# Copyright (c) 2021-2024 Andrew Ruthven # Portions Copyright (c) Best Practical Solutions, LLC # , licensed under the GPL v2. # # Test where the posixGroup with MemberUid as a plain UID is used. # # See: # - https://ldapwiki.com/wiki/Wiki.jsp?page=PosixGroup # - https://ldapwiki.com/wiki/Wiki.jsp?page=MemberUid # BEGINPERL if ($debug) { $ENV{'LDAP_DEBUG'} = 1 }; use Net::LDAP::Server::Test; use Net::LDAP; use IO::Socket::INET; my $ldap_port = 21394; my $ldap_socket = IO::Socket::INET->new( Listen => 5, Proto => 'tcp', Reuse => 1, LocalPort => $ldap_port, ); # Keep it around after this block exits. $evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 ); my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!"; $ldap->bind(); my $base = "dc=example,dc=com"; my $users = "ou=users,$base"; my $groups = "ou=groups,$base"; $ldap->add( $base ); # pg = posixGroup for my $username (qw/pg_ldap1 pg_ldap2 pg_ldap_ignore1/) { my $dn = "uid=$username,$users"; (my $cn = $username) =~ s/_ldap(\d+)/ LDAP $1/; my $entry = { cn => $cn, mail => "$username\@example.com", uid => $username, objectClass => 'person', userPassword => $username, modifyTimestamp => 20240203001020, }; $ldap->add( $dn, attr => [%$entry] ); } make_group($ldap, 'pg_ldap_group1', 'pg_ldap1'); make_group($ldap, 'pg_ldap_group2', 'pg_ldap2'); make_group($ldap, 'pg_ldap_group3'); make_group($ldap, 'pg_ldap_group4', 'pg_ldap_ignore1'); make_group($ldap, 'pg_ldap_group_ignore', 'pg_ldap1'); # We need to keep the client around, otherwise the test server will exit. $evaled{'ldap_client'} = $ldap; sleep 60; sub make_group { my $ldap = shift; my $name = shift; my @users = @_; my $dn = "cn=$name,$groups"; (my $desc = $name) =~ s/_ldap_group(\d+)/ LDAP Group $1/; my $entry = { cn => $name, objectClass => 'posixGroup', description => $desc, (@users ? (memberUid => [ @users ]) : () ), modifyTimestamp => 20240203001020, }; $ldap->add( $dn, attr => [%$entry] ); } ENDPERL SCRIPT=../scripts/cron-sync-ldap.php regression_ldap.host # Testing logging in as one of the users - should work. TYPE=PROPFIND URL=http://regression_ldap.host/caldav.php/ HEADER=Content-Type: text/xml HEADER=Depth: 1 AUTH=pg_ldap1:pg_ldap1 HEAD BEGINDATA ENDDATA # Check that a usr record has been created for all users and groups QUERY SELECT active, email, fullname, last_used, password, username FROM usr WHERE username LIKE 'pg_ldap%' ORDER BY username; ENDQUERY # Make sure that group membership matches above. QUERY SELECT grp_u.username AS group_name, usr_u.username AS user_name FROM principal AS grp_p left join group_member ON (grp_p.principal_id = group_member.group_id) left join principal AS usr_p ON (group_member.member_id = usr_p.principal_id) left join usr AS usr_u ON (usr_p.user_no = usr_u.user_no) left join usr AS grp_u ON (grp_p.user_no = grp_u.user_no) WHERE grp_u.username LIKE 'pg_ldap_group%' ORDER BY group_name, user_name; ENDQUERY