net-ldap 0.14.0 → 0.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/History.rdoc +74 -0
- data/README.rdoc +18 -8
- data/lib/net/ber/ber_parser.rb +3 -3
- data/lib/net/ber/core_ext.rb +6 -6
- data/lib/net/ber.rb +5 -6
- data/lib/net/ldap/auth_adapter/gss_spnego.rb +2 -2
- data/lib/net/ldap/auth_adapter/sasl.rb +4 -2
- data/lib/net/ldap/auth_adapter/simple.rb +1 -1
- data/lib/net/ldap/connection.rb +63 -37
- data/lib/net/ldap/dataset.rb +1 -3
- data/lib/net/ldap/dn.rb +17 -26
- data/lib/net/ldap/entry.rb +15 -7
- data/lib/net/ldap/error.rb +2 -26
- data/lib/net/ldap/filter.rb +10 -3
- data/lib/net/ldap/instrumentation.rb +2 -2
- data/lib/net/ldap/password.rb +7 -5
- data/lib/net/ldap/pdu.rb +1 -1
- data/lib/net/ldap/version.rb +1 -1
- data/lib/net/ldap.rb +91 -58
- data/lib/net/snmp.rb +1 -1
- data/lib/net-ldap.rb +1 -1
- metadata +16 -101
- data/.gitignore +0 -9
- data/.rubocop.yml +0 -17
- data/.rubocop_todo.yml +0 -599
- data/.travis.yml +0 -33
- data/CONTRIBUTING.md +0 -54
- data/Gemfile +0 -2
- data/Rakefile +0 -23
- data/net-ldap.gemspec +0 -37
- data/script/changelog +0 -47
- data/script/install-openldap +0 -115
- data/script/package +0 -7
- data/script/release +0 -16
- data/test/ber/core_ext/test_array.rb +0 -22
- data/test/ber/core_ext/test_string.rb +0 -25
- data/test/ber/test_ber.rb +0 -153
- data/test/fixtures/cacert.pem +0 -20
- data/test/fixtures/openldap/memberof.ldif +0 -33
- data/test/fixtures/openldap/retcode.ldif +0 -76
- data/test/fixtures/openldap/slapd.conf.ldif +0 -67
- data/test/fixtures/seed.ldif +0 -374
- data/test/integration/test_add.rb +0 -28
- data/test/integration/test_ber.rb +0 -30
- data/test/integration/test_bind.rb +0 -42
- data/test/integration/test_delete.rb +0 -31
- data/test/integration/test_open.rb +0 -88
- data/test/integration/test_password_modify.rb +0 -80
- data/test/integration/test_return_codes.rb +0 -38
- data/test/integration/test_search.rb +0 -77
- data/test/support/vm/openldap/.gitignore +0 -1
- data/test/support/vm/openldap/README.md +0 -32
- data/test/support/vm/openldap/Vagrantfile +0 -33
- data/test/test_auth_adapter.rb +0 -15
- data/test/test_dn.rb +0 -44
- data/test/test_entry.rb +0 -65
- data/test/test_filter.rb +0 -223
- data/test/test_filter_parser.rb +0 -24
- data/test/test_helper.rb +0 -66
- data/test/test_ldap.rb +0 -114
- data/test/test_ldap_connection.rb +0 -493
- data/test/test_ldif.rb +0 -104
- data/test/test_password.rb +0 -10
- data/test/test_rename.rb +0 -77
- data/test/test_search.rb +0 -39
- data/test/test_snmp.rb +0 -119
- data/test/test_ssl_ber.rb +0 -40
- data/test/testdata.ldif +0 -101
- data/testserver/ldapserver.rb +0 -209
- data/testserver/testdata.ldif +0 -101
data/test/test_password.rb
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
# $Id: testpsw.rb 72 2006-04-24 21:58:14Z blackhedd $
|
2
|
-
|
3
|
-
require_relative 'test_helper'
|
4
|
-
|
5
|
-
class TestPassword < Test::Unit::TestCase
|
6
|
-
def test_psw
|
7
|
-
assert_equal("{MD5}xq8jwrcfibi0sZdZYNkSng==", Net::LDAP::Password.generate( :md5, "cashflow" ))
|
8
|
-
assert_equal("{SHA}YE4eGkN4BvwNN1f5R7CZz0kFn14=", Net::LDAP::Password.generate( :sha, "cashflow" ))
