def test_add_ldap_users_case_sensitivity(self): if is_live_cluster(): raise SkipTest( 'HUE-2897: Cannot yet guarantee database is case sensitive') done = [] try: URL = reverse(add_ldap_users) reset_all_users() reset_all_groups() # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection ldap_access.CACHED_LDAP_CONN = LdapTestConnection() c = make_logged_in_client('test', is_superuser=True) # Test ignore case done.append( desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True)) User.objects.filter(username='******').delete() assert_false(User.objects.filter(username='******').exists()) assert_false(User.objects.filter(username='******').exists()) response = c.post( URL, dict(username_pattern='Moe', password1='test', password2='test')) assert_true('Location' in response, response) assert_true('/useradmin/users' in response['Location'], response) assert_false(User.objects.filter(username='******').exists()) assert_true(User.objects.filter(username='******').exists()) # Test lower case done.append( desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing( True)) User.objects.filter(username__iexact='Rock').delete() assert_false(User.objects.filter(username='******').exists()) assert_false(User.objects.filter(username='******').exists()) response = c.post( URL, dict(username_pattern='rock', password1='test', password2='test')) assert_true('Location' in response, response) assert_true('/useradmin/users' in response['Location'], response) assert_false(User.objects.filter(username='******').exists()) assert_true(User.objects.filter(username='******').exists()) finally: for finish in done: finish()
def test_useradmin_ldap_user_integration(self): done = [] try: # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection ldap_access.CACHED_LDAP_CONN = LdapTestConnection() # Try importing a user import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'lårry', sync_groups=False, import_by_dn=False) larry = User.objects.get(username='******') assert_true(larry.first_name == 'Larry') assert_true(larry.last_name == 'Stooge') assert_true(larry.email == '*****@*****.**') assert_true(get_profile(larry).creation_method == UserProfile.CreationMethod.EXTERNAL.name) # Should be a noop sync_ldap_users(ldap_access.CACHED_LDAP_CONN) sync_ldap_groups(ldap_access.CACHED_LDAP_CONN) assert_equal(User.objects.all().count(), 1) assert_equal(Group.objects.all().count(), 0) # Make sure that if a Hue user already exists with a naming collision, we # won't overwrite any of that user's information. hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy') import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'otherguy', sync_groups=False, import_by_dn=False) hue_user = User.objects.get(username='******') assert_equal(get_profile(hue_user).creation_method, UserProfile.CreationMethod.HUE.name) assert_equal(hue_user.first_name, 'Different') # Make sure LDAP groups exist or they won't sync import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'TestUsers', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False) import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False) # Try importing a user and sync groups import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'curly', sync_groups=True, import_by_dn=False) curly = User.objects.get(username='******') assert_equal(curly.first_name, 'Curly') assert_equal(curly.last_name, 'Stooge') assert_equal(curly.email, '*****@*****.**') assert_equal(get_profile(curly).creation_method, UserProfile.CreationMethod.EXTERNAL.name) assert_equal(2, curly.groups.all().count(), curly.groups.all()) reset_all_users() reset_all_groups() finally: for finish in done: finish()
def test_useradmin_ldap_nested_posix_group_integration(self): reset = [] # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection ldap_access.CACHED_LDAP_CONN = LdapTestConnection() # Test nested groups reset.append(desktop.conf.LDAP.SUBGROUPS.set_for_testing("nested")) try: # Import groups only import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'PosixGroup', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False) test_users = Group.objects.get(name='PosixGroup') assert_true(LdapGroup.objects.filter(group=test_users).exists()) assert_equal(test_users.user_set.all().count(), 0) # Import all members of TestUsers import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'PosixGroup', import_members=True, import_members_recursive=False, sync_users=True, import_by_dn=False) test_users = Group.objects.get(name='PosixGroup') assert_true(LdapGroup.objects.filter(group=test_users).exists()) assert_equal(test_users.user_set.all().count(), 2) # Should import a group, but will only sync already-imported members import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=True, import_by_dn=False) assert_equal(User.objects.all().count(), 2, User.objects.all()) assert_equal(Group.objects.all().count(), 2, Group.objects.all()) test_admins = Group.objects.get(name='Test Administrators') assert_equal(test_admins.user_set.all().count(), 1) larry = User.objects.get(username='******') assert_equal(test_admins.user_set.all().order_by('username')[0].username, larry.username) # Only sync already imported ldap_access.CACHED_LDAP_CONN.remove_posix_user_group_for_test('posix_person', 'PosixGroup') import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'PosixGroup', import_members=False, import_members_recursive=False, sync_users=True, import_by_dn=False) assert_equal(test_users.user_set.all().count(), 1) assert_equal(User.objects.get(username='******').groups.all().count(), 0) # Import missing user ldap_access.CACHED_LDAP_CONN.add_posix_user_group_for_test('posix_person', 'PosixGroup') import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'PosixGroup', import_members=True, import_members_recursive=False, sync_users=True, import_by_dn=False) assert_equal(test_users.user_set.all().count(), 2) assert_equal(User.objects.get(username='******').groups.all().count(), 1) # Import all members of PosixGroup and members of subgroups (there should be no subgroups) import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'PosixGroup', import_members=True, import_members_recursive=True, sync_users=True, import_by_dn=False) test_users = Group.objects.get(name='PosixGroup') assert_true(LdapGroup.objects.filter(group=test_users).exists()) assert_equal(test_users.user_set.all().count(), 2) # Import all members of NestedPosixGroups and members of subgroups reset_all_users() reset_all_groups() import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'NestedPosixGroups', import_members=True, import_members_recursive=True, sync_users=True, import_by_dn=False) test_users = Group.objects.get(name='NestedPosixGroups') assert_true(LdapGroup.objects.filter(group=test_users).exists()) assert_equal(test_users.user_set.all().count(), 0) test_users = Group.objects.get(name='PosixGroup') assert_true(LdapGroup.objects.filter(group=test_users).exists()) assert_equal(test_users.user_set.all().count(), 2) # Make sure Hue groups with naming collisions don't get marked as LDAP groups hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy') hue_group = Group.objects.create(name='OtherGroup') hue_group.user_set.add(hue_user) hue_group.save() import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'OtherGroup', import_members=False, import_members_recursive=False, sync_users=True, import_by_dn=False) assert_false(LdapGroup.objects.filter(group=hue_group).exists()) assert_true(hue_group.user_set.filter(username=hue_user.username).exists()) finally: for finish in reset: finish()