net-ldap 0.15.0 → 0.16.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of net-ldap might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.rubocop.yml +4 -1
- data/.rubocop_todo.yml +240 -86
- data/History.rdoc +6 -0
- data/README.rdoc +4 -6
- data/lib/net/ber.rb +3 -4
- data/lib/net/ber/ber_parser.rb +3 -3
- data/lib/net/ldap.rb +51 -41
- data/lib/net/ldap/auth_adapter/sasl.rb +3 -1
- data/lib/net/ldap/connection.rb +27 -28
- data/lib/net/ldap/dn.rb +4 -5
- data/lib/net/ldap/entry.rb +4 -5
- data/lib/net/ldap/version.rb +1 -1
- data/net-ldap.gemspec +1 -1
- data/script/generate-fixture-ca +48 -0
- data/script/install-openldap +38 -19
- data/test/fixtures/ca/ca.info +4 -0
- data/test/fixtures/ca/cacert.pem +24 -0
- data/test/fixtures/ca/cakey.pem +190 -0
- data/test/integration/test_bind.rb +214 -12
- data/test/support/vm/openldap/README.md +35 -3
- data/test/support/vm/openldap/Vagrantfile +1 -0
- data/test/test_helper.rb +9 -1
- data/test/test_ldap_connection.rb +1 -3
- data/test/test_ldif.rb +1 -1
- metadata +12 -7
- data/test/fixtures/cacert.pem +0 -20
@@ -0,0 +1,24 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIID7zCCAlegAwIBAgIMV7zWei6SNfABx6jMMA0GCSqGSIb3DQEBCwUAMBMxETAP
|
3
|
+
BgNVBAMTCHJ1YnlsZGFwMB4XDTE2MDgyMzIzMDQyNloXDTM2MDUxMDIzMDQyNlow
|
4
|
+
EzERMA8GA1UEAxMIcnVieWxkYXAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
|
5
|
+
AoIBgQDGe9wziGHZJhIf+IEKSk1tpT9Mu7YgsUwjrlutvkoO1Q6K+amTAVDXizPf
|
6
|
+
1DVSDpZP5+CfBOznhgLMsPvrQ02w4qx5/6X9L+zJcMk8jTNYSKj5uIKpK52E7Uok
|
7
|
+
aygMXeaqroPONGkoJIZiVGgdbWfTvcffTm8FOhztXUbMrMXJNinFsocGHEoMNN8b
|
8
|
+
vqgAyG4+DFHoK4L0c6eQjE4nZBChieZdShUhaBpV7r2qSNbPw67cvAKuEzml58mV
|
9
|
+
1ZF1F73Ua8gPWXHEfUe2GEfG0NnRq6sGbsDYe/DIKxC7AZ89udZF3WZXNrPhvXKj
|
10
|
+
ZT7njwcMQemns4dNPQ0k2V4vAQ8pD8r8Qvb65FiSopUhVaGQswAnIMS1DnFq88AQ
|
11
|
+
KJTKIXbBuMwuaNNSs6R/qTS2RDk1w+CGpRXAg7+1SX5NKdrEsu1IaABA/tQ/zKKk
|
12
|
+
OLLJaD0giX1weBVmNeFcKxIoT34VS59eEt5APmPcguJnx+aBrA9TLzSO788apBN0
|
13
|
+
4lGAmR0CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
14
|
+
MB0GA1UdDgQWBBRTvXSkge03oqLu7UUjFI+oLYwnujANBgkqhkiG9w0BAQsFAAOC
|
15
|
+
AYEATSZQWH+uSN5GvOUvJ8LHWkeVovn0UhboK0K7GzmMeGz+dp/Xrj6eQ4ONK0zI
|
16
|
+
RCJyoo/nCR7CfQ5ujVXr03XD2SUgyD565ulXuhw336DasL5//fucmQYDeqhwbKML
|
17
|
+
FTzsF9H9dO4J5TjxJs7e5dRJ0wrP/XEY+WFhXXdSHTl8vGCI6QqWc7TvDpmbS4iX
|
18
|
+
uTzjJswu9Murt9JUJNMN2DlDi/vBBeruaj4c2cMMnKMvkfj14kd8wMocmzj+gVQl
|
19
|
+
r+fRQbKAJNec65lA4/Zeb6sD9SAi0ZIVgxA4a7g8/sdNWHIAxPicpJkIJf30TsyY
|
20
|
+
F+8+Hd5mBtCbvFfAVkT6bHBP1OiAgNke+Rh/j/sQbyWbKCKw0+jpFJgO9KUNGfC0
