scashin133-net-ldap 0.1.2

data/test/test_entry.rb

@@ -0,0 +1,59 @@
+require 'common'
+
+=begin
+class TestEntry < Test::Unit::TestCase
+Commented out until I can make it a spec.
+  context "An instance of Entry" do
+    setup do
+      @entry = Net::LDAP::Entry.new 'cn=Barbara,o=corp'
+    end
+
+    should "be initialized with the DN" do
+      assert_equal 'cn=Barbara,o=corp', @entry.dn
+    end
+
+    should 'return an empty array when accessing a nonexistent attribute (index lookup)' do
+      assert_equal [], @entry['sn']
+    end
+
+    should 'return an empty array when accessing a nonexistent attribute (method call)' do
+      assert_equal [], @entry.sn
+    end
+
+    should 'create an attribute on assignment (index lookup)' do
+      @entry['sn'] = 'Jensen'
+      assert_equal ['Jensen'], @entry['sn']
+    end
+
+    should 'create an attribute on assignment (method call)' do
+      @entry.sn = 'Jensen'
+      assert_equal ['Jensen'], @entry.sn
+    end
+
+    should 'have attributes accessible by index lookup' do
+      @entry['sn'] = 'Jensen'
+      assert_equal ['Jensen'], @entry['sn']
+    end
+
+    should 'have attributes accessible using a Symbol as the index' do
+      @entry[:sn] = 'Jensen'
+      assert_equal ['Jensen'], @entry[:sn]
+    end
+
+    should 'have attributes accessible by method call' do
+      @entry['sn'] = 'Jensen'
+      assert_equal ['Jensen'], @entry.sn
+    end
+
+    should 'ignore case of attribute names' do
+      @entry['sn'] = 'Jensen'
+      assert_equal ['Jensen'], @entry.sn
+      assert_equal ['Jensen'], @entry.Sn
+      assert_equal ['Jensen'], @entry.SN
+      assert_equal ['Jensen'], @entry['sn']
+      assert_equal ['Jensen'], @entry['Sn']
+      assert_equal ['Jensen'], @entry['SN']
+    end
+	end
+end
+=end

