def setUp(self):
if MockLdap is None:
raise SkipTest("No MockLdap available")
def matches(self, dn, attrs, upcall=MockLDAPFilterTest.matches):
if upcall(self, dn, attrs):
return True
else:
return mockldap_matches(self, dn, attrs)
self.patch(MockLDAPFilterTest, "_parse_expression", mockldap_parse)
self.patch(MockLDAPFilterTest, "matches", mockldap_matches)
self.xmlSeedService = xmlService(self.mktemp())
self.mockData = mockDirectoryDataFromXMLService(self.xmlSeedService)
if False:
from pprint import pprint
print("")
print("-" * 80)
pprint(self.mockData)
print("-" * 80)
self.mockLDAP = MockLdap(self.mockData)
self.mockLDAP.start()
def setUpClass(cls):
super(TestLDAPBackend, cls).setUpClass()
test = ('o=test', {'o': ['test'], 'objectClass': ['top']})
users = ('ou=users,o=test', {'ou': ['users'], 'objectClass': ['top']})
admin_list = ('cn=adminlist,o=test', {
'cn': ['adminlist'],
'admins': ['cn=admin,ou=users,o=test'],
'objectClass': ['top']
})
service = ('cn=service,ou=users,o=test', {
'cn': ['service'],
'userPassword': ['snerp'],
'objectClass': ['top']
})
u1 = ('cn=u1,ou=users,o=test', {
'cn': ['u1'],
'userPassword': ['foobar'],
'objectClass': ['top']
})
admin = ('cn=admin,ou=users,o=test', {
'cn': ['admin'],
'userPassword': ['toor'],
'roles': ['admin'],
'objectClass': ['top']
})
directory = dict([test, users, admin_list, service, u1, admin])
cls.mockldap = MockLdap(directory)
def test_context_manager(self):
mockldap = MockLdap(directory)
self.assertIsNone(mockldap.ldap_objects)
with mockldap as mockldap2:
self.assertIs(mockldap, mockldap2)
self.assertIsNotNone(mockldap.ldap_objects)
self.assertIsNotNone(mockldap2.ldap_objects)
self.assertIsNone(mockldap.ldap_objects)
def setUp(self):
self.app.store.get_user('admin').user_root = '/tmp'
# Mock LDAP
self.mockldap = MockLdap(self.directory)
self.mockldap.start()
self.ldapobj = self.mockldap['ldap://localhost/']
WebCase.setUp(self)
self.plugin = MinarcaUserSetup(self.app)
if not os.path.isdir('/tmp/minarca-test'):
os.mkdir('/tmp/minarca-test')
def setUpClass(cls):
cls.mockldap = MockLdap(LDAPTestDirectory.directory)
cherrypy.engine.stop()
cherrypy.engine.ldap = LDAPEnginePlugin(
bus=cherrypy.engine,
uri="ldap://localhost/",
base_dn="ou=example,o=test",
bind_dn="cn=admin,ou=example,o=test",
bind_pw="ldaptest",
tls=True,
no_verify=True)
cherrypy.engine.ldap.subscribe()
cherrypy.engine.start()
def test___search_ldap_filter(self):
"""
LDAP: test `_search_ldap` method (with AUTH_LDAP_SEARCH_FILTER)
"""
# MockLdap needs non-bytes for search filters, so we patch `memberOf`
# to a string, only for this test
with patch.dict(
self.directory[self.user_alice[0]],
{
"memberOf": [
i.decode()
for i in self.directory[self.user_alice[0]]["memberOf"]
]
},
):
_mockldap = MockLdap(self.directory)
_mockldap.start()
_ldapobj = _mockldap["ldap://localhost/"]
self.app.config[
"AUTH_LDAP_BIND_USER"] = "******"
self.app.config["AUTH_LDAP_BIND_PASSWORD"] = "******"
self.app.config["AUTH_LDAP_SEARCH"] = "ou=users,o=test"
