Merge branch 'master' of https://github.com/kakwa/ldapcherry

tests/cfg/ldapcherry.ini

@@ -67,8 +67,8 @@ roles.file = './tests/cfg/roles.yml'
 [backends]
 
 ldap.module = 'ldapcherry.backend.backendLdap'
-ldap.groupdn = 'ou=group,dc=example,dc=com'
-ldap.userdn = 'ou=group,dc=example,dc=com'
+ldap.groupdn = 'ou=groups,dc=example,dc=com'
+ldap.userdn = 'ou=people,dc=example,dc=com'
 ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
 ldap.password = 'password'
 ldap.uri = 'ldaps://ldap.ldapcherry.org'
@@ -77,6 +77,9 @@ ldap.starttls = 'on'
 ldap.checkcert = 'off'
 ldap.user_filter_tmpl = '(uid=%(username)s)'
 ldap.group_filter_tmpl = '(member=%(userdn)s)'
+ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
+ldap.objectclasses = 'top, person, organizationalPerson, user'
+ldap.dn_user_attr = 'uid'
 ldap.timeout = 1
 
 ad.module = 'ldapcherry.backend.backendSamba4'

tests/test_BackendLdap.py

@@ -8,25 +8,32 @@ import pytest
 import sys
 from sets import Set
 from ldapcherry.backend.backendLdap import Backend
-from ldapcherry import syslog_error
 from ldapcherry.exceptions import * 
 import cherrypy
-from ldap import SERVER_DOWN
+import logging
+import ldap
 
 cfg = {
-'module'            : 'ldapcherry.backend.ldap',
-'groupdn'           : 'ou=group,dc=example,dc=org',
-'userdn'            : 'ou=People,dc=example,dc=org',
-'binddn'            : 'cn=dnscherry,dc=example,dc=org',
-'password'          : 'password',
-'uri'               : 'ldap://ldap.ldapcherry.org:390',
-'ca'                : './tests/test_env/etc/ldapcherry/TEST-cacert.pem',
-'starttls'          : 'off',
-'checkcert'         : 'off',
-'user_filter_tmpl'  : '(uid=%(username)s)',
-'group_filter_tmpl' : '(member=%(userdn)s)',
+'module'             : 'ldapcherry.backend.ldap',
+'groupdn'            : 'ou=groups,dc=example,dc=org',
+'userdn'             : 'ou=People,dc=example,dc=org',
+'binddn'             : 'cn=dnscherry,dc=example,dc=org',
+'password'           : 'password',
+'uri'                : 'ldap://ldap.ldapcherry.org:390',
+'ca'                 : './tests/test_env/etc/ldapcherry/TEST-cacert.pem',
+'starttls'           : 'off',
+'checkcert'          : 'off',
+'user_filter_tmpl'   : '(uid=%(username)s)',
+'group_filter_tmpl'  : '(member=%(userdn)s)',
+'search_filter_tmpl' : '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))',
+'objectclasses'      : 'top, person, organizationalPerson, simpleSecurityObject, posixAccount',
+'dn_user_attr'       : 'uid',
 }
 
+def syslog_error(msg='', context='',
+        severity=logging.INFO, traceback=False):
+    pass
+
 cherrypy.log.error = syslog_error
 attr = ['shéll', 'shell', 'cn', 'uid', 'uidNumber', 'gidNumber', 'home', 'userPassword', 'givenName', 'email', 'sn']
 
@@ -59,7 +66,7 @@ class TestError(object):
         ldapc = inv._connect()
         try:
             ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
-        except SERVER_DOWN as e:
+        except ldap.SERVER_DOWN as e:
             return 
         else:
             raise AssertionError("expected an exception")
@@ -73,7 +80,7 @@ class TestError(object):
         ldapc = inv._connect()
         try:
             ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
-        except SERVER_DOWN as e:
+        except ldap.SERVER_DOWN as e:
             assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate'
 
 #    def testConnectSSLNoCheck(self):
@@ -111,5 +118,70 @@ class TestError(object):
     def testGetUser(self):
         inv = Backend(cfg, cherrypy.log, 'ldap', attr)
         ret = inv.get_user('jwatson')
-        expected = ('cn=John Watson,ou=People,dc=example,dc=org', {'uid': ['jwatson'], 'cn': ['John Watson'], 'sn': ['watson']})
+        expected = {'uid': 'jwatson', 'cn': 'John Watson', 'sn': 'watson'}
         assert ret == expected
+
+    def testGetUser(self):
+        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
+        ret = inv.get_groups('jwatson')
+        expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']
+        assert ret == expected
+
+    def testSearchUser(self):
+        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
+        ret = inv.search('smith')
+        expected = [('cn=Sheri Smith,ou=People,dc=example,dc=org', {'uid': ['ssmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HERCAR 125'], 'sn': ['smith'], 'mail': ['s.smith@example.com', 'ssmith@example.com', 'sheri.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['Sheri Smith']}), ('cn=John Smith,ou=People,dc=example,dc=org', {'uid': ['jsmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HISCAR 125'], 'sn': ['Smith'], 'mail': ['j.smith@example.com', 'jsmith@example.com', 'jsmith.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['John Smith']})]
+        assert ret == expected
+
+    def testAddUser(self):
+        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
+        user = {
+        'uid': 'test',
+        'sn':  'test',
+        'cn':  'test',
+        'userPassword': 'test',
+        'uidNumber': '42',
+        'gidNumber': '42',
+        'homeDirectory': '/home/test/'
+        }
+        inv.add_user(user)
+        inv.del_user('test')
+
+    def testAddUserDuplicate(self):
+        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
+        user = {
+        'uid': 'test',
+        'sn':  'test',
+        'cn':  'test',
+        'uidNumber': '42',
+        'userPassword': 'test',
+        'gidNumber': '42',
+        'homeDirectory': '/home/test/'
+        }
+        try:
+            inv.add_user(user)
+            inv.add_user(user)
+        except ldap.ALREADY_EXISTS:
+            inv.del_user('test')
+            return
+        else:
+            inv.del_user('test')
+            raise AssertionError("expected an exception")
+
+    def testAddUserMissingMustAttribute(self):
+        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
+        user = {
+        'uid': 'test',
+        'sn':  'test',
+        'cn':  'test',
+        'userPassword': 'test',
+        'gidNumber': '42',
+        'homeDirectory': '/home/test/'
+        }
+        try:
+            inv.add_user(user)
+        except ldap.OBJECT_CLASS_VIOLATION:
+            return
+        else:
+            inv.del_user('test')
+            raise AssertionError("expected an exception")

tests/test_env/deploy.sh

@@ -32,7 +32,7 @@ sudo sed -i "s%tools.staticdir.dir.*%tools.staticdir.dir = '`pwd`/resources/stat
 chown -R openldap:openldap /etc/ldap/
 rm /etc/ldap/slapd.d/cn\=config/*mdb*
 /etc/init.d/slapd restart
-ldapadd -H ldap://localhost:390  -x -D "cn=admin,dc=example,dc=org" -f /etc/ldap/content.ldif -w password
+ldapadd -c -H ldap://localhost:390  -x -D "cn=admin,dc=example,dc=org" -f /etc/ldap/content.ldif -w password
 sed -i "s/\(127.0.0.1.*\)/\1 ldap.ldapcherry.org ad.ldapcherry.org/" /etc/hosts
 
 df -h

tests/test_env/etc/ldap/content.ldif

@@ -32,6 +32,18 @@ mail: s.smith@example.com
 mail: ssmith@example.com
 mail: sheri.smith@example.com
 
+dn: cn=John Smith,ou=people,dc=example,dc=org
+objectclass: inetOrgPerson
+cn: John Smith
+sn: Smith
+uid: jsmith
+userpassword: passwordsmith
+carlicense: HISCAR 125
+homephone: 555-111-2225
+mail: j.smith@example.com
+mail: jsmith@example.com
+mail: jsmith.smith@example.com
+
 dn: cn=John Watson,ou=people,dc=example,dc=org
 objectclass: inetOrgPerson
 cn: John Watson

tests/test_env/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif

@@ -7,7 +7,7 @@ olcSuffix: dc=example,dc=org
 olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
  s auth by dn="cn=admin,dc=example,dc=org" write by * none
 olcAccess: {1}to dn.base="" by * read
-olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=org" write by * read
+olcAccess: {2}to * by self write by dn="cn=dnscherry,dc=example,dc=org" write by * read
 olcLastMod: TRUE
 olcRootDN: cn=admin,dc=example,dc=org
 olcRootPW: {SSHA}Fp+rSxe5eFsj0DGITJts4DwdSDFDZG9P