Initial LDAP group member iteration support

Add interface for group member iteration on internal auth providers and implement support in the LDAP interface.

test/test_ldap.py

@@ -34,18 +34,25 @@ def mock_ldap(requires_email=True):
       'dc': ['quay', 'io'],
       'ou': 'otheremployees'
     },
+    'cn=AwesomeFolk,dc=quay,dc=io': {
+      'dc': ['quay', 'io'],
+      'cn': 'AwesomeFolk'
+    },
     'uid=testy,ou=employees,dc=quay,dc=io': {
       'dc': ['quay', 'io'],
       'ou': 'employees',
-      'uid': 'testy',
-      'userPassword': ['password']
+      'uid': ['testy'],
+      'userPassword': ['password'],
+      'mail': ['bar@baz.com'],
+      'memberOf': ['cn=AwesomeFolk,dc=quay,dc=io'],
     },
     'uid=someuser,ou=employees,dc=quay,dc=io': {
       'dc': ['quay', 'io'],
       'ou': 'employees',
       'uid': ['someuser'],
       'userPassword': ['somepass'],
-      'mail': ['foo@bar.com']
+      'mail': ['foo@bar.com'],
+      'memberOf': ['cn=AwesomeFolk,dc=quay,dc=io'],
     },
     'uid=nomail,ou=employees,dc=quay,dc=io': {
       'dc': ['quay', 'io'],
@@ -301,6 +308,25 @@ class TestLDAP(unittest.TestCase):
                        requires_email=False, timeout=5)
       ldap.query_users('cool')
 
+  def test_iterate_group_members(self):
+    with mock_ldap() as ldap:
+      (it, err) = ldap.iterate_group_members({'group_dn': 'cn=AwesomeFolk'},
+                                             disable_pagination=True)
+      self.assertIsNone(err)
+
+      results = list(it)
+      self.assertEquals(2, len(results))
+
+      first = results[0][0]
+      self.assertEquals('testy', first.id)
+      self.assertEquals('testy', first.username)
+      self.assertEquals('bar@baz.com', first.email)
+
+      second = results[1][0]
+      self.assertEquals('someuser', second.id)
+      self.assertEquals('someuser', second.username)
+      self.assertEquals('foo@bar.com', second.email)
+
 if __name__ == '__main__':
   unittest.main()