mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-05 22:03:01 -06:00
2673782aec
We have a larger goal of replacing all DN creation via string formatting/concatenation with DN object operations because string operations are not a safe way to form a DN nor to compare a DN. This work needs to be broken into smaller chunks for easier review and testing. Addressing the unit tests first makes sense because we don't want to be modifying both the core code and the tests used to verify the core code simultaneously. If we modify the unittests first with existing core code and no regressions are found then we can move on to modifying parts of the core code with the belief the unittests can validate the changes in the core code. Also by doing the unittests first we also help to validate the DN objects are working correctly (although they do have an extensive unittest). The fundamental changes are: * replace string substitution & concatenation with DN object constructor * when comparing dn's the comparision is done after promotion to a DN object, then two DN objects are compared * when a list of string dn's are to be compared a new list is formed where each string dn is replaced by a DN object * because the unittest framework accepts a complex data structure of expected values where dn's are represeted as strings the unittest needs to express the expected value of a dn as a callable object (e.g. a lambda expression) which promotes the dn string to a DN object in order to do the comparision.
123 lines
4.6 KiB
Python
123 lines
4.6 KiB
Python
# Authors:
|
|
# Rob Crittenden <rcritten@redhat.com>
|
|
#
|
|
# Copyright (C) 2010 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# Test some simple LDAP requests using the ldap2 backend
|
|
|
|
# This fetches a certificate from a host principal so we can ensure that the
|
|
# schema is working properly. We know this because the schema will tell the
|
|
# encoder not to utf-8 encode binary attributes.
|
|
|
|
# The DM password needs to be set in ~/.ipa/.dmpw
|
|
|
|
import nose
|
|
import os
|
|
from ipaserver.plugins.ldap2 import ldap2
|
|
from ipalib.plugins.service import service, service_show
|
|
from ipalib.plugins.host import host
|
|
import nss.nss as nss
|
|
from ipalib import api, x509, create_api
|
|
from ipapython import ipautil
|
|
from ipalib.dn import *
|
|
|
|
class test_ldap(object):
|
|
"""
|
|
Test various LDAP client bind methods.
|
|
"""
|
|
|
|
def setUp(self):
|
|
self.conn = None
|
|
self.ldapuri = 'ldap://%s' % api.env.host
|
|
self.ccache = '/tmp/krb5cc_%d' % os.getuid()
|
|
nss.nss_init_nodb()
|
|
self.dn = str(DN(('krbprincipalname','ldap/%s@%s' % (api.env.host, api.env.realm)),
|
|
('cn','services'),('cn','accounts'),api.env.basedn))
|
|
|
|
def tearDown(self):
|
|
if self.conn:
|
|
self.conn.disconnect()
|
|
|
|
def test_anonymous(self):
|
|
"""
|
|
Test an anonymous LDAP bind using ldap2
|
|
"""
|
|
self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
|
|
self.conn.connect()
|
|
(dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
|
|
cert = entry_attrs.get('usercertificate')
|
|
cert = cert[0]
|
|
serial = unicode(x509.get_serial_number(cert, x509.DER))
|
|
assert serial is not None
|
|
|
|
def test_GSSAPI(self):
|
|
"""
|
|
Test a GSSAPI LDAP bind using ldap2
|
|
"""
|
|
if not ipautil.file_exists(self.ccache):
|
|
raise nose.SkipTest('Missing ccache %s' % self.ccache)
|
|
self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
|
|
self.conn.connect(ccache='FILE:%s' % self.ccache)
|
|
(dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
|
|
cert = entry_attrs.get('usercertificate')
|
|
cert = cert[0]
|
|
serial = unicode(x509.get_serial_number(cert, x509.DER))
|
|
assert serial is not None
|
|
|
|
def test_simple(self):
|
|
"""
|
|
Test a simple LDAP bind using ldap2
|
|
"""
|
|
pwfile = api.env.dot_ipa + os.sep + ".dmpw"
|
|
if ipautil.file_exists(pwfile):
|
|
fp = open(pwfile, "r")
|
|
dm_password = fp.read().rstrip()
|
|
fp.close()
|
|
else:
|
|
raise nose.SkipTest("No directory manager password in %s" % pwfile)
|
|
self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
|
|
self.conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
|
|
(dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
|
|
cert = entry_attrs.get('usercertificate')
|
|
cert = cert[0]
|
|
serial = unicode(x509.get_serial_number(cert, x509.DER))
|
|
assert serial is not None
|
|
|
|
def test_Backend(self):
|
|
"""
|
|
Test using the ldap2 Backend directly (ala ipa-server-install)
|
|
"""
|
|
|
|
# Create our own api because the one generated for the tests is
|
|
# a client-only api. Then we register in the commands and objects
|
|
# we need for the test.
|
|
myapi = create_api(mode=None)
|
|
myapi.bootstrap(context='cli', in_server=True, in_tree=True)
|
|
myapi.register(ldap2)
|
|
myapi.register(host)
|
|
myapi.register(service)
|
|
myapi.register(service_show)
|
|
myapi.finalize()
|
|
myapi.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw='password')
|
|
|
|
result = myapi.Command['service_show']('ldap/%s@%s' % (api.env.host, api.env.realm,))
|
|
entry_attrs = result['result']
|
|
cert = entry_attrs.get('usercertificate')
|
|
cert = cert[0]
|
|
serial = unicode(x509.get_serial_number(cert, x509.DER))
|
|
assert serial is not None
|