def tls_minimum_protocol_version(self, version, exitcode, message): """Check that `tls_minimum_protocol_version` parameter can be used specify to specify the minimum protocol version of SSL/TLS.""" servers = { "openldap4": { "host": "openldap4", "port": "6036", "tls_require_cert": "never", "tls_minimum_protocol_version": version, "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com", } } users = [{ "server": "openldap4", "username": "******", "password": "******", "login": True, "exitcode": int(exitcode) if exitcode is not None else None, "message": message, }] login(servers, "openldap4", *users)
def invalid_bind_dn(self): """Check that LDAP users can't login when `bind_dn` is invalid. """ servers = { "openldap1": { "host": "openldap1", "port": "389", "enable_tls": "no", "bind_dn": "cn={user_name},ou=users,dc=company2,dc=com" } } user = { "server": "openldap1", "username": "******", "password": "******", "login": True, "exitcode": 4, "message": "DB::Exception: user1: Authentication failed: password is incorrect or there is no user with such name." } login(servers, "openldap1", user)
def tls_enable_tls_default_yes(self): """Check that the default value for the `enable_tls` is set to `yes`.""" servers = { "openldap2": { "host": "openldap2", "tls_require_cert": "never", "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com", } } users = [{ "server": "openldap2", "username": "******", "password": "******", "login": True }] login(servers, "openldap2", *users)
def plain_text(self): """Check that we can perform LDAP user authentication using `plain text` connection protocol.""" servers = { "openldap1": { "host": "openldap1", "enable_tls": "no", "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com", } } users = [{ "server": "openldap1", "username": "******", "password": "******", "login": True }] login(servers, "openldap1", *users)
def scenario(self, node="clickhouse1"): """Check that an LDAP external user directory can be used to authenticate a user. """ self.context.node = self.context.cluster.node(node) servers = { "openldap1": { "host": "openldap1", "port": "389", "enable_tls": "no", "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com" }, } users = [ {"server": "openldap1", "username": "******", "password": "******", "login": True}, ] login(servers, "openldap1", *users)
def tls_require_cert_default_demand(self): """Check that the default value for the `tls_require_cert` is set to `demand`.""" servers = { "openldap2": { "host": "openldap2", "enable_tls": "yes", "port": "636", "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com", } } users = [{ "server": "openldap2", "username": "******", "password": "******", "login": True }] login(servers, "openldap2", *users)
def tls_connection(enable_tls, tls_require_cert): """Try to login using LDAP user authentication over a TLS connection.""" servers = { "openldap2": { "host": "openldap2", "enable_tls": enable_tls, "tls_require_cert": tls_require_cert, "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com", } } users = [{ "server": "openldap2", "username": "******", "password": "******", "login": True }] requirements = [] if tls_require_cert == "never": requirements = [ RQ_SRS_009_LDAP_ExternalUserDirectory_Configuration_Server_TLSRequireCert_Options_Never( "1.0") ] elif tls_require_cert == "allow": requirements = [ RQ_SRS_009_LDAP_ExternalUserDirectory_Configuration_Server_TLSRequireCert_Options_Allow( "1.0") ] elif tls_require_cert == "try": requirements = [ RQ_SRS_009_LDAP_ExternalUserDirectory_Configuration_Server_TLSRequireCert_Options_Try( "1.0") ] elif tls_require_cert == "demand": requirements = [ RQ_SRS_009_LDAP_ExternalUserDirectory_Configuration_Server_TLSRequireCert_Options_Demand( "1.0") ] with Example(name=f"tls_require_cert='{tls_require_cert}'", requirements=requirements): login(servers, "openldap2", *users)
def valid_bind_dn(self): """Check that LDAP users can login when `bind_dn` is valid.""" servers = { "openldap1": { "host": "openldap1", "port": "389", "enable_tls": "no", "bind_dn": "cn={user_name},ou=users,dc=company,dc=com", } } user = { "server": "openldap1", "username": "******", "password": "******", "login": True, } login(servers, "openldap1", user)
def tls_with_custom_port(self): """Check that we can perform LDAP user authentication using `TLS` connection protocol with the server that uses custom port. """ servers = { "openldap4": { "host": "openldap4", "port": "6036", "tls_require_cert": "never", "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com", } } users = [{ "server": "openldap4", "username": "******", "password": "******", "login": True }] login(servers, "openldap4", *users)
def plain_text_with_custom_port(self): """Check that we can perform LDAP user authentication using `plain text` connection protocol with the server that uses custom port. """ servers = { "openldap3": { "host": "openldap3", "port": "3089", "enable_tls": "no", "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com" } } users = [{ "server": "openldap3", "username": "******", "password": "******", "login": True }] login(servers, "openldap3", *users)
def tls_cipher_suite(self): """Check that `tls_cipher_suite` parameter can be used specify allowed cipher suites.""" servers = { "openldap4": { "host": "openldap4", "port": "6036", "tls_require_cert": "never", "tls_cipher_suite": "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC", "tls_minimum_protocol_version": "tls1.2", "auth_dn_prefix": "cn=", "auth_dn_suffix": ",ou=users,dc=company,dc=com", } } users = [{ "server": "openldap4", "username": "******", "password": "******", "login": True }] login(servers, "openldap4", *users)