vendor/plugins/ruby-net-ldap-0.0.4/tests/testldap.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

# $Id: testldap.rb 65 2006-04-23 01:17:49Z blackhedd $
#
#


$:.unshift "lib"

require 'test/unit'

require 'net/ldap'
require 'stringio'


class TestLdapClient < Test::Unit::TestCase

  # TODO: these tests crash and burn if the associated
  # LDAP testserver isn't up and running.
  # We rely on being able to read a file with test data
  # in LDIF format.
  # TODO, WARNING: for the moment, this data is in a file
  # whose name and location are HARDCODED into the
  # instance method load_test_data.

  def setup
    @host = "127.0.0.1"
    @port = 3890
    @auth = {
      :method => :simple,
      :username => "cn=bigshot,dc=bayshorenetworks,dc=com",
      :password => "opensesame"
    }

    @ldif = load_test_data
  end


  # Get some test data which will be used to validate
  # the responses from the test LDAP server we will
  # connect to.
  # TODO, Bogus: we are HARDCODING the location of the file for now.
  #
  def load_test_data
    ary = File.readlines( "tests/testdata.ldif" )
    hash = {}
    while line = ary.shift and line.chomp!
      if line =~ /^dn:[\s]*/i
        dn = $'
        hash[dn] = {}
        while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
          hash[dn][$1.downcase.intern] ||= []
          hash[dn][$1.downcase.intern] << $'
        end
      end
    end
    hash
  end


  # Binding tests.
  # Need tests for all kinds of network failures and incorrect auth.
  # TODO: Implement a class-level timeout for operations like bind.
  # Search has a timeout defined at the protocol level, other ops do not.
  # TODO, use constants for the LDAP result codes, rather than hardcoding them.
  def test_bind
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    assert_equal( true, ldap.bind )
    assert_equal( 0, ldap.get_operation_result.code )
    assert_equal( "Success", ldap.get_operation_result.message )

    bad_username = @auth.merge( {:username => "cn=badguy,dc=imposters,dc=com"} )
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_username
    assert_equal( false, ldap.bind )
    assert_equal( 48, ldap.get_operation_result.code )
    assert_equal( "Inappropriate Authentication", ldap.get_operation_result.message )

    bad_password = @auth.merge( {:password => "cornhusk"} )
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => bad_password
    assert_equal( false, ldap.bind )
    assert_equal( 49, ldap.get_operation_result.code )
    assert_equal( "Invalid Credentials", ldap.get_operation_result.message )
  end


  def test_search
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth

    search = {:base => "dc=smalldomain,dc=com"}
    assert_equal( false, ldap.search( search ))
    assert_equal( 32, ldap.get_operation_result.code )
    
    search = {:base => "dc=bayshorenetworks,dc=com"}
    assert_equal( true, ldap.search( search ))
    assert_equal( 0, ldap.get_operation_result.code )
    
    ldap.search( search ) {|res|
      assert_equal( res, @ldif )
    }
  end
    

  # This is a helper routine for test_search_attributes.
  def internal_test_search_attributes attrs_to_search
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    assert( ldap.bind )

    search = {
      :base => "dc=bayshorenetworks,dc=com",
      :attributes => attrs_to_search
    }

    ldif = @ldif
    ldif.each {|dn,entry|
      entry.delete_if {|attr,value|
        ! attrs_to_search.include?(attr)
      }
    }
  
    assert_equal( true, ldap.search( search ))
    ldap.search( search ) {|res|
      res_keys = res.keys.sort
      ldif_keys = ldif.keys.sort
      assert( res_keys, ldif_keys )
      res.keys.each {|rk|
        assert( res[rk], ldif[rk] )
      }
    }
  end


  def test_search_attributes
    internal_test_search_attributes [:mail]
    internal_test_search_attributes [:cn]
    internal_test_search_attributes [:ou]
    internal_test_search_attributes [:hasaccessprivilege]
    internal_test_search_attributes ["mail"]
    internal_test_search_attributes ["cn"]
    internal_test_search_attributes ["ou"]
    internal_test_search_attributes ["hasaccessrole"]

    internal_test_search_attributes [:mail, :cn, :ou, :hasaccessrole]
    internal_test_search_attributes [:mail, "cn", :ou, "hasaccessrole"]
  end


  def test_search_filters
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    search = {
      :base => "dc=bayshorenetworks,dc=com",
      :filter => Net::LDAP::Filter.eq( "sn", "Fosse" )
    }

    ldap.search( search ) {|res|
      p res
    }
  end


  def test_open
    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
    ldap.open {|ldap|
      10.times {
        rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )
        assert_equal( true, rc )
      }
    }
  end


  def test_ldap_open
    Net::LDAP.open( :host => @host, :port => @port, :auth => @auth ) {|ldap|
      10.times {
        rc = ldap.search( :base => "dc=bayshorenetworks,dc=com" )
        assert_equal( true, rc )
      }
    }
  end


end