forked from Proxmox/proxmox
ldap: tests: add LDAP integration tests
This commit adds integration tests to ensure that the crate works as intended.
The tests are executed against a real LDAP server, namely `glauth`. `glauth` was
chosen because it ships as a single, statically compiled binary and can
be configured with a single configuration file.
The tests are written as off-the-shelf unit tests. However, they are
#[ignored] by default, as they have some special requirements:
* They required the GLAUTH_BIN environment variable to be set,
pointing to the location of the `glauth` binary. `glauth` will be
started and stopped automatically by the test suite.
* Tests have to be executed sequentially (`--test-threads 1`),
otherwise multiple instances of the glauth server might bind to the
same port.
The `run_integration_tests.sh` checks whether GLAUTH_BIN is set, or if
not, attempts to find `glauth` on PATH. The script also ensures that the
tests are run sequentially.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
This commit is contained in:
Lukas Wagner
Wolfgang Bumiller
parent
4488256cb1
commit
582e994cca
@ -14,3 +14,5 @@ ldap3 = { workspace = true, default_features = false, features = ["tls"] }
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
native-tls.workspace = true
|
||||
|
||||
[dev_dependencies]
|
||||
proxmox-async.workspace = true
|
||||
|
||||
31
proxmox-ldap/run_integration_tests.sh
Executable file
31
proxmox-ldap/run_integration_tests.sh
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Run integration tests for the proxmox_ldap crate.
|
||||
# At this time, the tests require `glauth` to be available,
|
||||
# either explicitly passed via $GLAUTH_PATH, or somewhere
|
||||
# on $PATH.
|
||||
#
|
||||
# Tested with glauth v2.1.0
|
||||
|
||||
function run_tests {
|
||||
# All tests that need glauth running are ignored, so
|
||||
# that we can run `cargo test` without caring about them
|
||||
# Also, only run on 1 thread, because otherwise
|
||||
# glauth would need a separate port for each rurnning test
|
||||
exec cargo test -- --ignored --test-threads 1
|
||||
}
|
||||
|
||||
|
||||
if [ -z ${GLAUTH_BIN+x} ];
|
||||
then
|
||||
GLAUTH_BIN=$(command -v glauth)
|
||||
if [ $? -eq 0 ] ;
|
||||
then
|
||||
export GLAUTH_BIN
|
||||
else
|
||||
echo "glauth not found in PATH"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
run_tests
|
||||
@ -62,7 +62,7 @@ pub struct SearchParameters {
|
||||
pub user_filter: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize)]
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
/// Single LDAP user search result
|
||||
pub struct SearchResult {
|
||||
/// The full user's domain
|
||||
|
||||
4
proxmox-ldap/tests/assets/generate_certificate.sh
Executable file
4
proxmox-ldap/tests/assets/generate_certificate.sh
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
