def test_06_slit_uri(self): uri = "ldap://server" server, port, ssl = LDAPResolver.split_uri(uri) self.assertEqual(ssl, False) self.assertEqual(server, "server") self.assertEqual(port, None) uri = "ldap://server:389" server, port, ssl = LDAPResolver.split_uri(uri) self.assertEqual(ssl, False) self.assertEqual(server, "server") self.assertEqual(port, 389) uri = "ldaps://server:389" server, port, ssl = LDAPResolver.split_uri(uri) self.assertEqual(ssl, True) self.assertEqual(server, "server") self.assertEqual(port, 389) uri = "ldaps://server" server, port, ssl = LDAPResolver.split_uri(uri) self.assertEqual(ssl, True) self.assertEqual(server, "server") self.assertEqual(port, None) uri = "server" server, port, ssl = LDAPResolver.split_uri(uri) self.assertEqual(ssl, False) self.assertEqual(server, "server") self.assertEqual(port, None)
def test_03_testconnection_anonymous(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection({ 'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'BINDDN': '', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', }) self.assertTrue(res[0], res) self.assertTrue( res[1] == 'Your LDAP config seems to be OK, 3 user ' 'objects found.', res)
def test_08_trimresult(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig( { "LDAPURI": "ldap://localhost", "LDAPBASE": "o=test", "BINDDN": "cn=manager,ou=example,o=test", "BINDPW": "ldaptest", "LOGINNAMEATTRIBUTE": "cn", "LDAPSEARCHFILTER": "(cn=*)", "LDAPFILTER": "(&(cn=%s))", "USERINFO": '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', "UIDTYPE": "oid", "NOREFERRALS": True, } ) r = y._trim_result( [ {"type": "searchResEntry", "DN": "blafoo"}, {"type": "searchResEntry", "DN": "foobar"}, {"type": "searchResRef", "info": "this is located on another LDAP"}, ] ) self.assertEqual(len(r), 2)
def test_04_testconnection_fail(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection({ 'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'wrongpw', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', }) self.assertFalse(res[0], res) self.assertTrue("Wrong credentials" in res[1], res)
def test_05_authtype_not_supported(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection({ 'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'ldaptest', 'AUTHTYPE': 'unknown', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', }) self.assertFalse(res[0], res) self.assertTrue("Authtype unknown not supported" in res[1], res)
def test_08_trimresult(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig({'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'ldaptest', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', 'NOREFERRALS': True }) r = y._trim_result([{"type": "searchResEntry", "DN": "blafoo"}, {"type": "searchResEntry", "DN": "foobar"}, {"type": "searchResRef", "info": "this is located on another LDAP"}]) self.assertEqual(len(r), 2)
def test_05_authtype_not_supported(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection( { "LDAPURI": "ldap://localhost", "LDAPBASE": "o=test", "BINDDN": "cn=manager,ou=example,o=test", "BINDPW": "ldaptest", "AUTHTYPE": "unknown", "LOGINNAMEATTRIBUTE": "cn", "LDAPSEARCHFILTER": "(cn=*)", "LDAPFILTER": "(&(cn=%s))", "USERINFO": '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', "UIDTYPE": "oid", } ) self.assertFalse(res[0], res) self.assertTrue("Authtype unknown not supported" in res[1], res)
def testconnection(params): """ Test if the given filename exists. :param params: :return: """ success = False ldap_uri = params.get("LDAPURI") if is_true(params.get("TLS_VERIFY")) \ and (ldap_uri.lower().startswith("ldaps") or params.get("START_TLS")): tls_ca_file = params.get("TLS_CA_FILE") or DEFAULT_CA_FILE tls_context = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1, ca_certs_file=tls_ca_file) else: tls_context = None try: server_pool = IdResolver.get_serverpool(ldap_uri, float(params.get( "TIMEOUT", 5)), tls_context=tls_context) l = IdResolver.create_connection(authtype=\ params.get("AUTHTYPE", AUTHTYPE.SIMPLE), server=server_pool, user=params.get("BINDDN"), password=params.get("BINDPW"), auto_referrals=not params.get( "NOREFERRALS"), start_tls=params.get("START_TLS", False)) if not l.bind(): raise Exception("Wrong credentials") # search for users... l.search(search_base=params["LDAPBASE"], search_scope=ldap3.SUBTREE, search_filter="(&" + params["SEARCHFILTER"] + ")", attributes=[ params["HOSTNAMEATTRIBUTE"] ]) count = len([x for x in l.response if x.get("type") == "searchResEntry"]) desc = _("Your LDAP config seems to be OK, %i machine objects " "found.")\ % count l.unbind() success = True except Exception as e: desc = "{0!r}".format(e) return success, desc
def testconnection(params): """ Test if the given filename exists. :param params: :return: """ success = False ldap_uri = params.get("LDAPURI") if is_true(params.get("TLS_VERIFY")) \ and (ldap_uri.lower().startswith("ldaps") or params.get("START_TLS")): tls_ca_file = params.get("TLS_CA_FILE") or DEFAULT_CA_FILE tls_context = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1, ca_certs_file=tls_ca_file) else: tls_context = None try: server_pool = IdResolver.get_serverpool( ldap_uri, float(params.get("TIMEOUT", 5)), tls_context=tls_context) l = IdResolver.create_connection(authtype=\ params.get("AUTHTYPE", AUTHTYPE.SIMPLE), server=server_pool, user=params.get("BINDDN"), password=params.get("BINDPW"), auto_referrals=not params.get( "NOREFERRALS"), start_tls=params.get("START_TLS", False)) if not l.bind(): raise Exception("Wrong credentials") # search for users... l.search(search_base=params["LDAPBASE"], search_scope=ldap3.SUBTREE, search_filter="(&" + params["SEARCHFILTER"] + ")", attributes=[params["HOSTNAMEATTRIBUTE"]]) count = len( [x for x in l.response if x.get("type") == "searchResEntry"]) desc = _("Your LDAP config seems to be OK, %i machine objects " "found.")\ % count l.unbind() success = True except Exception as e: desc = "{0!r}".format(e) return success, desc
def _bind(self): if not self.i_am_bound: server_pool = IdResolver.get_serverpool(self.uri, self.timeout) self.l = IdResolver.create_connection( authtype=self.authtype, server=server_pool, user=self.binddn, password=self.bindpw, auto_referrals=not self.noreferrals) if not self.l.bind(): raise Exception("Wrong credentials") self.i_am_bound = True
def _bind(self): if not self.i_am_bound: server_pool = IdResolver.get_serverpool(self.uri, self.timeout) self.l = IdResolver.create_connection(authtype=self.authtype, server=server_pool, user=self.binddn, password=self.bindpw, auto_referrals=not self.noreferrals) self.l.open() if not self.l.bind(): raise Exception("Wrong credentials") self.i_am_bound = True
def testconnection(cls, params): """ Test if the given filename exists. :param params: :return: """ success = False try: (host, port, ssl) = IdResolver.split_uri(params.get("LDAPURI")) server = ldap3.Server(host, port=port, use_ssl=ssl, connect_timeout=float(params.get("TIMEOUT", 5))) l = IdResolver.create_connection(authtype=\ params.get("AUTHTYPE", AUTHTYPE.SIMPLE), server=server, user=params.get("BINDDN"), password=params.get("BINDPW"), auto_referrals=not params.get( "NOREFERRALS")) l.open() if not l.bind(): raise Exception("Wrong credentials") # search for users... l.search(search_base=params["LDAPBASE"], search_scope=ldap3.SUBTREE, search_filter="(&" + params["SEARCHFILTER"] + ")", attributes=[ params["HOSTNAMEATTRIBUTE"] ]) count = len([x for x in l.response if x.get("type") == "searchResEntry"]) desc = _("Your LDAP config seems to be OK, %i machine objects " "found.")\ % count l.unbind() success = True except Exception as e: desc = "%r" % e return success, desc