|
21
|
+
O/CqX+J4G7HqL8VJqrLnBvOdhfetAvNQtf1gcw5ZwpeEFM+Kvx/lsILaIYdAUSjX
|
22
|
+
ePOc5gI2Bi9WXq+T9AuhSf+TWUR874m/rdTWe5fM8mXCNl7C4I5zCqLltEDkSoMP
|
23
|
+
jDj/
|
24
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,190 @@
|
|
1
|
+
Public Key Info:
|
2
|
+
Public Key Algorithm: RSA
|
3
|
+
Key Security Level: High (3072 bits)
|
4
|
+
|
5
|
+
modulus:
|
6
|
+
00:c6:7b:dc:33:88:61:d9:26:12:1f:f8:81:0a:4a:4d
|
7
|
+
6d:a5:3f:4c:bb:b6:20:b1:4c:23:ae:5b:ad:be:4a:0e
|
8
|
+
d5:0e:8a:f9:a9:93:01:50:d7:8b:33:df:d4:35:52:0e
|
9
|
+
96:4f:e7:e0:9f:04:ec:e7:86:02:cc:b0:fb:eb:43:4d
|
10
|
+
b0:e2:ac:79:ff:a5:fd:2f:ec:c9:70:c9:3c:8d:33:58
|
11
|
+
48:a8:f9:b8:82:a9:2b:9d:84:ed:4a:24:6b:28:0c:5d
|
12
|
+
e6:aa:ae:83:ce:34:69:28:24:86:62:54:68:1d:6d:67
|
13
|
+
d3:bd:c7:df:4e:6f:05:3a:1c:ed:5d:46:cc:ac:c5:c9
|
14
|
+
36:29:c5:b2:87:06:1c:4a:0c:34:df:1b:be:a8:00:c8
|
15
|
+
6e:3e:0c:51:e8:2b:82:f4:73:a7:90:8c:4e:27:64:10
|
16
|
+
a1:89:e6:5d:4a:15:21:68:1a:55:ee:bd:aa:48:d6:cf
|
17
|
+
c3:ae:dc:bc:02:ae:13:39:a5:e7:c9:95:d5:91:75:17
|
18
|
+
bd:d4:6b:c8:0f:59:71:c4:7d:47:b6:18:47:c6:d0:d9
|
19
|
+
d1:ab:ab:06:6e:c0:d8:7b:f0:c8:2b:10:bb:01:9f:3d
|
20
|
+
b9:d6:45:dd:66:57:36:b3:e1:bd:72:a3:65:3e:e7:8f
|
21
|
+
07:0c:41:e9:a7:b3:87:4d:3d:0d:24:d9:5e:2f:01:0f
|
22
|
+
29:0f:ca:fc:42:f6:fa:e4:58:92:a2:95:21:55:a1:90
|
23
|
+
b3:00:27:20:c4:b5:0e:71:6a:f3:c0:10:28:94:ca:21
|
24
|
+
76:c1:b8:cc:2e:68:d3:52:b3:a4:7f:a9:34:b6:44:39
|
25
|
+
35:c3:e0:86:a5:15:c0:83:bf:b5:49:7e:4d:29:da:c4
|
26
|
+
b2:ed:48:68:00:40:fe:d4:3f:cc:a2:a4:38:b2:c9:68
|
27
|
+
3d:20:89:7d:70:78:15:66:35:e1:5c:2b:12:28:4f:7e
|
28
|
+
15:4b:9f:5e:12:de:40:3e:63:dc:82:e2:67:c7:e6:81
|
29
|
+
ac:0f:53:2f:34:8e:ef:cf:1a:a4:13:74:e2:51:80:99
|
30
|
+
1d:
|
31
|
+
|
32
|
+
public exponent:
|
33
|
+
01:00:01:
|
34
|
+
|
35
|
+
private exponent:
|
36
|
+
1d:0d:9a:50:ec:c0:ad:e1:75:bb:ba:4b:61:2f:39:20
|
37
|
+
38:95:08:6d:5d:9e:71:75:5c:af:b3:f9:bd:a5:e7:7f
|
38
|
+
e6:4e:0f:77:73:ee:38:60:24:9f:26:3f:50:c2:bf:21
|
39
|
+
df:76:68:99:be:45:d3:29:f9:94:ee:bf:21:53:cb:b6
|
40
|
+
7d:a7:93:80:09:53:03:45:dc:c2:a6:a2:37:64:f1:a2
|
41
|
+
49:21:ac:91:6b:a3:d7:bd:d2:62:0c:ec:a6:83:10:e7
|
42
|
+
a7:ca:3d:be:dc:4b:1c:36:24:79:96:33:5b:43:5d:74
|
43
|
+
50:0e:46:b0:9b:6d:9f:71:06:89:a5:c8:65:ed:d9:a3
|
44
|
+
15:00:3c:3e:a9:75:50:9d:72:cb:c9:aa:e1:ba:a3:9c
|
45
|
+
07:77:14:32:30:d4:4d:65:f4:7c:23:1d:79:84:9b:2e
|
46
|
+
9a:19:df:43:ed:cd:e3:08:1f:d5:ff:6b:42:98:36:f7
|
47
|
+
44:cc:48:b4:f7:b8:16:b3:23:37:8d:b8:22:3f:8a:86
