rubinius-net-ldap 0.11

data/test/integration/test_ber.rb

@@ -0,0 +1,30 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class TestBERIntegration < LDAPIntegrationTestCase
+  # Test whether the TRUE boolean value is encoded correctly by performing a
+  # search operation.
+  def test_true_ber_encoding
+    # request these attrs to simplify test; use symbols to match Entry#attribute_names
+    attrs = [:dn, :uid, :cn, :mail]
+
+    assert types_entry = @ldap.search(
+      :base             => "dc=rubyldap,dc=com",
+      :filter           => "(uid=user1)",
+      :size             => 1,
+      :attributes       => attrs,
+      :attributes_only  => true
+    ).first
+
+    # matches attributes we requested
+    assert_equal attrs, types_entry.attribute_names
+
+    # assert values are empty
+    types_entry.each do |name, values|
+      next if name == :dn
+      assert values.empty?
+    end
+
+    assert_includes Net::LDAP::ResultCodesSearchSuccess,
+      @ldap.get_operation_result.code, "should be a successful search operation"
+  end
+end

data/test/integration/test_bind.rb

@@ -0,0 +1,34 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class TestBindIntegration < LDAPIntegrationTestCase
+  def test_bind_success
+    assert @ldap.bind(:method => :simple, :username => "uid=user1,ou=People,dc=rubyldap,dc=com", :password => "passworD1"), @ldap.get_operation_result.inspect
+  end
+
+  def test_bind_anonymous_fail
+    assert !@ldap.bind(:method => :simple, :username => "uid=user1,ou=People,dc=rubyldap,dc=com", :password => ""), @ldap.get_operation_result.inspect
+
+    result = @ldap.get_operation_result
+    assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code
+    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeUnwillingToPerform], result.message
+    assert_equal "unauthenticated bind (DN with no password) disallowed",
+      result.error_message
+    assert_equal "", result.matched_dn
+  end
+
+  def test_bind_fail
+    assert !@ldap.bind(:method => :simple, :username => "uid=user1,ou=People,dc=rubyldap,dc=com", :password => "not my password"), @ldap.get_operation_result.inspect
+  end
+
+  def test_bind_tls_with_cafile
+    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(:ca_file => CA_FILE)
+    @ldap.encryption(:method => :start_tls, :tls_options => tls_options)
+    assert @ldap.bind(:method => :simple, :username => "uid=user1,ou=People,dc=rubyldap,dc=com", :password => "passworD1"), @ldap.get_operation_result.inspect
+  end
+
+  def test_bind_tls_with_verify_none
+    tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(:verify_mode => OpenSSL::SSL::VERIFY_NONE)
+    @ldap.encryption(:method => :start_tls, :tls_options => tls_options)
+    assert @ldap.bind(:method => :simple, :username => "uid=user1,ou=People,dc=rubyldap,dc=com", :password => "passworD1"), @ldap.get_operation_result.inspect
+  end
+end

data/test/integration/test_delete.rb

@@ -0,0 +1,31 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class TestDeleteIntegration < LDAPIntegrationTestCase
+  def setup
+    super
+    @ldap.authenticate "cn=admin,dc=rubyldap,dc=com", "passworD1"
+
+    @dn = "uid=delete-user1,ou=People,dc=rubyldap,dc=com"
+
+    attrs = {
+      :objectclass  => %w(top inetOrgPerson organizationalPerson person),
+      :uid          => "delete-user1",
+      :cn           => "delete-user1",
+      :sn           => "delete-user1",
+      :mail         => "delete-user1@rubyldap.com"
+    }
+    unless @ldap.search(:base => @dn, :scope => Net::LDAP::SearchScope_BaseObject)
+      assert @ldap.add(:dn => @dn, :attributes => attrs), @ldap.get_operation_result.inspect
+    end
+    assert @ldap.search(:base => @dn, :scope => Net::LDAP::SearchScope_BaseObject)
+  end
+
+  def test_delete
+    assert @ldap.delete(:dn => @dn), @ldap.get_operation_result.inspect
+    assert !@ldap.search(:base => @dn, :scope => Net::LDAP::SearchScope_BaseObject)
+
+    result = @ldap.get_operation_result
+    assert_equal Net::LDAP::ResultCodeNoSuchObject, result.code
+    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeNoSuchObject], result.message
+  end
+end