data/test/test_filter.rb

@@ -0,0 +1,115 @@
+require 'common'
+
+class TestFilter < Test::Unit::TestCase
+  Filter = Net::LDAP::Filter
+
+  def test_bug_7534_rfc2254
+    assert_equal("(cn=Tim Wizard)",
+                 Filter.from_rfc2254("(cn=Tim Wizard)").to_rfc2254)
+  end
+
+  def test_invalid_filter_string
+    assert_raises(Net::LDAP::LdapError) { Filter.from_rfc2254("") }
+  end
+
+  def test_invalid_filter
+    assert_raises(Net::LDAP::LdapError) {
+      # This test exists to prove that our constructor blocks unknown filter
+      # types. All filters must be constructed using helpers.
+      Filter.__send__(:new, :xx, nil, nil)
+    }
+  end
+
+  def test_to_s
+    assert_equal("(uid=george *)", Filter.eq("uid", "george *").to_s)
+  end
+  
+  def test_apostrophe
+    assert_equal("(uid=O'Keefe)", Filter.construct("uid=O'Keefe").to_rfc2254)
+  end
+
+	def test_c2
+    assert_equal("(uid=george *)",
+                 Filter.from_rfc2254("uid=george *").to_rfc2254)
+    assert_equal("(uid:=george *)",
+                 Filter.from_rfc2254("uid:=george *").to_rfc2254)
+    assert_equal("(uid=george*)",
+                 Filter.from_rfc2254(" ( uid =  george*   ) ").to_rfc2254)
+		assert_equal("(!(uid=george*))",
+                 Filter.from_rfc2254("uid!=george*").to_rfc2254)
+		assert_equal("(uid<=george*)",
+                 Filter.from_rfc2254("uid <= george*").to_rfc2254)
+		assert_equal("(uid>=george*)",
+                 Filter.from_rfc2254("uid>=george*").to_rfc2254)
+		assert_equal("(&(uid=george*)(mail=*))",
+                 Filter.from_rfc2254("(& (uid=george* ) (mail=*))").to_rfc2254)
+		assert_equal("(|(uid=george*)(mail=*))",
+                 Filter.from_rfc2254("(| (uid=george* ) (mail=*))").to_rfc2254)
+		assert_equal("(!(mail=*))",
+                 Filter.from_rfc2254("(! (mail=*))").to_rfc2254)
+	end
+
+	def test_filters_from_ber
+		[
+			Net::LDAP::Filter.eq("objectclass", "*"),
+			Net::LDAP::Filter.pres("objectclass"),
+			Net::LDAP::Filter.eq("objectclass", "ou"),
+			Net::LDAP::Filter.ge("uid", "500"),
+			Net::LDAP::Filter.le("uid", "500"),
+			(~ Net::LDAP::Filter.pres("objectclass")),
+			(Net::LDAP::Filter.pres("objectclass") & Net::LDAP::Filter.pres("ou")),
+			(Net::LDAP::Filter.pres("objectclass") & Net::LDAP::Filter.pres("ou") & Net::LDAP::Filter.pres("sn")),
+			(Net::LDAP::Filter.pres("objectclass") | Net::LDAP::Filter.pres("ou") | Net::LDAP::Filter.pres("sn")),
+
+			Net::LDAP::Filter.eq("objectclass", "*aaa"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*ccc"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb*ccc"),
+			Net::LDAP::Filter.eq("objectclass", "abc*def*1111*22*g"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*ccc*"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb*"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb*ccc*"),
+		].each {|ber|
+			f = Net::LDAP::Filter.parse_ber(ber.to_ber.read_ber(Net::LDAP::AsnSyntax))
+			assert(f == ber)
+			assert_equal(f.to_ber, ber.to_ber)
+		}
+	end
+
+	def test_ber_from_rfc2254_filter
+		[
+			Net::LDAP::Filter.construct("objectclass=*"),
+			Net::LDAP::Filter.construct("objectclass=ou"),
+			Net::LDAP::Filter.construct("uid >= 500"),
+			Net::LDAP::Filter.construct("uid <= 500"),
+			Net::LDAP::Filter.construct("(!(uid=*))"),
+			Net::LDAP::Filter.construct("(&(uid=*)(objectclass=*))"),
+			Net::LDAP::Filter.construct("(&(uid=*)(objectclass=*)(sn=*))"),
+			Net::LDAP::Filter.construct("(|(uid=*)(objectclass=*))"),
+			Net::LDAP::Filter.construct("(|(uid=*)(objectclass=*)(sn=*))"),
+
+			Net::LDAP::Filter.construct("objectclass=*aaa"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb"),
+			Net::LDAP::Filter.construct("objectclass=*aaa bbb"),
+			Net::LDAP::Filter.construct("objectclass=*aaa  bbb"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb*ccc"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb*ccc"),
+			Net::LDAP::Filter.construct("objectclass=abc*def*1111*22*g"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb*"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb*ccc*"),
+			Net::LDAP::Filter.construct("objectclass=aaa*"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb*"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb*ccc*"),
+		].each {|ber|
+		f = Net::LDAP::Filter.parse_ber(ber.to_ber.read_ber(Net::LDAP::AsnSyntax))
+			assert(f == ber)
+			assert_equal(f.to_ber, ber.to_ber)
+		}
+	end
+end

