net-ldap 0.14.0 → 0.16.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.rubocop.yml +5 -2
- data/.rubocop_todo.yml +343 -219
- data/.travis.yml +27 -3
- data/CONTRIBUTING.md +1 -1
- data/History.rdoc +21 -0
- data/README.rdoc +10 -7
- data/Rakefile +1 -1
- data/lib/net-ldap.rb +1 -1
- data/lib/net/ber.rb +5 -6
- data/lib/net/ber/ber_parser.rb +3 -3
- data/lib/net/ber/core_ext.rb +6 -6
- data/lib/net/ldap.rb +65 -55
- data/lib/net/ldap/auth_adapter/gss_spnego.rb +2 -2
- data/lib/net/ldap/auth_adapter/sasl.rb +4 -2
- data/lib/net/ldap/auth_adapter/simple.rb +1 -1
- data/lib/net/ldap/connection.rb +58 -35
- data/lib/net/ldap/dataset.rb +2 -2
- data/lib/net/ldap/dn.rb +13 -14
- data/lib/net/ldap/entry.rb +5 -6
- data/lib/net/ldap/error.rb +1 -0
- data/lib/net/ldap/filter.rb +10 -3
- data/lib/net/ldap/instrumentation.rb +2 -2
- data/lib/net/ldap/password.rb +3 -5
- data/lib/net/ldap/pdu.rb +1 -1
- data/lib/net/ldap/version.rb +1 -1
- data/lib/net/snmp.rb +1 -1
- data/net-ldap.gemspec +4 -4
- data/script/ldap-docker +12 -0
- data/test/ber/test_ber.rb +1 -1
- data/test/fixtures/ca/docker-ca.pem +18 -0
- data/test/fixtures/{openldap/retcode.ldif → ldif/06-retcode.ldif} +7 -8
- data/test/fixtures/ldif/50-seed.ldif +374 -0
- data/test/integration/test_add.rb +1 -3
- data/test/integration/test_ber.rb +2 -2
- data/test/integration/test_bind.rb +193 -14
- data/test/integration/test_delete.rb +1 -3
- data/test/integration/test_open.rb +10 -11
- data/test/integration/test_password_modify.rb +29 -16
- data/test/integration/test_return_codes.rb +12 -4
- data/test/integration/test_search.rb +8 -8
- data/test/test_dn.rb +2 -3
- data/test/test_entry.rb +3 -2
- data/test/test_filter_parser.rb +5 -0
- data/test/test_helper.rb +12 -5
- data/test/test_ldap.rb +5 -5
- data/test/test_ldap_connection.rb +47 -35
- data/test/test_ldif.rb +13 -13
- data/test/test_password.rb +2 -2
- data/test/test_snmp.rb +4 -5
- data/test/test_ssl_ber.rb +7 -3
- data/testserver/ldapserver.rb +13 -22
- metadata +17 -26
- data/script/install-openldap +0 -115
- data/test/fixtures/cacert.pem +0 -20
- data/test/fixtures/openldap/memberof.ldif +0 -33
- data/test/fixtures/openldap/slapd.conf.ldif +0 -67
- data/test/fixtures/seed.ldif +0 -374
- data/test/support/vm/openldap/README.md +0 -32
- data/test/support/vm/openldap/Vagrantfile +0 -33
@@ -3,9 +3,7 @@ require_relative '../test_helper'
|
|
3
3
|
class TestAddIntegration < LDAPIntegrationTestCase
|
4
4
|
def setup
|
5
5
|
super
|
6
|
-
@
|
7
|
-
|
8
|
-
@dn = "uid=added-user1,ou=People,dc=rubyldap,dc=com"
|
6
|
+
@dn = "uid=added-user1,ou=People,dc=example,dc=org"
|
9
7
|
end
|
10
8
|
|
11
9
|
def test_add
|
@@ -8,7 +8,7 @@ class TestBERIntegration < LDAPIntegrationTestCase
|
|
8
8
|
attrs = [:dn, :uid, :cn, :mail]
|
9
9
|
|
10
10
|
assert types_entry = @ldap.search(
|
11
|
-
base: "dc=
|
11
|
+
base: "dc=example,dc=org",
|
12
12
|
filter: "(uid=user1)",
|
13
13
|
size: 1,
|
14
14
|
attributes: attrs,
|
@@ -25,6 +25,6 @@ class TestBERIntegration < LDAPIntegrationTestCase
|
|
25
25
|
end
|
26
26
|
|
27
27
|
assert_includes Net::LDAP::ResultCodesSearchSuccess,
|
28
|
-
|
28
|
+
@ldap.get_operation_result.code, "should be a successful search operation"
|
29
29
|
end
|
30
30
|
end
|
@@ -1,42 +1,221 @@
|
|
1
1
|
require_relative '../test_helper'
|
2
2
|
|
3
3
|
class TestBindIntegration < LDAPIntegrationTestCase
|
4
|
+
INTEGRATION_HOSTNAME = 'ldap.example.org'.freeze
|
5
|
+
|
4
6
|
def test_bind_success
|
5
|
-
assert @ldap.bind(
|
7
|
+
assert @ldap.bind(BIND_CREDS),
|
8
|
+
@ldap.get_operation_result.inspect
|
6
9
|
end
|
7
10
|
|
8
11
|
def test_bind_timeout
|
9
|
-
@ldap.
