socialcast 1.3.8 → 1.3.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 43487693be70d4bd0315db025f57e8a2c492fcc7
-  data.tar.gz: a527ada1136ef1d6e3f2fd80ae8fb4e69cd493e7
+  metadata.gz: e51c9793ebf4ee2583d3ed81fa89daff0b434030
+  data.tar.gz: e2e52ed618072b8aba3d3b8d66f530220b2bbc27
 SHA512:
-  metadata.gz: 3f23a5a4c44d39c83c2a8b1b41868ecf7c25938141129b55993cd619e832ae44d835bfa022fb2700a5d68b595108a204c26ae3b4745855fc169453ed73684975
-  data.tar.gz: f9703ae386594ee84cac91e11625d2d0589a5697c8ab103b433b3ef1af37826ee7f5b00a915378de274eb77c06afc5b52b8d6bbc6835875cca6d0369f0d470a9
+  metadata.gz: 91ed1ae61a7c01ce7e3d62758873e65588d2a65dced1b6c5745e55fb155d5aa00ca6be823cefd925417351a4b4f4535bc5863f141866d92e695ae285f8fd5243
+  data.tar.gz: bafba8c661f3f7ff5e5878b15167b6362ac3d558614b7d4fdea7de044847864da7086e76785b1f36f5204a96d587a88eeaeb7ec36a7d16d16dcbc7e40322a549

data/lib/socialcast/command_line/ldap_connector.rb

@@ -5,35 +5,55 @@ require 'active_support/core_ext/array/wrap'
 module Socialcast
   module CommandLine
     class LDAPConnector
-      UNIQUE_IDENTIFIER = "unique_identifier"
-      EMAIL = "email"
-      PRIMARY_ATTRIBUTES = [UNIQUE_IDENTIFIER, 'first_name', 'last_name', 'employee_number']
-      CONTACT_ATTRIBUTES = [EMAIL, 'location', 'cell_phone', 'office_phone']
+      UNIQUE_IDENTIFIER_ATTRIBUTE = "unique_identifier"
+      EMAIL_ATTRIBUTE = "email"
+      MANAGER_ATTRIBUTE = "manager"
+      PRIMARY_ATTRIBUTES = [UNIQUE_IDENTIFIER_ATTRIBUTE, 'first_name', 'last_name', 'employee_number']
+      CONTACT_ATTRIBUTES = [EMAIL_ATTRIBUTE, 'location', 'cell_phone', 'office_phone']
+      PROFILE_PHOTO_ATTRIBUTE = 'profile_photo'
 
       attr_reader :attribute_mappings, :connection_name
 
-      def initialize(connection_name, config)
+      def self.with_connector(connection_name, config)
+        connection_config = config["connections"][connection_name]
+        ldap = Net::LDAP.new(:host => connection_config["host"], :port => connection_config["port"], :base => connection_config["basedn"]).tap do |ldap_instance|
+          ldap_instance.encryption connection_config['encryption'].to_sym if connection_config['encryption']
+          ldap_instance.auth connection_config["username"], connection_config["password"]
+        end
+
+        ldap.open do |connected_ldap_instance|
+          yield new(connection_name, config, connected_ldap_instance)
+        end
+      end
+
+      def self.attribute_mappings_for(connection_name, config)
+        config['connections'][connection_name]['mappings'] || config.fetch('mappings', {})
+      end
+
+      def initialize(connection_name, config, ldap)
         @connection_name = connection_name
         @config = config
+        @ldap = ldap
+        @group_unique_identifiers = fetch_group_unique_identifiers
+        @dn_to_email_hash = fetch_dn_to_email_hash
       end
 
       def each_user_hash
-        each_ldap_entry do |entry|
+        each_ldap_entry(ldap_user_search_attributes) do |entry|
           yield build_user_hash_from_mappings(entry)
         end
       end
 
