def test_06_slit_uri(self):
uri = "ldap://server"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, False)
self.assertEqual(server, "server")
self.assertEqual(port, None)
uri = "ldap://server:389"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, False)
self.assertEqual(server, "server")
self.assertEqual(port, 389)
uri = "ldaps://server:389"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, True)
self.assertEqual(server, "server")
self.assertEqual(port, 389)
uri = "ldaps://server"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, True)
self.assertEqual(server, "server")
self.assertEqual(port, None)
uri = "server"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, False)
self.assertEqual(server, "server")
self.assertEqual(port, None)
def test_03_testconnection_anonymous(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection({
'LDAPURI':
'ldap://localhost',
'LDAPBASE':
'o=test',
'LOGINNAMEATTRIBUTE':
'cn',
'LDAPSEARCHFILTER':
'(cn=*)',
'BINDDN':
'',
'LDAPFILTER':
'(&(cn=%s))',
'USERINFO':
'{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE':
'oid',
})
self.assertTrue(res[0], res)
self.assertTrue(
res[1] == 'Your LDAP config seems to be OK, 3 user '
'objects found.', res)
def test_08_trimresult(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig(
{
"LDAPURI": "ldap://localhost",
"LDAPBASE": "o=test",
"BINDDN": "cn=manager,ou=example,o=test",
"BINDPW": "ldaptest",
"LOGINNAMEATTRIBUTE": "cn",
"LDAPSEARCHFILTER": "(cn=*)",
"LDAPFILTER": "(&(cn=%s))",
"USERINFO": '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
"UIDTYPE": "oid",
"NOREFERRALS": True,
}
)
r = y._trim_result(
[
{"type": "searchResEntry", "DN": "blafoo"},
{"type": "searchResEntry", "DN": "foobar"},
{"type": "searchResRef", "info": "this is located on another LDAP"},
]
)
self.assertEqual(len(r), 2)
def test_04_testconnection_fail(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection({
'LDAPURI':
'ldap://localhost',
'LDAPBASE':
'o=test',
'BINDDN':
'cn=manager,ou=example,o=test',
'BINDPW':
'wrongpw',
'LOGINNAMEATTRIBUTE':
'cn',
'LDAPSEARCHFILTER':
'(cn=*)',
'LDAPFILTER':
'(&(cn=%s))',
'USERINFO':
'{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE':
'oid',
})
self.assertFalse(res[0], res)
self.assertTrue("Wrong credentials" in res[1], res)
def test_05_authtype_not_supported(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection({
'LDAPURI':
'ldap://localhost',
'LDAPBASE':
'o=test',
'BINDDN':
'cn=manager,ou=example,o=test',
'BINDPW':
'ldaptest',
'AUTHTYPE':
'unknown',
'LOGINNAMEATTRIBUTE':
'cn',
'LDAPSEARCHFILTER':
'(cn=*)',
'LDAPFILTER':
'(&(cn=%s))',
'USERINFO':
'{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE':
'oid',
})
self.assertFalse(res[0], res)
self.assertTrue("Authtype unknown not supported" in res[1], res)
def test_06_slit_uri(self):
uri = "ldap://server"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, False)
self.assertEqual(server, "server")
self.assertEqual(port, None)
uri = "ldap://server:389"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, False)
self.assertEqual(server, "server")
self.assertEqual(port, 389)
uri = "ldaps://server:389"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, True)
self.assertEqual(server, "server")
self.assertEqual(port, 389)
uri = "ldaps://server"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, True)
self.assertEqual(server, "server")
self.assertEqual(port, None)
uri = "server"
server, port, ssl = LDAPResolver.split_uri(uri)
self.assertEqual(ssl, False)
self.assertEqual(server, "server")
self.assertEqual(port, None)
def test_08_trimresult(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig({'LDAPURI': 'ldap://localhost',
'LDAPBASE': 'o=test',
'BINDDN': 'cn=manager,ou=example,o=test',
'BINDPW': 'ldaptest',
'LOGINNAMEATTRIBUTE': 'cn',
'LDAPSEARCHFILTER': '(cn=*)',
'LDAPFILTER': '(&(cn=%s))',
'USERINFO': '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE': 'oid',
'NOREFERRALS': True
})
r = y._trim_result([{"type": "searchResEntry",
"DN": "blafoo"},
{"type": "searchResEntry",
"DN": "foobar"},
{"type": "searchResRef",
"info": "this is located on another LDAP"}])
self.assertEqual(len(r), 2)
def test_05_authtype_not_supported(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection(
{
"LDAPURI": "ldap://localhost",
"LDAPBASE": "o=test",
"BINDDN": "cn=manager,ou=example,o=test",
"BINDPW": "ldaptest",
"AUTHTYPE": "unknown",
"LOGINNAMEATTRIBUTE": "cn",
"LDAPSEARCHFILTER": "(cn=*)",
"LDAPFILTER": "(&(cn=%s))",
"USERINFO": '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
"UIDTYPE": "oid",
}
)
self.assertFalse(res[0], res)
self.assertTrue("Authtype unknown not supported" in res[1], res)
def testconnection(params):
"""
Test if the given filename exists.
