From: Lukas Wagner <l.wagner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH v3 proxmox 5/6] ldap: tests: add LDAP integration tests
Date: Tue, 24 Jan 2023 11:03:36 +0100 [thread overview]
Message-ID: <20230124100337.152394-6-l.wagner@proxmox.com> (raw)
In-Reply-To: <20230124100337.152394-1-l.wagner@proxmox.com>
This commit adds integration tests to ensure that the crate works as intended.
The tests are executed against a real LDAP server, namely `glauth`. `glauth` was
chosen because it ships as a single, statically compiled binary and can
be configured with a single configuration file.
The tests are written as off-the-shelf unit tests. However, they are
#[ignored] by default, as they have some special requirements:
* They required the GLAUTH_BIN environment variable to be set,
pointing to the location of the `glauth` binary. `glauth` will be
started and stopped automatically by the test suite.
* Tests have to be executed sequentially (`--test-threads 1`),
otherwise multiple instances of the glauth server might bind to the
same port.
The `run_integration_tests.sh` checks whether GLAUTH_BIN is set, or if
not, attempts to find `glauth` on PATH. The script also ensures that the
tests are run sequentially.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
proxmox-ldap/Cargo.toml | 2 +
proxmox-ldap/run_integration_tests.sh | 31 ++++
proxmox-ldap/src/lib.rs | 2 +-
.../tests/assets/generate_certificate.sh | 4 +
proxmox-ldap/tests/assets/glauth.cfg | 67 +++++++
proxmox-ldap/tests/assets/glauth.crt | 29 +++
proxmox-ldap/tests/assets/glauth.key | 52 ++++++
proxmox-ldap/tests/assets/glauth_v6.cfg | 67 +++++++
proxmox-ldap/tests/glauth.rs | 166 ++++++++++++++++++
9 files changed, 419 insertions(+), 1 deletion(-)
create mode 100755 proxmox-ldap/run_integration_tests.sh
create mode 100755 proxmox-ldap/tests/assets/generate_certificate.sh
create mode 100644 proxmox-ldap/tests/assets/glauth.cfg
create mode 100644 proxmox-ldap/tests/assets/glauth.crt
create mode 100644 proxmox-ldap/tests/assets/glauth.key
create mode 100644 proxmox-ldap/tests/assets/glauth_v6.cfg
create mode 100644 proxmox-ldap/tests/glauth.rs
diff --git a/proxmox-ldap/Cargo.toml b/proxmox-ldap/Cargo.toml
index 70fba73..02cdb14 100644
--- a/proxmox-ldap/Cargo.toml
+++ b/proxmox-ldap/Cargo.toml
@@ -14,3 +14,5 @@ ldap3 = { workspace = true, default_features = false, features = ["tls"] }
serde = { workspace = true, features = ["derive"] }
native-tls.workspace = true
+[dev_dependencies]
+proxmox-async.workspace = true
diff --git a/proxmox-ldap/run_integration_tests.sh b/proxmox-ldap/run_integration_tests.sh
new file mode 100755
index 0000000..03b6d9b
--- /dev/null
+++ b/proxmox-ldap/run_integration_tests.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Run integration tests for the proxmox_ldap crate.
+# At this time, the tests require `glauth` to be available,
+# either explicitly passed via $GLAUTH_PATH, or somewhere
+# on $PATH.
+#
+# Tested with glauth v2.1.0
+
+function run_tests {
+ # All tests that need glauth running are ignored, so
+ # that we can run `cargo test` without caring about them
+ # Also, only run on 1 thread, because otherwise
+ # glauth would need a separate port for each rurnning test
+ exec cargo test -- --ignored --test-threads 1
+}
+
+
+if [ -z ${GLAUTH_BIN+x} ];
+then
+ GLAUTH_BIN=$(command -v glauth)
+ if [ $? -eq 0 ] ;
+ then
+ export GLAUTH_BIN
+ else
+ echo "glauth not found in PATH"
+ exit 1
+ fi
+fi
+
+run_tests
diff --git a/proxmox-ldap/src/lib.rs b/proxmox-ldap/src/lib.rs
index 903ce1a..3815b27 100644
--- a/proxmox-ldap/src/lib.rs
+++ b/proxmox-ldap/src/lib.rs
@@ -62,7 +62,7 @@ pub struct SearchParameters {
pub user_filter: Option<String>,
}
-#[derive(Serialize, Deserialize)]
+#[derive(Serialize, Deserialize, Debug)]
/// Single LDAP user search result
pub struct SearchResult {
/// The full user's domain
diff --git a/proxmox-ldap/tests/assets/generate_certificate.sh b/proxmox-ldap/tests/assets/generate_certificate.sh
new file mode 100755
index 0000000..0c15216
--- /dev/null
+++ b/proxmox-ldap/tests/assets/generate_certificate.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+openssl req -x509 -newkey rsa:4096 -keyout glauth.key -out glauth.crt -days 36500 -nodes -subj '/CN=localhost'
+
diff --git a/proxmox-ldap/tests/assets/glauth.cfg b/proxmox-ldap/tests/assets/glauth.cfg
new file mode 100644
index 0000000..7255169
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth.cfg
@@ -0,0 +1,67 @@
+debug = true
+[ldap]
+ enabled = true
+ listen = "0.0.0.0:3893"
+
+[ldaps]
+ enabled = true
+ listen = "0.0.0.0:3894"
+ cert = "tests/assets/glauth.crt"
+ key = "tests/assets/glauth.key"
+
+
+
+[backend]
+ datastore = "config"
+ baseDN = "dc=example,dc=com"
+ nameformat = "cn"
+ groupformat = "ou"
+
+# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
+
+[[users]]
+ name = "test1"
+ givenname="Test 1"
+ sn="User"
+ mail = "test1@example.com"
+ uidnumber = 1001
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test2"
+ givenname="Test 2"
+ sn="User"
+ mail = "test2@example.com"
+ uidnumber = 1002
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test3"
+ givenname="Test 3"
+ sn="User"
+ mail = "test3@example.com"
+ uidnumber = 1003
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+
+[[users]]
+ name = "serviceuser"
+ mail = "serviceuser@example.com"
+ uidnumber = 1111
+ primarygroup = 1001
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+ [[users.capabilities]]
+ action = "search"
+ object = "*"
+
+[[groups]]
+ name = "testgroup"
+ gidnumber = 1000
+
+[[groups]]
+ name = "svcaccts"
+ gidnumber = 1001
+
diff --git a/proxmox-ldap/tests/assets/glauth.crt b/proxmox-ldap/tests/assets/glauth.crt
new file mode 100644
index 0000000..6c0fdb7
