RubyGems - net-ldap - Versions diffs - 0.3.1 → 0.5.1 - Mend

net-ldap 0.3.1 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of net-ldap might be problematic. Click here for more details.

Files changed (25) hide show

checksums.yaml +7 -0
data/.travis.yml +7 -0
data/Contributors.rdoc +1 -0
data/Gemfile +2 -0
data/History.rdoc +12 -0
data/Manifest.txt +6 -0
data/README.rdoc +2 -7
data/Rakefile +5 -3
data/lib/net/ber.rb +4 -2
data/lib/net/ber/core_ext/array.rb +14 -0
data/lib/net/ber/core_ext/string.rb +22 -4
data/lib/net/ldap.rb +125 -43
data/lib/net/ldap/filter.rb +30 -8
data/lib/net/ldap/password.rb +20 -14
data/lib/net/ldap/pdu.rb +16 -0
data/lib/net/ldap/version.rb +5 -0
data/lib/net/snmp.rb +3 -1
data/net-ldap.gemspec +14 -9
data/spec/unit/ber/ber_spec.rb +34 -2
data/spec/unit/ber/core_ext/array_spec.rb +24 -0
data/spec/unit/ldap/filter_parser_spec.rb +20 -0
data/spec/unit/ldap/filter_spec.rb +31 -0
data/spec/unit/ldap/search_spec.rb +35 -0
data/spec/unit/ldap_spec.rb +37 -7
metadata +83 -64

data/lib/net/ldap/filter.rb CHANGED

@@ -23,7 +23,7 @@
 class Net::LDAP::Filter
   ##
   # Known filter types.
-  FilterTypes = [ :ne, :eq, :ge, :le, :and, :or, :not, :ex ]
+  FilterTypes = [ :ne, :eq, :ge, :le, :and, :or, :not, :ex, :bineq ]
   def initialize(op, left, right) #:nodoc:
     unless FilterTypes.include?(op)
@@ -65,6 +65,23 @@ class Net::LDAP::Filter
       new(:eq, attribute, value)
     end
+		##
+		# Creates a Filter object indicating a binary comparison.
+		# this prevents the search data from being forced into a UTF-8 string.
+		#
+		# This is primarily used for Microsoft Active Directory to compare
+		# GUID values.
+		#
+		#    # for guid represented as hex charecters
+		#    guid = "6a31b4a12aa27a41aca9603f27dd5116"
+		#    guid_bin = [guid].pack("H*")
+		#    f = Net::LDAP::Filter.bineq("objectGUID", guid_bin)
+		#
+		# This filter does not perform any escaping.
+		def bineq(attribute, value)
+			new(:bineq, attribute, value)
+		end
     ##
     # Creates a Filter object indicating extensible comparison. This Filter
     # object is currently considered EXPERIMENTAL.
@@ -274,11 +291,11 @@ class Net::LDAP::Filter
           case b.ber_identifier
           when 0x80 # context-specific primitive 0, SubstringFilter "initial"
             raise Net::LDAP::LdapError, "Unrecognized substring filter; bad initial value." if str.length > 0
-            str += b
+            str += escape(b)
           when 0x81 # context-specific primitive 0, SubstringFilter "any"
-            str += "*#{b}"
+            str += "*#{escape(b)}"
           when 0x82 # context-specific primitive 0, SubstringFilter "final"
-            str += "*#{b}"
+            str += "*#{escape(b)}"
             final = true
           end
         }
@@ -399,6 +416,8 @@ class Net::LDAP::Filter
       "!(#{@left}=#{@right})"
     when :eq
       "#{@left}=#{@right}"
+		when :bineq
+			"#{@left}=#{@right}"
     when :ex
       "#{@left}:=#{@right}"
     when :ge
@@ -490,17 +509,17 @@ class Net::LDAP::Filter
           first = nil
           ary.shift
         else
-          first = ary.shift.to_ber_contextspecific(0)
+          first = unescape(ary.shift).to_ber_contextspecific(0)
         end
         if ary.last.empty?
           last = nil
           ary.pop
         else
-          last = ary.pop.to_ber_contextspecific(2)
+          last = unescape(ary.pop).to_ber_contextspecific(2)
         end
-        seq = ary.map { |e| e.to_ber_contextspecific(1) }
+        seq = ary.map { |e| unescape(e).to_ber_contextspecific(1) }
         seq.unshift first if first
         seq.push last if last
@@ -508,6 +527,9 @@ class Net::LDAP::Filter
       else # equality
         [@left.to_s.to_ber, unescape(@right).to_ber].to_ber_contextspecific(3)
       end
+		when :bineq
+			# make sure data is not forced to UTF-8
+			[@left.to_s.to_ber, unescape(@right).to_ber_bin].to_ber_contextspecific(3)
     when :ex
       seq = []
@@ -733,7 +755,7 @@ class Net::LDAP::Filter
         scanner.scan(/\s*/)
         if op = scanner.scan(/<=|>=|!=|:=|=/)
           scanner.scan(/\s*/)
-          if value = scanner.scan(/(?:[-\w*.+@=,#\$%&!'\s]|\\[a-fA-F\d]{2})+/)
+          if value = scanner.scan(/(?:[-\w*.+@=,#\$%&!'\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\\[a-fA-F\d]{2})+/u)
             # 20100313 AZ: Assumes that "(uid=george*)" is the same as
             # "(uid=george* )". The standard doesn't specify, but I can find
             # no examples that suggest otherwise.

