ruby-ldapserver 0.3.1

data/test/encoding_test.rb

@@ -0,0 +1,279 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+Thread.abort_on_exception = true
+
+# This test suite requires the ruby-ldap client library to be installed.
+#
+# Unfortunately, this library is not ruby thread-safe (it blocks until
+# it gets a response). Hence we have to fork a child to perform the actual
+# LDAP requests, which is nasty. However, it does give us a completely
+# independent source of LDAP packets to try.
+
+require 'ldap/server/operation'
+require 'ldap/server/server'
+
+require 'ldap'
+
+# We subclass the Operation class, overriding the methods to do what we need
+
+class MockOperation < LDAP::Server::Operation
+  def initialize(connection, messageId)
+    super(connection, messageId)
+    @@lastop = [:connect]
+  end
+
+  def simple_bind(version, user, pass)
+    @@lastop = [:simple_bind, version, user, pass]
+  end
+
+  def search(basedn, scope, deref, filter)
+    @@lastop = [:search, basedn, scope, deref, filter, @attributes]
+    send_SearchResultEntry("cn=foo", {"a"=>["1","2"], "b"=>"boing"})
+    send_SearchResultEntry("cn=bar", {"a"=>["3","4","5"], "b"=>"wibble"})
+  end
+
+  def add(dn, av)
+    @@lastop = [:add, dn, av]
+  end
+
+  def del(dn)
+    @@lastop = [:del, dn]
+  end
+
+  def modify(dn, ops)
+    @@lastop = [:modify, dn, ops]
+  end
+
+  def modifydn(dn, newrdn, deleteoldrdn, newSuperior)
+    @@lastop = [:modifydn, dn, newrdn, deleteoldrdn, newSuperior]
+  end
+
+  def compare(dn, attr, val)
+    @@lastop = [:compare, dn, attr, val]
+    return val != "false"
+  end
+
+  def self.lastop
+    @@lastop
+  end
+end
+
+class TestLdap < Test::Unit::TestCase
+  HOST = '127.0.0.1'
+  PORT = 1389
+
+  def setup
+    @ppid = $$
+    @io = IO.popen("-","w+") # this is a fork()
+    unless @io
+      do_child
+      exit!
+    end
+
+    # back to a single process (the parent). Now we start our
+    # listener thread
+    @serv = LDAP::Server.new(
+    	:bindaddr		=> '127.0.0.1',
+    	:port			=> PORT,
+    	:nodelay		=> true,
+    	:operation_class	=> MockOperation
+    )
+    @serv.run_tcpserver
+  end
+
+  def teardown
+    if @serv
+      @serv.stop
+      @serv = nil
+    end
+    if @io
+      @io.puts "quit"
+      @io.gets
+      @io.close
+      @io = nil
+    end
+  end
+
+  # Process commands on stdin in child
+
+  def do_child
+    while true
+      begin
+        a = gets.chomp
+        conn ||= LDAP::Conn.new(HOST,PORT)
+        case a
+        when "bind2"
+          conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 2)
+          conn.bind("foo","bar")
+        when "bind3"
+          conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+          conn.bind("foo","bar")
+        # these examples taken from the ruby-ldap examples
+        when "add1"
+          entry1 = [
+            LDAP.mod(LDAP::LDAP_MOD_ADD, 'objectclass', ['top', 'domain']),
+            LDAP.mod(LDAP::LDAP_MOD_ADD, 'o', ['TTSKY.NET']),
+            LDAP.mod(LDAP::LDAP_MOD_ADD, 'dc', ['localhost']),
+          ]
+          conn.add("dc=localhost, dc=domain", entry1)
+        when "add2"
+          entry2 = [
+            LDAP.mod(LDAP::LDAP_MOD_ADD, 'objectclass', ['top', 'person']),
+            LDAP.mod(LDAP::LDAP_MOD_ADD, 'cn', ['Takaaki Tateishi']),
+            LDAP.mod(LDAP::LDAP_MOD_ADD | LDAP::LDAP_MOD_BVALUES, 'sn', ['ttate','Tateishi', "zero\000zero"]),
+          ]
+          conn.add("cn=Takaaki Tateishi, dc=localhost, dc=localdomain", entry2)
+        when "del"
+          conn.delete("cn=Takaaki-Tateishi, dc=localhost, dc=localdomain")
+        when /^compare (.*)/
+          begin
+            case conn.compare("cn=Takaaki Tateishi, dc=localhost, dc=localdomain",
+                         "cn", $1)
+            when true; puts "OK true"; next
+            when false; puts "OK false"; next
+            end
+          rescue LDAP::ResultError => e
+            # For older versions of ruby-ldap
+            case e.message
+            when /Compare True/i; puts "OK true"; next
+            when /Compare False/i; puts "OK false"; next
+            end