|
9
|
-
end
|
10
|
-
end
|
data/test/test_rename.rb
DELETED
@@ -1,77 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
|
3
|
-
# Commented out since it assumes you have a live LDAP server somewhere. This
|
4
|
-
# will be migrated to the integration specs, as soon as they are ready.
|
5
|
-
=begin
|
6
|
-
class TestRename < Test::Unit::TestCase
|
7
|
-
HOST= '10.10.10.71'
|
8
|
-
PORT = 389
|
9
|
-
BASE = "o=test"
|
10
|
-
AUTH = { :method => :simple, :username => "cn=testadmin,#{BASE}", :password => 'password' }
|
11
|
-
BASIC_USER = "cn=jsmith,ou=sales,#{BASE}"
|
12
|
-
RENAMED_USER = "cn=jbrown,ou=sales,#{BASE}"
|
13
|
-
MOVED_USER = "cn=jsmith,ou=marketing,#{BASE}"
|
14
|
-
RENAMED_MOVED_USER = "cn=jjones,ou=marketing,#{BASE}"
|
15
|
-
|
16
|
-
def setup
|
17
|
-
# create the entries we're going to manipulate
|
18
|
-
Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
|
19
|
-
if ldap.add(:dn => "ou=sales,#{BASE}", :attributes => { :ou => "sales", :objectclass => "organizationalUnit" })
|
20
|
-
puts "Add failed: #{ldap.get_operation_result.message} - code: #{ldap.get_operation_result.code}"
|
21
|
-
end
|
22
|
-
ldap.add(:dn => "ou=marketing,#{BASE}", :attributes => { :ou => "marketing", :objectclass => "organizationalUnit" })
|
23
|
-
ldap.add(:dn => BASIC_USER, :attributes => { :cn => "jsmith", :objectclass => "inetOrgPerson", :sn => "Smith" })
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
def test_rename_entry
|
28
|
-
dn = nil
|
29
|
-
Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
|
30
|
-
ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jbrown")
|
31
|
-
|
32
|
-
ldap.search(:base => RENAMED_USER) do |entry|
|
33
|
-
dn = entry.dn
|
34
|
-
end
|
35
|
-
end
|
36
|
-
assert_equal(RENAMED_USER, dn)
|
37
|
-
end
|
38
|
-
|
39
|
-
def test_move_entry
|
40
|
-
dn = nil
|
41
|
-
Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
|
42
|
-
ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jsmith", :new_superior => "ou=marketing,#{BASE}")
|
43
|
-
|
44
|
-
ldap.search(:base => MOVED_USER) do |entry|
|
45
|
-
dn = entry.dn
|
46
|
-
end
|
47
|
-
end
|
48
|
-
assert_equal(MOVED_USER, dn)
|
49
|
-
end
|
50
|
-
|
51
|
-
def test_move_and_rename_entry
|
52
|
-
dn = nil
|
53
|
-
Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
|
54
|
-
ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jjones", :new_superior => "ou=marketing,#{BASE}")
|
55
|
-
|
56
|
-
ldap.search(:base => RENAMED_MOVED_USER) do |entry|
|
57
|
-
dn = entry.dn
|
58
|
-
end
|
59
|
-
end
|
60
|
-
assert_equal(RENAMED_MOVED_USER, dn)
|
61
|
-
end
|
62
|
-
|
63
|
-
def teardown
|
64
|
-
# delete the entries
|
65
|
-
# note: this doesn't always completely clear up on eDirectory as objects get locked while
|
66
|
-
# the rename/move is being completed on the server and this prevents the delete from happening
|
67
|
-
Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
|
68
|
-
ldap.delete(:dn => BASIC_USER)
|
69
|
-
ldap.delete(:dn => RENAMED_USER)
|
70
|
-
ldap.delete(:dn => MOVED_USER)
|
71
|
-
ldap.delete(:dn => RENAMED_MOVED_USER)
|
72
|
-
ldap.delete(:dn => "ou=sales,#{BASE}")
|
73
|
-
ldap.delete(:dn => "ou=marketing,#{BASE}")
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
=end
|
data/test/test_search.rb
DELETED
@@ -1,39 +0,0 @@
|
|
1
|
-
# -*- ruby encoding: utf-8 -*-
|
2
|
-
require_relative 'test_helper'
|
3
|
-
|
4
|
-
class TestSearch < Test::Unit::TestCase
|
5
|
-
class FakeConnection
|
6
|
-
def search(args)
|
7
|
-
OpenStruct.new(:result_code => Net::LDAP::ResultCodeOperationsError, :message => "error", :success? => false)
