Beispiel #1
0
    def test_login_empty_userdn(self):
        with mock_ldap():
            base_dn = ['ou=employees', 'dc=quay', 'dc=io']
            admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
            admin_passwd = 'password'
            user_rdn = []
            uid_attr = 'uid'
            email_attr = 'mail'
            secondary_user_rdns = ['ou=otheremployees']

            ldap = LDAPUsers('ldap://localhost',
                             base_dn,
                             admin_dn,
                             admin_passwd,
                             user_rdn,
                             uid_attr,
                             email_attr,
                             secondary_user_rdns=secondary_user_rdns)

            # Verify we can login.
            (response, _) = ldap.verify_and_link_user('someuser', 'somepass')
            self.assertEquals(response.username, 'someuser')

            # Verify we can confirm the user.
            (response, _) = ldap.confirm_existing_user('someuser', 'somepass')
            self.assertEquals(response.username, 'someuser')
Beispiel #2
0
    def test_login_empty_userdn(self):
        with mock_ldap():
            base_dn = ["ou=employees", "dc=quay", "dc=io"]
            admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
            admin_passwd = "password"
            user_rdn = []
            uid_attr = "uid"
            email_attr = "mail"
            secondary_user_rdns = ["ou=otheremployees"]

            ldap = LDAPUsers(
                "ldap://localhost",
                base_dn,
                admin_dn,
                admin_passwd,
                user_rdn,
                uid_attr,
                email_attr,
                secondary_user_rdns=secondary_user_rdns,
            )

            # Verify we can login.
            (response, _) = ldap.verify_and_link_user("someuser", "somepass")
            self.assertEquals(response.username, "someuser")

            # Verify we can confirm the user.
            (response, _) = ldap.confirm_existing_user("someuser", "somepass")
            self.assertEquals(response.username, "someuser")
Beispiel #3
0
    def test_at_least_one_user_exists_no_users(self):
        base_dn = ["dc=quay", "dc=io"]
        admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
        admin_passwd = "password"
        user_rdn = ["ou=nonexistent"]
        uid_attr = "uid"
        email_attr = "mail"

        with mock_ldap():
            ldap = LDAPUsers("ldap://localhost", base_dn, admin_dn,
                             admin_passwd, user_rdn, uid_attr, email_attr)

            # Try to find users in a nonexistent group.
            (response, err_msg) = ldap.at_least_one_user_exists()
            self.assertFalse(response)
            assert err_msg is not None
Beispiel #4
0
    def test_at_least_one_user_exists_invalid_creds(self):
        base_dn = ["dc=quay", "dc=io"]
        admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
        admin_passwd = "INVALIDPASSWORD"
        user_rdn = ["ou=employees"]
        uid_attr = "uid"
        email_attr = "mail"

        with mock_ldap():
            ldap = LDAPUsers("ldap://localhost", base_dn, admin_dn,
                             admin_passwd, user_rdn, uid_attr, email_attr)

            # Try to query with invalid credentials.
            (response, err_msg) = ldap.at_least_one_user_exists()
            self.assertFalse(response)
            self.assertEqual("LDAP Admin dn or password is invalid", err_msg)
Beispiel #5
0
    def test_at_least_one_user_exists_no_users(self):
        base_dn = ['dc=quay', 'dc=io']
        admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
        admin_passwd = 'password'
        user_rdn = ['ou=nonexistent']
        uid_attr = 'uid'
        email_attr = 'mail'

        with mock_ldap():
            ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn,
                             admin_passwd, user_rdn, uid_attr, email_attr)

            # Try to find users in a nonexistent group.
            (response, err_msg) = ldap.at_least_one_user_exists()
            self.assertFalse(response)
            assert err_msg is not None
Beispiel #6
0
    def test_at_least_one_user_exists_invalid_creds(self):
        base_dn = ['dc=quay', 'dc=io']
        admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
        admin_passwd = 'INVALIDPASSWORD'
        user_rdn = ['ou=employees']
        uid_attr = 'uid'
        email_attr = 'mail'

        with mock_ldap():
            ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn,
                             admin_passwd, user_rdn, uid_attr, email_attr)

            # Try to query with invalid credentials.
            (response, err_msg) = ldap.at_least_one_user_exists()
            self.assertFalse(response)
            self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
Beispiel #7
0
    def test_invalid_admin_password(self):
        base_dn = ["dc=quay", "dc=io"]
        admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
        admin_passwd = "INVALIDPASSWORD"
        user_rdn = ["ou=employees"]
        uid_attr = "uid"
        email_attr = "mail"

        with mock_ldap():
            ldap = LDAPUsers(
                "ldap://localhost", base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr
            )

