From 2cb6e7661bff45494a1cfab6d8098f754e42ffc0 Mon Sep 17 00:00:00 2001 From: degetz Date: Fri, 26 Jun 2020 15:13:14 +1200 Subject: [PATCH 1/8] Update generic_member_service.rb replacing inaccurate find_by_dn with a better solution. Issue is original search can return duplicates: CN=joe,OU=base,DC=xyz CN=joe,OU=test,OU=base,DC=xyz will both be present when looking for CN=joe using OU=base,DC=xyz as search base. Since it only wants to retrieve an object identified by the DN using that as the base of the search with the scope base feels more appropriate. --- lib/ldap_fluff/generic_member_service.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/ldap_fluff/generic_member_service.rb b/lib/ldap_fluff/generic_member_service.rb index 78c4cdb..018253b 100644 --- a/lib/ldap_fluff/generic_member_service.rb +++ b/lib/ldap_fluff/generic_member_service.rb @@ -23,10 +23,7 @@ def find_user(uid) end def find_by_dn(dn) - entry, base = dn.split(/(? name_filter(entry_value, entry_attr), :base => base) + user = @ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject) raise self.class::UIDNotFoundException if (user.nil? || user.empty?) user end From 8001a4053cebb40be480c2593aa357b21523b5fe Mon Sep 17 00:00:00 2001 From: degetz Date: Tue, 30 Jun 2020 14:17:33 +1200 Subject: [PATCH 2/8] Update generic_member_service.rb --- lib/ldap_fluff/generic_member_service.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/ldap_fluff/generic_member_service.rb b/lib/ldap_fluff/generic_member_service.rb index 018253b..349bc8f 100644 --- a/lib/ldap_fluff/generic_member_service.rb +++ b/lib/ldap_fluff/generic_member_service.rb @@ -23,6 +23,7 @@ def find_user(uid) end def find_by_dn(dn) + dn = dn.gsub('\,', ',') user = @ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject) raise self.class::UIDNotFoundException if (user.nil? || user.empty?) user From be71496f7d4d5d31db788a2d562a9594895f31d9 Mon Sep 17 00:00:00 2001 From: degetz Date: Tue, 30 Jun 2020 14:24:36 +1200 Subject: [PATCH 3/8] Update generic_member_service.rb --- lib/ldap_fluff/generic_member_service.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/ldap_fluff/generic_member_service.rb b/lib/ldap_fluff/generic_member_service.rb index 349bc8f..018253b 100644 --- a/lib/ldap_fluff/generic_member_service.rb +++ b/lib/ldap_fluff/generic_member_service.rb @@ -23,7 +23,6 @@ def find_user(uid) end def find_by_dn(dn) - dn = dn.gsub('\,', ',') user = @ldap.search(:base => dn, :scope => Net::LDAP::SearchScope_BaseObject) raise self.class::UIDNotFoundException if (user.nil? || user.empty?) user From 032e92dbec6eaf62409a5482b741678cd345563a Mon Sep 17 00:00:00 2001 From: degetz Date: Tue, 30 Jun 2020 14:36:40 +1200 Subject: [PATCH 4/8] Update ad_member_services_test.rb --- test/ad_member_services_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ad_member_services_test.rb b/test/ad_member_services_test.rb index c58afc8..e19dd16 100644 --- a/test/ad_member_services_test.rb +++ b/test/ad_member_services_test.rb @@ -142,7 +142,7 @@ def test_find_by_dn_comma_in_cn end def test_find_by_dn_missing_entry - @ldap.expect(:search, nil, [:filter => Net::LDAP::Filter.eq('cn', 'Foo Bar'), :base => 'dc=example,dc=com']) + @ldap.expect(:search, nil, [:base => 'cn=Foo Bar,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject]) @adms.ldap = @ldap assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do @adms.find_by_dn('cn=Foo Bar,dc=example,dc=com') From 7807343ede49b707804cc8e0758c36d3e6abfc05 Mon Sep 17 00:00:00 2001 From: degetz Date: Tue, 30 Jun 2020 14:50:33 +1200 Subject: [PATCH 5/8] Update ad_member_services_test.rb --- test/ad_member_services_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ad_member_services_test.rb b/test/ad_member_services_test.rb index e19dd16..2947965 100644 --- a/test/ad_member_services_test.rb +++ b/test/ad_member_services_test.rb @@ -142,7 +142,7 @@ def test_find_by_dn_comma_in_cn end def test_find_by_dn_missing_entry - @ldap.expect(:search, nil, [:base => 