self.app.config[
"AUTH_LDAP_SEARCH_FILTER"] = "(memberOf=cn=staff,ou=groups,o=test)"
self.appbuilder = AppBuilder(self.app, self.db.session)
sm = self.appbuilder.sm
# prepare `con` object
con = ldap.initialize("ldap://localhost/")
sm._ldap_bind_indirect(ldap, con)
# run `_search_ldap` method
user_dn, user_info = sm._search_ldap(ldap, con, "alice")
# validate - search returned expected data
self.assertEqual(user_dn, self.user_alice[0])
self.assertEqual(user_info["givenName"],
self.user_alice[1]["givenName"])
self.assertEqual(user_info["sn"], self.user_alice[1]["sn"])
self.assertEqual(user_info["email"], self.user_alice[1]["email"])
# validate - expected LDAP methods were called
self.assertEqual(
_ldapobj.methods_called(with_args=True),
[
self.call_initialize,
self.call_bind_admin,
self.call_search_alice_filter,
],
)
def setUp(self):
info = ('dc=local', { 'dc': ['local']})
adrf = (settings.LDAP_BASE_DN, { 'dc': ['dfadmin']})
admin = (settings.LDAP_SETTINGS['Connection']['BindDN'],
{ 'cn': [ 'admin'], 'userPassword': [settings.LDAP_SETTINGS['Connection']['BindPassword']]})
people = ('ou=People,' + settings.LDAP_BASE_DN, {'ou': ['People']})
groups = ('ou=Groups,' + settings.LDAP_BASE_DN, {'ou': ['Groups']})
projects = ('ou=Projects,' + settings.LDAP_BASE_DN, {'ou': ['Projects']})
datasets = ('ou=Datasets,' + settings.LDAP_BASE_DN, {'ou': ['Datasets']})
directory = dict([info, adrf, admin, people, groups, projects, datasets])
self.mockldap = MockLdap(directory)
self.mockldap.start()
self.ldapobj = self.mockldap[settings.LDAP_SERVER]
def test_update_with_external_auth(self):
# Run a mock LDAP.
mockldap = MockLdap({
"dc=quay,dc=io": {
"dc": ["quay", "io"]
},
"ou=employees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "employees"
},
"uid=" + ADMIN_ACCESS_USER + ",ou=employees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "employees",
"uid": [ADMIN_ACCESS_USER],
"userPassword": ["password"],
"mail": [ADMIN_ACCESS_EMAIL],
},
})
config = {
"AUTHENTICATION_TYPE": "LDAP",
"LDAP_BASE_DN": ["dc=quay", "dc=io"],
"LDAP_ADMIN_DN": "uid=devtable,ou=employees,dc=quay,dc=io",
"LDAP_ADMIN_PASSWD": "password",
"LDAP_USER_RDN": ["ou=employees"],
"LDAP_UID_ATTR": "uid",
"LDAP_EMAIL_ATTR": "mail",
}
mockldap.start()
try:
# Write the config with the valid password.
self.putResponse(
SuperUserConfig,
data={
"config": config,
"password": "******",
"hostname": "foo"
},
expected_code=200,
)
# Ensure that the user row has been linked.
# TODO: fix this test
# self.assertEquals(ADMIN_ACCESS_USER,
# model.user.verify_federated_login('ldap', ADMIN_ACCESS_USER).username)
finally:
mockldap.stop()
def fn(fname, host='localhost'):
fh = open(os.path.join(os.path.dirname(os.path.realpath(__file__)), fname), 'rb')
ctrl = ldif.LDIFRecordList(fh)
ctrl.parse()
directory = dict(ctrl.all_records)
mockldap = MockLdap(directory)
mockldap.start()
mockldap['ldap://{}/'.format(host)]
conn = ldap.initialize('ldap://{}/'.format(host))
return conn
def test_update_with_external_auth(self):
