ldap_lookup 0.1.7 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 174f93602c6a5158d0f3cce5d846eff7d2718eae02dc41eab13c843afadf86c8
-  data.tar.gz: 3d3de4dd9b981317460607a807b1a1fc0ceb38aa89dbe18fcd97e6aedab8c661
+  metadata.gz: 957c311d5d68fcc94258c7f1263c2c17c4f9c2455f7043832fe5c3791ebd3cc8
+  data.tar.gz: e3029a5edf0799b9f1d5a13407639658f7360d9a1c8e4cfd663798f014008e06
 SHA512:
-  metadata.gz: 8f483e5246550e3aad01cb1185878b44fd7420cdb90d1b7c9126b5067e19fb6b812bbe4f448aa7144b09a8b1bd1fb998c25b281cb98d3b782745b107b8615ea6
-  data.tar.gz: e19cad4c0c17d93c30cfcbd7e1be5f43bbffe49a0e50bcf836938285994866c93a5dbcbeeac03f3c745d50caac996f1521616227a1f3ddcbe0854556cc72f073
+  metadata.gz: 32f0da915876e614ca9374d59a3045e924905b7ff2f218a4b73133d92ca718dec5afdd0f91fbcdf23052b9cddde85c37f075d8311d6a91aac539dce3cf2bfc31
+  data.tar.gz: 8d788fd099caf5b0df62e6e7eac16303b08ec18ec2b4ec734a5d3e84d0b6a730bf1bfc4b93b8ee6ec5a3af3cfd6409a46a605a8fa2b350a1fe56987d1c50a62e

data/.env.example

@@ -0,0 +1,25 @@
+# LDAP Configuration for Testing
+# Copy this file to .env and fill in your actual credentials
+# The .env file is gitignored and will not be committed
+
+# Your UM uniqname (username)
+LDAP_USERNAME=your_uniqname
+
+# Your UM password
+LDAP_PASSWORD=your_password
+
+# Leave LDAP_USERNAME and LDAP_PASSWORD unset for anonymous binds
+
+# Optional: Override default LDAP settings
+# LDAP_HOST=ldap.umich.edu
+# LDAP_PORT=389          # Use 389 for STARTTLS or 636 for LDAPS
+# LDAP_BASE=dc=umich,dc=edu
+# LDAP_ENCRYPTION=start_tls  # Use 'start_tls' for port 389 or 'simple_tls' for port 636 (LDAPS)
+# LDAP_DEPT_ATTRIBUTE=umichPostalAddressData
+# LDAP_GROUP_ATTRIBUTE=umichGroupEmail
+# LDAP_TLS_VERIFY=true   # Set to false to disable cert verification (dev only)
+# LDAP_CA_CERT=/path/to/ca-bundle.pem
+#
+# If STARTTLS (port 389) doesn't work, try LDAPS:
+# LDAP_PORT=636
+# LDAP_ENCRYPTION=simple_tls

data/.gitignore

@@ -7,3 +7,8 @@
 /spec/reports/
 /tmp/
 *.gem
+
+# Environment variables
+.env
+.env.local
+.env.*.local

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--format documentation
+--color

