v2-0002-ldap-test-ldapurl-with-simple-bind.patch
application/octet-stream
Filename: v2-0002-ldap-test-ldapurl-with-simple-bind.patch
Type: application/octet-stream
Part: 1
Patch
Format: format-patch
Series: patch v2-0002
Subject: ldap: test ldapurl with simple bind
| File | + | − |
|---|---|---|
| src/test/ldap/t/001_auth.pl | 15 | 0 |
From 0fbf70f188741457aa3660498227c0c4f2910933 Mon Sep 17 00:00:00 2001
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Fri, 24 May 2024 11:33:18 -0700
Subject: [PATCH v2 2/3] ldap: test ldapurl with simple bind
This was previously allowed but unexercised, and now that it's
documented it'd be good to pin the behavior.
---
src/test/ldap/t/001_auth.pl | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl
index 850db34503..70ba4927cf 100644
--- a/src/test/ldap/t/001_auth.pl
+++ b/src/test/ldap/t/001_auth.pl
@@ -145,6 +145,21 @@ test_access($node, 'test1', 0, 'search+bind authentication succeeds');
note "LDAP URLs";
+unlink($node->data_dir . '/pg_hba.conf');
+$node->append_conf('pg_hba.conf',
+ qq{local all all ldap ldapurl="$ldap_url" ldapprefix="uid=" ldapsuffix=",dc=example,dc=net"});
+$node->restart;
+
+$ENV{"PGPASSWORD"} = 'wrong';
+test_access($node, 'test0', 2,
+ 'simple bind with LDAP URL authentication fails if user not found in LDAP'
+);
+test_access($node, 'test1', 2,
+ 'simple bind with LDAP URL authentication fails with wrong password');
+$ENV{"PGPASSWORD"} = 'secret1';
+test_access($node, 'test1', 0,
+ 'simple bind with LDAP URL authentication succeeds');
+
unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf',
qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn?uid?sub"});
--
2.34.1