sheffield_ldap_lookup 0.0.7 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/lib/sheffield_ldap_lookup/ldap_finder.rb +18 -4
- data/lib/sheffield_ldap_lookup/version.rb +1 -1
- data/spec/lib/ldap_finder_spec.rb +50 -17
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2a0dc52a5bd9f5aa8ec1401e62ca05c0d5f7062c0f382afb77d1f4d8595df0b5
|
|
4
|
+
data.tar.gz: f945bc9ded89ea4b1d9a047ae6b1c5a7b71786b2a7d98acdd426f5172c7720c4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 42ed11ed5b09a6a6b3b159fc4fee3757235802bfad7ce87420b3507751ba4f7561502195c03e51a44e373ee7069595f768d2b0234177a98f4ef99c7bac564ed6
|
|
7
|
+
data.tar.gz: 46017a6b493efd2d91b87f8669e9118ececac71a9190dea0782ca3958b480b8001849e632143fcc0b7d8a3b6c0183d83d07713480cb2011d59ee33a0b0ddff2e
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
ruby-3.1
|
|
@@ -12,13 +12,17 @@ module SheffieldLdapLookup
|
|
|
12
12
|
|
|
13
13
|
class << self
|
|
14
14
|
attr_accessor :ldap_config
|
|
15
|
+
attr_accessor :error_notification_proc
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def lookup
|
|
18
19
|
begin
|
|
19
20
|
@lookup ||= connection.search(filter: ldap_filter)[0]
|
|
20
|
-
rescue
|
|
21
|
-
|
|
21
|
+
rescue Exception => exception
|
|
22
|
+
if self.class.error_notification_proc.is_a?(Proc)
|
|
23
|
+
self.class.error_notification_proc.call(exception)
|
|
24
|
+
end
|
|
25
|
+
raise exception
|
|
22
26
|
end
|
|
23
27
|
end
|
|
24
28
|
|
|
@@ -28,7 +32,7 @@ module SheffieldLdapLookup
|
|
|
28
32
|
|
|
29
33
|
def search_attribute
|
|
30
34
|
return custom_search_attribute if custom_search_attribute
|
|
31
|
-
keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : '
|
|
35
|
+
keyword =~ /\A[^@]+@[^@]+\z/ ? 'mail' : 'sAMAccountName'
|
|
32
36
|
end
|
|
33
37
|
|
|
34
38
|
def ldap_config
|
|
@@ -56,9 +60,19 @@ module SheffieldLdapLookup
|
|
|
56
60
|
|
|
57
61
|
if ldap_config["#{@config_prefix}ssl"] == true
|
|
58
62
|
base_settings[:port] ||= 636
|
|
59
|
-
base_settings[:encryption] =
|
|
63
|
+
base_settings[:encryption] = {
|
|
64
|
+
method: :simple_tls,
|
|
65
|
+
tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(
|
|
66
|
+
# Default min version (in Ruby 2.7) is TLS 1.0, but server always responds and says provide TLS 1.2
|
|
67
|
+
# (and, to be honest, we shouldn't use anything less than TLS 1.2 these days)
|
|
68
|
+
min_version: OpenSSL::SSL::TLS1_2_VERSION
|
|
69
|
+
)
|
|
70
|
+
}
|
|
60
71
|
end
|
|
61
72
|
|
|
73
|
+
# Avoid two LDAP queries per connection by forcing unpaged results
|
|
74
|
+
base_settings[:force_no_page] = true
|
|
75
|
+
|
|
62
76
|
base_settings
|
|
63
77
|
end
|
|
64
78
|
|
|
@@ -3,12 +3,18 @@ require 'sheffield_ldap_lookup/ldap_finder.rb'
|
|
|
3
3
|
|
|
4
4
|
describe SheffieldLdapLookup::LdapFinder do
|
|
5
5
|
let(:ldap_config) { { 'host' => 'localhost', 'port' => '389', 'base' => 'ou=Users' } }
|
|
6
|
+
let(:default_tls_options) { OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(min_version: OpenSSL::SSL::TLS1_2_VERSION) }
|
|
6
7
|
|
|
7
8
|
describe "#connection" do
|
|
8
9
|
it "should create a new LDAP connection" do
|
|
9
10
|
allow(subject).to receive(:ldap_config).and_return(ldap_config)
|
|
10
11
|
ldap_class = double
|
|
11
|
-
expect(ldap_class).to receive(:new).with(
|
|
12
|
+
expect(ldap_class).to receive(:new).with({
|
|
13
|
+
host: ldap_config['host'],
|
|
14
|
+
port: ldap_config['port'],
|
|
15
|
+
base: ldap_config['base'],
|
|
16
|
+
force_no_page: true
|
|
17
|
+
})
|
|
12
18
|
subject.connection(ldap_class)
|
|
13
19
|
end
|
|
14
20
|
end
|
|
@@ -24,7 +30,7 @@ describe SheffieldLdapLookup::LdapFinder do
|
|
|
24
30
|
describe "determine to search against uid or email based on the format of the keyword" do
|
|
25
31
|
it "should use 'uid' attribute for username" do
|
|
26
32
|
finder = SheffieldLdapLookup::LdapFinder.new('username')
|
|
27
|
-
expect(finder.search_attribute).to eq '
|
|
33
|
+
expect(finder.search_attribute).to eq 'sAMAccountName'
|
|
28
34
|
end
|
|
29
35
|
|
|
30
36
|