:param params:
:return:
"""
success = False
ldap_uri = params.get("LDAPURI")
if is_true(params.get("TLS_VERIFY")) \
and (ldap_uri.lower().startswith("ldaps") or
params.get("START_TLS")):
tls_ca_file = params.get("TLS_CA_FILE") or DEFAULT_CA_FILE
tls_context = Tls(validate=ssl.CERT_REQUIRED,
version=ssl.PROTOCOL_TLSv1,
ca_certs_file=tls_ca_file)
else:
tls_context = None
try:
server_pool = IdResolver.get_serverpool(ldap_uri,
float(params.get(
"TIMEOUT", 5)),
tls_context=tls_context)
l = IdResolver.create_connection(authtype=\
params.get("AUTHTYPE",
AUTHTYPE.SIMPLE),
server=server_pool,
user=params.get("BINDDN"),
password=params.get("BINDPW"),
auto_referrals=not params.get(
"NOREFERRALS"),
start_tls=params.get("START_TLS", False))
if not l.bind():
raise Exception("Wrong credentials")
# search for users...
l.search(search_base=params["LDAPBASE"],
search_scope=ldap3.SUBTREE,
search_filter="(&" + params["SEARCHFILTER"] + ")",
attributes=[ params["HOSTNAMEATTRIBUTE"] ])
count = len([x for x in l.response if x.get("type") ==
"searchResEntry"])
desc = _("Your LDAP config seems to be OK, %i machine objects "
"found.")\
% count
l.unbind()
success = True
except Exception as e:
desc = "{0!r}".format(e)
return success, desc
def testconnection(params):
"""
Test if the given filename exists.
:param params:
:return:
"""
success = False
ldap_uri = params.get("LDAPURI")
if is_true(params.get("TLS_VERIFY")) \
and (ldap_uri.lower().startswith("ldaps") or
params.get("START_TLS")):
tls_ca_file = params.get("TLS_CA_FILE") or DEFAULT_CA_FILE
tls_context = Tls(validate=ssl.CERT_REQUIRED,
version=ssl.PROTOCOL_TLSv1,
ca_certs_file=tls_ca_file)
else:
tls_context = None
try:
server_pool = IdResolver.get_serverpool(
ldap_uri,
float(params.get("TIMEOUT", 5)),
tls_context=tls_context)
l = IdResolver.create_connection(authtype=\
params.get("AUTHTYPE",
AUTHTYPE.SIMPLE),
server=server_pool,
user=params.get("BINDDN"),
password=params.get("BINDPW"),
auto_referrals=not params.get(
"NOREFERRALS"),
start_tls=params.get("START_TLS", False))
if not l.bind():
raise Exception("Wrong credentials")
# search for users...
l.search(search_base=params["LDAPBASE"],
search_scope=ldap3.SUBTREE,
search_filter="(&" + params["SEARCHFILTER"] + ")",
attributes=[params["HOSTNAMEATTRIBUTE"]])
count = len(
[x for x in l.response if x.get("type") == "searchResEntry"])
desc = _("Your LDAP config seems to be OK, %i machine objects "
"found.")\
% count
l.unbind()
success = True
except Exception as e:
desc = "{0!r}".format(e)
return success, desc
def _bind(self):
if not self.i_am_bound:
server_pool = IdResolver.get_serverpool(self.uri, self.timeout)
self.l = IdResolver.create_connection(
authtype=self.authtype,
server=server_pool,
user=self.binddn,
password=self.bindpw,
auto_referrals=not self.noreferrals)
if not self.l.bind():
raise Exception("Wrong credentials")
self.i_am_bound = True
def _bind(self):
if not self.i_am_bound:
server_pool = IdResolver.get_serverpool(self.uri, self.timeout)
self.l = IdResolver.create_connection(authtype=self.authtype,
server=server_pool,
user=self.binddn,
password=self.bindpw,
auto_referrals=not
self.noreferrals)
self.l.open()
if not self.l.bind():
raise Exception("Wrong credentials")
self.i_am_bound = True
def testconnection(cls, params):
"""
Test if the given filename exists.