'cn=Foo Bar,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject]) + @ldap.expect(:search, nil, [:filter => Net::LDAP::Filter.eq('cn', 'Bar Foo'), :base => 'dc=example,dc=com']) @adms.ldap = @ldap assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do @adms.find_by_dn('cn=Foo Bar,dc=example,dc=com') From b950559fdf3824db5e465ac068a22685f2655cfc Mon Sep 17 00:00:00 2001 From: degetz Date: Tue, 30 Jun 2020 15:05:52 +1200 Subject: [PATCH 6/8] Update ad_member_services_test.rb --- test/ad_member_services_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/ad_member_services_test.rb b/test/ad_member_services_test.rb index 2947965..ce2fb39 100644 --- a/test/ad_member_services_test.rb +++ b/test/ad_member_services_test.rb @@ -124,7 +124,7 @@ def test_find_missing_group end def test_find_by_dn - @ldap.expect(:search, [:result], [:filter => Net::LDAP::Filter.eq('cn', 'Foo Bar'), :base => 'dc=example,dc=com']) + @ldap.expect(:search, [:result], [:base => 'cn=Foo Bar,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject]) @adms.ldap = @ldap assert_equal([:result], @adms.find_by_dn('cn=Foo Bar,dc=example,dc=com')) @ldap.verify @@ -135,7 +135,7 @@ def test_find_by_dn_comma_in_cn # returned by the server in answer to a group membership query with # backslashes before the commas in the CNs. Such escaped commas should not # be used when splitting the DN. - @ldap.expect(:search, [:result], [:filter => Net::LDAP::Filter.eq('cn', 'Bar, Foo'), :base => 'dc=example,dc=com']) + @ldap.expect(:search, [:result], [:base => 'cn=Bar\, Foo,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject]) @adms.ldap = @ldap assert_equal([:result], @adms.find_by_dn('cn=Bar\, Foo,dc=example,dc=com')) @ldap.verify From 1d6abe006a5c07b6a71d9aa56c828a4fac94a52e Mon Sep 17 00:00:00 2001 From: degetz Date: Tue, 30 Jun 2020 15:10:57 +1200 Subject: [PATCH 7/8] Update ad_member_services_test.rb --- test/ad_member_services_test.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/ad_member_services_test.rb b/test/ad_member_services_test.rb index ce2fb39..56d71f6 100644 --- a/test/ad_member_services_test.rb +++ b/test/ad_member_services_test.rb @@ -135,6 +135,9 @@ def test_find_by_dn_comma_in_cn # returned by the server in answer to a group membership query with # backslashes before the commas in the CNs. Such escaped commas should not # be used when splitting the DN. + # + # Is this still required? DN won't be split anymore. + # @ldap.expect(:search, [:result], [:base => 'cn=Bar\, Foo,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject]) @adms.ldap = @ldap assert_equal([:result], @adms.find_by_dn('cn=Bar\, Foo,dc=example,dc=com')) @@ -142,7 +145,7 @@ def test_find_by_dn_comma_in_cn end def test_find_by_dn_missing_entry - @ldap.expect(:search, nil, [:filter => Net::LDAP::Filter.eq('cn', 'Bar Foo'), :base => 'dc=example,dc=com']) + @ldap.expect(:search, nil, [:base => 'cn=Foo Bar,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject']) @adms.ldap = @ldap assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do @adms.find_by_dn('cn=Foo Bar,dc=example,dc=com') From 88c73a4c9eadfb59dee349125b2cfa4b5a43e596 Mon Sep 17 00:00:00 2001 From: degetz Date: Tue, 30 Jun 2020 15:13:12 +1200 Subject: [PATCH 8/8] Update ad_member_services_test.rb --- test/ad_member_services_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ad_member_services_test.rb b/test/ad_member_services_test.rb index 56d71f6..4e785ef 100644 --- a/test/ad_member_services_test.rb +++ b/test/ad_member_services_test.rb @@ -145,7 +145,7 @@ def test_find_by_dn_comma_in_cn end def test_find_by_dn_missing_entry - @ldap.expect(:search, nil, [:base => 'cn=Foo Bar,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject']) + @ldap.expect(:search, nil, [:base => 'cn=Foo Bar,dc=example,dc=com', :scope => Net::LDAP::SearchScope_BaseObject]) @adms.ldap = @ldap assert_raises(LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException) do @adms.find_by_dn('cn=Foo Bar,dc=example,dc=com')