|
||||
openssl req -x509 -newkey rsa:4096 -keyout glauth.key -out glauth.crt -days 36500 -nodes -subj '/CN=localhost'
|
||||
|
||||
67
proxmox-ldap/tests/assets/glauth.cfg
Normal file
67
proxmox-ldap/tests/assets/glauth.cfg
Normal file
@ -0,0 +1,67 @@
|
||||
debug = true
|
||||
[ldap]
|
||||
enabled = true
|
||||
listen = "0.0.0.0:3893"
|
||||
|
||||
[ldaps]
|
||||
enabled = true
|
||||
listen = "0.0.0.0:3894"
|
||||
cert = "tests/assets/glauth.crt"
|
||||
key = "tests/assets/glauth.key"
|
||||
|
||||
|
||||
|
||||
[backend]
|
||||
datastore = "config"
|
||||
baseDN = "dc=example,dc=com"
|
||||
nameformat = "cn"
|
||||
groupformat = "ou"
|
||||
|
||||
# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
|
||||
|
||||
[[users]]
|
||||
name = "test1"
|
||||
givenname="Test 1"
|
||||
sn="User"
|
||||
mail = "test1@example.com"
|
||||
uidnumber = 1001
|
||||
primarygroup = 1000
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
|
||||
[[users]]
|
||||
name = "test2"
|
||||
givenname="Test 2"
|
||||
sn="User"
|
||||
mail = "test2@example.com"
|
||||
uidnumber = 1002
|
||||
primarygroup = 1000
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
|
||||
[[users]]
|
||||
name = "test3"
|
||||
givenname="Test 3"
|
||||
sn="User"
|
||||
mail = "test3@example.com"
|
||||
uidnumber = 1003
|
||||
primarygroup = 1000
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
|
||||
|
||||
[[users]]
|
||||
name = "serviceuser"
|
||||
mail = "serviceuser@example.com"
|
||||
uidnumber = 1111
|
||||
primarygroup = 1001
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
[[users.capabilities]]
|
||||
action = "search"
|
||||
object = "*"
|
||||
|
||||
[[groups]]
|
||||
name = "testgroup"
|
||||
gidnumber = 1000
|
||||
|
||||
[[groups]]
|
||||
name = "svcaccts"
|
||||
gidnumber = 1001
|
||||
|
||||
29
proxmox-ldap/tests/assets/glauth.crt
Normal file
29
proxmox-ldap/tests/assets/glauth.crt
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFCzCCAvOgAwIBAgIUREnN1wK1O6wTcVxSk6d5o0yHwjswDQYJKoZIhvcNAQEL
|
||||
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIzMDExNzEwMjEwNFoYDzIxMjIx
|
||||
MjI0MTAyMTA0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEB
|
||||
AQUAA4ICDwAwggIKAoICAQC/6A+m00AXHsvecYiuzBLgL6laTCqjIXyoHKdI5znI
|
||||
YOCXokCFDQI/wct1tA3GlIGuezECAHr76uF5G6T6DbSnbzE6Jd7ElKbQhnypwJc1
|
||||
4JsB7SYZVAz+Pj7CkjqmIEjwWWIFqotIvT/GfasHva/fGKKHhGFiU9N1gPthmrDr
|
||||
vwr5q2b+2FxyzkBlHD0pdOIO/aXOjISkS0MqOHRmUuoADXPjonWe0ujF/oI33ZOm
|
||||
8Xw+bdTuHEpgaioDP5LaSGdK+Y/1lOFqt8/9W8sCmo/Q8cLH1wZlkycl4d4jeMtK
|
||||
BB/iPot8n+9uMtZCjHS8zmedZKoIFGlnfHYmP8ckY7pHXfNoun/sHB9kXHlx0Rv2
|
||||
NCnd/117oGv6FFEio6lf+11Cm6qNYOxzsoZY6VpozMrI9CDFrMGwzvUuirzMmJql
|
||||
0TgrWJQE43bo5Rxkdd30TuqghXV9ENwG1sXacun2GGxuc5F6QG6l6k5H0dOh3gGG
|
||||
v7NAPKuIRi7oDJ3+B8wS4PTnroqRGVoKX7luQj2JrAB7mt42fE1iL9eEIjsde678
|
||||
