net-ldap 0.8.0 → 0.9.0

data/net-ldap.gemspec

@@ -7,8 +7,6 @@ Gem::Specification.new do |s|
   s.name = %q{net-ldap}
   s.version = Net::LDAP::VERSION
   s.license = "MIT"
-
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Francis Cianfrocca", "Emiel van de Laar", "Rory O'Connell", "Kaspar Schiess", "Austin Ziegler", "Michael Schaarschmidt"]
   s.date = %q{2012-02-28}
   s.description = %q{Net::LDAP for Ruby (also called net-ldap) implements client access for the
@@ -24,40 +22,16 @@ Our roadmap for Net::LDAP 1.0 is to gain full <em>client</em> compliance with
 the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).}
   s.email = ["blackhedd@rubyforge.org", "gemiel@gmail.com", "rory.ocon@gmail.com", "kaspar.schiess@absurd.li", "austin@rubyforge.org"]
   s.extra_rdoc_files = ["Manifest.txt", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "README.rdoc"]
-  s.files = [".autotest", ".rspec", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "Manifest.txt", "README.rdoc", "Rakefile", "autotest/discover.rb", "lib/net-ldap.rb", "lib/net/ber.rb", "lib/net/ber/ber_parser.rb", "lib/net/ber/core_ext.rb", "lib/net/ber/core_ext/array.rb", "lib/net/ber/core_ext/bignum.rb", "lib/net/ber/core_ext/false_class.rb", "lib/net/ber/core_ext/fixnum.rb", "lib/net/ber/core_ext/string.rb", "lib/net/ber/core_ext/true_class.rb", "lib/net/ldap.rb", "lib/net/ldap/dataset.rb", "lib/net/ldap/dn.rb", "lib/net/ldap/entry.rb", "lib/net/ldap/filter.rb", "lib/net/ldap/instrumentation.rb", "lib/net/ldap/password.rb", "lib/net/ldap/pdu.rb", "lib/net/snmp.rb", "net-ldap.gemspec", "spec/integration/ssl_ber_spec.rb", "spec/spec.opts", "spec/spec_helper.rb", "spec/unit/ber/ber_spec.rb", "spec/unit/ber/core_ext/string_spec.rb", "spec/unit/ldap/dn_spec.rb", "spec/unit/ldap/entry_spec.rb", "spec/unit/ldap/filter_spec.rb", "spec/unit/ldap_spec.rb", "test/common.rb", "test/test_entry.rb", "test/test_filter.rb", "test/test_ldap_connection.rb", "test/test_ldif.rb", "test/test_password.rb", "test/test_rename.rb", "test/test_snmp.rb", "test/testdata.ldif", "testserver/ldapserver.rb", "testserver/testdata.ldif", "lib/net/ldap/version.rb"]
+  s.files = `git ls-files`.split $/
+  s.test_files = s.files.grep(%r{^test})
   s.homepage = %q{http://github.com/ruby-ldap/ruby-net-ldap}
   s.rdoc_options = ["--main", "README.rdoc"]
   s.require_paths = ["lib"]
-  s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
-  s.rubyforge_project = %q{net-ldap}
-  s.rubygems_version = %q{1.5.2}
+  s.required_ruby_version = ">= 1.9.3"
   s.summary = %q{Net::LDAP for Ruby (also called net-ldap) implements client access for the Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for accessing distributed directory services}
-  s.test_files = ["test/test_entry.rb", "test/test_filter.rb", "test/test_ldap_connection.rb", "test/test_ldif.rb", "test/test_password.rb", "test/test_rename.rb", "test/test_snmp.rb"]
-
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<hoe-git>, ["~> 1"])
-      s.add_development_dependency(%q<hoe-gemspec>, ["~> 1"])
-      s.add_development_dependency(%q<metaid>, ["~> 1"])
-      s.add_development_dependency(%q<flexmock>, [">= 1.3.0"])
-      s.add_development_dependency(%q<rspec>, ["~> 2.0"])
-      s.add_development_dependency(%q<hoe>, [">= 2.9.1"])
-    else
-      s.add_dependency(%q<hoe-git>, ["~> 1"])
-      s.add_dependency(%q<hoe-gemspec>, ["~> 1"])
-      s.add_dependency(%q<metaid>, ["~> 1"])
-      s.add_dependency(%q<flexmock>, [">= 1.3.0"])
-      s.add_dependency(%q<rspec>, ["~> 2.0"])
-      s.add_dependency(%q<hoe>, [">= 2.9.1"])
-    end
-  else
-    s.add_dependency(%q<hoe-git>, ["~> 1"])
-    s.add_dependency(%q<hoe-gemspec>, ["~> 1"])
-    s.add_dependency(%q<metaid>, ["~> 1"])
-    s.add_dependency(%q<flexmock>, [">= 1.3.0"])
-    s.add_dependency(%q<rspec>, ["~> 2.0"])
-    s.add_dependency(%q<hoe>, [">= 2.9.1"])
-  end
+  s.add_development_dependency("hoe-git", "~> 1.0")
+  s.add_development_dependency("hoe-gemspec", "~> 1.0")
+  s.add_development_dependency("flexmock", "~> 1.3")
+  s.add_development_dependency("hoe", "~> 2.9")
 end