# Run a mock LDAP.
mockldap = MockLdap({
'dc=quay,dc=io': {
'dc': ['quay', 'io']
},
'ou=employees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'employees'
},
'uid=' + ADMIN_ACCESS_USER + ',ou=employees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'employees',
'uid': [ADMIN_ACCESS_USER],
'userPassword': ['password'],
'mail': [ADMIN_ACCESS_EMAIL],
},
})
config = {
'AUTHENTICATION_TYPE': 'LDAP',
'LDAP_BASE_DN': ['dc=quay', 'dc=io'],
'LDAP_ADMIN_DN': 'uid=devtable,ou=employees,dc=quay,dc=io',
'LDAP_ADMIN_PASSWD': 'password',
'LDAP_USER_RDN': ['ou=employees'],
'LDAP_UID_ATTR': 'uid',
'LDAP_EMAIL_ATTR': 'mail',
}
mockldap.start()
try:
# Write the config with the valid password.
self.putResponse(SuperUserConfig,
data={'config': config,
'password': '******',
'hostname': 'foo'}, expected_code=200)
# Ensure that the user row has been linked.
# TODO: fix this test
# self.assertEquals(ADMIN_ACCESS_USER,
# model.user.verify_federated_login('ldap', ADMIN_ACCESS_USER).username)
finally:
mockldap.stop()
def test_department(self):
'''
Test department lookups.
'''
mockldap = MockLdap({
'o=Novell': {
'o': 'Novell'
},
'cn=mcihar,o=Novell': {
'mail': ['*****@*****.**'],
'ou': ['TestDept'],
'cn': ['mcihar'],
'uid': ['mcihar'],
},
'cn=foobar,o=Novell': {
'mail': ['*****@*****.**'],
'ou': ['L3 Maintenance'],
'cn': ['foobar'],
'uid': ['foobar'],
},
})
mockldap.start()
try:
userinfo = UserInfo('ldap://ldap', 'o=novell')
# By mail with fixup
self.assertEqual('L3/Maintenance',
userinfo.get_department('*****@*****.**'))
# By UID
self.assertEqual('TestDept', userinfo.get_department('mcihar'))
# By UID from cache
self.assertEqual('TestDept', userinfo.get_department('mcihar'))
# By email
self.assertEqual('TestDept',
userinfo.get_department('*****@*****.**'))
# Hardcoded entries
self.assertEqual('Security team',
userinfo.get_department('*****@*****.**'))
# Non existing entry
self.assertEqual('N/A', userinfo.get_department('nobody'))
finally:
mockldap.stop()
def start_ldap_mock():
"""
Starts LDAP mocking.
"""
mockldap = MockLdap({
'o=Novell': {
'o': 'Novell'
},
'cn=mcihar,o=Novell': {
'mail': ['*****@*****.**'],
'ou': ['TestDept'],
'cn': ['mcihar'],
'uid': ['mcihar'],
},
'cn=foobar,o=Novell': {
'mail': ['*****@*****.**'],
'ou': ['L3 Maintenance'],
'cn': ['foobar'],
'uid': ['foobar'],
},
})
mockldap.start()
return mockldap
def setUpClass(cls):
settings.DATABASES['ldap']['TLS'] = True
settings.DATABASES['ldap']['CONNECTION_OPTIONS'] = {
ldap.OPT_X_TLS_DEMAND: True,
}
cls.mockldap = MockLdap(cls.directory)
def setUpClass(cls):
cls.mockldap = MockLdap(vars.DIRECTORY)
def mocked_ldap(monkeypatch):
ldap_mock = MockLdap(_ldap_tree())
def connect(self, enforce_new=False, enforce_server=None):
self._default_bind(self._ldap_obj)
monkeypatch.setattr(ldap.LDAPUserConnector, "connect", connect)
monkeypatch.setattr(ldap.LDAPUserConnector, "disconnect", lambda self: None)
ldap_connection = ldap.LDAPUserConnector({
"id": "default",
"type": "ldap",
"description": "Test connection",
"disabled": False,
"cache_livetime": 300,
"suffix": "testldap",
"active_plugins": {
'email': {},
'alias': {},
'auth_expire': {}
},
"directory_type": ("ad", {
"connect_to": ("fixed_list", {
"server": "127.0.0.1"
}),
}),
"bind": ("cn=sync-user,ou=users,dc=check-mk,dc=org", "sync-secret"),
"user_id_umlauts": "keep",
"user_scope": "sub",
"user_dn": "ou=users,dc=check-mk,dc=org",
"group_dn": "ou=groups,dc=check-mk,dc=org",
"group_scope": "sub",
})
ldap_mock.start()
ldap_connection._ldap_obj = ldap_mock["ldap://127.0.0.1"]
def search_ext(self,
base,
scope,
filterstr='(objectclass=*)',
attrlist=None,
attrsonly=0,
serverctrls=None):