data/.rspec_status

@@ -0,0 +1,46 @@
+example_id                            | status | run_time        |
+------------------------------------- | ------ | --------------- |
+./spec/configuration_spec.rb[1:1:1:1] | passed | 0.00021 seconds |
+./spec/configuration_spec.rb[1:1:1:2] | passed | 0.00004 seconds |
+./spec/configuration_spec.rb[1:1:1:3] | passed | 0.00004 seconds |
+./spec/configuration_spec.rb[1:1:2:1] | passed | 0.00149 seconds |
+./spec/configuration_spec.rb[1:1:2:2] | passed | 0.00004 seconds |
+./spec/configuration_spec.rb[1:1:3:1] | passed | 0.00004 seconds |
+./spec/configuration_spec.rb[1:1:3:2] | passed | 0.00005 seconds |
+./spec/configuration_spec.rb[1:2:1]   | passed | 0.00002 seconds |
+./spec/configuration_spec.rb[1:2:2]   | passed | 0.00003 seconds |
+./spec/configuration_spec.rb[1:3:1]   | passed | 0.00003 seconds |
+./spec/configuration_spec.rb[1:3:2]   | passed | 0.00003 seconds |
+./spec/configuration_spec.rb[1:3:3]   | passed | 0.00003 seconds |
+./spec/ldap_lookup_spec.rb[1:1:1:1]   | passed | 0.63596 seconds |
+./spec/ldap_lookup_spec.rb[1:1:2:1]   | passed | 0.61562 seconds |
+./spec/ldap_lookup_spec.rb[1:1:3:1]   | passed | 0.60601 seconds |
+./spec/ldap_lookup_spec.rb[1:2:1:1]   | passed | 0.64499 seconds |
+./spec/ldap_lookup_spec.rb[1:2:2:1]   | passed | 0.6525 seconds  |
+./spec/ldap_lookup_spec.rb[1:3:1:1]   | passed | 0.66369 seconds |
+./spec/ldap_lookup_spec.rb[1:3:2:1]   | passed | 1.29 seconds    |
+./spec/ldap_lookup_spec.rb[1:4:1:1]   | passed | 0.64139 seconds |
+./spec/ldap_lookup_spec.rb[1:4:2:1]   | passed | 0.64128 seconds |
+./spec/ldap_lookup_spec.rb[1:5:1:1]   | passed | 1.69 seconds    |
+./spec/ldap_lookup_spec.rb[1:5:2:1]   | passed | 0.75576 seconds |
+./spec/ldap_lookup_spec.rb[1:5:3:1]   | passed | 0.70272 seconds |
+./spec/ldap_lookup_spec.rb[1:5:4:1]   | passed | 0.74101 seconds |
+./spec/ldap_lookup_spec.rb[1:6:1:1]   | passed | 0.78507 seconds |
+./spec/ldap_lookup_spec.rb[1:6:1:2]   | passed | 0.77477 seconds |
+./spec/ldap_lookup_spec.rb[1:6:1:3]   | passed | 0.74474 seconds |
+./spec/ldap_lookup_spec.rb[1:6:2:1]   | passed | 0.70436 seconds |
+./spec/ldap_lookup_spec.rb[1:7:1:1]   | passed | 13.94 seconds   |
+./spec/ldap_lookup_spec.rb[1:7:1:2]   | passed | 21.97 seconds   |
+./spec/ldap_lookup_spec.rb[1:7:1:3]   | passed | 27.87 seconds   |
+./spec/ldap_lookup_spec.rb[1:7:2:1]   | passed | 7.88 seconds    |
+./spec/ldap_lookup_spec.rb[1:8:1:1]   | passed | 0.0026 seconds  |
+./spec/ldap_lookup_spec.rb[1:8:1:2]   | passed | 0.00012 seconds |
+./spec/ldap_lookup_spec.rb[1:8:1:3]   | passed | 0.00009 seconds |
+./spec/ldap_lookup_spec.rb[1:8:2:1]   | passed | 0.0001 seconds  |
+./spec/ldap_lookup_spec.rb[1:8:3:1]   | passed | 0.0001 seconds  |
+./spec/ldap_lookup_spec.rb[1:9:1:1]   | passed | 0.0001 seconds  |
+./spec/ldap_lookup_spec.rb[1:9:2:1]   | passed | 0.00009 seconds |
+./spec/ldap_lookup_spec.rb[1:10:1:1]  | passed | 0.525 seconds   |
+./spec/ldap_lookup_spec.rb[1:10:2:1]  | passed | 0.46772 seconds |
+./spec/ldap_lookup_spec.rb[1:11:1:1]  | failed | 0.54755 seconds |
+./spec/ldap_lookup_spec.rb[1:11:2:1]  | passed | 0.47023 seconds |

data/Gemfile.lock

@@ -1,14 +1,15 @@
 PATH
   remote: .
   specs:
-    ldap_lookup (0.1.7)
-      net-ldap (~> 0.17.0)
+    ldap_lookup (0.1.8)
+      net-ldap (~> 0.18.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
     diff-lcs (1.3)
-    net-ldap (0.17.1)
+    dotenv (2.8.1)
+    net-ldap (0.18.0)
     rake (13.0.1)
     rspec (3.7.0)
       rspec-core (~> 3.7.0)
@@ -29,6 +30,7 @@ PLATFORMS
 