data/test/test_ldif.rb

@@ -0,0 +1,68 @@
+# $Id: testldif.rb 61 2006-04-18 20:55:55Z blackhedd $
+
+require 'common'
+
+require 'net/ldif'
+require 'digest/sha1'
+require 'base64'
+
+class TestLdif < Test::Unit::TestCase
+  TestLdifFilename = "#{File.dirname(__FILE__)}/testdata.ldif"
+
+  def test_empty_ldif
+    ds = Net::LDAP::Dataset.read_ldif(StringIO.new)
+    assert_equal(true, ds.empty?)
+  end
+
+  def test_ldif_with_comments
+    str = ["# Hello from LDIF-land", "# This is an unterminated comment"]
+    io = StringIO.new(str[0] + "\r\n" + str[1])
+    ds = Net::LDAP::Dataset::read_ldif(io)
+    assert_equal(str, ds.comments)
+  end
+
+  def test_ldif_with_password
+    psw = "goldbricks"
+    hashed_psw = "{SHA}" + Base64::encode64(Digest::SHA1.digest(psw)).chomp
+
+    ldif_encoded = Base64::encode64(hashed_psw).chomp
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: Goldbrick\r\nuserPassword:: #{ldif_encoded}\r\n\r\n"))
+    recovered_psw = ds["Goldbrick"][:userpassword].shift
+    assert_equal(hashed_psw, recovered_psw)
+  end
+
+  def test_ldif_with_continuation_lines
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n   hijklmn\r\n\r\n"))
+    assert_equal(true, ds.has_key?("abcdefg hijklmn"))
+  end
+
+  # TODO, INADEQUATE. We need some more tests
+  # to verify the content.
+  def test_ldif
+    File.open(TestLdifFilename, "r") {|f|
+      ds = Net::LDAP::Dataset::read_ldif(f)
+      assert_equal(13, ds.length)
+    }
+  end
+
+  # Must test folded lines and base64-encoded lines as well as normal ones.
+  def test_to_ldif
+    data = File.open(TestLdifFilename, "rb") { |f| f.read }
+    io = StringIO.new(data)
+
+    # added .lines to turn to array because 1.9 doesn't have
+    # .grep on basic strings
+    entries = data.lines.grep(/^dn:\s*/) { $'.chomp }
+    dn_entries = entries.dup
+
+    ds = Net::LDAP::Dataset::read_ldif(io) { |type, value|
+      case type
+      when :dn
+        assert_equal(dn_entries.first, value)
+        dn_entries.shift
+      end
+    }
+    assert_equal(entries.size, ds.size)
+    assert_equal(entries.sort, ds.to_ldif.grep(/^dn:\s*/) { $'.chomp })
+  end
+end

data/test/test_password.rb

@@ -0,0 +1,17 @@
+# $Id: testpsw.rb 72 2006-04-24 21:58:14Z blackhedd $
+
+require 'common'
+
+class TestPassword < Test::Unit::TestCase
+
+  def test_psw
+    assert_equal(
+	"{MD5}xq8jwrcfibi0sZdZYNkSng==",
+	Net::LDAP::Password.generate( :md5, "cashflow" ))
+
+    assert_equal(
+	"{SHA}YE4eGkN4BvwNN1f5R7CZz0kFn14=",
+	Net::LDAP::Password.generate( :sha, "cashflow" ))
+  end
+
+end

