0003-Add-tests-for-ldapsearchfilter-functionality.patch
application/octet-stream
Filename: 0003-Add-tests-for-ldapsearchfilter-functionality.patch
Type: application/octet-stream
Part: 2
Patch
Format: format-patch
Series: patch 0003
Subject: Add tests for ldapsearchfilter functionality
| File | + | − |
|---|---|---|
| src/test/ldap/data.ldif | 13 | 0 |
| src/test/ldap/t/001_auth.pl | 35 | 1 |
From 30d3f741a947f11b0c16dc408bb2ee0ef97b4a39 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Fri, 8 Sep 2017 10:52:08 -0400
Subject: [PATCH 3/3] Add tests for ldapsearchfilter functionality
---
src/test/ldap/data.ldif | 13 +++++++++++++
src/test/ldap/t/001_auth.pl | 36 +++++++++++++++++++++++++++++++++++-
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/src/test/ldap/data.ldif b/src/test/ldap/data.ldif
index b30604e1f0..8d82c284b1 100644
--- a/src/test/ldap/data.ldif
+++ b/src/test/ldap/data.ldif
@@ -17,3 +17,16 @@ uidNumber: 101
gidNumber: 100
homeDirectory: /home/test1
mail: test1@example.net
+
+dn: uid=test2,dc=example,dc=net
+objectClass: inetOrgPerson
+objectClass: posixAccount
+uid: test2
+sn: Lastname
+givenName: Firstname
+cn: Second Test User
+displayName: Second Test User
+uidNumber: 102
+gidNumber: 100
+homeDirectory: /home/test2
+mail: test2@example.net
diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl
index d8be2de88f..b6da6bfa18 100644
--- a/src/test/ldap/t/001_auth.pl
+++ b/src/test/ldap/t/001_auth.pl
@@ -2,7 +2,7 @@ use strict;
use warnings;
use TestLib;
use PostgresNode;
-use Test::More tests => 9;
+use Test::More tests => 14;
my ($slapd, $ldap_bin_dir, $ldap_schema_dir);
@@ -86,6 +86,7 @@ note "loading LDAP data";
system_or_bail 'ldapadd', '-x', '-y', $ldap_pwfile, '-f', 'data.ldif';
system_or_bail 'ldappasswd', '-x', '-y', $ldap_pwfile, '-s', 'secret1', 'uid=test1,dc=example,dc=net';
+system_or_bail 'ldappasswd', '-x', '-y', $ldap_pwfile, '-s', 'secret2', 'uid=test2,dc=example,dc=net';
note "setting up PostgreSQL instance";
@@ -95,6 +96,7 @@ $node->start;
$node->safe_psql('postgres', 'CREATE USER test0;');
$node->safe_psql('postgres', 'CREATE USER test1;');
+$node->safe_psql('postgres', 'CREATE USER "test2@example.net";');
note "running tests";
@@ -141,3 +143,35 @@ test_access($node, 'test0', 2, 'search+bind with LDAP URL authentication fails i
test_access($node, 'test1', 2, 'search+bind with LDAP URL authentication fails with wrong password');
$ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 0, 'search+bind with LDAP URL authentication succeeds');
+
+note "search filters";
+
+unlink($node->data_dir . '/pg_hba.conf');
+$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"});
+$node->reload;
+
+$ENV{"PGPASSWORD"} = 'secret1';
+test_access($node, 'test1', 0, 'search filter finds by uid');
+$ENV{"PGPASSWORD"} = 'secret2';
+test_access($node, 'test2@example.net', 0, 'search filter finds by mail');
+
+note "search filters in LDAP URLs";
+
+unlink($node->data_dir . '/pg_hba.conf');
+$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub?(|(uid=\$username)(mail=\$username))"});
+$node->reload;
+
+$ENV{"PGPASSWORD"} = 'secret1';
+test_access($node, 'test1', 0, 'search filter finds by uid');
+$ENV{"PGPASSWORD"} = 'secret2';
+test_access($node, 'test2@example.net', 0, 'search filter finds by mail');
+
+# This is not documented: You can combine ldapurl and other ldap*
+# settings. ldapurl is always parsed first, then the other settings
+# override. It might be useful in a case like this.
+unlink($node->data_dir . '/pg_hba.conf');
+$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"});
+$node->reload;
+
+$ENV{"PGPASSWORD"} = 'secret1';
+test_access($node, 'test1', 0, 'combined LDAP URL and search filter');
--
2.13.5