net-ldap 0.16.3 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +4 -4
  2. data/History.rdoc +36 -0
  3. data/README.rdoc +9 -2
  4. data/lib/net/ldap.rb +25 -2
  5. data/lib/net/ldap/connection.rb +1 -1
  6. data/lib/net/ldap/dataset.rb +2 -2
  7. data/lib/net/ldap/entry.rb +13 -2
  8. data/lib/net/ldap/error.rb +1 -26
  9. data/lib/net/ldap/password.rb +4 -0
  10. data/lib/net/ldap/version.rb +1 -1
  11. metadata +12 -88
  12. data/.gitignore +0 -10
  13. data/.rubocop.yml +0 -20
  14. data/.rubocop_todo.yml +0 -723
  15. data/.travis.yml +0 -57
  16. data/CONTRIBUTING.md +0 -54
  17. data/Gemfile +0 -2
  18. data/Rakefile +0 -23
  19. data/net-ldap.gemspec +0 -37
  20. data/script/changelog +0 -47
  21. data/script/ldap-docker +0 -12
  22. data/script/package +0 -7
  23. data/script/release +0 -16
  24. data/test/ber/core_ext/test_array.rb +0 -22
  25. data/test/ber/core_ext/test_string.rb +0 -25
  26. data/test/ber/test_ber.rb +0 -153
  27. data/test/fixtures/ca/docker-ca.pem +0 -18
  28. data/test/fixtures/ldif/06-retcode.ldif +0 -75
  29. data/test/fixtures/ldif/50-seed.ldif +0 -374
  30. data/test/integration/test_add.rb +0 -26
  31. data/test/integration/test_ber.rb +0 -30
  32. data/test/integration/test_bind.rb +0 -221
  33. data/test/integration/test_delete.rb +0 -29
  34. data/test/integration/test_open.rb +0 -87
  35. data/test/integration/test_password_modify.rb +0 -93
  36. data/test/integration/test_return_codes.rb +0 -46
  37. data/test/integration/test_search.rb +0 -77
  38. data/test/support/vm/openldap/.gitignore +0 -1
  39. data/test/test_auth_adapter.rb +0 -15
  40. data/test/test_dn.rb +0 -43
  41. data/test/test_entry.rb +0 -66
  42. data/test/test_filter.rb +0 -223
  43. data/test/test_filter_parser.rb +0 -29
  44. data/test/test_helper.rb +0 -73
  45. data/test/test_ldap.rb +0 -114
  46. data/test/test_ldap_connection.rb +0 -505
  47. data/test/test_ldif.rb +0 -104
  48. data/test/test_password.rb +0 -10
  49. data/test/test_rename.rb +0 -77
  50. data/test/test_search.rb +0 -39
  51. data/test/test_snmp.rb +0 -118
  52. data/test/test_ssl_ber.rb +0 -44
  53. data/test/testdata.ldif +0 -101
  54. data/testserver/ldapserver.rb +0 -200
  55. data/testserver/testdata.ldif +0 -101
@@ -1,26 +0,0 @@
1
- require_relative '../test_helper'
2
-
3
- class TestAddIntegration < LDAPIntegrationTestCase
4
- def setup
5
- super
6
- @dn = "uid=added-user1,ou=People,dc=example,dc=org"
7
- end
8
-
9
- def test_add
10
- attrs = {
11
- objectclass: %w(top inetOrgPerson organizationalPerson person),
12
- uid: "added-user1",
13
- cn: "added-user1",
14
- sn: "added-user1",
15
- mail: "added-user1@rubyldap.com",
16
- }
17
-
18
- assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
19
-
20
- assert result = @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject).first
21
- end
22
-
23
- def teardown
24
- @ldap.delete dn: @dn
25
- end
26
- end
@@ -1,30 +0,0 @@
1
- require_relative '../test_helper'
2
-
3
- class TestBERIntegration < LDAPIntegrationTestCase
4
- # Test whether the TRUE boolean value is encoded correctly by performing a
5
- # search operation.
6
- def test_true_ber_encoding
7
- # request these attrs to simplify test; use symbols to match Entry#attribute_names
8
- attrs = [:dn, :uid, :cn, :mail]
9
-
10
- assert types_entry = @ldap.search(
11
- base: "dc=example,dc=org",
12
- filter: "(uid=user1)",
13
- size: 1,
14
- attributes: attrs,
15
- attributes_only: true,
16
- ).first
17
-
18
- # matches attributes we requested
19
- assert_equal attrs, types_entry.attribute_names
20
-
21
- # assert values are empty
22
- types_entry.each do |name, values|
23
- next if name == :dn
24
- assert values.empty?