def testconnection(params): """ Test if the given filename exists. :param params: :return: """ success = False try: server_pool = IdResolver.get_serverpool(params.get("LDAPURI"), float(params.get( "TIMEOUT", 5))) l = IdResolver.create_connection(authtype=\ params.get("AUTHTYPE", AUTHTYPE.SIMPLE), server=server_pool, user=params.get("BINDDN"), password=params.get("BINDPW"), auto_referrals=not params.get( "NOREFERRALS")) l.open() if not l.bind(): raise Exception("Wrong credentials") # search for users... l.search(search_base=params["LDAPBASE"], search_scope=ldap3.SUBTREE, search_filter="(&" + params["SEARCHFILTER"] + ")", attributes=[ params["HOSTNAMEATTRIBUTE"] ]) count = len([x for x in l.response if x.get("type") == "searchResEntry"]) desc = _("Your LDAP config seems to be OK, %i machine objects " "found.")\ % count l.unbind() success = True except Exception as e: desc = "{0!r}".format(e) return success, desc
def test_08_trimresult(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig({ 'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'ldaptest', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', 'NOREFERRALS': True }) r = y._trim_result([{ "type": "searchResEntry", "DN": "blafoo" }, { "type": "searchResEntry", "DN": "foobar" }, { "type": "searchResRef", "info": "this is located on another LDAP" }]) self.assertEqual(len(r), 2)
def test_01_broken_uidtype(self): # checkPass with wrong UIDtype ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig({ 'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'ldaptest', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'unknownType', }) result = y.getUserList({'username': '******'}) self.assertEqual(len(result), 3) rid = y.getResolverId() self.assertTrue(rid == "ldap://localhost", rid) rtype = y.getResolverType() self.assertTrue(rtype == "ldapresolver", rtype) rdesc = y.getResolverClassDescriptor() rdesc = y.getResolverDescriptor() self.assertTrue("ldapresolver" in rdesc, rdesc) self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc) self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc) res = y.checkPass("bob", "bobpwééé") self.assertFalse(res)
def test_07_get_serverpool(self): timeout = 5 urilist = "ldap://themis" server_pool = LDAPResolver.get_serverpool(urilist, timeout) self.assertEqual(len(server_pool), 1) self.assertEqual(server_pool.active, True) self.assertEqual(server_pool.exhaust, True) self.assertEqual(server_pool.strategy, "ROUND_ROBIN") urilist = "ldap://themis, ldap://server2" server_pool = LDAPResolver.get_serverpool(urilist, timeout) self.assertEqual(len(server_pool), 2) self.assertEqual(server_pool.servers[0].name, "ldap://themis:389") self.assertEqual(server_pool.servers[1].name, "ldap://server2:389") urilist = "ldap://themis, ldaps://server2" server_pool = LDAPResolver.get_serverpool(urilist, timeout) self.assertEqual(len(server_pool), 2) self.assertEqual(server_pool.servers[0].name, "ldap://themis:389") self.assertEqual(server_pool.servers[1].name, "ldaps://server2:636")
def test_03_testconnection_anonymous(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection({'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'BINDDN': '', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', }) self.assertTrue(res[0], res) self.assertTrue(res[1] == 'Your LDAP config seems to be OK, 3 user ' 'objects found.', res)
def test_04_testconnection_fail(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection({'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'wrongpw', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', }) self.assertFalse(res[0], res) self.assertTrue("Wrong credentials" in res[1], res)
