def testConnectSSL(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://ldap.dnscherry.org:637'
cfg2['checkcert'] = 'on'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldap = inv._connect()
ldap.simple_bind_s(inv.binddn, inv.bindpassword)
def testConnectSSL(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://ldap.dnscherry.org:637'
cfg2['checkcert'] = 'on'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldap = inv._connect()
ldap.simple_bind_s(inv.binddn, inv.bindpassword)
def testConnectStartTLS(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldap://ldap.ldapcherry.org:390'
cfg2['checkcert'] = 'off'
cfg2['starttls'] = 'on'
cfg2['ca'] = './test/cfg/ca.crt'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldapc = inv._connect()
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
def testDelUserDontExists(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
try:
inv.del_user(u'test☭')
inv.del_user(u'test☭')
except UserDoesntExist:
return
else:
raise AssertionError("expected an exception")
def testDelUserDontExists(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
try:
inv.del_user(u'test☭')
inv.del_user(u'test☭')
except UserDoesntExist:
return
else:
raise AssertionError("expected an exception")
def testConnectStartTLS(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldap://ldap.ldapcherry.org:390'
cfg2['checkcert'] = 'off'
cfg2['starttls'] = 'on'
cfg2['ca'] = './test/cfg/ca.crt'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldapc = inv._connect()
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
def testMissingCA(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://ldap.dnscherry.org:637'
cfg2['checkcert'] = 'on'
cfg2['ca'] = './test/cfg/not_a_ca.crt'
try:
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldapc = inv._connect()
except CaFileDontExist as e:
return
else:
raise AssertionError("expected an exception")
def testConnectSSLWrongCA(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
cfg2['checkcert'] = 'on'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldapc = inv._connect()
try:
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
except ldap.SERVER_DOWN as e:
assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate'
else:
raise AssertionError("expected an exception")
def testLdapUnavaible(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://notaldap:637'
cfg2['checkcert'] = 'on'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
try:
ldapc = inv._connect()
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
except ldap.SERVER_DOWN as e:
return
else:
raise AssertionError("expected an exception")
def testMissingCA(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://ldap.dnscherry.org:637'
cfg2['checkcert'] = 'on'
cfg2['ca'] = './test/cfg/not_a_ca.crt'
try:
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldapc = inv._connect()
except CaFileDontExist as e:
return
else:
raise AssertionError("expected an exception")
def testLdapUnavaible(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://notaldap:637'
cfg2['checkcert'] = 'on'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
try:
ldapc = inv._connect()
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
except ldap.SERVER_DOWN as e:
return
else:
raise AssertionError("expected an exception")
def testConnectSSLWrongCA(self):
cfg2 = cfg.copy()
cfg2['uri'] = 'ldaps://ldap.ldapcherry.org:637'
cfg2['checkcert'] = 'on'
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
ldapc = inv._connect()
try:
ldapc.simple_bind_s(inv.binddn, inv.bindpassword)
except ldap.SERVER_DOWN as e:
assert e[0]['info'] == 'TLS: hostname does not match CN in peer certificate'
else:
raise AssertionError("expected an exception")
def testGetUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_user(u'jwatsoné')
expected = {
'uid': u'jwatsoné',
'objectClass': 'inetOrgPerson',
'carLicense': 'HERCAR 125',
'sn': 'watson',
'mail': '*****@*****.**',
'homePhone': '555-111-2225',
'cn': 'John Watson',