25
- end
26
-
27
- assert_includes Net::LDAP::ResultCodesSearchSuccess,
28
- @ldap.get_operation_result.code, "should be a successful search operation"
29
- end
30
- end
@@ -1,221 +0,0 @@
1
- require_relative '../test_helper'
2
-
3
- class TestBindIntegration < LDAPIntegrationTestCase
4
- INTEGRATION_HOSTNAME = 'ldap.example.org'.freeze
5
-
6
- def test_bind_success
7
- assert @ldap.bind(BIND_CREDS),
8
- @ldap.get_operation_result.inspect
9
- end
10
-
11
- def test_bind_timeout
12
- @ldap.host = "10.255.255.1" # non-routable IP
13
-
14
- error = assert_raise Net::LDAP::Error do
15
- @ldap.bind BIND_CREDS
16
- end
17
- msgs = ['Operation timed out - user specified timeout',
18
- 'Connection timed out - user specified timeout']
19
- assert_send([msgs, :include?, error.message])
20
- end
21
-
22
- def test_bind_anonymous_fail
23
- refute @ldap.bind(BIND_CREDS.merge(password: '')),
24
- @ldap.get_operation_result.inspect
25
-
26
- result = @ldap.get_operation_result
27
- assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code
28
- assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeUnwillingToPerform], result.message
29
- assert_equal "unauthenticated bind (DN with no password) disallowed",
30
- result.error_message
31
- assert_equal "", result.matched_dn
32
- end
33
-
34
- def test_bind_fail
35
- refute @ldap.bind(BIND_CREDS.merge(password: "not my password")),
36
- @ldap.get_operation_result.inspect
37
- end
38
-
39
- def test_bind_tls_with_cafile
40
- @ldap.host = INTEGRATION_HOSTNAME
41
- @ldap.encryption(
42
- method: :start_tls,
43
- tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
44
- )
45
- assert @ldap.bind(BIND_CREDS),
46
- @ldap.get_operation_result.inspect
47
- end
48
-
49
- def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes
50
- @ldap.host = INTEGRATION_HOSTNAME
51
- @ldap.encryption(
52
- method: :start_tls,
53
- tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
54
- )
55
- assert @ldap.bind(BIND_CREDS),
56
- @ldap.get_operation_result.inspect
57
- end
58
-
59
- def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
60
- @ldap.host = '127.0.0.1'
61
- @ldap.encryption(
62
- method: :start_tls,
63
- tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
64
- )
65
- assert @ldap.bind(BIND_CREDS),
66
- @ldap.get_operation_result.inspect
67
- end
68
-
69
- def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
70
- @ldap.host = '127.0.0.1'
71
- @ldap.encryption(
72
- method: :start_tls,
73
- tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
74
- ca_file: CA_FILE },
75
- )
76
- error = assert_raise Net::LDAP::Error,
77
- Net::LDAP::ConnectionRefusedError do
78
- @ldap.bind BIND_CREDS
79
- end
80
- assert_equal(
81
- "hostname \"#{@ldap.host}\" does not match the server certificate",
82
- error.message,
83
- )
84
- end
85
-
86
- def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
87
- @ldap.host = '127.0.0.1'
88
- @ldap.encryption(
89
- method: :start_tls,
90
- tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
91
- )
92
- error = assert_raise Net::LDAP::Error,
93
- Net::LDAP::ConnectionRefusedError do
94
- @ldap.bind BIND_CREDS
95
- end
96
- assert_equal(
97
- "hostname \"#{@ldap.host}\" does not match the server certificate",
98
- error.message,
99
- )
100
- end
101
-
102
- def test_bind_tls_with_bad_hostname_ca_no_opt_merge_fails
103
- @ldap.host = '127.0.0.1'
104
- @ldap.encryption(
105
- method: :start_tls,
106
- tls_options: { ca_file: CA_FILE },
107
- )
108
- error = assert_raise Net::LDAP::Error,
109
- Net::LDAP::ConnectionRefusedError do
110
- @ldap.bind BIND_CREDS
111
- end
112
- assert_equal(
113
- "hostname \"#{@ldap.host}\" does not match the server certificate",
114
- error.message,
115
- )
116
- end
117
-
118
- def test_bind_tls_with_valid_hostname_default_opts_passes
119
- @ldap.host = INTEGRATION_HOSTNAME
120
- @ldap.encryption(
121
- method: :start_tls,
122
- tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
123
- ca_file: CA_FILE),
124
- )
125
- assert @ldap.bind(BIND_CREDS),
126
- @ldap.get_operation_result.inspect
127
- end
128
-
129
- def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
130
- @ldap.host = INTEGRATION_HOSTNAME
131
- @ldap.encryption(
132
- method: :start_tls,
133
- tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
134
- ca_file: CA_FILE },
135
- )
136
- assert @ldap.bind(BIND_CREDS),
137
- @ldap.get_operation_result.inspect
138
- end
139
-
140