|
12
|
+
@ldap.host = "10.255.255.1" # non-routable IP
|
13
|
+
|
10
14
|
error = assert_raise Net::LDAP::Error do
|
11
|
-
@ldap.bind
|
15
|
+
@ldap.bind BIND_CREDS
|
12
16
|
end
|
13
|
-
|
17
|
+
msgs = ['Operation timed out - user specified timeout',
|
18
|
+
'Connection timed out - user specified timeout']
|
19
|
+
assert_send([msgs, :include?, error.message])
|
14
20
|
end
|
15
21
|
|
16
22
|
def test_bind_anonymous_fail
|
17
|
-
refute @ldap.bind(
|
23
|
+
refute @ldap.bind(BIND_CREDS.merge(password: '')),
|
24
|
+
@ldap.get_operation_result.inspect
|
18
25
|
|
19
26
|
result = @ldap.get_operation_result
|
20
27
|
assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code
|
21
28
|
assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeUnwillingToPerform], result.message
|
22
29
|
assert_equal "unauthenticated bind (DN with no password) disallowed",
|
23
|
-
|
30
|
+
result.error_message
|
24
31
|
assert_equal "", result.matched_dn
|
25
32
|
end
|
26
33
|
|
27
34
|
def test_bind_fail
|
28
|
-
refute @ldap.bind(
|
35
|
+
refute @ldap.bind(BIND_CREDS.merge(password: "not my password")),
|
36
|
+
@ldap.get_operation_result.inspect
|
29
37
|
end
|
30
38
|
|
31
39
|
def test_bind_tls_with_cafile
|
32
|
-
|
33
|
-
@ldap.encryption(
|
34
|
-
|
40
|
+
@ldap.host = INTEGRATION_HOSTNAME
|
41
|
+
@ldap.encryption(
|
42
|
+
method: :start_tls,
|
43
|
+
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
|
44
|
+
)
|
45
|
+
assert @ldap.bind(BIND_CREDS),
|
46
|
+
@ldap.get_operation_result.inspect
|
47
|
+
end
|
48
|
+
|
49
|
+
def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes
|
50
|
+
@ldap.host = INTEGRATION_HOSTNAME
|
51
|
+
@ldap.encryption(
|
52
|
+
method: :start_tls,
|
53
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
|
54
|
+
)
|
55
|
+
assert @ldap.bind(BIND_CREDS),
|
56
|
+
@ldap.get_operation_result.inspect
|
57
|
+
end
|
58
|
+
|
59
|
+
def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
|
60
|
+
@ldap.host = '127.0.0.1'
|
61
|
+
@ldap.encryption(
|
62
|
+
method: :start_tls,
|
63
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
|
64
|
+
)
|
65
|
+
assert @ldap.bind(BIND_CREDS),
|
66
|
+
@ldap.get_operation_result.inspect
|
67
|
+
end
|
68
|
+
|
69
|
+
def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
|
70
|
+
@ldap.host = '127.0.0.1'
|
71
|
+
@ldap.encryption(
|
72
|
+
method: :start_tls,
|
73
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
74
|
+
ca_file: CA_FILE },
|
75
|
+
)
|
76
|
+
error = assert_raise Net::LDAP::Error,
|
77
|
+
Net::LDAP::ConnectionRefusedError do
|
78
|
+
@ldap.bind BIND_CREDS
|
79
|
+
end
|
80
|
+
assert_equal(
|
81
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
82
|
+
error.message,
|
83
|
+
)
|
84
|
+
end
|
85
|
+
|
86
|
+
def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
|
87
|
+
@ldap.host = '127.0.0.1'
|
88
|
+
@ldap.encryption(
|
89
|
+
method: :start_tls,
|
90
|
+
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
|
91
|
+
)
|
92
|
+
error = assert_raise Net::LDAP::Error,
|
93
|
+
Net::LDAP::ConnectionRefusedError do
|
94
|
+
@ldap.bind BIND_CREDS
|
95
|
+
end
|
96
|
+
assert_equal(
|
97
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
98
|
+
error.message,
|
99
|
+
)
|
100
|
+
end
|
101
|
+
|
102
|
+
def test_bind_tls_with_bad_hostname_ca_no_opt_merge_fails
