|
Chris@909
|
1 # $Id: testldap.rb 65 2006-04-23 01:17:49Z blackhedd $
|
|
Chris@909
|
2 #
|
|
Chris@909
|
3 #
|
|
Chris@909
|
4
|
|
Chris@909
|
5
|
|
Chris@909
|
6 $:.unshift "lib"
|
|
Chris@909
|
7
|
|
Chris@909
|
8 require 'test/unit'
|
|
Chris@909
|
9
|
|
Chris@909
|
10 require 'net/ldap'
|
|
Chris@909
|
11 require 'stringio'
|
|
Chris@909
|
12
|
|
Chris@909
|
13
|
|
Chris@909
|
14 class TestLdapClient < Test::Unit::TestCase
|
|
Chris@909
|
15
|
|
Chris@909
|
16 # TODO: these tests crash and burn if the associated
|
|
Chris@909
|
17 # LDAP testserver isn't up and running.
|
|
Chris@909
|
18 # We rely on being able to read a file with test data
|
|
Chris@909
|
19 # in LDIF format.
|
|
Chris@909
|
20 # TODO, WARNING: for the moment, this data is in a file
|
|
Chris@909
|
21 # whose name and location are HARDCODED into the
|
|
Chris@909
|
22 # instance method load_test_data.
|
|
Chris@909
|
23
|
|
Chris@909
|
24 def setup
|
|
Chris@909
|
25 @host = "127.0.0.1"
|
|
Chris@909
|
26 @port = 3890
|
|
Chris@909
|
27 @auth = {
|
|
Chris@909
|
28 :method => :simple,
|
|
Chris@909
|
29 :username => "cn=bigshot,dc=bayshorenetworks,dc=com",
|
|
Chris@909
|
30 :password => "opensesame"
|
|
Chris@909
|
31 }
|
|
Chris@909
|
32
|
|
Chris@909
|
33 @ldif = load_test_data
|
|
Chris@909
|
34 end
|
|
Chris@909
|
35
|
|
Chris@909
|
36
|
|
Chris@909
|
37
|
|
Chris@909
|
38 # Get some test data which will be used to validate
|
|
Chris@909
|
39 # the responses from the test LDAP server we will
|
|
Chris@909
|
40 # connect to.
|
|
Chris@909
|
41 # TODO, Bogus: we are HARDCODING the location of the file for now.
|
|
Chris@909
|
42 #
|
|
Chris@909
|
43 def load_test_data
|
|
Chris@909
|
44 ary = File.readlines( "tests/testdata.ldif" )
|
|
Chris@909
|
45 hash = {}
|
|
Chris@909
|
46 while line = ary.shift and line.chomp!
|
|
Chris@909
|
47 if line =~ /^dn:[\s]*/i
|
|
Chris@909
|
48 dn = $'
|
|
Chris@909
|
49 hash[dn] = {}
|
|
Chris@909
|
50 while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
|
|
Chris@909
|
51 hash[dn][$1.downcase.intern] ||= []
|
|
Chris@909
|
52 hash[dn][$1.downcase.intern] << $'
|
|
Chris@909
|
53 end
|
|
Chris@909
|
54 end
|
|
Chris@909
|
55 end
|
|
Chris@909
|
56 hash
|
|
Chris@909
|
57 end
|
|
Chris@909
|
58
|
|
Chris@909
|
59
|
|
Chris@909
|
60
|
|
Chris@909
|
61 # Binding tests.
|
|
Chris@909
|
62 # Need tests for all kinds of network failures and incorrect auth.
|
|
Chris@909
|
63 # TODO: Implement a class-level timeout for operations like bind.
|
|
Chris@909
|
64 # Search has a timeout defined at the protocol level, other ops do not.
|
|
Chris@909
|
65 # TODO, use constants for the LDAP result codes, rather than hardcoding them.
|
|
Chris@909
|
66 def test_bind
|
|
Chris@909
|
67 ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
|
|
Chris@909
|
68 assert_equal( true, ldap.bind )
|
|
Chris@909
|
69 assert_equal( 0, ldap.get_operation_result.code )
|
|
Chris@909
|
70 assert_equal( "Success", ldap.get_operation_result.message )
|
|
Chris@909
|
71
|
|
Chris@909
|
72 bad_username = @auth.merge( {:username => "cn=badguy,dc=imposters,dc=com"} )
|
|
Chris@909
|
73 ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_username
|
|
Chris@909
|
74 assert_equal( false, ldap.bind )
|
|
Chris@909
|
75 assert_equal( 48, ldap.get_operation_result.code )
|
|
Chris@909
|
76 assert_equal( "Inappropriate Authentication", ldap.get_operation_result.message )
|
|
Chris@909
|
77
|
|
Chris@909
|
78 bad_password = @auth.merge( {:password => "cornhusk"} )
|
|
Chris@909
|
79 ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_password
|
|
Chris@909
|
80 assert_equal( false, ldap.bind )
|
|
Chris@909
|
81 assert_equal( 49, ldap.get_operation_result.code )
|
|
Chris@909
|
82 assert_equal( "Invalid Credentials", ldap.get_operation_result.message )
|
|
Chris@909
|
83 end
|
|
Chris@909
|
84
|
|
Chris@909
|
85
|
|
Chris@909
|
86
|
|
Chris@909
|
87 def test_search
|
|
Chris@909
|
88 ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
|
|
Chris@909
|
89
|
|
Chris@909
|
90 search = {:base => "dc=smalldomain,dc=com"}
|
|
Chris@909
|
91 assert_equal( false, ldap.search( search ))
|
|
Chris@909
|
92 assert_equal( 32, ldap.get_operation_result.code )
|
|
Chris@909
|
93
|
|
Chris@909
|
94 search = {:base => "dc=bayshorenetworks,dc=com"}
|
|
Chris@909
|
95 assert_equal( true, ldap.search( search ))
|
|
Chris@909
|
96 assert_equal( 0, ldap.get_operation_result.code )
|
|
Chris@909
|
97
|
|
Chris@909
|
98 ldap.search( search ) {|res|
|
|
Chris@909
|
99 assert_equal( res, @ldif )
|
|
Chris@909
|
100 }
|
|
Chris@909
|
101 end
|
|
Chris@909
|
102
|
|
Chris@909
|
103
|
|
Chris@909
|
104
|
|
Chris@909
|
105
|
|
Chris@909
|
106 # This is a helper routine for test_search_attributes.