data/test/integration/test_open.rb

@@ -0,0 +1,88 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class TestBindIntegration < LDAPIntegrationTestCase
+  def test_binds_without_open
+    events = @service.subscribe "bind.net_ldap_connection"
+
+    @ldap.search(:filter => "uid=user1", :base => "ou=People,dc=rubyldap,dc=com", :ignore_server_caps => true)
+    @ldap.search(:filter => "uid=user1", :base => "ou=People,dc=rubyldap,dc=com", :ignore_server_caps => true)
+
+    assert_equal 2, events.size
+  end
+
+  def test_binds_with_open
+    events = @service.subscribe "bind.net_ldap_connection"
+
+    @ldap.open do
+      @ldap.search(:filter => "uid=user1", :base => "ou=People,dc=rubyldap,dc=com", :ignore_server_caps => true)
+      @ldap.search(:filter => "uid=user1", :base => "ou=People,dc=rubyldap,dc=com", :ignore_server_caps => true)
+    end
+
+    assert_equal 1, events.size
+  end
+
+  # NOTE: query for two or more entries so that the socket must be read
+  # multiple times.
+  # See The Problem: https://github.com/ruby-ldap/ruby-net-ldap/issues/136
+
+  def test_nested_search_without_open
+    entries = []
+    nested_entry = nil
+
+    @ldap.search(:filter => "(|(uid=user1)(uid=user2))", :base => "ou=People,dc=rubyldap,dc=com") do |entry|
+      entries << entry.uid.first
+      nested_entry ||= @ldap.search(:filter => "uid=user3", :base => "ou=People,dc=rubyldap,dc=com").first
+    end
+
+    assert_equal "user3", nested_entry.uid.first
+    assert_equal %w(user1 user2), entries
+  end
+
+  def test_nested_search_with_open
+    entries = []
+    nested_entry = nil
+
+    @ldap.open do
+      @ldap.search(:filter => "(|(uid=user1)(uid=user2))", :base => "ou=People,dc=rubyldap,dc=com") do |entry|
+        entries << entry.uid.first
+        nested_entry ||= @ldap.search(:filter => "uid=user3", :base => "ou=People,dc=rubyldap,dc=com").first
+      end
+    end
+
+    assert_equal "user3", nested_entry.uid.first
+    assert_equal %w(user1 user2), entries
+  end
+
+  def test_nested_add_with_open
+    entries = []
+    nested_entry = nil
+
+    dn = "uid=nested-open-added-user1,ou=People,dc=rubyldap,dc=com"
+    attrs = {
+      :objectclass  => %w(top inetOrgPerson organizationalPerson person),
+      :uid          => "nested-open-added-user1",
+      :cn           => "nested-open-added-user1",
+      :sn           => "nested-open-added-user1",
+      :mail         => "nested-open-added-user1@rubyldap.com"
+    }
+
+    @ldap.authenticate "cn=admin,dc=rubyldap,dc=com", "passworD1"
+    @ldap.delete :dn => dn
+
+    @ldap.open do
+      @ldap.search(:filter => "(|(uid=user1)(uid=user2))", :base => "ou=People,dc=rubyldap,dc=com") do |entry|
+        entries << entry.uid.first
+
+        nested_entry ||= begin
+          assert @ldap.add(:dn => dn, :attributes => attrs), @ldap.get_operation_result.inspect
+          @ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject).first
+        end
+      end
+    end
+
+    assert_equal %w(user1 user2), entries
+    assert_equal "nested-open-added-user1", nested_entry.uid.first
+  ensure
+    @ldap.delete :dn => dn
+  end
+end

data/test/integration/test_return_codes.rb

@@ -0,0 +1,38 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+# NOTE: These tests depend on the OpenLDAP retcode overlay.
+# See: section 12.12 http://www.openldap.org/doc/admin24/overlays.html
+
+class TestReturnCodeIntegration < LDAPIntegrationTestCase
+  def test_operations_error
+    assert !@ldap.search(:filter => "cn=operationsError", :base => "ou=Retcodes,dc=rubyldap,dc=com")
+    assert result = @ldap.get_operation_result
+
+    assert_equal Net::LDAP::ResultCodeOperationsError, result.code
+    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeOperationsError], result.message
+  end
+
+  def test_protocol_error
+    assert !@ldap.search(:filter => "cn=protocolError", :base => "ou=Retcodes,dc=rubyldap,dc=com")
+    assert result = @ldap.get_operation_result
+
+    assert_equal Net::LDAP::ResultCodeProtocolError, result.code
+    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeProtocolError], result.message
+  end
+
+  def test_time_limit_exceeded
+    assert @ldap.search(:filter => "cn=timeLimitExceeded", :base => "ou=Retcodes,dc=rubyldap,dc=com")
+    assert result = @ldap.get_operation_result
+
+    assert_equal Net::LDAP::ResultCodeTimeLimitExceeded, result.code
+    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeTimeLimitExceeded], result.message
+  end
+
+  def test_size_limit_exceeded
+    assert @ldap.search(:filter => "cn=sizeLimitExceeded", :base => "ou=Retcodes,dc=rubyldap,dc=com")
+    assert result = @ldap.get_operation_result
+
+    assert_equal Net::LDAP::ResultCodeSizeLimitExceeded, result.code
+    assert_equal Net::LDAP::ResultStrings[Net::LDAP::ResultCodeSizeLimitExceeded], result.message
+  end
+end