|
103
|
+
@ldap.host = '127.0.0.1'
|
104
|
+
@ldap.encryption(
|
105
|
+
method: :start_tls,
|
106
|
+
tls_options: { ca_file: CA_FILE },
|
107
|
+
)
|
108
|
+
error = assert_raise Net::LDAP::Error,
|
109
|
+
Net::LDAP::ConnectionRefusedError do
|
110
|
+
@ldap.bind BIND_CREDS
|
111
|
+
end
|
112
|
+
assert_equal(
|
113
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
114
|
+
error.message,
|
115
|
+
)
|
116
|
+
end
|
117
|
+
|
118
|
+
def test_bind_tls_with_valid_hostname_default_opts_passes
|
119
|
+
@ldap.host = INTEGRATION_HOSTNAME
|
120
|
+
@ldap.encryption(
|
121
|
+
method: :start_tls,
|
122
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
123
|
+
ca_file: CA_FILE),
|
124
|
+
)
|
125
|
+
assert @ldap.bind(BIND_CREDS),
|
126
|
+
@ldap.get_operation_result.inspect
|
35
127
|
end
|
36
128
|
|
37
|
-
def
|
38
|
-
|
39
|
-
@ldap.encryption(
|
40
|
-
|
129
|
+
def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
|
130
|
+
@ldap.host = INTEGRATION_HOSTNAME
|
131
|
+
@ldap.encryption(
|
132
|
+
method: :start_tls,
|
133
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
134
|
+
ca_file: CA_FILE },
|
135
|
+
)
|
136
|
+
assert @ldap.bind(BIND_CREDS),
|
137
|
+
@ldap.get_operation_result.inspect
|
138
|
+
end
|
139
|
+
|
140
|
+
def test_bind_tls_with_bogus_hostname_system_ca_fails
|
141
|
+
@ldap.host = '127.0.0.1'
|
142
|
+
@ldap.encryption(method: :start_tls, tls_options: {})
|
143
|
+
error = assert_raise Net::LDAP::Error,
|
144
|
+
Net::LDAP::ConnectionRefusedError do
|
145
|
+
@ldap.bind BIND_CREDS
|
146
|
+
end
|
147
|
+
assert_equal(
|
148
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
149
|
+
error.message,
|
150
|
+
)
|
151
|
+
end
|
152
|
+
|
153
|
+
def test_bind_tls_with_multiple_hosts
|
154
|
+
@ldap.host = nil
|
155
|
+
@ldap.hosts = [[INTEGRATION_HOSTNAME, 389], [INTEGRATION_HOSTNAME, 389]]
|
156
|
+
@ldap.encryption(
|
157
|
+
method: :start_tls,
|
158
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
159
|
+
ca_file: CA_FILE),
|
160
|
+
)
|
161
|
+
assert @ldap.bind(BIND_CREDS),
|
162
|
+
@ldap.get_operation_result.inspect
|
163
|
+
end
|
164
|
+
|
165
|
+
def test_bind_tls_with_multiple_bogus_hosts
|
166
|
+
@ldap.host = nil
|
167
|
+
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
168
|
+
@ldap.encryption(
|
169
|
+
method: :start_tls,
|
170
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
171
|
+
ca_file: CA_FILE),
|
172
|
+
)
|
173
|
+
error = assert_raise Net::LDAP::Error,
|
174
|
+
Net::LDAP::ConnectionError do
|
175
|
+
@ldap.bind BIND_CREDS
|
176
|
+
end
|
177
|
+
assert_equal("Unable to connect to any given server: ",
|
178
|
+
error.message.split("\n").shift)
|
179
|
+
end
|
180
|
+
|
181
|
+
def test_bind_tls_with_multiple_bogus_hosts_no_verification
|
182
|
+
@ldap.host = nil
|
183
|
+
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
184
|
+
@ldap.encryption(
|
185
|
+
method: :start_tls,
|
186
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
|
187
|
+
)
|
188
|
+
assert @ldap.bind(BIND_CREDS),
|
189
|
+
@ldap.get_operation_result.inspect
|
190
|
+
end
|
191
|
+
|
192
|
+
def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails
|
193
|
+
@ldap.host = nil
|
194
|
+
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
195
|
+
@ldap.encryption(
|
196
|
+
method: :start_tls,
|