- def test_bind_tls_with_bogus_hostname_system_ca_fails
141
- @ldap.host = '127.0.0.1'
142
- @ldap.encryption(method: :start_tls, tls_options: {})
143
- error = assert_raise Net::LDAP::Error,
144
- Net::LDAP::ConnectionRefusedError do
145
- @ldap.bind BIND_CREDS
146
- end
147
- assert_equal(
148
- "hostname \"#{@ldap.host}\" does not match the server certificate",
149
- error.message,
150
- )
151
- end
152
-
153
- def test_bind_tls_with_multiple_hosts
154
- @ldap.host = nil
155
- @ldap.hosts = [[INTEGRATION_HOSTNAME, 389], [INTEGRATION_HOSTNAME, 389]]
156
- @ldap.encryption(
157
- method: :start_tls,
158
- tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
159
- ca_file: CA_FILE),
160
- )
161
- assert @ldap.bind(BIND_CREDS),
162
- @ldap.get_operation_result.inspect
163
- end
164
-
165
- def test_bind_tls_with_multiple_bogus_hosts
166
- @ldap.host = nil
167
- @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
168
- @ldap.encryption(
169
- method: :start_tls,
170
- tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
171
- ca_file: CA_FILE),
172
- )
173
- error = assert_raise Net::LDAP::Error,
174
- Net::LDAP::ConnectionError do
175
- @ldap.bind BIND_CREDS
176
- end
177
- assert_equal("Unable to connect to any given server: ",
178
- error.message.split("\n").shift)
179
- end
180
-
181
- def test_bind_tls_with_multiple_bogus_hosts_no_verification
182
- @ldap.host = nil
183
- @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
184
- @ldap.encryption(
185
- method: :start_tls,
186
- tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
187
- )
188
- assert @ldap.bind(BIND_CREDS),
189
- @ldap.get_operation_result.inspect
190
- end
191
-
192
- def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails
193
- @ldap.host = nil
194
- @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
195
- @ldap.encryption(
196
- method: :start_tls,
197
- tls_options: { ca_file: CA_FILE },
198
- )
199
- error = assert_raise Net::LDAP::Error,
200
- Net::LDAP::ConnectionError do
201
- @ldap.bind BIND_CREDS
202
- end
203
- assert_equal("Unable to connect to any given server: ",
204
- error.message.split("\n").shift)
205
- end
206
-
207
- # This test is CI-only because we can't add the fixture CA
208
- # to the system CA store on people's dev boxes.
209
- def test_bind_tls_valid_hostname_system_ca_on_travis_passes
210
- omit "not sure how to install custom CA cert in travis"
211
- omit_unless ENV['TRAVIS'] == 'true'
212
-
213
- @ldap.host = INTEGRATION_HOSTNAME
214
- @ldap.encryption(
215
- method: :start_tls,
216
- tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER },
217
- )
218
- assert @ldap.bind(BIND_CREDS),
219
- @ldap.get_operation_result.inspect
220
- end
221
- end
@@ -1,29 +0,0 @@
1
- require_relative '../test_helper'
2
-
3
- class TestDeleteIntegration < LDAPIntegrationTestCase
4
- def setup
5
- super
6
- @dn = "uid=delete-user1,ou=People,dc=example,dc=org"
7
-
8
- attrs = {
9
- objectclass: %w(top inetOrgPerson organizationalPerson person),
10
- uid: "delete-user1",
11
- cn: "delete-user1",
12
- sn: "delete-user1",
13
- mail: "delete-user1@rubyldap.com",
14
- }
15
- unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
16
- assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
17
- end
18
- assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
19
- end
20
-
21
- def test_delete
22
- assert @ldap.delete(dn: @dn), @ldap.get_operation_result.inspect
23
- refute @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
24
-
25
- result = @ldap.get_operation_result
26
- assert_equal Net::LDAP::ResultCodeNoSuchObject, result.code
27
- assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeNoSuchObject], result.message
28
- end
29
- end
@@ -1,87 +0,0 @@
1
- require_relative '../test_helper'
2
-
3
- class TestBindIntegration < LDAPIntegrationTestCase
4
- def test_binds_without_open
5
- events = @service.subscribe "bind.net_ldap_connection"
6
-
7
- @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
8
- @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
9
-
10
- assert_equal 2, events.size
11
- end
12
-
13
- def test_binds_with_open
14
- events = @service.subscribe "bind.net_ldap_connection"
15
-
16
- @ldap.open do
17
- @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
18
- @ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
19
- end
20
-
21
- assert_equal 1, events.size
22
- end
23
-
24
- # NOTE: query for two or more entries so that the socket must be read
25
- # multiple times.
