net-ldap 0.8.0 → 0.9.0

data/test/test_filter.rb

@@ -1,4 +1,4 @@
-require 'common'
+require_relative 'test_helper'
 
 class TestFilter < Test::Unit::TestCase
   Filter = Net::LDAP::Filter
@@ -28,7 +28,7 @@ class TestFilter < Test::Unit::TestCase
     assert_equal("(uid=\\2A)", Filter.equals("uid", "*").to_s)
     assert_equal("(uid=\\28*)", Filter.begins("uid", "(").to_s)
     assert_equal("(uid=*\\29)", Filter.ends("uid", ")").to_s)
-    assert_equal("(uid=*\\5C*)", Filter.contains("uid", "\\").to_s)	
+    assert_equal("(uid=*\\5C*)", Filter.contains("uid", "\\").to_s)
   end
 
   def test_c2
@@ -120,3 +120,99 @@ class TestFilter < Test::Unit::TestCase
     end
   end
 end
+
+# tests ported over from rspec. Not sure if these overlap with the above
+# https://github.com/ruby-ldap/ruby-net-ldap/pull/121
+class TestFilterRSpec < Test::Unit::TestCase
+  def test_ex_convert
+    assert_equal '(foo:=bar)', Net::LDAP::Filter.ex('foo', 'bar').to_s
+  end
+
+  def test_ex_rfc2254_roundtrip
+    filter = Net::LDAP::Filter.ex('foo', 'bar')
+    assert_equal filter, Net::LDAP::Filter.from_rfc2254(filter.to_s)
+  end
+
+  def test_ber_conversion
+    filter = Net::LDAP::Filter.ex('foo', 'bar')
+    ber = filter.to_ber
+    assert_equal filter, Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+  end
+
+  [
+    '(o:dn:=Ace Industry)',
+    '(:dn:2.4.8.10:=Dino)',
+    '(cn:dn:1.2.3.4.5:=John Smith)',
+    '(sn:dn:2.4.6.8.10:=Barbara Jones)',
+    '(&(sn:dn:2.4.6.8.10:=Barbara Jones))'
+  ].each_with_index do |filter_str, index|
+    define_method "test_decode_filter_#{index}" do
+      filter = Net::LDAP::Filter.from_rfc2254(filter_str)
+      assert_kind_of Net::LDAP::Filter, filter
+    end
+
+    define_method "test_ber_conversion_#{index}" do
+      filter = Net::LDAP::Filter.from_rfc2254(filter_str)
+      ber = Net::LDAP::Filter.from_rfc2254(filter_str).to_ber
+      assert_equal filter, Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+    end
+  end
+
+  def test_apostrophes
+    assert_equal "(uid=O'Keefe)", Net::LDAP::Filter.construct("uid=O'Keefe").to_rfc2254
+  end
+
+  def test_equals
+    assert_equal Net::LDAP::Filter.eq('dn', 'f\2Aoo'), Net::LDAP::Filter.equals('dn', 'f*oo')
+  end
+
+  def test_begins
+    assert_equal Net::LDAP::Filter.eq('dn', 'f\2Aoo*'), Net::LDAP::Filter.begins('dn', 'f*oo')
+  end
+
+  def test_ends
+    assert_equal Net::LDAP::Filter.eq('dn', '*f\2Aoo'), Net::LDAP::Filter.ends('dn', 'f*oo')
+  end
+
+  def test_contains
+    assert_equal Net::LDAP::Filter.eq('dn', '*f\2Aoo*'), Net::LDAP::Filter.contains('dn', 'f*oo')
+  end
+
+  def test_escape
+    # escapes nul, *, (, ) and \\
+    assert_equal "\\00\\2A\\28\\29\\5C", Net::LDAP::Filter.escape("\0*()\\")
+  end
+
+  def test_well_known_ber_string
+    ber = "\xa4\x2d" \
+      "\x04\x0b" "objectclass" \
+      "\x30\x1e" \
+      "\x80\x08" "foo" "*\\" "bar" \
+      "\x81\x08" "foo" "*\\" "bar" \
+      "\x82\x08" "foo" "*\\" "bar".b
+
+    [
+      "foo" "\\2A\\5C" "bar",
+      "foo" "\\2a\\5c" "bar",
+      "foo" "\\2A\\5c" "bar",
+      "foo" "\\2a\\5C" "bar"
+    ].each do |escaped|
+      # unescapes escaped characters
+      filter = Net::LDAP::Filter.eq("objectclass", "#{escaped}*#{escaped}*#{escaped}")
+      assert_equal ber, filter.to_ber
+    end
+  end
+
+  def test_parse_ber_escapes_characters
+    ber = "\xa4\x2d" \
+      "\x04\x0b" "objectclass" \
+      "\x30\x1e" \
+      "\x80\x08" "foo" "*\\" "bar" \
+      "\x81\x08" "foo" "*\\" "bar" \
+      "\x82\x08" "foo" "*\\" "bar".b
+
+    escaped = Net::LDAP::Filter.escape("foo" "*\\" "bar")
+    filter = Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+    assert_equal "(objectclass=#{escaped}*#{escaped}*#{escaped})", filter.to_s
+  end
+end

