net-ldap 0.16.3 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.rdoc +36 -0
- data/README.rdoc +9 -2
- data/lib/net/ldap.rb +25 -2
- data/lib/net/ldap/connection.rb +1 -1
- data/lib/net/ldap/dataset.rb +2 -2
- data/lib/net/ldap/entry.rb +13 -2
- data/lib/net/ldap/error.rb +1 -26
- data/lib/net/ldap/password.rb +4 -0
- data/lib/net/ldap/version.rb +1 -1
- metadata +12 -88
- data/.gitignore +0 -10
- data/.rubocop.yml +0 -20
- data/.rubocop_todo.yml +0 -723
- data/.travis.yml +0 -57
- data/CONTRIBUTING.md +0 -54
- data/Gemfile +0 -2
- data/Rakefile +0 -23
- data/net-ldap.gemspec +0 -37
- data/script/changelog +0 -47
- data/script/ldap-docker +0 -12
- data/script/package +0 -7
- data/script/release +0 -16
- data/test/ber/core_ext/test_array.rb +0 -22
- data/test/ber/core_ext/test_string.rb +0 -25
- data/test/ber/test_ber.rb +0 -153
- data/test/fixtures/ca/docker-ca.pem +0 -18
- data/test/fixtures/ldif/06-retcode.ldif +0 -75
- data/test/fixtures/ldif/50-seed.ldif +0 -374
- data/test/integration/test_add.rb +0 -26
- data/test/integration/test_ber.rb +0 -30
- data/test/integration/test_bind.rb +0 -221
- data/test/integration/test_delete.rb +0 -29
- data/test/integration/test_open.rb +0 -87
- data/test/integration/test_password_modify.rb +0 -93
- data/test/integration/test_return_codes.rb +0 -46
- data/test/integration/test_search.rb +0 -77
- data/test/support/vm/openldap/.gitignore +0 -1
- data/test/test_auth_adapter.rb +0 -15
- data/test/test_dn.rb +0 -43
- data/test/test_entry.rb +0 -66
- data/test/test_filter.rb +0 -223
- data/test/test_filter_parser.rb +0 -29
- data/test/test_helper.rb +0 -73
- data/test/test_ldap.rb +0 -114
- data/test/test_ldap_connection.rb +0 -505
- data/test/test_ldif.rb +0 -104
- data/test/test_password.rb +0 -10
- data/test/test_rename.rb +0 -77
- data/test/test_search.rb +0 -39
- data/test/test_snmp.rb +0 -118
- data/test/test_ssl_ber.rb +0 -44
- data/test/testdata.ldif +0 -101
- data/testserver/ldapserver.rb +0 -200
- data/testserver/testdata.ldif +0 -101
@@ -1,26 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class TestAddIntegration < LDAPIntegrationTestCase
|
4
|
-
def setup
|
5
|
-
super
|
6
|
-
@dn = "uid=added-user1,ou=People,dc=example,dc=org"
|
7
|
-
end
|
8
|
-
|
9
|
-
def test_add
|
10
|
-
attrs = {
|
11
|
-
objectclass: %w(top inetOrgPerson organizationalPerson person),
|
12
|
-
uid: "added-user1",
|
13
|
-
cn: "added-user1",
|
14
|
-
sn: "added-user1",
|
15
|
-
mail: "added-user1@rubyldap.com",
|
16
|
-
}
|
17
|
-
|
18
|
-
assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
|
19
|
-
|
20
|
-
assert result = @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject).first
|
21
|
-
end
|
22
|
-
|
23
|
-
def teardown
|
24
|
-
@ldap.delete dn: @dn
|
25
|
-
end
|
26
|
-
end
|
@@ -1,30 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class TestBERIntegration < LDAPIntegrationTestCase