data/test/test_snmp.rb

@@ -0,0 +1,114 @@
+# $Id: testsnmp.rb 231 2006-12-21 15:09:29Z blackhedd $
+
+require 'common'
+require 'net/snmp'
+
+class TestSnmp < Test::Unit::TestCase
+  SnmpGetRequest = "0'\002\001\000\004\006public\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000"
+  SnmpGetResponse = "0+\002\001\000\004\006public\242\036\002\002'\017\002\001\000\002\001\0000\0220\020\006\b+\006\001\002\001\001\001\000\004\004test"
+
+  SnmpGetRequestXXX = "0'\002\001\000\004\006xxxxxx\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000"
+
+  def test_invalid_packet
+    data = "xxxx"
+    assert_raise(Net::BER::BerError) {
+ary = data.read_ber(Net::SNMP::AsnSyntax)
+    }
+  end
+
+  # The method String#read_ber! added by Net::BER consumes a well-formed BER
+  # object from the head of a string. If it doesn't find a complete,
+  # well-formed BER object, it returns nil and leaves the string unchanged.
+  # If it finds an object, it returns the object and removes it from the
+  # head of the string. This is good for handling partially-received data
+  # streams, such as from network connections.
+  def _test_consume_string
+    data = "xxx"
+    assert_equal(nil, data.read_ber!)
+    assert_equal("xxx", data)
+
+    data = SnmpGetRequest + "!!!"
+    ary = data.read_ber!(Net::SNMP::AsnSyntax)
+    assert_equal("!!!", data)
+    assert ary.is_a?(Array)
+    assert ary.is_a?(Net::BER::BerIdentifiedArray)
+  end
+
+  def test_weird_packet
+    assert_raise(Net::SnmpPdu::Error) {
+Net::SnmpPdu.parse("aaaaaaaaaaaaaa")
+    }
+  end
+
+  def test_get_request
+    data = SnmpGetRequest.dup
+    pkt = data.read_ber(Net::SNMP::AsnSyntax)
+    assert pkt.is_a?(Net::BER::BerIdentifiedArray)
+    assert_equal(48, pkt.ber_identifier) # Constructed [0], signifies GetRequest
+
+    pdu = Net::SnmpPdu.parse(pkt)
+    assert_equal(:get_request, pdu.pdu_type)
+    assert_equal(16170, pdu.request_id) # whatever was in the test data. 16170 is not magic.
+    assert_equal([[[1, 3, 6, 1, 2, 1, 1, 1, 0], nil]], pdu.variables)
+
+    assert_equal(pdu.to_ber_string, SnmpGetRequest)
+  end
+
+  def test_empty_pdu
+    pdu = Net::SnmpPdu.new
+    assert_raise(Net::SnmpPdu::Error) { pdu.to_ber_string }
+  end
+
+  def test_malformations
+    pdu = Net::SnmpPdu.new
+    pdu.version = 0
+    pdu.version = 2
+    assert_raise(Net::SnmpPdu::Error) { pdu.version = 100 }
+
+    pdu.pdu_type = :get_request
+    pdu.pdu_type = :get_next_request
+    pdu.pdu_type = :get_response
+    pdu.pdu_type = :set_request
+    pdu.pdu_type = :trap
+    assert_raise(Net::SnmpPdu::Error) { pdu.pdu_type = :something_else }
+  end
+
+  def test_make_response
+    pdu = Net::SnmpPdu.new
+    pdu.version = 0
+    pdu.community = "public"
+    pdu.pdu_type = :get_response
+    pdu.request_id = 9999
+    pdu.error_status = 0
+    pdu.error_index = 0
+    pdu.add_variable_binding [1, 3, 6, 1, 2, 1, 1, 1, 0], "test"
+
+    assert_equal(SnmpGetResponse, pdu.to_ber_string)
+  end
+
+  def test_make_bad_response
+    pdu = Net::SnmpPdu.new
+    assert_raise(Net::SnmpPdu::Error) {pdu.to_ber_string}
+    pdu.pdu_type = :get_response
+    pdu.request_id = 999
+    pdu.to_ber_string
+    # Not specifying variables doesn't create an error. (Maybe it should?)
+  end
+
+  def test_snmp_integers
+    c32 = Net::SNMP::Counter32.new(100)
+    assert_equal("A\001d", c32.to_ber)
+    g32 = Net::SNMP::Gauge32.new(100)
+    assert_equal("B\001d", g32.to_ber)
+    t32 = Net::SNMP::TimeTicks32.new(100)
+    assert_equal("C\001d", t32.to_ber)
+  end
+
+  def test_community
+    data = SnmpGetRequestXXX.dup
+    ary = data.read_ber(Net::SNMP::AsnSyntax)
+    pdu = Net::SnmpPdu.parse(ary)
+    assert_equal("xxxxxx", pdu.community)
+  end
+
+end

