diff --git a/tests/cfg/attributes_test.yml b/tests/cfg/attributes_test.yml new file mode 100644 index 0000000..c87e473 --- /dev/null +++ b/tests/cfg/attributes_test.yml @@ -0,0 +1,111 @@ +cn: + description: "First Name and Display Name" + display_name: "Display Name" + type: string + weight: 30 + autofill: + function: cn + args: + - $first-name + - $name + backends: + ldap: cn + +first-name: + description: "First name of the user" + display_name: "First Name" + search_displayed: True + type: string + weight: 20 + backends: + ldap: givenName +name: + description: "Family name of the user" + display_name: "Name" + search_displayed: True + weight: 10 + type: string + backends: + ldap: sn +email: + description: "Email of the user" + display_name: "Email" + search_displayed: True + type: email + weight: 40 + autofill: + function: email + args: + - $first-name + - $last-name + - '@example.com' + backends: + ldap: mail +uid: + description: "UID of the user" + display_name: "UID" + search_displayed: True + key: True + type: string + weight: 50 + autofill: + function: uid + args: + - $first-name + - $last-name + backends: + ldap: uid +uidNumber: + description: "User ID Number of the user" + display_name: "UID Number" + weight: 60 + type: int + autofill: + function: uidNumber + args: + - $first-name + - $last-name + backends: + ldap: uidNumber +gidNumber: + description: "Group ID Number of the user" + display_name: "GID Number" + weight: 70 + type: int + default: 10000 + backends: + ldap: gidNumber +shell: + description: "Shell of the user" + display_name: "Shell" + weight: 80 + self: True + type: stringlist + values: + - /bin/bash + - /bin/zsh + - /bin/sh + backends: + ldap: loginShell +home: + description: "Home user path" + display_name: "Home" + weight: 90 + type: string + autofill: + function: home + args: + - $first-name + - $last-name + - /home/ + backends: + ldap: homeDirectory + +password: + description: "Password of the user" + display_name: "Password" + weight: 31 + self: True + type: password + backends: + ldap: userPassword diff --git a/tests/cfg/ldapcherry_test.ini b/tests/cfg/ldapcherry_test.ini new file mode 100644 index 0000000..4e378c8 --- /dev/null +++ b/tests/cfg/ldapcherry_test.ini @@ -0,0 +1,127 @@ +# global parameters +[global] + +# listing interface +server.socket_host = '127.0.0.1' +# port +server.socket_port = 8080 +# number of threads +server.thread_pool = 8 +#don't show traceback on error +request.show_tracebacks = False + +# log configuration +# /!\ you can't have multiple log handlers +##################################### +# configuration to log in files # +##################################### +## logger 'file' for access log +#log.access_handler = 'file' +## logger syslog for error and ldapcherry log +#log.error_handler = 'file' +## access log file +#log.access_file = '/tmp/ldapcherry_access.log' +## error and ldapcherry log file +#log.error_file = '/tmp/ldapcherry_error.log' + +##################################### +# configuration to log in syslog # +##################################### +# logger syslog for access log +#log.access_handler = 'syslog' +## logger syslog for error and ldapcherry log +log.error_handler = 'syslog' + +##################################### +# configuration to not log at all # +##################################### +# logger none for access log +log.access_handler = 'none' +# logger none for error and ldapcherry log +#log.error_handler = 'none' + +# log level +log.level = 'debug' + +# session configuration +# activate session +tools.sessions.on = True +# session timeout +tools.sessions.timeout = 10 +# file session storage(to use if multiple processes, +# default is in RAM and per process) +#tools.sessions.storage_type = "file" +# session +#tools.sessions.storage_path = "/var/lib/ldapcherry/sessions" + +[attributes] + +# file discribing form content +attributes.file = './tests/cfg/attributes_test.yml' + +[roles] + +# file listing roles +roles.file = './tests/cfg/roles_test.yml' + +[backends] + +# name of the module +ldap.module = 'ldapcherry.backend.backendLdap' + +# uri of the ldap directory +ldap.uri = 'ldaps://ldap.ldapcherry.org:637' +# ca to use for ssl/tls connexion +ldap.ca = '/etc/dnscherry/TEST-cacert.pem' +# use start tls +ldap.starttls = 'off' +# check server certificate (for tls) +ldap.checkcert = 'off' +# bind dn to the ldap +ldap.binddn = 'cn=dnscherry,dc=example,dc=org' +# password of the bind dn +ldap.password = 'password' +# timeout of ldap connexion (in second) +ldap.timeout = 1 + +# groups dn +ldap.groupdn = 'ou=group,dc=example,dc=org' +# users dn +ldap.userdn = 'ou=people,dc=example,dc=org' +# ldapsearch filter to get a user +ldap.user_filter_tmpl = '(uid=%(username)s)' +# ldapsearch filter to get groups of a user +ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)' +# filter to search users +ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' + +# ldap group attributes and how to fill them +ldap.group_attr.member = "%(dn)s" +#ldap.group_attr.memberUid = "%(uid)s" +# object classes of a user entry +ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson' +# dn entry attribute for an ldap user +ldap.dn_user_attr = 'uid' + + +# authentification parameters +[auth] + +# Auth mode +# * and: user must authenticate on all backends +# * or: user must authenticate on one of the backend +# * none: disable authentification +# * custom: custom authentification module (need auth.module param) +auth.mode = 'none' + +# custom auth module to load +#auth.module = 'ldapcherry.auth.modNone' + +# resources parameters +[resources] +# templates directory +templates.dir = '/usr/share/ldapcherry/templates/' + +[/static] +tools.staticdir.on = True +tools.staticdir.dir = '/usr/share/ldapcherry/static/' diff --git a/tests/cfg/roles_test.yml b/tests/cfg/roles_test.yml new file mode 100644 index 0000000..948fb83 --- /dev/null +++ b/tests/cfg/roles_test.yml @@ -0,0 +1,33 @@ +admin-lv3: + display_name: Administrators Level 3 + description: Super administrators of the system + backends_groups: + ldap: + - cn=dns admins,ou=Group,dc=example,dc=org + - cn=nagios admins,ou=Group,dc=example,dc=org + - cn=puppet admins,ou=Group,dc=example,dc=org + - cn=users,ou=Group,dc=example,dc=org + +admin-lv2: + display_name: Administrators Level 2 + description: Basic administrators of the system + LC_admins: True + backends_groups: + ldap: + - cn=nagios admins,ou=Group,dc=example,dc=org + - cn=users,ou=Group,dc=example,dc=org + +developpers: + display_name: Developpers + description: Developpers of the system + backends_groups: + ldap: + - cn=developpers,ou=Group,dc=example,dc=org + - cn=users,ou=Group,dc=example,dc=org + +users: + display_name: Simple Users + description: Basic users of the system + backends_groups: + ldap: + - cn=users,ou=Group,dc=example,dc=org diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index 752c6b4..3fe92e5 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -163,7 +163,7 @@ class TestError(object): def testSearchUser(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') ret = inv.search('smith') - expected = {'ssmith': {'sn': 'smith', 'uid': 'ssmith', 'cn': 'Sheri Smith'}, 'jsmith': {'sn': 'Smith', 'uid': 'jsmith', 'cn': 'John Smith'}} + expected = {'ssmith': {'sn': 'smith', 'uid': 'ssmith', 'cn': 'Sheri Smith', 'userPassword': 'passwordsmith'}, 'jsmith': {'sn': 'Smith', 'uid': 'jsmith', 'cn': 'John Smith', 'userPassword': 'passwordsmith'}} assert ret == expected def testAddUser(self): @@ -229,7 +229,7 @@ class TestError(object): def testGetUser(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') ret = inv.get_user('jwatson') - expected = {'uid': 'jwatson', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson'} + expected = {'uid': 'jwatson', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': 'j.watson@example.com', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatson'} assert ret == expected def testAddUserMissingMustattribute(self): diff --git a/tests/test_LdapCherry.py b/tests/test_LdapCherry.py index 3fe0645..67d18df 100644 --- a/tests/test_LdapCherry.py +++ b/tests/test_LdapCherry.py @@ -124,6 +124,36 @@ class TestError(object): else: raise AssertionError("expected an exception") + def testSearch(self): + app = LdapCherry() + loadconf('./tests/cfg/ldapcherry.ini', app) + expected = {u'ssmith': {'password': u'passwordsmith', 'cn': u'Sheri Smith', 'name': u'smith', 'uid': u'ssmith'}, u'jsmith': {'password': u'passwordsmith', 'cn': u'John Smith', 'name': u'Smith', 'uid': u'jsmith'}} + ret = app._search('smith') + assert expected == ret + + def testGetUser(self): + app = LdapCherry() + loadconf('./tests/cfg/ldapcherry.ini', app) + expected = {'password': u'passwordsmith', 'cn': u'Sheri Smith', 'uid': u'ssmith', 'name': u'smith'} + ret = app._get_user('ssmith') + assert expected == ret + + def testAddUser(self): + app = LdapCherry() + loadconf('./tests/cfg/ldapcherry_test.ini', app) + form = {'groups': {}, 'attrs': {'password1': u'password☭', 'password2': u'password☭', 'cn': u'Test ☭ Test', 'name': u'Test ☭', 'uidNumber': u'1000', 'gidNumber': u'1000', 'home': u'/home/test', 'first-name': u'Test ☭', 'email': u'test@test.fr', 'uid': u'test'}, 'roles': {'admin-lv3': u'on', 'admin-lv2': u'on', 'users': u'on'}} + app._adduser(form) + app._deleteuser('test') + + def testModifUser(self): + app = LdapCherry() + loadconf('./tests/cfg/ldapcherry_test.ini', app) + form = {'groups': {}, 'attrs': {'password1': u'password☭', 'password2': u'password☭', 'cn': u'Test ☭ Test', 'name': u'Test ☭', 'uidNumber': u'1000', 'gidNumber': u'1000', 'home': u'/home/test', 'first-name': u'Test ☭', 'email': u'test@test.fr', 'uid': u'test'}, 'roles': {'admin-lv3': u'on', 'admin-lv2': u'on', 'users': u'on'}} + app._adduser(form) + modify_form = { 'attrs': {'first-name': u'Test42 ☭', 'uid': u'test'}, 'roles': { 'admin-lv3': u'on'}} + app._modify(modify_form) + app._deleteuser('test') + def testLogger(self): app = LdapCherry() loadconf('./tests/cfg/ldapcherry.ini', app)