|
48
|
+
db:71:b3:85:2d:6d:42:44:b7:dc:c1:36:e0:c4:0f:fe
|
49
|
+
cb:76:84:81:e2:83:f5:82:76:a9:7b:35:d5:44:00:d1
|
50
|
+
1a:fc:ef:b9:a4:2b:62:aa:f8:56:eb:60:e5:16:33:f1
|
51
|
+
28:e1:da:91:50:e3:a4:c7:d6:30:21:cf:04:07:cd:8c
|
52
|
+
b6:9e:b0:a7:6c:96:57:2e:09:5b:39:26:d0:60:be:e3
|
53
|
+
90:59:a3:8e:e7:6e:3f:62:7e:b4:2a:e1:8f:00:37:7a
|
54
|
+
83:9e:7a:9c:d2:ae:ba:50:84:73:65:3a:64:95:d8:48
|
55
|
+
f9:fd:0e:c3:5b:6e:08:3b:c5:c9:1c:29:55:bb:67:e8
|
56
|
+
fa:50:40:30:2a:d1:b7:cf:54:a8:f0:f0:76:89:ad:19
|
57
|
+
e7:a0:3a:56:6c:75:c5:bc:d8:46:ce:1e:66:f2:61:96
|
58
|
+
11:e4:57:cc:52:ff:e4:ed:6b:2c:ce:78:15:ba:b7:ed
|
59
|
+
31:f2:68:88:79:bf:7c:29:3c:2f:66:71:0b:09:b7:41
|
60
|
+
|
61
|
+
|
62
|
+
prime1:
|
63
|
+
00:fd:c2:37:b9:6f:77:88:51:a2:f7:4f:c2:3c:a4:57
|
64
|
+
bf:ba:71:14:f3:61:f4:39:78:22:3d:bc:d8:d2:4e:c0
|
65
|
+
4b:9e:c2:6d:38:a8:21:e2:70:1a:96:48:95:18:85:01
|
66
|
+
46:fb:62:a4:81:09:f8:2a:3a:87:78:07:5d:93:54:ce
|
67
|
+
2a:51:b3:51:6f:61:0a:2e:9d:b0:51:37:e3:13:bd:81
|
68
|
+
23:2b:61:53:fa:ac:08:dc:a0:e6:63:a3:b0:cc:cf:73
|
69
|
+
1d:65:b7:11:bc:29:70:fb:72:ea:63:9d:67:02:d6:35
|
70
|
+
24:13:1d:bc:72:fb:9e:3d:ab:0b:57:6e:bd:a1:51:56
|
71
|
+
f9:bc:96:15:74:a3:31:16:c6:b8:98:1b:0a:a2:59:7c
|
72
|
+
c8:b7:14:b8:5b:f3:2e:26:b4:f0:46:c4:3d:27:dd:41
|
73
|
+
31:52:a7:15:a8:af:6a:98:a5:9c:20:17:f9:1d:54:54
|
74
|
+
ff:10:91:a3:a5:ca:ac:63:e7:16:2b:71:3c:3a:cd:4f
|
75
|
+
ed:
|
76
|
+
|
77
|
+
prime2:
|
78
|
+
00:c8:3c:a8:9f:8a:db:42:b5:8d:cf:2a:a1:2f:e5:73
|
79
|
+
05:de:30:d8:17:b9:5c:9d:08:60:02:c9:66:9d:88:50
|
80
|
+
ac:cd:0f:b5:47:b4:a8:73:3b:7d:65:79:bf:4c:6f:d0
|
81
|
+
e2:03:ed:d4:28:4e:00:07:23:00:01:4f:05:de:9b:44
|
82
|
+
1a:84:ae:09:4a:d6:ed:61:5d:77:e2:fa:13:99:4c:b7
|
83
|
+
76:72:3d:f8:53:93:69:78:e8:bd:26:cb:b0:f9:01:f4
|
84
|
+
1d:20:4f:60:f5:ab:3c:19:85:73:34:f3:ec:d2:67:ef
|
85
|
+
56:b8:5d:93:73:8e:d9:3e:28:ff:87:f5:4a:26:fa:b1
|
86
|
+
ae:c6:d3:9d:03:e3:fd:c2:24:48:af:85:2a:8e:3b:5b
|
87
|
+
93:07:38:91:21:ae:49:cb:6d:e3:30:81:15:ed:65:eb
|
88
|
+
dc:01:df:3b:9d:43:fd:a6:e1:df:ef:ad:22:42:34:f1
|
89
|
+
3f:81:5e:57:0a:e0:56:94:f2:2a:00:d0:cc:c5:50:67
|
90
|
+
f1:
|
91
|
+
|
92
|
+
coefficient:
|
93
|
+
00:bd:23:8c:2e:a7:7b:6b:1e:85:77:db:7d:77:f6:e5
|
94
|
+
b0:15:c6:e1:9e:35:57:72:df:35:6d:93:89:7f:83:9f
|
95
|
+
63:7f:08:0a:b3:d4:ba:63:9b:10:7f:0f:d3:55:e9:38
|
96
|
+
cf:90:37:3d:85:3d:a7:97:8c:33:f2:c2:b1:38:2b:db
|
97
|
+
39:ca:a8:d0:23:d7:89:cc:8d:02:7d:61:9b:b6:04:69
|
98
|
+
14:e8:c9:84:34:36:6c:fb:84:58:cc:9a:53:74:a4:42
|