# MockLdap does not exactly behave like python ldap library in terms of
# encoding. The latter want's to have byte encoded strings and MockLdap
# wants unicode strings :-/. Prepare the data we normally send to
# python-ldap for MockLdap here.
if not isinstance(base, str):
base = base.decode("utf-8")
if not isinstance(filterstr, str):
filterstr = filterstr.decode("utf-8")
return self.search(base, scope, filterstr, attrlist, attrsonly)
LDAPObject.search_ext = search_ext
def result_3(self, *args, **kwargs):
unused_code, response = LDAPObject.result(self, *args, **kwargs)
return unused_code, encode_to_byte_strings(response), None, []
LDAPObject.result3 = result_3
return ldap_connection
def mock_ldap(requires_email=True, user_filter=None):
mock_data = {
"dc=quay,dc=io": {"dc": ["quay", "io"]},
"ou=employees,dc=quay,dc=io": {"dc": ["quay", "io"], "ou": "employees"},
"ou=otheremployees,dc=quay,dc=io": {"dc": ["quay", "io"], "ou": "otheremployees"},
"cn=AwesomeFolk,dc=quay,dc=io": {"dc": ["quay", "io"], "cn": "AwesomeFolk"},
"uid=testy,ou=employees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "employees",
"uid": ["testy"],
"userPassword": ["password"],
"mail": ["*****@*****.**"],
"memberOf": ["cn=AwesomeFolk,dc=quay,dc=io", "cn=*Guys,dc=quay,dc=io"],
"filterField": ["somevalue"],
},
"uid=someuser,ou=employees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "employees",
"uid": ["someuser"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
"memberOf": ["cn=AwesomeFolk,dc=quay,dc=io", "cn=*Guys,dc=quay,dc=io"],
"filterField": ["somevalue"],
},
"uid=nomail,ou=employees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "employees",
"uid": ["nomail"],
"userPassword": ["somepass"],
"filterField": ["somevalue"],
},
"uid=cool.user,ou=employees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "employees",
"uid": ["cool.user", "referred"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
"filterField": ["somevalue"],
},
"uid=referred,ou=employees,dc=quay,dc=io": {
"uid": ["referred"],
"_referral": "ldap:///uid=cool.user,ou=employees,dc=quay,dc=io",
},
"uid=invalidreferred,ou=employees,dc=quay,dc=io": {
"uid": ["invalidreferred"],
"_referral": "ldap:///uid=someinvaliduser,ou=employees,dc=quay,dc=io",
},
"uid=multientry,ou=subgroup1,ou=employees,dc=quay,dc=io": {
"uid": ["multientry"],
"mail": ["*****@*****.**"],
"userPassword": ["somepass"],
"filterField": ["somevalue"],
},
"uid=multientry,ou=subgroup2,ou=employees,dc=quay,dc=io": {
"uid": ["multientry"],
"another": ["key"],
"filterField": ["somevalue"],
},
"uid=secondaryuser,ou=otheremployees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "otheremployees",
"uid": ["secondaryuser"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
"filterField": ["somevalue"],
},
# Feature: Email Blacklisting
"uid=blacklistedcom,ou=otheremployees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "otheremployees",
"uid": ["blacklistedcom"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
"filterField": ["somevalue"],
},
"uid=blacklistednet,ou=otheremployees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "otheremployees",
"uid": ["blacklistednet"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
"filterField": ["somevalue"],
},
"uid=blacklistedorg,ou=otheremployees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "otheremployees",
"uid": ["blacklistedorg"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
"filterField": ["somevalue"],
},
"uid=notblacklistedcom,ou=otheremployees,dc=quay,dc=io": {
"dc": ["quay", "io"],
"ou": "otheremployees",
"uid": ["notblacklistedcom"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
"filterField": ["somevalue"],
},
}
if not requires_email:
for path in mock_data:
mock_data[path].pop("mail", None)
mockldap = MockLdap(mock_data)
def initializer(uri, trace_level=0):
obj = mockldap[uri]