 DEPENDENCIES
   bundler (~> 2.2.26)
+  dotenv (~> 2.8)
   ldap_lookup!
   rake (~> 13.0)
   rspec (~> 3.7.0)

data/README.md

@@ -1,7 +1,7 @@
 # LdapLookup for Ruby [![Gem Version](https://badge.fury.io/rb/ldap_lookup.svg)](https://badge.fury.io/rb/ldap_lookup)
 
 ### Description
-This module is to be used for anonymous lookup of user attributes in the MCommunity service provide at the University of Michigan. It can be easily modifed to use other LDAP server configurations.
+This module is to be used for authenticated or anonymous lookup of user attributes in the MCommunity service provided at the University of Michigan. It supports authenticated LDAP binds with encryption as per UM IT Security requirements (effective Jan 20, 2026). It can be easily modified to use other LDAP server configurations.
 
 ---
 
@@ -9,7 +9,7 @@ This module is to be used for anonymous lookup of user attributes in the MCommun
 
 Requirements:
 * Ruby at least 2.0.0
-* Gem 'net-ldap' ~> '0.16.1'
+* Gem 'net-ldap' ~> '0.17.0'
 > *The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has a Missing SSL Certificate Validation.*
 
 To try the module out:
@@ -18,13 +18,24 @@ To try the module out:
 <pre>
 LdapLookup.configuration do |config|
       config.host = <em>< your host ></em> # "ldap.umich.edu"
-      config.port = <em>< your port ></em> # "986" the default is set to "389" so this optional
+      config.port = <em>< your port ></em> # "389" (default) for STARTTLS, "636" for LDAPS
       config.base = <em>< your LDAP base ></em> # "dc=umich,dc=edu"
+      config.username = <em>< your uniqname ></em> # Your UM uniqname (e.g., "rsmoke")
+      config.password = <em>< your password ></em> # Your UM password
+      config.encryption = :start_tls  # :start_tls (default, port 389) or :simple_tls (LDAPS, port 636)
       config.dept_attribute = <em>< your dept attribute ></em> # "umichPostalAddressData"
       config.group_attribute = <em>< your group email attribute ></em> # "umichGroupEmail"
 end
 </pre>
 
+**Important:** As of January 20, 2026, UM LDAP requires:
+- **Authenticated binds only** - Anonymous (unauthenticated) binds are not supported by UM LDAP
+- Username and password are required for UM LDAP connections
+- Encrypted connections (STARTTLS or LDAPS) are mandatory
+- The gem uses LDAP "simple bind" authentication (authenticated with username/password)
+
+The gem can also perform **anonymous binds** for LDAP servers that allow them. To use anonymous binds, leave `LDAP_USERNAME` and `LDAP_PASSWORD` unset.
+
 3. run the ldaptest.rb script
 ```ruby
 ruby ./ldaptest.rb
@@ -34,58 +45,173 @@ ruby ./ldaptest.rb
 
 ### Installation
 
+#### Step 1: Add to Gemfile
+
 Add this line to your application's Gemfile:
 