-      def each_ldap_entry
-        search(:return_result => false, :filter => connection_config["filter"], :base => connection_config["basedn"], :attributes => ldap_search_attributes) do |entry|
-          if grab(entry, attribute_mappings[EMAIL]).present? || (attribute_mappings.has_key?(UNIQUE_IDENTIFIER) && grab(entry, attribute_mappings[UNIQUE_IDENTIFIER]).present?)
-            yield entry
-          end
+      def each_photo_hash
+        each_ldap_entry(ldap_photo_search_attributes) do |entry|
+          photo_hash = build_photo_hash_from_mappings(entry)
+          yield photo_hash if photo_hash.present?
         end
       end
 
       def fetch_user_hash(identifier, options)
         options = options.dup
-        identifying_field = options.delete(:identifying_field) || UNIQUE_IDENTIFIER
+        identifying_field = options.delete(:identifying_field) || UNIQUE_IDENTIFIER_ATTRIBUTE
 
         filter = if connection_config['filter'].present?
                    Net::LDAP::Filter.construct(connection_config['filter'])
@@ -43,7 +63,7 @@ module Socialcast
 
         filter = filter & Net::LDAP::Filter.construct("#{attribute_mappings[identifying_field]}=#{identifier}")
 
-        search(:base => connection_config['basedn'], :filter => filter, :attributes => ldap_search_attributes, :size => 1) do |entry|
+        search(:base => connection_config['basedn'], :filter => filter, :attributes => ldap_user_search_attributes, :size => 1) do |entry|
           return build_user_hash_from_mappings(entry)
         end
 
@@ -51,8 +71,7 @@ module Socialcast
       end
 
       def attribute_mappings
-        @attribute_mappings ||= connection_config['mappings']
-        @attribute_mappings ||= @config.fetch 'mappings', {}
+        @attribute_mappings ||= LDAPConnector.attribute_mappings_for(@connection_name, @config)
       end
 
       # grab a *single* value of an attribute
@@ -82,13 +101,37 @@ module Socialcast
 
       private
 
+      def each_ldap_entry(attributes)
+        search(:return_result => false, :filter => connection_config["filter"], :base => connection_config["basedn"], :attributes => attributes) do |entry|
+          if grab(entry, attribute_mappings[EMAIL_ATTRIBUTE]).present? || (attribute_mappings.has_key?(UNIQUE_IDENTIFIER_ATTRIBUTE) && grab(entry, attribute_mappings[UNIQUE_IDENTIFIER_ATTRIBUTE]).present?)
+            yield entry
+          end
+        end
+      end
+
       def connection_config
         @config["connections"][connection_name]
       end
 
-      def ldap_search_attributes
-        membership_attribute = permission_mappings.fetch 'attribute_name', 'memberof'
-        attributes = attribute_mappings.values.map do |mapping_value|
+      def ldap_mail_search_attributes
+        search_attributes [attribute_mappings[LDAPConnector::EMAIL_ATTRIBUTE]]
+      end
+
+      def ldap_user_search_attributes
+        mappings = attribute_mappings.map do |mapping_key, mapping_value|
+          mapping_value unless mapping_key == PROFILE_PHOTO_ATTRIBUTE
+        end.compact
+        attributes = search_attributes(mappings)
+        attributes << permission_mappings.fetch('attribute_name', 'memberof')
+        attributes.flatten
+      end
+
+      def ldap_photo_search_attributes
+        search_attributes [attribute_mappings[LDAPConnector::EMAIL_ATTRIBUTE], attribute_mappings[LDAPConnector::PROFILE_PHOTO_ATTRIBUTE]]
+      end
+
+      def search_attributes(mappings)
+        mappings.map do |mapping_value|
           value = begin
             mapping_value.camelize.constantize
           rescue NameError
@@ -109,15 +152,6 @@ module Socialcast
               mapping_value
             end
           end
-        end.flatten
-        attributes << membership_attribute
-      end
-
-
-      def ldap
-        @ldap ||= Net::LDAP.new(:host => connection_config["host"], :port => connection_config["port"], :base => connection_config["basedn"]).tap do |ldap_instance|
-          ldap_instance.encryption connection_config['encryption'].to_sym if connection_config['encryption']
-          ldap_instance.auth connection_config["username"], connection_config["password"]
         end
       end
 