# Seed to "support" wildcard queries, which MockLDAP does not support natively.
cool_block = {
"dc": ["quay", "io"],
"ou": "employees",
"uid": ["cool.user", "referred"],
"userPassword": ["somepass"],
"mail": ["*****@*****.**"],
}
if not requires_email:
cool_block.pop("mail", None)
obj.search_s.seed("ou=employees,dc=quay,dc=io", 2, "(|(uid=cool*)(mail=cool*))")(
[("uid=cool.user,ou=employees,dc=quay,dc=io", cool_block)]
)
obj.search_s.seed("ou=otheremployees,dc=quay,dc=io", 2, "(|(uid=cool*)(mail=cool*))")([])
obj.search_s.seed("ou=employees,dc=quay,dc=io", 2, "(|(uid=unknown*)(mail=unknown*))")([])
obj.search_s.seed("ou=otheremployees,dc=quay,dc=io", 2, "(|(uid=unknown*)(mail=unknown*))")(
[]
)
no_users_found_exception = Exception()
no_users_found_exception.message = {"matched": "dc=quay,dc=io", "desc": "No such object"}
obj.search_s.seed("ou=nonexistent,dc=quay,dc=io", 2)(no_users_found_exception)
obj.search_s.seed("ou=employees,dc=quay,dc=io", 2)(
[("uid=cool.user,ou=employees,dc=quay,dc=io", cool_block)]
)
obj.search.seed("ou=employees,dc=quay,dc=io", 2, "(objectClass=*)")(
[("uid=cool.user,ou=employees,dc=quay,dc=io", cool_block)]
)
obj.search.seed("ou=employees,dc=quay,dc=io", 2)(
[("uid=cool.user,ou=employees,dc=quay,dc=io", cool_block)]
)
obj._results = {}
original_result_fn = obj.result
def result(messageid):
if messageid is None:
return None, [], None, None
# NOTE: Added because of weirdness with using mock-ldap.
if isinstance(messageid, list):
return None, messageid
if messageid in obj._results:
return obj._results[messageid]
return original_result_fn(messageid)
def result3(messageid):
if messageid is None:
return None, [], None, None
return obj._results[messageid]
def search_ext(
user_search_dn, scope, search_flt=None, serverctrls=None, sizelimit=None, attrlist=None
):
if scope != ldap.SCOPE_SUBTREE:
return None
if not serverctrls:
if search_flt:
rdata = obj.search_s(user_search_dn, scope, search_flt, attrlist=attrlist)
else:
if attrlist:
rdata = obj.search_s(user_search_dn, scope, attrlist=attrlist)
else:
rdata = obj.search_s(user_search_dn, scope)
obj._results["messageid"] = (None, rdata)
return "messageid"
page_control = serverctrls[0]
if page_control.controlType != ldap.controls.SimplePagedResultsControl.controlType:
return None
if search_flt:
msgid = obj.search(user_search_dn, scope, search_flt, attrlist=attrlist)
else:
if attrlist:
msgid = obj.search(user_search_dn, scope, attrlist=attrlist)
else:
msgid = obj.search(user_search_dn, scope)
_, rdata = obj.result(msgid)
msgid = "messageid"
cookie = int(page_control.cookie) if page_control.cookie else 0
results = rdata[cookie : cookie + page_control.size]
cookie = cookie + page_control.size
if cookie > len(results):
page_control.cookie = None
else:
page_control.cookie = cookie
obj._results["messageid"] = (None, results, None, [page_control])
return msgid
def search_ext_s(user_search_dn, scope, sizelimit=None):
return [obj.search_s(user_search_dn, scope)]
obj.search_ext = search_ext
obj.result = result
obj.result3 = result3
obj.search_ext_s = search_ext_s
return obj
mockldap.start()
try:
with patch("ldap.initialize", new=initializer):
yield _create_ldap(requires_email=requires_email, user_filter=user_filter)
finally:
