diff --git a/tests/cfg/ldapcherry.ini b/tests/cfg/ldapcherry.ini index f67674f..b04dbd7 100644 --- a/tests/cfg/ldapcherry.ini +++ b/tests/cfg/ldapcherry.ini @@ -71,7 +71,7 @@ ldap.groupdn = 'ou=groups,dc=example,dc=org' ldap.userdn = 'ou=people,dc=example,dc=org' ldap.binddn = 'cn=dnscherry,dc=example,dc=org' ldap.password = 'password' -ldap.uri = 'ldap://ldap.ldapcherry.org:637' +ldap.uri = 'ldap://ldap.ldapcherry.org:390' ldap.ca = '/etc/dnscherry/TEST-cacert.pem' ldap.starttls = 'off' ldap.checkcert = 'off' diff --git a/tests/disable.py b/tests/disable.py new file mode 100644 index 0000000..089e3d6 --- /dev/null +++ b/tests/disable.py @@ -0,0 +1,8 @@ +import os +def travis_disabled(f): + def _decorator(f): + print 'test has been disabled on travis' + if 'TRAVIS' in os.environ and os.environ['TRAVIS'] == 'yes': + return _decorator + else: + return f diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index 2474c96..752c6b4 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -9,6 +9,7 @@ import sys from sets import Set from ldapcherry.backend.backendLdap import Backend, DelUserDontExists from ldapcherry.exceptions import * +from disable import travis_disabled import cherrypy import logging import ldap @@ -20,7 +21,7 @@ cfg = { 'binddn' : 'cn=dnscherry,dc=example,dc=org', 'password' : 'password', 'uri' : 'ldap://ldap.dnscherry.org:390', -'ca' : './tests/test_env/etc/ldapcherry/TEST-cacert.pem', +'ca' : './test/cfg/ca.crt', 'starttls' : 'off', 'checkcert' : 'off', 'user_filter_tmpl' : '(uid=%(username)s)', @@ -45,13 +46,14 @@ class TestError(object): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') return True -# def testConnectSSLNoCheck(self): -# cfg2 = cfg.copy() -# cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' -# cfg2['checkcert'] = 'off' -# inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') -# ldap = inv._connect() -# ldap.simple_bind_s(inv.binddn, inv.bindpassword) + @travis_disabled + def testConnectSSLNoCheck(self): + cfg2 = cfg.copy() + cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' + cfg2['checkcert'] = 'off' + inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') + ldap = inv._connect() + ldap.simple_bind_s(inv.binddn, inv.bindpassword) def testConnect(self): inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid') @@ -59,6 +61,7 @@ class TestError(object): ldap.simple_bind_s(inv.binddn, inv.bindpassword) return True + @travis_disabled def testConnectSSL(self): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://ldap.dnscherry.org:637' @@ -71,7 +74,6 @@ class TestError(object): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://notaldap:637' cfg2['checkcert'] = 'on' - cfg2['ca'] = './cfg/ca.crt' inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') ldapc = inv._connect() try: @@ -81,11 +83,26 @@ class TestError(object): else: raise AssertionError("expected an exception") + @travis_disabled def testConnectSSLWrongCA(self): cfg2 = cfg.copy() cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637' cfg2['checkcert'] = 'on' - cfg2['ca'] = './cfg/wrong_ca.crt' + cfg2['ca'] = './test/cfg/wrong_ca.crt' + inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') + ldapc = inv._connect() + try: + ldapc.simple_bind_s(inv.binddn, inv.bindpassword) + except ldap.SERVER_DOWN as e: + assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate' + + @travis_disabled + def testConnectStartTLS(self): + cfg2 = cfg.copy() + cfg2['uri'] = 'ldap://ldap.ldapcherry.org:390' + cfg2['checkcert'] = 'off' + cfg2['starttls'] = 'on' + cfg2['ca'] = './test/cfg/ca.crt' inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid') ldapc = inv._connect() try: