A better variable name here might be dn since you extract it from an entry. Also, what do you think of making the parameter name entry_or_dn to reflect it accepting two types?

Reducing over the | operator looks like a disappointed smiley :| No change requested here 😁

This interface makes sense to me, but I'm not familiar with how it'll typically be called. If users are typically working with entrys, the following interface feels more natural to me:

ldap.search(...) do |entry|
  entry.member_of?("Engineering")  #=> true
end

The above isn't actually possible because an Entry does not keep a reference to the connection object that it came from (as far as I know). This is all syntactic sugar in any case and doesn't affect your validators interface, but I wanted to brainstorm out loud in case it leads us to a more intuitive interface.

@jch I'm trying to move away from sugar like this for various reasons, but the biggest reason by far is that abstractions like this hide the actual work behind the scenes, which in this case means network IO.

I also don't want to try to inject methods like member_of? into Net::LDAP::Entry classes, keeping a clear separation between that library and these higher level concerns.

Dig it. I think it's a bad idea to add sugar before trying out real life access patterns anyhow. Just wanted to get a feel for it.

I would actually implement this in the base class as follows:

def perform(entry)
  raise NotImplementedError.new
end

With a note in the doc that says this method is required by subclasses.

I stopped doing that as much when I found out that NotImplementedError is reserved for platform to indicate unavailable features like fork. See: http://www.ruby-doc.org/core-2.1.3/NotImplementedError.html for details.

I'm happy with NoMethodError in this case.

TIL. Do you add a custom message along with the NoMethodError?

raise NoMethodError.new "method #x required"

I'm literally letting Ruby do all the work. ^_^

Make this method private or protected

👌

This reads fine to me and I'm not familiar with existing style conventions yet, but it can also be written in the positive:

if membership.present?

edit also out of scope for this PR because you're just moving existing behavior over. Just wanted to note it.

Unless I'm mistaken, present? is an ActiveSupport extension and not part of standard Ruby library.

Indeed. http://api.rubyonrails.org/classes/Object.html#method-i-present-3F

Will this be used by other adaptors? No need to push it up to the Base class just yet, I'm just curious.

Not worried about answering that until it's actually needed, and the method/class signature might change enough to make this unnecessary. This is needed because this class uses CNs but the other uses DNs to compare, and I wanted to take Net::LDAP::Entry objects as input to make the input consistent between the two (drop in replacement being desired).

👍

Should depth be a configurable attribute? Is there any downside to reusing validators, or are you trying to encourage people to create a new validator each time?

Validators should be reused.

I kept depth here instead of on initialize to make initialize consistent but I guess this adds inconsistency for the caller anyways. Will think about this a little more.

Perhaps this signature?

def perform(entry, options = {})
end

Might be premature as I don't know whether it'll be common for validators to accept options. I'm fine with leaving it as is and fine tuning later.

Going to reason about this a bit more. Haven't convinced myself how to this works yet.