|
4
|
-
# Test whether the TRUE boolean value is encoded correctly by performing a
|
5
|
-
# search operation.
|
6
|
-
def test_true_ber_encoding
|
7
|
-
# request these attrs to simplify test; use symbols to match Entry#attribute_names
|
8
|
-
attrs = [:dn, :uid, :cn, :mail]
|
9
|
-
|
10
|
-
assert types_entry = @ldap.search(
|
11
|
-
base: "dc=example,dc=org",
|
12
|
-
filter: "(uid=user1)",
|
13
|
-
size: 1,
|
14
|
-
attributes: attrs,
|
15
|
-
attributes_only: true,
|
16
|
-
).first
|
17
|
-
|
18
|
-
# matches attributes we requested
|
19
|
-
assert_equal attrs, types_entry.attribute_names
|
20
|
-
|
21
|
-
# assert values are empty
|
22
|
-
types_entry.each do |name, values|
|
23
|
-
next if name == :dn
|
24
|
-
assert values.empty?
|
25
|
-
end
|
26
|
-
|
27
|
-
assert_includes Net::LDAP::ResultCodesSearchSuccess,
|
28
|
-
@ldap.get_operation_result.code, "should be a successful search operation"
|
29
|
-
end
|
30
|
-
end
|
@@ -1,221 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class TestBindIntegration < LDAPIntegrationTestCase
|
4
|
-
INTEGRATION_HOSTNAME = 'ldap.example.org'.freeze
|
5
|
-
|
6
|
-
def test_bind_success
|
7
|
-
assert @ldap.bind(BIND_CREDS),
|
8
|
-
@ldap.get_operation_result.inspect
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_bind_timeout
|
12
|
-
@ldap.host = "10.255.255.1" # non-routable IP
|
13
|
-
|
14
|
-
error = assert_raise Net::LDAP::Error do
|
15
|
-
@ldap.bind BIND_CREDS
|
16
|
-
end
|
17
|
-
msgs = ['Operation timed out - user specified timeout',
|
18
|
-
'Connection timed out - user specified timeout']
|
19
|
-
assert_send([msgs, :include?, error.message])
|
20
|
-
end
|
21
|
-
|
22
|
-
def test_bind_anonymous_fail
|
23
|
-
refute @ldap.bind(BIND_CREDS.merge(password: '')),
|
24
|
-
@ldap.get_operation_result.inspect
|
25
|
-
|
26
|
-
result = @ldap.get_operation_result
|
27
|
-
assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code
|
28
|
-
assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeUnwillingToPerform], result.message
|
29
|
-
assert_equal "unauthenticated bind (DN with no password) disallowed",
|
30
|
-
result.error_message
|
31
|
-
assert_equal "", result.matched_dn
|
32
|
-
end
|
33
|
-
|
34
|
-
def test_bind_fail
|
35
|
-
refute @ldap.bind(BIND_CREDS.merge(password: "not my password")),
|
36
|
-
@ldap.get_operation_result.inspect
|
37
|
-
end
|
38
|
-
|
39
|
-
def test_bind_tls_with_cafile
|
40
|
-
@ldap.host = INTEGRATION_HOSTNAME
|
41
|
-
@ldap.encryption(
|
42
|
-
method: :start_tls,
|
43
|
-
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
|
44
|
-
)
|
45
|
-
assert @ldap.bind(BIND_CREDS),
|
46
|
-
@ldap.get_operation_result.inspect
|
47
|
-
end
|
48
|
-
|
49
|
-
def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes
|
50
|
-
@ldap.host = INTEGRATION_HOSTNAME
|
51
|
-
@ldap.encryption(
|
52
|
-
method: :start_tls,
|
53
|
-
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE },
|
54
|
-
)
|
55
|
-
assert @ldap.bind(BIND_CREDS),
|
56
|
-
@ldap.get_operation_result.inspect
|
57
|
-
end
|
58
|
-
|
59
|
-
def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
|
60
|
-
@ldap.host = '127.0.0.1'
|
61
|
-
@ldap.encryption(
|
62
|
-
method: :start_tls,
|
63
|
-
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
|
64
|
-
)
|
65
|
-
assert @ldap.bind(BIND_CREDS),
|
66
|
-
@ldap.get_operation_result.inspect
|
67
|
-
end
|
68
|
-
|
69
|
-
def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
|
70
|
-
@ldap.host = '127.0.0.1'
|
71
|
-
@ldap.encryption(
|
72
|
-
method: :start_tls,
|
73
|
-
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
74
|
-
ca_file: CA_FILE },
|
75
|
-
)
|
76
|
-
error = assert_raise Net::LDAP::Error,
|
77
|
-
Net::LDAP::ConnectionRefusedError do
|
78
|
-
@ldap.bind BIND_CREDS
|
79
|
-
end
|
80
|
-
assert_equal(
|
81
|
-
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
82
|
-
error.message,
|
83
|
-
)
|
84
|
-
end
|
85
|
-
|
86
|
-
def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
|
87
|
-
@ldap.host = '127.0.0.1'
|
88
|
-
@ldap.encryption(
|
89
|
-
method: :start_tls,
|
90
|
-
tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
|
91
|
-
)
|
92
|
-
error = assert_raise Net::LDAP::Error,
|
93
|
-
Net::LDAP::ConnectionRefusedError do
|
94
|
-
@ldap.bind BIND_CREDS
|
95
|
-
end
|
96
|
-
assert_equal(
|
97
|
-
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
98
|
-
error.message,
|
99
|
-
)
|
100
|
-
end
|
101
|
-
|
102
|
-
def test_bind_tls_with_bad_hostname_ca_no_opt_merge_fails
|
103
|
-
@ldap.host = '127.0.0.1'
|
104
|
-
@ldap.encryption(
|
105
|
-
method: :start_tls,
|
106
|
-
tls_options: { ca_file: CA_FILE },
|
107
|
-
)
|
108
|
-
error = assert_raise Net::LDAP::Error,
|
109
|
-
Net::LDAP::ConnectionRefusedError do
|
110
|
-
@ldap.bind BIND_CREDS
|
111
|
-
end
|
112
|
-
assert_equal(
|
113
|
-
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
114
|
-
error.message,
|
115
|
-
)
|
116
|
-
end
|
117
|
-
|
118
|
-
def test_bind_tls_with_valid_hostname_default_opts_passes
|
119
|
-
@ldap.host = INTEGRATION_HOSTNAME
|
120
|
-
@ldap.encryption(
|
121
|
-
method: :start_tls,
|
122
|
-
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
123
|
-
ca_file: CA_FILE),
|
124
|
-
)
|
125
|
-
assert @ldap.bind(BIND_CREDS),
|
126
|
-
@ldap.get_operation_result.inspect
|
127
|
-
end
|
128
|
-
|
129
|
-
def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
|
130
|
-
@ldap.host = INTEGRATION_HOSTNAME
|
131
|
-
@ldap.encryption(
|
132
|
-
method: :start_tls,
|
133
|
-
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
134
|
-
ca_file: CA_FILE },
|
135
|
-
)
|
136
|
-
assert @ldap.bind(BIND_CREDS),
|
137
|
-
@ldap.get_operation_result.inspect
|
138
|
-
end
|
139
|
-
|
140
|
-
def test_bind_tls_with_bogus_hostname_system_ca_fails
|
141
|
-
@ldap.host = '127.0.0.1'
|
142
|
-
@ldap.encryption(method: :start_tls, tls_options: {})
|
143
|
-
error = assert_raise Net::LDAP::Error,
|
144
|
-
Net::LDAP::ConnectionRefusedError do
|
145
|
-
@ldap.bind BIND_CREDS
|
146
|
-
end
|
147
|
-
assert_equal(
|
148
|
-
"hostname \"#{@ldap.host}\" does not match the server certificate",
|
149
|
-
error.message,
|
150
|
-
)
|
151
|
-
end
|
152
|
-
|
153
|
-
def test_bind_tls_with_multiple_hosts
|
154
|
-
@ldap.host = nil
|
155
|
-
@ldap.hosts = [[INTEGRATION_HOSTNAME, 389], [INTEGRATION_HOSTNAME, 389]]
|
156
|
-
@ldap.encryption(
|
157
|
-
method: :start_tls,
|
158
|
-
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
159
|
-
ca_file: CA_FILE),
|
160
|
-
)
|
161
|
-
assert @ldap.bind(BIND_CREDS),
|
162
|
-
@ldap.get_operation_result.inspect
|
163
|
-
end
|
164
|
-
|
165
|
-
def test_bind_tls_with_multiple_bogus_hosts
|
166
|
-
@ldap.host = nil
|
167
|
-
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
168
|
-
@ldap.encryption(
|
169
|
-
method: :start_tls,
|
170
|
-
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
|
171
|
-
ca_file: CA_FILE),
|
172
|
-
)
|
173
|
-
error = assert_raise Net::LDAP::Error,
|
174
|
-
Net::LDAP::ConnectionError do
|
175
|
-
@ldap.bind BIND_CREDS
|
176
|
-
end
|
177
|
-
assert_equal("Unable to connect to any given server: ",
|
178
|
-
error.message.split("\n").shift)
|
179
|
-
end
|
180
|
-
|
181
|
-
def test_bind_tls_with_multiple_bogus_hosts_no_verification
|
182
|
-
@ldap.host = nil
|
183
|
-
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
184
|
-
@ldap.encryption(
|
185
|
-
method: :start_tls,
|
186
|
-
tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
|
187
|
-
)
|
188
|
-
assert @ldap.bind(BIND_CREDS),
|
189
|
-
@ldap.get_operation_result.inspect
|
190
|
-
end
|
191
|
-
|
192
|
-
def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails
|
193
|
-
@ldap.host = nil
|
194
|
-
@ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
|
195
|
-
@ldap.encryption(
|
196
|
-
method: :start_tls,
|
197
|
-
tls_options: { ca_file: CA_FILE },
|
198
|
-
)
|
199
|
-
error = assert_raise Net::LDAP::Error,
|
200
|
-
Net::LDAP::ConnectionError do
|
201
|
-
@ldap.bind BIND_CREDS
|
202
|
-
end
|
203
|
-
assert_equal("Unable to connect to any given server: ",
|
204
|
-
error.message.split("\n").shift)
|
205
|
-
end
|
206
|
-
|
207
|
-
# This test is CI-only because we can't add the fixture CA
|
208
|
-
# to the system CA store on people's dev boxes.
|
209
|
-
def test_bind_tls_valid_hostname_system_ca_on_travis_passes
|
210
|
-
omit "not sure how to install custom CA cert in travis"
|
211
|
-
omit_unless ENV['TRAVIS'] == 'true'
|
212
|
-
|
213
|
-
@ldap.host = INTEGRATION_HOSTNAME
|
214
|
-
@ldap.encryption(
|
215
|
-
method: :start_tls,
|
216
|
-
tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER },
|
217
|
-
)
|
218
|
-
assert @ldap.bind(BIND_CREDS),
|
219
|
-
@ldap.get_operation_result.inspect
|
220
|
-
end
|
221
|
-
end
|
@@ -1,29 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class TestDeleteIntegration < LDAPIntegrationTestCase
|
4
|
-
def setup
|
5
|
-
super
|
6
|
-
@dn = "uid=delete-user1,ou=People,dc=example,dc=org"
|
7
|
-
|
8
|
-
attrs = {
|
9
|
-
objectclass: %w(top inetOrgPerson organizationalPerson person),
|
10
|
-
uid: "delete-user1",
|
11
|
-
cn: "delete-user1",
|
12
|
-
sn: "delete-user1",
|
13
|
-
mail: "delete-user1@rubyldap.com",
|
14
|
-
}
|
15
|
-
unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
|
16
|
-
assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
|
17
|
-
end
|
18
|
-
assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_delete
|
22
|
-
assert @ldap.delete(dn: @dn), @ldap.get_operation_result.inspect
|
23
|
-
refute @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
|
24
|
-
|
25
|
-
result = @ldap.get_operation_result
|
26
|
-
assert_equal Net::LDAP::ResultCodeNoSuchObject, result.code
|
27
|