data/lib/net/ldap/password.rb CHANGED

@@ -1,31 +1,37 @@
 # -*- ruby encoding: utf-8 -*-
 require 'digest/sha1'
 require 'digest/md5'
+require 'base64'
 class Net::LDAP::Password
   class << self
     # Generate a password-hash suitable for inclusion in an LDAP attribute.
-    # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
+    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
     # password. This function will return a hashed representation.
     #
     #--
     # STUB: This is here to fulfill the requirements of an RFC, which
     # one?
     #
-    # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
-    # sha1 as a synonym for sha1? I vote no because then should you also
-    # provide ssha1 for symmetry?
+    # TODO:
+    # * maybe salted-md5
+    # * Should we provide sha1 as a synonym for sha1? I vote no because then
+    #   should you also provide ssha1 for symmetry?
+    #
+    attribute_value = ""
     def generate(type, str)
-      digest, digest_name = case type
-                            when :md5
-                              [Digest::MD5.new, 'MD5']
-                            when :sha
-                              [Digest::SHA1.new, 'SHA']
-                            else
-                              raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
-                            end
-      digest << str.to_s
-      return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
+       case type
+         when :md5
+            attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
+         when :sha
+            attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
+         when :ssha
+            srand; salt = (rand * 1000).to_i.to_s
+            attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
+         else
+            raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+         end
+      return attribute_value
     end
   end
 end

data/lib/net/ldap/pdu.rb CHANGED

@@ -112,6 +112,10 @@ class Net::LDAP::PDU
     @ldap_result || {}
   end
+  def error_message
+    result[:errorMessage] || ""
+  end
   ##
   # This returns an LDAP result code taken from the PDU, but it will be nil
   # if there wasn't a result code. That can easily happen depending on the
@@ -120,6 +124,18 @@ class Net::LDAP::PDU
     @ldap_result and @ldap_result[code]
   end
+  def status
+    result_code == 0 ? :success : :failure
+  end
+  def success?
+    status == :success
+  end
+  def failure?
+    !success?
+  end
   ##
   # Return serverSaslCreds, which are only present in BindResponse packets.
   #--

data/lib/net/ldap/version.rb ADDED

@@ -0,0 +1,5 @@
+module Net
+  class LDAP
+    VERSION = "0.5.1"
+  end
+end

data/lib/net/snmp.rb CHANGED

@@ -1,8 +1,10 @@
 # -*- ruby encoding: utf-8 -*-
+require 'net/ldap/version'
 # :stopdoc:
 module Net
     class SNMP
-      VERSION = '0.3.1'
+      VERSION = Net::LDAP::VERSION
 	AsnSyntax = Net::BER.compile_syntax({
 	    :application => {

