additional unit tests and partial support for filters in the test server.

Author: blackhedd

tests/testdata.ldif

@@ -0,0 +1,101 @@
+# $Id$
+#
+# This is test-data for an LDAP server in LDIF format.
+#
+dn: dc=bayshorenetworks,dc=com
+objectClass: dcObject
+objectClass: organization
+o: Bayshore Networks LLC
+dc: bayshorenetworks
+
+dn: cn=Manager,dc=bayshorenetworks,dc=com
+objectClass: organizationalrole
+cn: Manager
+
+dn: ou=people,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: people
+
+dn: ou=privileges,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: privileges
+
+dn: ou=roles,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: roles
+
+dn: ou=office,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: office
+
+dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Bob Fosse
+mail: nogoodnik@steamheat.net
+sn: Fosse
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
+hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
+
+dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Gwen Verdon
+mail: elephant@steamheat.net
+sn: Verdon
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+
+dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineering
+ou: privileges
+objectClass: accessPrivilege
+
+dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineer
+ou: roles
+objectClass: accessRole
+hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
+
+dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapadmin
+ou: roles
+objectClass: accessRole
+
+dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapsuperadmin
+ou: roles
+objectClass: accessRole
+
+dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Sid Sorokin
+mail: catperson@steamheat.net
+sn: Sorokin
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
+

tests/testldap.rb

@@ -13,6 +13,11 @@ class TestLdapClient < Test::Unit::TestCase
 
   # TODO: these tests crash and burn if the associated
   # LDAP testserver isn't up and running.
+  # We rely on being able to read a file with test data
+  # in LDIF format.
+  # TODO, WARNING: for the moment, this data is in a file
+  # whose name and location are HARDCODED into the
+  # instance method load_test_data.
 
   def setup
     @host = "127.0.0.1"
@@ -23,8 +28,34 @@ def setup
       :password => "opensesame"
     }
 
+    @ldif = load_test_data
   end
 
+
+
+  # Get some test data which will be used to validate
+  # the responses from the test LDAP server we will
+  # connect to.
+  # TODO, Bogus: we are HARDCODING the location of the file for now.
+  #
+  def load_test_data
+    ary = File.readlines( "tests/testdata.ldif" )
+    hash = {}
+    while line = ary.shift and line.chomp!
+      if line =~ /^dn:[\s]*/i
+        dn = $'
+        hash[dn] = {}
+        while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
+          hash[dn][$1.downcase.intern] ||= []
+          hash[dn][$1.downcase.intern] << $'
+        end
+      end
+    end
+    hash
+  end
+
+
+
   # Binding tests.
   # Need tests for all kinds of network failures and incorrect auth.
   # TODO: Implement a class-level timeout for operations like bind.
@@ -43,6 +74,8 @@ def test_bind
     assert_equal( 49, ldap.bind )
   end
 
+
+
   def test_search
     ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
 
@@ -53,30 +86,67 @@ def test_search
     assert_equal( 0, ldap.search( search ))
 
     ldap.search( search ) {|res|
-      # STUB.
-      #p res
+      assert_equal( res, @ldif )
     }
   end
 
 
-  def test_search_attributes
+
+
+  # This is a helper routine for test_search_attributes.
+  def internal_test_search_attributes attrs_to_search
     ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
     assert_equal( 0, ldap.bind )
 
     search = {
       :base => "dc=bayshorenetworks,dc=com",
-      :attributes => ["mail"]
+      :attributes => attrs_to_search
     }
-    assert_equal( 0, ldap.search( search ))
 
+    ldif = @ldif
+    ldif.each {|dn,entry|
+      entry.delete_if {|attr,value|
+        ! attrs_to_search.include?(attr)
+      }
+    }
+  
+    assert_equal( 0, ldap.search( search ))
     ldap.search( search ) {|res|
-      # STUB.
-      p res
+      res_keys = res.keys.sort
+      ldif_keys = ldif.keys.sort
+      assert( res_keys, ldif_keys )
+      res.keys.each {|rk|
+        assert( res[rk], ldif[rk] )
+      }
     }
   end
 
 
+  def test_search_attributes
+    internal_test_search_attributes [:mail]
+    internal_test_search_attributes [:cn]
+    internal_test_search_attributes [:ou]
+    internal_test_search_attributes [:hasaccessprivilege]
+    internal_test_search_attributes ["mail"]
+    internal_test_search_attributes ["cn"]
+    internal_test_search_attributes ["ou"]
+    internal_test_search_attributes ["hasaccessrole"]
+
+    internal_test_search_attributes [:mail, :cn, :ou, :hasaccessrole]
+    internal_test_search_attributes [:mail, "cn", :ou, "hasaccessrole"]
+  end
+
+
   def test_search_filters
+    ldap = Net::LDAP.new :host => @host, :port => @port, :auth => @auth
+    search = {
+      :base => "dc=bayshorenetworks,dc=com",
+      :filter => Net::LDAP::Filter.eq( "sn", "Verdon" )
+    }
+
+    ldap.search( search ) {|res|
+      p res
+    }
   end
 
 

testserver/ldapserver.rb

@@ -50,6 +50,9 @@ module LdapServer
         0 => :string,              # simple auth (password)
         7 => :string               # present filter
       },
+      :constructed => {
+        3 => :array                # equality filter
+      },
     }
   }
 
@@ -139,6 +142,10 @@ def handle_search_request pdu
       :all
     end
 
+    filters = pdu[1][6]
+    if filters.length > 0
+      p filters.ber_identifier
+    end
 
     $ldif.each {|dn, entry|