data/test/testdata.ldif

@@ -0,0 +1,101 @@
+# $Id: testdata.ldif 50 2006-04-17 17:57:33Z blackhedd $
+#
+# This is test-data for an LDAP server in LDIF format.
+#
+dn: dc=bayshorenetworks,dc=com
+objectClass: dcObject
+objectClass: organization
+o: Bayshore Networks LLC
+dc: bayshorenetworks
+
+dn: cn=Manager,dc=bayshorenetworks,dc=com
+objectClass: organizationalrole
+cn: Manager
+
+dn: ou=people,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: people
+
+dn: ou=privileges,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: privileges
+
+dn: ou=roles,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: roles
+
+dn: ou=office,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: office
+
+dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Bob Fosse
+mail: nogoodnik@steamheat.net
+sn: Fosse
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
+hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
+
+dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Gwen Verdon
+mail: elephant@steamheat.net
+sn: Verdon
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+
+dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineering
+ou: privileges
+objectClass: accessPrivilege
+
+dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineer
+ou: roles
+objectClass: accessRole
+hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
+
+dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapadmin
+ou: roles
+objectClass: accessRole
+
+dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapsuperadmin
+ou: roles
+objectClass: accessRole
+
+dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Sid Sorokin
+mail: catperson@steamheat.net
+sn: Sorokin
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
+