-
assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeNoSuchObject], result.message
|
28
|
-
end
|
29
|
-
end
|
@@ -1,87 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class TestBindIntegration < LDAPIntegrationTestCase
|
4
|
-
def test_binds_without_open
|
5
|
-
events = @service.subscribe "bind.net_ldap_connection"
|
6
|
-
|
7
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
8
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
9
|
-
|
10
|
-
assert_equal 2, events.size
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_binds_with_open
|
14
|
-
events = @service.subscribe "bind.net_ldap_connection"
|
15
|
-
|
16
|
-
@ldap.open do
|
17
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
18
|
-
@ldap.search(filter: "uid=user1", base: "ou=People,dc=example,dc=org", ignore_server_caps: true)
|
19
|
-
end
|
20
|
-
|
21
|
-
assert_equal 1, events.size
|
22
|
-
end
|
23
|
-
|
24
|
-
# NOTE: query for two or more entries so that the socket must be read
|
25
|
-
# multiple times.
|
26
|
-
# See The Problem: https://github.com/ruby-ldap/ruby-net-ldap/issues/136
|
27
|
-
|
28
|
-
def test_nested_search_without_open
|
29
|
-
entries = []
|
30
|
-
nested_entry = nil
|
31
|
-
|
32
|
-
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
|
33
|
-
entries << entry.uid.first
|
34
|
-
nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
|
35
|
-
end
|
36
|
-
|
37
|
-
assert_equal "user3", nested_entry.uid.first
|
38
|
-
assert_equal %w(user1 user2), entries
|
39
|
-
end
|
40
|
-
|
41
|
-
def test_nested_search_with_open
|
42
|
-
entries = []
|
43
|
-
nested_entry = nil
|
44
|
-
|
45
|
-
@ldap.open do
|
46
|
-
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
|
47
|
-
entries << entry.uid.first
|
48
|
-
nested_entry ||= @ldap.search(filter: "uid=user3", base: "ou=People,dc=example,dc=org").first
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
assert_equal "user3", nested_entry.uid.first
|
53
|
-
assert_equal %w(user1 user2), entries
|
54
|
-
end
|
55
|
-
|
56
|
-
def test_nested_add_with_open
|
57
|
-
entries = []
|
58
|
-
nested_entry = nil
|
59
|
-
|
60
|
-
dn = "uid=nested-open-added-user1,ou=People,dc=example,dc=org"
|
61
|
-
attrs = {
|
62
|
-
objectclass: %w(top inetOrgPerson organizationalPerson person),
|
63
|
-
uid: "nested-open-added-user1",
|
64
|
-
cn: "nested-open-added-user1",
|
65
|
-
sn: "nested-open-added-user1",
|
66
|
-
mail: "nested-open-added-user1@rubyldap.com",
|
67
|
-
}
|
68
|
-
|
69
|
-
@ldap.delete dn: dn
|
70
|
-
|
71
|
-
@ldap.open do
|
72
|
-
@ldap.search(filter: "(|(uid=user1)(uid=user2))", base: "ou=People,dc=example,dc=org") do |entry|
|
73
|
-
entries << entry.uid.first
|
74
|
-
|
75
|
-
nested_entry ||= begin
|
76
|
-
assert @ldap.add(dn: dn, attributes: attrs), @ldap.get_operation_result.inspect
|
77
|
-
@ldap.search(base: dn, scope: Net::LDAP::SearchScope_BaseObject).first
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
assert_equal %w(user1 user2), entries
|
83
|
-
assert_equal "nested-open-added-user1", nested_entry.uid.first
|
84
|
-
ensure
|
85
|
-
@ldap.delete dn: dn
|
86
|
-
end
|
87
|
-
end
|
@@ -1,93 +0,0 @@
|
|
1
|
-
require_relative '../test_helper'
|
2
|
-
|
3
|
-
class TestPasswordModifyIntegration < LDAPIntegrationTestCase
