Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Ladle dishes out steaming helpings of lightweight directory access (LDAP) for use in testing with rspec, cucumber, or any other ruby test framework.
It spins up an actual LDAP server instance, so you can use it to test any sort of client application — anything that communicates over the standard LDAP protocol.
Ladle itself is tested on both JRuby 1.7.11 and Ruby 1.9.3, 2.0.0, and 2.1.2. It is a wrapper around ApacheDS (a pure-java embeddable LDAP server), so it needs Java 7 or later available whether you are using JRuby or not.
Ladle will not work with MRI on Windows. (A pull request adding this support would be eagerly reviewed.) It should work with JRuby on Windows, though this hasn't been tested.
To use Ladle, first create a server with some data:
server = Ladle::Server.new(
:port => 3897,
:ldif => "test_users.ldif",
:domain => "dc=test"
)
Then start the server:
server.start
At this point, you have an LDAP server running on port 3897 with your specified groups and people in it. When you're done with it, just tell it to stop:
server.stop
Depending on what you're doing, you might want to run one {Ladle::Server} for all your tests, or have a clean one for each test. Since it takes a few seconds to spin up the server, if you are only reading from the server, it makes sense to use one for all your tests. If you are doing writes, a separate server for each test is safer.
All decent test frameworks can support either mode. Some examples:
To use a server per test, configure and start it in a normal before
block, then stop it in an after
block:
describe "directory access" do
before do
@ldap_server = Ladle::Server.new(:quiet => true).start
end
after do
@ldap_server.stop if @ldap_server
end
it "is possible" do
# ...
end
end
For a shared server, use before(:all)
and after(:all)
instead.
See rspec's docs for more info.
To use a server per test, use Cucumber's Around
hook:
Around('@ldap') do |scenario, block|
ladle = Ladle::Server.new(:quiet => true).start
block.call
ladle.stop
end
If you want just one server, consider something like this:
Before('@ldap') do
$ladle ||= Ladle::Server.new(:quiet => true).start
end
This will start up a server for the first feature which needs it (and
has indicated that with the @ldap
tag). The server will remain
running for all subsequent features and automatically shut down at the
end of the run. (Cucumber's hooks documentation notes that you would,
in general, need to register an at_exit
block for the process to be
torn down at the end. {Ladle::Server#start} does this automatically.)
Ladle accepts data in the standard LDIF format. If you do
not specify an LDIF file when creating the server, ladle will use its
default data. You can peruse it in lib/ladle/default.ldif
.
Note also that you will usually need to provide both the :ldif
and
:domain
configuration parameters. The latter must be the domain
component (dc) matching the data in the former. (N.b. the implicit
restriction of the data to a single domain.)
If you need to use LDAP classes that are not among the standard set provided by ApacheDS, you'll need to specify a custom schema. See {file:CUSTOM-SCHEMA.md} for details.
Non-issue questions can be sent to rhett@detailedbalance.net.
Ladle is copyright 2010 Rhett Sutphin. It was built at NUBIC.
See the NOTICE
file alongside this one for copyright information
about software ladle depends on and redistributes.
FAQs
Unknown package
We found that ladle demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.