@@ -125,12 +159,12 @@ module Socialcast
         options_for_search = if search_options[:base].present?
                                Array.wrap(search_options)
                              else
-                               distinguished_names = Array.wrap(ldap.search_root_dse.namingcontexts)
+                               distinguished_names = Array.wrap(@ldap.search_root_dse.namingcontexts)
                                options_for_search = distinguished_names.map { |dn| search_options.merge(:base => dn ) }
                              end
 
         options_for_search.each do |options|
-          ldap.search(options) do |entry|
+          @ldap.search(options) do |entry|
             yield(entry)
           end
         end
@@ -149,24 +183,35 @@ module Socialcast
         permission_mappings['group_memberships']
       end
 
-      def dereference_mail(entry, dn_field, mail_attribute)
+      def dereference_mail(entry, dn_field)
         dn = grab(entry, dn_field)
-        ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject) do |manager_entry|
-          return grab(manager_entry, mail_attribute)
-        end
+
+        @dn_to_email_hash[dn]
       end
 
-      def group_unique_identifiers
-        @group_uids ||= {}.tap do |groups|
+      def fetch_group_unique_identifiers
+        return nil unless group_membership_mappings.present?
+
+        {}.tap do |groups|
           search_options = {
             :return_result => false,
             :filter => group_membership_mappings["filter"],
             :base => connection_config["basedn"],
-            :attributes => [group_membership_mappings[UNIQUE_IDENTIFIER]]
+            :attributes => [group_membership_mappings[UNIQUE_IDENTIFIER_ATTRIBUTE]]
           }
 
           search(search_options) do |entry|
-            groups[grab(entry, "dn")] = grab(entry, group_membership_mappings[UNIQUE_IDENTIFIER])
+            groups[grab(entry, "dn")] = grab(entry, group_membership_mappings[UNIQUE_IDENTIFIER_ATTRIBUTE])
+          end
+        end
+      end
+
+      def fetch_dn_to_email_hash
+        return nil unless attribute_mappings[MANAGER_ATTRIBUTE].present?
+
+        {}.tap do |dn_to_email_hash|
+          each_ldap_entry(ldap_mail_search_attributes) do |entry|
+            dn_to_email_hash[entry.dn] = grab(entry, attribute_mappings[EMAIL_ATTRIBUTE])
           end
         end
       end
@@ -187,12 +232,12 @@ module Socialcast
       end
 
       def add_custom_attributes(entry, user_hash)
-        custom_attributes = attribute_mappings.keys - (PRIMARY_ATTRIBUTES + CONTACT_ATTRIBUTES)
+        custom_attributes = attribute_mappings.keys - (PRIMARY_ATTRIBUTES + CONTACT_ATTRIBUTES + [PROFILE_PHOTO_ATTRIBUTE])
 
         user_hash['custom_fields'] = []
         custom_attributes.each do |attribute|
-          if attribute == 'manager'
-            user_hash['custom_fields'] << { 'id' => 'manager_email', 'label' => 'manager_email', 'value' => dereference_mail(entry, attribute_mappings[attribute], attribute_mappings[EMAIL]) }
+          if attribute == MANAGER_ATTRIBUTE
+            user_hash['custom_fields'] << { 'id' => 'manager_email', 'label' => 'manager_email', 'value' => dereference_mail(entry, attribute_mappings[attribute]) }
           else
             user_hash['custom_fields'] << { 'id' => attribute, 'label' => attribute, 'value' => grab(entry, attribute_mappings[attribute]) }
           end
@@ -227,10 +272,10 @@ module Socialcast
         membership_attribute = permission_mappings.fetch 'attribute_name', 'memberof'
         memberships = entry[membership_attribute]
 
-        mapped_group_dns = (group_unique_identifiers.keys & memberships)
+        mapped_group_dns = (@group_unique_identifiers.keys & memberships)
 
         user_hash['groups'] = mapped_group_dns.each_with_object([]) do |ldap_group_dn, socialcast_groups|
-          socialcast_groups << group_unique_identifiers[ldap_group_dn]
+          socialcast_groups << @group_unique_identifiers[ldap_group_dn]
         end
       end
 