oomnoOVcgWOpJCzJ5J10cNddhBO1JGMN/iHULeHLKzxWBptZTYWIwKp5hgZCK1s+
|
||||
fiuvh8CRxiI5IwyDLlQbI4kf6iLxipFqIHNsddYRnzZIW/iogRfdd0iPvqorXucV
|
||||
tQIDAQABo1MwUTAdBgNVHQ4EFgQULLKz9hnIn5jU7ELlth4DXPhGrywwHwYDVR0j
|
||||
BBgwFoAULLKz9hnIn5jU7ELlth4DXPhGrywwDwYDVR0TAQH/BAUwAwEB/zANBgkq
|
||||
hkiG9w0BAQsFAAOCAgEAOr9nQEvwNF2qcIteYV3WgRt//oSf/L+qYANVD86ZUK2c
|
||||
07zWL9mKxXwXCz1ncfjLMMb/ZO3gnrI2yW5MJdyHup+28ESqMmvNX1Sz9hkjqaP0
|
||||
irM3sD56FhjUYa8H8g3k1kKl7N4ogt0JZpwJt+JFoRHu1vaWKahOmn8owP789CPQ
|
||||
391zyhqZHOowmHSd0lu8AWSdIuzU5Q5Vk38+GW4gHAxsSG0hWempg3U7g9DOAXbe
|
||||
kFHSa8H4bpXMdwndZJPv+NhA8LYG5UC2aD86dUWXrfEMuXLqvxMpYIZ76A3UZUWl
|
||||
+zmEKHmjCumz5WdjnPGIC/NJiREM6kUd/UqWv4XuPkgQjmnlsB4POKaV658uYFvF
|
||||
HnLPEkwT6jnJqyMH0YGhbwZdbS/UpARvoZ4ZkpKFVLB3SlG/8cn+YtXLMBwefAUr
|
||||
cAwzLCcu28LX/bq+65HldFxjYr2XddcbJErLvyfl5w/+UaqrCnSXiSL5yqxpcie6
|
||||
w3r+U5Ei51iJEJTJIabcQiH0+dkLNVRvaCywcChgUjHqNdTtZvGuvGiwvfJ3ItSI
|
||||
HkvcWug5pO+kyNmaDPLPYtL4mm9tIMgdIIwXZSHcOC459aVvh+5Mmqwat4Ijfa7+
|
||||
TBkr87t671pL1XH5eeeUKYbFpKq/ZxA+O8LT9IXeLyediLvcf7V5BqwuuPHkzHw=
|
||||
-----END CERTIFICATE-----
|
||||
52
proxmox-ldap/tests/assets/glauth.key
Normal file
52
proxmox-ldap/tests/assets/glauth.key
Normal file
@ -0,0 +1,52 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC/6A+m00AXHsve
|
||||
cYiuzBLgL6laTCqjIXyoHKdI5znIYOCXokCFDQI/wct1tA3GlIGuezECAHr76uF5
|
||||
G6T6DbSnbzE6Jd7ElKbQhnypwJc14JsB7SYZVAz+Pj7CkjqmIEjwWWIFqotIvT/G
|
||||
fasHva/fGKKHhGFiU9N1gPthmrDrvwr5q2b+2FxyzkBlHD0pdOIO/aXOjISkS0Mq
|
||||
OHRmUuoADXPjonWe0ujF/oI33ZOm8Xw+bdTuHEpgaioDP5LaSGdK+Y/1lOFqt8/9
|
||||
W8sCmo/Q8cLH1wZlkycl4d4jeMtKBB/iPot8n+9uMtZCjHS8zmedZKoIFGlnfHYm
|
||||
P8ckY7pHXfNoun/sHB9kXHlx0Rv2NCnd/117oGv6FFEio6lf+11Cm6qNYOxzsoZY
|
||||
6VpozMrI9CDFrMGwzvUuirzMmJql0TgrWJQE43bo5Rxkdd30TuqghXV9ENwG1sXa
|
||||
cun2GGxuc5F6QG6l6k5H0dOh3gGGv7NAPKuIRi7oDJ3+B8wS4PTnroqRGVoKX7lu
|
||||
Qj2JrAB7mt42fE1iL9eEIjsde678oomnoOVcgWOpJCzJ5J10cNddhBO1JGMN/iHU
|
||||
LeHLKzxWBptZTYWIwKp5hgZCK1s+fiuvh8CRxiI5IwyDLlQbI4kf6iLxipFqIHNs
|
||||
ddYRnzZIW/iogRfdd0iPvqorXucVtQIDAQABAoICAQCP5fzGhSVLsOYB+HQbTh7h
|
||||
SBve/7oA9L06ebHecrPbUvlV+m4S1nxXPoPH0Kl7vCO5p9pJu/58I9XKMDZ24gwS
|
||||
eMga6AawtR6Ywh98UlOQLMlOmnq1B1du1VHOKEQeCZtnzj44LXefpXjK57R1a4ES
|
||||
8q/8mgFD78NiGsNkntAHFguuxx3F/orj81BKAPDDw0c3Im9QAAH+CAlnAUoW6Bla
|
||||
zLuXd1xnKZMt0/fk2Bs9VVpqnYTKvx/uR+0U3njJgP0jNRsDdQ3KLeah/lCttSQd
|
||||
8wqxOsUrKTpzp3ggdRVKfOlDhs6lNnAc27XZ1OQ8JzF+zdrJkDSxSpx1deFnofgs
|
||||
+POJRTcEuun9n/C7uROpkJLZyufXAFeo6idcK4qdc3NgldbkuctwlXjHy25z7iCK
|
||||
gK3Cw2vvgNjt0S09pd9UYWf8RZsGm7IYhSDp7im5RAZSDbUam/rQ9WuhLTFfkK8l
|
||||
HGEXK1x1YS2vGJF/GjYAfyOtuSrq1lB1TjF+tu+GTe0hA6q9SJNzziGznw1Rvz0u
|
||||
Nqo/GXHYW8z1XGXBFvWuOLwPGAty7WLGgmNP4cIxdcZHe+NbpCXm7VXOF3L43MOI
|
||||
z6kdL1JGklKcauycnz9HCmZiyke1QoFmDzKuwZNyGE1Mi7nQ/++0BtB3VV4D0vrw
|
||||
aL/5J4vOusHKEgBYAQUoSQKCAQEA+Em6o6p1f9GKvTuWgL+fcQ+NUgYKcgQ2tLx3