data/test/integration/test_search.rb

@@ -0,0 +1,77 @@
+require File.expand_path('../../test_helper', __FILE__)
+
+class TestSearchIntegration < LDAPIntegrationTestCase
+  def test_search
+    entries = []
+
+    result = @ldap.search(:base => "dc=rubyldap,dc=com") do |entry|
+      assert_kind_of Net::LDAP::Entry, entry
+      entries << entry
+    end
+
+    assert !entries.empty?
+    assert_equal entries, result
+  end
+
+  def test_search_without_result
+    entries = []
+
+    result = @ldap.search(:base => "dc=rubyldap,dc=com", :return_result => false) do |entry|
+      assert_kind_of Net::LDAP::Entry, entry
+      entries << entry
+    end
+
+    assert result
+    assert_not_equal entries, result
+  end
+
+  def test_search_filter_string
+    entries = @ldap.search(:base => "dc=rubyldap,dc=com", :filter => "(uid=user1)")
+    assert_equal 1, entries.size
+  end
+
+  def test_search_filter_object
+    filter = Net::LDAP::Filter.eq("uid", "user1") | Net::LDAP::Filter.eq("uid", "user2")
+    entries = @ldap.search(:base => "dc=rubyldap,dc=com", :filter => filter)
+    assert_equal 2, entries.size
+  end
+
+  def test_search_constrained_attributes
+    entry = @ldap.search(:base => "uid=user1,ou=People,dc=rubyldap,dc=com", :attributes => ["cn", "sn"]).first
+    assert_equal [:cn, :dn, :sn], entry.attribute_names.sort  # :dn is always included
+    assert_empty entry[:mail]
+  end
+
+  def test_search_attributes_only
+    entry = @ldap.search(:base => "uid=user1,ou=People,dc=rubyldap,dc=com", :attributes_only => true).first
+
+    assert_empty entry[:cn], "unexpected attribute value: #{entry[:cn]}"
+  end
+
+  def test_search_timeout
+    entries = []
+    events = @service.subscribe "search.net_ldap_connection"
+
+    result = @ldap.search(:base => "dc=rubyldap,dc=com", :time => 5) do |entry|
+      assert_kind_of Net::LDAP::Entry, entry
+      entries << entry
+    end
+
+    payload, _ = events.pop
+    assert_equal 5, payload[:time]
+    assert_equal entries, result
+  end
+
+  # http://tools.ietf.org/html/rfc4511#section-4.5.1.4
+  def test_search_with_size
+    entries = []
+
+    result = @ldap.search(:base => "dc=rubyldap,dc=com", :size => 1) do |entry|
+      assert_kind_of Net::LDAP::Entry, entry
+      entries << entry
+    end
+
+    assert_equal 1, result.size
+    assert_equal entries, result
+  end
+end

data/test/support/vm/openldap/.gitignore

@@ -0,0 +1 @@
+/.vagrant

data/test/support/vm/openldap/README.md

@@ -0,0 +1,32 @@
+# Local OpenLDAP Integration Testing
+
+Set up a [Vagrant](http://www.vagrantup.com/) VM to run integration tests against OpenLDAP locally.
+
+To run integration tests locally:
+
+``` bash
+# start VM (from the correct directory)
+$ cd test/support/vm/openldap/
+$ vagrant up
+
+# get the IP address of the VM
+$ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n1")
+
+# change back to root project directory
+$ cd ../../../..
+
+# run all tests, including integration tests
+$ time INTEGRATION=openldap INTEGRATION_HOST=$ip bundle exec rake
+
+# run a specific integration test file
+$ time INTEGRATION=openldap INTEGRATION_HOST=$ip bundle exec ruby test/integration/test_search.rb
+
+# run integration tests by default
+$ export INTEGRATION=openldap
+$ export INTEGRATION_HOST=$ip
+
+# now run tests without having to set ENV variables
+$ time bundle exec rake
+```
+
+You may need to `gem install vagrant` first in order to provision the VM.