 ```ruby
 gem 'ldap_lookup'
 ```
 
-And then execute:
+Then run:
 
-    $ bundle
+```bash
+bundle install
+```
 
-Or install it yourself as:
+#### Step 2: Get LDAP Credentials
 
-    $ gem install ldap_lookup
+**For Production Applications (Recommended):**
+Request a **service account** from your IT department. Service accounts are designed for automated applications and don't require password changes.
 
-In your application create a file config/initializers/ldap_lookup.rb
-<pre>
+**For Development/Testing:**
+You can use your personal UM uniqname and password temporarily, but switch to a service account for production.
+
+#### Step 3: Configure the Gem
+
+**For Rails Applications:**
+
+Create `config/initializers/ldap_lookup.rb`:
+
+```ruby
 LdapLookup.configuration do |config|
-    config.host = <em>< your host ></em> # "ldap.umich.edu"
-    config.port = <em>< your port ></em> # "954" port 389 is set by default
-    config.base = <em>< your LDAP base ></em> # "dc=umich,dc=edu"
-    config.dept_attribute = <em>< your dept attribute ></em> # "umichPostalAddressData"
-    config.group_attribute = <em>< your group email attribute ></em> # "umichGroupEmail"
+  # Server Configuration (defaults work for UM LDAP)
+  config.host = ENV.fetch('LDAP_HOST', 'ldap.umich.edu')
+  config.port = ENV.fetch('LDAP_PORT', '389')
+  config.base = ENV.fetch('LDAP_BASE', 'dc=umich,dc=edu')
+  
+  # Authentication (optional for anonymous binds)
+  # Leave unset to use anonymous binds (if your LDAP server allows it)
+  config.username = ENV['LDAP_USERNAME']
+  config.password = ENV['LDAP_PASSWORD']
+  
+  # If using a service account with custom bind DN, uncomment and set:
+  # config.bind_dn = 'cn=service-account,ou=Service Accounts,dc=umich,dc=edu'
+  
+  # Encryption - REQUIRED (defaults to STARTTLS)
+  config.encryption = ENV.fetch('LDAP_ENCRYPTION', 'start_tls').to_sym
+  # Use :simple_tls for LDAPS on port 636
+  # TLS verification (defaults to true). Set LDAP_TLS_VERIFY=false only for local testing.
+  # Optional custom CA bundle: set LDAP_CA_CERT=/path/to/ca-bundle.pem
+  
+  # Optional: Attribute Configuration
+  config.dept_attribute = ENV.fetch('LDAP_DEPT_ATTRIBUTE', 'umichPostalAddressData')
+  config.group_attribute = ENV.fetch('LDAP_GROUP_ATTRIBUTE', 'umichGroupEmail')
 end
-</pre>
+```
+
+**For Non-Rails Applications:**
+
+Configure in your application startup:
+
+```ruby
+require 'ldap_lookup'
+
+LdapLookup.configuration do |config|
+  config.host = 'ldap.umich.edu'
+  config.base = 'dc=umich,dc=edu'
+  config.username = ENV['LDAP_USERNAME']
+  config.password = ENV['LDAP_PASSWORD']
+  config.encryption = :start_tls
+end
+```
+
+#### Step 4: Set Environment Variables
+
+**Never hardcode credentials in your code!** Use environment variables (Hatchbox, Heroku, etc.):
+
+```bash
+# In your .env file (for development)
+LDAP_USERNAME=your_service_account_uniqname
+LDAP_PASSWORD=your_service_account_password
+
+# Or export in your shell
+export LDAP_USERNAME=your_service_account_uniqname
+export LDAP_PASSWORD=your_service_account_password
+
+# You can also set these (all can be changed without redeploying):
+# LDAP_HOST, LDAP_PORT, LDAP_BASE, LDAP_ENCRYPTION, LDAP_TLS_VERIFY, LDAP_CA_CERT
+```
+
+**For Production:**
+- Use your platform's secrets management (Rails credentials, AWS Secrets Manager, etc.)
+- Never commit credentials to version control
+- Use service accounts, not personal accounts
+
+#### Service Account Bind DN
+
+If your service account uses a non-standard bind DN format, you can specify it:
+
+```ruby
+config.bind_dn = 'cn=my-service-account,ou=Service Accounts,dc=umich,dc=edu'
+```
+
+If `bind_dn` is not set, it defaults to: `uid=username,ou=People,base`
 
