3
# Created by Luke Kanies on 2008-3-10.
4
# Copyright (c) 2006. All rights reserved.
6
require File.dirname(__FILE__) + '/../../../spec_helper'
8
provider_class = Puppet::Type.type(:user).provider(:ldap)
10
describe provider_class do
11
it "should have the Ldap provider class as its baseclass" do
12
provider_class.superclass.should equal(Puppet::Provider::Ldap)
15
it "should manage :posixAccount and :person objectclasses" do
16
provider_class.manager.objectclasses.should == [:posixAccount, :person]
19
it "should use 'ou=People' as its relative base" do
20
provider_class.manager.location.should == "ou=People"
23
it "should use :uid as its rdn" do
24
provider_class.manager.rdn.should == :uid
27
it "should be able to manage passwords" do
28
provider_class.should be_manages_passwords
31
it "should use the ldap group provider to convert group names to numbers" do
32
provider = provider_class.new(:name => "foo")
33
Puppet::Type.type(:group).provider(:ldap).expects(:name2id).with("bar").returns 10
36
provider.gid.should == 10
40
:password => "userPassword",
44
:home => "homeDirectory",
45
:shell => "loginShell"
46
}.each do |puppet, ldap|
47
it "should map :#{puppet.to_s} to '#{ldap}'" do
48
provider_class.manager.ldap_name(puppet).should == ldap
52
describe "when being created" do
54
# So we don't try to actually talk to ldap
55
@connection = mock 'connection'
56
provider_class.manager.stubs(:connect).yields @connection
59
it "should generate the sn as the last field of the cn" do
60
resource = stub 'resource', :should => %w{whatever}
61
resource.stubs(:should).with(:comment).returns ["Luke Kanies"]
62
resource.stubs(:should).with(:ensure).returns :present
63
instance = provider_class.new(:name => "luke", :ensure => :absent)
64
instance.stubs(:resource).returns resource
66
@connection.expects(:add).with { |dn, attrs| attrs["sn"] == ["Kanies"] }
72
describe "with no uid specified" do
73
it "should pick the first available UID after the largest existing UID" do
74
low = {:name=>["luke"], :shell=>:absent, :uid=>["600"], :home=>["/h"], :gid=>["1000"], :password=>["blah"], :comment=>["l k"]}
75
high = {:name=>["testing"], :shell=>:absent, :uid=>["640"], :home=>["/h"], :gid=>["1000"], :password=>["blah"], :comment=>["t u"]}
76
provider_class.manager.expects(:search).returns([low, high])
78
resource = stub 'resource', :should => %w{whatever}
79
resource.stubs(:should).with(:uid).returns nil
80
resource.stubs(:should).with(:ensure).returns :present
81
instance = provider_class.new(:name => "luke", :ensure => :absent)
82
instance.stubs(:resource).returns resource
84
@connection.expects(:add).with { |dn, attrs| attrs["uidNumber"] == ["641"] }
90
it "should pick 501 of no users exist" do
91
provider_class.manager.expects(:search).returns nil
93
resource = stub 'resource', :should => %w{whatever}
94
resource.stubs(:should).with(:uid).returns nil
95
resource.stubs(:should).with(:ensure).returns :present
96
instance = provider_class.new(:name => "luke", :ensure => :absent)
97
instance.stubs(:resource).returns resource
99
@connection.expects(:add).with { |dn, attrs| attrs["uidNumber"] == ["501"] }
107
describe "when flushing" do
109
provider_class.stubs(:suitable?).returns true
111
@instance = provider_class.new(:name => "myname", :groups => %w{whatever}, :uid => "400")
114
it "should remove the :groups value before updating" do
115
@instance.class.manager.expects(:update).with { |name, ldap, puppet| puppet[:groups].nil? }
120
it "should empty the property hash" do
121
@instance.class.manager.stubs(:update)
125
@instance.uid.should == :absent
128
it "should empty the ldap property hash" do
129
@instance.class.manager.stubs(:update)
133
@instance.ldap_properties[:uid].should be_nil
137
describe "when checking group membership" do
139
@groups = Puppet::Type.type(:group).provider(:ldap)
140
@group_manager = @groups.manager
141
provider_class.stubs(:suitable?).returns true
143
@instance = provider_class.new(:name => "myname")
146
it "should show its group membership as the list of all groups returned by an ldap query of group memberships" do
