summaryrefslogtreecommitdiff
path: root/lib/custodian/protocoltest/ldap.rb
blob: 7f8091e8687ea566fd1ce3dd34201ef5dda69434 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
require 'custodian/testfactory'


#
#  The LDAP-protocol test.
#
#  This object is instantiated if the parser sees a line such as:
#
###
### foo.vm.bytemark.co.uk must run ldap with username 'user' and password 'xx' otherwise 'auth-server fail'.
###
#
#  The specification of the port is optional and defaults to 389.
#
module Custodian

  module ProtocolTest

    class LDAPTest < TestFactory


      #
      # Constructor
      #
      def initialize(line)

        #
        # Save the line.
        #
        @line = line

        #
        # Save the host
        #
        @host  = line.split(/\s+/)[0]

        #
        # The username/password
        #
        @ldap_user = nil
        @ldap_pass = nil

        if  line =~ /with\s+username\s+'([^']+)'/
          @ldap_user = $1.dup
        end
        if  line =~ /with\s+password\s+'([^']+)'/
          @ldap_pass = $1.dup
        end

        if  @ldap_user.nil?
          raise ArgumentError, "No username specified: #{@line}"
        end
        if  @ldap_pass.nil?
          raise ArgumentError, "No password specified: #{@line}"
        end

        #
        # Save the port
        #
        if  line =~ /on\s+([0-9]+)/
          @port = $1.dup.to_i
        else
          @port = 389
        end
      end



      #
      # Allow this test to be serialized.
      #
      def to_s
        @line
      end




      #
      # Run the test.
      #
      def run_test

        begin
          require 'ldap'
        rescue LoadError
          @error = 'LDAP library not available - test disabled'
          return Custodian::TestResult::TEST_FAILED
        end

        # reset the error, in case we were previously executed.
        @error = nil

        begin
          #  Connect.
          ldap = LDAP::Conn.new(@host, @port)
          ldap.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)

          #  Hardwired search is bad..
          base = 'ou=groups,dc=bytemark,dc=co,dc=uk'
          scope = LDAP::LDAP_SCOPE_SUBTREE
          filter = '(cn=vpn*)'
          attrs = ['sn', 'cn']

          #  Bind.
          ldap.bind(@ldap_user, @ldap_pass)
          if  ldap.bound?

            #
            # Search
            #
            ldap.search(base, scope, filter, attrs)  { |entry|
              puts "We found an LDAP result #{entry.vals('cn')}"
            }
            ldap.unbind
            return Custodian::TestResult::TEST_PASSED
          else
            @error = "failed to bind to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
            return Custodian::TestResult::TEST_FAILED
          end
        rescue LDAP::ResultError => ex
          @error = "LDAP exception: #{ex} when talking to LDAP server '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
          return Custodian::TestResult::TEST_FAILED
        end

        @error = "LDAP server test failed against '#{@host}' with username '#{@ldap_user}' and password '#{@ldap_pass}'"
        Custodian::TestResult::TEST_FAILED
      end


      #
      # If the test fails then report the error.
      #
      def error
        @error
      end



      register_test_type 'ldap'
    end
  end
end