Пример #1
0
def scenario(self, node="clickhouse1"):
    """Check that multiple LDAP servers can be used to
    authenticate users.
    """
    self.context.node = self.context.cluster.node(node)
    servers = {
        "openldap1": {
            "host": "openldap1",
            "port": "389",
            "enable_tls": "no",
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        },
        "openldap2": {
            "host": "openldap2",
            "port": "636",
            "enable_tls": "yes",
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com",
            "tls_require_cert": "never",
        },
    }
    users = [{
        "server": "openldap1",
        "username": "******",
        "password": "******",
        "login": True
    }, {
        "server": "openldap2",
        "username": "******",
        "password": "******",
        "login": True
    }]
    login(servers, *users)
Пример #2
0
def tls_enable_tls_default_yes(self):
    """Check that the default value for the `enable_tls` is set to `yes`."""
    servers = {
        "openldap2": {
            "host": "openldap2",
            "tls_require_cert": "never",
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        }
    }
    users = [{
        "server": "openldap2",
        "username": "******",
        "password": "******",
        "login": True
    }]
    login(servers, *users)
Пример #3
0
def tls_require_cert_default_demand(self):
    """Check that the default value for the `tls_require_cert` is set to `demand`."""
    servers = {
        "openldap2": {
            "host": "openldap2",
            "enable_tls": "yes",
            "port": "636",
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        }
    }
    users = [{
        "server": "openldap2",
        "username": "******",
        "password": "******",
        "login": True
    }]
    login(servers, *users)
Пример #4
0
def plain_text(self):
    """Check that we can perform LDAP user authentication using `plain text` connection protocol.
    """
    servers = {
        "openldap1": {
            "host": "openldap1",
            "enable_tls": "no",
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        }
    }
    users = [{
        "server": "openldap1",
        "username": "******",
        "password": "******",
        "login": True
    }]
    login(servers, *users)
Пример #5
0
def tls_connection(enable_tls, tls_require_cert):
    """Try to login using LDAP user authentication over a TLS connection."""
    servers = {
        "openldap2": {
            "host": "openldap2",
            "enable_tls": enable_tls,
            "tls_require_cert": tls_require_cert,
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        }
    }
    users = [{
        "server": "openldap2",
        "username": "******",
        "password": "******",
        "login": True
    }]

    requirements = []

    if tls_require_cert == "never":
        requirements = [
            RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Never(
                "1.0")
        ]
    elif tls_require_cert == "allow":
        requirements = [
            RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Allow(
                "1.0")
        ]
    elif tls_require_cert == "try":
        requirements = [
            RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Try(
                "1.0")
        ]
    elif tls_require_cert == "demand":
        requirements = [
            RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Demand(
                "1.0")
        ]

    with Example(name=f"tls_require_cert='{tls_require_cert}'",
                 requirements=requirements):
        login(servers, *users)
Пример #6
0
def tls_with_custom_port(self):
    """Check that we can perform LDAP user authentication using `TLS` connection protocol
    with the server that uses custom port.
    """
    servers = {
        "openldap4": {
            "host": "openldap4",
            "port": "6036",
            "tls_require_cert": "never",
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        }
    }
    users = [{
        "server": "openldap4",
        "username": "******",
        "password": "******",
        "login": True
    }]
    login(servers, *users)
Пример #7
0
def tls_cipher_suite(self):
    """Check that `tls_cipher_suite` parameter can be used specify allowed cipher suites."""
    servers = {
        "openldap4": {
            "host": "openldap4",
            "port": "6036",
            "tls_require_cert": "never",
            "tls_cipher_suite":
            "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC",
            "tls_minimum_protocol_version": "tls1.2",
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        }
    }
    users = [{
        "server": "openldap4",
        "username": "******",
        "password": "******",
        "login": True
    }]
    login(servers, *users)
Пример #8
0
def tls_minimum_protocol_version(self, version, exitcode, message):
    """Check that `tls_minimum_protocol_version` parameter can be used specify
    to specify the minimum protocol version of SSL/TLS."""

    servers = {
        "openldap4": {
            "host": "openldap4",
            "port": "6036",
            "tls_require_cert": "never",
            "tls_minimum_protocol_version": version,
            "auth_dn_prefix": "cn=",
            "auth_dn_suffix": ",ou=users,dc=company,dc=com"
        }
    }

    users = [{
        "server": "openldap4",
        "username": "******",
        "password": "******",
        "login": True,
        "exitcode": int(exitcode) if exitcode is not None else None,
        "message": message
    }]

    # Note: this code was an attempt to produce a negative case but did not work
    # ldap_node = self.context.cluster.node("openldap4")
    # ldif = (
    #     "dn: cn=config\n"
    #     "changetype: modify\n"
    #     "replace: olcTLSProtocolMin\n"
    #     "olcTLSProtocolMin: 3.5"
    #     )
    #
    # r = ldap_node.command(
    #     f"echo -e \"{ldif}\" | ldapmodify -x -H ldaps://localhost:6036 -D \"cn=admin,cn=config\" -w config")
    #
    # ldap_node.restart()

    login(servers, *users)