|
|
Chris@909
|
107 def internal_test_search_attributes attrs_to_search
|
|
Chris@909
|
108 ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
|
|
Chris@909
|
109 assert( ldap.bind )
|
|
Chris@909
|
110
|
|
Chris@909
|
111 search = {
|
|
Chris@909
|
112 :base => "dc=bayshorenetworks,dc=com",
|
|
Chris@909
|
113 :attributes => attrs_to_search
|
|
Chris@909
|
114 }
|
|
Chris@909
|
115
|
|
Chris@909
|
116 ldif = @ldif
|
|
Chris@909
|
117 ldif.each {|dn,entry|
|
|
Chris@909
|
118 entry.delete_if {|attr,value|
|
|
Chris@909
|
119 ! attrs_to_search.include?(attr)
|
|
Chris@909
|
120 }
|
|
Chris@909
|
121 }
|
|
Chris@909
|
122
|
|
Chris@909
|
123 assert_equal( true, ldap.search( search ))
|
|
Chris@909
|
124 ldap.search( search ) {|res|
|
|
Chris@909
|
125 res_keys = res.keys.sort
|
|
Chris@909
|
126 ldif_keys = ldif.keys.sort
|
|
Chris@909
|
127 assert( res_keys, ldif_keys )
|
|
Chris@909
|
128 res.keys.each {|rk|
|
|
Chris@909
|
129 assert( res[rk], ldif[rk] )
|
|
Chris@909
|
130 }
|
|
Chris@909
|
131 }
|
|
Chris@909
|
132 end
|
|
Chris@909
|
133
|
|
Chris@909
|
134
|
|
Chris@909
|
135 def test_search_attributes
|
|
Chris@909
|
136 internal_test_search_attributes [:mail]
|
|
Chris@909
|
137 internal_test_search_attributes [:cn]
|
|
Chris@909
|
138 internal_test_search_attributes [:ou]
|
|
Chris@909
|
139 internal_test_search_attributes [:hasaccessprivilege]
|
|
Chris@909
|
140 internal_test_search_attributes ["mail"]
|
|
Chris@909
|
141 internal_test_search_attributes ["cn"]
|
|
Chris@909
|
142 internal_test_search_attributes ["ou"]
|
|
Chris@909
|
143 internal_test_search_attributes ["hasaccessrole"]
|
|
Chris@909
|
144
|
|
Chris@909
|
145 internal_test_search_attributes [:mail, :cn, :ou, :hasaccessrole]
|
|
Chris@909
|
146 internal_test_search_attributes [:mail, "cn", :ou, "hasaccessrole"]
|
|
Chris@909
|
147 end
|
|
Chris@909
|
148
|
|
Chris@909
|
149
|
|
Chris@909
|
150 def test_search_filters
|
|
Chris@909
|
151 ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
|
|
Chris@909
|
152 search = {
|
|
Chris@909
|
153 :base => "dc=bayshorenetworks,dc=com",
|
|
Chris@909
|
154 :filter => Net::LDAP::Filter.eq( "sn", "Fosse" )
|
|
Chris@909
|
155 }
|
|
Chris@909
|
156
|
|
Chris@909
|
157 ldap.search( search ) {|res|
|
|
Chris@909
|
158 p res
|
|
Chris@909
|
159 }
|
|
Chris@909
|
160 end
|
|
Chris@909
|
161
|
|
Chris@909
|
162
|
|
Chris@909
|
163
|
|
Chris@909
|
164 def test_open
|
|
Chris@909
|
165 ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
|
|
Chris@909
|
166 ldap.open {|ldap|
|
|
Chris@909
|
167 10.times {
|
|
Chris@909
|
168 rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )
|
|
Chris@909
|
169 assert_equal( true, rc )
|
|
Chris@909
|
170 }
|
|
Chris@909
|
171 }
|
|
Chris@909
|
172 end
|
|
Chris@909
|
173
|
|
Chris@909
|
174
|
|
Chris@909
|
175 def test_ldap_open
|
|
Chris@909
|
176 Net::LDAP.open( :host => @host, :port => @port, :auth => @auth ) {|ldap|
|
|
Chris@909
|
177 10.times {
|
|
Chris@909
|
178 rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )
|
|
Chris@909
|
179 assert_equal( true, rc )
|
|
Chris@909
|
180 }
|
|
Chris@909
|
181 }
|
|
Chris@909
|
182 end
|
|
Chris@909
|
183
|
|
Chris@909
|
184
|
|
Chris@909
|
185
|
|
Chris@909
|
186
|
|
Chris@909
|
187
|
|
Chris@909
|
188 end
|
|
Chris@909
|
189
|
|
Chris@909
|
190
|