:param params:
:return:
"""
success = False
try:
(host, port, ssl) = IdResolver.split_uri(params.get("LDAPURI"))
server = ldap3.Server(host, port=port,
use_ssl=ssl,
connect_timeout=float(params.get("TIMEOUT",
5)))
l = IdResolver.create_connection(authtype=\
params.get("AUTHTYPE",
AUTHTYPE.SIMPLE),
server=server,
user=params.get("BINDDN"),
password=params.get("BINDPW"),
auto_referrals=not params.get(
"NOREFERRALS"))
l.open()
if not l.bind():
raise Exception("Wrong credentials")
# search for users...
l.search(search_base=params["LDAPBASE"],
search_scope=ldap3.SUBTREE,
search_filter="(&" + params["SEARCHFILTER"] + ")",
attributes=[ params["HOSTNAMEATTRIBUTE"] ])
count = len([x for x in l.response if x.get("type") ==
"searchResEntry"])
desc = _("Your LDAP config seems to be OK, %i machine objects "
"found.")\
% count
l.unbind()
success = True
except Exception as e:
desc = "%r" % e
return success, desc
def testconnection(params):
"""
Test if the given filename exists.
:param params:
:return:
"""
success = False
try:
server_pool = IdResolver.get_serverpool(params.get("LDAPURI"),
float(params.get(
"TIMEOUT", 5)))
l = IdResolver.create_connection(authtype=\
params.get("AUTHTYPE",
AUTHTYPE.SIMPLE),
server=server_pool,
user=params.get("BINDDN"),
password=params.get("BINDPW"),
auto_referrals=not params.get(
"NOREFERRALS"))
l.open()
if not l.bind():
raise Exception("Wrong credentials")
# search for users...
l.search(search_base=params["LDAPBASE"],
search_scope=ldap3.SUBTREE,
search_filter="(&" + params["SEARCHFILTER"] + ")",
attributes=[ params["HOSTNAMEATTRIBUTE"] ])
count = len([x for x in l.response if x.get("type") ==
"searchResEntry"])
desc = _("Your LDAP config seems to be OK, %i machine objects "
"found.")\
% count
l.unbind()
success = True
except Exception as e:
desc = "{0!r}".format(e)
return success, desc
def test_08_trimresult(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig({
'LDAPURI':
'ldap://localhost',
'LDAPBASE':
'o=test',
'BINDDN':
'cn=manager,ou=example,o=test',
'BINDPW':
'ldaptest',
'LOGINNAMEATTRIBUTE':
'cn',
'LDAPSEARCHFILTER':
'(cn=*)',
'LDAPFILTER':
'(&(cn=%s))',
'USERINFO':
'{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE':
'oid',
'NOREFERRALS':
True
})
r = y._trim_result([{
"type": "searchResEntry",
"DN": "blafoo"
}, {
"type": "searchResEntry",
"DN": "foobar"
}, {
"type": "searchResRef",
"info": "this is located on another LDAP"
}])
self.assertEqual(len(r), 2)
def test_01_broken_uidtype(self):
# checkPass with wrong UIDtype
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig({
'LDAPURI':
'ldap://localhost',
'LDAPBASE':
'o=test',
'BINDDN':
'cn=manager,ou=example,o=test',
'BINDPW':
'ldaptest',
'LOGINNAMEATTRIBUTE':
'cn',
'LDAPSEARCHFILTER':
'(cn=*)',
'LDAPFILTER':
'(&(cn=%s))',
'USERINFO':
'{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE':
'unknownType',
})
result = y.getUserList({'username': '******'})
self.assertEqual(len(result), 3)
rid = y.getResolverId()
self.assertTrue(rid == "ldap://localhost", rid)
rtype = y.getResolverType()
self.assertTrue(rtype == "ldapresolver", rtype)
rdesc = y.getResolverClassDescriptor()
rdesc = y.getResolverDescriptor()
self.assertTrue("ldapresolver" in rdesc, rdesc)
self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc)
self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc)
res = y.checkPass("bob", "bobpwééé")
self.assertFalse(res)
def test_07_get_serverpool(self):
timeout = 5
urilist = "ldap://themis"
server_pool = LDAPResolver.get_serverpool(urilist, timeout)
self.assertEqual(len(server_pool), 1)
self.assertEqual(server_pool.active, True)
self.assertEqual(server_pool.exhaust, True)
self.assertEqual(server_pool.strategy, "ROUND_ROBIN")
urilist = "ldap://themis, ldap://server2"
server_pool = LDAPResolver.get_serverpool(urilist, timeout)
self.assertEqual(len(server_pool), 2)
self.assertEqual(server_pool.servers[0].name, "ldap://themis:389")
self.assertEqual(server_pool.servers[1].name, "ldap://server2:389")
urilist = "ldap://themis, ldaps://server2"
server_pool = LDAPResolver.get_serverpool(urilist, timeout)
self.assertEqual(len(server_pool), 2)
self.assertEqual(server_pool.servers[0].name, "ldap://themis:389")
self.assertEqual(server_pool.servers[1].name, "ldaps://server2:636")
def test_07_get_serverpool(self):
timeout = 5
urilist = "ldap://themis"
server_pool = LDAPResolver.get_serverpool(urilist, timeout)
self.assertEqual(len(server_pool), 1)
self.assertEqual(server_pool.active, True)
self.assertEqual(server_pool.exhaust, True)
self.assertEqual(server_pool.strategy, "ROUND_ROBIN")
urilist = "ldap://themis, ldap://server2"
server_pool = LDAPResolver.get_serverpool(urilist, timeout)
self.assertEqual(len(server_pool), 2)
self.assertEqual(server_pool.servers[0].name, "ldap://themis:389")
self.assertEqual(server_pool.servers[1].name, "ldap://server2:389")
urilist = "ldap://themis, ldaps://server2"
server_pool = LDAPResolver.get_serverpool(urilist, timeout)
self.assertEqual(len(server_pool), 2)
self.assertEqual(server_pool.servers[0].name, "ldap://themis:389")
self.assertEqual(server_pool.servers[1].name, "ldaps://server2:636")
def test_03_testconnection_anonymous(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection({'LDAPURI': 'ldap://localhost',
'LDAPBASE': 'o=test',
'LOGINNAMEATTRIBUTE': 'cn',
'LDAPSEARCHFILTER': '(cn=*)',
'BINDDN': '',
'LDAPFILTER': '(&(cn=%s))',
'USERINFO': '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE': 'oid',
})
self.assertTrue(res[0], res)
self.assertTrue(res[1] == 'Your LDAP config seems to be OK, 3 user '
'objects found.', res)
def test_04_testconnection_fail(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection({'LDAPURI': 'ldap://localhost',
'LDAPBASE': 'o=test',
'BINDDN': 'cn=manager,ou=example,o=test',
'BINDPW': 'wrongpw',
'LOGINNAMEATTRIBUTE': 'cn',
'LDAPSEARCHFILTER': '(cn=*)',
'LDAPFILTER': '(&(cn=%s))',
'USERINFO': '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE': 'oid',
})
self.assertFalse(res[0], res)
self.assertTrue("Wrong credentials" in res[1], res)
def test_05_authtype_not_supported(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection({'LDAPURI': 'ldap://localhost',
'LDAPBASE': 'o=test',
'BINDDN': 'cn=manager,ou=example,o=test',
'BINDPW': 'ldaptest',
'AUTHTYPE': 'unknown',
'LOGINNAMEATTRIBUTE': 'cn',
'LDAPSEARCHFILTER': '(cn=*)',
'LDAPFILTER': '(&(cn=%s))',
'USERINFO': '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE': 'oid',
})
self.assertFalse(res[0], res)
self.assertTrue("Authtype unknown not supported" in res[1], res)
def test_03_testconnection_anonymous(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection(
{
"LDAPURI": "ldap://localhost",
"LDAPBASE": "o=test",
"LOGINNAMEATTRIBUTE": "cn",
"LDAPSEARCHFILTER": "(cn=*)",
"BINDDN": "",
"LDAPFILTER": "(&(cn=%s))",
"USERINFO": '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
"UIDTYPE": "oid",
}
)
self.assertTrue(res[0], res)
self.assertTrue(res[1] == "Your LDAP config seems to be OK, 3 user " "objects found.", res)
def test_04_testconnection_fail(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
res = y.testconnection(
{
"LDAPURI": "ldap://localhost",
"LDAPBASE": "o=test",
"BINDDN": "cn=manager,ou=example,o=test",
"BINDPW": "wrongpw",
"LOGINNAMEATTRIBUTE": "cn",
"LDAPSEARCHFILTER": "(cn=*)",
"LDAPFILTER": "(&(cn=%s))",
"USERINFO": '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
"UIDTYPE": "oid",
}
)
self.assertFalse(res[0], res)
self.assertTrue("Wrong credentials" in res[1], res)
def _bind(self):
if not self.i_am_bound:
server = ldap3.Server(self.server, port=self.port,
use_ssl=self.ssl,
connect_timeout=self.timeout)
self.l = IdResolver.create_connection(authtype=self.authtype,
server=server,
user=self.binddn,
password=self.bindpw,
auto_referrals=not
self.noreferrals)
self.l.open()
if not self.l.bind():
raise Exception("Wrong credentials")
self.i_am_bound = True
def test_01_broken_uidtype(self):
# checkPass with wrong UIDtype
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig(
{
"LDAPURI": "ldap://localhost",
"LDAPBASE": "o=test",
"BINDDN": "cn=manager,ou=example,o=test",
"BINDPW": "ldaptest",
"LOGINNAMEATTRIBUTE": "cn",
"LDAPSEARCHFILTER": "(cn=*)",
"LDAPFILTER": "(&(cn=%s))",
"USERINFO": '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
"UIDTYPE": "unknownType",
}
)
result = y.getUserList({"username": "******"})
self.assertEqual(len(result), 3)
rid = y.getResolverId()
self.assertTrue(rid == "ldap://localhost", rid)
rtype = y.getResolverType()
self.assertTrue(rtype == "ldapresolver", rtype)
rdesc = y.getResolverClassDescriptor()
rdesc = y.getResolverDescriptor()
self.assertTrue("ldapresolver" in rdesc, rdesc)
self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc)
self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc)
res = y.checkPass("bob", "bobpw")
self.assertFalse(res)
def load_config(self, config):
"""
This loads the configuration dictionary, which contains the necessary
information for the machine resolver to find and connect to the
machine store.
class=computer or sAMAccountType=805306369 (MachineAccount)
* hostname: attribute dNSHostName
* id: DN or objectSid
* ip: N/A
:param config: The configuration dictionary to run the machine resolver
:type config: dict
:return: None
"""
self.uri = config.get("LDAPURI")
if self.uri is None:
raise MachineResolverError("LDAPURI is missing!")
(self.server, self.port, self.ssl) = IdResolver.split_uri(self.uri)
self.basedn = config.get("LDAPBASE")
if self.basedn is None:
raise MachineResolverError("LDAPBASE is missing!")