it "should use 'mail' attribute for email" do
|
|
@@ -52,7 +58,12 @@ describe SheffieldLdapLookup::LdapFinder do
|
|
|
52
58
|
it "should create a new LDAP connection" do
|
|
53
59
|
allow(subject).to receive(:ldap_config).and_return(ldap_config)
|
|
54
60
|
ldap_class = double
|
|
55
|
-
expect(ldap_class).to receive(:new).with(
|
|
61
|
+
expect(ldap_class).to receive(:new).with({
|
|
62
|
+
host: ldap_config['prefix_host'],
|
|
63
|
+
port: ldap_config['prefix_port'],
|
|
64
|
+
base: ldap_config['prefix_base'],
|
|
65
|
+
force_no_page: true
|
|
66
|
+
})
|
|
56
67
|
subject.connection(ldap_class)
|
|
57
68
|
end
|
|
58
69
|
end
|
|
@@ -63,9 +74,16 @@ describe SheffieldLdapLookup::LdapFinder do
|
|
|
63
74
|
it "should create a new secure LDAP connection" do
|
|
64
75
|
allow(subject).to receive(:ldap_config).and_return(ldap_config)
|
|
65
76
|
ldap_class = double
|
|
66
|
-
expect(ldap_class).to receive(:new).with(
|
|
67
|
-
|
|
68
|
-
|
|
77
|
+
expect(ldap_class).to receive(:new).with({
|
|
78
|
+
host: ldap_config['host'],
|
|
79
|
+
port: ldap_config['port'],
|
|
80
|
+
base: ldap_config['base'],
|
|
81
|
+
encryption: {
|
|
82
|
+
method: :simple_tls,
|
|
83
|
+
tls_options: default_tls_options
|
|
84
|
+
},
|
|
85
|
+
force_no_page: true
|
|
86
|
+
})
|
|
69
87
|
subject.connection(ldap_class)
|
|
70
88
|
end
|
|
71
89
|
end
|
|
@@ -77,9 +95,17 @@ describe SheffieldLdapLookup::LdapFinder do
|
|
|
77
95
|
it "should create a new secure LDAP connection" do
|
|
78
96
|
allow(subject).to receive(:ldap_config).and_return(ldap_config)
|
|
79
97
|
ldap_class = double
|
|
80
|
-
expect(ldap_class).to receive(:new).with(
|
|
81
|
-
|
|
82
|
-
|
|
98
|
+
expect(ldap_class).to receive(:new).with({
|
|
99
|
+
host: ldap_config['host'],
|
|
100
|
+
port: ldap_config['port'],
|
|
101
|
+
base: ldap_config['base'],
|
|
102
|
+
force_no_page: true,
|
|
103
|
+
auth: {
|
|
104
|
+
method: :simple,
|
|
105
|
+
username: 'ldapusername',
|
|
106
|
+
password: 'ldappassword'
|
|
107
|
+
}
|
|
108
|
+
})
|
|
83
109
|
subject.connection(ldap_class)
|
|
84
110
|
end
|
|
85
111
|
end
|
|
@@ -91,9 +117,21 @@ describe SheffieldLdapLookup::LdapFinder do
|
|
|
91
117
|
it "should create a new secure LDAP connection" do
|
|
92
118
|
allow(subject).to receive(:ldap_config).and_return(ldap_config)
|
|
93
119
|
ldap_class = double
|
|
94
|
-
expect(ldap_class).to receive(:new).with(
|
|
95
|
-
|
|
96
|
-
|
|
120
|
+
expect(ldap_class).to receive(:new).with({
|
|
121
|
+
host: ldap_config['host'],
|
|
122
|
+
port: ldap_config['port'],
|
|
123
|
+
base: ldap_config['base'],
|
|
124
|
+
force_no_page: true,
|
|
125
|
+
encryption: {
|
|
126
|
+
method: :simple_tls,
|
|
127
|
+
tls_options: default_tls_options
|
|
128
|
+
},
|
|
129
|
+
auth: {
|
|
130
|
+
method: :simple,
|
|
131
|
+
username: 'ldapusername',
|
|
132
|
+
password: 'ldappassword'
|
|
133
|
+
}
|
|
134
|
+
})
|
|
97
135
|
subject.connection(ldap_class)
|
|
98
136
|
end
|
|
99
137
|
end
|
|
@@ -118,11 +156,6 @@ describe SheffieldLdapLookup::LdapFinder do
|
|
|
118
156
|
allow(connection).to receive(:search).and_return([result])
|
|
119
157
|
expect(subject.lookup).to eq result
|
|
120
158
|
end
|
|
121
|
-
|
|
122
|
-
it "should return an empty hash if cannot connect to LDAP" do
|
|
123
|
-
allow(connection).to receive(:search).and_return(->{raise})
|
|
124
|
-
expect(subject.lookup).to eq({})
|
|
125
|
-
end
|
|
126
159
|
end
|
|
127
160
|
end
|
|
128
161
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sheffield_ldap_lookup
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Gregory-Monk
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2023-
|
|
12
|
+
date: 2023-09-22 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: net-ldap
|
|
@@ -108,7 +108,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
109
|
version: '0'
|
|
110
110
|
requirements: []
|
|
111
|
-
rubygems_version: 3.
|
|
111
|
+
rubygems_version: 3.3.7
|
|
112
112
|
signing_key:
|
|
113
113
|
specification_version: 4
|
|
114
114
|
summary: LDAP lookup
|