data/net-ldap.gemspec CHANGED

@@ -1,11 +1,16 @@
 # -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'net/ldap/version'
 Gem::Specification.new do |s|
   s.name = %q{net-ldap}
-  s.version = "0.3.1"
+  s.version = Net::LDAP::VERSION
+  s.license = "MIT"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Francis Cianfrocca", "Emiel van de Laar", "Rory O'Connell", "Kaspar Schiess", "Austin Ziegler"]
-  s.date = %q{2011-03-17}
+  s.authors = ["Francis Cianfrocca", "Emiel van de Laar", "Rory O'Connell", "Kaspar Schiess", "Austin Ziegler", "Michael Schaarschmidt"]
+  s.date = %q{2012-02-28}
   s.description = %q{Net::LDAP for Ruby (also called net-ldap) implements client access for the
 Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for
 accessing distributed directory services. Net::LDAP is written completely in
@@ -14,12 +19,12 @@ subset of server features as well.
 Net::LDAP has been tested against modern popular LDAP servers including
 OpenLDAP and Active Directory. The current release is mostly compliant with
-earlier versions of the IETF LDAP RFCs (2251–2256, 2829–2830, 3377, and 3771).
+earlier versions of the IETF LDAP RFCs (2251-2256, 2829-2830, 3377, and 3771).
 Our roadmap for Net::LDAP 1.0 is to gain full <em>client</em> compliance with
-the most recent LDAP RFCs (4510–4519, plutions of 4520–4532).}
+the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).}
   s.email = ["blackhedd@rubyforge.org", "gemiel@gmail.com", "rory.ocon@gmail.com", "kaspar.schiess@absurd.li", "austin@rubyforge.org"]
   s.extra_rdoc_files = ["Manifest.txt", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "README.rdoc"]
-  s.files = [".autotest", ".rspec", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "Manifest.txt", "README.rdoc", "Rakefile", "autotest/discover.rb", "lib/net-ldap.rb", "lib/net/ber.rb", "lib/net/ber/ber_parser.rb", "lib/net/ber/core_ext.rb", "lib/net/ber/core_ext/array.rb", "lib/net/ber/core_ext/bignum.rb", "lib/net/ber/core_ext/false_class.rb", "lib/net/ber/core_ext/fixnum.rb", "lib/net/ber/core_ext/string.rb", "lib/net/ber/core_ext/true_class.rb", "lib/net/ldap.rb", "lib/net/ldap/dataset.rb", "lib/net/ldap/dn.rb", "lib/net/ldap/entry.rb", "lib/net/ldap/filter.rb", "lib/net/ldap/password.rb", "lib/net/ldap/pdu.rb", "lib/net/snmp.rb", "net-ldap.gemspec", "spec/integration/ssl_ber_spec.rb", "spec/spec.opts", "spec/spec_helper.rb", "spec/unit/ber/ber_spec.rb", "spec/unit/ber/core_ext/string_spec.rb", "spec/unit/ldap/dn_spec.rb", "spec/unit/ldap/entry_spec.rb", "spec/unit/ldap/filter_spec.rb", "spec/unit/ldap_spec.rb", "test/common.rb", "test/test_entry.rb", "test/test_filter.rb", "test/test_ldap_connection.rb", "test/test_ldif.rb", "test/test_password.rb", "test/test_rename.rb", "test/test_snmp.rb", "test/testdata.ldif", "testserver/ldapserver.rb", "testserver/testdata.ldif"]