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
def setup
|
12
|
-
@service = MockInstrumentationService.new
|
13
|
-
@connection = Net::LDAP.new :instrumentation_service => @service
|
14
|
-
@connection.instance_variable_set(:@open_connection, FakeConnection.new)
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_true_result
|
18
|
-
assert_nil @connection.search(:return_result => true)
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_false_result
|
22
|
-
refute @connection.search(:return_result => false)
|
23
|
-
end
|
24
|
-
|
25
|
-
def test_no_result
|
26
|
-
assert_nil @connection.search
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_instrumentation_publishes_event
|
30
|
-
events = @service.subscribe "search.net_ldap"
|
31
|
-
|
32
|
-
@connection.search(:filter => "test")
|
33
|
-
|
34
|
-
payload, result = events.pop
|
35
|
-
assert payload.key?(:result)
|
36
|
-
assert payload.key?(:filter)
|
37
|
-
assert_equal "test", payload[:filter]
|
38
|
-
end
|
39
|
-
end
|
data/test/test_snmp.rb
DELETED
@@ -1,119 +0,0 @@
|
|
1
|
-
# $Id: testsnmp.rb 231 2006-12-21 15:09:29Z blackhedd $
|
2
|
-
|
3
|
-
require_relative 'test_helper'
|
4
|
-
require 'net/snmp'
|
5
|
-
|
6
|
-
class TestSnmp < Test::Unit::TestCase
|
7
|
-
def self.raw_string(s)
|
8
|
-
# Conveniently, String#b only needs to be called when it exists
|
9
|
-
s.respond_to?(:b) ? s.b : s
|
10
|
-
end
|
11
|
-
|
12
|
-
SnmpGetRequest = raw_string("0'\002\001\000\004\006public\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000")
|
13
|
-
SnmpGetResponse = raw_string("0+\002\001\000\004\006public\242\036\002\002'\017\002\001\000\002\001\0000\0220\020\006\b+\006\001\002\001\001\001\000\004\004test")
|
14
|
-
|
15
|
-
SnmpGetRequestXXX = raw_string("0'\002\001\000\004\006xxxxxx\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000")
|
16
|
-
|
17
|
-
def test_invalid_packet
|
18
|
-
data = "xxxx"
|
19
|
-
assert_raise(Net::BER::BerError) do
|
20
|
-
ary = data.read_ber(Net::SNMP::AsnSyntax)
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
# The method String#read_ber! added by Net::BER consumes a well-formed BER
|
25
|
-
# object from the head of a string. If it doesn't find a complete,
|
26
|
-
# well-formed BER object, it returns nil and leaves the string unchanged.
|
27
|
-
# If it finds an object, it returns the object and removes it from the
|
28
|
-
# head of the string. This is good for handling partially-received data
|
29
|
-
# streams, such as from network connections.
|
30
|
-
def _test_consume_string
|
31
|
-
data = "xxx"
|
32
|
-
assert_equal(nil, data.read_ber!)
|
33
|
-
assert_equal("xxx", data)
|
34
|
-
|
35
|
-
data = SnmpGetRequest + "!!!"
|
36
|
-
ary = data.read_ber!(Net::SNMP::AsnSyntax)
|
37
|
-
assert_equal("!!!", data)
|
38
|
-
assert ary.is_a?(Array)
|
39
|
-
assert ary.is_a?(Net::BER::BerIdentifiedArray)
|
40
|
-
end
|
41
|
-
|
42
|
-
def test_weird_packet
|
43
|
-
assert_raise(Net::SnmpPdu::Error) do
|
44
|
-
Net::SnmpPdu.parse("aaaaaaaaaaaaaa")
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
def test_get_request
|
49
|
-
data = SnmpGetRequest.dup
|
50
|
-
pkt = data.read_ber(Net::SNMP::AsnSyntax)
|
51
|
-
assert pkt.is_a?(Net::BER::BerIdentifiedArray)
|
52
|
-
assert_equal(48, pkt.ber_identifier) # Constructed [0], signifies GetRequest
|
53
|
-
|
54
|
-
pdu = Net::SnmpPdu.parse(pkt)
|
55
|
-
assert_equal(:get_request, pdu.pdu_type)
|
56
|
-
assert_equal(16170, pdu.request_id) # whatever was in the test data. 16170 is not magic.