def test_05_authtype_not_supported(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection({'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'ldaptest', 'AUTHTYPE': 'unknown', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', }) self.assertFalse(res[0], res) self.assertTrue("Authtype unknown not supported" in res[1], res)
def test_03_testconnection_anonymous(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection( { "LDAPURI": "ldap://localhost", "LDAPBASE": "o=test", "LOGINNAMEATTRIBUTE": "cn", "LDAPSEARCHFILTER": "(cn=*)", "BINDDN": "", "LDAPFILTER": "(&(cn=%s))", "USERINFO": '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', "UIDTYPE": "oid", } ) self.assertTrue(res[0], res) self.assertTrue(res[1] == "Your LDAP config seems to be OK, 3 user " "objects found.", res)
def test_04_testconnection_fail(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() res = y.testconnection( { "LDAPURI": "ldap://localhost", "LDAPBASE": "o=test", "BINDDN": "cn=manager,ou=example,o=test", "BINDPW": "wrongpw", "LOGINNAMEATTRIBUTE": "cn", "LDAPSEARCHFILTER": "(cn=*)", "LDAPFILTER": "(&(cn=%s))", "USERINFO": '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', "UIDTYPE": "oid", } ) self.assertFalse(res[0], res) self.assertTrue("Wrong credentials" in res[1], res)
def _bind(self): if not self.i_am_bound: server = ldap3.Server(self.server, port=self.port, use_ssl=self.ssl, connect_timeout=self.timeout) self.l = IdResolver.create_connection(authtype=self.authtype, server=server, user=self.binddn, password=self.bindpw, auto_referrals=not self.noreferrals) self.l.open() if not self.l.bind(): raise Exception("Wrong credentials") self.i_am_bound = True
def test_01_broken_uidtype(self): # checkPass with wrong UIDtype ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig( { "LDAPURI": "ldap://localhost", "LDAPBASE": "o=test", "BINDDN": "cn=manager,ou=example,o=test", "BINDPW": "ldaptest", "LOGINNAMEATTRIBUTE": "cn", "LDAPSEARCHFILTER": "(cn=*)", "LDAPFILTER": "(&(cn=%s))", "USERINFO": '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', "UIDTYPE": "unknownType", } ) result = y.getUserList({"username": "******"}) self.assertEqual(len(result), 3) rid = y.getResolverId() self.assertTrue(rid == "ldap://localhost", rid) rtype = y.getResolverType() self.assertTrue(rtype == "ldapresolver", rtype) rdesc = y.getResolverClassDescriptor() rdesc = y.getResolverDescriptor() self.assertTrue("ldapresolver" in rdesc, rdesc) self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc) self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc) res = y.checkPass("bob", "bobpw") self.assertFalse(res)
def load_config(self, config): """ This loads the configuration dictionary, which contains the necessary information for the machine resolver to find and connect to the machine store. class=computer or sAMAccountType=805306369 (MachineAccount) * hostname: attribute dNSHostName * id: DN or objectSid * ip: N/A :param config: The configuration dictionary to run the machine resolver :type config: dict :return: None """ self.uri = config.get("LDAPURI") if self.uri is None: raise MachineResolverError("LDAPURI is missing!") (self.server, self.port, self.ssl) = IdResolver.split_uri(self.uri) self.basedn = config.get("LDAPBASE") if self.basedn is None: raise MachineResolverError("LDAPBASE is missing!") self.binddn = config.get("BINDDN") self.bindpw = config.get("BINDPW") self.timeout = float(config.get("TIMEOUT", 5)) self.sizelimit = config.get("SIZELIMIT", 500) self.hostname_attribute = config.get("HOSTNAMEATTRIBUTE") self.id_attribute = config.get("IDATTRIBUTE", "DN") self.ip_attribute = config.get("IPATTRIBUTE") self.search_filter = config.get("SEARCHFILTER", "(objectClass=computer)") self.reverse_map = {self.ip_attribute: "ip", self.hostname_attribute: "hostname", self.id_attribute: "id"} self.noreferrals = config.get("NOREFERRALS", False) self.certificate = config.get("CACERTIFICATE") self.authtype = config.get("AUTHTYPE", AUTHTYPE.SIMPLE)