+  s.files = [".autotest", ".rspec", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "Manifest.txt", "README.rdoc", "Rakefile", "autotest/discover.rb", "lib/net-ldap.rb", "lib/net/ber.rb", "lib/net/ber/ber_parser.rb", "lib/net/ber/core_ext.rb", "lib/net/ber/core_ext/array.rb", "lib/net/ber/core_ext/bignum.rb", "lib/net/ber/core_ext/false_class.rb", "lib/net/ber/core_ext/fixnum.rb", "lib/net/ber/core_ext/string.rb", "lib/net/ber/core_ext/true_class.rb", "lib/net/ldap.rb", "lib/net/ldap/dataset.rb", "lib/net/ldap/dn.rb", "lib/net/ldap/entry.rb", "lib/net/ldap/filter.rb", "lib/net/ldap/password.rb", "lib/net/ldap/pdu.rb", "lib/net/snmp.rb", "net-ldap.gemspec", "spec/integration/ssl_ber_spec.rb", "spec/spec.opts", "spec/spec_helper.rb", "spec/unit/ber/ber_spec.rb", "spec/unit/ber/core_ext/string_spec.rb", "spec/unit/ldap/dn_spec.rb", "spec/unit/ldap/entry_spec.rb", "spec/unit/ldap/filter_spec.rb", "spec/unit/ldap_spec.rb", "test/common.rb", "test/test_entry.rb", "test/test_filter.rb", "test/test_ldap_connection.rb", "test/test_ldif.rb", "test/test_password.rb", "test/test_rename.rb", "test/test_snmp.rb", "test/testdata.ldif", "testserver/ldapserver.rb", "testserver/testdata.ldif", "lib/net/ldap/version.rb"]
   s.homepage = %q{http://github.com.org/ruby-ldap/ruby-net-ldap}
   s.rdoc_options = ["--main", "README.rdoc"]
   s.require_paths = ["lib"]
@@ -36,14 +41,14 @@ the most recent LDAP RFCs (4510–4519, plutions of 4520–4532).}
       s.add_development_dependency(%q<hoe-git>, ["~> 1"])
       s.add_development_dependency(%q<hoe-gemspec>, ["~> 1"])
       s.add_development_dependency(%q<metaid>, ["~> 1"])
-      s.add_development_dependency(%q<flexmock>, ["~> 0.9.0"])
+      s.add_development_dependency(%q<flexmock>, [">= 1.3.0"])
       s.add_development_dependency(%q<rspec>, ["~> 2.0"])
       s.add_development_dependency(%q<hoe>, [">= 2.9.1"])
     else
       s.add_dependency(%q<hoe-git>, ["~> 1"])
       s.add_dependency(%q<hoe-gemspec>, ["~> 1"])
       s.add_dependency(%q<metaid>, ["~> 1"])
-      s.add_dependency(%q<flexmock>, ["~> 0.9.0"])
+      s.add_dependency(%q<flexmock>, [">= 1.3.0"])
       s.add_dependency(%q<rspec>, ["~> 2.0"])
       s.add_dependency(%q<hoe>, [">= 2.9.1"])
     end
@@ -51,7 +56,7 @@ the most recent LDAP RFCs (4510–4519, plutions of 4520–4532).}
     s.add_dependency(%q<hoe-git>, ["~> 1"])
     s.add_dependency(%q<hoe-gemspec>, ["~> 1"])
     s.add_dependency(%q<metaid>, ["~> 1"])
-    s.add_dependency(%q<flexmock>, ["~> 0.9.0"])
+    s.add_dependency(%q<flexmock>, [">= 1.3.0"])
     s.add_dependency(%q<rspec>, ["~> 2.0"])
     s.add_dependency(%q<hoe>, [">= 2.9.1"])
   end