data/test/test_filter_parser.rb

@@ -0,0 +1,16 @@
+# encoding: utf-8
+require_relative 'test_helper'
+
+class TestFilterParser < Test::Unit::TestCase
+  def test_ascii
+    assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(cn=name)")
+  end
+
+  def test_multibyte_characters
+    assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(cn=名前)")
+  end
+
+  def test_colons
+    assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(ismemberof=cn=edu:berkeley:app:calmessages:deans,ou=campus groups,dc=berkeley,dc=edu)")
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,54 @@
+# Add 'lib' to load path.
+require 'test/unit'
+require 'net/ldap'
+require 'flexmock/test_unit'
+
+# Whether integration tests should be run.
+INTEGRATION = ENV.fetch("INTEGRATION", "skip") != "skip"
+
+if RUBY_VERSION < "2.0"
+  class String
+    def b
+      self
+    end
+  end
+end
+
+class MockInstrumentationService
+  def initialize
+    @events = {}
+  end
+
+  def instrument(event, payload)
+    result = yield(payload)
+    @events[event] ||= []
+    @events[event] << [payload, result]
+    result
+  end
+
+  def subscribe(event)
+    @events[event] ||= []
+    @events[event]
+  end
+end
+
+class LDAPIntegrationTestCase < Test::Unit::TestCase
+  # If integration tests aren't enabled, noop these tests.
+  if !INTEGRATION
+    def run(*)
+      self
+    end
+  end
+
+  def setup
+    @service = MockInstrumentationService.new
+    @ldap = Net::LDAP.new \
+      host:           ENV.fetch('INTEGRATION_HOST', 'localhost'),
+      port:           389,
+      admin_user:     'uid=admin,dc=rubyldap,dc=com',
+      admin_password: 'passworD1',
+      search_domains: %w(dc=rubyldap,dc=com),
+      uid:            'uid',
+      instrumentation_service: @service
+  end
+end

