github
diff --git a/‎.travis.yml
Lines changed: 15 additions & 2 deletions b/‎.travis.yml
Lines changed: 15 additions & 2 deletions
diff --git a/‎Gemfile
Lines changed: 4 additions & 0 deletions b/‎Gemfile
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/github/ldap/server.rb
Lines changed: 2 additions & 0 deletions b/‎lib/github/ldap/server.rb
Lines changed: 2 additions & 0 deletions
diff --git a/‎script/cibuild-apacheds
Lines changed: 7 additions & 0 deletions b/‎script/cibuild-apacheds
Lines changed: 7 additions & 0 deletions
diff --git a/‎script/cibuild-openldap
Lines changed: 7 additions & 0 deletions b/‎script/cibuild-openldap
Lines changed: 7 additions & 0 deletions
diff --git a/‎script/install-openldap
Lines changed: 44 additions & 0 deletions b/‎script/install-openldap
Lines changed: 44 additions & 0 deletions
diff --git a/‎test/domain_test.rb
Lines changed: 66 additions & 89 deletions b/‎test/domain_test.rb
Lines changed: 66 additions & 89 deletions
@@ -1,7 +1,20 @@
 language: ruby
 rvm:
-    - 1.9.3
-    - 2.1.0
+  - 1.9.3
+  - 2.1.0
 
+env:
+  - TESTENV=openldap
+  - TESTENV=apacheds
+
+install:
+  - if [ "$TESTENV" = "openldap" ]; then ./script/install-openldap; fi
+  - bundle install
+
+script:
+  - ./script/cibuild-$TESTENV
+
+matrix:
+  fast_finish: true
 notifications:
   email: false
@@ -2,3 +2,7 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in github-ldap.gemspec
 gemspec
+
+group :test, :development do
+  gem "byebug", :platforms => [:mri_20, :mri_21]
+end
@@ -38,6 +38,8 @@ def self.start_server(options = {})
       @server_options[:domain]            = @server_options[:user_domain]
       @server_options[:tmpdir]          ||= server_tmp
 
+      @server_options[:quiet] = false if @server_options[:verbose]
+
       @ldap_server = Ladle::Server.new(@server_options)
       @ldap_server.start
     end
 
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -e
+set -x
+
+cd `dirname $0`/..
+
+bundle exec rake
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -e
+set -x
+
+cd `dirname $0`/..
+
+bundle exec rake
@@ -0,0 +1,44 @@
+#!/usr/bin/env sh
+set -e
+set -x
+
+BASE_PATH="$( cd `dirname $0`/../test/fixtures/openldap && pwd )"
+SEED_PATH="$( cd `dirname $0`/../test/fixtures/common   && pwd )"
+
+DEBIAN_FRONTEND=noninteractive sudo -E apt-get install -y --force-yes slapd time ldap-utils
+
+sudo /etc/init.d/slapd stop
+
+TMPDIR=$(mktemp -d)
+cd $TMPDIR
+
+# Delete data and reconfigure.
+sudo cp -v /var/lib/ldap/DB_CONFIG ./DB_CONFIG
+sudo rm -rf /etc/ldap/slapd.d/*
+sudo rm -rf /var/lib/ldap/*
+sudo cp -v ./DB_CONFIG /var/lib/ldap/DB_CONFIG
+sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/slapd.conf.ldif
+# Load memberof and ref-int overlays and configure them.
+sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/memberof.ldif
+
+# Add base domain.
+sudo slapadd -F /etc/ldap/slapd.d <<EOM
+dn: dc=github,dc=com
+objectClass: top
+objectClass: domain
+dc: github
+EOM
+
+sudo chown -R openldap.openldap /etc/ldap/slapd.d
+sudo chown -R openldap.openldap /var/lib/ldap
+
+sudo /etc/init.d/slapd start
+
+# Import seed data.
+# NOTE: use ldapadd in order for memberOf and refint to apply, instead of:
+# /vagrant/services/ldap/openldap/seed.rb | sudo slapadd -F /etc/ldap/slapd.d
+cat $SEED_PATH/seed.ldif |
+  /usr/bin/time sudo ldapadd -x -D "cn=admin,dc=github,dc=com" -w passworD1 \
+               -h localhost -p 389
+
+sudo rm -rf $TMPDIR
@@ -7,13 +7,13 @@ def setup
   end
 
