Class: Scooter::LDAP::LDAPDispatcher
- Inherits:
-
Net::LDAP
- Object
- Net::LDAP
- Scooter::LDAP::LDAPDispatcher
- Defined in:
- lib/scooter/ldap.rb
Overview
Quick-start guide for the impatient
Quick example creating an LDAPDispatcher object with a beaker config:
#Example beaker configuration
#
#HOSTS:
# win_2008_r2_x64:
# roles:
# - directory_service
# platform: windows-2008r2-x86_64
require 'scooter'
ldapdispatcher = Scooter::LDAP::LDAPDispatcher.new(directory_service)
# If you are not using the default static fixtures, you probably want
# to change the credentials for your LDAP instance
ldapdispatcher.auth(user_dn, password)
# This is the normal method you would use to set up a standard test
# environment, with groups of writers(poets, lyricists, novelists)
# to populate your directory_service
ldapdispatcher.create_default_test_groups_and_users
Instance Attribute Summary collapse
-
#ds_type ⇒ Object
readonly
Returns the value of attribute ds_type.
-
#ds_users ⇒ Object
readonly
Returns the value of attribute ds_users.
-
#groups_dn ⇒ Object
readonly
Returns the value of attribute groups_dn.
-
#test_uid ⇒ Object
Returns the value of attribute test_uid.
-
#users_dn ⇒ Object
readonly
Returns the value of attribute users_dn.
Instance Method Summary collapse
- #admin_dn ⇒ Object
-
#create_default_test_groups_and_users ⇒ Object
This is the primary method most tests will use.
- #create_default_users ⇒ Object
- #create_ds_group(attributes, groups_dn = self.groups_dn) ⇒ Object
- #create_ds_user(attributes, users_dn = self.users_dn) ⇒ Object
- #create_ou_for_users_and_groups ⇒ Object
- #create_temp_ou(base_string = 'test_') ⇒ Object
- #delete_all_dn_entries(dn) ⇒ Object
-
#delete_users_and_groups_organizational_units ⇒ Object
This method should execute after a test’s completion; the group’s ou and users’s ou will be deleted, as will any entity with those respective ou’s in their distinguished name.
-
#initialize(host, options = {}) ⇒ LDAPDispatcher
constructor
Instantiating an object of type Scooter::LDAP::LDAPDispatcher extends the Net::LDAP class to include helper methods to make test setup and cleanup more consistent and reliable for beaker tests involving the Puppet RBAC Service.
- #is_openldap? ⇒ Boolean
- #is_windows_ad? ⇒ Boolean
- #return_default_base ⇒ Object
- #return_default_password ⇒ Object
-
#str_to_unicode_pwd(str) ⇒ Object
This is used to encode passwords for Windows AD See URL: msdn.microsoft.com/en-us/library/cc223248.aspx.
-
#update_user_password(user_dn, password) ⇒ Object
:nodoc:.
Constructor Details
#initialize(host, options = {}) ⇒ LDAPDispatcher
Instantiating an object of type Scooter::LDAP::LDAPDispatcher extends the Net::LDAP class to include helper methods to make test setup and cleanup more consistent and reliable for beaker tests involving the Puppet RBAC Service. LDAPDispatcher objects require either a Unix::Host or Windows::Host object passed in as a parameter, which will dictate how helper methods construct a test environment of groups and users.
Unlike the Net::LDAP, LDAPDispatcher does test the network connection during initialization and raises a warning if it fails.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/scooter/ldap.rb', line 50 def initialize(host, ={}) # All initialized LDAPDispatcher objects will have test_uids to ensure # no collisions when creating entries in the directory services. @test_uid = Scooter::Utilities::RandomString.generate(4) if host.is_a? Windows::Host @ds_type = :ad elsif host.is_a? Unix::Host @ds_type = :openldap else raise "host must be Unix::Host or Windows::Host, not #{host.class}" end generated_args = {} generated_args[:host] = host.reachable_name generated_args[:port] = DEFAULT_DS_PORT generated_args[:encryption] = {:method => :simple_tls} generated_args[:base] = return_default_base generated_args.merge!() super(generated_args) # If we didn't pass in an :auth hash, generate the default settings # using the auth method of Net::LDAP if ![:auth] self.auth admin_dn, return_default_password end if !bind warn "Problem binding to #{host}, #{get_operation_result}\n username: #{admin_dn}, pw: #{return_default_password}" end end |
Instance Attribute Details
#ds_type ⇒ Object (readonly)
Returns the value of attribute ds_type.
34 35 36 |
# File 'lib/scooter/ldap.rb', line 34 def ds_type @ds_type end |
#ds_users ⇒ Object (readonly)
Returns the value of attribute ds_users.
34 35 36 |
# File 'lib/scooter/ldap.rb', line 34 def ds_users @ds_users end |
#groups_dn ⇒ Object (readonly)
Returns the value of attribute groups_dn.
34 35 36 |
# File 'lib/scooter/ldap.rb', line 34 def groups_dn @groups_dn end |
#test_uid ⇒ Object
Returns the value of attribute test_uid.
33 34 35 |
# File 'lib/scooter/ldap.rb', line 33 def test_uid @test_uid end |
#users_dn ⇒ Object (readonly)
Returns the value of attribute users_dn.
34 35 36 |
# File 'lib/scooter/ldap.rb', line 34 def users_dn @users_dn end |
Instance Method Details
#admin_dn ⇒ Object
100 101 102 103 104 105 106 |
# File 'lib/scooter/ldap.rb', line 100 def admin_dn if is_windows_ad? "cn=Administrator,cn=Users,#{return_default_base}" else "cn=admin,#{return_default_base}" end end |
#create_default_test_groups_and_users ⇒ Object
This is the primary method most tests will use. It creates two organizational units, or ou’s, to base all your testing around. There is one ou for groups and one for users. Most testing can be covered by simply running the method create_default_test_groups_and_users
.