|
57
|
-
assert_equal([[[1, 3, 6, 1, 2, 1, 1, 1, 0], nil]], pdu.variables)
|
58
|
-
|
59
|
-
assert_equal(pdu.to_ber_string, SnmpGetRequest)
|
60
|
-
end
|
61
|
-
|
62
|
-
def test_empty_pdu
|
63
|
-
pdu = Net::SnmpPdu.new
|
64
|
-
assert_raise(Net::SnmpPdu::Error) { pdu.to_ber_string }
|
65
|
-
end
|
66
|
-
|
67
|
-
def test_malformations
|
68
|
-
pdu = Net::SnmpPdu.new
|
69
|
-
pdu.version = 0
|
70
|
-
pdu.version = 2
|
71
|
-
assert_raise(Net::SnmpPdu::Error) { pdu.version = 100 }
|
72
|
-
|
73
|
-
pdu.pdu_type = :get_request
|
74
|
-
pdu.pdu_type = :get_next_request
|
75
|
-
pdu.pdu_type = :get_response
|
76
|
-
pdu.pdu_type = :set_request
|
77
|
-
pdu.pdu_type = :trap
|
78
|
-
assert_raise(Net::SnmpPdu::Error) { pdu.pdu_type = :something_else }
|
79
|
-
end
|
80
|
-
|
81
|
-
def test_make_response
|
82
|
-
pdu = Net::SnmpPdu.new
|
83
|
-
pdu.version = 0
|
84
|
-
pdu.community = "public"
|
85
|
-
pdu.pdu_type = :get_response
|
86
|
-
pdu.request_id = 9999
|
87
|
-
pdu.error_status = 0
|
88
|
-
pdu.error_index = 0
|
89
|
-
pdu.add_variable_binding [1, 3, 6, 1, 2, 1, 1, 1, 0], "test"
|
90
|
-
|
91
|
-
assert_equal(SnmpGetResponse, pdu.to_ber_string)
|
92
|
-
end
|
93
|
-
|
94
|
-
def test_make_bad_response
|
95
|
-
pdu = Net::SnmpPdu.new
|
96
|
-
assert_raise(Net::SnmpPdu::Error) {pdu.to_ber_string}
|
97
|
-
pdu.pdu_type = :get_response
|
98
|
-
pdu.request_id = 999
|
99
|
-
pdu.to_ber_string
|
100
|
-
# Not specifying variables doesn't create an error. (Maybe it should?)
|
101
|
-
end
|
102
|
-
|
103
|
-
def test_snmp_integers
|
104
|
-
c32 = Net::SNMP::Counter32.new(100)
|
105
|
-
assert_equal("A\001d", c32.to_ber)
|
106
|
-
g32 = Net::SNMP::Gauge32.new(100)
|
107
|
-
assert_equal("B\001d", g32.to_ber)
|
108
|
-
t32 = Net::SNMP::TimeTicks32.new(100)
|
109
|
-
assert_equal("C\001d", t32.to_ber)
|
110
|
-
end
|
111
|
-
|
112
|
-
def test_community
|
113
|
-
data = SnmpGetRequestXXX.dup
|
114
|
-
ary = data.read_ber(Net::SNMP::AsnSyntax)
|
115
|
-
pdu = Net::SnmpPdu.parse(ary)
|
116
|
-
assert_equal("xxxxxx", pdu.community)
|
117
|
-
end
|
118
|
-
|
119
|
-
end
|
data/test/test_ssl_ber.rb
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
require_relative 'test_helper'
|
2
|
-
require 'timeout'
|
3
|
-
|
4
|
-
class TestSSLBER < Test::Unit::TestCase
|
5
|
-
# Transmits str to @to and reads it back from @from.
|
6
|
-
#
|
7
|
-
def transmit(str)
|
8
|
-
Timeout::timeout(1) do
|
9
|
-
@to.write(str)
|
10
|
-
@to.close
|
11
|
-
|
12
|
-
@from.read
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
def setup
|
17
|
-
@from, @to = IO.pipe
|
18
|
-
|
19
|
-
# The production code operates on sockets, which do need #connect called
|
20
|
-
# on them to work. Pipes are more robust for this test, so we'll skip
|
21
|
-
# the #connect call since it fails.
|
22
|
-
#
|
23
|
-
# TODO: Replace test with real socket
|
24
|
-
# https://github.com/ruby-ldap/ruby-net-ldap/pull/121#discussion_r18746386
|
25
|
-
flexmock(OpenSSL::SSL::SSLSocket).