data/spec/unit/ber/ber_spec.rb CHANGED

@@ -84,9 +84,14 @@ describe "BER encoding of" do
       it "should properly encode strings encodable as UTF-8" do
         "teststring".encode("US-ASCII").to_ber.should == "\x04\nteststring"
       end
-      it "should fail on strings that can not be converted to UTF-8" do
+			it "should properly encode binary data strings using to_ber_bin" do
+				# This is used for searching for GUIDs in Active Directory
+				["6a31b4a12aa27a41aca9603f27dd5116"].pack("H*").to_ber_bin.should ==
+					"\x04\x10" + "j1\xB4\xA1*\xA2zA\xAC\xA9`?'\xDDQ\x16"
+			end
+      it "should not fail on strings that can not be converted to UTF-8" do
         error = Encoding::UndefinedConversionError
-        lambda {"\x81".to_ber }.should raise_exception(error)
+        lambda {"\x81".to_ber }.should_not raise_exception(error)
       end
     end
   end
@@ -107,3 +112,30 @@ describe "BER decoding of" do
     end
   end
 end
+describe Net::BER::BerIdentifiedString do
+  describe "initialize" do
+    subject { Net::BER::BerIdentifiedString.new(data) }
+    context "binary data" do
+      let(:data) { ["6a31b4a12aa27a41aca9603f27dd5116"].pack("H*").force_encoding("ASCII-8BIT") }
+      its(:valid_encoding?) { should be_true }
+      specify { subject.encoding.name.should == "ASCII-8BIT" }
+    end
+    context "ascii data in UTF-8" do
+      let(:data) { "some text".force_encoding("UTF-8") }
+      its(:valid_encoding?) { should be_true }
+      specify { subject.encoding.name.should == "UTF-8" }
+    end
+    context "UTF-8 data in UTF-8" do
+      let(:data) { ["e4b8ad"].pack("H*").force_encoding("UTF-8") }
+      its(:valid_encoding?) { should be_true }
+      specify { subject.encoding.name.should == "UTF-8" }
+    end
+  end
+end

data/spec/unit/ber/core_ext/array_spec.rb ADDED

@@ -0,0 +1,24 @@
+require 'spec_helper'
+require 'metaid'
+describe Array, "when extended with BER core extensions" do
+  it "should correctly convert a control code array" do
+    control_codes = []
+    control_codes << ['1.2.3'.to_ber, true.to_ber].to_ber_sequence
+    control_codes << ['1.7.9'.to_ber, false.to_ber].to_ber_sequence
+    control_codes = control_codes.to_ber_sequence
+    res = [['1.2.3', true],['1.7.9',false]].to_ber_control
+    res.should eq(control_codes)
+  end
+  it "should wrap the array in another array if a nested array is not passed" do
+    result1 = ['1.2.3', true].to_ber_control
+    result2 = [['1.2.3', true]].to_ber_control
+    result1.should eq(result2)
+  end
+  it "should return an empty string if an empty array is passed" do
+    [].to_ber_control.should be_empty
+  end
+end

data/spec/unit/ldap/filter_parser_spec.rb ADDED

@@ -0,0 +1,20 @@
+# encoding: utf-8
+require 'spec_helper'
+describe Net::LDAP::Filter::FilterParser do
+  describe "#parse" do
+    context "Given ASCIIs as filter string" do
+      let(:filter_string) { "(cn=name)" }
+      specify "should generate filter object" do
+        expect(Net::LDAP::Filter::FilterParser.parse(filter_string)).to be_a Net::LDAP::Filter
+      end
+    end
+    context "Given string including multibyte chars as filter string" do
+      let(:filter_string) { "(cn=名前)" }
+      specify "should generate filter object" do
+        expect(Net::LDAP::Filter::FilterParser.parse(filter_string)).to be_a Net::LDAP::Filter
+      end
+    end
+  end
+end

data/spec/unit/ldap/filter_spec.rb CHANGED

@@ -81,4 +81,35 @@ describe Net::LDAP::Filter do
       Net::LDAP::Filter.escape("\0*()\\").should == "\\00\\2A\\28\\29\\5C"
     end
   end
+  context 'with a well-known BER string' do
+    ber = "\xa4\x2d" \
+      "\x04\x0b" "objectclass" \
+      "\x30\x1e" \
+      "\x80\x08" "foo" "*\\" "bar" \
+      "\x81\x08" "foo" "*\\" "bar" \
+      "\x82\x08" "foo" "*\\" "bar"
+    describe "<- .to_ber" do
+      [
+        "foo" "\\2A\\5C" "bar",
+        "foo" "\\2a\\5c" "bar",
+        "foo" "\\2A\\5c" "bar",
+        "foo" "\\2a\\5C" "bar"
+      ].each do |escaped|
+        it 'unescapes escaped characters' do
+          filter = Net::LDAP::Filter.eq("objectclass", "#{escaped}*#{escaped}*#{escaped}")
+          filter.to_ber.should == ber
+        end
+      end
+    end
+    describe '<- .parse_ber' do
+      it 'escapes characters' do
+        escaped = Net::LDAP::Filter.escape("foo" "*\\" "bar")
+        filter = Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+        filter.to_s.should == "(objectclass=#{escaped}*#{escaped}*#{escaped})"
+      end
+    end
+  end
 end