self.binddn = config.get("BINDDN")
self.bindpw = config.get("BINDPW")
self.timeout = float(config.get("TIMEOUT", 5))
self.sizelimit = config.get("SIZELIMIT", 500)
self.hostname_attribute = config.get("HOSTNAMEATTRIBUTE")
self.id_attribute = config.get("IDATTRIBUTE", "DN")
self.ip_attribute = config.get("IPATTRIBUTE")
self.search_filter = config.get("SEARCHFILTER",
"(objectClass=computer)")
self.reverse_map = {self.ip_attribute: "ip",
self.hostname_attribute: "hostname",
self.id_attribute: "id"}
self.noreferrals = config.get("NOREFERRALS", False)
self.certificate = config.get("CACERTIFICATE")
self.authtype = config.get("AUTHTYPE", AUTHTYPE.SIMPLE)
def test_02_LDAP_OID(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig(
{
"LDAPURI": "ldap://localhost",
"LDAPBASE": "o=test",
"BINDDN": "cn=manager,ou=example,o=test",
"BINDPW": "ldaptest",
"LOGINNAMEATTRIBUTE": "cn",
"LDAPSEARCHFILTER": "(cn=*)",
"LDAPFILTER": "(&(cn=%s))",
"USERINFO": '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
"UIDTYPE": "oid",
}
)
result = y.getUserList({"username": "******"})
self.assertEqual(len(result), 3)
user = "******"
user_id = y.getUserId(user)
self.assertTrue(user_id == "3", "%s" % user_id)
rid = y.getResolverId()
self.assertTrue(rid == "ldap://localhost", rid)
rtype = y.getResolverType()
self.assertTrue(rtype == "ldapresolver", rtype)
rdesc = y.getResolverClassDescriptor()
self.assertTrue("ldapresolver" in rdesc, rdesc)
self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc)
self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc)
uinfo = y.getUserInfo("3")
self.assertTrue(uinfo.get("username") == "bob", uinfo)
ret = y.getUserList({"username": "******"})
self.assertTrue(len(ret) == 1, ret)
username = y.getUsername(user_id)
self.assertTrue(username == "bob", username)
res = y.checkPass(user_id, "bobpw")
self.assertTrue(res)
res = y.checkPass(user_id, "wrong pw")
self.assertFalse(res)
def test_01_LDAP_DN(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig({'LDAPURI': 'ldap://localhost',
'LDAPBASE': 'o=test',
'BINDDN': 'cn=manager,ou=example,o=test',
'BINDPW': 'ldaptest',
'LOGINNAMEATTRIBUTE': 'cn',
'LDAPSEARCHFILTER': '(cn=*)',
'LDAPFILTER': '(&(cn=%s))',
'USERINFO': '{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE': 'DN',
})
result = y.getUserList({'username': '******'})
self.assertEqual(len(result), 3)
user = "******"
user_id = y.getUserId(user)
self.assertTrue(user_id == "cn=bob,ou=example,o=test", user_id)
rid = y.getResolverId()
self.assertTrue(rid == "ldap://localhost", rid)
rtype = y.getResolverType()
self.assertTrue(rtype == "ldapresolver", rtype)
rdesc = y.getResolverClassDescriptor()
rdesc = y.getResolverDescriptor()
self.assertTrue("ldapresolver" in rdesc, rdesc)
self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc)
self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc)
uinfo = y.getUserInfo(user_id)
self.assertTrue(uinfo.get("username") == "bob", uinfo)
ret = y.getUserList({"username": "******"})
self.assertTrue(len(ret) == 1, ret)
username = y.getUsername(user_id)
self.assertTrue(username == "bob", username)
res = y.checkPass(user_id, "bobpw")
self.assertTrue(res)
res = y.checkPass(user_id, "wrong pw")
self.assertFalse(res)
def test_02_LDAP_OID(self):
ldap3mock.setLDAPDirectory(LDAPDirectory)
y = LDAPResolver()
y.loadConfig({
'LDAPURI':
'ldap://localhost',
'LDAPBASE':
'o=test',
'BINDDN':
'cn=manager,ou=example,o=test',
'BINDPW':
'ldaptest',
'LOGINNAMEATTRIBUTE':
'cn',
'LDAPSEARCHFILTER':
'(cn=*)',
'LDAPFILTER':
'(&(cn=%s))',
'USERINFO':
'{ "username": "******",'
'"phone" : "telephoneNumber", '
'"mobile" : "mobile"'
', "email" : "mail", '
'"surname" : "sn", '
'"givenname" : "givenName" }',
'UIDTYPE':
'oid',
})
result = y.getUserList({'username': '******'})
self.assertEqual(len(result), 3)
user = "******"
user_id = y.getUserId(user)
self.assertTrue(user_id == "3", "%s" % user_id)
rid = y.getResolverId()
self.assertTrue(rid == "ldap://localhost", rid)
rtype = y.getResolverType()
self.assertTrue(rtype == "ldapresolver", rtype)
rdesc = y.getResolverClassDescriptor()
self.assertTrue("ldapresolver" in rdesc, rdesc)
self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc)
self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc)
uinfo = y.getUserInfo("3")
self.assertTrue(uinfo.get("username") == "bob", uinfo)
ret = y.getUserList({"username": "******"})
self.assertTrue(len(ret) == 1, ret)
username = y.getUsername(user_id)
self.assertTrue(username == "bob", username)
res = y.checkPass(user_id, "bobpwééé")
self.assertTrue(res)
res = y.checkPass(user_id, "wrong pw")
self.assertFalse(res)