+            raise
+          end
+        when "modrdn"
+          conn.modrdn("cn=Takaaki Tateishi, dc=localhost, dc=localdomain",
+                      "cn=Takaaki-Tateishi",
+                      true)
+        when "modify"
+          entry = [
+            LDAP.mod(LDAP::LDAP_MOD_ADD, 'objectclass', ['top', 'domain']),
+            LDAP.mod(LDAP::LDAP_MOD_DELETE, 'o', []),
+            LDAP.mod(LDAP::LDAP_MOD_REPLACE, 'dc', ['localhost']),
+          ]
+          conn.modify("dc=localhost, dc=domain", entry)
+        when "search"
+          res = {}
+          conn.search("dc=localhost, dc=localdomain",
+                      LDAP::LDAP_SCOPE_SUBTREE,
+                      "(objectclass=*)") do |e|
+            entry = e.to_hash
+            dn = entry.delete("dn").first
+            res[dn] = entry
+          end
+          exp = {
+            "cn=foo" => {"a"=>["1","2"], "b"=>["boing"]},
+            "cn=bar" => {"a"=>["3","4","5"], "b"=>["wibble"]},
+          }
+          if res != exp
+            raise "Bad Search Result, expected\n#{exp.inspect}\ngot\n#{res.inspect}"
+          end
+        when "search2"
+          # FIXME: ruby-ldap doesn't seem to allow DEREF options to be set
+          conn.search("dc=localhost, dc=localdomain",
+                      LDAP::LDAP_SCOPE_BASE,
+                      "(&(cn=foo)(objectclass=*)(|(!(sn=*))(ou>=baz)(o<=z)(cn~=brian)(cn=*and*er)))",
+                      ["a","b"]) do |e|
+            entry = e.to_hash
+            dn = entry.delete("dn").first
+            res[dn] = entry
+          end
+        when "quit"
+          puts "OK"
+          break
+        else
+          raise "Bad command! #{a.inspect}"
+        end
+        puts "OK"
+      rescue Exception => e
+        $stderr.puts "Child exception: #{e}\n\t#{e.backtrace.join("\n\t")}"
+        puts "ERR #{e}"
+      end
+    end
+  end
+
+  def req(cmd)
+    @io.puts cmd
+    res = @io.gets.chomp
+    assert_match(/^OK/, res)
+    res
+  end
+
+  def test_bind2
+    req("bind2")
+    assert_equal([:simple_bind, 2, "foo", "bar"], MockOperation.lastop)
+    # cannot bind any more; ldap client library says "already binded." (sic)
+  end
+
+  def test_bind3
+    req("bind3")
+    assert_equal([:simple_bind, 3, "foo", "bar"], MockOperation.lastop)
+    # cannot bind any more; ldap client library says "already binded." (sic)
+  end
+
+  def test_add
+    req("add1")
+    assert_equal([:add, "dc=localhost, dc=domain", {
+      'objectclass'=>['top', 'domain'],
+      'o'=>['TTSKY.NET'],
+      'dc'=>['localhost'],
+    }], MockOperation.lastop)
+    req("add2")
+    assert_equal([:add, "cn=Takaaki Tateishi, dc=localhost, dc=localdomain", {
+      'objectclass'=>['top', 'person'],
+      'cn'=>['Takaaki Tateishi'],
+      'sn'=>['ttate','Tateishi',"zero\000zero"],
+    }], MockOperation.lastop)
+  end
+
+  def test_del
+    req("del")
+    assert_equal([:del, "cn=Takaaki-Tateishi, dc=localhost, dc=localdomain"], MockOperation.lastop)
+  end
+
+  def test_compare
+    r = req("compare Takaaki Tateishi")
+    assert_match(/OK true/, r)
+    assert_equal([:compare, "cn=Takaaki Tateishi, dc=localhost, dc=localdomain",
+      "cn", "Takaaki Tateishi"], MockOperation.lastop)
+    r = req("compare false")
+    assert_match(/OK false/, r)
+    assert_equal([:compare, "cn=Takaaki Tateishi, dc=localhost, dc=localdomain",
+      "cn", "false"], MockOperation.lastop)
+  end
+
+  def test_modrdn
+    req("modrdn")
+    assert_equal([:modifydn, "cn=Takaaki Tateishi, dc=localhost, dc=localdomain",
+      "cn=Takaaki-Tateishi", true, nil], MockOperation.lastop)
+    # FIXME: ruby-ldap doesn't support the four-argument form
+  end
+
+  def test_modify
+    req("modify")
+    assert_equal([:modify, "dc=localhost, dc=domain", {
+        'objectclass' => [:add, 'top', 'domain'],
+        'o' => [:delete],
+        'dc' => [:replace, 'localhost'],
+    }], MockOperation.lastop)
+  end
+
+  def test_search
+    req("search")
+    assert_equal([:search, "dc=localhost, dc=localdomain",
+      LDAP::Server::WholeSubtree,
+      LDAP::Server::NeverDerefAliases,