data/test/test_ldap.rb

@@ -0,0 +1,60 @@
+require 'test_helper'
+
+class TestLDAPInstrumentation < Test::Unit::TestCase
+  def setup
+    @connection = flexmock(:connection, :close => true)
+    flexmock(Net::LDAP::Connection).should_receive(:new).and_return(@connection)
+
+    @service = MockInstrumentationService.new
+    @subject = Net::LDAP.new \
+      :host => "test.mocked.com", :port => 636,
+      :force_no_page => true, # so server capabilities are not queried
+      :instrumentation_service => @service
+  end
+
+  def test_instrument_bind
+    events = @service.subscribe "bind.net_ldap"
+
+    bind_result = flexmock(:bind_result, :success? => true)
+    flexmock(@connection).should_receive(:bind).with(Hash).and_return(bind_result)
+
+    assert @subject.bind
+
+    payload, result = events.pop
+    assert result
+    assert_equal bind_result, payload[:bind]
+  end
+
+  def test_instrument_search
+    events = @service.subscribe "search.net_ldap"
+
+    flexmock(@connection).should_receive(:bind).and_return(flexmock(:bind_result, :result_code => Net::LDAP::ResultCodeSuccess))
+    flexmock(@connection).should_receive(:search).with(Hash, Proc).
+                yields(entry = Net::LDAP::Entry.new("uid=user1,ou=users,dc=example,dc=com")).
+                and_return(flexmock(:search_result, :success? => true, :result_code => Net::LDAP::ResultCodeSuccess))
+
+    refute_nil @subject.search(:filter => "(uid=user1)")
+
+    payload, result = events.pop
+    assert_equal [entry], result
+    assert_equal [entry], payload[:result]
+    assert_equal "(uid=user1)", payload[:filter]
+  end
+
+  def test_instrument_search_with_size
+    events = @service.subscribe "search.net_ldap"
+
+    flexmock(@connection).should_receive(:bind).and_return(flexmock(:bind_result, :result_code => Net::LDAP::ResultCodeSuccess))
+    flexmock(@connection).should_receive(:search).with(Hash, Proc).
+                yields(entry = Net::LDAP::Entry.new("uid=user1,ou=users,dc=example,dc=com")).
+                and_return(flexmock(:search_result, :success? => true, :result_code => Net::LDAP::ResultCodeSizeLimitExceeded))
+
+    refute_nil @subject.search(:filter => "(uid=user1)", :size => 1)
+
+    payload, result = events.pop
+    assert_equal [entry], result
+    assert_equal [entry], payload[:result]
+    assert_equal "(uid=user1)", payload[:filter]
+    assert_equal result.size, payload[:size]
+  end
+end

data/test/test_ldap_connection.rb

@@ -1,6 +1,27 @@
-require 'common'
+require_relative 'test_helper'
+
+class TestLDAPConnection < Test::Unit::TestCase
+  def test_unresponsive_host
+    assert_raise Net::LDAP::LdapError do
+      Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+    end
+  end
+
+  def test_blocked_port
+    flexmock(TCPSocket).should_receive(:new).and_raise(SocketError)
+    assert_raise Net::LDAP::LdapError do
+      Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+    end
+  end
+
+  def test_raises_unknown_exceptions
+    error = Class.new(StandardError)
+    flexmock(TCPSocket).should_receive(:new).and_raise(error)
+    assert_raise error do
+      Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+    end
+  end
 