207 208 209 210 211 212 213 214 215 216 217 218 219 |
# File 'lib/scooter/ldap.rb', line 207 def create_default_test_groups_and_users create_ou_for_users_and_groups create_default_users if is_windows_ad? create_windows_ad_default_users_and_test_groups elsif is_openldap? create_openldap_default_users_and_test_groups end end |
#create_default_users ⇒ Object
221 222 223 224 225 226 227 228 229 230 |
# File 'lib/scooter/ldap.rb', line 221 def create_default_users users = Scooter::LDAP::LDAPFixtures.users(@test_uid) users.each do |name, hash| create_ds_user(hash) update_user_password("CN=#{hash[:cn]},#{users_dn}", DEFAULT_USER_PASSWORD) hash[:password] = DEFAULT_USER_PASSWORD end @ds_users = users end |
#create_ds_group(attributes, groups_dn = self.groups_dn) ⇒ Object
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 |
# File 'lib/scooter/ldap.rb', line 178 def create_ds_group(attributes, groups_dn=self.groups_dn) #When Openldap, you must specify :member entries in the attributes default_attributes = {:objectClass => ["top", "groupOfUniqueNames"]} if is_windows_ad? default_attributes[:objectClass] = ["top", "group"] end default_attributes.merge!(attributes) add(:dn => "cn=#{default_attributes[:cn]},#{groups_dn}", :attributes => default_attributes) if get_operation_result.code != 0 raise "Creating group failed: #{get_operation_result},\n #{default_attributes}" end end |
#create_ds_user(attributes, users_dn = self.users_dn) ⇒ Object
157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/scooter/ldap.rb', line 157 def create_ds_user(attributes, users_dn=self.users_dn) default_attributes = {:objectClass => ['top', 'person', 'organizationalPerson', 'inetOrgPerson']} if is_windows_ad? default_attributes[:userAccountControl] = ['544'] end default_attributes.merge!(attributes) add(:dn => "cn=#{default_attributes[:cn]},#{users_dn}", :attributes => default_attributes) if get_operation_result.code != 0 raise "Creating user failed: #{get_operation_result}\n #{default_attributes}" end end |
#create_ou_for_users_and_groups ⇒ Object
198 199 200 201 |
# File 'lib/scooter/ldap.rb', line 198 def create_ou_for_users_and_groups @users_dn = create_temp_ou('users') @groups_dn = create_temp_ou('groups') end |
#create_temp_ou(base_string = 'test_') ⇒ Object
108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/scooter/ldap.rb', line 108 def create_temp_ou(base_string='test_') ou = base_string + @test_uid dn = "ou=#{ou},#{self.base}" attr = {:objectClass => ['top', 'organizationalUnit'], :ou => ou} add(:dn => dn, :attributes => attr) if get_operation_result.code != 0 raise "OU creation failed: #{get_operation_result}, #{dn}" end dn end |
#delete_all_dn_entries(dn) ⇒ Object
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/scooter/ldap.rb', line 137 def delete_all_dn_entries(dn) entries = search(:base => dn, :attributes => ['dn']) entries.each do |entry| delete :dn => entry.dn end #This needs to be repeated because it may have failed deleting a group #that still had users associated. entries.each do |entry| delete :dn => entry.dn end #This request should return nil; all entities with the dn provided #should now be deleted. entries = search(:base => dn, :attributes => ['dn']) if entries != nil raise "Problem deleting all entries for this dn: #{dn}" end end |
#delete_users_and_groups_organizational_units ⇒ Object
This method should execute after a test’s completion; the group’s ou and users’s ou will be deleted, as will any entity with those respective ou’s in their distinguished name.
Example beaker teardown
Example beaker teardown
teardown do
ldapdispatcher.delete_users_and_groups_organizational_units
end
132 133 134 135 |
# File 'lib/scooter/ldap.rb', line 132 def delete_users_and_groups_organizational_units delete_all_dn_entries(@groups_dn) delete_all_dn_entries(@users_dn) end |
#is_openldap? ⇒ Boolean
92 93 94 |
# File 'lib/scooter/ldap.rb', line 92 def is_openldap? true if @ds_type == :openldap end |
#is_windows_ad? ⇒ Boolean
96 97 98 |
# File 'lib/scooter/ldap.rb', line 96 def is_windows_ad? true if @ds_type == :ad end |
#return_default_base ⇒ Object
88 89 90 |
# File 'lib/scooter/ldap.rb', line 88 def return_default_base 'dc=delivery,dc=puppetlabs,dc=net' end |
#return_default_password ⇒ Object
84 85 86 |
# File 'lib/scooter/ldap.rb', line 84 def return_default_password "Puppet11" end |
#str_to_unicode_pwd(str) ⇒ Object
This is used to encode passwords for Windows AD See URL: msdn.microsoft.com/en-us/library/cc223248.aspx
234 235 236 |
# File 'lib/scooter/ldap.rb', line 234 def str_to_unicode_pwd(str) #:nodoc: ('"' + str + '"').encode("utf-16le").force_encoding("utf-8") end |
#update_user_password(user_dn, password) ⇒ Object
:nodoc:
238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 |
# File 'lib/scooter/ldap.rb', line 238 def update_user_password(user_dn, password) #:nodoc: if is_windows_ad? password = str_to_unicode_pwd(password) ops = [[:replace, :unicodePwd, password]] else ops = [[:replace, :userPassword, password]] end modify :dn => user_dn, :operations => ops if get_operation_result.code != 0 raise "Updating password failed: #{get_operation_result}\n #{ops}" end end |