def test_02_LDAP_OID(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig( { "LDAPURI": "ldap://localhost", "LDAPBASE": "o=test", "BINDDN": "cn=manager,ou=example,o=test", "BINDPW": "ldaptest", "LOGINNAMEATTRIBUTE": "cn", "LDAPSEARCHFILTER": "(cn=*)", "LDAPFILTER": "(&(cn=%s))", "USERINFO": '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', "UIDTYPE": "oid", } ) result = y.getUserList({"username": "******"}) self.assertEqual(len(result), 3) user = "******" user_id = y.getUserId(user) self.assertTrue(user_id == "3", "%s" % user_id) rid = y.getResolverId() self.assertTrue(rid == "ldap://localhost", rid) rtype = y.getResolverType() self.assertTrue(rtype == "ldapresolver", rtype) rdesc = y.getResolverClassDescriptor() self.assertTrue("ldapresolver" in rdesc, rdesc) self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc) self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc) uinfo = y.getUserInfo("3") self.assertTrue(uinfo.get("username") == "bob", uinfo) ret = y.getUserList({"username": "******"}) self.assertTrue(len(ret) == 1, ret) username = y.getUsername(user_id) self.assertTrue(username == "bob", username) res = y.checkPass(user_id, "bobpw") self.assertTrue(res) res = y.checkPass(user_id, "wrong pw") self.assertFalse(res)
def test_01_LDAP_DN(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig({'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'ldaptest', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'DN', }) result = y.getUserList({'username': '******'}) self.assertEqual(len(result), 3) user = "******" user_id = y.getUserId(user) self.assertTrue(user_id == "cn=bob,ou=example,o=test", user_id) rid = y.getResolverId() self.assertTrue(rid == "ldap://localhost", rid) rtype = y.getResolverType() self.assertTrue(rtype == "ldapresolver", rtype) rdesc = y.getResolverClassDescriptor() rdesc = y.getResolverDescriptor() self.assertTrue("ldapresolver" in rdesc, rdesc) self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc) self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc) uinfo = y.getUserInfo(user_id) self.assertTrue(uinfo.get("username") == "bob", uinfo) ret = y.getUserList({"username": "******"}) self.assertTrue(len(ret) == 1, ret) username = y.getUsername(user_id) self.assertTrue(username == "bob", username) res = y.checkPass(user_id, "bobpw") self.assertTrue(res) res = y.checkPass(user_id, "wrong pw") self.assertFalse(res)
def test_02_LDAP_OID(self): ldap3mock.setLDAPDirectory(LDAPDirectory) y = LDAPResolver() y.loadConfig({ 'LDAPURI': 'ldap://localhost', 'LDAPBASE': 'o=test', 'BINDDN': 'cn=manager,ou=example,o=test', 'BINDPW': 'ldaptest', 'LOGINNAMEATTRIBUTE': 'cn', 'LDAPSEARCHFILTER': '(cn=*)', 'LDAPFILTER': '(&(cn=%s))', 'USERINFO': '{ "username": "******",' '"phone" : "telephoneNumber", ' '"mobile" : "mobile"' ', "email" : "mail", ' '"surname" : "sn", ' '"givenname" : "givenName" }', 'UIDTYPE': 'oid', }) result = y.getUserList({'username': '******'}) self.assertEqual(len(result), 3) user = "******" user_id = y.getUserId(user) self.assertTrue(user_id == "3", "%s" % user_id) rid = y.getResolverId() self.assertTrue(rid == "ldap://localhost", rid) rtype = y.getResolverType() self.assertTrue(rtype == "ldapresolver", rtype) rdesc = y.getResolverClassDescriptor() self.assertTrue("ldapresolver" in rdesc, rdesc) self.assertTrue("config" in rdesc.get("ldapresolver"), rdesc) self.assertTrue("clazz" in rdesc.get("ldapresolver"), rdesc) uinfo = y.getUserInfo("3") self.assertTrue(uinfo.get("username") == "bob", uinfo) ret = y.getUserList({"username": "******"}) self.assertTrue(len(ret) == 1, ret) username = y.getUsername(user_id) self.assertTrue(username == "bob", username) res = y.checkPass(user_id, "bobpwééé") self.assertTrue(res) res = y.checkPass(user_id, "wrong pw") self.assertFalse(res)