-class TestLDAP < Test::Unit::TestCase
   def test_modify_ops_delete
     args = { :operations => [ [ :delete, "mail" ] ] }
     result = Net::LDAP::Connection.modify_ops(args[:operations])
@@ -21,4 +42,363 @@ class TestLDAP < Test::Unit::TestCase
     expected = [ "0#\n\x01\x020\x1E\x04\x04mail1\x16\x04\x14testuser@example.com" ]
     assert_equal(expected, result)
   end
+
+  def test_write
+    mock = flexmock("socket")
+    mock.should_receive(:write).with([1.to_ber, "request"].to_ber_sequence).and_return(true)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    conn.send(:write, "request")
+  end
+
+  def test_write_with_controls
+    mock = flexmock("socket")
+    mock.should_receive(:write).with([1.to_ber, "request", "controls"].to_ber_sequence).and_return(true)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    conn.send(:write, "request", "controls")
+  end
+
+  def test_write_increments_msgid
+    mock = flexmock("socket")
+    mock.should_receive(:write).with([1.to_ber, "request1"].to_ber_sequence).and_return(true)
+    mock.should_receive(:write).with([2.to_ber, "request2"].to_ber_sequence).and_return(true)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    conn.send(:write, "request1")
+    conn.send(:write, "request2")
+  end
+end
+
+class TestLDAPConnectionSocketReads < Test::Unit::TestCase
+  def make_message(message_id, options = {})
+    options = {
+      app_tag: Net::LDAP::PDU::SearchResult,
+      code: Net::LDAP::ResultCodeSuccess,
+      matched_dn: "",
+      error_message: ""
+    }.merge(options)
+    result = Net::BER::BerIdentifiedArray.new([options[:code], options[:matched_dn], options[:error_message]])
+    result.ber_identifier = options[:app_tag]
+    [message_id, result]
+  end
+
+  def test_queued_read_drains_queue_before_read
+    result1a = make_message(1, error_message: "one")
+    result1b = make_message(1, error_message: "two")
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).and_return(result1b)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.message_queue[1].push Net::LDAP::PDU.new(result1a)
+
+    assert msg1 = conn.queued_read(1)
+    assert msg2 = conn.queued_read(1)
+
+    assert_equal 1, msg1.message_id
+    assert_equal "one", msg1.error_message
+    assert_equal 1, msg2.message_id
+    assert_equal "two", msg2.error_message
+  end
+
+  def test_queued_read_reads_until_message_id_match
+    result1 = make_message(1)
+    result2 = make_message(2)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    assert result = conn.queued_read(2)
+    assert_equal 2, result.message_id
+    assert_equal 1, conn.queued_read(1).message_id
+  end
+
+  def test_queued_read_modify
+    result1 = make_message(1, app_tag: Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, app_tag: Net::LDAP::PDU::ModifyResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    conn.instance_variable_get("@msgid")
+
+    assert result = conn.modify(dn: "uid=modified-user1,ou=People,dc=rubyldap,dc=com",
+                                operations: [[:add, :mail, "modified-user1@example.com"]])
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_add
+    result1 = make_message(1, app_tag: Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, app_tag: Net::LDAP::PDU::AddResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.add(dn: "uid=added-user1,ou=People,dc=rubyldap,dc=com")
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_rename
+    result1 = make_message(1, app_tag: Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, app_tag: Net::LDAP::PDU::ModifyRDNResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.rename(
+      olddn:  "uid=renamable-user1,ou=People,dc=rubyldap,dc=com",
+      newrdn: "uid=renamed-user1"
+    )
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_delete
+    result1 = make_message(1, app_tag: Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, app_tag: Net::LDAP::PDU::DeleteResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.delete(dn: "uid=deletable-user1,ou=People,dc=rubyldap,dc=com")
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_setup_encryption_with_start_tls
+    result1 = make_message(1, app_tag: Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, app_tag: Net::LDAP::PDU::ExtendedResponse)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+    flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock).
+      and_return(mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.setup_encryption(method: :start_tls)
+    assert_equal mock, result
+  end
+
+  def test_queued_read_bind_simple
+    result1 = make_message(1, app_tag: Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, app_tag: Net::LDAP::PDU::BindResult)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.bind(
+      method: :simple,
+      username: "uid=user1,ou=People,dc=rubyldap,dc=com",
+      password: "passworD1")
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+
+  def test_queued_read_bind_sasl
+    result1 = make_message(1, app_tag: Net::LDAP::PDU::SearchResult)
+    result2 = make_message(2, app_tag: Net::LDAP::PDU::BindResult)
+
+    mock = flexmock("socket")
+    mock.should_receive(:read_ber).
+      and_return(result1).
+      and_return(result2)
+    mock.should_receive(:write)