99
|
+
bd:1d:25:1b:ba:82:c0:fb:23:2c:90:bb:35:4b:5b:b0
|
100
|
+
98:d0:ab:9d:61:6e:ea:e8:84:e7:a7:6c:ae:1b:2c:00
|
101
|
+
cb:0f:1a:f8:e2:7c:fd:42:1a:e2:13:52:c7:50:fa:65
|
102
|
+
c9:5f:ed:40:a8:7f:46:0e:ce:f6:56:83:6f:0e:8e:39
|
103
|
+
f8:33:5f:83:de:be:be:ef:8c:66:ad:16:c8:ec:98:d4
|
104
|
+
b2:b2:55:66:a2:9e:27:6a:84:f1:31:07:e8:bf:a7:a7
|
105
|
+
bd:
|
106
|
+
|
107
|
+
exp1:
|
108
|
+
00:b6:50:0c:53:19:07:8b:14:03:fe:a4:fa:0b:31:93
|
109
|
+
ad:b7:18:b9:91:a6:c5:9d:68:77:49:5d:dd:75:33:89
|
110
|
+
2a:8b:54:6a:be:32:e5:ad:57:17:72:f3:90:d2:fd:f4
|
111
|
+
0d:f8:5c:45:8e:44:08:5c:e6:92:1f:a5:43:10:af:f4
|
112
|
+
33:29:61:a8:d7:59:a3:c4:1c:1c:ea:2d:39:e3:1b:da
|
113
|
+
a4:d6:ec:e5:36:0a:d5:8f:15:b6:90:cd:b1:1f:64:c7
|
114
|
+
f2:cd:fa:3a:2e:b2:a3:6e:b4:80:3b:b3:81:a7:e3:18
|
115
|
+
68:e3:a7:10:96:97:ba:77:d9:e4:9b:1b:7f:f8:5f:85
|
116
|
+
1a:85:e8:5a:5f:e3:43:48:76:db:76:c4:ae:de:37:66
|
117
|
+
d4:99:dc:b4:1b:b3:da:6b:8a:c1:ba:46:11:1e:0b:f3
|
118
|
+
63:a9:5b:4b:cf:56:c0:42:0d:71:df:08:fa:3c:9d:33
|
119
|
+
37:d1:c2:a1:0d:63:50:79:b2:34:16:60:13:82:b7:b1
|
120
|
+
7d:
|
121
|
+
|
122
|
+
exp2:
|
123
|
+
00:98:38:2c:c4:24:4e:2c:b7:52:17:a4:43:a6:e2:99
|
124
|
+
ff:62:fa:e4:bb:9c:49:40:83:66:61:97:f3:af:5c:3a
|
125
|
+
60:32:ff:77:03:0c:de:65:c3:5a:bf:72:bf:2f:7f:6d
|
126
|
+
5e:f4:37:af:69:f8:69:e3:03:03:74:fb:3a:ee:10:40
|
127
|
+
c4:9c:0a:a5:bb:c4:09:ef:53:9b:d8:eb:dd:4c:53:da
|
128
|
+
c0:6b:76:9a:ba:06:3d:4f:12:37:01:30:25:d8:16:59
|
129
|
+
1a:6f:3e:88:ea:19:83:75:af:52:76:75:dc:99:d3:33
|
130
|
+
4a:4c:9b:ae:85:51:99:ea:bc:46:0d:78:36:27:cd:ba
|
131
|
+
97:b0:44:9c:7f:a1:a9:7e:16:11:3f:85:4f:65:92:d0
|
132
|
+
39:c4:6a:87:42:00:79:ce:f1:39:9d:dc:f3:eb:65:e8
|
133
|
+
d8:76:7f:da:94:e2:64:08:a2:7b:97:7b:99:a8:95:10
|
134
|
+
b5:03:46:d1:8a:ce:22:63:d6:78:81:e8:39:52:e2:9e
|
135
|
+
31:
|
136
|
+
|
137
|
+
|
138
|
+
Public Key ID: 53:BD:74:A4:81:ED:37:A2:A2:EE:ED:45:23:14:8F:A8:2D:8C:27:BA
|
139
|
+
Public key's random art:
|
140
|
+
+--[ RSA 3072]----+
|
141
|
+
| . o. . |
|
142
|
+
| . +...+ |
|
143
|
+
| . o o.+ . |
|
144
|
+
| o o . . .ooo |
|
145
|
+
| o = . S o..o . |
|
146
|
+
| . o . .+.. |
|
147
|
+
|. . .. |
|
148
|
+
| . .. . |
|
149
|
+
|E oo.o |
|
150
|
+
+-----------------+
|
151
|
+
|
152
|
+
-----BEGIN RSA PRIVATE KEY-----
|
153
|
+
MIIG5QIBAAKCAYEAxnvcM4hh2SYSH/iBCkpNbaU/TLu2ILFMI65brb5KDtUOivmp
|
154
|
+
kwFQ14sz39Q1Ug6WT+fgnwTs54YCzLD760NNsOKsef+l/S/syXDJPI0zWEio+biC
|
155
|
+
qSudhO1KJGsoDF3mqq6DzjRpKCSGYlRoHW1n073H305vBToc7V1GzKzFyTYpxbKH
|
156
|
+
BhxKDDTfG76oAMhuPgxR6CuC9HOnkIxOJ2QQoYnmXUoVIWgaVe69qkjWz8Ou3LwC
|
157
|
+
rhM5pefJldWRdRe91GvID1lxxH1HthhHxtDZ0aurBm7A2HvwyCsQuwGfPbnWRd1m
|
158
|
+
Vzaz4b1yo2U+548HDEHpp7OHTT0NJNleLwEPKQ/K/EL2+uRYkqKVIVWhkLMAJyDE
|
159
|
+
tQ5xavPAECiUyiF2wbjMLmjTUrOkf6k0tkQ5NcPghqUVwIO/tUl+TSnaxLLtSGgA
|
160
|
+
QP7UP8yipDiyyWg9IIl9cHgVZjXhXCsSKE9+FUufXhLeQD5j3ILiZ8fmgawPUy80
|
161
|
+
ju/PGqQTdOJRgJkdAgMBAAECggGAHQ2aUOzAreF1u7pLYS85IDiVCG1dnnF1XK+z
|
162
|
+
+b2l53/mTg93c+44YCSfJj9Qwr8h33Zomb5F0yn5lO6/IVPLtn2nk4AJUwNF3MKm
|
163
|
+
ojdk8aJJIayRa6PXvdJiDOymgxDnp8o9vtxLHDYkeZYzW0NddFAORrCbbZ9xBoml
|
164
|
+
yGXt2aMVADw+qXVQnXLLyarhuqOcB3cUMjDUTWX0fCMdeYSbLpoZ30PtzeMIH9X/
|
165
|
+
a0KYNvdEzEi097gWsyM3jbgiP4qG23GzhS1tQkS33ME24MQP/st2hIHig/WCdql7
|
166
|
+
NdVEANEa/O+5pCtiqvhW62DlFjPxKOHakVDjpMfWMCHPBAfNjLaesKdsllcuCVs5
|
167
|
+
JtBgvuOQWaOO524/Yn60KuGPADd6g556nNKuulCEc2U6ZJXYSPn9DsNbbgg7xckc
|
168
|
+
KVW7Z+j6UEAwKtG3z1So8PB2ia0Z56A6Vmx1xbzYRs4eZvJhlhHkV8xS/+TtayzO
|
169
|
+
eBW6t+0x8miIeb98KTwvZnELCbdBAoHBAP3CN7lvd4hRovdPwjykV7+6cRTzYfQ5
|
170
|
+
eCI9vNjSTsBLnsJtOKgh4nAalkiVGIUBRvtipIEJ+Co6h3gHXZNUzipRs1FvYQou
|
171
|
+
nbBRN+MTvYEjK2FT+qwI3KDmY6OwzM9zHWW3EbwpcPty6mOdZwLWNSQTHbxy+549
|
172
|
+
qwtXbr2hUVb5vJYVdKMxFsa4mBsKoll8yLcUuFvzLia08EbEPSfdQTFSpxWor2qY
|
173
|
+
pZwgF/kdVFT/EJGjpcqsY+cWK3E8Os1P7QKBwQDIPKifittCtY3PKqEv5XMF3jDY
|
174
|
+
F7lcnQhgAslmnYhQrM0PtUe0qHM7fWV5v0xv0OID7dQoTgAHIwABTwXem0QahK4J
|
175
|
+
StbtYV134voTmUy3dnI9+FOTaXjovSbLsPkB9B0gT2D1qzwZhXM08+zSZ+9WuF2T
|
176
|
+
c47ZPij/h/VKJvqxrsbTnQPj/cIkSK+FKo47W5MHOJEhrknLbeMwgRXtZevcAd87
|
177
|
+
nUP9puHf760iQjTxP4FeVwrgVpTyKgDQzMVQZ/ECgcEAtlAMUxkHixQD/qT6CzGT
|
178
|
+
rbcYuZGmxZ1od0ld3XUziSqLVGq+MuWtVxdy85DS/fQN+FxFjkQIXOaSH6VDEK/0
|
179
|
+
MylhqNdZo8QcHOotOeMb2qTW7OU2CtWPFbaQzbEfZMfyzfo6LrKjbrSAO7OBp+MY
|
180
|
+
aOOnEJaXunfZ5Jsbf/hfhRqF6Fpf40NIdtt2xK7eN2bUmdy0G7Paa4rBukYRHgvz
|
181
|
+
Y6lbS89WwEINcd8I+jydMzfRwqENY1B5sjQWYBOCt7F9AoHBAJg4LMQkTiy3Uhek
|
182
|
+
Q6bimf9i+uS7nElAg2Zhl/OvXDpgMv93AwzeZcNav3K/L39tXvQ3r2n4aeMDA3T7
|
183
|
+
Ou4QQMScCqW7xAnvU5vY691MU9rAa3aaugY9TxI3ATAl2BZZGm8+iOoZg3WvUnZ1
|
184
|
+
3JnTM0pMm66FUZnqvEYNeDYnzbqXsEScf6GpfhYRP4VPZZLQOcRqh0IAec7xOZ3c
|
185
|
+
8+tl6Nh2f9qU4mQIonuXe5molRC1A0bRis4iY9Z4geg5UuKeMQKBwQC9I4wup3tr
|
186
|
+
HoV323139uWwFcbhnjVXct81bZOJf4OfY38ICrPUumObEH8P01XpOM+QNz2FPaeX
|
187
|
+
jDPywrE4K9s5yqjQI9eJzI0CfWGbtgRpFOjJhDQ2bPuEWMyaU3SkQr0dJRu6gsD7
|
188
|
+
IyyQuzVLW7CY0KudYW7q6ITnp2yuGywAyw8a+OJ8/UIa4hNSx1D6Zclf7UCof0YO
|
189
|
+
zvZWg28Ojjn4M1+D3r6+74xmrRbI7JjUsrJVZqKeJ2qE8TEH6L+np70=
|
190
|
+
-----END RSA PRIVATE KEY-----
|
@@ -2,19 +2,23 @@ require_relative '../test_helper'
|
|
2
2
|
|
3
3
|
class TestBindIntegration < LDAPIntegrationTestCase
|
4
4
|
def test_bind_success
|
5
|
-
assert @ldap.bind(
|
5
|
+
assert @ldap.bind(BIND_CREDS),
|
6
|
+
@ldap.get_operation_result.inspect
|
6
7
|
end
|
7
8
|
|
8
9
|
def test_bind_timeout
|
9
10
|
@ldap.port = 8389
|
10
11
|
error = assert_raise Net::LDAP::Error do
|
11
|
-
@ldap.bind
|
12
|
+
@ldap.bind BIND_CREDS
|
12
13
|
end
|
13
|
-
|
14
|
+
msgs = ['Operation timed out - user specified timeout',
|
15
|
+
'Connection timed out - user specified timeout']
|
16
|
+
assert_send([msgs, :include?, error.message])
|
14
17
|
end
|
15
18
|
|
16
19
|
def test_bind_anonymous_fail
|
17
|
-
refute @ldap.bind(
|
20
|
+
refute @ldap.bind(BIND_CREDS.merge(password: '')),
|
21
|
+
@ldap.get_operation_result.inspect
|
18
22
|
|
19
23
|
result = @ldap.get_operation_result
|
20
24
|
assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code
|
@@ -25,18 +29,216 @@ class TestBindIntegration < LDAPIntegrationTestCase
|
|
25
29
|
end
|
26
30
|
|
27
31
|
def test_bind_fail
|
28
|
-
refute @ldap.bind(
|
32
|
+
refute @ldap.bind(BIND_CREDS.merge(password: "not my password")),
|
33
|
+
@ldap.get_operation_result.inspect
|
29
34
|
end
|
30
35
|
|
31
36
|
def test_bind_tls_with_cafile
|
32
|
-
|
33
|
-
|
34
|
-
|
37
|
+
@ldap.encryption(
|
38
|
+
method: :start_tls,
|
39
|
+
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
|
40
|
+
)
|
41
|
+
assert @ldap.bind(BIND_CREDS),
|
42
|
+
@ldap.get_operation_result.inspect
|
35
43
|
end
|
36
44
|
|
37
|
-
def
|
38
|
-
|
39
|
-
@ldap.encryption(
|
40
|
-
|
45
|
+
def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes
|
46
|
+
@ldap.host = '127.0.0.1'
|
47
|
+
@ldap.encryption(
|
48
|
+
method: :start_tls,
|
49
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
|
50
|
+
)
|
51
|
+
assert @ldap.bind(BIND_CREDS),
|
52
|
+
@ldap.get_operation_result.inspect
|
53
|
+
end
|
54
|
+
|
55
|
+
def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
|
56
|
+
@ldap.host = '127.0.0.1'
|
57
|
+
@ldap.encryption(
|
58
|
+
method: :start_tls,
|
59
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
|
60
|
+
)
|
61
|
+
assert @ldap.bind(BIND_CREDS),
|
62
|
+
@ldap.get_operation_result.inspect
|
63
|
+
end
|
64
|
+
|
65
|
+
def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
|
66
|
+
@ldap.host = '127.0.0.1'
|
67
|
+
@ldap.encryption(
|
68
|
+
method: :start_tls,
|
69
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
70
|
+
ca_file: CA_FILE },
|
71
|
+
)
|
72
|
+
error = assert_raise Net::LDAP::Error,
|
73
|
+
Net::LDAP::ConnectionRefusedError do
|
74
|
+
@ldap.bind BIND_CREDS
|
75
|
+
end
|
76
|
+
assert_equal(
|
77
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
78
|
+
error.message,
|
79
|
+
)
|
80
|
+
end
|
81
|
+
|
82
|
+
def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
|
83
|
+
@ldap.host = '127.0.0.1'
|
84
|
+
@ldap.encryption(
|
85
|
+
method: :start_tls,
|
86
|
+
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
|
87
|
+
)
|
88
|
+
error = assert_raise Net::LDAP::Error,
|
89
|
+
Net::LDAP::ConnectionRefusedError do
|
90
|
+
@ldap.bind BIND_CREDS
|
91
|
+
end
|
92
|
+
assert_equal(
|
93
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
94
|
+
error.message,
|
95
|
+
)
|
96
|
+
end
|
97
|
+
|
98
|
+
def test_bind_tls_with_bad_hostname_ca_no_opt_merge_fails
|
99
|
+
@ldap.host = '127.0.0.1'
|
100
|
+
@ldap.encryption(
|
101
|
+
method: :start_tls,
|
102
|
+
tls_options: { ca_file: CA_FILE },
|
103
|
+
)
|
104
|
+
error = assert_raise Net::LDAP::Error,
|
105
|
+
Net::LDAP::ConnectionRefusedError do
|
106
|
+
@ldap.bind BIND_CREDS
|
107
|
+
end
|
108
|
+
assert_equal(
|
109
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
110
|
+
error.message,
|
111
|
+
)
|
112
|
+
end
|
113
|
+
|
114
|
+
def test_bind_tls_with_valid_hostname_default_opts_passes
|
115
|
+
@ldap.host = 'localhost'
|
116
|
+
@ldap.encryption(
|
117
|
+
method: :start_tls,
|
118
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
119
|
+
ca_file: CA_FILE),
|
120
|
+
)
|
121
|
+
assert @ldap.bind(BIND_CREDS),
|
122
|
+
@ldap.get_operation_result.inspect
|
123
|
+
end
|
124
|
+
|
125
|
+
def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
|
126
|
+
@ldap.host = 'localhost'
|
127
|
+
@ldap.encryption(
|
128
|
+
method: :start_tls,
|
129
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
130
|
+
ca_file: CA_FILE },
|
131
|
+
)
|
132
|
+
assert @ldap.bind(BIND_CREDS),
|
133
|
+
@ldap.get_operation_result.inspect
|
134
|
+
end
|
135
|
+
|
136
|
+
def test_bind_tls_with_bogus_hostname_system_ca_fails
|
137
|
+
@ldap.host = '127.0.0.1'
|
138
|
+
@ldap.encryption(method: :start_tls, tls_options: {})
|
139
|
+
error = assert_raise Net::LDAP::Error,
|
140
|
+
Net::LDAP::ConnectionRefusedError do
|
141
|
+
@ldap.bind BIND_CREDS
|
142
|
+
end
|
143
|
+
assert_equal(
|
144
|
+
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
145
|
+
error.message,
|
146
|
+
)
|
147
|
+
end
|
148
|
+
|
149
|
+
# The following depend on /etc/hosts hacking.
|
150
|
+
# We can do that on CI, but it's less than cool on people's dev boxes
|
151
|
+
def test_bind_tls_with_multiple_hosts
|
152
|
+
omit_unless ENV['TRAVIS'] == 'true'
|
153
|
+
|
154
|
+
@ldap.host = nil
|
155
|
+
@ldap.hosts = [['ldap01.example.com', 389], ['ldap02.example.com', 389]]
|
156
|
+
@ldap.encryption(
|
157
|
+
method: :start_tls,
|
158
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
159
|
+
ca_file: CA_FILE),
|
160
|
+
)
|
161
|
+
assert @ldap.bind(BIND_CREDS),
|
162
|
+
@ldap.get_operation_result.inspect
|
163
|
+
end
|
164
|
+
|
165
|
+
def test_bind_tls_with_multiple_bogus_hosts
|
166
|
+
omit_unless ENV['TRAVIS'] == 'true'
|
167
|
+
|
168
|
+
@ldap.host = nil
|
169
|
+
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
170
|
+
@ldap.encryption(
|
171
|
+
method: :start_tls,
|
172
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
173
|
+
ca_file: CA_FILE),
|
174
|
+
)
|
175
|
+
error = assert_raise Net::LDAP::Error,
|
176
|
+
Net::LDAP::ConnectionError do
|
177
|
+
@ldap.bind BIND_CREDS
|
178
|
+
end
|
179
|
+
assert_equal("Unable to connect to any given server: ",
|
180
|
+
error.message.split("\n").shift)
|
181
|
+
end
|
182
|
+
|
183
|
+
def test_bind_tls_with_multiple_bogus_hosts_no_verification
|
184
|
+
omit_unless ENV['TRAVIS'] == 'true'
|
185
|
+
|
186
|
+
@ldap.host = nil
|
187
|
+
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
188
|
+
@ldap.encryption(
|
189
|
+
method: :start_tls,
|
190
|
+
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
|
191
|
+
)
|
192
|
+
assert @ldap.bind(BIND_CREDS),
|
193
|
+
@ldap.get_operation_result.inspect
|
194
|
+
end
|
195
|
+
|
196
|
+
def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails
|
197
|
+
omit_unless ENV['TRAVIS'] == 'true'
|
198
|
+
|
199
|
+
@ldap.host = nil
|
200
|
+
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
201
|
+
@ldap.encryption(
|
202
|
+
method: :start_tls,
|
203
|
+
tls_options: { ca_file: CA_FILE },
|
204
|
+
)
|
205
|
+
error = assert_raise Net::LDAP::Error,
|
206
|
+
Net::LDAP::ConnectionError do
|
207
|
+
@ldap.bind BIND_CREDS
|
208
|
+
end
|
209
|
+
assert_equal("Unable to connect to any given server: ",
|
210
|
+
error.message.split("\n").shift)
|
211
|
+
end
|
212
|
+
|
213
|
+
# This test is CI-only because we can't add the fixture CA
|
214
|
+
# to the system CA store on people's dev boxes.
|
215
|
+
def test_bind_tls_valid_hostname_system_ca_on_travis_passes
|
216
|
+
omit_unless ENV['TRAVIS'] == 'true'
|
217
|
+
|
218
|
+
@ldap.encryption(
|
219
|
+
method: :start_tls,
|
220
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER },
|
221
|
+
)
|
222
|
+
assert @ldap.bind(BIND_CREDS),
|
223
|
+
@ldap.get_operation_result.inspect
|
224
|
+
end
|
225
|
+
|
226
|
+
# Inverse of the above! Don't run this on Travis, only on Vagrant.
|
227
|
+
# Since Vagrant's hypervisor *won't* have the CA in the system
|
228
|
+
# x509 store, we can assume validation will fail
|
229
|
+
def test_bind_tls_valid_hostname_system_on_vagrant_fails
|
230
|
+
omit_if ENV['TRAVIS'] == 'true'
|
231
|
+
|
232
|
+
@ldap.encryption(
|
233
|
+
method: :start_tls,
|
234
|
+
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER },
|
235
|
+
)
|
236
|
+
error = assert_raise Net::LDAP::Error do
|
237
|
+
@ldap.bind BIND_CREDS
|
238
|
+
end
|
239
|
+
assert_equal(
|
240
|
+
"SSL_connect returned=1 errno=0 state=error: certificate verify failed",
|
241
|
+
error.message,
|
242
|
+
)
|
41
243
|
end
|
42
244
|
end
|