@@ -246,6 +291,14 @@ module Socialcast
 
         user_hash
       end
+
+      def build_photo_hash_from_mappings(entry)
+        photo_hash = HashWithIndifferentAccess.new
+        photo_hash[EMAIL_ATTRIBUTE] = grab(entry, attribute_mappings[EMAIL_ATTRIBUTE])
+        photo_hash[PROFILE_PHOTO_ATTRIBUTE] = grab(entry, attribute_mappings[PROFILE_PHOTO_ATTRIBUTE])
+
+        return photo_hash if photo_hash[EMAIL_ATTRIBUTE].present? && photo_hash[PROFILE_PHOTO_ATTRIBUTE] && !photo_hash[PROFILE_PHOTO_ATTRIBUTE].empty?
+      end
     end
   end
 end

data/lib/socialcast/command_line/provision_photo.rb

@@ -5,13 +5,13 @@ module Socialcast
     class ProvisionPhoto
       include Socialcast::CommandLine::Provisioner
       def sync
-        each_ldap_connector do |connector|
-
-          connector.attribute_mappings.fetch('profile_photo')
+        @ldap_config['connections'].keys.each do |connection_name|
+          LDAPConnector.attribute_mappings_for(connection_name, @ldap_config).fetch(LDAPConnector::PROFILE_PHOTO_ATTRIBUTE)
+        end
 
-          each_ldap_entry do |entry|
-            attr_mappings = connector.attribute_mappings
-            email = connector.grab(entry, attr_mappings['email'])
+        each_ldap_connector do |connector|
+          connector.each_photo_hash do |photo_hash|
+            email = photo_hash[LDAPConnector::EMAIL_ATTRIBUTE]
 
             ## GET USER INFO
             search_users_resource = Socialcast::CommandLine.resource_for_path '/api/users/search', http_config
@@ -19,10 +19,10 @@ module Socialcast
             user_info = JSON.parse(user_search_response)['users'].first
 
             is_community_default = user_info && user_info['avatars'] && user_info['avatars']['is_community_default']
-            return unless is_community_default || @options[:force_sync]
+            next unless is_community_default || @options[:force_sync]
 
             ## PHOTO URL TO BINARY
-            if profile_photo_data = connector.grab(entry, attr_mappings['profile_photo'])
+            if profile_photo_data = photo_hash[LDAPConnector::PROFILE_PHOTO_ATTRIBUTE]
               if profile_photo_data.start_with?('http')
                 begin
                   profile_photo_data = RestClient.get(profile_photo_data)

data/lib/socialcast/command_line/provision_user.rb

@@ -36,7 +36,7 @@ module Socialcast
             export.users(:type => "array") do |users|
               each_user_hash do |user_hash|
                 users << user_hash.to_xml(:skip_instruct => true, :root => 'user')
-                user_whitelist << [user_hash['contact_info']['email'], user_hash['unique_identifier'], user_hash['employee_number']]
+                user_whitelist << [user_hash['contact_info'][LDAPConnector::EMAIL_ATTRIBUTE], user_hash[LDAPConnector::UNIQUE_IDENTIFIER_ATTRIBUTE], user_hash['employee_number']]
               end
             end # users
           end # export
@@ -50,8 +50,8 @@ module Socialcast
           begin
             File.open(output_file, 'r') do |file|
               request_params = {:file => file}
-              request_params[:skip_emails] = 'true' if (@ldap_config['options']["skip_emails"] || @options[:skip_emails])
-              request_params[:test] = 'true' if (@ldap_config['options']["test"] || @options[:test])
+              request_params[:skip_emails] = 'true' if (@ldap_config.fetch('options', {})["skip_emails"] || @options[:skip_emails])
+              request_params[:test] = 'true' if (@ldap_config.fetch('options', {})["test"] || @options[:test])
               resource.post request_params, :accept => :json
             end
           rescue RestClient::Unauthorized => e
@@ -59,7 +59,7 @@ module Socialcast
           end
           puts "Finished"
         end
-        File.delete(output_file) if (@ldap_config['options']['delete_users_file'] || @options[:delete_users_file])
+        File.delete(output_file) if (@ldap_config.fetch('options', {})['delete_users_file'] || @options[:delete_users_file])
       end
     end
   end

data/lib/socialcast/command_line/provisioner.rb

@@ -18,19 +18,11 @@ module Socialcast
         @http_config ||= @ldap_config.fetch 'http', {}
       end
 
-      def ldap_connector(connection_name)
-        @connectors ||= {}
-
-        unless @connectors[connection_name]
-          @connectors[connection_name] = Socialcast::CommandLine::LDAPConnector.new(connection_name, @ldap_config)
-        end
-
-        @connectors[connection_name]
-      end
-
       def each_ldap_connector
         @ldap_config['connections'].keys.each do |connection_name|
-          yield ldap_connector(connection_name)
+          LDAPConnector.with_connector(connection_name, @ldap_config) do |ldap_connector|
+            yield ldap_connector
+          end
         end
       end
 

data/lib/socialcast/command_line/version.rb

@@ -1,5 +1,5 @@
 module Socialcast
   module CommandLine
-    VERSION = "1.3.8"
+    VERSION = "1.3.9"
   end
 end

data/spec/fixtures/ldap_with_multiple_connection_mappings.yml

@@ -10,6 +10,7 @@ connections:
     filter: "(mail=*)"
     mappings:
       email: mailCon
+      profile_photo: photoCon
 
   example_connection_2:
     username: "cn=Directory Manager"
@@ -21,6 +22,7 @@ connections:
     mappings:
       email: mailCon2
       first_name: firstName
+      profile_photo: photoCon2
 
 # Map LDAP Group Memberships to Socialcast Permissions
 permission_mappings:

data/spec/fixtures/ldap_with_profile_photo.yml

@@ -14,3 +14,15 @@ mappings:
   last_name: sn
   email: mail
   profile_photo: jpegPhoto
+    
+# Map LDAP Group Memberships to Socialcast Permissions
+permission_mappings:
+  # configure LDAP field for group memberships (ex: memberof, isMemberOf, etc)
+  attribute_name: memberof
+  account_types:
+    external: "cn=External,dc=example,dc=com"
+  roles:
+    tenant_admin: "cn=Admins,dc=example,dc=com"
+    sbi_admin: "cn=SbiAdmins,dc=example,dc=com"
+    reach_admin: "cn=ReachAdmins,dc=example,dc=com"
+    town_hall_admin: "cn=TownHallAdmins,dc=example,dc=com"

data/spec/fixtures/ldap_without_options.yml

@@ -0,0 +1,34 @@
+--- 
+# LDAP connections
+connections:
+  example_connection_1:
+    username: "cn=Directory Manager"
+    password: "test"
+    host: localhost
+    port: 1389
+    basedn: "dc=example,dc=com"
+    filter: "(mail=*)"
+
+
+# LDAP attribute mappings
+mappings:
+  first_name: givenName
+  last_name: sn
+  email: mail
+  # only use employee_number if the email is unknown
+  # employee_number: emp_id
+  # only use unique_identifier if you do not wish to use email as the main user identification method
+  # unique_identifier: samaccountname
+
+
+# Map LDAP Group Memberships to Socialcast Permissions
+permission_mappings:
+  # configure LDAP field for group memberships (ex: memberof, isMemberOf, etc)
+  attribute_name: isMemberOf
+  account_types:
+    external: "cn=External,dc=example,dc=com"
+  roles:
+    tenant_admin: "cn=Admins,dc=example,dc=com"
+    sbi_admin: "cn=SbiAdmins,dc=example,dc=com"
+    reach_admin: "cn=ReachAdmins,dc=example,dc=com"
+    town_hall_admin: "cn=TownHallAdmins,dc=example,dc=com"

data/spec/socialcast/command_line/cli_spec.rb

@@ -16,6 +16,13 @@ describe Socialcast::CommandLine::CLI do
     Socialcast::CommandLine.stub(:credentials).and_return(credentials)
   end
 
