def test_filter_handling(self): test_dn = "DC=ldap,DC=thoughtspot,DC=com" ldap_handle = LDAPApiWrapper() ldap_handle.login(HOSTPORT, USERNAME, PASSWORD) # Use this to search directly to ensure that when unhandled, an error # is thrown for bad filters. conn = ldap_handle.connection_pool["default"] # Assert ldap_handle search can handle various bad filters bad_filters = [r"(cn=\,)", r"(cn=\)", r"(cn=\\)"] for bad_filter in bad_filters: # Assert that search with unhandled filters raises error. with self.assertRaises(ldap.FILTER_ERROR): conn.search_s(test_dn, 2, bad_filter, ["cn"]) # Assert that search with our LDAPApiWrapper handles these errors. self.assertEqual( Constants.OPERATION_SUCCESS, ldap_handle.list_users(test_dn, 2, bad_filter).status, ) self.assertEqual( Constants.OPERATION_SUCCESS, ldap_handle.list_groups(test_dn, 2, bad_filter).status, ) good_filters = ["(cn=')", "(cn=')", '(cn="")', '(cn=")', "(cn=,)"] for good_filter in good_filters: # Assert good filters act the same in both cases. conn.search_s(test_dn, 2, good_filter, ["cn"]) self.assertEqual( Constants.OPERATION_SUCCESS, ldap_handle.list_users(test_dn, 2, good_filter).status, ) self.assertEqual( Constants.OPERATION_SUCCESS, ldap_handle.list_groups(test_dn, 2, good_filter).status, ) for char in string.punctuation: if char in ["(", ")"]: # Filter with unbalanced paranthesis means that filter is wrong # we shouldn't handle such scenarios. continue bad_filter = "(cn=last{}first)".format(char) # Assert for bad filters common search raises error. if char == "\\": with self.assertRaises(ldap.FILTER_ERROR): conn.search_s(test_dn, 2, bad_filter, ["cn"]) else: conn.search_s(test_dn, 2, bad_filter, ["cn"]) # Assert we handle bad filters gracefully. self.assertEqual( Constants.OPERATION_SUCCESS, ldap_handle.list_users(test_dn, 2, bad_filter).status, ) self.assertEqual( Constants.OPERATION_SUCCESS, ldap_handle.list_groups(test_dn, 2, bad_filter).status, )
def test_fetch_domain_name_from_dn(self): test_dn = "CN=A,CN=B,OU=engg,DC=ldap,DC=thoughtspot,DC=com" ldap_handle = LDAPApiWrapper() domain_name = ldap_handle.fetch_domain_name_from_dn(test_dn) self.assertEqual(domain_name, "@ldap.thoughtspot.com")
def test_fetch_components_from_dn(self): test_dn = "CN=A,CN=B,OU=engg,DC=ldap,DC=thoughtspot,DC=com" ldap_handle = LDAPApiWrapper() non_dc, dc = ldap_handle._fetch_components_from_dn(test_dn) self.assertEqual(non_dc, ["CN=A", "CN=B", "OU=engg"]) self.assertEqual(dc, ["DC=ldap", "DC=thoughtspot", "DC=com"])
def test_list_groups(self): ldap_handle = LDAPApiWrapper() ldap_handle.login(HOSTPORT, USERNAME, PASSWORD) result = ldap_handle.list_groups(GROUP_DN) self.assertEqual(result.status, Constants.OPERATION_SUCCESS)
def test_list_users(self): ldap_handle = LDAPApiWrapper() ldap_handle.login(HOSTPORT, USERNAME, PASSWORD) result = ldap_handle.list_users(USER_DN, user_identifier="objectGUID") self.assertEqual(result.status, Constants.OPERATION_SUCCESS)
def test_login(self): ldap_handle = LDAPApiWrapper() self.assertFalse(ldap_handle._is_authenticated()) ldap_handle.login(HOSTPORT, USERNAME, PASSWORD) self.assertTrue(ldap_handle._is_authenticated())