+      [:true], []], MockOperation.lastop)
+    req("search2")
+    assert_equal([:search, "dc=localhost, dc=localdomain",
+      LDAP::Server::BaseObject,
+      LDAP::Server::NeverDerefAliases,
+      [:and, [:eq, "cn", nil, "foo"],
+             [:or,  [:not, [:present, "sn"]],
+                    [:ge, "ou", nil, "baz"],
+                    [:le, "o", nil, "z"],
+                    [:approx, "cn", nil, "brian"],
+                    [:substrings, "cn", nil, nil, "and", "er"],
+             ],
+      ], ["a","b"]], MockOperation.lastop)
+  end
+end

data/test/filter_test.rb

@@ -0,0 +1,107 @@
+require File.dirname(__FILE__) + '/test_helper'
+require 'ldap/server/filter'
+
+class FilterTest < Test::Unit::TestCase
+
+  AV1 = {
+    "foo" => ["abc","def"],
+    "bar" => ["wibblespong"],
+  }
+
+  def test_bad
+    assert_raises(LDAP::ResultError::OperationsError) {
+      LDAP::Server::Filter.run([:wibbly], AV1)
+    }
+  end
+
+  def test_const
+    assert_equal(true, LDAP::Server::Filter.run([:true], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:false], AV1))
+    assert_equal(nil, LDAP::Server::Filter.run([:undef], AV1))
+  end
+
+  def test_present
+    assert_equal(true, LDAP::Server::Filter.run([:present,"foo"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:present,"zog"], AV1))
+  end
+
+  def test_eq
+    assert_equal(true, LDAP::Server::Filter.run([:eq,"foo",nil,"abc"], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:eq,"foo",nil,"def"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:eq,"foo",nil,"ghi"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:eq,"xyz",nil,"abc"], AV1))
+  end
+
+  def test_eq_case
+    c = LDAP::Server::MatchingRule.find('2.5.13.2')
+    assert_equal(true, LDAP::Server::Filter.run([:eq,"foo",c,"ABC"], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:eq,"foo",c,"DeF"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:eq,"foo",c,"ghi"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:eq,"xyz",c,"abc"], AV1))
+  end
+
+  def test_not
+    assert_equal(false, LDAP::Server::Filter.run([:not,[:eq,"foo",nil,"abc"]], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:not,[:eq,"foo",nil,"def"]], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:not,[:eq,"foo",nil,"ghi"]], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:not,[:eq,"xyz",nil,"abc"]], AV1))
+  end
+
+  def test_ge
+    assert_equal(true, LDAP::Server::Filter.run([:ge,"foo",nil,"ccc"], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:ge,"foo",nil,"def"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:ge,"foo",nil,"deg"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:ge,"xyz",nil,"abc"], AV1))
+  end
+
+  def test_le
+    assert_equal(true, LDAP::Server::Filter.run([:le,"foo",nil,"ccc"], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:le,"foo",nil,"abc"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:le,"foo",nil,"abb"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:le,"xyz",nil,"abc"], AV1))
+  end
+
+  def test_substrings
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"foo",nil,"a",nil], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"foo",nil,"def",nil], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"foo",nil,"bc",nil], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"foo",nil,"az",nil], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"foo",nil,"",nil], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"zzz",nil,"",nil], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"a",nil], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"e",nil], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"ba",nil], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"az",nil], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"c"], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"ef"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"ab"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"foo",nil,nil,"e"], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"bar",nil,"wib","ong"], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"bar",nil,"",""], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"bar",nil,"wib","ble"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"bar",nil,"sp","ong"], AV1))