   def test_user_valid_login
-    user = @domain.valid_login?('calavera', 'passworD1')
-    assert_equal 'uid=calavera,dc=github,dc=com', user.dn
+    assert user = @domain.valid_login?('user1', 'passworD1')
+    assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
   end
 
   def test_user_with_invalid_password
-    assert !@domain.valid_login?('calavera', 'foo'),
-      "Login `calavera` expected to be invalid with password `foo`"
+    assert !@domain.valid_login?('user1', 'foo'),
+      "Login `user1` expected to be invalid with password `foo`"
   end
 
   def test_user_with_invalid_login
@@ -22,115 +22,118 @@ def test_user_with_invalid_login
   end
 
   def test_groups_in_server
-    assert_equal 2, @domain.groups(%w(Enterprise People)).size
+    assert_equal 2, @domain.groups(%w(ghe-users ghe-admins)).size
   end
 
   def test_user_in_group
-    user = @domain.valid_login?('calavera', 'passworD1')
+    assert user = @domain.valid_login?('user1', 'passworD1')
 
-    assert @domain.is_member?(user, %w(Enterprise People)),
-      "Expected `Enterprise` or `Poeple` to include the member `#{user.dn}`"
+    assert @domain.is_member?(user, %w(ghe-users ghe-admins)),
+      "Expected `ghe-users` or `ghe-admins` to include the member `#{user.dn}`"
   end
 
   def test_user_not_in_different_group
-    user = @domain.valid_login?('calavera', 'passworD1')
+    user = @domain.valid_login?('user1', 'passworD1')
 
-    assert !@domain.is_member?(user, %w(People)),
-      "Expected `Poeple` not to include the member `#{user.dn}`"
+    refute @domain.is_member?(user, %w(ghe-admins)),
+      "Expected `ghe-admins` not to include the member `#{user.dn}`"
   end
 
   def test_user_without_group
-    user = @domain.valid_login?('ldaptest', 'secret')
+    user = @domain.valid_login?('groupless-user1', 'passworD1')
 
-    assert !@domain.is_member?(user, %w(People)),
-      "Expected `People` not to include the member `#{user.dn}`"
+    assert !@domain.is_member?(user, %w(all-users)),
+      "Expected `all-users` not to include the member `#{user.dn}`"
   end
 
-  def test_authenticate_doesnt_return_invalid_users
-    user = @domain.authenticate!('calavera', 'passworD1')
-    assert_equal 'uid=calavera,dc=github,dc=com', user.dn
+  def test_authenticate_returns_valid_users
+    user = @domain.authenticate!('user1', 'passworD1')
+    assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
   end
 
   def test_authenticate_doesnt_return_invalid_users
-    assert !@domain.authenticate!('calavera', 'foo'),
+    refute @domain.authenticate!('user1', 'foo'),
       "Expected `authenticate!` to not return an invalid user"
   end
 
   def test_authenticate_check_valid_user_and_groups
-    user = @domain.authenticate!('calavera', 'passworD1', %w(Enterprise People))
+    user = @domain.authenticate!('user1', 'passworD1', %w(ghe-users ghe-admins))
 
-    assert_equal 'uid=calavera,dc=github,dc=com', user.dn
+    assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
   end
 
   def test_authenticate_doesnt_return_valid_users_in_different_groups
-    assert !@domain.authenticate!('calavera', 'passworD1', %w(People)),
+    refute @domain.authenticate!('user1', 'passworD1', %w(ghe-admins)),
       "Expected `authenticate!` to not return an user"
   end
 
   def test_membership_empty_for_non_members
-    user = @ldap.domain('uid=calavera,dc=github,dc=com').bind
+    user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
 