197
|
+
tls_options: { ca_file: CA_FILE },
|
198
|
+
)
|
199
|
+
error = assert_raise Net::LDAP::Error,
|
200
|
+
Net::LDAP::ConnectionError do
|
201
|
+
@ldap.bind BIND_CREDS
|
202
|
+
end
|
203
|
+
assert_equal("Unable to connect to any given server: ",
|
204
|
+
error.message.split("\n").shift)
|
205
|
+
end
|
206
|
+
|
207
|
+
# This test is CI-only because we can't add the fixture CA
|
208
|
+
# to the system CA store on people's dev boxes.
|
209
|
+
def test_bind_tls_valid_hostname_system_ca_on_travis_passes
|
210
|
+
omit "not sure how to install custom CA cert in travis"
|
211
|
+
omit_unless ENV['TRAVIS'] == 'true'
|
212
|
+
|
213
|
+
@ldap.host = INTEGRATION_HOSTNAME
|
214
|
+
@ldap.encryption(
|
215
|
+
method: :start_tls,
|
216
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER },
|
217
|
+
)
|
218
|
+
assert @ldap.bind(BIND_CREDS),
|
219
|
+
@ldap.get_operation_result.inspect
|
41
220
|
end
|
42
221
|
end
|
@@ -3,9 +3,7 @@ require_relative '../test_helper'
|
|
3
3
|
class TestDeleteIntegration < LDAPIntegrationTestCase
|
4
4
|
def setup
|
5
5
|
super
|
6
|
-
@
|
7
|
-
|
8
|
-
@dn = "uid=delete-user1,ou=People,dc=rubyldap,dc=com"
|
6
|
+
@dn = "uid=delete-user1,ou=People,dc=example,dc=org"
|
9
7
|
|
10
8
|
attrs = {
|
11
9
|
objectclass: %w(top inetOrgPerson organizationalPerson person),
|
@@ -4,8 +4,8 @@ class TestBindIntegration < LDAPIntegrationTestCase
|
|
4
4
|
def test_binds_without_open
|
5
5
|
events = @service.subscribe "bind.net_ldap_connection"
|
6
6
|
|
7
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=
|
8
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=
|
7
|
+
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
8
|
+
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
9
9
|
|
10
10
|
assert_equal 2, events.size
|
11
11
|
end
|
@@ -14,8 +14,8 @@ class TestBindIntegration < LDAPIntegrationTestCase
|
|
14
14
|
events = @service.subscribe "bind.net_ldap_connection"
|
15
15
|
|
16
16
|
@ldap.open do
|
17
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=
|
18
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=
|
17
|
+
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
18
|
+
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
19
19
|
end
|
20
20
|
|
21
21
|
assert_equal 1, events.size
|
@@ -29,9 +29,9 @@ class TestBindIntegration < LDAPIntegrationTestCase
|
|
29
29
|
entries = []
|
30
30
|
nested_entry = nil
|
31
31
|
|
32
|
-
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=
|
32
|
+
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
|
33
33
|
entries << entry.uid.first
|
34
|
-
nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=
|
34
|
+
nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
|
35
35
|
end
|
36
36
|
|
37
37
|
assert_equal "user3", nested_entry.uid.first
|
@@ -43,9 +43,9 @@ class TestBindIntegration < LDAPIntegrationTestCase
|
|
43
43
|
nested_entry = nil
|
44
44
|
|
45
45
|
@ldap.open do
|
46
|
-
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=
|
46
|
+
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
|
47
47
|
entries << entry.uid.first
|
48
|
-
nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=
|
48
|
+
nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
@@ -57,7 +57,7 @@ class TestBindIntegration < LDAPIntegrationTestCase
|
|
57
57
|
entries = []
|
58