data/script/install-openldap

@@ -0,0 +1,47 @@
+#!/usr/bin/env sh
+set -e
+set -x
+
+BASE_PATH="$( cd `dirname $0`/../test/fixtures/openldap && pwd )"
+SEED_PATH="$( cd `dirname $0`/../test/fixtures          && pwd )"
+
+dpkg -s slapd time ldap-utils ||\
+  DEBIAN_FRONTEND=noninteractive sudo -E apt-get install -y --force-yes slapd time ldap-utils
+
+sudo /etc/init.d/slapd stop
+
+TMPDIR=$(mktemp -d)
+cd $TMPDIR
+
+# Delete data and reconfigure.
+sudo cp -v /var/lib/ldap/DB_CONFIG ./DB_CONFIG
+sudo rm -rf /etc/ldap/slapd.d/*
+sudo rm -rf /var/lib/ldap/*
+sudo cp -v ./DB_CONFIG /var/lib/ldap/DB_CONFIG
+sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/slapd.conf.ldif
+# Load memberof and ref-int overlays and configure them.
+sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/memberof.ldif
+# Load retcode overlay and configure
+sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/retcode.ldif
+
+# Add base domain.
+sudo slapadd -F /etc/ldap/slapd.d <<EOM
+dn: dc=rubyldap,dc=com
+objectClass: top
+objectClass: domain
+dc: rubyldap
+EOM
+
+sudo chown -R openldap.openldap /etc/ldap/slapd.d
+sudo chown -R openldap.openldap /var/lib/ldap
+
+sudo /etc/init.d/slapd start
+
+# Import seed data.
+# NOTE: use ldapadd in order for memberOf and refint to apply, instead of:
+# cat $SEED_PATH/seed.ldif | sudo slapadd -F /etc/ldap/slapd.d
+/usr/bin/time sudo ldapadd -x -D "cn=admin,dc=rubyldap,dc=com" -w passworD1 \
+             -h localhost -p 389 \
+             -f $SEED_PATH/seed.ldif
+
+sudo rm -rf $TMPDIR

data/script/package

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+# Usage: script/package
+# Updates the gemspec and builds a new gem in the pkg directory.
+
+mkdir -p pkg
+gem build *.gemspec
+mv *.gem pkg

data/script/release

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+# Usage: script/release
+# Build the package, tag a commit, push it to origin, and then release the
+# package publicly.
+
+set -e
+
+version="$(script/package | grep Version: | awk '{print $2}')"
+[ -n "$version" ] || exit 1
+
+echo $version
+git commit --allow-empty -a -m "Release $version"
+git tag "v$version"
+git push origin
+git push origin "v$version"
+gem push pkg/*-${version}.gem

data/test/ber/core_ext/test_array.rb

@@ -0,0 +1,22 @@
+require_relative '../../test_helper'
+
+class TestBERArrayExtension < Test::Unit::TestCase
+  def test_control_code_array
+    control_codes = []
+    control_codes << ['1.2.3'.to_ber, true.to_ber].to_ber_sequence
+    control_codes << ['1.7.9'.to_ber, false.to_ber].to_ber_sequence
+    control_codes = control_codes.to_ber_sequence
+    res = [['1.2.3', true],['1.7.9',false]].to_ber_control
+    assert_equal control_codes, res
+  end
+
+  def test_wrap_array_if_not_nested
+    result1 = ['1.2.3', true].to_ber_control
+    result2 = [['1.2.3', true]].to_ber_control
+    assert_equal result2, result1
+  end
+
+  def test_empty_string_if_empty_array
+    assert_equal "", [].to_ber_control
+  end
+end

data/test/ber/core_ext/test_string.rb

@@ -0,0 +1,25 @@
+require_relative '../../test_helper'
+
+class TestBERStringExtension < Test::Unit::TestCase
+  def setup
+    @bind_request = "0$\002\001\001`\037\002\001\003\004\rAdministrator\200\vad_is_bogus UNCONSUMED".b
+    @result = @bind_request.read_ber!(Net::LDAP::AsnSyntax)
+  end
+
+  def test_parse_ber
+    assert_equal [1, [3, "Administrator", "ad_is_bogus"]], @result
+  end
+
+  def test_unconsumed_message
+    assert_equal " UNCONSUMED", @bind_request
+  end
+
+  def test_exception_does_not_modify_string
+    original = "0$\002\001\001`\037\002\001\003\004\rAdministrator\200\vad_is_bogus".b
+    duplicate = original.dup
+    flexmock(StringIO).new_instances.should_receive(:read_ber).and_raise(Net::BER::BerError)
+    duplicate.read_ber!(Net::LDAP::AsnSyntax) rescue Net::BER::BerError
+
+    assert_equal original, duplicate
+  end
+end

data/test/ber/test_ber.rb

@@ -0,0 +1,126 @@
+require_relative '../test_helper'
+
+class TestBEREncoding < Test::Unit::TestCase
+  def test_empty_array
+    assert_equal [], [].to_ber.read_ber
+  end
+
+  def test_array
+    ary = [1,2,3]
+    encoded_ary = ary.map { |el| el.to_ber }.to_ber
+
+    assert_equal ary, encoded_ary.read_ber
+  end
+
+  # http://tools.ietf.org/html/rfc4511#section-5.1
+  def test_true
+    assert_equal "\x01\x01\xFF".b, true.to_ber
+  end
+
+  def test_false
+    assert_equal "\x01\x01\x00", false.to_ber
+  end
+
+  # Sample based
+  {
+    0           => "\x02\x01\x00",
+    1           => "\x02\x01\x01",
+    127         => "\x02\x01\x7F",
+    128         => "\x02\x01\x80",
+    255         => "\x02\x01\xFF",
+    256         => "\x02\x02\x01\x00",
+    65535       => "\x02\x02\xFF\xFF",
+    65536       => "\x02\x03\x01\x00\x00",
+    16_777_215  => "\x02\x03\xFF\xFF\xFF",
+    0x01000000  => "\x02\x04\x01\x00\x00\x00",
+    0x3FFFFFFF  => "\x02\x04\x3F\xFF\xFF\xFF",
+    0x4FFFFFFF  => "\x02\x04\x4F\xFF\xFF\xFF",
+
+    # Some odd samples...
+    5           => "\002\001\005",
+    500         => "\002\002\001\364",
+    50_000      => "\x02\x02\xC3P",
+    5_000_000_000  => "\002\005\001*\005\362\000"
+  }.each do |number, expected_encoding|
+    define_method "test_encode_#{number}" do
+      assert_equal expected_encoding.b, number.to_ber
+    end
+  end
+
+  # Round-trip encoding: This is mostly to be sure to cover Bignums well.
+  def test_powers_of_two
+    100.times do |p|
+      n = 2 << p
+
+      assert_equal n, n.to_ber.read_ber
+    end
+  end
+
+  def test_powers_of_ten
+    100.times do |p|
+      n = 5 * 10**p
+
+      assert_equal n, n.to_ber.read_ber
+    end
+  end
+
+  if "Ruby 1.9".respond_to?(:encoding)
+    def test_encode_utf8_strings
+      assert_equal "\x04\x02\xC3\xA5".b, "\u00e5".force_encoding("UTF-8").to_ber
+    end
+
+    def test_utf8_encodable_strings
+      assert_equal "\x04\nteststring", "teststring".encode("US-ASCII").to_ber
+    end
+
+    def test_encode_binary_data
+      # This is used for searching for GUIDs in Active Directory
+      assert_equal "\x04\x10" + "j1\xB4\xA1*\xA2zA\xAC\xA9`?'\xDDQ\x16".b,
+        ["6a31b4a12aa27a41aca9603f27dd5116"].pack("H*").to_ber_bin
+    end
+
+    def test_non_utf8_encodable_strings
+      assert_equal "\x04\x01\x81".b, "\x81".to_ber
+    end
+  end
+end
+
+class TestBERDecoding < Test::Unit::TestCase
+  def test_decode_number
+    assert_equal 6, "\002\001\006".read_ber(Net::LDAP::AsnSyntax)
+  end
+
+  def test_decode_string
+    assert_equal "testing", "\004\007testing".read_ber(Net::LDAP::AsnSyntax)
+  end
+
+  def test_decode_ldap_bind_request
+    assert_equal [1, [3, "Administrator", "ad_is_bogus"]], "0$\002\001\001`\037\002\001\003\004\rAdministrator\200\vad_is_bogus".read_ber(Net::LDAP::AsnSyntax)
+  end
+end
+
+class TestBERIdentifiedString < Test::Unit::TestCase
+  def test_binary_data
+    data = ["6a31b4a12aa27a41aca9603f27dd5116"].pack("H*").force_encoding("ASCII-8BIT")
+    bis = Net::BER::BerIdentifiedString.new(data)
+
+    assert bis.valid_encoding?, "should be a valid encoding"
+    assert_equal "ASCII-8BIT", bis.encoding.name
+  end
+
+  def test_ascii_data_in_utf8
+    data = "some text".force_encoding("UTF-8")
+    bis = Net::BER::BerIdentifiedString.new(data)
+
+    assert bis.valid_encoding?, "should be a valid encoding"
+    assert_equal "UTF-8", bis.encoding.name
+  end
+
+  def test_ut8_data_in_utf8
+    data = ["e4b8ad"].pack("H*").force_encoding("UTF-8")
+    bis = Net::BER::BerIdentifiedString.new(data)
+
+    assert bis.valid_encoding?, "should be a valid encoding"
+    assert_equal "UTF-8", bis.encoding.name
+  end
+end