            # Try to login.
            (response, err_msg) = ldap.verify_and_link_user("someuser", "somepass")
            self.assertIsNone(response)
            self.assertEquals("LDAP Admin dn or password is invalid", err_msg)
Beispiel #8
0
    def test_invalid_admin_password(self):
        base_dn = ['dc=quay', 'dc=io']
        admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
        admin_passwd = 'INVALIDPASSWORD'
        user_rdn = ['ou=employees']
        uid_attr = 'uid'
        email_attr = 'mail'

        with mock_ldap():
            ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn,
                             admin_passwd, user_rdn, uid_attr, email_attr)

            # Try to login.
            (response,
             err_msg) = ldap.verify_and_link_user('someuser', 'somepass')
            self.assertIsNone(response)
            self.assertEquals('LDAP Admin dn or password is invalid', err_msg)
Beispiel #9
0
def _create_ldap(requires_email=True):
    base_dn = ['dc=quay', 'dc=io']
    admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
    admin_passwd = 'password'
    user_rdn = ['ou=employees']
    uid_attr = 'uid'
    email_attr = 'mail'
    secondary_user_rdns = ['ou=otheremployees']

    ldap = LDAPUsers('ldap://localhost',
                     base_dn,
                     admin_dn,
                     admin_passwd,
                     user_rdn,
                     uid_attr,
                     email_attr,
                     secondary_user_rdns=secondary_user_rdns,
                     requires_email=requires_email)
    return ldap
Beispiel #10
0
def _create_ldap(requires_email=True):
    base_dn = ["dc=quay", "dc=io"]
    admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
    admin_passwd = "password"
    user_rdn = ["ou=employees"]
    uid_attr = "uid"
    email_attr = "mail"
    secondary_user_rdns = ["ou=otheremployees"]

    ldap = LDAPUsers(
        "ldap://localhost",
        base_dn,
        admin_dn,
        admin_passwd,
        user_rdn,
        uid_attr,
        email_attr,
        secondary_user_rdns=secondary_user_rdns,
        requires_email=requires_email,
    )
    return ldap
Beispiel #11
0
    def test_timeout(self):
        base_dn = ['dc=quay', 'dc=io']
        admin_dn = 'uid=testy,ou=employees,dc=quay,dc=io'
        admin_passwd = 'password'
        user_rdn = ['ou=employees']
        uid_attr = 'uid'
        email_attr = 'mail'
        secondary_user_rdns = ['ou=otheremployees']

        with self.assertRaisesRegexp(Exception, "Can't contact LDAP server"):
            ldap = LDAPUsers('ldap://localhost',
                             base_dn,
                             admin_dn,
                             admin_passwd,
                             user_rdn,
                             uid_attr,
                             email_attr,
                             secondary_user_rdns=secondary_user_rdns,
                             requires_email=False,
                             timeout=5)
            ldap.query_users('cool')
Beispiel #12
0
    def test_at_least_one_user_exists_filtered_away(self):
        base_dn = ["dc=quay", "dc=io"]
        admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
        admin_passwd = "password"
        user_rdn = ["ou=employees"]
        uid_attr = "uid"
        email_attr = "mail"
        secondary_user_rdns = ["ou=otheremployees"]

        with mock_ldap():
            ldap = LDAPUsers(
                "ldap://localhost",
                base_dn,
                admin_dn,
                admin_passwd,
                user_rdn,
                uid_attr,
                email_attr,
                ldap_user_filter="(filterField=someothervalue)",
            )
            (response, err_msg) = ldap.at_least_one_user_exists()
            self.assertIsNone(err_msg)
            self.assertFalse(response)
Beispiel #13
0
    def test_timeout(self):
        base_dn = ["dc=quay", "dc=io"]
        admin_dn = "uid=testy,ou=employees,dc=quay,dc=io"
        admin_passwd = "password"
        user_rdn = ["ou=employees"]
        uid_attr = "uid"
        email_attr = "mail"
        secondary_user_rdns = ["ou=otheremployees"]

        with self.assertRaisesRegexp(Exception, "Can't contact LDAP server"):
            ldap = LDAPUsers(
                "ldap://localhost",
                base_dn,
                admin_dn,
                admin_passwd,
                user_rdn,
                uid_attr,
                email_attr,
                secondary_user_rdns=secondary_user_rdns,
                requires_email=False,
                timeout=5,
            )
            ldap.query_users("cool")