26
- # See The Problem: https://github.com/ruby-ldap/ruby-net-ldap/issues/136
27
-
28
- def test_nested_search_without_open
29
- entries = []
30
- nested_entry = nil
31
-
32
- @ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
33
- entries << entry.uid.first
34
- nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
35
- end
36
-
37
- assert_equal "user3", nested_entry.uid.first
38
- assert_equal %w(user1 user2), entries
39
- end
40
-
41
- def test_nested_search_with_open
42
- entries = []
43
- nested_entry = nil
44
-
45
- @ldap.open do
46
- @ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
47
- entries << entry.uid.first
48
- nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
49
- end
50
- end
51
-
52
- assert_equal "user3", nested_entry.uid.first
53
- assert_equal %w(user1 user2), entries
54
- end
55
-
56
- def test_nested_add_with_open
57
- entries = []
58
- nested_entry = nil
59
-
60
- dn = "uid=nested-open-added-user1,ou=People,dc=example,dc=org"
61
- attrs = {
62
- objectclass: %w(top inetOrgPerson organizationalPerson person),
63
- uid: "nested-open-added-user1",
64
- cn: "nested-open-added-user1",
65
- sn: "nested-open-added-user1",
66
- mail: "nested-open-added-user1@rubyldap.com",
67
- }
68
-
69
- @ldap.delete dn: dn
70
-
71
- @ldap.open do
72
- @ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
73
- entries << entry.uid.first
74
-
75
- nested_entry ||= begin
76
- assert @ldap.add(dn: dn, attributes: attrs), @ldap.get_operation_result.inspect
77
- @ldap.search(base: dn, scope: Net::LDAP::SearchScope_BaseObject).first
78
- end
79
- end
80
- end
81
-
82
- assert_equal %w(user1 user2), entries
83
- assert_equal "nested-open-added-user1", nested_entry.uid.first
84
- ensure
85
- @ldap.delete dn: dn
86
- end
87
- end
@@ -1,93 +0,0 @@
1
- require_relative '../test_helper'
2
-
3
- class TestPasswordModifyIntegration < LDAPIntegrationTestCase
4
- def setup
5
- super
6
- @admin_account = { dn: 'cn=admin,dc=example,dc=org', password: 'admin', method: :simple }
7
- @ldap.authenticate @admin_account[:dn], @admin_account[:password]
8
-
9
- @dn = 'uid=modify-password-user1,ou=People,dc=example,dc=org'
10
-
11
- attrs = {
12
- objectclass: %w(top inetOrgPerson organizationalPerson person),
13
- uid: 'modify-password-user1',
14
- cn: 'modify-password-user1',
15
- sn: 'modify-password-user1',
16
- mail: 'modify-password-user1@rubyldap.com',
17
- userPassword: 'admin',
18
- }
19
- unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
20
- assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
21
- end
22
- assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
23
-
24
- @auth = {
25
- method: :simple,
26
- username: @dn,
27
- password: 'admin',
28
- }
29
- end
30
-
31
- def test_password_modify
32
- assert @ldap.password_modify(dn: @dn,
33
- auth: @auth,
34
- old_password: 'admin',
35
- new_password: 'passworD2')
36
-
37
- assert @ldap.get_operation_result.extended_response.nil?,
38
- 'Should not have generated a new password'
39
-
40
- refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
41
- 'Old password should no longer be valid'
42
-
43
- assert @ldap.bind(username: @dn, password: 'passworD2', method: :simple),
44
- 'New password should be valid'
45
- end
46
-
47
- def test_password_modify_generate
48
- assert @ldap.password_modify(dn: @dn,
49
- auth: @auth,
50
- old_password: 'admin')
51
-
52
- generated_password = @ldap.get_operation_result.extended_response[0][0]
53
-
54
- assert generated_password, 'Should have generated a password'
55
-
56
- refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
57
- 'Old password should no longer be valid'
58
-
59
- assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
60
- 'New password should be valid'
61
- end
62
-
63
- def test_password_modify_generate_no_old_password
64
- assert @ldap.password_modify(dn: @dn,
65
- auth: @auth)
66
-
67
- generated_password = @ldap.get_operation_result.extended_response[0][0]
68
-
69
- assert generated_password, 'Should have generated a password'
70
-
71
- refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
72
- 'Old password should no longer be valid'
73
-
74
- assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
75
- 'New password should be valid'
76
- end
77
-
78
- def test_password_modify_overwrite_old_password
79
- assert @ldap.password_modify(dn: @dn,
80
- auth: @admin_account,
81
- new_password: 'passworD3')
82
-
83
- refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
84
- 'Old password should no longer be valid'
85
-
86
- assert @ldap.bind(username: @dn, password: 'passworD3', method: :simple),
87
- 'New password should be valid'
88
- end
89
-
90
- def teardown
91
- @ldap.delete dn: @dn
92
- end
93
- end