|
26
|
-
new_instances.should_receive(:connect => nil)
|
27
|
-
|
28
|
-
@to = Net::LDAP::Connection.wrap_with_ssl(@to)
|
29
|
-
@from = Net::LDAP::Connection.wrap_with_ssl(@from)
|
30
|
-
end
|
31
|
-
|
32
|
-
def test_transmit_strings
|
33
|
-
assert_equal "foo", transmit("foo")
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_transmit_ber_encoded_numbers
|
37
|
-
@to.write 1234.to_ber
|
38
|
-
assert_equal 1234, @from.read_ber
|
39
|
-
end
|
40
|
-
end
|
data/test/testdata.ldif
DELETED
@@ -1,101 +0,0 @@
|
|
1
|
-
# $Id: testdata.ldif 50 2006-04-17 17:57:33Z blackhedd $
|
2
|
-
#
|
3
|
-
# This is test-data for an LDAP server in LDIF format.
|
4
|
-
#
|
5
|
-
dn: dc=bayshorenetworks,dc=com
|
6
|
-
objectClass: dcObject
|
7
|
-
objectClass: organization
|
8
|
-
o: Bayshore Networks LLC
|
9
|
-
dc: bayshorenetworks
|
10
|
-
|
11
|
-
dn: cn=Manager,dc=bayshorenetworks,dc=com
|
12
|
-
objectClass: organizationalrole
|
13
|
-
cn: Manager
|
14
|
-
|
15
|
-
dn: ou=people,dc=bayshorenetworks,dc=com
|
16
|
-
objectClass: organizationalunit
|
17
|
-
ou: people
|
18
|
-
|
19
|
-
dn: ou=privileges,dc=bayshorenetworks,dc=com
|
20
|
-
objectClass: organizationalunit
|
21
|
-
ou: privileges
|
22
|
-
|
23
|
-
dn: ou=roles,dc=bayshorenetworks,dc=com
|
24
|
-
objectClass: organizationalunit
|
25
|
-
ou: roles
|
26
|
-
|
27
|
-
dn: ou=office,dc=bayshorenetworks,dc=com
|
28
|
-
objectClass: organizationalunit
|
29
|
-
ou: office
|
30
|
-
|
31
|
-
dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
32
|
-
cn: Bob Fosse
|
33
|
-
mail: nogoodnik@steamheat.net
|
34
|
-
sn: Fosse
|
35
|
-
ou: people
|
36
|
-
objectClass: top
|
37
|
-
objectClass: inetorgperson
|
38
|
-
objectClass: authorizedperson
|
39
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
40
|
-
hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
|
41
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
42
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
43
|
-
hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
|
44
|
-
hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
|
45
|
-
hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
|
46
|
-
hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
|
47
|
-
hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
|
48
|
-
hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
|
49
|
-
hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
|
50
|
-
hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
|
51
|
-
|
52
|
-
dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
53
|
-
cn: Gwen Verdon
|
54
|
-
mail: elephant@steamheat.net
|
55
|
-
sn: Verdon
|
56
|
-
ou: people
|
57
|
-
objectClass: top
|
58
|
-
objectClass: inetorgperson
|
59
|
-
objectClass: authorizedperson
|
60
|
-
hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
|
61
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
62
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
63
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
64
|
-
hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
|
65
|
-
|
66
|
-
dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
|
67
|
-
uniqueIdentifier: engineering
|
68
|
-
ou: privileges
|
69
|
-
objectClass: accessPrivilege
|
70
|
-
|
71
|
-
dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
|
72
|
-
uniqueIdentifier: engineer
|
73
|
-
ou: roles
|
74
|
-
objectClass: accessRole
|
75
|
-
hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
|
76
|
-
|
77
|
-
dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
|
78
|
-
uniqueIdentifier: ldapadmin
|
79
|
-
ou: roles
|
80
|
-
objectClass: accessRole
|
81
|
-
|
82
|
-
dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
|
83
|
-
uniqueIdentifier: ldapsuperadmin
|
84
|
-
ou: roles
|
85
|
-
objectClass: accessRole
|
86
|
-
|
87
|
-
dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
88
|
-
cn: Sid Sorokin
|
89
|
-
mail: catperson@steamheat.net
|
90
|
-
sn: Sorokin
|
91
|
-
ou: people
|
92
|
-
objectClass: top
|
93
|
-