-    assert @domain.membership(user, %w(People)).empty?,
-      "Expected `calavera` not to be a member of `People`."
+    assert @domain.membership(user, %w(ghe-admins)).empty?,
+      "Expected `user1` not to be a member of `ghe-admins`."
   end
 
   def test_membership_groups_for_members
-    user = @ldap.domain('uid=calavera,dc=github,dc=com').bind
-    groups = @domain.membership(user, %w(Enterprise People))
+    user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
+    groups = @domain.membership(user, %w(ghe-users ghe-admins))
 
     assert_equal 1, groups.size
-    assert_equal 'cn=Enterprise,ou=Group,dc=github,dc=com', groups.first.dn
+    assert_equal 'cn=ghe-users,ou=Groups,dc=github,dc=com', groups.first.dn
   end
 
   def test_membership_with_virtual_attributes
     ldap = GitHub::Ldap.new(options.merge(virtual_attributes: true))
-    user = ldap.domain('uid=calavera,dc=github,dc=com').bind
-    user[:memberof] = 'cn=Enterprise,ou=Group,dc=github,dc=com'
+
+    user = ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
+    user[:memberof] = 'cn=ghe-admins,ou=Groups,dc=github,dc=com'
 
     domain = ldap.domain("dc=github,dc=com")
-    groups = domain.membership(user, %w(Enterprise People))
+    groups = domain.membership(user, %w(ghe-admins))
 
     assert_equal 1, groups.size
-    assert_equal 'cn=Enterprise,ou=Group,dc=github,dc=com', groups.first.dn
+    assert_equal 'cn=ghe-admins,ou=Groups,dc=github,dc=com', groups.first.dn
   end
 
   def test_search
     assert 1, @domain.search(
       attributes: %w(uid),
-      filter: Net::LDAP::Filter.eq('uid', 'calavera')).size
+      filter: Net::LDAP::Filter.eq('uid', 'user1')).size
   end
 
   def test_search_override_base_name
     assert 1, @domain.search(
       base: "this base name is incorrect",
       attributes: %w(uid),
-      filter: Net::LDAP::Filter.eq('uid', 'calavera')).size
+      filter: Net::LDAP::Filter.eq('uid', 'user1')).size
   end
 
   def test_user_exists
-    assert_equal 'uid=calavera,dc=github,dc=com', @domain.user?('calavera').dn
+    assert user = @domain.user?('user1')
+    assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
   end
 
   def test_user_wildcards_are_filtered
-    assert !@domain.user?('cal*'), 'Expected uid `cal*` to not complete'
+    refute @domain.user?('user*'), 'Expected uid `user*` to not complete'
   end
 
   def test_user_does_not_exist
-    assert !@domain.user?('foobar'), 'Expected uid `foobar` to not exist.'
+    refute @domain.user?('foobar'), 'Expected uid `foobar` to not exist.'
   end
 
   def test_user_returns_every_attribute
-    assert_equal ['calavera@github.com'], @domain.user?('calavera')[:mail]
+    assert user = @domain.user?('user1')
+    assert_equal ['user1@github.com'], user[:mail]
   end
 
   def test_auth_binds
-    user = @domain.user?('calavera')
-    assert @domain.auth(user, 'passworD1'), 'Expected user to be bound.'
+    assert user = @domain.user?('user1')
+    assert @domain.auth(user, 'passworD1'), 'Expected user to bind'
   end
 
   def test_auth_does_not_bind
-    user = @domain.user?('calavera')
-    assert !@domain.auth(user, 'foo'), 'Expected user not to be bound.'
+    assert user = @domain.user?('user1')
+    refute @domain.auth(user, 'foo'), 'Expected user not not bind'
   end
 end
 
@@ -143,72 +146,54 @@ class GitHubLdapDomainUnauthenticatedTest < GitHub::Ldap::UnauthenticatedTest
 end
 
 class GitHubLdapDomainNestedGroupsTest < GitHub::Ldap::Test
-  def self.test_server_options
-    {user_fixtures: FIXTURES.join('github-with-subgroups.ldif').to_s}
-  end
-
   def setup
     @ldap = GitHub::Ldap.new(options)
     @domain = @ldap.domain("dc=github,dc=com")
   end
 
   def test_membership_in_subgroups
-    user = @ldap.domain('uid=rubiojr,ou=users,dc=github,dc=com').bind
+    user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
 