data/testserver/ldapserver.rb

@@ -0,0 +1,210 @@
+# $Id$
+#
+# Copyright (C) 2006 by Francis Cianfrocca. All Rights Reserved.
+# Gmail account: garbagecat10.
+#
+# This is an LDAP server intended for unit testing of Net::LDAP.
+# It implements as much of the protocol as we have the stomach
+# to implement but serves static data. Use ldapsearch to test
+# this server!
+#
+# To make this easier to write, we use the Ruby/EventMachine
+# reactor library.
+#
+
+#------------------------------------------------
+
+module LdapServer
+
+  LdapServerAsnSyntax = {
+    :application => {
+      :constructed => {
+        0 => :array,               # LDAP BindRequest
+        3 => :array                # LDAP SearchRequest
+      },
+      :primitive => {
+        2 => :string,              # ldapsearch sends this to unbind
+      }
+    },
+    :context_specific => {
+      :primitive => {
+        0 => :string,              # simple auth (password)
+        7 => :string               # present filter
+      },
+      :constructed => {
+        3 => :array                # equality filter
+      },
+    }
+  }
+
+  def post_init
+    $logger.info "Accepted LDAP connection"
+    @authenticated = false
+  end
+
+  def receive_data data
+    @data ||= ""; @data << data
+    while pdu = @data.read_ber!(LdapServerAsnSyntax)
+      begin
+      handle_ldap_pdu pdu
+      rescue
+        $logger.error "closing connection due to error #{$!}"
+        close_connection
+      end
+    end
+  end
+
+  def handle_ldap_pdu pdu
+    tag_id = pdu[1].ber_identifier
+    case tag_id
+    when 0x60
+      handle_bind_request pdu
+    when 0x63
+      handle_search_request pdu
+    when 0x42
+      # bizarre thing, it's a null object (primitive application-2)
+      # sent by ldapsearch to request an unbind (or a kiss-off, not sure which)
+      close_connection_after_writing
+    else
+      $logger.error "received unknown packet-type #{tag_id}"
+      close_connection_after_writing
+    end
+  end
+
+  def handle_bind_request pdu
+    # TODO, return a proper LDAP error instead of blowing up on version error
+    if pdu[1][0] != 3
+      send_ldap_response 1, pdu[0].to_i, 2, "", "We only support version 3"
+    elsif pdu[1][1] != "cn=bigshot,dc=bayshorenetworks,dc=com"
+      send_ldap_response 1, pdu[0].to_i, 48, "", "Who are you?"
+    elsif pdu[1][2].ber_identifier != 0x80
+      send_ldap_response 1, pdu[0].to_i, 7, "", "Keep it simple, man"
+    elsif pdu[1][2] != "opensesame"
+      send_ldap_response 1, pdu[0].to_i, 49, "", "Make my day"
+    else
+      @authenticated = true
+      send_ldap_response 1, pdu[0].to_i, 0, pdu[1][1], "I'll take it"
+    end
+  end
+
+
+
+  #--
+  # Search Response ::=
+  #       CHOICE {
+  #            entry          [APPLICATION 4] SEQUENCE {
+  #                                objectName     LDAPDN,
+  #                                attributes     SEQUENCE OF SEQUENCE {
+  #                                                    AttributeType,
+  #                                                    SET OF AttributeValue
+  #                                               }
+  #                           },
+  #            resultCode     [APPLICATION 5] LDAPResult
+  #        }
+  def handle_search_request pdu
+    unless @authenticated
+      # NOTE, early exit.
+      send_ldap_response 5, pdu[0].to_i, 50, "", "Who did you say you were?"
+      return
+    end
+
+    treebase = pdu[1][0]
+    if treebase != "dc=bayshorenetworks,dc=com"
+      send_ldap_response 5, pdu[0].to_i, 32, "", "unknown treebase"
+      return
+    end
+
+    msgid = pdu[0].to_i.to_ber
+
+    # pdu[1][7] is the list of requested attributes.
+    # If it's an empty array, that means that *all* attributes were requested.
+    requested_attrs = if pdu[1][7].length > 0
+      pdu[1][7].map {|a| a.downcase}
+    else
+      :all
+    end
+
+    filters = pdu[1][6]
+    if filters.length == 0
+      # NOTE, early exit.
+      send_ldap_response 5, pdu[0].to_i, 53, "", "No filter specified"
+    end
+
+    # TODO, what if this returns nil?
+    filter = Net::LDAP::Filter.parse_ldap_filter( filters )
+
+    $ldif.each {|dn, entry|
+      if filter.match( entry )
+        attrs = []
+        entry.each {|k, v|
+          if requested_attrs == :all or requested_attrs.include?(k.downcase)
+            attrvals = v.map {|v1| v1.to_ber}.to_ber_set
+            attrs << [k.to_ber, attrvals].to_ber_sequence
+          end
+        }
+
+        appseq = [dn.to_ber, attrs.to_ber_sequence].to_ber_appsequence(4)
+        pkt = [msgid.to_ber, appseq].to_ber_sequence
+        send_data pkt
+      end
+    }
+
+
+    send_ldap_response 5, pdu[0].to_i, 0, "", "Was that what you wanted?"
+  end
+
+
+
+  def send_ldap_response pkt_tag, msgid, code, dn, text
+    send_data( [msgid.to_ber, [code.to_ber, dn.to_ber, text.to_ber].to_ber_appsequence(pkt_tag) ].to_ber )
+  end
+
+end
+
+
+#------------------------------------------------
+
+# Rather bogus, a global method, which reads a HARDCODED filename
+# parses out LDIF data. It will be used to serve LDAP queries out of this server.
+#
+def load_test_data
+  ary = File.readlines( "./testdata.ldif" )
+  hash = {}
+  while line = ary.shift and line.chomp!
+    if line =~ /^dn:[\s]*/i
+      dn = $'
+      hash[dn] = {}
+      while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
+        hash[dn][$1.downcase] ||= []
+        hash[dn][$1.downcase] << $'
+      end
+    end
+  end
+  hash
+end
+
+
+#------------------------------------------------
+
+if __FILE__ == $0
+
+  require 'rubygems'
+  require 'eventmachine'
+
+  require 'logger'
+  $logger = Logger.new $stderr
+
+  $logger.info "adding ../lib to loadpath, to pick up dev version of Net::LDAP."
+  $:.unshift "../lib"
+
+  $ldif = load_test_data
+
+  require 'net/ldap'
+
+  EventMachine.run {
+    $logger.info "starting LDAP server on 127.0.0.1 port 3890"
+    EventMachine.start_server "127.0.0.1", 3890, LdapServer
+    EventMachine.add_periodic_timer 60, proc {$logger.info "heartbeat"}
+  }
+end
+