data/test/support/vm/openldap/Vagrantfile

@@ -0,0 +1,33 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.hostname = "rubyldap.com"
+
+  config.vm.box = "hashicorp/precise64"
+
+  config.vm.network "private_network", type: :dhcp
+
+  config.ssh.forward_agent = true
+
+  config.vm.provision "shell", inline: "apt-get update; exec env /vagrant_data/script/install-openldap"
+
+  config.vm.synced_folder "../../../..", "/vagrant_data"
+
+  config.vm.provider "vmware_fusion" do |vb, override|
+    override.vm.box = "hashicorp/precise64"
+    vb.memory = 4596
+    vb.vmx["displayname"] = "integration tests vm"
+    vb.vmx["numvcpus"] = "2"
+  end
+
+  config.vm.provider "virtualbox" do |vb, override|
+    vb.memory = 4096
+    vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
+    vb.customize ["modifyvm", :id, "--chipset", "ich9"]
+    vb.customize ["modifyvm", :id, "--vram", "16"]
+  end
+end

data/test/test_dn.rb

@@ -0,0 +1,44 @@
+require File.expand_path('../test_helper', __FILE__)
+require 'net/ldap/dn'
+
+class TestDN < Test::Unit::TestCase
+  def test_escape
+    assert_equal '\\,\\+\\"\\\\\\<\\>\\;', Net::LDAP::DN.escape(',+"\\<>;')
+  end
+
+  def test_escape_on_initialize
+    dn = Net::LDAP::DN.new('cn', ',+"\\<>;', 'ou=company')
+    assert_equal 'cn=\\,\\+\\"\\\\\\<\\>\\;,ou=company', dn.to_s
+  end
+
+  def test_to_a
+    dn = Net::LDAP::DN.new('cn=James, ou=Company\\,\\20LLC')
+    assert_equal ['cn','James','ou','Company, LLC'], dn.to_a
+  end
+
+  def test_to_a_parenthesis
+    dn = Net::LDAP::DN.new('cn =  \ James , ou  =  "Comp\28ny"  ')
+    assert_equal ['cn',' James','ou','Comp(ny'], dn.to_a
+  end
+
+  def test_to_a_hash_symbol
+    dn = Net::LDAP::DN.new('1.23.4=  #A3B4D5  ,ou=Company')
+    assert_equal ['1.23.4','#A3B4D5','ou','Company'], dn.to_a
+  end
+
+  # TODO: raise a more specific exception than RuntimeError
+  def test_bad_input_raises_error
+    [
+      'cn=James,',
+      'cn=#aa aa',
+      'cn="James',
+      'cn=J\ames',
+      'cn=\\',
+      '1.2.d=Value',
+      'd1.2=Value',
+    ].each do |input|
+      dn = Net::LDAP::DN.new(input)
+      assert_raises(RuntimeError) { dn.to_a }
+    end
+  end
+end

data/test/test_entry.rb

@@ -0,0 +1,65 @@
+require File.expand_path('../test_helper', __FILE__)
+
+class TestEntry < Test::Unit::TestCase
+  def setup
+    @entry = Net::LDAP::Entry.new 'cn=Barbara,o=corp'
+  end
+
+  def test_dn
+    assert_equal 'cn=Barbara,o=corp', @entry.dn
+  end
+
+  def test_empty_array_when_accessing_nonexistent_attribute
+    assert_equal [], @entry['sn']
+  end
+
+  def test_attribute_assignment
+    @entry['sn'] = 'Jensen'
+    assert_equal ['Jensen'], @entry['sn']
+    assert_equal ['Jensen'], @entry.sn
+    assert_equal ['Jensen'], @entry[:sn]
+
+    @entry[:sn] = 'Jensen'
+    assert_equal ['Jensen'], @entry['sn']
+    assert_equal ['Jensen'], @entry.sn
+    assert_equal ['Jensen'], @entry[:sn]
+
+    @entry.sn = 'Jensen'
+    assert_equal ['Jensen'], @entry['sn']
+    assert_equal ['Jensen'], @entry.sn
+    assert_equal ['Jensen'], @entry[:sn]
+  end
+
+  def test_case_insensitive_attribute_names
+    @entry['sn'] = 'Jensen'
+    assert_equal ['Jensen'], @entry.sn
+    assert_equal ['Jensen'], @entry.Sn
+    assert_equal ['Jensen'], @entry.SN
+    assert_equal ['Jensen'], @entry['sn']
+    assert_equal ['Jensen'], @entry['Sn']
+    assert_equal ['Jensen'], @entry['SN']
+  end
+end
+
+class TestEntryLDIF < Test::Unit::TestCase
+  def setup
+    @entry = Net::LDAP::Entry.from_single_ldif_string(
+      %Q{dn: something
+foo: foo
+barAttribute: bar
+      })
+  end
+
+  def test_attribute
+    assert_equal ['foo'], @entry.foo
+    assert_equal ['foo'], @entry.Foo
+  end
+
+  def test_modify_attribute
+    @entry.foo = 'bar'
+    assert_equal ['bar'], @entry.foo
+
+    @entry.fOo= 'baz'
+    assert_equal ['baz'], @entry.foo
+  end
+end