+  end
+
+  def test_substr_case
+    c = LDAP::Server::MatchingRule.find('1.3.6.1.4.1.1466.109.114.3')
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"bar",c,"WIB",nil], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:substrings,"bar",c,"WIB","lES","ong"], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"bar",c,"SPONG",nil], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:substrings,"xyz",c,"wib",nil], AV1))
+  end
+
+  def test_and
+    assert_equal(true, LDAP::Server::Filter.run([:and,[:true],[:true]], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:and,[:false],[:true]], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:and,[:true],[:false]], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:and,[:false],[:false]], AV1))
+  end
+
+  def test_or
+    assert_equal(true, LDAP::Server::Filter.run([:or,[:true],[:true]], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:or,[:false],[:true]], AV1))
+    assert_equal(true, LDAP::Server::Filter.run([:or,[:true],[:false]], AV1))
+    assert_equal(false, LDAP::Server::Filter.run([:or,[:false],[:false]], AV1))
+  end
+
+end

data/test/match_test.rb

@@ -0,0 +1,59 @@
+require File.dirname(__FILE__) + '/test_helper'
+require 'ldap/server/match'
+
+class MatchTest < Test::Unit::TestCase
+
+  def test_caseIgnoreOrderingMatch
+    s = LDAP::Server::MatchingRule.find("2.5.13.3")
+    assert_equal(LDAP::Server::MatchingRule, s.class)
+    assert_equal("caseIgnoreOrderingMatch", s.name)
+    assert_equal("( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", s.to_def)
+    assert_equal(true, s.le(["foobar","wibble"], "ghi"))
+    assert_equal(true, s.le(["FOOBAR","WIBBLE"], "ghi"))
+    assert_equal(true, s.le(["foobar","wibble"], "GHI"))
+    assert_equal(true, s.le(["FOOBAR","WIBBLE"], "GHI"))
+    assert_equal(false, s.le(["foobar","wibble"], "fab"))
+    assert_equal(false, s.le(["FOOBAR","WIBBLE"], "fab"))
+    assert_equal(false, s.le(["foobar","wibble"], "FAB"))
+    assert_equal(false, s.le(["FOOBAR","WIBBLE"], "FAB"))
+  end
+
+  def test_caseIgnoreSubstringsMatch
+    s = LDAP::Server::MatchingRule.find("2.5.13.4")
+    assert_equal(LDAP::Server::MatchingRule, s.class)
+    assert_equal("caseIgnoreSubstringsMatch", s.name)
+    assert_equal(true, s.substrings(["foobar","wibble"], nil, "oob", nil))
+    assert_equal(true, s.substrings(["foobar","wibble"], nil, "foo", nil))
+    assert_equal(true, s.substrings(["foobar","wibble"], nil, "bar", nil))
+    assert_equal(true, s.substrings(["foobar","wibble"], "wib", nil))
+    assert_equal(true, s.substrings(["foobar","wibble"], nil, "ar"))
+    assert_equal(true, s.substrings(["foobar","wibble"], "wib", "ble"))
+    assert_equal(true, s.substrings(["foobar","wibble"], nil, "oo", "bar"))
+    assert_equal(false, s.substrings(["foobar","wibble"], nil, "ooz", nil))
+    assert_equal(false, s.substrings(["foobar","wibble"], nil, "foz", nil))
+    assert_equal(false, s.substrings(["foobar","wibble"], nil, "zar", nil))
+    assert_equal(false, s.substrings(["foobar","wibble"], "bar", nil))
+    assert_equal(false, s.substrings(["foobar","wibble"], nil, "oob"))
+    assert_equal(false, s.substrings(["foobar","wibble"], "foo", "ble"))
+    assert_equal(false, s.substrings(["foobar","wibble"], "foo", "obar"))
+  end
+
+  def test_unknown
+    s = LDAP::Server::MatchingRule.find("1.4.7.1")
+    assert_equal(nil, s)  ## this may change to generate a default object
+  end
+
+  def test_nil
+    s = LDAP::Server::MatchingRule.find(nil)
+    assert_equal(nil, s)
+  end
+
+  def test_from_def
+    s = LDAP::Server::MatchingRule.from_def("( 1.2.3 NAME ( 'wibble' 'bibble' ) DESC 'foobar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )")
+    assert_equal("1.2.3", s.oid)
+    assert_equal(['wibble','bibble'], s.names)
+    assert_equal('wibble', s.to_s)
+    assert_equal("foobar", s.desc)
+    assert_equal("IA5 String", s.syntax.desc)
+  end
+end

data/test/schema_test.rb

@@ -0,0 +1,113 @@
+require File.dirname(__FILE__) + '/test_helper'
