def test_build_tree(self):
"""Regression test for building the tree names
"""
#logic is different from the fake backend.
user_api = identity_ldap.UserApi(CONF)
self.assertTrue(user_api)
self.assertEqual(user_api.tree_dn, CONF.ldap.user_tree_dn)
def __init__(self, *args, **kwargs):
super(Assignment, self).__init__(*args, **kwargs)
self.ldap_user = ldap_backend.UserApi(CONF)
self.resource_driver = manager.load_driver(
'keystone.resource', self.default_resource_driver())
with open('/etc/keystone/user-project-map.json', 'r') as f:
self.userprojectmap = yaml.load(f)
projectidcache = {}
for user in self.userprojectmap:
projectids = {}
for projectname in self.userprojectmap[user]:
try:
projectid = projectidcache[projectname]
except:
# cache miss - need to fetch from DB
try:
project = self.resource_driver.get_project_by_name(
projectname, CONF.identity.default_domain_id)
projectid = project['id']
projectidcache[projectname] = project['id']
except:
pass
projectids[projectid] = 1
self.userprojectmap[user] = projectids
def test_build_tree(self):
"""Regression test for building the tree names
"""
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
user_api = identity_ldap.UserApi(CONF)
self.assertTrue(user_api)
self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)
def __init__(self):
super(Role, self).__init__()
self.LDAP_URL = CONF.ldap.url
self.LDAP_USER = CONF.ldap.user
self.LDAP_PASSWORD = CONF.ldap.password
self.suffix = CONF.ldap.suffix
# This is the only deep dependency from resource back
# to identity. The assumption is that if you are using
# LDAP for resource, you are using it for identity as well.
self.user = ldap_identity.UserApi(CONF)
self.role = RoleApi(CONF, self.user)
def test_handler_with_use_pool_not_enabled(self, bind_method,
connect_method):
self.config_fixture.config(group='ldap', use_pool=False)
self.config_fixture.config(group='ldap', use_auth_pool=True)
self.cleanup_pools()
user_api = ldap.UserApi(CONF)
handler = user_api.get_connection(user=None, password=None,
end_user_auth=True)
# use_auth_pool flag does not matter when use_pool is False
# still handler is non pool version
self.assertIsInstance(handler.conn, common_ldap.PythonLDAPHandler)
def __init__(self):
super(Resource, self).__init__()
self.LDAP_URL = CONF.ldap.url
self.LDAP_USER = CONF.ldap.user
self.LDAP_PASSWORD = CONF.ldap.password
self.suffix = CONF.ldap.suffix
# This is the only deep dependency from resource back to identity.
# This is safe to do since if you are using LDAP for resource, it is
# required that you are using it for identity as well.
self.user = ldap_identity.UserApi(CONF)
self.project = ProjectApi(CONF)
def __init__(self):
super(Assignment, self).__init__()
self.LDAP_URL = CONF.ldap.url
self.LDAP_USER = CONF.ldap.user
self.LDAP_PASSWORD = CONF.ldap.password
self.suffix = CONF.ldap.suffix
# This is the only deep dependency from assignment back to identity.
# This is safe to do since if you are using LDAP for assignment, it is
# required that you are using it for identity as well.
self.user = ldap_identity.UserApi(CONF)
self.group = ldap_identity.GroupApi(CONF)
self.project = ProjectApi(CONF)
self.role = RoleApi(CONF, self.user)
def __init__(self):
super(Assignment, self).__init__()
self.LDAP_URL = CONF.ldap.url
self.LDAP_USER = CONF.ldap.user
self.LDAP_PASSWORD = CONF.ldap.password
self.suffix = CONF.ldap.suffix
#These are the only deep dependency from assignment back
#to identity. The assumption is that if you are using
#LDAP for assignments, you are using it for Id as well.
self.user = ldap_identity.UserApi(CONF)
self.group = ldap_identity.GroupApi(CONF)
self.project = ProjectApi(CONF)
self.role = RoleApi(CONF)
def test_handler_with_end_user_auth_use_pool_not_enabled(self, bind_method,
connect_method):
# by default use_pool is enabled in test pool config
# now disabling use_auth_pool flag to test handler instance
self.config_fixture.config(group='ldap', use_auth_pool=False)
self.cleanup_pools()
user_api = ldap.UserApi(CONF)
handler = user_api.get_connection(user=None, password=None,
end_user_auth=True)
self.assertIsInstance(handler.conn, common_ldap.PythonLDAPHandler)
# For end_user_auth case, flag should not be false otherwise
# it will use, admin connections ldap pool
handler = user_api.get_connection(user=None, password=None,
end_user_auth=False)
self.assertIsInstance(handler.conn, common_ldap.PooledLDAPHandler)
def _do_password_change_for_one_user(self, password, new_password):
self.config_fixture.config(group='ldap', use_auth_pool=True)
self.cleanup_pools()
self.load_backends()
user1 = self._create_user_and_authenticate(password)
auth_cm = self._get_auth_conn_pool_cm()
self.assertEqual(1, len(auth_cm))
user2 = self._create_user_and_authenticate(password)
self.assertEqual(1, len(auth_cm))
user3 = self._create_user_and_authenticate(password)
self.assertEqual(1, len(auth_cm))
user4 = self._create_user_and_authenticate(password)
self.assertEqual(1, len(auth_cm))
user5 = self._create_user_and_authenticate(password)
self.assertEqual(1, len(auth_cm))
# connection pool size remains 1 even for different user ldap bind
# as there is only one active connection at a time
user_api = ldap.UserApi(CONF)
u1_dn = user_api._id_to_dn_string(user1['id'])
u2_dn = user_api._id_to_dn_string(user2['id'])
u3_dn = user_api._id_to_dn_string(user3['id'])
u4_dn = user_api._id_to_dn_string(user4['id'])
u5_dn = user_api._id_to_dn_string(user5['id'])
# now create multiple active connections for end user auth case which
# will force to keep them in pool. After that, modify one of user
# password. Need to make sure that user connection is in middle
# of pool list.
auth_cm = self._get_auth_conn_pool_cm()
with auth_cm.connection(u1_dn, password) as _:
with auth_cm.connection(u2_dn, password) as _:
with auth_cm.connection(u3_dn, password) as _:
with auth_cm.connection(u4_dn, password) as _:
with auth_cm.connection(u5_dn, password) as _:
self.assertEqual(5, len(auth_cm))
_.unbind_s()
user3['password'] = new_password
self.identity_api.update_user(user3['id'], user3)
return user3
def __init__(self, *args, **kwargs):
super(Assignment, self).__init__(*args, **kwargs)
self.ldap_user = ldap_backend.UserApi(CONF)
self.resource_driver = manager.load_driver(
'keystone.resource', self.default_resource_driver())
def __init__(self, *args, **kwargs):
super(Identity, self).__init__(*args, **kwargs)
self.user = ldap_backend.UserApi(CONF)
self.domain_aware = True
def __init__(self, *args, **kwargs):
super(Assignment, self).__init__(*args, **kwargs)
self.ldap_user = ldap_backend.UserApi(CONF)
def __init__(self, *args, **kwargs):
super(Assignment, self).__init__(*args, **kwargs)
self.ldap_user = ldap_backend.UserApi(CONF)
self.resource_driver = importutils.import_object(
self.default_resource_driver())