 ---
 
 ### Methods available
 
+__uid_exist?:__ returns true if uid is in LDAP
+```
+LdapLookup.uid_exist?(uniqname)
+response: true or false (boolean)
+```
 __get_simple_name:__ returns the Display Name
 ```
 LdapLookup.get_simple_name(uniqname = nil)
+response: name or "No #{attribute} found for #{uniqname}"
 ```
 __get_dept:__ returns the users Department_name
 ```
 LdapLookup.get_dept(uniqname = nil)
+response: dept name or "No #{nested_attribute} found for #{uniqname}"
 ```
 __get_email:__ returns the users email address
 ```
 LdapLookup.get_email(uniqname = nil)
+response: email or "No #{attribute} found for #{uniqname}"
 ```
 __is_member_of_group?:__ returns true/false if uniqname is a member of the specified group
 ```
 LdapLookup.is_member_of_group?(uid = nil, group_name = nil)
+response: true or false (boolean)
 ```
 __get_email_distribution_list:__ Returns the list of emails that are associated to a group.
 ```
 LdapLookup.get_email_distribution_list(group_name = nil)
+response: result_hash
 ```
 __all_groups_for_user:__ Returns the list of groups that a user is a member of.
 ```
 LdapLookup.all_groups_for_user(uniqname = nil)
+response: result_array
+```
+
+### Running Tests
+
+**Security Note:** Never put passwords in command line arguments. They are visible in process lists and shell history.
+
+**Recommended: Use a .env file (most secure)**
+1. Copy the example file: `cp .env.example .env`
+2. Edit `.env` with your credentials:
+   ```
+   LDAP_USERNAME=your_uniqname
+   LDAP_PASSWORD=your_password
+   ```
+3. Run tests: `bundle exec rspec`
+
+**Alternative: Export environment variables**
+```bash
+export LDAP_USERNAME=your_uniqname
+export LDAP_PASSWORD=your_password
+bundle exec rspec
+```
+
+**Never do this (insecure):**
+```bash
+# ❌ DON'T: Password visible in process list
+LDAP_PASSWORD=xxx bundle exec rspec
 ```
 
 ### Contributing

data/SETUP.md

@@ -0,0 +1,117 @@
+# Quick Setup Guide for Gem Users
+
+This guide will help you quickly set up `ldap_lookup` in your Rails application.
+
+## Prerequisites
+
+1. **Get LDAP Credentials**
+   - For production: Request a service account from your IT department
+   - For development: You can temporarily use your personal uniqname/password
+
+## Installation Steps
+
+### 1. Add to Gemfile
+
+```ruby
+gem 'ldap_lookup'
+```
+
+Run `bundle install`
+
+### 2. Create Initializer
+
+Copy the example initializer:
+
+```bash
+# If you have the gem source
+cp config/initializers/ldap_lookup.rb.example config/initializers/ldap_lookup.rb
+
+# Or create it manually
+touch config/initializers/ldap_lookup.rb
+```
+
+### 3. Configure Credentials
+
+Edit `config/initializers/ldap_lookup.rb`:
+
+```ruby
+LdapLookup.configuration do |config|
+  config.host = ENV.fetch('LDAP_HOST', 'ldap.umich.edu')
+  config.base = ENV.fetch('LDAP_BASE', 'dc=umich,dc=edu')
+  # Leave unset to use anonymous binds (if your LDAP server allows it)
+  config.username = ENV['LDAP_USERNAME']
+  config.password = ENV['LDAP_PASSWORD']
+  config.encryption = :start_tls
+end
+```
+
+### 4. Set Environment Variables
+
+**Development (.env file):**
+```bash
+LDAP_USERNAME=your_service_account
+LDAP_PASSWORD=your_password
+```
+
+**Production:**
+Use your platform's secrets management:
+- Rails: `config/credentials.yml.enc`
+- Heroku: `heroku config:set LDAP_USERNAME=xxx`
+- AWS: Secrets Manager
+- etc.
+
+### 5. Service Account Bind DN (if needed)
+
+If your service account uses a custom bind DN format, add:
+
+```ruby
+config.bind_dn = 'cn=service-account,ou=Service Accounts,dc=umich,dc=edu'
+```
+
+Your IT department will provide this if it's different from the default format.
+
