def get_ldap_connection(pwdfile=False, start_tls=2, decode_ignorelist=None, admin_uldap=False):
if decode_ignorelist is None:
decode_ignorelist = []
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
port = int(ucr.get('ldap/server/port', 7389))
binddn = ucr.get('tests/domainadmin/account', 'uid=Administrator,cn=users,%s' % ucr['ldap/base'])
bindpw = None
ldapServers = []
if ucr['ldap/server/name']:
ldapServers.append(ucr['ldap/server/name'])
if ucr['ldap/servers/addition']:
ldapServers.extend(ucr['ldap/server/addition'].split())
if pwdfile:
with open(ucr['tests/domainadmin/pwdfile']) as f:
bindpw = f.read().strip('\n')
else:
bindpw = ucr['tests/domainadmin/pwd']
for ldapServer in ldapServers:
try:
lo = uldap.access(host=ldapServer, port=port, base=ucr['ldap/base'], binddn=binddn, bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, follow_referral=True)
if admin_uldap:
lo = access(lo=lo)
return lo
except ldap.SERVER_DOWN():
pass
raise ldap.SERVER_DOWN()
def test_authenticate_with_server_down(self):
"""Testing ActiveDirectoryBackend.authenticate with Server Down error
"""
self.spy_on(TestLDAPObject.simple_bind_s,
owner=TestLDAPObject,
op=kgb.SpyOpRaise(ldap.SERVER_DOWN()))
self.spy_on(TestLDAPObject.search_s,
owner=TestLDAPObject,
op=kgb.SpyOpReturn([
('CN=Test User,OU=MyOrg,DC=example,DC=com', {
'givenName': [b'Test'],
'sn': [b'User'],
'mail': [b'*****@*****.**'],
}),
]))
user = self.backend.authenticate(request=None,
username='******',
password='******')
self.assertIsNone(user)
self.assertSpyCalledWith(TestLDAPObject.simple_bind_s,
'*****@*****.**', 'test-pass')
self.assertSpyNotCalled(TestLDAPObject.search_s)
def get_ldap_connection(admin_uldap=False, primary=False):
# type: (Optional[bool], Optional[bool]) -> access
ucr = UCR
ucr.load()
if primary:
port = int(ucr.get('ldap/master/port', 7389))
ldap_servers = [ucr['ldap/master']]
else:
port = int(ucr.get('ldap/server/port', 7389))
ldap_servers = []
if ucr['ldap/server/name']:
ldap_servers.append(ucr['ldap/server/name'])
if ucr['ldap/servers/addition']:
ldap_servers.extend(ucr['ldap/server/addition'].split())
creds = UCSTestDomainAdminCredentials()
for ldap_server in ldap_servers:
try:
lo = uldap.access(host=ldap_server,
port=port,
base=ucr['ldap/base'],
binddn=creds.binddn,
bindpw=creds.bindpw,
start_tls=2,
decode_ignorelist=[],
follow_referral=True)
if admin_uldap:
lo = access(lo=lo)
return lo
except ldap.SERVER_DOWN:
pass
raise ldap.SERVER_DOWN()
def test_search_on_server_down_error(self):
self.ldap_obj.search_ext_s.side_effect = ldap.SERVER_DOWN('moo')
self.ldap_client.set_up()
result = self.ldap_client.search('foo')
self.assertEqual(result, [])
self.assertEqual(2, self.ldap_obj_factory.call_count)
self.assertEqual(2, self.ldap_obj.search_ext_s.call_count)
def test_no_ldap_connection_responds_with_504():
mock_ldap, mock_initialize = _mock_bad_ldap_bind(
exception=ldap.SERVER_DOWN({'desc': "Can't contact LDAP server"}))
response, content = _send_good_login()
mock_ldap.initialize.assert_called_once()
mock_initialize.simple_bind_s.assert_called_once_with(
'cn=pads,dc=localhost', 'letmein')
assert response['status'] == '504'
def connect(self):
if settings.LDAP_PROTO == 'ldaps':
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
self.con = ldap.initialize(settings.LDAP_PROTO + '://' +
settings.LDAP_HOST + ':' +
settings.LDAP_PORT)
try:
self.con.simple_bind_s(settings.LDAP_BIND_DN,
settings.LDAP_BIND_DN_CREDENTIAL)
except ldap.SERVER_DOWN:
raise ldap.SERVER_DOWN(
'The LDAP library can’t contact the LDAP server. Contact the admin.'
)
def test_no_ldap_connection_preserves_redirect_in_form():
mock_ldap, mock_initialize = _mock_bad_ldap_bind(
exception=ldap.SERVER_DOWN({'desc': "Can't contact LDAP server"}))
response, content = _send_good_login(redirect='/baz')
mock_ldap.initialize.assert_called_once()
mock_initialize.simple_bind_s.assert_called_once_with(
'cn=pads,dc=localhost', 'letmein')
_assert_form(
content,
'Unable to reach authorization provider, please contact your administrator',
redirect='/baz')
def test_when_tiddlyspace_mode_configured_no_ldap_connection_returns_form_with_csrf_token(
):
mock_ldap, mock_initialize = _mock_bad_ldap_bind(
exception=ldap.SERVER_DOWN({'desc': "Can't contact LDAP server"}))
response, content = _send_good_login()
mock_ldap.initialize.assert_called_once()
mock_initialize.simple_bind_s.assert_called_once_with(
'cn=pads,dc=localhost', 'letmein')
_assert_csrf_form(
content,
'Unable to reach authorization provider, please contact your administrator'
)
def _authenticate_ldap(self, *a, **k):
raise ldap.SERVER_DOWN("Unable to connect")
def _bind_fails2(self, who='', cred='', **kw):
raise ldap.SERVER_DOWN('LDAP connection invalid')
def _bind_fails2(self, who='', cred='', **kw):
global _CALL_COUNTER
_CALL_COUNTER += 1
raise ldap.SERVER_DOWN('I am down')