objectClass: inetorgperson
|
94
|
-
objectClass: authorizedperson
|
95
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
96
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
97
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
98
|
-
hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
|
99
|
-
hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
|
100
|
-
hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
|
101
|
-
|
data/testserver/ldapserver.rb
DELETED
@@ -1,209 +0,0 @@
|
|
1
|
-
# $Id$
|
2
|
-
#
|
3
|
-
# Copyright (C) 2006 by Francis Cianfrocca. All Rights Reserved.
|
4
|
-
# Gmail account: garbagecat10.
|
5
|
-
#
|
6
|
-
# This is an LDAP server intended for unit testing of Net::LDAP.
|
7
|
-
# It implements as much of the protocol as we have the stomach
|
8
|
-
# to implement but serves static data. Use ldapsearch to test
|
9
|
-
# this server!
|
10
|
-
#
|
11
|
-
# To make this easier to write, we use the Ruby/EventMachine
|
12
|
-
# reactor library.
|
13
|
-
#
|
14
|
-
|
15
|
-
#------------------------------------------------
|
16
|
-
|
17
|
-
module LdapServer
|
18
|
-
|
19
|
-
LdapServerAsnSyntax = {
|
20
|
-
:application => {
|
21
|
-
:constructed => {
|
22
|
-
0 => :array, # LDAP BindRequest
|
23
|
-
3 => :array # LDAP SearchRequest
|
24
|
-
},
|
25
|
-
:primitive => {
|
26
|
-
2 => :string, # ldapsearch sends this to unbind
|
27
|
-
},
|
28
|
-
},
|
29
|
-
:context_specific => {
|
30
|
-
:primitive => {
|
31
|
-
0 => :string, # simple auth (password)
|
32
|
-
7 => :string # present filter
|
33
|
-
},
|
34
|
-
:constructed => {
|
35
|
-
3 => :array # equality filter
|
36
|
-
},
|
37
|
-
},
|
38
|
-
}
|
39
|
-
|
40
|
-
def post_init
|
41
|
-
$logger.info "Accepted LDAP connection"
|
42
|
-
@authenticated = false
|
43
|
-
end
|
44
|
-
|
45
|
-
def receive_data data
|
46
|
-
@data ||= ""; @data << data
|
47
|
-
while pdu = @data.read_ber!(LdapServerAsnSyntax)
|
48
|
-
begin
|
49
|
-
handle_ldap_pdu pdu
|
50
|
-
rescue
|
51
|
-
$logger.error "closing connection due to error #{$!}"
|
52
|
-
close_connection
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
def handle_ldap_pdu pdu
|
58
|
-
tag_id = pdu[1].ber_identifier
|
59
|
-
case tag_id
|
60
|
-
when 0x60
|
61
|
-
handle_bind_request pdu
|
62
|
-
when 0x63
|
63
|
-
handle_search_request pdu
|
64
|
-
when 0x42
|
65
|
-
# bizarre thing, it's a null object (primitive application-2)
|
66
|
-
# sent by ldapsearch to request an unbind (or a kiss-off, not sure which)
|
67
|
-
close_connection_after_writing
|
68
|
-
else
|
69
|
-
$logger.error "received unknown packet-type #{tag_id}"
|
70
|
-
close_connection_after_writing
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
def handle_bind_request pdu
|
75
|
-
# TODO, return a proper LDAP error instead of blowing up on version error
|
76
|
-
if pdu[1][0] != 3
|
77
|
-
send_ldap_response 1, pdu[0].to_i, 2, "", "We only support version 3"
|
78
|
-
elsif pdu[1][1] != "cn=bigshot,dc=bayshorenetworks,dc=com"
|
79
|
-
send_ldap_response 1, pdu[0].to_i, 48, "", "Who are you?"
|
80
|
-
elsif pdu[1][2].ber_identifier != 0x80
|
81
|
-
send_ldap_response 1, pdu[0].to_i, 7, "", "Keep it simple, man"
|
82
|
-
elsif pdu[1][2] != "opensesame"
|
83
|
-
send_ldap_response 1, pdu[0].to_i, 49, "", "Make my day"
|
84
|
-
else
|
85
|
-
@authenticated = true
|
86
|
-
send_ldap_response 1, pdu[0].to_i, 0, pdu[1][1], "I'll take it"
|
87
|
-
end
|
88
|
-
end
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
#--
|
93
|
-
# Search Response ::=
|
94
|
-
# CHOICE {
|
95
|
-
# entry [APPLICATION 4] SEQUENCE {
|
96
|
-
# objectName LDAPDN,
|
97
|
-
# attributes SEQUENCE OF SEQUENCE {
|
98
|
-
# AttributeType,
|
99
|
-
# SET OF AttributeValue
|
100
|
-
# }
|
101
|
-
# },
|
102
|
-
# resultCode [APPLICATION 5] LDAPResult
|
103
|
-
# }
|
104
|
-
def handle_search_request pdu
|
105
|
-
unless @authenticated
|
106
|
-
# NOTE, early exit.
|
107
|
-
send_ldap_response 5, pdu[0].to_i, 50, "", "Who did you say you were?"