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCzCCAvOgAwIBAgIUREnN1wK1O6wTcVxSk6d5o0yHwjswDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIzMDExNzEwMjEwNFoYDzIxMjIx
+MjI0MTAyMTA0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC/6A+m00AXHsvecYiuzBLgL6laTCqjIXyoHKdI5znI
+YOCXokCFDQI/wct1tA3GlIGuezECAHr76uF5G6T6DbSnbzE6Jd7ElKbQhnypwJc1
+4JsB7SYZVAz+Pj7CkjqmIEjwWWIFqotIvT/GfasHva/fGKKHhGFiU9N1gPthmrDr
+vwr5q2b+2FxyzkBlHD0pdOIO/aXOjISkS0MqOHRmUuoADXPjonWe0ujF/oI33ZOm
+8Xw+bdTuHEpgaioDP5LaSGdK+Y/1lOFqt8/9W8sCmo/Q8cLH1wZlkycl4d4jeMtK
+BB/iPot8n+9uMtZCjHS8zmedZKoIFGlnfHYmP8ckY7pHXfNoun/sHB9kXHlx0Rv2
+NCnd/117oGv6FFEio6lf+11Cm6qNYOxzsoZY6VpozMrI9CDFrMGwzvUuirzMmJql
+0TgrWJQE43bo5Rxkdd30TuqghXV9ENwG1sXacun2GGxuc5F6QG6l6k5H0dOh3gGG
+v7NAPKuIRi7oDJ3+B8wS4PTnroqRGVoKX7luQj2JrAB7mt42fE1iL9eEIjsde678
+oomnoOVcgWOpJCzJ5J10cNddhBO1JGMN/iHULeHLKzxWBptZTYWIwKp5hgZCK1s+
+fiuvh8CRxiI5IwyDLlQbI4kf6iLxipFqIHNsddYRnzZIW/iogRfdd0iPvqorXucV
+tQIDAQABo1MwUTAdBgNVHQ4EFgQULLKz9hnIn5jU7ELlth4DXPhGrywwHwYDVR0j
+BBgwFoAULLKz9hnIn5jU7ELlth4DXPhGrywwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAOr9nQEvwNF2qcIteYV3WgRt//oSf/L+qYANVD86ZUK2c
+07zWL9mKxXwXCz1ncfjLMMb/ZO3gnrI2yW5MJdyHup+28ESqMmvNX1Sz9hkjqaP0
+irM3sD56FhjUYa8H8g3k1kKl7N4ogt0JZpwJt+JFoRHu1vaWKahOmn8owP789CPQ
+391zyhqZHOowmHSd0lu8AWSdIuzU5Q5Vk38+GW4gHAxsSG0hWempg3U7g9DOAXbe
+kFHSa8H4bpXMdwndZJPv+NhA8LYG5UC2aD86dUWXrfEMuXLqvxMpYIZ76A3UZUWl
++zmEKHmjCumz5WdjnPGIC/NJiREM6kUd/UqWv4XuPkgQjmnlsB4POKaV658uYFvF
+HnLPEkwT6jnJqyMH0YGhbwZdbS/UpARvoZ4ZkpKFVLB3SlG/8cn+YtXLMBwefAUr
+cAwzLCcu28LX/bq+65HldFxjYr2XddcbJErLvyfl5w/+UaqrCnSXiSL5yqxpcie6
+w3r+U5Ei51iJEJTJIabcQiH0+dkLNVRvaCywcChgUjHqNdTtZvGuvGiwvfJ3ItSI
+HkvcWug5pO+kyNmaDPLPYtL4mm9tIMgdIIwXZSHcOC459aVvh+5Mmqwat4Ijfa7+
+TBkr87t671pL1XH5eeeUKYbFpKq/ZxA+O8LT9IXeLyediLvcf7V5BqwuuPHkzHw=
+-----END CERTIFICATE-----
diff --git a/proxmox-ldap/tests/assets/glauth.key b/proxmox-ldap/tests/assets/glauth.key
new file mode 100644
index 0000000..d29e06a
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC/6A+m00AXHsve
+cYiuzBLgL6laTCqjIXyoHKdI5znIYOCXokCFDQI/wct1tA3GlIGuezECAHr76uF5
+G6T6DbSnbzE6Jd7ElKbQhnypwJc14JsB7SYZVAz+Pj7CkjqmIEjwWWIFqotIvT/G
+fasHva/fGKKHhGFiU9N1gPthmrDrvwr5q2b+2FxyzkBlHD0pdOIO/aXOjISkS0Mq
+OHRmUuoADXPjonWe0ujF/oI33ZOm8Xw+bdTuHEpgaioDP5LaSGdK+Y/1lOFqt8/9
+W8sCmo/Q8cLH1wZlkycl4d4jeMtKBB/iPot8n+9uMtZCjHS8zmedZKoIFGlnfHYm
+P8ckY7pHXfNoun/sHB9kXHlx0Rv2NCnd/117oGv6FFEio6lf+11Cm6qNYOxzsoZY
+6VpozMrI9CDFrMGwzvUuirzMmJql0TgrWJQE43bo5Rxkdd30TuqghXV9ENwG1sXa
+cun2GGxuc5F6QG6l6k5H0dOh3gGGv7NAPKuIRi7oDJ3+B8wS4PTnroqRGVoKX7lu
+Qj2JrAB7mt42fE1iL9eEIjsde678oomnoOVcgWOpJCzJ5J10cNddhBO1JGMN/iHU
+LeHLKzxWBptZTYWIwKp5hgZCK1s+fiuvh8CRxiI5IwyDLlQbI4kf6iLxipFqIHNs
+ddYRnzZIW/iogRfdd0iPvqorXucVtQIDAQABAoICAQCP5fzGhSVLsOYB+HQbTh7h
+SBve/7oA9L06ebHecrPbUvlV+m4S1nxXPoPH0Kl7vCO5p9pJu/58I9XKMDZ24gwS
+eMga6AawtR6Ywh98UlOQLMlOmnq1B1du1VHOKEQeCZtnzj44LXefpXjK57R1a4ES
+8q/8mgFD78NiGsNkntAHFguuxx3F/orj81BKAPDDw0c3Im9QAAH+CAlnAUoW6Bla
