RubyGems - socialcast-net-ldap - Versions diffs - 0.1.5 - Mend

socialcast-net-ldap 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

data/.gemtest +0 -0
data/COPYING +272 -0
data/Gemfile +10 -0
data/Gemfile.lock +29 -0
data/Hacking.rdoc +16 -0
data/History.txt +137 -0
data/LICENSE +56 -0
data/Manifest.txt +45 -0
data/README.txt +70 -0
data/Rakefile +124 -0
data/lib/net-ldap.rb +1 -0
data/lib/net/ber.rb +341 -0
data/lib/net/ber/ber_parser.rb +168 -0
data/lib/net/ber/core_ext.rb +72 -0
data/lib/net/ber/core_ext/array.rb +79 -0
data/lib/net/ber/core_ext/bignum.rb +19 -0
data/lib/net/ber/core_ext/false_class.rb +7 -0
data/lib/net/ber/core_ext/fixnum.rb +63 -0
data/lib/net/ber/core_ext/string.rb +57 -0
data/lib/net/ber/core_ext/true_class.rb +9 -0
data/lib/net/ldap.rb +1539 -0
data/lib/net/ldap/dataset.rb +174 -0
data/lib/net/ldap/entry.rb +208 -0
data/lib/net/ldap/filter.rb +781 -0
data/lib/net/ldap/password.rb +52 -0
data/lib/net/ldap/pdu.rb +279 -0
data/lib/net/ldif.rb +34 -0
data/lib/net/snmp.rb +295 -0
data/spec/integration/ssl_ber_spec.rb +33 -0
data/spec/spec.opts +2 -0
data/spec/spec_helper.rb +5 -0
data/spec/unit/ber/ber_spec.rb +109 -0
data/spec/unit/ber/core_ext/string_spec.rb +51 -0
data/spec/unit/ldap/entry_spec.rb +51 -0
data/spec/unit/ldap/filter_spec.rb +83 -0
data/spec/unit/ldap_spec.rb +48 -0
data/test/common.rb +3 -0
data/test/test_entry.rb +59 -0
data/test/test_filter.rb +115 -0
data/test/test_ldif.rb +68 -0
data/test/test_password.rb +17 -0
data/test/test_rename.rb +79 -0
data/test/test_snmp.rb +114 -0
data/test/testdata.ldif +101 -0
data/testserver/ldapserver.rb +210 -0
data/testserver/testdata.ldif +101 -0
metadata +178 -0

data/test/test_filter.rb ADDED Viewed

@@ -0,0 +1,115 @@
+require 'common'
+class TestFilter < Test::Unit::TestCase
+  Filter = Net::LDAP::Filter
+  def test_bug_7534_rfc2254
+    assert_equal("(cn=Tim Wizard)",
+                 Filter.from_rfc2254("(cn=Tim Wizard)").to_rfc2254)
+  end
+  def test_invalid_filter_string
+    assert_raises(Net::LDAP::LdapError) { Filter.from_rfc2254("") }
+  end
+  def test_invalid_filter
+    assert_raises(Net::LDAP::LdapError) {
+      # This test exists to prove that our constructor blocks unknown filter
+      # types. All filters must be constructed using helpers.
+      Filter.__send__(:new, :xx, nil, nil)
+    }
+  end
+  def test_to_s
+    assert_equal("(uid=george *)", Filter.eq("uid", "george *").to_s)
+  end
+  def test_apostrophe
+    assert_equal("(uid=O'Keefe)", Filter.construct("uid=O'Keefe").to_rfc2254)
+  end
+	def test_c2
+    assert_equal("(uid=george *)",
+                 Filter.from_rfc2254("uid=george *").to_rfc2254)
+    assert_equal("(uid:=george *)",
+                 Filter.from_rfc2254("uid:=george *").to_rfc2254)
+    assert_equal("(uid=george*)",
+                 Filter.from_rfc2254(" ( uid =  george*   ) ").to_rfc2254)
+		assert_equal("(!(uid=george*))",
+                 Filter.from_rfc2254("uid!=george*").to_rfc2254)
+		assert_equal("(uid<=george*)",
+                 Filter.from_rfc2254("uid <= george*").to_rfc2254)
+		assert_equal("(uid>=george*)",
+                 Filter.from_rfc2254("uid>=george*").to_rfc2254)
+		assert_equal("(&(uid=george*)(mail=*))",
+                 Filter.from_rfc2254("(& (uid=george* ) (mail=*))").to_rfc2254)
+		assert_equal("(|(uid=george*)(mail=*))",
+                 Filter.from_rfc2254("(| (uid=george* ) (mail=*))").to_rfc2254)
+		assert_equal("(!(mail=*))",
+                 Filter.from_rfc2254("(! (mail=*))").to_rfc2254)
+	end
+	def test_filters_from_ber
+		[
+			Net::LDAP::Filter.eq("objectclass", "*"),
+			Net::LDAP::Filter.pres("objectclass"),
+			Net::LDAP::Filter.eq("objectclass", "ou"),
+			Net::LDAP::Filter.ge("uid", "500"),
+			Net::LDAP::Filter.le("uid", "500"),
+			(~ Net::LDAP::Filter.pres("objectclass")),
+			(Net::LDAP::Filter.pres("objectclass") & Net::LDAP::Filter.pres("ou")),
+			(Net::LDAP::Filter.pres("objectclass") & Net::LDAP::Filter.pres("ou") & Net::LDAP::Filter.pres("sn")),
+			(Net::LDAP::Filter.pres("objectclass") | Net::LDAP::Filter.pres("ou") | Net::LDAP::Filter.pres("sn")),
+			Net::LDAP::Filter.eq("objectclass", "*aaa"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*ccc"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb*ccc"),
+			Net::LDAP::Filter.eq("objectclass", "abc*def*1111*22*g"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*"),
+			Net::LDAP::Filter.eq("objectclass", "*aaa*bbb*ccc*"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb*"),
+			Net::LDAP::Filter.eq("objectclass", "aaa*bbb*ccc*"),
+		].each {|ber|
+			f = Net::LDAP::Filter.parse_ber(ber.to_ber.read_ber(Net::LDAP::AsnSyntax))
+			assert(f == ber)
+			assert_equal(f.to_ber, ber.to_ber)
+		}
+	end
+	def test_ber_from_rfc2254_filter
+		[
+			Net::LDAP::Filter.construct("objectclass=*"),
+			Net::LDAP::Filter.construct("objectclass=ou"),
+			Net::LDAP::Filter.construct("uid >= 500"),
+			Net::LDAP::Filter.construct("uid <= 500"),
+			Net::LDAP::Filter.construct("(!(uid=*))"),
+			Net::LDAP::Filter.construct("(&(uid=*)(objectclass=*))"),
+			Net::LDAP::Filter.construct("(&(uid=*)(objectclass=*)(sn=*))"),
+			Net::LDAP::Filter.construct("(|(uid=*)(objectclass=*))"),
+			Net::LDAP::Filter.construct("(|(uid=*)(objectclass=*)(sn=*))"),
+			Net::LDAP::Filter.construct("objectclass=*aaa"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb"),
+			Net::LDAP::Filter.construct("objectclass=*aaa bbb"),
+			Net::LDAP::Filter.construct("objectclass=*aaa  bbb"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb*ccc"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb*ccc"),
+			Net::LDAP::Filter.construct("objectclass=abc*def*1111*22*g"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb*"),
+			Net::LDAP::Filter.construct("objectclass=*aaa*bbb*ccc*"),
+			Net::LDAP::Filter.construct("objectclass=aaa*"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb*"),
+			Net::LDAP::Filter.construct("objectclass=aaa*bbb*ccc*"),
+		].each {|ber|
+		f = Net::LDAP::Filter.parse_ber(ber.to_ber.read_ber(Net::LDAP::AsnSyntax))
+			assert(f == ber)
+			assert_equal(f.to_ber, ber.to_ber)
+		}
+	end
+end

data/test/test_ldif.rb ADDED Viewed

@@ -0,0 +1,68 @@
+# $Id: testldif.rb 61 2006-04-18 20:55:55Z blackhedd $
+require 'common'
+require 'net/ldif'
+require 'digest/sha1'
+require 'base64'
+class TestLdif < Test::Unit::TestCase
+  TestLdifFilename = "#{File.dirname(__FILE__)}/testdata.ldif"
+  def test_empty_ldif
+    ds = Net::LDAP::Dataset.read_ldif(StringIO.new)
+    assert_equal(true, ds.empty?)
+  end
+  def test_ldif_with_comments
+    str = ["# Hello from LDIF-land", "# This is an unterminated comment"]
+    io = StringIO.new(str[0] + "\r\n" + str[1])
+    ds = Net::LDAP::Dataset::read_ldif(io)
+    assert_equal(str, ds.comments)
+  end
+  def test_ldif_with_password
+    psw = "goldbricks"
+    hashed_psw = "{SHA}" + Base64::encode64(Digest::SHA1.digest(psw)).chomp
+    ldif_encoded = Base64::encode64(hashed_psw).chomp
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: Goldbrick\r\nuserPassword:: #{ldif_encoded}\r\n\r\n"))
+    recovered_psw = ds["Goldbrick"][:userpassword].shift
+    assert_equal(hashed_psw, recovered_psw)
+  end
+  def test_ldif_with_continuation_lines
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n   hijklmn\r\n\r\n"))
+    assert_equal(true, ds.has_key?("abcdefg hijklmn"))
+  end
+  # TODO, INADEQUATE. We need some more tests
+  # to verify the content.
+  def test_ldif
+    File.open(TestLdifFilename, "r") {|f|
+      ds = Net::LDAP::Dataset::read_ldif(f)
+      assert_equal(13, ds.length)
+    }
+  end
+  # Must test folded lines and base64-encoded lines as well as normal ones.
+  def test_to_ldif
+    data = File.open(TestLdifFilename, "rb") { |f| f.read }
+    io = StringIO.new(data)
+    # added .lines to turn to array because 1.9 doesn't have
+    # .grep on basic strings
+    entries = data.lines.grep(/^dn:\s*/) { $'.chomp }
+    dn_entries = entries.dup
+    ds = Net::LDAP::Dataset::read_ldif(io) { |type, value|
+      case type
+      when :dn
+        assert_equal(dn_entries.first, value)
+        dn_entries.shift
+      end
+    }
+    assert_equal(entries.size, ds.size)
+    assert_equal(entries.sort, ds.to_ldif.grep(/^dn:\s*/) { $'.chomp })
+  end
+end

data/test/test_password.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# $Id: testpsw.rb 72 2006-04-24 21:58:14Z blackhedd $
+require 'common'
+class TestPassword < Test::Unit::TestCase
+  def test_psw
+    assert_equal(
+	"{MD5}xq8jwrcfibi0sZdZYNkSng==",
+	Net::LDAP::Password.generate( :md5, "cashflow" ))
+    assert_equal(
+	"{SHA}YE4eGkN4BvwNN1f5R7CZz0kFn14=",
+	Net::LDAP::Password.generate( :sha, "cashflow" ))
+  end
+end

data/test/test_rename.rb ADDED Viewed

@@ -0,0 +1,79 @@
+require 'common'
+class TestRename < Test::Unit::TestCase
+  def test_the_truth
+    assert true
+  end
+  # Commented out since it assumes you have a live LDAP server somewhere. This
+  # will be migrated to the integration specs, as soon as they are ready.
+  #   HOST= '10.10.10.71'
+  # PORT = 389
+  # BASE = "o=test"
+  # AUTH = { :method => :simple, :username => "cn=testadmin,#{BASE}", :password => 'password' }
+  # BASIC_USER = "cn=jsmith,ou=sales,#{BASE}"
+  # RENAMED_USER = "cn=jbrown,ou=sales,#{BASE}"
+  # MOVED_USER = "cn=jsmith,ou=marketing,#{BASE}"
+  # RENAMED_MOVED_USER = "cn=jjones,ou=marketing,#{BASE}"
+  #
+  # def setup
+  #   # create the entries we're going to manipulate
+  #   Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+  #     if ldap.add(:dn => "ou=sales,#{BASE}", :attributes => { :ou => "sales", :objectclass => "organizationalUnit" })
+  #       puts "Add failed: #{ldap.get_operation_result.message} - code: #{ldap.get_operation_result.code}"
+  #     end
+  #     ldap.add(:dn => "ou=marketing,#{BASE}", :attributes => { :ou => "marketing", :objectclass => "organizationalUnit" })
+  #     ldap.add(:dn => BASIC_USER, :attributes => { :cn => "jsmith", :objectclass => "inetOrgPerson", :sn => "Smith" })
+  #   end
+  # end
+  #
+  # def test_rename_entry
+  #   dn = nil
+  #   Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+  #     ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jbrown")
+  #
+  #     ldap.search(:base => RENAMED_USER) do |entry|
+  #       dn = entry.dn
+  #     end
+  #   end
+  #   assert_equal(RENAMED_USER, dn)
+  # end
+  #
+  # def test_move_entry
+  #   dn = nil
+  #   Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+  #     ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jsmith", :new_superior => "ou=marketing,#{BASE}")
+  #
+  #     ldap.search(:base => MOVED_USER) do |entry|
+  #       dn = entry.dn
+  #     end
+  #   end
+  #   assert_equal(MOVED_USER, dn)
+  # end
+  #
+  # def test_move_and_rename_entry
+  #   dn = nil
+  #   Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+  #     ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jjones", :new_superior => "ou=marketing,#{BASE}")
+  #
+  #     ldap.search(:base => RENAMED_MOVED_USER) do |entry|
+  #       dn = entry.dn
+  #     end
+  #   end
+  #   assert_equal(RENAMED_MOVED_USER, dn)
+  # end
+  #
+  # def teardown
+  #   # delete the entries
+  #   # note: this doesn't always completely clear up on eDirectory as objects get locked while
+  #   # the rename/move is being completed on the server and this prevents the delete from happening
+  #   Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+  #     ldap.delete(:dn => BASIC_USER)
+  #     ldap.delete(:dn => RENAMED_USER)
+  #     ldap.delete(:dn => MOVED_USER)
+  #     ldap.delete(:dn => RENAMED_MOVED_USER)
+  #     ldap.delete(:dn => "ou=sales,#{BASE}")
+  #     ldap.delete(:dn => "ou=marketing,#{BASE}")
+  #   end
+  # end
+end

data/test/test_snmp.rb ADDED Viewed

@@ -0,0 +1,114 @@
+# $Id: testsnmp.rb 231 2006-12-21 15:09:29Z blackhedd $
+require 'common'
+require 'net/snmp'
+class TestSnmp < Test::Unit::TestCase
+  SnmpGetRequest = "0'\002\001\000\004\006public\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000"
+  SnmpGetResponse = "0+\002\001\000\004\006public\242\036\002\002'\017\002\001\000\002\001\0000\0220\020\006\b+\006\001\002\001\001\001\000\004\004test"
+  SnmpGetRequestXXX = "0'\002\001\000\004\006xxxxxx\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000"
+  def test_invalid_packet
+    data = "xxxx"
+    assert_raise(Net::BER::BerError) {
+ary = data.read_ber(Net::SNMP::AsnSyntax)
+    }
+  end
+  # The method String#read_ber! added by Net::BER consumes a well-formed BER
+  # object from the head of a string. If it doesn't find a complete,
+  # well-formed BER object, it returns nil and leaves the string unchanged.
+  # If it finds an object, it returns the object and removes it from the
+  # head of the string. This is good for handling partially-received data
+  # streams, such as from network connections.
+  def _test_consume_string
+    data = "xxx"
+    assert_equal(nil, data.read_ber!)
+    assert_equal("xxx", data)
+    data = SnmpGetRequest + "!!!"
+    ary = data.read_ber!(Net::SNMP::AsnSyntax)
+    assert_equal("!!!", data)
+    assert ary.is_a?(Array)
+    assert ary.is_a?(Net::BER::BerIdentifiedArray)
+  end
+  def test_weird_packet
+    assert_raise(Net::SnmpPdu::Error) {
+Net::SnmpPdu.parse("aaaaaaaaaaaaaa")
+    }
+  end
+  def test_get_request
+    data = SnmpGetRequest.dup
+    pkt = data.read_ber(Net::SNMP::AsnSyntax)
+    assert pkt.is_a?(Net::BER::BerIdentifiedArray)
+    assert_equal(48, pkt.ber_identifier) # Constructed [0], signifies GetRequest
+    pdu = Net::SnmpPdu.parse(pkt)
+    assert_equal(:get_request, pdu.pdu_type)
+    assert_equal(16170, pdu.request_id) # whatever was in the test data. 16170 is not magic.
+    assert_equal([[[1, 3, 6, 1, 2, 1, 1, 1, 0], nil]], pdu.variables)
+    assert_equal(pdu.to_ber_string, SnmpGetRequest)
+  end
+  def test_empty_pdu
+    pdu = Net::SnmpPdu.new
+    assert_raise(Net::SnmpPdu::Error) { pdu.to_ber_string }
+  end
+  def test_malformations
+    pdu = Net::SnmpPdu.new
+    pdu.version = 0
+    pdu.version = 2
+    assert_raise(Net::SnmpPdu::Error) { pdu.version = 100 }
+    pdu.pdu_type = :get_request
+    pdu.pdu_type = :get_next_request
+    pdu.pdu_type = :get_response
+    pdu.pdu_type = :set_request
+    pdu.pdu_type = :trap
+    assert_raise(Net::SnmpPdu::Error) { pdu.pdu_type = :something_else }
+  end
+  def test_make_response
+    pdu = Net::SnmpPdu.new
+    pdu.version = 0
+    pdu.community = "public"
+    pdu.pdu_type = :get_response
+    pdu.request_id = 9999
+    pdu.error_status = 0
+    pdu.error_index = 0
+    pdu.add_variable_binding [1, 3, 6, 1, 2, 1, 1, 1, 0], "test"
+    assert_equal(SnmpGetResponse, pdu.to_ber_string)
+  end
+  def test_make_bad_response
+    pdu = Net::SnmpPdu.new
+    assert_raise(Net::SnmpPdu::Error) {pdu.to_ber_string}
+    pdu.pdu_type = :get_response
+    pdu.request_id = 999
+    pdu.to_ber_string
+    # Not specifying variables doesn't create an error. (Maybe it should?)
+  end
+  def test_snmp_integers
+    c32 = Net::SNMP::Counter32.new(100)
+    assert_equal("A\001d", c32.to_ber)
+    g32 = Net::SNMP::Gauge32.new(100)
+    assert_equal("B\001d", g32.to_ber)
+    t32 = Net::SNMP::TimeTicks32.new(100)
+    assert_equal("C\001d", t32.to_ber)
+  end
+  def test_community
+    data = SnmpGetRequestXXX.dup
+    ary = data.read_ber(Net::SNMP::AsnSyntax)
+    pdu = Net::SnmpPdu.parse(ary)
+    assert_equal("xxxxxx", pdu.community)
+  end
+end

data/test/testdata.ldif ADDED Viewed

@@ -0,0 +1,101 @@
+# $Id: testdata.ldif 50 2006-04-17 17:57:33Z blackhedd $
+#
+# This is test-data for an LDAP server in LDIF format.
+#
+dn: dc=bayshorenetworks,dc=com
+objectClass: dcObject
+objectClass: organization
+o: Bayshore Networks LLC
+dc: bayshorenetworks
+dn: cn=Manager,dc=bayshorenetworks,dc=com
+objectClass: organizationalrole
+cn: Manager
+dn: ou=people,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: people
+dn: ou=privileges,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: privileges
+dn: ou=roles,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: roles
+dn: ou=office,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: office
+dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Bob Fosse
+mail: nogoodnik@steamheat.net
+sn: Fosse
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
+hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
+dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Gwen Verdon
+mail: elephant@steamheat.net
+sn: Verdon
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineering
+ou: privileges
+objectClass: accessPrivilege
+dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineer
+ou: roles
+objectClass: accessRole
+hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
+dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapadmin
+ou: roles
+objectClass: accessRole
+dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapsuperadmin
+ou: roles
+objectClass: accessRole
+dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Sid Sorokin
+mail: catperson@steamheat.net
+sn: Sorokin
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles