirectory::MemberService::GIDNotFoundException)
|
116
|
+
assert_raises(LdapFluff::ActiveDirectory::MemberService::GIDNotFoundException) do
|
117
|
+
@adms.find_group('broze')
|
118
|
+
end
|
111
119
|
end
|
112
120
|
|
113
121
|
end
|