data/test/fixtures/openldap/memberof.ldif

@@ -0,0 +1,33 @@
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+objectClass: top
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: memberof.la
+
+dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: cn=module,cn=config
+cn: module
+objectclass: olcModuleList
+objectclass: top
+olcmoduleload: refint.la
+olcmodulepath: /usr/lib/ldap
+
+dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: {1}refint
+olcRefintAttribute: memberof member manager owner

data/test/fixtures/openldap/retcode.ldif

@@ -0,0 +1,76 @@
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+objectClass: top
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: retcode.la
+
+# source: http://www.opensource.apple.com/source/OpenLDAP/OpenLDAP-186/OpenLDAP/tests/data/retcode.conf?txt
+
+dn: olcOverlay={2}retcode,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcRetcodeConfig
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: retcode
+olcRetcodeParent: ou=Retcodes,dc=rubyldap,dc=com
+olcRetcodeInDir: TRUE
+olcRetcodeSleep: 0
+olcRetcodeItem: "cn=success" 0x00
+olcRetcodeItem: "cn=success w/ delay" 0x00 sleeptime=2
+olcRetcodeItem: "cn=operationsError" 0x01
+olcRetcodeItem: "cn=protocolError" 0x02
+olcRetcodeItem: "cn=timeLimitExceeded" 0x03 op=search
+olcRetcodeItem: "cn=sizeLimitExceeded" 0x04 op=search
+olcRetcodeItem: "cn=compareFalse" 0x05 op=compare
+olcRetcodeItem: "cn=compareTrue" 0x06 op=compare
+olcRetcodeItem: "cn=authMethodNotSupported" 0x07
+olcRetcodeItem: "cn=strongAuthNotSupported" 0x07 text="same as authMethodNotSupported"
+olcRetcodeItem: "cn=strongAuthRequired" 0x08
+olcRetcodeItem: "cn=strongerAuthRequired" 0x08 text="same as strongAuthRequired"
+olcRetcodeItem: "cn=referral" 0x0a text="LDAPv3" ref="ldap://:9019"
+olcRetcodeItem: "cn=adminLimitExceeded" 0x0b text="LDAPv3"
+olcRetcodeItem: "cn=unavailableCriticalExtension" 0x0c text="LDAPv3"
+olcRetcodeItem: "cn=confidentialityRequired" 0x0d text="LDAPv3"
+olcRetcodeItem: "cn=saslBindInProgress" 0x0e text="LDAPv3"
+olcRetcodeItem: "cn=noSuchAttribute" 0x10
+olcRetcodeItem: "cn=undefinedAttributeType" 0x11
+olcRetcodeItem: "cn=inappropriateMatching" 0x12
+olcRetcodeItem: "cn=constraintViolation" 0x13
+olcRetcodeItem: "cn=attributeOrValueExists" 0x14
+olcRetcodeItem: "cn=invalidAttributeSyntax" 0x15
+olcRetcodeItem: "cn=noSuchObject" 0x20
+olcRetcodeItem: "cn=aliasProblem" 0x21
+olcRetcodeItem: "cn=invalidDNSyntax" 0x22
+olcRetcodeItem: "cn=aliasDereferencingProblem" 0x24
+olcRetcodeItem: "cn=proxyAuthzFailure" 0x2F text="LDAPv3 proxy authorization"