+    conn = Net::LDAP::Connection.new(:socket => mock)
+
+    conn.next_msgid # simulates ongoing query
+
+    assert result = conn.bind(
+      method: :sasl,
+      mechanism: "fake",
+      initial_credential: "passworD1",
+      challenge_response: flexmock("challenge proc"))
+    assert result.success?
+    assert_equal 2, result.message_id
+  end
+end
+
+class TestLDAPConnectionErrors < Test::Unit::TestCase
+  def setup
+    @tcp_socket = flexmock(:connection)
+    @tcp_socket.should_receive(:write)
+    flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket)
+    @connection = Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636)
+  end
+
+  def test_error_failed_operation
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeUnwillingToPerform, "", "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1"])
+    ber.ber_identifier = Net::LDAP::PDU::ModifyResponse
+    @tcp_socket.should_receive(:read_ber).and_return([1, ber])
+
+    result = @connection.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+    assert result.failure?, "should be failure"
+    assert_equal "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1", result.error_message
+  end
+
+  def test_no_error_on_success
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::ModifyResponse
+    @tcp_socket.should_receive(:read_ber).and_return([1, ber])
+
+    result = @connection.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+    assert result.success?, "should be success"
+    assert_equal "", result.error_message
+  end
+end
+
+class TestLDAPConnectionInstrumentation < Test::Unit::TestCase
+  def setup
+    @tcp_socket = flexmock(:connection)
+    @tcp_socket.should_receive(:write)
+    flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket)
+
+    @service = MockInstrumentationService.new
+    @connection = Net::LDAP::Connection.new \
+      :host => 'test.mocked.com',
+      :port => 636,
+      :instrumentation_service => @service
+  end
+
+  def test_write_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    read_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(read_result)
+
+    events = @service.subscribe "write.net_ldap_connection"
+
+    result = @connection.bind(method: :anon)
+    assert result.success?, "should be success"
+
+    # a write event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert payload.has_key?(:content_length)
+  end
+
+  def test_read_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    read_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(read_result)
+
+    events = @service.subscribe "read.net_ldap_connection"
+
+    result = @connection.bind(method: :anon)
+    assert result.success?, "should be success"
+
+    # a read event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert_equal read_result, result
+  end
+
+  def test_parse_pdu_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    read_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(read_result)
+
+    events = @service.subscribe "parse_pdu.net_ldap_connection"
+
+    result = @connection.bind(method: :anon)
+    assert result.success?, "should be success"
+
+    # a parse_pdu event
+    payload, result = events.pop
+    assert payload.has_key?(:pdu)
+    assert payload.has_key?(:app_tag)
+    assert payload.has_key?(:message_id)
+    assert_equal Net::LDAP::PDU::BindResult, payload[:app_tag]
+    assert_equal 1, payload[:message_id]
+    pdu = payload[:pdu]
+    assert_equal Net::LDAP::ResultCodeSuccess, pdu.result_code
+  end
+
+  def test_bind_net_ldap_connection_event
+    ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    ber.ber_identifier = Net::LDAP::PDU::BindResult
+    bind_result = [1, ber]
+    @tcp_socket.should_receive(:read_ber).and_return(bind_result)
+
+    events = @service.subscribe "bind.net_ldap_connection"
+
+    result = @connection.bind(method: :anon)
+    assert result.success?, "should be success"
+
+    # a read event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert result.success?, "should be success"
+  end
+
+  def test_search_net_ldap_connection_event
+    # search data
+    search_data_ber = Net::BER::BerIdentifiedArray.new([1, [
+      "uid=user1,ou=People,dc=rubyldap,dc=com",
+      [ ["uid", ["user1"]] ]
+    ]])
+    search_data_ber.ber_identifier = Net::LDAP::PDU::SearchReturnedData
+    search_data = [1, search_data_ber]
+    # search result (end of results)
+    search_result_ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""])
+    search_result_ber.ber_identifier = Net::LDAP::PDU::SearchResult
+    search_result = [1, search_result_ber]
+    @tcp_socket.should_receive(:read_ber).and_return(search_data).
+                                          and_return(search_result)
+
+    events = @service.subscribe "search.net_ldap_connection"
+    unread = @service.subscribe "search_messages_unread.net_ldap_connection"
+
+    result = @connection.search(filter: "(uid=user1)", base: "ou=People,dc=rubyldap,dc=com")
+    assert result.success?, "should be success"
+
+    # a search event
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert payload.has_key?(:filter)
+    assert_equal "(uid=user1)", payload[:filter].to_s
+    assert result
+
+    # ensure no unread
+    assert unread.empty?, "should not have any leftover unread messages"
+  end
 end