-    assert @domain.is_member?(user, %w(enterprise-ops)),
-      "Expected `enterprise-ops` to include the member `#{user.dn}`"
+    assert @domain.is_member?(user, %w(nested-groups)),
+      "Expected `nested-groups` to include the member `#{user.dn}`"
   end
 
   def test_membership_in_deeply_nested_subgroups
-    assert user = @ldap.domain('uid=user1.1.1.1,ou=users,dc=github,dc=com').bind
+    assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
 
-    assert @domain.is_member?(user, %w(group1)),
-      "Expected `group1` to include the member `#{user.dn}` via deep recursion"
+    assert @domain.is_member?(user, %w(n-depth-nested-group4)),
+      "Expected `n-depth-nested-group4` to include the member `#{user.dn}` via deep recursion"
   end
 end
 
 class GitHubLdapPosixGroupsWithRecursionFallbackTest < GitHub::Ldap::Test
-  def self.test_server_options
-    {
-      custom_schemas: FIXTURES.join('posixGroup.schema.ldif'),
-      user_fixtures: FIXTURES.join('github-with-posixGroups.ldif').to_s,
-      # so we exercise the recursive group search fallback
-      recursive_group_search_fallback: true
-    }
-  end
-
   def setup
-    @ldap = GitHub::Ldap.new(options)
+    opts = options.merge \
+      recursive_group_search_fallback: true
+    @ldap = GitHub::Ldap.new(opts)
     @domain = @ldap.domain("dc=github,dc=com")
-    @cn = "enterprise-posix-devs"
+    @cn = "posix-group1"
   end
 
   def test_membership_for_posixGroups
-    assert user = @ldap.domain('uid=mtodd,ou=users,dc=github,dc=com').bind
+    assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
 
     assert @domain.is_member?(user, [@cn]),
       "Expected `#{@cn}` to include the member `#{user.dn}`"
   end
 end
 
 class GitHubLdapPosixGroupsWithoutRecursionTest < GitHub::Ldap::Test
-  def self.test_server_options
-    {
-      custom_schemas: FIXTURES.join('posixGroup.schema.ldif'),
-      user_fixtures: FIXTURES.join('github-with-posixGroups.ldif').to_s,
-      # so we test the test the non-recursive group membership search
-      recursive_group_search_fallback: false
-    }
-  end
-
   def setup
-    @ldap = GitHub::Ldap.new(options)
+    opts = options.merge \
+      recursive_group_search_fallback: false
+    @ldap = GitHub::Ldap.new(opts)
     @domain = @ldap.domain("dc=github,dc=com")
-    @cn = "enterprise-posix-devs"
+    @cn = "posix-group1"
   end
 
   def test_membership_for_posixGroups
-    assert user = @ldap.domain('uid=mtodd,ou=users,dc=github,dc=com').bind
+    assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
 
     assert @domain.is_member?(user, [@cn]),
       "Expected `#{@cn}` to include the member `#{user.dn}`"
@@ -218,25 +203,17 @@ def test_membership_for_posixGroups
 # Specifically testing that this doesn't break when posixGroups are not
 # supported.
 class GitHubLdapWithoutPosixGroupsTest < GitHub::Ldap::Test
-  def self.test_server_options
-    {
-      custom_schemas: FIXTURES.join('posixGroup.schema.ldif'),
-      user_fixtures: FIXTURES.join('github-with-posixGroups.ldif').to_s,
-      # so we test the test the non-recursive group membership search
-      recursive_group_search_fallback: false,
-      # explicitly disable posixGroup support (even if the schema supports it)
-      posix_support:                   false
-    }
-  end
-
   def setup
-    @ldap = GitHub::Ldap.new(options)
+    opts = options.merge \
+      recursive_group_search_fallback: false, # test non-recursive group membership search
+      posix_support:                   false  # disable posixGroup support
+    @ldap = GitHub::Ldap.new(opts)
     @domain = @ldap.domain("dc=github,dc=com")
-    @cn = "enterprise-posix-devs"
+    @cn = "posix-group1"
   end
 
   def test_membership_for_posixGroups
-    assert user = @ldap.domain('uid=mtodd,ou=users,dc=github,dc=com').bind
+    assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
 
     refute @domain.is_member?(user, [@cn]),
       "Expected `#{@cn}` to not include the member `#{user.dn}`"