'userPassword': u'passwordwatsoné'
}
assert ret == expected
def testAddUserMissingMustattribute(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭',
'sn': u'test☭',
'cn': u'test☭',
'userPassword': u'test☭',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
try:
inv.add_user(user)
except ldap.OBJECT_CLASS_VIOLATION:
return
else:
inv.del_user(u'test☭')
raise AssertionError("expected an exception")
def testAddUser(self):
try:
inv.del_user(u'test☭,cn=')
except:
pass
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭,cn=',
'sn': u'test☭',
'cn': u'test☭',
'userPassword': u'test☭',
'uidNumber': '42',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
inv.add_user(user)
inv.del_user(u'test☭,cn=')
def testMissingParam(self):
cfg2 = {}
return True
try:
inv = Backend(cfg2, cherrypy.log, 'ldap', attr, 'uid')
except MissingKey:
return
else:
raise AssertionError("expected an exception")
def testSearchUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.search('smith')
expected = {
'ssmith': {
'sn': 'smith',
'uid': 'ssmith',
'cn': 'Sheri Smith',
'userPassword': '******'
},
'jsmith': {
'sn': 'Smith',
'uid': 'jsmith',
'cn': 'John Smith',
'userPassword': '******'
}
}
assert ret == expected
def testAddDeleteGroups(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
groups = [
'cn=hrpeople,ou=Groups,dc=example,dc=org',
'cn=itpeople,ou=Groups,dc=example,dc=org',
]
inv.add_to_groups(u'jwatsoné', groups)
ret = inv.get_groups(u'jwatsoné')
inv.del_from_groups(u'jwatsoné',
['cn=hrpeople,ou=Groups,dc=example,dc=org'])
inv.del_from_groups(u'jwatsoné',
['cn=hrpeople,ou=Groups,dc=example,dc=org'])
assert ret == [
'cn=itpeople,ou=Groups,dc=example,dc=org',
'cn=hrpeople,ou=Groups,dc=example,dc=org'
]
def testModifyUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭',
'sn': u'test☭',
'cn': u'test☭',
'userPassword': u'test☭',
'uidNumber': '42',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
inv.add_user(user)
inv.set_attrs(u'test☭', {'gecos': 'test2', 'homeDirectory': '/home/test/'})
inv.del_user(u'test☭')
def testModifyUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭',
'sn': u'test☭',
'cn': u'test☭',
'userPassword': u'test☭',
'uidNumber': '42',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
inv.add_user(user)
inv.set_attrs(u'test☭', {'gecos': 'test2', 'homeDirectory': '/home/test/'})
inv.del_user(u'test☭')
def testAddDeleteGroups(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
groups = [
'cn=hrpeople,ou=Groups,dc=example,dc=org',
'cn=itpeople,ou=Groups,dc=example,dc=org',
]
inv.add_to_groups(u'jwatsoné', groups)
ret = inv.get_groups(u'jwatsoné')
inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
inv.del_from_groups(u'jwatsoné', ['cn=hrpeople,ou=Groups,dc=example,dc=org'])
assert ret == ['cn=itpeople,ou=Groups,dc=example,dc=org', 'cn=hrpeople,ou=Groups,dc=example,dc=org']
def testAddUserDuplicate(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭',
'sn': u'test☭',
'cn': u'test☭',
'uidNumber': '42',
'userPassword': u'test☭',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
try:
inv.add_user(user)
inv.add_user(user)
except UserAlreadyExists:
inv.del_user(u'test☭')
return
else:
inv.del_user(u'test☭')
raise AssertionError("expected an exception")
def testAddUserDuplicate(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭',
'sn': u'test☭',
'cn': u'test☭',
'uidNumber': '42',
'userPassword': u'test☭',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
try:
inv.add_user(user)
inv.add_user(user)
except UserAlreadyExists:
inv.del_user(u'test☭')
return
else:
inv.del_user(u'test☭')
raise AssertionError("expected an exception")
def testAddUser(self):
try:
inv.del_user(u'test☭,cn=')
except:
pass
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭,cn=',
'sn': u'test☭',
'cn': u'test☭',
'userPassword': u'test☭',
'uidNumber': '42',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
inv.add_user(user)
inv.del_user(u'test☭,cn=')
def testAddUserMissingMustattribute(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