|
||||
ZuPOI11ZJN+IKLgp1qnhqfn00BJLuMq3djgvMIxsYYZ8U3KrCtNyLUN7MT6BNceq
|
||||
wv+IX3zhlRrvw9PABVdP23RqoTOmaAVIpj3CIRqRqI+oFjR6XgWqJi2K5j5Hr6+f
|
||||
tIgonvIHRW1qxo5EcDwU267zPFPGhoWGZgDBoBICjCx0QfYgn8WrltymyBDJxmVj
|
||||
P2A0kZjvwf5nfjRmRE0hdL/sWlOuTpt2VBqNTJoCw+Dq6n+FEUtfWDnCKT3tj06X
|
||||
LXCDJ6j/+wnKU4pD9pOpSr80pq3kWBKkWTiHII7NUJ4Ed+VKGwKCAQEAxd4DL5kI
|
||||
3q2t5Q5ZSdd8UhPf2nTy15UGuKucABwHsLdtpA4Sn/wjw1QJHrEWXxJREhOOKPUz
|
||||
U/RN4FkbpkO74iMDgmYCh40+e41zPcNzStBj+Ol0UklQ9E+S2XWVH6Xwq6GYpvS3
|
||||
qg4BKis7mPPNdOEE8yNLT7C4NU3nbH+TtjxaJmSrcqRzYRPsPTMt8Xzl/G7UOJfS
|
||||
EtKTYoJ9Rnsp45n8v0QXhU3klH/SjsP6mQMeUw5l6sWA0NJAsYVjlYJdn+Fll6Px
|
||||
Orvms0Mxab3803vBXIh9pavf4qu1yGMMZPESWluXCoPktcZkUQm1XSSc90eEByxZ
|
||||
+377mU3aUTMcbwKCAQEAhAmRe6AWxFaG1YNu0iEVhWaj3M7hlyiufwcK6GiVIzFt
|
||||
SrKlEiJ9/W5yV5ZZnp1cL3V+gxv13HeQ23xNeYMteqBfw7pzNQjsZdE8+l4yA7XB
|
||||
sS2V/CoLn8uC6E3MttVk1USaEe4d4sTiWSWsWcKmoIGarprhlvff34oiADu4fm5v
|
||||
d3hspBLcSmNpJDqxl49lr/wqMOyOC7YILMsnODzPtKfGTIAjIZnr89nPIdDjo9oV
|
||||
BrFoEDGFgSUTeabm5lJCDAOYtbk5E1eDyO8/fl06Qqw2lBCDNLN+NguxUbTXyquR
|
||||
FctrEWoiImr8SIfOVCV9nWishdYN5j6K6Shfb/M7qQKCAQBcDGQ/CFpv/SwgmwQ+
|
||||
rdhP9p706eLvF40A7BSumFubgjmnUESp2Ipqm/WCKa/WmpbMafyAYVF3hPeVnt6W
|
||||
AnytPsyrJPmYRcUDhVJPMVW5QCjB6xkKDsFyZnJSZ7jv+Cp2Lb7uLHokyk8QZvxa
|
||||
s1CpRuUelxS6BeQsKAm5F8CHzpvBsKNxub9TMgl8jwqYhRoYzRY9HaPEzeFyunG9
|
||||
EB70mvZRpEOs6AembbBuag1ykVjSGqifBzJd8vHVo9AoBXW4owq3+LSINlGko2Wh
|
||||
Y5jyaWgSvAx3vfVxZaAzkKB7dQqsrl8drS4AwkJ40KNmqVm8T7DEBYX20aQKNYWS
|
||||
sMxRAoIBAQD3ycMDd0CP8aAbOwLVwHboNzeZNpLCx8oXV16/qID0PO7M8kT1d+0x
|
||||
V38FxL3UGafWSwsRZhU4GrwNDJVK6LA40m5v3CiZF1tsUJLlwSR7If4MXTU6g9uC
|
||||
x35EXdr+kcKSw6QCVRc1CcPRUIwRisqn67SDeREDzZUtAoCyZex0dOj9mzVc+HID
|
||||
Wh4SeBmHbeToCFRhIANSsAj0psO0nuvAgVDEekGiQ/m9DrZriEiZ/adniUd0gSHi
|
||||
lpgXcqNlVS4/Pp56GkdEOvHleVr5R+y0P1NCNcdl+iRxmfdIMhEwrSZnqfjntXMU
|
||||
yWQL2XczMt+NRQn+v23VKpQVK/R9PMEV
|
||||
-----END PRIVATE KEY-----
|
||||
67
proxmox-ldap/tests/assets/glauth_v6.cfg
Normal file
67
proxmox-ldap/tests/assets/glauth_v6.cfg
Normal file
@ -0,0 +1,67 @@
|
||||
debug = true
|
||||
[ldap]
|
||||
enabled = true
|
||||
listen = "[::]:3893"
|
||||
|
||||
[ldaps]
|
||||
enabled = true
|
||||
listen = "[::]:3894"
|
||||
cert = "tests/assets/glauth.crt"
|
||||
key = "tests/assets/glauth.key"
|
||||
|
||||
|
||||
|
||||
[backend]
|
||||
datastore = "config"
|
||||
baseDN = "dc=example,dc=com"
|
||||
nameformat = "cn"
|
||||
groupformat = "ou"
|
||||
|
||||
# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
|
||||
|
||||
[[users]]
|
||||
name = "test1"
|
||||
givenname="Test 1"
|
||||
sn="User"
|
||||
mail = "test1@example.com"
|
||||
uidnumber = 1001
|
||||
primarygroup = 1000
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
|
||||
[[users]]
|
||||
name = "test2"
|
||||
givenname="Test 2"
|
||||
sn="User"
|
||||