58
|
nested_entry = nil
|
59
59
|
|
60
|
-
dn = "uid=nested-open-added-user1,ou=People,dc=
|
60
|
+
dn = "uid=nested-open-added-user1,ou=People,dc=example,dc=org"
|
61
61
|
attrs = {
|
62
62
|
objectclass: %w(top inetOrgPerson organizationalPerson person),
|
63
63
|
uid: "nested-open-added-user1",
|
@@ -66,11 +66,10 @@ class TestBindIntegration < LDAPIntegrationTestCase
|
|
66
66
|
mail: "nested-open-added-user1@rubyldap.com",
|
67
67
|
}
|
68
68
|
|
69
|
-
@ldap.authenticate "cn=admin,dc=rubyldap,dc=com", "passworD1"
|
70
69
|
@ldap.delete dn: dn
|
71
70
|
|
72
71
|
@ldap.open do
|
73
|
-
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=
|
72
|
+
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
|
74
73
|
entries << entry.uid.first
|
75
74
|
|
76
75
|
nested_entry ||= begin
|
@@ -3,9 +3,10 @@ require_relative '../test_helper'
|
|
3
3
|
class TestPasswordModifyIntegration < LDAPIntegrationTestCase
|
4
4
|
def setup
|
5
5
|
super
|
6
|
-
@
|
6
|
+
@admin_account = { dn: 'cn=admin,dc=example,dc=org', password: 'admin', method: :simple }
|
7
|
+
@ldap.authenticate @admin_account[:dn], @admin_account[:password]
|
7
8
|
|
8
|
-
@dn = 'uid=modify-password-user1,ou=People,dc=
|
9
|
+
@dn = 'uid=modify-password-user1,ou=People,dc=example,dc=org'
|
9
10
|
|
10
11
|
attrs = {
|
11
12
|
objectclass: %w(top inetOrgPerson organizationalPerson person),
|
@@ -13,7 +14,7 @@ class TestPasswordModifyIntegration < LDAPIntegrationTestCase
|
|
13
14
|
cn: 'modify-password-user1',
|
14
15
|
sn: 'modify-password-user1',
|
15
16
|
mail: 'modify-password-user1@rubyldap.com',
|
16
|
-
userPassword: '
|
17
|
+
userPassword: 'admin',
|
17
18
|
}
|
18
19
|
unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
|
19
20
|
assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
|
@@ -23,40 +24,40 @@ class TestPasswordModifyIntegration < LDAPIntegrationTestCase
|
|
23
24
|
@auth = {
|
24
25
|
method: :simple,
|
25
26
|
username: @dn,
|
26
|
-
password: '
|
27
|
+
password: 'admin',
|
27
28
|
}
|
28
29
|
end
|
29
30
|
|
30
31
|
def test_password_modify
|
31
32
|
assert @ldap.password_modify(dn: @dn,
|
32
33
|
auth: @auth,
|
33
|
-
old_password: '
|
34
|
+
old_password: 'admin',
|
34
35
|
new_password: 'passworD2')
|
35
36
|
|
36
37
|
assert @ldap.get_operation_result.extended_response.nil?,
|
37
|
-
|
38
|
+
'Should not have generated a new password'
|
38
39
|
|
39
|
-
refute @ldap.bind(username: @dn, password: '
|
40
|
-
|
40
|
+
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
41
|
+
'Old password should no longer be valid'
|
41
42
|
|
42
43
|
assert @ldap.bind(username: @dn, password: 'passworD2', method: :simple),
|
43
|
-
|
44
|
+
'New password should be valid'
|
44
45
|
end
|
45
46
|
|
46
47
|
def test_password_modify_generate
|
47
48
|
assert @ldap.password_modify(dn: @dn,
|
48
49
|
auth: @auth,
|
49
|
-
old_password: '
|
50
|
+
old_password: 'admin')
|
50
51
|
|
51
52
|
generated_password = @ldap.get_operation_result.extended_response[0][0]
|
52
53
|
|
53
54
|
assert generated_password, 'Should have generated a password'
|
54
55
|
|
55
|
-
refute @ldap.bind(username: @dn, password: '
|
56
|
-
|
56
|
+
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
57
|
+
'Old password should no longer be valid'
|
57
58
|
|
58
59
|
assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