data/spec/unit/ldap/search_spec.rb ADDED

@@ -0,0 +1,35 @@
+# -*- ruby encoding: utf-8 -*-
+describe Net::LDAP, "search method" do
+  class FakeConnection
+    def search(args)
+      OpenStruct.new(:result_code => 1, :message => "error", :success? => false)
+    end
+  end
+  before(:each) do
+    @connection = Net::LDAP.new
+    @connection.instance_variable_set(:@open_connection, FakeConnection.new)
+  end
+  context "when :return_result => true" do
+    it "should return nil upon error" do
+      result_set = @connection.search(:return_result => true)
+      result_set.should be_nil
+    end
+  end
+  context "when :return_result => false" do
+    it "should return false upon error" do
+      result = @connection.search(:return_result => false)
+      result.should be_false
+    end
+  end
+  context "When :return_result is not given" do
+    it "should return nil upon error" do
+      result_set = @connection.search
+      result_set.should be_nil
+    end
+  end
+end

data/spec/unit/ldap_spec.rb CHANGED

@@ -7,11 +7,11 @@ describe Net::LDAP::Connection do
         flexmock(TCPSocket).
           should_receive(:new).and_raise(Errno::ECONNREFUSED)
       end
       it "should raise LdapError" do
         lambda {
           Net::LDAP::Connection.new(
-            :server => 'test.mocked.com',
+            :server => 'test.mocked.com',
             :port   => 636)
         }.should raise_error(Net::LDAP::LdapError)
       end
@@ -21,11 +21,11 @@ describe Net::LDAP::Connection do
         flexmock(TCPSocket).
           should_receive(:new).and_raise(SocketError)
       end
       it "should raise LdapError" do
         lambda {
           Net::LDAP::Connection.new(
-            :server => 'test.mocked.com',
+            :server => 'test.mocked.com',
             :port   => 636)
         }.should raise_error(Net::LDAP::LdapError)
       end
@@ -35,14 +35,44 @@ describe Net::LDAP::Connection do
         flexmock(TCPSocket).
           should_receive(:new).and_raise(NameError)
       end
       it "should rethrow the exception" do
         lambda {
           Net::LDAP::Connection.new(
-            :server => 'test.mocked.com',
+            :server => 'test.mocked.com',
             :port   => 636)
         }.should raise_error(NameError)
       end
     end
   end
-end
+  context "populate error messages" do
+    before do
+      @tcp_socket = flexmock(:connection)
+      @tcp_socket.should_receive(:write)
+      flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket)
+    end
+    subject { Net::LDAP::Connection.new(:server => 'test.mocked.com', :port => 636) }
+    it "should get back error messages if operation fails" do
+      ber = Net::BER::BerIdentifiedArray.new([53, "", "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1"])
+      ber.ber_identifier = 7
+      @tcp_socket.should_receive(:read_ber).and_return([2, ber])
+      result = subject.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+      result.should be_failure
+      result.error_message.should == "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1"
+    end
+    it "shouldn't get back error messages if operation succeeds" do
+      ber = Net::BER::BerIdentifiedArray.new([0, "", ""])
+      ber.ber_identifier = 7
+      @tcp_socket.should_receive(:read_ber).and_return([2, ber])
+      result = subject.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+      result.should be_success
+      result.error_message.should == ""
+    end
+  end
+end