mockldap.stop()
def setUpClass(cls):
cls.mockldap = MockLdap(cls.directory)
cls.config, cls.secrets, cls.policies = init_testing()
def test_no_default(self):
mockldap = MockLdap()
mockldap.start()
self.assertRaises(KeyError, lambda: mockldap[''])
def configure_mock_ldap():
from mockldap import MockLdap
mockldap = MockLdap(directory)
mockldap.start()
yield
mockldap.stop()
def mock_ldap(requires_email=True):
mock_data = {
'dc=quay,dc=io': {
'dc': ['quay', 'io']
},
'ou=employees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'employees'
},
'ou=otheremployees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'otheremployees'
},
'cn=AwesomeFolk,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'cn': 'AwesomeFolk'
},
'uid=testy,ou=employees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'employees',
'uid': ['testy'],
'userPassword': ['password'],
'mail': ['*****@*****.**'],
'memberOf':
['cn=AwesomeFolk,dc=quay,dc=io', 'cn=*Guys,dc=quay,dc=io'],
},
'uid=someuser,ou=employees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'employees',
'uid': ['someuser'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**'],
'memberOf':
['cn=AwesomeFolk,dc=quay,dc=io', 'cn=*Guys,dc=quay,dc=io'],
},
'uid=nomail,ou=employees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'employees',
'uid': ['nomail'],
'userPassword': ['somepass']
},
'uid=cool.user,ou=employees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'employees',
'uid': ['cool.user', 'referred'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**']
},
'uid=referred,ou=employees,dc=quay,dc=io': {
'uid': ['referred'],
'_referral': 'ldap:///uid=cool.user,ou=employees,dc=quay,dc=io'
},
'uid=invalidreferred,ou=employees,dc=quay,dc=io': {
'uid': ['invalidreferred'],
'_referral':
'ldap:///uid=someinvaliduser,ou=employees,dc=quay,dc=io'
},
'uid=multientry,ou=subgroup1,ou=employees,dc=quay,dc=io': {
'uid': ['multientry'],
'mail': ['*****@*****.**'],
'userPassword': ['somepass'],
},
'uid=multientry,ou=subgroup2,ou=employees,dc=quay,dc=io': {
'uid': ['multientry'],
'another': ['key']
},
'uid=secondaryuser,ou=otheremployees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'otheremployees',
'uid': ['secondaryuser'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**']
},
# Feature: Email Blacklisting
'uid=blacklistedcom,ou=otheremployees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'otheremployees',
'uid': ['blacklistedcom'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**']
},
'uid=blacklistednet,ou=otheremployees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'otheremployees',
'uid': ['blacklistednet'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**']
},
'uid=blacklistedorg,ou=otheremployees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'otheremployees',
'uid': ['blacklistedorg'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**']
},
'uid=notblacklistedcom,ou=otheremployees,dc=quay,dc=io': {
'dc': ['quay', 'io'],
'ou': 'otheremployees',
'uid': ['notblacklistedcom'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**']
},
}
if not requires_email:
for path in mock_data:
mock_data[path].pop('mail', None)
mockldap = MockLdap(mock_data)
def initializer(uri, trace_level=0):
obj = mockldap[uri]