+zLuXd1xnKZMt0/fk2Bs9VVpqnYTKvx/uR+0U3njJgP0jNRsDdQ3KLeah/lCttSQd
+8wqxOsUrKTpzp3ggdRVKfOlDhs6lNnAc27XZ1OQ8JzF+zdrJkDSxSpx1deFnofgs
++POJRTcEuun9n/C7uROpkJLZyufXAFeo6idcK4qdc3NgldbkuctwlXjHy25z7iCK
+gK3Cw2vvgNjt0S09pd9UYWf8RZsGm7IYhSDp7im5RAZSDbUam/rQ9WuhLTFfkK8l
+HGEXK1x1YS2vGJF/GjYAfyOtuSrq1lB1TjF+tu+GTe0hA6q9SJNzziGznw1Rvz0u
+Nqo/GXHYW8z1XGXBFvWuOLwPGAty7WLGgmNP4cIxdcZHe+NbpCXm7VXOF3L43MOI
+z6kdL1JGklKcauycnz9HCmZiyke1QoFmDzKuwZNyGE1Mi7nQ/++0BtB3VV4D0vrw
+aL/5J4vOusHKEgBYAQUoSQKCAQEA+Em6o6p1f9GKvTuWgL+fcQ+NUgYKcgQ2tLx3
+ZuPOI11ZJN+IKLgp1qnhqfn00BJLuMq3djgvMIxsYYZ8U3KrCtNyLUN7MT6BNceq
+wv+IX3zhlRrvw9PABVdP23RqoTOmaAVIpj3CIRqRqI+oFjR6XgWqJi2K5j5Hr6+f
+tIgonvIHRW1qxo5EcDwU267zPFPGhoWGZgDBoBICjCx0QfYgn8WrltymyBDJxmVj
+P2A0kZjvwf5nfjRmRE0hdL/sWlOuTpt2VBqNTJoCw+Dq6n+FEUtfWDnCKT3tj06X
+LXCDJ6j/+wnKU4pD9pOpSr80pq3kWBKkWTiHII7NUJ4Ed+VKGwKCAQEAxd4DL5kI
+3q2t5Q5ZSdd8UhPf2nTy15UGuKucABwHsLdtpA4Sn/wjw1QJHrEWXxJREhOOKPUz
+U/RN4FkbpkO74iMDgmYCh40+e41zPcNzStBj+Ol0UklQ9E+S2XWVH6Xwq6GYpvS3
+qg4BKis7mPPNdOEE8yNLT7C4NU3nbH+TtjxaJmSrcqRzYRPsPTMt8Xzl/G7UOJfS
+EtKTYoJ9Rnsp45n8v0QXhU3klH/SjsP6mQMeUw5l6sWA0NJAsYVjlYJdn+Fll6Px
+Orvms0Mxab3803vBXIh9pavf4qu1yGMMZPESWluXCoPktcZkUQm1XSSc90eEByxZ
++377mU3aUTMcbwKCAQEAhAmRe6AWxFaG1YNu0iEVhWaj3M7hlyiufwcK6GiVIzFt
+SrKlEiJ9/W5yV5ZZnp1cL3V+gxv13HeQ23xNeYMteqBfw7pzNQjsZdE8+l4yA7XB
+sS2V/CoLn8uC6E3MttVk1USaEe4d4sTiWSWsWcKmoIGarprhlvff34oiADu4fm5v
+d3hspBLcSmNpJDqxl49lr/wqMOyOC7YILMsnODzPtKfGTIAjIZnr89nPIdDjo9oV
+BrFoEDGFgSUTeabm5lJCDAOYtbk5E1eDyO8/fl06Qqw2lBCDNLN+NguxUbTXyquR
+FctrEWoiImr8SIfOVCV9nWishdYN5j6K6Shfb/M7qQKCAQBcDGQ/CFpv/SwgmwQ+
+rdhP9p706eLvF40A7BSumFubgjmnUESp2Ipqm/WCKa/WmpbMafyAYVF3hPeVnt6W
+AnytPsyrJPmYRcUDhVJPMVW5QCjB6xkKDsFyZnJSZ7jv+Cp2Lb7uLHokyk8QZvxa
+s1CpRuUelxS6BeQsKAm5F8CHzpvBsKNxub9TMgl8jwqYhRoYzRY9HaPEzeFyunG9
+EB70mvZRpEOs6AembbBuag1ykVjSGqifBzJd8vHVo9AoBXW4owq3+LSINlGko2Wh
+Y5jyaWgSvAx3vfVxZaAzkKB7dQqsrl8drS4AwkJ40KNmqVm8T7DEBYX20aQKNYWS
+sMxRAoIBAQD3ycMDd0CP8aAbOwLVwHboNzeZNpLCx8oXV16/qID0PO7M8kT1d+0x
+V38FxL3UGafWSwsRZhU4GrwNDJVK6LA40m5v3CiZF1tsUJLlwSR7If4MXTU6g9uC
+x35EXdr+kcKSw6QCVRc1CcPRUIwRisqn67SDeREDzZUtAoCyZex0dOj9mzVc+HID
+Wh4SeBmHbeToCFRhIANSsAj0psO0nuvAgVDEekGiQ/m9DrZriEiZ/adniUd0gSHi
+lpgXcqNlVS4/Pp56GkdEOvHleVr5R+y0P1NCNcdl+iRxmfdIMhEwrSZnqfjntXMU
+yWQL2XczMt+NRQn+v23VKpQVK/R9PMEV
+-----END PRIVATE KEY-----
diff --git a/proxmox-ldap/tests/assets/glauth_v6.cfg b/proxmox-ldap/tests/assets/glauth_v6.cfg
new file mode 100644
index 0000000..c30107d
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth_v6.cfg
@@ -0,0 +1,67 @@
+debug = true
+[ldap]
+ enabled = true
+ listen = "[::]:3893"
+
+[ldaps]
+ enabled = true
+ listen = "[::]:3894"
+ cert = "tests/assets/glauth.crt"
+ key = "tests/assets/glauth.key"
+
+
+
+[backend]
+ datastore = "config"
+ baseDN = "dc=example,dc=com"
+ nameformat = "cn"
+ groupformat = "ou"
+
+# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