|
108
|
-
return
|
109
|
-
end
|
110
|
-
|
111
|
-
treebase = pdu[1][0]
|
112
|
-
if treebase != "dc=bayshorenetworks,dc=com"
|
113
|
-
send_ldap_response 5, pdu[0].to_i, 32, "", "unknown treebase"
|
114
|
-
return
|
115
|
-
end
|
116
|
-
|
117
|
-
msgid = pdu[0].to_i.to_ber
|
118
|
-
|
119
|
-
# pdu[1][7] is the list of requested attributes.
|
120
|
-
# If it's an empty array, that means that *all* attributes were requested.
|
121
|
-
requested_attrs = if pdu[1][7].length > 0
|
122
|
-
pdu[1][7].map(&:downcase)
|
123
|
-
else
|
124
|
-
:all
|
125
|
-
end
|
126
|
-
|
127
|
-
filters = pdu[1][6]
|
128
|
-
if filters.length == 0
|
129
|
-
# NOTE, early exit.
|
130
|
-
send_ldap_response 5, pdu[0].to_i, 53, "", "No filter specified"
|
131
|
-
end
|
132
|
-
|
133
|
-
# TODO, what if this returns nil?
|
134
|
-
filter = Net::LDAP::Filter.parse_ldap_filter( filters )
|
135
|
-
|
136
|
-
$ldif.each do |dn, entry|
|
137
|
-
if filter.match( entry )
|
138
|
-
attrs = []
|
139
|
-
entry.each do |k, v|
|
140
|
-
if requested_attrs == :all or requested_attrs.include?(k.downcase)
|
141
|
-
attrvals = v.map(&:to_ber).to_ber_set
|
142
|
-
attrs << [k.to_ber, attrvals].to_ber_sequence
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
appseq = [dn.to_ber, attrs.to_ber_sequence].to_ber_appsequence(4)
|
147
|
-
pkt = [msgid.to_ber, appseq].to_ber_sequence
|
148
|
-
send_data pkt
|
149
|
-
end
|
150
|
-
end
|
151
|
-
|
152
|
-
|
153
|
-
send_ldap_response 5, pdu[0].to_i, 0, "", "Was that what you wanted?"
|
154
|
-
end
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
def send_ldap_response pkt_tag, msgid, code, dn, text
|
159
|
-
send_data( [msgid.to_ber, [code.to_ber, dn.to_ber, text.to_ber].to_ber_appsequence(pkt_tag)].to_ber )
|
160
|
-
end
|
161
|
-
|
162
|
-
end
|
163
|
-
|
164
|
-
|
165
|
-
#------------------------------------------------
|
166
|
-
|
167
|
-
# Rather bogus, a global method, which reads a HARDCODED filename
|
168
|
-
# parses out LDIF data. It will be used to serve LDAP queries out of this server.
|
169
|
-
#
|
170
|
-
def load_test_data
|
171
|
-
ary = File.readlines( "./testdata.ldif" )
|
172
|
-
hash = {}
|
173
|
-
while line = ary.shift and line.chomp!
|
174
|
-
if line =~ /^dn:[\s]*/i
|
175
|
-
dn = $'
|
176
|
-
hash[dn] = {}
|
177
|
-
while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
|
178
|
-
hash[dn][$1.downcase] ||= []
|
179
|
-
hash[dn][$1.downcase] << $'
|
180
|
-
end
|
181
|
-
end
|
182
|
-
end
|
183
|
-
hash
|
184
|
-
end
|
185
|
-
|
186
|
-
|
187
|
-
#------------------------------------------------
|
188
|
-
|
189
|
-
if __FILE__ == $0
|
190
|
-
|
191
|
-
require 'rubygems'
|
192
|
-
require 'eventmachine'
|
193
|
-
|
194
|
-
require 'logger'
|
195
|
-
$logger = Logger.new $stderr
|
196
|
-
|
197
|
-
$logger.info "adding ../lib to loadpath, to pick up dev version of Net::LDAP."