user = {
'uid': u'test☭',
'sn': u'test☭',
'cn': u'test☭',
'userPassword': u'test☭',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
try:
inv.add_user(user)
except ldap.OBJECT_CLASS_VIOLATION:
return
else:
inv.del_user(u'test☭')
raise AssertionError("expected an exception")
def testAuthFailure(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
res = inv.auth('notauser', 'password') or inv.auth(u'jwatsoné', 'notapasswordé')
assert res == False
def testGetUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_user(u'jwatsoné')
expected = {'uid': u'jwatsoné', 'cn': 'John Watson', 'sn': 'watson'}
assert ret == expected
def testConnect(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ldap = inv._connect()
ldap.simple_bind_s(inv.binddn, inv.bindpassword)
return True
def testNominal(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
return True
def testSearchUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.search('smith')
expected = {'ssmith': {'sn': 'smith', 'uid': 'ssmith', 'cn': 'Sheri Smith', 'userPassword': '******'}, 'jsmith': {'sn': 'Smith', 'uid': 'jsmith', 'cn': 'John Smith', 'userPassword': '******'}}
assert ret == expected
def testGetGroups(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_groups(u'jwatsoné')
expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']
assert ret == expected
def testAuthSuccess(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.auth(u'jwatsoné', u'passwordwatsoné')
assert ret == True
def testConnect(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ldap = inv._connect()
ldap.simple_bind_s(inv.binddn, inv.bindpassword)
return True
def testAuthSuccess(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.auth(u'jwatsoné', u'passwordwatsoné')
assert ret == True
def testGetGroups(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_groups(u'jwatsoné')
expected = ['cn=itpeople,ou=Groups,dc=example,dc=org']
assert ret == expected
def testGetUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_user(u'jwatsoné')
expected = {'uid': u'jwatsoné', 'cn': 'John Watson', 'sn': 'watson'}
assert ret == expected
def testGetUser(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
ret = inv.get_user(u'jwatsoné')
expected = {'uid': u'jwatsoné', 'objectClass': 'inetOrgPerson', 'carLicense': 'HERCAR 125', 'sn': 'watson', 'mail': '*****@*****.**', 'homePhone': '555-111-2225', 'cn': 'John Watson', 'userPassword': u'passwordwatsoné'}
assert ret == expected
def testAuthFailure(self):
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
res = inv.auth('notauser', 'password') or inv.auth(
u'jwatsoné', 'notapasswordé')
assert res == False
}
def syslog_error(msg='', context='', severity=logging.INFO, traceback=False):
pass
cherrypy.log.error = syslog_error
attr = [
'shéll', 'cn', 'uid', 'uidNumber', 'gidNumber', 'home', 'userPassword',
'givenName', 'email', 'sn'
]
cherrypy.log.error = syslog_error
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
print inv.get_user('jwatson')
print inv.get_groups('jwatson')
print inv.search('smit')
user = {
'uid': 'test',
'sn': 'test',
'cn': 'test',
'userPassword': '******',
'uidNumber': '42',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
inv.add_user(user)
print inv.get_user('test')
print inv.get_groups('test')
'dn_user_attr' : 'uid',
'group_attr.uniqMember' : "%(dn)s",
'group_attr.memberUid' : "%(uid)s",
}
def syslog_error(msg='', context='',
severity=logging.INFO, traceback=False):
pass
cherrypy.log.error = syslog_error
attr = ['shéll', 'cn', 'uid', 'uidNumber', 'gidNumber', 'home', 'userPassword', 'givenName', 'email', 'sn']
cherrypy.log.error = syslog_error
inv = Backend(cfg, cherrypy.log, 'ldap', attr, 'uid')
print inv.get_user('jwatson')
print inv.get_groups('jwatson')
print inv.search('smit')
user = {
'uid': 'test',
'sn': 'test',
'cn': 'test',
'userPassword': '******',
'uidNumber': '42',
'gidNumber': '42',
'homeDirectory': '/home/test/'
}
inv.add_user(user)
print inv.get_user('test')
print inv.get_groups('test')