+require 'ldap/server/schema'
+require 'ldap/server/match'
+
+class SchemaTest < Test::Unit::TestCase
+
+  def test_parse_attr
+attr = <<ATTR
+( 2.5.4.3 NAME 'cn' OBSOLETE EQUALITY 1.2.3 ORDERING 4.5.678 SUBSTR 9.1.1 SYNTAX 4.3.2{58} SINGLE-VALUE COLLECTIVE NO-USER-MODIFICATION USAGE userApplications )
+ATTR
+    a = LDAP::Server::Schema::AttributeType.new(attr)
+    assert_equal("2.5.4.3", a.oid)
+    assert_equal("cn", a.name)
+    assert_equal(["cn"], a.names)
+    assert(a.obsolete)
+    assert_equal("1.2.3", a.equality)
+    assert_equal("4.5.678", a.ordering)
+    assert_equal("9.1.1", a.substr)
+    assert_equal("4.3.2", a.syntax)
+    assert_equal(58, a.maxlen)
+    assert(a.singlevalue)
+    assert(a.collective)
+    assert(a.nousermod)
+    assert_equal(:userApplications, a.usage)
+    assert_equal(attr.chomp, a.to_def)
+
+attr = <<ATTR
+( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC2256: common name(s) for which the entity is known by' SUP name )
+ATTR
+    a = LDAP::Server::Schema::AttributeType.new(attr)
+    assert_equal("2.5.4.3", a.oid)
+    assert_equal("cn", a.name)
+    assert_equal(["cn", "commonName"], a.names)
+    assert_equal("RFC2256: common name(s) for which the entity is known by", a.desc)
+    assert(! a.obsolete)
+    assert_equal("name", a.sup)
+    assert(! a.singlevalue)
+    assert(! a.collective)
+    assert(! a.nousermod)
+    assert_equal(attr.chomp, a.to_def)
+  end
+
+  def test_parse_objectclass
+oc = <<OC
+( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )
+OC
+    a = LDAP::Server::Schema::ObjectClass.new(oc)
+    assert_equal("0.9.2342.19200300.100.4.19", a.oid)
+    assert_equal("simpleSecurityObject", a.name)
+    assert_equal(["simpleSecurityObject"], a.names)
+    assert(! a.obsolete)
+    assert_equal("RFC1274: simple security object", a.desc)
+    assert_equal(["top"], a.sup)
+    assert_equal(:auxiliary, a.struct)
+    assert_equal(["userPassword"], a.must)
+    assert_equal([], a.may)
+    assert_equal(oc.chomp, a.to_def)
+
+oc = <<OC
+( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+OC
+    a = LDAP::Server::Schema::ObjectClass.new(oc)
+    assert_equal("2.5.6.6", a.oid)
+    assert_equal("person", a.name)
+    assert_equal(["person"], a.names)
+    assert(! a.obsolete)
+    assert_equal("RFC2256: a person", a.desc)
+    assert_equal(["top"], a.sup)
+    assert_equal(:structural, a.struct)
+    assert_equal(["sn", "cn"], a.must)
+    assert_equal(["userPassword","telephoneNumber","seeAlso","description"], a.may)
+    assert_equal(oc.chomp, a.to_def)
+  end
+
+  def test_loadschema
+    s = LDAP::Server::Schema.new
+    s.load_system
+    s.load_file(File.dirname(__FILE__) + "/core.schema")
+    s.resolve_oids
+    a = s.find_attrtype("objectclass")
+    assert_equal("objectClass", a.name)
+    a = s.find_attrtype("COMMONNAME")
+    assert_equal(LDAP::Server::Schema::AttributeType, a.class)
+    assert_equal("caseIgnoreMatch", a.equality.to_s)
+    assert_equal(LDAP::Server::MatchingRule, a.equality.class)
+    assert_equal("caseIgnoreSubstringsMatch", a.substr.to_s)
+    assert_equal(LDAP::Server::MatchingRule, a.substr.class)
+    assert_equal("1.3.6.1.4.1.1466.115.121.1.15", a.syntax.to_s)
+    assert_equal(LDAP::Server::Syntax, a.syntax.class)
+    assert_equal("cn", a.name)
+    a = s.find_attrtype("COUNTRYname")
+    assert_equal("c", a.name)
+    # I modified core.schema so that countryName has the appropriate syntax
+    assert(a.syntax.match("GB"))
+    assert(!a.syntax.match("ABC"))
+  end
+
+  def test_backwards_api
+    s = LDAP::Server::Schema.new
+    s.load_system
+    assert_equal(['subschema','OpenLDAProotDSE','referral','alias','extensibleObject','top'].sort,
+      s.names('objectClasses').sort)
+    assert_equal(['dITStructureRules','nameForms','ditContentRules','objectClasses','attributeTypes','matchingRules','matchingRuleUse'],
+      s.attr('subschema', 'may'))
+    assert_equal([], s.attr('subschema', 'must'))
+    assert_equal(nil, s.attr('foo', 'must'))
+    assert_equal(['top'], s.sup('extensibleObject'))
+  end
+
+  def test_validate
+    # FIXME
+  end
+end