+olcRetcodeItem: "cn=inappropriateAuthentication" 0x30
+olcRetcodeItem: "cn=invalidCredentials" 0x31
+olcRetcodeItem: "cn=insufficientAccessRights" 0x32
+olcRetcodeItem: "cn=busy" 0x33
+olcRetcodeItem: "cn=unavailable" 0x34
+olcRetcodeItem: "cn=unwillingToPerform" 0x35
+olcRetcodeItem: "cn=loopDetect" 0x36
+olcRetcodeItem: "cn=namingViolation" 0x40
+olcRetcodeItem: "cn=objectClassViolation" 0x41
+olcRetcodeItem: "cn=notAllowedOnNonleaf" 0x42
+olcRetcodeItem: "cn=notAllowedOnRDN" 0x43
+olcRetcodeItem: "cn=entryAlreadyExists" 0x44
+olcRetcodeItem: "cn=objectClassModsProhibited" 0x45
+olcRetcodeItem: "cn=resultsTooLarge" 0x46 text="CLDAP"
+olcRetcodeItem: "cn=affectsMultipleDSAs" 0x47 text="LDAPv3"
+olcRetcodeItem: "cn=other" 0x50
+olcRetcodeItem: "cn=cupResourcesExhausted" 0x71
+olcRetcodeItem: "cn=cupSecurityViolation" 0x72
+olcRetcodeItem: "cn=cupInvalidData" 0x73
+olcRetcodeItem: "cn=cupUnsupportedScheme" 0x74
+olcRetcodeItem: "cn=cupReloadRequired" 0x75
+olcRetcodeItem: "cn=cancelled" 0x76
+olcRetcodeItem: "cn=noSuchOperation" 0x77
+olcRetcodeItem: "cn=tooLate" 0x78
+olcRetcodeItem: "cn=cannotCancel" 0x79
+olcRetcodeItem: "cn=syncRefreshRequired" 0x4100
+olcRetcodeItem: "cn=noOperation" 0x410e
+olcRetcodeItem: "cn=assertionFailed" 0x410f
+olcRetcodeItem: "cn=noReferralsFound" 0x4110
+olcRetcodeItem: "cn=cannotChain" 0x4111

data/test/fixtures/openldap/slapd.conf.ldif

@@ -0,0 +1,67 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcPidFile: /var/run/slapd/slapd.pid
+olcArgsFile: /var/run/slapd/slapd.args
+olcLogLevel: none
+olcToolThreads: 1
+
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcSizeLimit: 500
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: back_hdb
+
+dn: olcBackend=hdb,cn=config
+objectClass: olcBackendConfig
+olcBackend: hdb
+
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: hdb
+olcDbCheckpoint: 512 30
+olcDbConfig: set_cachesize 1 0 0
+olcDbConfig: set_lk_max_objects 1500
+olcDbConfig: set_lk_max_locks 1500
+olcDbConfig: set_lk_max_lockers 1500
+olcLastMod: TRUE
+olcSuffix: dc=rubyldap,dc=com
+olcDbDirectory: /var/lib/ldap
+olcRootDN: cn=admin,dc=rubyldap,dc=com
+# admin's password: "passworD1"
+olcRootPW: {SHA}LFSkM9eegU6j3PeGG7UuHrT/KZM=
+olcDbIndex: objectClass eq
+olcAccess: to attrs=userPassword,shadowLastChange
+  by self write
+  by anonymous auth
+  by dn="cn=admin,dc=rubyldap,dc=com" write
+  by * none
+olcAccess: to dn.base="" by * read
+olcAccess: to *
+  by self write
+  by dn="cn=admin,dc=rubyldap,dc=com" write
+  by * read