2015-05-21 08:33:56 +02:00
|
|
|
#!/usr/bin/env python
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
from __future__ import with_statement
|
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
import sys
|
|
|
|
from sets import Set
|
2015-05-21 08:54:28 +02:00
|
|
|
from ldapcherry.backend.backendLdap import Backend
|
2015-05-21 08:33:56 +02:00
|
|
|
from ldapcherry.exceptions import *
|
|
|
|
import cherrypy
|
2015-05-26 00:33:36 +02:00
|
|
|
import logging
|
|
|
|
import ldap
|
2015-05-21 08:33:56 +02:00
|
|
|
|
|
|
|
cfg = {
|
2015-05-25 18:52:14 +02:00
|
|
|
'module' : 'ldapcherry.backend.ldap',
|
|
|
|
'groupdn' : 'ou=group,dc=example,dc=org',
|
|
|
|
'userdn' : 'ou=People,dc=example,dc=org',
|
|
|
|
'binddn' : 'cn=dnscherry,dc=example,dc=org',
|
|
|
|
'password' : 'password',
|
|
|
|
'uri' : 'ldap://ldap.ldapcherry.org:390',
|
|
|
|
'ca' : './tests/test_env/etc/ldapcherry/TEST-cacert.pem',
|
|
|
|
'starttls' : 'off',
|
|
|
|
'checkcert' : 'off',
|
|
|
|
'user_filter_tmpl' : '(uid=%(username)s)',
|
|
|
|
'group_filter_tmpl' : '(member=%(userdn)s)',
|
2015-05-25 19:30:41 +02:00
|
|
|
'search_filter_tmpl' : '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))',
|
2015-05-26 00:33:36 +02:00
|
|
|
'objectclasses' : 'top, person, organizationalPerson, simpleSecurityObject, posixAccount',
|
|
|
|
'dn_user_attr' : 'uid',
|
2015-05-21 08:33:56 +02:00
|
|
|
}
|
|
|
|
|
2015-05-26 00:33:36 +02:00
|
|
|
def syslog_error(msg='', context='',
|
|
|
|
severity=logging.INFO, traceback=False):
|
|
|
|
pass
|
|
|
|
|
2015-05-21 21:40:13 +02:00
|
|
|
cherrypy.log.error = syslog_error
|
2015-05-22 20:05:24 +02:00
|
|
|
attr = ['shéll', 'shell', 'cn', 'uid', 'uidNumber', 'gidNumber', 'home', 'userPassword', 'givenName', 'email', 'sn']
|
2015-05-21 21:40:13 +02:00
|
|
|
|
2015-05-21 08:33:56 +02:00
|
|
|
class TestError(object):
|
|
|
|
|
|
|
|
def testNominal(self):
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
2015-05-21 08:33:56 +02:00
|
|
|
return True
|
|
|
|
|
|
|
|
def testConnect(self):
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
2015-05-22 01:16:53 +02:00
|
|
|
ldap = inv._connect()
|
|
|
|
ldap.simple_bind_s(inv.binddn, inv.bindpassword)
|
2015-05-21 08:33:56 +02:00
|
|
|
return True
|
|
|
|
|
|
|
|
def testConnectSSL(self):
|
2015-05-22 01:16:53 +02:00
|
|
|
cfg2 = cfg.copy()
|
|
|
|
cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
|
|
|
|
cfg2['checkcert'] = 'on'
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
|
2015-05-22 01:16:53 +02:00
|
|
|
ldap = inv._connect()
|
|
|
|
ldap.simple_bind_s(inv.binddn, inv.bindpassword)
|
2015-05-21 08:33:56 +02:00
|
|
|
|
2015-05-22 19:38:41 +02:00
|
|
|
def testLdapUnavaible(self):
|
|
|
|
cfg2 = cfg.copy()
|
|
|
|
cfg2['uri'] = 'ldaps://notaldap:637'
|
|
|
|
cfg2['checkcert'] = 'on'
|
|
|
|
cfg2['ca'] = './cfg/ca.crt'
|
|
|
|
inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
|
|
|
|
ldapc = inv._connect()
|
|
|
|
try:
|
|
|
|
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
|
2015-05-26 00:33:36 +02:00
|
|
|
except ldap.SERVER_DOWN as e:
|
2015-05-22 19:38:41 +02:00
|
|
|
return
|
|
|
|
else:
|
|
|
|
raise AssertionError("expected an exception")
|
|
|
|
|
2015-05-22 01:16:53 +02:00
|
|
|
def testConnectSSLWrongCA(self):
|
|
|
|
cfg2 = cfg.copy()
|
|
|
|
cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
|
|
|
|
cfg2['checkcert'] = 'on'
|
|
|
|
cfg2['ca'] = './cfg/wrong_ca.crt'
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
|
2015-05-22 01:16:53 +02:00
|
|
|
ldapc = inv._connect()
|
|
|
|
try:
|
|
|
|
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
|
2015-05-26 00:33:36 +02:00
|
|
|
except ldap.SERVER_DOWN as e:
|
2015-05-22 01:16:53 +02:00
|
|
|
assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate'
|
|
|
|
|
|
|
|
# def testConnectSSLNoCheck(self):
|
|
|
|
# cfg2 = cfg.copy()
|
|
|
|
# cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
|
|
|
|
# cfg2['checkcert'] = 'off'
|
2015-05-22 10:27:46 +02:00
|
|
|
# inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
|
2015-05-22 01:16:53 +02:00
|
|
|
# ldap = inv._connect()
|
|
|
|
# ldap.simple_bind_s(inv.binddn, inv.bindpassword)
|
2015-05-21 08:33:56 +02:00
|
|
|
|
|
|
|
def testAuthSuccess(self):
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
2015-05-21 08:33:56 +02:00
|
|
|
return True
|
|
|
|
|
|
|
|
def testAuthSuccess(self):
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
2015-05-22 01:33:15 +02:00
|
|
|
ret = inv.auth('jwatson', 'passwordwatson')
|
|
|
|
assert ret == True
|
2015-05-21 08:33:56 +02:00
|
|
|
|
|
|
|
def testAuthFailure(self):
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
2015-05-22 01:33:15 +02:00
|
|
|
res = inv.auth('notauser', 'password') or inv.auth('jwatson', 'notapassword')
|
|
|
|
assert res == False
|
2015-05-21 08:33:56 +02:00
|
|
|
|
|
|
|
def testMissingParam(self):
|
|
|
|
cfg2 = {}
|
|
|
|
return True
|
|
|
|
try:
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg2, cherrypy.log, 'ldap', attr)
|
2015-05-21 08:33:56 +02:00
|
|
|
except MissingKey:
|
|
|
|
return
|
|
|
|
else:
|
|
|
|
raise AssertionError("expected an exception")
|
|
|
|
|
|
|
|
def testGetUser(self):
|
2015-05-22 10:27:46 +02:00
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
2015-05-22 20:05:24 +02:00
|
|
|
ret = inv.get_user('jwatson')
|
2015-05-26 22:51:29 +02:00
|
|
|
expected = {'uid': 'jwatson', 'cn': 'John Watson', 'sn': 'watson'}
|
2015-05-22 20:05:24 +02:00
|
|
|
assert ret == expected
|
2015-05-25 19:30:41 +02:00
|
|
|
|
2015-05-26 00:33:36 +02:00
|
|
|
def testSearchUser(self):
|
2015-05-25 19:30:41 +02:00
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
|
|
|
ret = inv.search('smith')
|
|
|
|
expected = [('cn=Sheri Smith,ou=People,dc=example,dc=org', {'uid': ['ssmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HERCAR 125'], 'sn': ['smith'], 'mail': ['s.smith@example.com', 'ssmith@example.com', 'sheri.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['Sheri Smith']}), ('cn=John Smith,ou=People,dc=example,dc=org', {'uid': ['jsmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HISCAR 125'], 'sn': ['Smith'], 'mail': ['j.smith@example.com', 'jsmith@example.com', 'jsmith.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['John Smith']})]
|
|
|
|
assert ret == expected
|
2015-05-26 00:33:36 +02:00
|
|
|
|
|
|
|
def testAddUser(self):
|
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
|
|
|
user = {
|
|
|
|
'uid': 'test',
|
|
|
|
'sn': 'test',
|
|
|
|
'cn': 'test',
|
|
|
|
'userPassword': 'test',
|
|
|
|
'uidNumber': '42',
|
|
|
|
'gidNumber': '42',
|
|
|
|
'homeDirectory': '/home/test/'
|
|
|
|
}
|
|
|
|
inv.add_user(user)
|
|
|
|
inv.del_user('test')
|
|
|
|
|
|
|
|
def testAddUserDuplicate(self):
|
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
|
|
|
user = {
|
|
|
|
'uid': 'test',
|
|
|
|
'sn': 'test',
|
|
|
|
'cn': 'test',
|
|
|
|
'uidNumber': '42',
|
|
|
|
'userPassword': 'test',
|
|
|
|
'gidNumber': '42',
|
|
|
|
'homeDirectory': '/home/test/'
|
|
|
|
}
|
|
|
|
try:
|
|
|
|
inv.add_user(user)
|
|
|
|
inv.add_user(user)
|
|
|
|
except ldap.ALREADY_EXISTS:
|
|
|
|
inv.del_user('test')
|
|
|
|
return
|
|
|
|
else:
|
|
|
|
inv.del_user('test')
|
|
|
|
raise AssertionError("expected an exception")
|
|
|
|
|
|
|
|
def testAddUserMissingMustAttribute(self):
|
|
|
|
inv = Backend(cfg, cherrypy.log, 'ldap', attr)
|
|
|
|
user = {
|
|
|
|
'uid': 'test',
|
|
|
|
'sn': 'test',
|
|
|
|
'cn': 'test',
|
|
|
|
'userPassword': 'test',
|
|
|
|
'gidNumber': '42',
|
|
|
|
'homeDirectory': '/home/test/'
|
|
|
|
}
|
|
|
|
try:
|
|
|
|
inv.add_user(user)
|
|
|
|
except ldap.OBJECT_CLASS_VIOLATION:
|
|
|
|
return
|
|
|
|
else:
|
|
|
|
inv.del_user('test')
|
|
|
|
raise AssertionError("expected an exception")
|