def test_filter_handling(self):
test_dn = "DC=ldap,DC=thoughtspot,DC=com"
ldap_handle = LDAPApiWrapper()
ldap_handle.login(HOSTPORT, USERNAME, PASSWORD)
# Use this to search directly to ensure that when unhandled, an error
# is thrown for bad filters.
conn = ldap_handle.connection_pool["default"]
# Assert ldap_handle search can handle various bad filters
bad_filters = [r"(cn=\,)", r"(cn=\)", r"(cn=\\)"]
for bad_filter in bad_filters:
# Assert that search with unhandled filters raises error.
with self.assertRaises(ldap.FILTER_ERROR):
conn.search_s(test_dn, 2, bad_filter, ["cn"])
# Assert that search with our LDAPApiWrapper handles these errors.
self.assertEqual(
Constants.OPERATION_SUCCESS,
ldap_handle.list_users(test_dn, 2, bad_filter).status,
)
self.assertEqual(
Constants.OPERATION_SUCCESS,
ldap_handle.list_groups(test_dn, 2, bad_filter).status,
)
good_filters = ["(cn=')", "(cn=')", '(cn="")', '(cn=")', "(cn=,)"]
for good_filter in good_filters:
# Assert good filters act the same in both cases.
conn.search_s(test_dn, 2, good_filter, ["cn"])
self.assertEqual(
Constants.OPERATION_SUCCESS,
ldap_handle.list_users(test_dn, 2, good_filter).status,
)
self.assertEqual(
Constants.OPERATION_SUCCESS,
ldap_handle.list_groups(test_dn, 2, good_filter).status,
)
for char in string.punctuation:
if char in ["(", ")"]:
# Filter with unbalanced paranthesis means that filter is wrong
# we shouldn't handle such scenarios.
continue
bad_filter = "(cn=last{}first)".format(char)
# Assert for bad filters common search raises error.
if char == "\\":
with self.assertRaises(ldap.FILTER_ERROR):
conn.search_s(test_dn, 2, bad_filter, ["cn"])
else:
conn.search_s(test_dn, 2, bad_filter, ["cn"])
# Assert we handle bad filters gracefully.
self.assertEqual(
Constants.OPERATION_SUCCESS,
ldap_handle.list_users(test_dn, 2, bad_filter).status,
)
self.assertEqual(
Constants.OPERATION_SUCCESS,
ldap_handle.list_groups(test_dn, 2, bad_filter).status,
)
def test_fetch_domain_name_from_dn(self):
test_dn = "CN=A,CN=B,OU=engg,DC=ldap,DC=thoughtspot,DC=com"
ldap_handle = LDAPApiWrapper()
domain_name = ldap_handle.fetch_domain_name_from_dn(test_dn)
self.assertEqual(domain_name, "@ldap.thoughtspot.com")
def test_fetch_components_from_dn(self):
test_dn = "CN=A,CN=B,OU=engg,DC=ldap,DC=thoughtspot,DC=com"
ldap_handle = LDAPApiWrapper()
non_dc, dc = ldap_handle._fetch_components_from_dn(test_dn)
self.assertEqual(non_dc, ["CN=A", "CN=B", "OU=engg"])
self.assertEqual(dc, ["DC=ldap", "DC=thoughtspot", "DC=com"])
def test_list_groups(self):
ldap_handle = LDAPApiWrapper()
ldap_handle.login(HOSTPORT, USERNAME, PASSWORD)
result = ldap_handle.list_groups(GROUP_DN)
self.assertEqual(result.status, Constants.OPERATION_SUCCESS)
def test_list_users(self):
ldap_handle = LDAPApiWrapper()
ldap_handle.login(HOSTPORT, USERNAME, PASSWORD)
result = ldap_handle.list_users(USER_DN, user_identifier="objectGUID")
self.assertEqual(result.status, Constants.OPERATION_SUCCESS)
def test_login(self):
ldap_handle = LDAPApiWrapper()
self.assertFalse(ldap_handle._is_authenticated())
ldap_handle.login(HOSTPORT, USERNAME, PASSWORD)
self.assertTrue(ldap_handle._is_authenticated())