|
4
|
-
def setup
|
5
|
-
super
|
6
|
-
@admin_account = { dn: 'cn=admin,dc=example,dc=org', password: 'admin', method: :simple }
|
7
|
-
@ldap.authenticate @admin_account[:dn], @admin_account[:password]
|
8
|
-
|
9
|
-
@dn = 'uid=modify-password-user1,ou=People,dc=example,dc=org'
|
10
|
-
|
11
|
-
attrs = {
|
12
|
-
objectclass: %w(top inetOrgPerson organizationalPerson person),
|
13
|
-
uid: 'modify-password-user1',
|
14
|
-
cn: 'modify-password-user1',
|
15
|
-
sn: 'modify-password-user1',
|
16
|
-
mail: 'modify-password-user1@rubyldap.com',
|
17
|
-
userPassword: 'admin',
|
18
|
-
}
|
19
|
-
unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
|
20
|
-
assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
|
21
|
-
end
|
22
|
-
assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
|
23
|
-
|
24
|
-
@auth = {
|
25
|
-
method: :simple,
|
26
|
-
username: @dn,
|
27
|
-
password: 'admin',
|
28
|
-
}
|
29
|
-
end
|
30
|
-
|
31
|
-
def test_password_modify
|
32
|
-
assert @ldap.password_modify(dn: @dn,
|
33
|
-
auth: @auth,
|
34
|
-
old_password: 'admin',
|
35
|
-
new_password: 'passworD2')
|
36
|
-
|
37
|
-
assert @ldap.get_operation_result.extended_response.nil?,
|
38
|
-
'Should not have generated a new password'
|
39
|
-
|
40
|
-
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
41
|
-
'Old password should no longer be valid'
|
42
|
-
|
43
|
-
assert @ldap.bind(username: @dn, password: 'passworD2', method: :simple),
|
44
|
-
'New password should be valid'
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_password_modify_generate
|
48
|
-
assert @ldap.password_modify(dn: @dn,
|
49
|
-
auth: @auth,
|
50
|
-
old_password: 'admin')
|
51
|
-
|
52
|
-
generated_password = @ldap.get_operation_result.extended_response[0][0]
|
53
|
-
|
54
|
-
assert generated_password, 'Should have generated a password'
|
55
|
-
|
56
|
-
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
57
|
-
'Old password should no longer be valid'
|
58
|
-
|
59
|
-
assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
|
60
|
-
'New password should be valid'
|
61
|
-
end
|
62
|
-
|
63
|
-
def test_password_modify_generate_no_old_password
|
64
|
-
assert @ldap.password_modify(dn: @dn,
|
65
|
-
auth: @auth)
|
66
|
-
|
67
|
-
generated_password = @ldap.get_operation_result.extended_response[0][0]
|
68
|
-
|
69
|
-
assert generated_password, 'Should have generated a password'
|
70
|
-
|
71
|
-
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
72
|
-
'Old password should no longer be valid'
|
73
|
-
|
74
|
-
assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
|
75
|
-
'New password should be valid'
|
76
|
-
end
|
77
|
-
|
78
|
-
def test_password_modify_overwrite_old_password
|
79
|
-
assert @ldap.password_modify(dn: @dn,
|
80
|
-
auth: @admin_account,
|
81
|
-
new_password: 'passworD3')
|
82
|
-
|
83
|
-
refute @ldap.bind(username: @dn, password: 'admin', method: :simple),
|
84
|
-
'Old password should no longer be valid'
|
85
|
-
|
86
|
-
assert @ldap.bind(username: @dn, password: 'passworD3', method: :simple),
|
87
|
-
'New password should be valid'
|
88
|
-
end
|
89
|
-
|
90
|
-
def teardown
|
91
|
-
@ldap.delete dn: @dn
|
92
|
-
end
|
93
|
-
end
|