+  let(:ldap) do
+    ldap_instance = double(Net::LDAP, :auth => nil, :encryption => nil)
+    ldap_instance.should_receive(:open).and_yield(ldap_instance)
+    Net::LDAP.should_receive(:new).and_return(ldap_instance)
+    ldap_instance
+  end
+
   describe '#info' do
     before do
       Socialcast::CommandLine::CLI.any_instance.should_receive(:say).with("Socialcast Command Line #{Socialcast::CommandLine::VERSION}")
@@ -149,12 +156,12 @@ describe Socialcast::CommandLine::CLI do
     context "user does not have a profile photo" do
       let(:config_file) { ldap_with_profile_photo_config_file }
       let(:system_default_photo) { true }
-      let(:photo_data) { "\x89PNGabc" }
+      let(:photo_data) { "\x89PNGabc".force_encoding('binary') }
       before do
         @entry = Net::LDAP::Entry.new("dc=example,dc=com")
         @entry[:mail] = 'ryan@example.com'
         @entry[:jpegPhoto] = photo_data
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         user_search_resource = double(:user_search_resource)
         search_api_response = {
@@ -191,7 +198,7 @@ describe Socialcast::CommandLine::CLI do
         @entry = Net::LDAP::Entry.new("dc=example,dc=com")
         @entry[:mail] = 'ryan@example.com'
         @entry[:jpegPhoto] = photo_data
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         user_search_resource = double(:user_search_resource)
         search_api_response = {
@@ -219,12 +226,12 @@ describe Socialcast::CommandLine::CLI do
     context "user already has a profile photo" do
       let(:config_file) { ldap_with_profile_photo_config_file }
       let(:system_default_photo) { false }
-      let(:photo_data) { "\x89PNGabc" }
+      let(:photo_data) { "\x89PNGabc".force_encoding('binary') }
       before do
         @entry = Net::LDAP::Entry.new("dc=example,dc=com")
         @entry[:mail] = 'ryan@example.com'
-        @entry[:jpegPhoto] = "\x89PNGabc"
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        @entry[:jpegPhoto] = photo_data
+        ldap.should_receive(:search).and_yield(@entry)
 
         user_search_resource = double(:user_search_resource)
         search_api_response = {
@@ -258,7 +265,7 @@ describe Socialcast::CommandLine::CLI do
     end
     context 'with 0 users found in ldap' do
       before do
-        Net::LDAP.any_instance.stub(:search).and_return(nil)
+        ldap.should_receive(:search).and_return(nil)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -273,7 +280,7 @@ describe Socialcast::CommandLine::CLI do
     end
     context 'with 0 users found in ldap and force option passed' do
       before do
-        Net::LDAP.any_instance.stub(:search).and_return(nil)
+        ldap.should_receive(:search).and_return(nil)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -289,7 +296,7 @@ describe Socialcast::CommandLine::CLI do
     end
     context 'with socialcast returning 401' do
       before do
-        Net::LDAP.any_instance.stub(:search).and_return(nil)
+        ldap.should_receive(:search).and_return(nil)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -309,7 +316,7 @@ describe Socialcast::CommandLine::CLI do
       before do
         @entry = Net::LDAP::Entry.new("dc=example,dc=com")
         @entry[:mail] = 'ryan@example.com'
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -322,19 +329,7 @@ describe Socialcast::CommandLine::CLI do
       it 'resolves absolute path without using current process directory' do end # see expectations
     end
     context 'with plugins option used with non-existent ruby files' do
-      before do
-        @entry = Net::LDAP::Entry.new("dc=example,dc=com")
-        @entry[:mail] = 'ryan@example.com'
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
-
-        @result = ''
-        Zlib::GzipWriter.stub(:open).and_yield(@result)
-        Socialcast::CommandLine::CLI.any_instance.should_receive(:ldap_config).and_return(ldap_without_permission_mappings_config)
-        File.stub(:open).with(/users.xml.gz/, anything).and_yield(@result)
-        RestClient::Resource.any_instance.stub(:post)
-
-      end
-      it 'does not post to Socialcast and throws Kernel.abort' do
+      it 'does not post to Socialcast and raises an error' do
         lambda { Socialcast::CommandLine::CLI.start ['provision', '-c', '/my/path/to/ldap.yml', '--plugins', ['does_not_exist.rb', 'also_does_not_exist.rb']] }.should raise_error
       end
     end
@@ -343,7 +338,7 @@ describe Socialcast::CommandLine::CLI do
         @entry = Net::LDAP::Entry.new("dc=example,dc=com")
         @entry[:mail] = 'ryan@example.com'
         @entry[:plugin_attr] = 'some value'
-        Net::LDAP.any_instance.should_receive(:search).with(hash_including(:attributes => ['plugin_attr', 'sn', 'mail', 'memberof'])).and_yield(@entry)
+        ldap.should_receive(:search).with(hash_including(:attributes => ['plugin_attr', 'sn', 'mail', 'memberof'])).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -362,7 +357,7 @@ describe Socialcast::CommandLine::CLI do
         @entry = Net::LDAP::Entry.new("dc=example,dc=com")
         @entry[:mail] = 'ryan@example.com'
 