+
+[[users]]
+ name = "test1"
+ givenname="Test 1"
+ sn="User"
+ mail = "test1@example.com"
+ uidnumber = 1001
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test2"
+ givenname="Test 2"
+ sn="User"
+ mail = "test2@example.com"
+ uidnumber = 1002
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test3"
+ givenname="Test 3"
+ sn="User"
+ mail = "test3@example.com"
+ uidnumber = 1003
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+
+[[users]]
+ name = "serviceuser"
+ mail = "serviceuser@example.com"
+ uidnumber = 1111
+ primarygroup = 1001
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+ [[users.capabilities]]
+ action = "search"
+ object = "*"
+
+[[groups]]
+ name = "testgroup"
+ gidnumber = 1000
+
+[[groups]]
+ name = "svcaccts"
+ gidnumber = 1001
+
diff --git a/proxmox-ldap/tests/glauth.rs b/proxmox-ldap/tests/glauth.rs
new file mode 100644
index 0000000..a45e992
--- /dev/null
+++ b/proxmox-ldap/tests/glauth.rs
@@ -0,0 +1,166 @@
+use std::{
+ process::{Child, Command, Stdio},
+ thread::sleep,
+ time::Duration,
+};
+
+use anyhow::{Context, Error};
+use proxmox_ldap::*;
+
+struct GlauthServer {
+ handle: Child,
+}
+
+impl GlauthServer {
+ fn new(path: &str) -> Result<Self, Error> {
+ let glauth_bin = std::env::var("GLAUTH_BIN").context("GLAUTH_BIN is not set")?;
+ let handle = Command::new(&glauth_bin)
+ .arg("-c")
+ .arg(path)
+ .stdin(Stdio::null())
+ .stdout(Stdio::null())
+ .stderr(Stdio::null())
+ .spawn()
+ .context("Could not start glauth process")?;
+
+ // Make 'sure' that glauth is up
+ sleep(Duration::from_secs(1));
+
+ Ok(Self { handle })
+ }
+}
+
+impl Drop for GlauthServer {
+ fn drop(&mut self) {
+ self.handle.kill().ok();
+ }
+}
+
+fn authenticate(con: &LdapConnection, user: &str, pass: &str) -> Result<(), Error> {
+ proxmox_async::runtime::block_on(con.authenticate_user(user, pass))
+}
+
+fn default_config() -> LdapConfig {
+ LdapConfig {
+ servers: vec!["localhost".into()],
+ port: Some(3893),
+ user_attr: "cn".into(),
+ base_dn: "dc=example,dc=com".into(),
+ bind_dn: Some("cn=serviceuser,ou=svcaccts,dc=example,dc=com".into()),
+ bind_password: Some("password".into()),
+ tls_mode: LdapConnectionMode::Ldap,
+ verify_certificate: false,
+ additional_trusted_certificates: None,
+ certificate_store_path: Some("/etc/ssl/certs".into()),
+ }
+}
+
+#[test]
+#[ignore]
+fn test_authentication() -> Result<(), Error> {
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(default_config());
+
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+ assert!(authenticate(&connection, "test2", "password").is_ok());
+ assert!(authenticate(&connection, "test3", "password").is_ok());
+ assert!(authenticate(&connection, "test1", "invalid").is_err());
+ assert!(authenticate(&connection, "invalid", "password").is_err());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_authentication_via_ipv6() -> Result<(), Error> {