147
one = {:name => "one"}
148
two = {:name => "two"}
149
@group_manager.expects(:search).with("memberUid=myname").returns([one, two])
151
@instance.groups.should == "one,two"
154
it "should show its group membership as :absent if no matching groups are found in ldap" do
155
@group_manager.expects(:search).with("memberUid=myname").returns(nil)
157
@instance.groups.should == :absent
160
it "should cache the group value" do
161
@group_manager.expects(:search).with("memberUid=myname").once.returns nil
164
@instance.groups.should == :absent
168
describe "when modifying group membership" do
170
@groups = Puppet::Type.type(:group).provider(:ldap)
171
@group_manager = @groups.manager
172
provider_class.stubs(:suitable?).returns true
174
@one = {:name => "one", :gid => "500"}
175
@group_manager.stubs(:find).with("one").returns(@one)
177
@two = {:name => "one", :gid => "600"}
178
@group_manager.stubs(:find).with("two").returns(@two)
180
@instance = provider_class.new(:name => "myname")
182
@instance.stubs(:groups).returns :absent
185
it "should fail if the group does not exist" do
186
@group_manager.expects(:find).with("mygroup").returns nil
188
lambda { @instance.groups = "mygroup" }.should raise_error(Puppet::Error)
191
it "should only pass the attributes it cares about to the group manager" do
192
@group_manager.expects(:update).with { |name, attrs| attrs[:gid].nil? }
194
@instance.groups = "one"
197
it "should always include :ensure => :present in the current values" do
198
@group_manager.expects(:update).with { |name, is, should| is[:ensure] == :present }
200
@instance.groups = "one"
203
it "should always include :ensure => :present in the desired values" do
204
@group_manager.expects(:update).with { |name, is, should| should[:ensure] == :present }
206
@instance.groups = "one"
209
it "should always pass the group's original member list" do
210
@one[:members] = %w{yay ness}
211
@group_manager.expects(:update).with { |name, is, should| is[:members] == %w{yay ness} }
213
@instance.groups = "one"
216
it "should find the group again when resetting its member list, so it has the full member list" do
217
@group_manager.expects(:find).with("one").returns(@one)
219
@group_manager.stubs(:update)
221
@instance.groups = "one"
224
describe "for groups that have no members" do
225
it "should create a new members attribute with its value being the user's name" do
226
@group_manager.expects(:update).with { |name, is, should| should[:members] == %w{myname} }
228
@instance.groups = "one"
232
describe "for groups it is being removed from" do
233
it "should replace the group's member list with one missing the user's name" do
234
@one[:members] = %w{myname a}
235
@two[:members] = %w{myname b}
237
@group_manager.expects(:update).with { |name, is, should| name == "two" and should[:members] == %w{b} }
239
@instance.stubs(:groups).returns "one,two"
240
@instance.groups = "one"
243
it "should mark the member list as empty if there are no remaining members" do
244
@one[:members] = %w{myname}
245
@two[:members] = %w{myname b}
247
@group_manager.expects(:update).with { |name, is, should| name == "one" and should[:members] == :absent }
249
@instance.stubs(:groups).returns "one,two"
250
@instance.groups = "two"
254
describe "for groups that already have members" do
255
it "should replace each group's member list with a new list including the user's name" do
256
@one[:members] = %w{a b}
257
@group_manager.expects(:update).with { |name, is, should| should[:members] == %w{a b myname} }
258
@two[:members] = %w{b c}
259
@group_manager.expects(:update).with { |name, is, should| should[:members] == %w{b c myname} }
261
@instance.groups = "one,two"
265
describe "for groups of which it is a member" do
266
it "should do nothing" do
267
@one[:members] = %w{a b}
268
@group_manager.expects(:update).with { |name, is, should| should[:members] == %w{a b myname} }
270
@two[:members] = %w{c myname}
271
@group_manager.expects(:update).with { |name, *other| name == "two" }.never
273
@instance.stubs(:groups).returns "two"
275
@instance.groups = "one,two"