+## Usage
+
+```ruby
+# Check if a user exists
+LdapLookup.uid_exist?('uniqname')
+
+# Get user's name
+LdapLookup.get_simple_name('uniqname')
+
+# Get user's email
+LdapLookup.get_email('uniqname')
+
+# Get user's department
+LdapLookup.get_dept('uniqname')
+
+# Check group membership
+LdapLookup.is_member_of_group?('uniqname', 'group-name')
+
+# Get all groups for a user
+LdapLookup.all_groups_for_user('uniqname')
+```
+
+## Troubleshooting
+
+**Anonymous bind fails**
+- Your LDAP server may require authenticated binds
+- Set `LDAP_USERNAME` and `LDAP_PASSWORD` (service account recommended)
+- Verify credentials are correct
+
+**Error: Connection timeout or SSL errors**
+- Verify `config.host` is correct
+- Try `config.encryption = :simple_tls` with `config.port = '636'` for LDAPS
+- Check firewall rules allow outbound LDAP connections
+
+**Service account not working**
+- Verify the bind DN format with your IT department
+- Set `config.bind_dn` if your service account uses a non-standard format
+
+## Security Reminders
+
+- ✅ Use environment variables for credentials
+- ✅ Use service accounts in production
+- ✅ Never commit credentials to version control
+- ❌ Don't hardcode passwords in code
+- ❌ Don't use personal accounts in production

data/config/initializers/ldap_lookup.rb.example

@@ -0,0 +1,32 @@
+# LDAP Lookup Configuration
+# Copy this file to config/initializers/ldap_lookup.rb and configure with your credentials
+#
+# IMPORTANT: Never commit credentials to version control!
+# Use environment variables or a secrets management system.
+
+LdapLookup.configuration do |config|
+  # LDAP Server Configuration
+  config.host = ENV.fetch('LDAP_HOST', 'ldap.umich.edu')
+  config.port = ENV.fetch('LDAP_PORT', '389')
+  config.base = ENV.fetch('LDAP_BASE', 'dc=umich,dc=edu')
+  
+  # Authentication (optional for anonymous binds)
+  # Option 1: Use a service account (recommended for production)
+  # Request a service account from your IT department
+  # Leave unset to use anonymous binds (if your LDAP server allows it)
+  config.username = ENV['LDAP_USERNAME']
+  config.password = ENV['LDAP_PASSWORD']
+  
+  # Option 2: If your service account uses a custom bind DN format, specify it:
+  # config.bind_dn = 'cn=service-account,ou=Service Accounts,dc=umich,dc=edu'
+  # (If bind_dn is not set, it defaults to: uid=username,ou=People,base)
+  
+  # Encryption - REQUIRED (as of Jan 20, 2026)
+  # Use :start_tls for port 389 or :simple_tls for LDAPS on port 636
+  encryption_method = ENV.fetch('LDAP_ENCRYPTION', 'start_tls').to_sym
+  config.encryption = encryption_method
+  
+  # Optional: Attribute Configuration
+  config.dept_attribute = ENV.fetch('LDAP_DEPT_ATTRIBUTE', 'umichPostalAddressData')
+  config.group_attribute = ENV.fetch('LDAP_GROUP_ATTRIBUTE', 'umichGroupEmail')
+end

data/ldap_lookup.gemspec

@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Rick Smoke"]
   spec.email         = ["rsmoke@umich.edu"]
 
-  spec.summary       = %q{For anonymous lookup of user LDAP attributes.}
-  spec.description   = %q{This module is to be used for anonymous lookup of attributes in the MCommunity service provide at the University of Michigan. It can be easily modifed to use other LDAP server configurations.}
+  spec.summary       = %q{Authenticated LDAP lookup for MCommunity user attributes at University of Michigan.}
+  spec.description   = %q{This gem provides authenticated LDAP lookups for user attributes in the MCommunity service at the University of Michigan. It supports encrypted connections (STARTTLS/LDAPS) and service accounts as required by UM IT Security (effective Jan 20, 2026). Can be easily modified for other LDAP server configurations.}