+ let _glauth = GlauthServer::new("tests/assets/glauth_v6.cfg")?;
+
+ let settings = LdapConfig {
+ servers: vec!["[::1]".into()],
+ ..default_config()
+ };
+
+ let connection = LdapConnection::new(settings);
+
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_authentication_via_ldaps() -> Result<(), Error> {
+ let settings = LdapConfig {
+ port: Some(3894),
+ tls_mode: LdapConnectionMode::Ldaps,
+ verify_certificate: true,
+ additional_trusted_certificates: Some(vec!["tests/assets/glauth.crt".into()]),
+ ..default_config()
+ };
+
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(settings);
+
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+ assert!(authenticate(&connection, "test1", "invalid").is_err());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_fallback() -> Result<(), Error> {
+ let settings = LdapConfig {
+ servers: vec!["invalid.host".into(), "localhost".into()],
+ ..default_config()
+ };
+
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(settings);
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_search() -> Result<(), Error> {
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(default_config());
+
+ let params = SearchParameters {
+ attributes: vec!["cn".into(), "mail".into(), "sn".into()],
+ user_classes: vec!["posixAccount".into()],
+ user_filter: Some("(cn=test*)".into()),
+ };
+
+ let search_results = proxmox_async::runtime::block_on(connection.search_entities(¶ms))?;
+
+ assert_eq!(search_results.len(), 3);
+
+ for a in search_results {
+ assert!(a.dn.starts_with("cn=test"));
+ assert!(a.dn.ends_with("ou=testgroup,ou=users,dc=example,dc=com"));
+
+ assert!(a
+ .attributes
+ .get("mail")
+ .unwrap()
+ .get(0)
+ .unwrap()
+ .ends_with("@example.com"));
+ assert!(a
+ .attributes
+ .get("sn")
+ .unwrap()
+ .get(0)
+ .unwrap()
+ .eq("User".into()));
+ }
+
+ Ok(())
+}
--
2.30.2
next prev parent reply other threads:[~2023-01-24 10:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 10:03 [pbs-devel] [PATCH v3 proxmox 0/6] introduce proxmox-ldap crate Lukas Wagner
2023-01-24 10:03 ` [pbs-devel] [PATCH v3 proxmox 1/6] ldap: create new `proxmox-ldap` crate Lukas Wagner
2023-01-24 10:03 ` [pbs-devel] [PATCH v3 proxmox 2/6] ldap: add basic user auth functionality Lukas Wagner
2023-01-24 10:03 ` [pbs-devel] [PATCH v3 proxmox 3/6] ldap: add helpers for constructing LDAP filters Lukas Wagner
2023-01-24 10:03 ` [pbs-devel] [PATCH v3 proxmox 4/6] ldap: allow searching for LDAP entities Lukas Wagner
2023-01-24 10:03 ` Lukas Wagner [this message]
2023-01-24 10:03 ` [pbs-devel] [PATCH v3 proxmox 6/6] ldap: add debian packaging Lukas Wagner
2023-02-08 13:32 ` [pbs-devel] applied-series: [PATCH v3 proxmox 0/6] introduce proxmox-ldap crate Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230124100337.152394-6-l.wagner@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal