net-ldap 0.15.0 → 0.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/History.rdoc +53 -0
- data/README.rdoc +18 -8
- data/lib/net-ldap.rb +1 -1
- data/lib/net/ber.rb +5 -6
- data/lib/net/ber/ber_parser.rb +3 -3
- data/lib/net/ber/core_ext.rb +6 -6
- data/lib/net/ldap.rb +90 -57
- data/lib/net/ldap/auth_adapter/gss_spnego.rb +2 -2
- data/lib/net/ldap/auth_adapter/sasl.rb +4 -2
- data/lib/net/ldap/auth_adapter/simple.rb +1 -1
- data/lib/net/ldap/connection.rb +41 -38
- data/lib/net/ldap/dataset.rb +3 -3
- data/lib/net/ldap/dn.rb +13 -14
- data/lib/net/ldap/entry.rb +17 -7
- data/lib/net/ldap/error.rb +2 -26
- data/lib/net/ldap/filter.rb +10 -3
- data/lib/net/ldap/instrumentation.rb +2 -2
- data/lib/net/ldap/password.rb +7 -5
- data/lib/net/ldap/pdu.rb +1 -1
- data/lib/net/ldap/version.rb +1 -1
- data/lib/net/snmp.rb +1 -1
- metadata +19 -104
- data/.gitignore +0 -9
- data/.rubocop.yml +0 -17
- data/.rubocop_todo.yml +0 -599
- data/.travis.yml +0 -33
- data/CONTRIBUTING.md +0 -54
- data/Gemfile +0 -2
- data/Rakefile +0 -23
- data/net-ldap.gemspec +0 -37
- data/script/changelog +0 -47
- data/script/install-openldap +0 -115
- data/script/package +0 -7
- data/script/release +0 -16
- data/test/ber/core_ext/test_array.rb +0 -22
- data/test/ber/core_ext/test_string.rb +0 -25
- data/test/ber/test_ber.rb +0 -153
- data/test/fixtures/cacert.pem +0 -20
- data/test/fixtures/openldap/memberof.ldif +0 -33
- data/test/fixtures/openldap/retcode.ldif +0 -76
- data/test/fixtures/openldap/slapd.conf.ldif +0 -67
- data/test/fixtures/seed.ldif +0 -374
- data/test/integration/test_add.rb +0 -28
- data/test/integration/test_ber.rb +0 -30
- data/test/integration/test_bind.rb +0 -42
- data/test/integration/test_delete.rb +0 -31
- data/test/integration/test_open.rb +0 -88
- data/test/integration/test_password_modify.rb +0 -80
- data/test/integration/test_return_codes.rb +0 -38
- data/test/integration/test_search.rb +0 -77
- data/test/support/vm/openldap/.gitignore +0 -1
- data/test/support/vm/openldap/README.md +0 -32
- data/test/support/vm/openldap/Vagrantfile +0 -33
- data/test/test_auth_adapter.rb +0 -15
- data/test/test_dn.rb +0 -44
- data/test/test_entry.rb +0 -65
- data/test/test_filter.rb +0 -223
- data/test/test_filter_parser.rb +0 -24
- data/test/test_helper.rb +0 -66
- data/test/test_ldap.rb +0 -114
- data/test/test_ldap_connection.rb +0 -493
- data/test/test_ldif.rb +0 -104
- data/test/test_password.rb +0 -10
- data/test/test_rename.rb +0 -77
- data/test/test_search.rb +0 -39
- data/test/test_snmp.rb +0 -119
- data/test/test_ssl_ber.rb +0 -40
- data/test/testdata.ldif +0 -101
- data/testserver/ldapserver.rb +0 -209
- data/testserver/testdata.ldif +0 -101
data/testserver/ldapserver.rb
DELETED
@@ -1,209 +0,0 @@
|
|
1
|
-
# $Id$
|
2
|
-
#
|
3
|
-
# Copyright (C) 2006 by Francis Cianfrocca. All Rights Reserved.
|
4
|
-
# Gmail account: garbagecat10.
|
5
|
-
#
|
6
|
-
# This is an LDAP server intended for unit testing of Net::LDAP.
|
7
|
-
# It implements as much of the protocol as we have the stomach
|
8
|
-
# to implement but serves static data. Use ldapsearch to test
|
9
|
-
# this server!
|
10
|
-
#
|
11
|
-
# To make this easier to write, we use the Ruby/EventMachine
|
12
|
-
# reactor library.
|
13
|
-
#
|
14
|
-
|
15
|
-
#------------------------------------------------
|
16
|
-
|
17
|
-
module LdapServer
|
18
|
-
|
19
|
-
LdapServerAsnSyntax = {
|
20
|
-
:application => {
|
21
|
-
:constructed => {
|
22
|
-
0 => :array, # LDAP BindRequest
|
23
|
-
3 => :array # LDAP SearchRequest
|
24
|
-
},
|
25
|
-
:primitive => {
|
26
|
-
2 => :string, # ldapsearch sends this to unbind
|
27
|
-
},
|
28
|
-
},
|
29
|
-
:context_specific => {
|
30
|
-
:primitive => {
|
31
|
-
0 => :string, # simple auth (password)
|
32
|
-
7 => :string # present filter
|
33
|
-
},
|
34
|
-
:constructed => {
|
35
|
-
3 => :array # equality filter
|
36
|
-
},
|
37
|
-
},
|
38
|
-
}
|
39
|
-
|
40
|
-
def post_init
|
41
|
-
$logger.info "Accepted LDAP connection"
|
42
|
-
@authenticated = false
|
43
|
-
end
|
44
|
-
|
45
|
-
def receive_data data
|
46
|
-
@data ||= ""; @data << data
|
47
|
-
while pdu = @data.read_ber!(LdapServerAsnSyntax)
|
48
|
-
begin
|
49
|
-
handle_ldap_pdu pdu
|
50
|
-
rescue
|
51
|
-
$logger.error "closing connection due to error #{$!}"
|
52
|
-
close_connection
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
def handle_ldap_pdu pdu
|
58
|
-
tag_id = pdu[1].ber_identifier
|
59
|
-
case tag_id
|
60
|
-
when 0x60
|
61
|
-
handle_bind_request pdu
|
62
|
-
when 0x63
|
63
|
-
handle_search_request pdu
|
64
|
-
when 0x42
|
65
|
-
# bizarre thing, it's a null object (primitive application-2)
|
66
|
-
# sent by ldapsearch to request an unbind (or a kiss-off, not sure which)
|
67
|
-
close_connection_after_writing
|
68
|
-
else
|
69
|
-
$logger.error "received unknown packet-type #{tag_id}"
|
70
|
-
close_connection_after_writing
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
def handle_bind_request pdu
|
75
|
-
# TODO, return a proper LDAP error instead of blowing up on version error
|
76
|
-
if pdu[1][0] != 3
|
77
|
-
send_ldap_response 1, pdu[0].to_i, 2, "", "We only support version 3"
|
78
|
-
elsif pdu[1][1] != "cn=bigshot,dc=bayshorenetworks,dc=com"
|
79
|
-
send_ldap_response 1, pdu[0].to_i, 48, "", "Who are you?"
|
80
|
-
elsif pdu[1][2].ber_identifier != 0x80
|
81
|
-
send_ldap_response 1, pdu[0].to_i, 7, "", "Keep it simple, man"
|
82
|
-
elsif pdu[1][2] != "opensesame"
|
83
|
-
send_ldap_response 1, pdu[0].to_i, 49, "", "Make my day"
|
84
|
-
else
|
85
|
-
@authenticated = true
|
86
|
-
send_ldap_response 1, pdu[0].to_i, 0, pdu[1][1], "I'll take it"
|
87
|
-
end
|
88
|
-
end
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
#--
|
93
|
-
# Search Response ::=
|
94
|
-
# CHOICE {
|
95
|
-
# entry [APPLICATION 4] SEQUENCE {
|
96
|
-
# objectName LDAPDN,
|
97
|
-
# attributes SEQUENCE OF SEQUENCE {
|
98
|
-
# AttributeType,
|
99
|
-
# SET OF AttributeValue
|
100
|
-
# }
|
101
|
-
# },
|
102
|
-
# resultCode [APPLICATION 5] LDAPResult
|
103
|
-
# }
|
104
|
-
def handle_search_request pdu
|
105
|
-
unless @authenticated
|
106
|
-
# NOTE, early exit.
|
107
|
-
send_ldap_response 5, pdu[0].to_i, 50, "", "Who did you say you were?"
|
108
|
-
return
|
109
|
-
end
|
110
|
-
|
111
|
-
treebase = pdu[1][0]
|
112
|
-
if treebase != "dc=bayshorenetworks,dc=com"
|
113
|
-
send_ldap_response 5, pdu[0].to_i, 32, "", "unknown treebase"
|
114
|
-
return
|
115
|
-
end
|
116
|
-
|
117
|
-
msgid = pdu[0].to_i.to_ber
|
118
|
-
|
119
|
-
# pdu[1][7] is the list of requested attributes.
|
120
|
-
# If it's an empty array, that means that *all* attributes were requested.
|
121
|
-
requested_attrs = if pdu[1][7].length > 0
|
122
|
-
pdu[1][7].map(&:downcase)
|
123
|
-
else
|
124
|
-
:all
|
125
|
-
end
|
126
|
-
|
127
|
-
filters = pdu[1][6]
|
128
|
-
if filters.length == 0
|
129
|
-
# NOTE, early exit.
|
130
|
-
send_ldap_response 5, pdu[0].to_i, 53, "", "No filter specified"
|
131
|
-
end
|
132
|
-
|
133
|
-
# TODO, what if this returns nil?
|
134
|
-
filter = Net::LDAP::Filter.parse_ldap_filter( filters )
|
135
|
-
|
136
|
-
$ldif.each do |dn, entry|
|
137
|
-
if filter.match( entry )
|
138
|
-
attrs = []
|
139
|
-
entry.each do |k, v|
|
140
|
-
if requested_attrs == :all or requested_attrs.include?(k.downcase)
|
141
|
-
attrvals = v.map(&:to_ber).to_ber_set
|
142
|
-
attrs << [k.to_ber, attrvals].to_ber_sequence
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
appseq = [dn.to_ber, attrs.to_ber_sequence].to_ber_appsequence(4)
|
147
|
-
pkt = [msgid.to_ber, appseq].to_ber_sequence
|
148
|
-
send_data pkt
|
149
|
-
end
|
150
|
-
end
|
151
|
-
|
152
|
-
|
153
|
-
send_ldap_response 5, pdu[0].to_i, 0, "", "Was that what you wanted?"
|
154
|
-
end
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
def send_ldap_response pkt_tag, msgid, code, dn, text
|
159
|
-
send_data( [msgid.to_ber, [code.to_ber, dn.to_ber, text.to_ber].to_ber_appsequence(pkt_tag)].to_ber )
|
160
|
-
end
|
161
|
-
|
162
|
-
end
|
163
|
-
|
164
|
-
|
165
|
-
#------------------------------------------------
|
166
|
-
|
167
|
-
# Rather bogus, a global method, which reads a HARDCODED filename
|
168
|
-
# parses out LDIF data. It will be used to serve LDAP queries out of this server.
|
169
|
-
#
|
170
|
-
def load_test_data
|
171
|
-
ary = File.readlines( "./testdata.ldif" )
|
172
|
-
hash = {}
|
173
|
-
while line = ary.shift and line.chomp!
|
174
|
-
if line =~ /^dn:[\s]*/i
|
175
|
-
dn = $'
|
176
|
-
hash[dn] = {}
|
177
|
-
while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
|
178
|
-
hash[dn][$1.downcase] ||= []
|
179
|
-
hash[dn][$1.downcase] << $'
|
180
|
-
end
|
181
|
-
end
|
182
|
-
end
|
183
|
-
hash
|
184
|
-
end
|
185
|
-
|
186
|
-
|
187
|
-
#------------------------------------------------
|
188
|
-
|
189
|
-
if __FILE__ == $0
|
190
|
-
|
191
|
-
require 'rubygems'
|
192
|
-
require 'eventmachine'
|
193
|
-
|
194
|
-
require 'logger'
|
195
|
-
$logger = Logger.new $stderr
|
196
|
-
|
197
|
-
$logger.info "adding ../lib to loadpath, to pick up dev version of Net::LDAP."
|
198
|
-
$:.unshift "../lib"
|
199
|
-
|
200
|
-
$ldif = load_test_data
|
201
|
-
|
202
|
-
require 'net/ldap'
|
203
|
-
|
204
|
-
EventMachine.run do
|
205
|
-
$logger.info "starting LDAP server on 127.0.0.1 port 3890"
|
206
|
-
EventMachine.start_server "127.0.0.1", 3890, LdapServer
|
207
|
-
EventMachine.add_periodic_timer 60, proc {$logger.info "heartbeat"}
|
208
|
-
end
|
209
|
-
end
|
data/testserver/testdata.ldif
DELETED
@@ -1,101 +0,0 @@
|
|
1
|
-
# $Id$
|
2
|
-
#
|
3
|
-
# This is test-data for an LDAP server in LDIF format.
|
4
|
-
#
|
5
|
-
dn: dc=bayshorenetworks,dc=com
|
6
|
-
objectClass: dcObject
|
7
|
-
objectClass: organization
|
8
|
-
o: Bayshore Networks LLC
|
9
|
-
dc: bayshorenetworks
|
10
|
-
|
11
|
-
dn: cn=Manager,dc=bayshorenetworks,dc=com
|
12
|
-
objectClass: organizationalrole
|
13
|
-
cn: Manager
|
14
|
-
|
15
|
-
dn: ou=people,dc=bayshorenetworks,dc=com
|
16
|
-
objectClass: organizationalunit
|
17
|
-
ou: people
|
18
|
-
|
19
|
-
dn: ou=privileges,dc=bayshorenetworks,dc=com
|
20
|
-
objectClass: organizationalunit
|
21
|
-
ou: privileges
|
22
|
-
|
23
|
-
dn: ou=roles,dc=bayshorenetworks,dc=com
|
24
|
-
objectClass: organizationalunit
|
25
|
-
ou: roles
|
26
|
-
|
27
|
-
dn: ou=office,dc=bayshorenetworks,dc=com
|
28
|
-
objectClass: organizationalunit
|
29
|
-
ou: office
|
30
|
-
|
31
|
-
dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
32
|
-
cn: Bob Fosse
|
33
|
-
mail: nogoodnik@steamheat.net
|
34
|
-
sn: Fosse
|
35
|
-
ou: people
|
36
|
-
objectClass: top
|
37
|
-
objectClass: inetorgperson
|
38
|
-
objectClass: authorizedperson
|
39
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
40
|
-
hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
|
41
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
42
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
43
|
-
hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
|
44
|
-
hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
|
45
|
-
hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
|
46
|
-
hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
|
47
|
-
hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
|
48
|
-
hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
|
49
|
-
hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
|
50
|
-
hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
|
51
|
-
|
52
|
-
dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
53
|
-
cn: Gwen Verdon
|
54
|
-
mail: elephant@steamheat.net
|
55
|
-
sn: Verdon
|
56
|
-
ou: people
|
57
|
-
objectClass: top
|
58
|
-
objectClass: inetorgperson
|
59
|
-
objectClass: authorizedperson
|
60
|
-
hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
|
61
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
62
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
63
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
64
|
-
hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
|
65
|
-
|
66
|
-
dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
|
67
|
-
uniqueIdentifier: engineering
|
68
|
-
ou: privileges
|
69
|
-
objectClass: accessPrivilege
|
70
|
-
|
71
|
-
dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
|
72
|
-
uniqueIdentifier: engineer
|
73
|
-
ou: roles
|
74
|
-
objectClass: accessRole
|
75
|
-
hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
|
76
|
-
|
77
|
-
dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
|
78
|
-
uniqueIdentifier: ldapadmin
|
79
|
-
ou: roles
|
80
|
-
objectClass: accessRole
|
81
|
-
|
82
|
-
dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
|
83
|
-
uniqueIdentifier: ldapsuperadmin
|
84
|
-
ou: roles
|
85
|
-
objectClass: accessRole
|
86
|
-
|
87
|
-
dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
|
88
|
-
cn: Sid Sorokin
|
89
|
-
mail: catperson@steamheat.net
|
90
|
-
sn: Sorokin
|
91
|
-
ou: people
|
92
|
-
objectClass: top
|
93
|
-
objectClass: inetorgperson
|
94
|
-
objectClass: authorizedperson
|
95
|
-
hasAccessRole: uniqueIdentifier=engineer,ou=roles
|
96
|
-
hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
|
97
|
-
hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
|
98
|
-
hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
|
99
|
-
hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
|
100
|
-
hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
|
101
|
-
|