# Seed to "support" wildcard queries, which MockLDAP does not support natively.
cool_block = {
'dc': ['quay', 'io'],
'ou': 'employees',
'uid': ['cool.user', 'referred'],
'userPassword': ['somepass'],
'mail': ['*****@*****.**']
}
if not requires_email:
cool_block.pop('mail', None)
obj.search_s.seed('ou=employees,dc=quay,dc=io', 2,
'(|(uid=cool*)(mail=cool*))')([
('uid=cool.user,ou=employees,dc=quay,dc=io',
cool_block)
])
obj.search_s.seed('ou=otheremployees,dc=quay,dc=io', 2,
'(|(uid=cool*)(mail=cool*))')([])
obj.search_s.seed('ou=employees,dc=quay,dc=io', 2,
'(|(uid=unknown*)(mail=unknown*))')([])
obj.search_s.seed('ou=otheremployees,dc=quay,dc=io', 2,
'(|(uid=unknown*)(mail=unknown*))')([])
no_users_found_exception = Exception()
no_users_found_exception.message = {
'matched': 'dc=quay,dc=io',
'desc': 'No such object'
}
obj.search_s.seed('ou=nonexistent,dc=quay,dc=io',
2)(no_users_found_exception)
obj.search_s.seed('ou=employees,dc=quay,dc=io', 2)([
('uid=cool.user,ou=employees,dc=quay,dc=io', cool_block)
])
obj.search.seed('ou=employees,dc=quay,dc=io', 2, '(objectClass=*)')([
('uid=cool.user,ou=employees,dc=quay,dc=io', cool_block)
])
obj.search.seed('ou=employees,dc=quay,dc=io', 2)([
('uid=cool.user,ou=employees,dc=quay,dc=io', cool_block)
])
obj._results = {}
original_result_fn = obj.result
def result(messageid):
if messageid is None:
return None, [], None, None
# NOTE: Added because of weirdness with using mock-ldap.
if isinstance(messageid, list):
return None, messageid
if messageid in obj._results:
return obj._results[messageid]
return original_result_fn(messageid)
def result3(messageid):
if messageid is None:
return None, [], None, None
return obj._results[messageid]
def search_ext(user_search_dn,
scope,
search_flt=None,
serverctrls=None,
sizelimit=None,
attrlist=None):
if scope != ldap.SCOPE_SUBTREE:
return None
if not serverctrls:
if search_flt:
rdata = obj.search_s(user_search_dn,
scope,
search_flt,
attrlist=attrlist)
else:
if attrlist:
rdata = obj.search_s(user_search_dn,
scope,
attrlist=attrlist)
else:
rdata = obj.search_s(user_search_dn, scope)
obj._results['messageid'] = (None, rdata)
return 'messageid'
page_control = serverctrls[0]
if page_control.controlType != ldap.controls.SimplePagedResultsControl.controlType:
return None
if search_flt:
msgid = obj.search(user_search_dn,
scope,
search_flt,
attrlist=attrlist)
else:
if attrlist:
msgid = obj.search(user_search_dn,
scope,
attrlist=attrlist)
else:
msgid = obj.search(user_search_dn, scope)
_, rdata = obj.result(msgid)
msgid = 'messageid'
cookie = int(page_control.cookie) if page_control.cookie else 0
results = rdata[cookie:cookie + page_control.size]
cookie = cookie + page_control.size
if cookie > len(results):
page_control.cookie = None
else:
page_control.cookie = cookie
obj._results['messageid'] = (None, results, None, [page_control])
return msgid
def search_ext_s(user_search_dn, scope, sizelimit=None):
return [obj.search_s(user_search_dn, scope)]
obj.search_ext = search_ext
obj.result = result
obj.result3 = result3
obj.search_ext_s = search_ext_s
return obj
mockldap.start()
with patch('ldap.initialize', new=initializer):
yield _create_ldap(requires_email=requires_email)
mockldap.stop()
def setUpClass(cls):
cls.mockldap = MockLdap(cls.directory)
def setup_class(cls):
cls.mockldap = MockLdap(cls.directory)
def setUp(self):
self.mock_ldap = MockLdap(self.directory)
self.mock_ldap.start()
self.ldapobj = self.mock_ldap['ldap://localhost/']
def setUpClass(cls):
# We only need to create the MockLdap instance once. The content we
# pass in will be used for all LDAP connections.
cls.mockldap = MockLdap(cls.directory)
def setUpClass(cls):
""" """
cls.mockldap = MockLdap(cls.DIRECTORY)