|
198
|
-
$:.unshift "../lib"
|
199
|
-
|
200
|
-
$ldif = load_test_data
|
201
|
-
|
202
|
-
require 'net/ldap'
|
203
|
-
|
204
|
-
EventMachine.run do
|
205
|
-
$logger.info "starting LDAP server on 127.0.0.1 port 3890"
|
206
|
-
EventMachine.start_server "127.0.0.1", 3890, LdapServer
|
207
|
-
EventMachine.add_periodic_timer 60, proc {$logger.info "heartbeat"}
|
208
|
-
end
|
209
|
-
end
|
data/testserver/testdata.ldif
DELETED
@@ -1,101 +0,0 @@
|
|
1
|
-
# $Id$
|
2
|
-
#
|
3
|
-
# This is test-data for an LDAP server in LDIF format.
|
4
|
-
#
|
5
|
-
dn: dc=bayshorenetworks,dc=com
|
6
|
-
objectClass: dcObject
|
7
|
-
objectClass: organization
|
8
|
-
o: Bayshore Networks LLC
|
9
|
-
dc: bayshorenetworks
|
10
|
-
|
11
|
-
dn: cn=Manager,dc=bayshorenetworks,dc=com
|
12
|
-
objectClass: organizationalrole
|
13
|
-
cn: Manager
|
14
|
-
|
15
|
-
dn: ou=people,dc=bayshorenetworks,dc=com
|
16
|
-
objectClass: organizationalunit
|
17
|
-
ou: people
|
18
|
-
|
19
|
-
dn: ou=privileges,dc=bayshorenetworks,dc=com
|
20
|
-
objectClass: organizationalunit
|
21
|
-
ou: privileges
|
22
|
-
|
23
|
-
dn: ou=roles,dc=bayshorenetworks,dc=com
|
24
|
-
objectClass: organizationalunit
|
25
|
-
ou: roles
|
26
|
-
|
27
|
-
dn: ou=office,dc=bayshorenetworks,dc=com
|
28
|
-
objectClass: organizationalunit
|
29
|
-
ou: office
|
30
|
-
|
31
|
-
dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
32
|
-
cn: Bob Fosse
|
33
|
-
mail: nogoodnik@steamheat.net
|
34
|
-
sn: Fosse
|
35
|
-
ou: people
|
36
|
-
objectClass: top
|
37
|
-
objectClass: inetorgperson
|
38
|
-
objectClass: authorizedperson
|
39
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
40
|
-
hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
|
41
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
42
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
43
|
-
hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
|
44
|
-
hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
|
45
|
-
hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
|
46
|
-
hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
|
47
|
-
hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
|
48
|
-
hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
|
49
|
-
hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
|
50
|
-
hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
|
51
|
-
|
52
|
-
dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
53
|
-
cn: Gwen Verdon
|
54
|
-
mail: elephant@steamheat.net
|
55
|
-
sn: Verdon
|
56
|
-
ou: people
|
57
|
-
objectClass: top
|
58
|
-
objectClass: inetorgperson
|
59
|
-
objectClass: authorizedperson
|
60
|
-
hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
|
61
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
62
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
63
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
64
|
-
hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
|
65
|
-
|
66
|
-
dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
|
67
|
-
uniqueIdentifier: engineering
|
68
|
-
ou: privileges
|
69
|
-
objectClass: accessPrivilege
|
70
|
-
|
71
|
-
dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
|
72
|
-
uniqueIdentifier: engineer
|
73
|
-
ou: roles
|
74
|
-
objectClass: accessRole
|
75
|
-
hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
|
76
|
-
|
77
|
-
dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
|
78
|
-
uniqueIdentifier: ldapadmin
|
79
|
-
ou: roles
|
80
|
-
objectClass: accessRole
|
81
|
-
|
82
|
-
dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
|
83
|
-
uniqueIdentifier: ldapsuperadmin
|
84
|
-
ou: roles
|
85
|
-
objectClass: accessRole
|
86
|
-
|
87
|
-
dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
88
|
-
cn: Sid Sorokin
|
89
|
-
mail: catperson@steamheat.net
|
90
|
-
sn: Sorokin
|
91
|
-
ou: people
|
92
|
-
objectClass: top
|
93
|
-
objectClass: inetorgperson
|
94
|
-
objectClass: authorizedperson
|
95
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
96
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
97
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
98
|
-
hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
|
99
|
-
hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
|
100
|
-
hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
|
101
|
-
|