nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-04-30 16:00:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
davical/testing/tests/ldap/0006-test-DN-in-Groups.test

148 lines
4.0 KiB
Plaintext
Raw Blame History

# Copyright (c) 2021-2024 Andrew Ruthven <andrew@etc.gen.nz>
# Portions Copyright (c) Best Practical Solutions, LLC
# <sales@bestpractical.com>, licensed under the GPL v2.
#
# Test where the groupOfNames style of groups are used. In this case the
# DN of each member is stored, typically in a "member" attribute.
#
# See:
# - https://ldapwiki.com/wiki/Wiki.jsp?page=GroupOfNames
# - https://ldapwiki.com/wiki/Wiki.jsp?page=Member
#
BEGINPERL
if ($debug) { $ENV{'LDAP_DEBUG'} = 1 };
use Net::LDAP::Server::Test;
use Net::LDAP;
use IO::Socket::INET;
my $ldap_port = 21394;
my $ldap_socket = IO::Socket::INET->new(
Listen => 5,
Proto => 'tcp',
Reuse => 1,
LocalPort => $ldap_port,
);
# Keep it around after this block exits.
$evaled{'ldap_server'}
= Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 );
my $ldap = Net::LDAP->new("localhost:$ldap_port")
|| die "Failed to instantiate Net::LDAP: $!";
$ldap->bind();
my $base = "dc=example,dc=com";
my $users = "ou=users,$base";
my $groups = "ou=groups,$base";
$ldap->add( $base );
my %users;
# gON = groupOfNames test
for my $username (qw/gON_ldap1 gON_ldap2/) {
my $dn = "uid=$username,$users";
(my $cn = $username) =~ s/_ldap(\d+)/ LDAP $1/;
$users{$username} = $dn;
my $entry = {
cn => $cn,
mail => "$username\@example.com",
uid => $username,
objectClass => 'person',
userPassword => $username,
modifyTimestamp => 20240203001020,
};
$ldap->add( $dn, attr => [%$entry] );
}
# Users where the DN does not have uid as an RDN.
for my $username (qw/gON_ldap3 gON_ldap4/) {
(my $cn = $username) =~ s/_ldap(\d+)/ LDAP $1/;
my $dn = "cn=$cn,$users";
$users{$username} = $dn;
my $entry = {
cn => $cn,
mail => "$username\@example.com",
uid => $username,
objectClass => 'person',
userPassword => $username,
modifyTimestamp => 20240203001020,
};
$ldap->add( $dn, attr => [%$entry] );
}
make_group($ldap, 'gON_ldap_group1', $users{gON_ldap1});
make_group($ldap, 'gON_ldap_group2', $users{gON_ldap1}, $users{gON_ldap2},
$users{gON_ldap4});
make_group($ldap, 'gON_ldap_group3', $users{gON_ldap1}, $users{gON_ldap3});
make_group($ldap, 'gON_ldap_group4');
# We need to keep the client around, otherwise the test server will exit.
$evaled{'ldap_client'} = $ldap;
#sleep 60;
sub make_group {
my $ldap = shift;
my $name = shift;
my @users = @_;
my $dn = "cn=$name,$groups";
my $entry = {
cn => $name,
objectClass => 'groupOfNames',
(@users
? (member => [ @users ])
: ()
),
modifyTimestamp => 20240203001020,
};
$ldap->add( $dn, attr => [%$entry] );
}
ENDPERL
SCRIPT=../scripts/cron-sync-ldap.php regression_ldap.host
# Testing logging in as one of the users - should work.
TYPE=PROPFIND
URL=http://regression_ldap.host/caldav.php/
HEADER=Content-Type: text/xml
HEADER=Depth: 1
AUTH=gON_ldap1:gON_ldap1
HEAD
BEGINDATA
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:prop>
<D:resourcetype/>
</D:prop>
</D:propfind>
ENDDATA
# Check that a usr record has been created for all users and groups
QUERY
SELECT active, email, fullname, last_used, password, username
FROM usr
WHERE username LIKE 'gON_ldap%'
ORDER BY username;
ENDQUERY
# Check group membership matches above.
QUERY
SELECT grp_u.username AS group_name, usr_u.username AS user_name
FROM principal AS grp_p
left join group_member ON (grp_p.principal_id = group_member.group_id)
left join principal AS usr_p ON (group_member.member_id = usr_p.principal_id)
left join usr AS usr_u ON (usr_p.user_no = usr_u.user_no)
left join usr AS grp_u ON (grp_p.user_no = grp_u.user_no)
WHERE grp_u.username LIKE 'gON_ldap_group%'
ORDER BY group_name, user_name;
ENDQUERY
Reference in New Issue View Git Blame Copy Permalink