mail = "test2@example.com"
|
||||
uidnumber = 1002
|
||||
primarygroup = 1000
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
|
||||
[[users]]
|
||||
name = "test3"
|
||||
givenname="Test 3"
|
||||
sn="User"
|
||||
mail = "test3@example.com"
|
||||
uidnumber = 1003
|
||||
primarygroup = 1000
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
|
||||
|
||||
[[users]]
|
||||
name = "serviceuser"
|
||||
mail = "serviceuser@example.com"
|
||||
uidnumber = 1111
|
||||
primarygroup = 1001
|
||||
passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
|
||||
[[users.capabilities]]
|
||||
action = "search"
|
||||
object = "*"
|
||||
|
||||
[[groups]]
|
||||
name = "testgroup"
|
||||
gidnumber = 1000
|
||||
|
||||
[[groups]]
|
||||
name = "svcaccts"
|
||||
gidnumber = 1001
|
||||
|
||||
166
proxmox-ldap/tests/glauth.rs
Normal file
166
proxmox-ldap/tests/glauth.rs
Normal file
@ -0,0 +1,166 @@
|
||||
use std::{
|
||||
process::{Child, Command, Stdio},
|
||||
thread::sleep,
|
||||
time::Duration,
|
||||
};
|
||||
|
||||
use anyhow::{Context, Error};
|
||||
use proxmox_ldap::*;
|
||||
|
||||
struct GlauthServer {
|
||||
handle: Child,
|
||||
}
|
||||
|
||||
impl GlauthServer {
|
||||
fn new(path: &str) -> Result<Self, Error> {
|
||||
let glauth_bin = std::env::var("GLAUTH_BIN").context("GLAUTH_BIN is not set")?;
|
||||
let handle = Command::new(&glauth_bin)
|
||||
.arg("-c")
|
||||
.arg(path)
|
||||
.stdin(Stdio::null())
|
||||
.stdout(Stdio::null())
|
||||
.stderr(Stdio::null())
|
||||
.spawn()
|
||||
.context("Could not start glauth process")?;
|
||||
|
||||
// Make 'sure' that glauth is up
|
||||
sleep(Duration::from_secs(1));
|
||||
|
||||
Ok(Self { handle })
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for GlauthServer {
|
||||
fn drop(&mut self) {
|
||||
self.handle.kill().ok();
|
||||
}
|
||||
}
|
||||
|
||||
fn authenticate(con: &LdapConnection, user: &str, pass: &str) -> Result<(), Error> {
|
||||
proxmox_async::runtime::block_on(con.authenticate_user(user, pass))
|
||||
}
|
||||
|
||||
fn default_config() -> LdapConfig {
|
||||
LdapConfig {
|
||||
servers: vec!["localhost".into()],
|
||||
port: Some(3893),
|
||||
user_attr: "cn".into(),
|
||||
base_dn: "dc=example,dc=com".into(),
|
||||
bind_dn: Some("cn=serviceuser,ou=svcaccts,dc=example,dc=com".into()),
|
||||
bind_password: Some("password".into()),
|
||||
tls_mode: LdapConnectionMode::Ldap,
|
||||
verify_certificate: false,
|
||||
additional_trusted_certificates: None,
|
||||
certificate_store_path: Some("/etc/ssl/certs".into()),
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_authentication() -> Result<(), Error> {
|
||||
let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
|
||||
|
||||
let connection = LdapConnection::new(default_config());
|
||||
|
||||
assert!(authenticate(&connection, "test1", "password").is_ok());
|
||||