   spec.homepage      = "https://github.com/rsmoke/ldap_lookup.git"
   spec.license       = "MIT"
 
@@ -24,5 +24,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 2.2.26"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.7.0"
-  spec.add_dependency 'net-ldap', '~> 0.17.0'
+  spec.add_development_dependency "dotenv", "~> 2.8"
+  spec.add_dependency 'net-ldap', '~> 0.18.0'
 end

data/ldaptest.rb

@@ -1,5 +1,12 @@
 #!/usr/bin/env ruby
 
+# Load .env file if it exists (for local development)
+begin
+  require 'dotenv/load'
+rescue LoadError
+  # dotenv not available, will use environment variables or fallbacks
+end
+
 require_relative "lib/ldap_lookup"
 
 class Ldaptest
@@ -7,10 +14,20 @@ class Ldaptest
 
   ############## CONFIGURATION BLOCK ###################
   LdapLookup.configuration do |config|
-    config.host = "ldap.umich.edu"
-    config.base = "dc=umich,dc=edu"
-    config.dept_attribute = "umichPostalAddressData"
-    config.group_attribute = "umichGroupEmail"
+    config.host = ENV['LDAP_HOST'] || "ldap.umich.edu"
+    config.port = ENV['LDAP_PORT'] || "389"
+    config.base = ENV['LDAP_BASE'] || "dc=umich,dc=edu"
+    # Leave username/password unset for anonymous binds
+    config.username = ENV['LDAP_USERNAME']
+    config.password = ENV['LDAP_PASSWORD']
+    # Read encryption from ENV, default to start_tls
+    encryption_str = ENV['LDAP_ENCRYPTION'] || 'start_tls'
+    config.encryption = encryption_str.to_sym
+    config.dept_attribute = ENV['LDAP_DEPT_ATTRIBUTE'] || "umichPostalAddressData"
+    config.group_attribute = ENV['LDAP_GROUP_ATTRIBUTE'] || "umichGroupEmail"
+    # Enable LDAP debug logging in this test runner
+    debug_str = ENV['LDAP_DEBUG']
+    config.debug = debug_str ? debug_str.to_s.downcase == 'true' : true
   end
   #######################################################
 
@@ -32,7 +49,7 @@ class Ldaptest
   end
 
   def result_box(answer)
-    print "\e[2J\e[f"
+    # print "\e[2J\e[f"
     2.times { puts " " }
     puts "Your Results"
     puts "======================================================"
@@ -56,6 +73,7 @@ class Ldaptest
     puts "2: set new group_uid"
     puts "+++++++++++++++++++++++++"
     puts "3: get users full name"
+    puts "33: check if uid exists"
     puts "4: get users department"
     puts "5: get users email"
     puts "55: get all groups a user is a member of"
@@ -64,23 +82,28 @@ class Ldaptest
     puts "7: check if uid is member of a group"
     puts "+++++++++++++++++++++++++"
     puts "8: what time is it?"
+    puts "99: test LDAP connection (diagnostic)"
     puts "0: exit"
+    puts ""
+    print "Enter a number: "
 
     case gets.chomp.to_i
     when 1 then result_box(reset_uid)
     when 2 then result_box(reset_group_uid)
     when 3 then result_box(LdapLookup.get_simple_name(@uid))
+    when 33 then result_box(LdapLookup.uid_exist?(@uid))
     when 4 then result_box(LdapLookup.get_dept(@uid))
     when 5 then result_box(LdapLookup.get_email(@uid))
     when 55 then result_box(LdapLookup.all_groups_for_user(@uid))
     when 6 then result_box(LdapLookup.get_email_distribution_list(@group_uid))
     when 7 then result_box(LdapLookup.is_member_of_group?(@uid, @group_uid))
     when 8 then result_box(timestamp)
+    when 99 then result_box(LdapLookup.test_connection.inspect)
     when 0 then puts "you chose exit!"
 throw(:done)
     else
       print "\e[2J\e[f"
-      puts "====> Please type 1,2,3,4,5,55,6,7,8 or 0 only"
+      puts "====> Please type 1,2,3,33,4,5,55,6,7,8 or 0 only"
       2.times { puts " " }
     end
   end

data/lib/ldap_lookup/version.rb

@@ -1,3 +1,3 @@
 module LdapLookup
-  VERSION = "0.1.7"
+  VERSION = "2.0.0"
 end