|
59
|
-
|
60
|
+
'New password should be valid'
|
60
61
|
end
|
61
62
|
|
62
63
|
def test_password_modify_generate_no_old_password
|
@@ -67,11 +68,23 @@ class TestPasswordModifyIntegration < LDAPIntegrationTestCase
|
|
67
68
|
|
68
69
|
assert generated_password, 'Should have generated a password'
|
69
70
|
|
70
|
-
refute @ldap.bind(username: @dn, password: '
|
71
|
-
|
71
|
+
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
72
|
+
'Old password should no longer be valid'
|
72
73
|
|
73
74
|
assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
|
74
|
-
|
75
|
+
'New password should be valid'
|
76
|
+
end
|
77
|
+
|
78
|
+
def test_password_modify_overwrite_old_password
|
79
|
+
assert @ldap.password_modify(dn: @dn,
|
80
|
+
auth: @admin_account,
|
81
|
+
new_password: 'passworD3')
|
82
|
+
|
83
|
+
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
84
|
+
'Old password should no longer be valid'
|
85
|
+
|
86
|
+
assert @ldap.bind(username: @dn, password: 'passworD3', method: :simple),
|
87
|
+
'New password should be valid'
|
75
88
|
end
|
76
89
|
|
77
90
|
def teardown
|
@@ -4,8 +4,16 @@ require_relative '../test_helper'
|
|
4
4
|
# See: section 12.12 http://www.openldap.org/doc/admin24/overlays.html
|
5
5
|
|
6
6
|
class TestReturnCodeIntegration < LDAPIntegrationTestCase
|
7
|
+
def test_open_error
|
8
|
+
@ldap.authenticate "cn=fake", "creds"
|
9
|
+
@ldap.open do
|
10
|
+
result = @ldap.get_operation_result
|
11
|
+
assert_equal Net::LDAP::ResultCodeInvalidCredentials, result.code
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
7
15
|
def test_operations_error
|
8
|
-
refute @ldap.search(filter: "cn=operationsError", base: "ou=Retcodes,dc=
|
16
|
+
refute @ldap.search(filter: "cn=operationsError", base: "ou=Retcodes,dc=example,dc=org")
|
9
17
|
assert result = @ldap.get_operation_result
|
10
18
|
|
11
19
|
assert_equal Net::LDAP::ResultCodeOperationsError, result.code
|
@@ -13,7 +21,7 @@ class TestReturnCodeIntegration < LDAPIntegrationTestCase
|
|
13
21
|
end
|
14
22
|
|
15
23
|
def test_protocol_error
|
16
|
-
refute @ldap.search(filter: "cn=protocolError", base: "ou=Retcodes,dc=
|
24
|
+
refute @ldap.search(filter: "cn=protocolError", base: "ou=Retcodes,dc=example,dc=org")
|
17
25
|
assert result = @ldap.get_operation_result
|
18
26
|
|
19
27
|
assert_equal Net::LDAP::ResultCodeProtocolError, result.code
|
@@ -21,7 +29,7 @@ class TestReturnCodeIntegration < LDAPIntegrationTestCase
|
|
21
29
|
end
|
22
30
|
|
23
31
|
def test_time_limit_exceeded
|
24
|
-
assert @ldap.search(filter: "cn=timeLimitExceeded", base: "ou=Retcodes,dc=
|
32
|
+
assert @ldap.search(filter: "cn=timeLimitExceeded", base: "ou=Retcodes,dc=example,dc=org")
|
25
33
|
assert result = @ldap.get_operation_result
|
26
34
|
|
27
35
|
assert_equal Net::LDAP::ResultCodeTimeLimitExceeded, result.code
|
@@ -29,7 +37,7 @@ class TestReturnCodeIntegration < LDAPIntegrationTestCase
|
|
29
37
|
end
|
30
38
|
|
31
39
|
def test_size_limit_exceeded
|
32
|
-
assert @ldap.search(filter: "cn=sizeLimitExceeded", base: "ou=Retcodes,dc=
|
40
|
+
assert @ldap.search(filter: "cn=sizeLimitExceeded", base: "ou=Retcodes,dc=example,dc=org")
|
33
41
|
assert result = @ldap.get_operation_result
|
34
42
|
|
35
43
|
assert_equal Net::LDAP::ResultCodeSizeLimitExceeded, result.code
|