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -383,7 +378,7 @@ describe Socialcast::CommandLine::CLI do
         @entry[:mail] = 'ryan@example.com'
         @entry[:isMemberOf] = 'cn=External,dc=example,dc=com'
 
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -404,7 +399,7 @@ describe Socialcast::CommandLine::CLI do
         @entry[:mail] = 'ryan@example.com'
         @entry[:isMemberOf] = 'cn=Contractor,dc=example,dc=com'
 
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -426,7 +421,7 @@ describe Socialcast::CommandLine::CLI do
         @entry[:mail] = 'ryan@example.com'
         @entry[:isMemberOf] = 'cn=Admins,dc=example,dc=com'
 
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -450,7 +445,7 @@ describe Socialcast::CommandLine::CLI do
         @entry[:mail] = 'ryan@example.com'
         @entry[:isMemberOf] = 'cn=Marketing,dc=example,dc=com'
 
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -474,7 +469,7 @@ describe Socialcast::CommandLine::CLI do
         @entry[:mail] = 'ryan@example.com'
         @entry[:isMemberOf] = 'cn=Engineering,dc=example,dc=com'
 
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -500,7 +495,7 @@ describe Socialcast::CommandLine::CLI do
         @entry[:l] = 'San Francisco'
         @entry[:co] = 'USA'
 
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).and_yield(@entry)
 
         @result = ''
         Zlib::GzipWriter.stub(:open).and_yield(@result)
@@ -518,17 +513,18 @@ describe Socialcast::CommandLine::CLI do
     end
 
     context 'with ldap.yml configuration including manager attribute mapping' do
+      let(:result) { '' }
       before do
-        @entry = Net::LDAP::Entry.new("dc=example,dc=com")
-        @entry[:mail] = 'ryan@example.com'
-        @entry[:manager] = 'cn=bossman,dc=example,dc=com'
-        @manager_email = 'bossman@example.com'
+        employee_entry = Net::LDAP::Entry.new("cn=employee,dc=example,dc=com")
+        employee_entry[:mail] = 'employee@example.com'
+        employee_entry[:ldap_manager] = 'cn=manager,dc=example,dc=com'
+        manager_entry = Net::LDAP::Entry.new("cn=manager,dc=example,dc=com")
+        manager_entry[:mail] = 'manager@example.com'
 
-        Socialcast::CommandLine::LDAPConnector.any_instance.should_receive(:dereference_mail).with(kind_of(Net::LDAP::Entry), "ldap_manager", "mail").and_return(@manager_email)
-        Net::LDAP.any_instance.stub(:search).and_yield(@entry)
+        ldap.should_receive(:search).once.ordered.and_yield(manager_entry).and_yield(employee_entry)
+        ldap.should_receive(:search).once.ordered.and_yield(manager_entry).and_yield(employee_entry)
 
-        @result = ''
-        Zlib::GzipWriter.stub(:open).and_yield(@result)
+        Zlib::GzipWriter.stub(:open).and_yield(result)
         Socialcast::CommandLine::CLI.any_instance.should_receive(:ldap_config).and_return(ldap_with_manager_attribute_config)
         File.stub(:open).with(/users.xml.gz/, anything).and_yield(@result)
 
@@ -538,8 +534,8 @@ describe Socialcast::CommandLine::CLI do
       end
 
       it 'adds a manager_email entry of bossman@example.com' do
-        @result.should =~ /<email>ryan@example.com<\/email>/
-        @result.should =~ /<label>manager_email<\/label>\s*<value>bossman@example.com<\/value>/
+        result.should =~ /<email>employee@example.com<\/email>/
+        result.should =~ /<label>manager_email<\/label>\s*<value>manager@example.com<\/value>/
       end
     end
   end