assert!(authenticate(&connection, "test2", "password").is_ok());
|
||||
assert!(authenticate(&connection, "test3", "password").is_ok());
|
||||
assert!(authenticate(&connection, "test1", "invalid").is_err());
|
||||
assert!(authenticate(&connection, "invalid", "password").is_err());
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_authentication_via_ipv6() -> Result<(), Error> {
|
||||
let _glauth = GlauthServer::new("tests/assets/glauth_v6.cfg")?;
|
||||
|
||||
let settings = LdapConfig {
|
||||
servers: vec!["[::1]".into()],
|
||||
..default_config()
|
||||
};
|
||||
|
||||
let connection = LdapConnection::new(settings);
|
||||
|
||||
assert!(authenticate(&connection, "test1", "password").is_ok());
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_authentication_via_ldaps() -> Result<(), Error> {
|
||||
let settings = LdapConfig {
|
||||
port: Some(3894),
|
||||
tls_mode: LdapConnectionMode::Ldaps,
|
||||
verify_certificate: true,
|
||||
additional_trusted_certificates: Some(vec!["tests/assets/glauth.crt".into()]),
|
||||
..default_config()
|
||||
};
|
||||
|
||||
let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
|
||||
|
||||
let connection = LdapConnection::new(settings);
|
||||
|
||||
assert!(authenticate(&connection, "test1", "password").is_ok());
|
||||
assert!(authenticate(&connection, "test1", "invalid").is_err());
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_fallback() -> Result<(), Error> {
|
||||
let settings = LdapConfig {
|
||||
servers: vec!["invalid.host".into(), "localhost".into()],
|
||||
..default_config()
|
||||
};
|
||||
|
||||
let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
|
||||
|
||||
let connection = LdapConnection::new(settings);
|
||||
assert!(authenticate(&connection, "test1", "password").is_ok());
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_search() -> Result<(), Error> {
|
||||
let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
|
||||
|
||||
let connection = LdapConnection::new(default_config());
|
||||
|
||||
let params = SearchParameters {
|
||||
attributes: vec!["cn".into(), "mail".into(), "sn".into()],
|
||||
user_classes: vec!["posixAccount".into()],
|
||||
user_filter: Some("(cn=test*)".into()),
|
||||
};
|
||||
|
||||
let search_results = proxmox_async::runtime::block_on(connection.search_entities(¶ms))?;
|
||||
|
||||
assert_eq!(search_results.len(), 3);
|
||||
|
||||
for a in search_results {
|
||||
assert!(a.dn.starts_with("cn=test"));
|
||||
assert!(a.dn.ends_with("ou=testgroup,ou=users,dc=example,dc=com"));
|
||||
|
||||
assert!(a
|
||||
.attributes
|
||||
.get("mail")
|
||||
.unwrap()
|
||||
.get(0)
|
||||
.unwrap()
|
||||
.ends_with("@example.com"));
|
||||
assert!(a
|
||||
.attributes
|
||||
.get("sn")
|
||||
.unwrap()
|
||||
.get(0)
|
||||
.unwrap()
|
||||
.eq("User".into()));
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user