SoundSoftware Code Site

# $Id: testldap.rb 65 2006-04-23 01:17:49Z blackhedd $

#

#

$:.unshift "lib"

require 'test/unit'

require 'net/ldap'

require 'stringio'

class TestLdapClient < Test::Unit::TestCase

  # TODO: these tests crash and burn if the associated

  # LDAP testserver isn't up and running.

  # We rely on being able to read a file with test data

  # in LDIF format.

  # TODO, WARNING: for the moment, this data is in a file

  # whose name and location are HARDCODED into the

  # instance method load_test_data.

  def setup

    @host = "127.0.0.1"

    @port = 3890

    @auth = {

      :method => :simple,

      :username => "cn=bigshot,dc=bayshorenetworks,dc=com",

      :password => "opensesame"

    }

    @ldif = load_test_data

  end

  # Get some test data which will be used to validate

  # the responses from the test LDAP server we will

  # connect to.

  # TODO, Bogus: we are HARDCODING the location of the file for now.

  #

  def load_test_data

    ary = File.readlines( "tests/testdata.ldif" )

    hash = {}

    while line = ary.shift and line.chomp!

      if line =~ /^dn:[\s]*/i

        dn = $'

        hash[dn] = {}

        while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/

          hash[dn][$1.downcase.intern] ||= []

          hash[dn][$1.downcase.intern] << $'

        end

      end

    end

    hash

  end

  # Binding tests.

  # Need tests for all kinds of network failures and incorrect auth.

  # TODO: Implement a class-level timeout for operations like bind.

  # Search has a timeout defined at the protocol level, other ops do not.

  # TODO, use constants for the LDAP result codes, rather than hardcoding them.

  def test_bind

    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth

    assert_equal( true, ldap.bind )

    assert_equal( 0, ldap.get_operation_result.code )

    assert_equal( "Success", ldap.get_operation_result.message )

    bad_username = @auth.merge( {:username => "cn=badguy,dc=imposters,dc=com"} )

    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_username

    assert_equal( false, ldap.bind )

    assert_equal( 48, ldap.get_operation_result.code )

    assert_equal( "Inappropriate Authentication", ldap.get_operation_result.message )

    bad_password = @auth.merge( {:password => "cornhusk"} )

    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_password

    assert_equal( false, ldap.bind )

    assert_equal( 49, ldap.get_operation_result.code )

    assert_equal( "Invalid Credentials", ldap.get_operation_result.message )

  end

  def test_search

    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth

    search = {:base => "dc=smalldomain,dc=com"}

    assert_equal( false, ldap.search( search ))

    assert_equal( 32, ldap.get_operation_result.code )

    search = {:base => "dc=bayshorenetworks,dc=com"}

    assert_equal( true, ldap.search( search ))

    assert_equal( 0, ldap.get_operation_result.code )

    ldap.search( search ) {|res|

      assert_equal( res, @ldif )

    }

  end

  # This is a helper routine for test_search_attributes.

  def internal_test_search_attributes attrs_to_search

    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth

    assert( ldap.bind )

    search = {

      :base => "dc=bayshorenetworks,dc=com",

      :attributes => attrs_to_search

    }

    ldif = @ldif

    ldif.each {|dn,entry|

      entry.delete_if {|attr,value|

        ! attrs_to_search.include?(attr)

      }

    }

    assert_equal( true, ldap.search( search ))

    ldap.search( search ) {|res|

      res_keys = res.keys.sort

      ldif_keys = ldif.keys.sort

      assert( res_keys, ldif_keys )

      res.keys.each {|rk|

        assert( res[rk], ldif[rk] )

      }

    }

  end

  def test_search_attributes

    internal_test_search_attributes [:mail]

    internal_test_search_attributes [:cn]

    internal_test_search_attributes [:ou]

    internal_test_search_attributes [:hasaccessprivilege]

    internal_test_search_attributes ["mail"]

    internal_test_search_attributes ["cn"]

    internal_test_search_attributes ["ou"]

    internal_test_search_attributes ["hasaccessrole"]

    internal_test_search_attributes [:mail, :cn, :ou, :hasaccessrole]

    internal_test_search_attributes [:mail, "cn", :ou, "hasaccessrole"]

  end

  def test_search_filters

    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth

    search = {

      :base => "dc=bayshorenetworks,dc=com",

      :filter => Net::LDAP::Filter.eq( "sn", "Fosse" )

    }

    ldap.search( search ) {|res|

      p res

    }

  end

  def test_open

    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth

    ldap.open {|ldap|

      10.times {

        rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )

        assert_equal( true, rc )

      }

    }

  end

  def test_ldap_open

    Net::LDAP.open( :host => @host, :port => @port, :auth => @auth ) {|ldap|

      10.times {

        rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )

        assert_equal( true, rc )

      }

    }

  end

end