Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tests-only] Make LDAP based test config more flexible for being able to run with libregraph/idm default config #39893

Merged
merged 7 commits into from
Mar 22, 2022
Merged

[tests-only] Make LDAP based test config more flexible for being able to run with libregraph/idm default config #39893

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d170df2
Avoid hardcoded LDAP attributes
rhafer Mar 15, 2022
c6777c9
Allow to override LDAP SSL usage and Bind Password via env
rhafer Mar 15, 2022
5537d8b
Explicitly set "uid" Attribute on LDAP users
rhafer Mar 15, 2022
ad903d0
Allow to skip base LDIF import
rhafer Mar 15, 2022
cd03936
LDAP: clean up user creation
rhafer Mar 15, 2022
30f8dbb
Allow to override user and groups ou via env
rhafer Mar 15, 2022
369f0d8
Allow to switch Group Schema for LDAP Groups
rhafer Mar 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 37 additions & 1 deletion tests/TestHelpers/OcisHelper.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,12 @@ public static function getLdapPort():int {
* @return bool
*/
public static function useSsl():bool {
return (self::getLdapPort() === 636);
$useSsl = \getenv("REVA_LDAP_USESSL");
if ($useSsl === false) {
return (self::getLdapPort() === 636);
} else {
return $useSsl === "true";
}
}

/**
Expand All @@ -243,6 +248,29 @@ public static function getBaseDN():string {
return $dn ? $dn : "dc=owncloud,dc=com";
}

/**
* @return string
*/
public static function getGroupsOU():string {
$ou = \getenv("REVA_LDAP_GROUPS_OU");
return $ou ? $ou : "TestGroups";
}

/**
* @return string
*/
public static function getUsersOU():string {
$ou = \getenv("REVA_LDAP_USERS_OU");
return $ou ? $ou : "TestUsers";
}

/**
* @return string
*/
public static function getGroupSchema():string {
$schema = \getenv("REVA_LDAP_GROUP_SCHEMA");
return $schema ? $schema : "rfc2307";
}
/**
* @return string
*/
Expand All @@ -259,6 +287,14 @@ public static function getBindDN():string {
return $dn ? $dn : "cn=admin,dc=owncloud,dc=com";
}

/**
* @return string
*/
public static function getBindPassword():string {
$pw = \getenv("REVA_LDAP_BIND_PASSWORD");
return $pw ? $pw : "";
}

/**
* @return string
*/
Expand Down
8 changes: 8 additions & 0 deletions tests/acceptance/features/bootstrap/FeatureContext.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,14 @@ public function pushToLastStatusCodesArrays():void {
* @var string
*/
private $ldapGroupsOU;
/**
* @var string
*/
private $ldapGroupSchema;
/**
* @var bool
*/
private $skipImportLdif;
/**
* @var array
*/
Expand Down
119 changes: 82 additions & 37 deletions tests/acceptance/features/bootstrap/Provisioning.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,6 @@ trait Provisioning {
*/
private $createdUsers = [];

/**
* @var string
*/
private $ou = "TestGroups";

/**
* list of users that were created on the remote server during test runs
* key is the lowercase username, value is an array of user attributes
Expand Down Expand Up @@ -539,10 +534,15 @@ public function connectToLdap(array $suiteParameters):void {
$useSsl = false;
if (OcisHelper::isTestingOnOcisOrReva()) {
$this->ldapBaseDN = OcisHelper::getBaseDN();
$this->ldapUsersOU = OcisHelper::getGroupsOU();
$this->ldapGroupsOU = OcisHelper::getUsersOU();
$this->ldapGroupSchema = OcisHelper::getGroupSchema();
$this->ldapHost = OcisHelper::getHostname();
$this->ldapPort = OcisHelper::getLdapPort();
$useSsl = OcisHelper::useSsl();
$this->ldapAdminUser = OcisHelper::getBindDN();
$this->ldapAdminPassword = OcisHelper::getBindPassword();
$this->skipImportLdif = (\getenv("REVA_LDAP_SKIP_LDIF_IMPORT") === "true");
if ($useSsl === true) {
\putenv('LDAPTLS_REQCERT=never');
}
Expand Down Expand Up @@ -573,11 +573,13 @@ public function connectToLdap(array $suiteParameters):void {
$this->ldapHost = (string)$ldapConfig['ldapHost'];
$this->ldapPort = (int)$ldapConfig['ldapPort'];
$this->ldapAdminUser = (string)$ldapConfig['ldapAgentName'];
$this->ldapGroupSchema = "rfc2307";
$this->ldapUsersOU = (string)$suiteParameters['ldapUsersOU'];
$this->ldapGroupsOU = (string)$suiteParameters['ldapGroupsOU'];
}
if ($this->ldapAdminPassword === "") {
$this->ldapAdminPassword = (string)$suiteParameters['ldapAdminPassword'];
}
$this->ldapAdminPassword = (string)$suiteParameters['ldapAdminPassword'];
$this->ldapUsersOU = (string)$suiteParameters['ldapUsersOU'];
$this->ldapGroupsOU = (string)$suiteParameters['ldapGroupsOU'];

$options = [
'host' => $this->ldapHost,
'port' => $this->ldapPort,
Expand All @@ -598,7 +600,9 @@ public function connectToLdap(array $suiteParameters):void {
$ldifFile = $configPath . "/" . \basename($ldifFile);
}
}
$this->importLdifFile($ldifFile);
if (!$this->skipImportLdif) {
$this->importLdifFile($ldifFile);
}
$this->theLdapUsersHaveBeenResynced();
}

Expand Down Expand Up @@ -704,21 +708,26 @@ public function generateUUIDv4(): string {
* @throws Exception
*/
public function createLdapUser(array $setting):void {
$ou = "TestUsers";
$ou = $this->ldapUsersOU ;
// Some special characters need to be escaped in LDAP DN and attributes
// The special characters allowed in a username (UID) are +_.@-
// Of these, only + has to be escaped.
$userId = \str_replace('+', '\+', $setting["userid"]);
$newDN = 'uid=' . $userId . ',ou=' . $ou . ',' . 'dc=owncloud,dc=com';
$newDN = 'uid=' . $userId . ',ou=' . $ou . ',' . $this->ldapBaseDN;

//pick a high number as uidnumber to make sure there are no conflicts with existing uidnumbers
$uidNumber = \count($this->ldapCreatedUsers) + 30000;
$entry = [];
$entry['cn'] = $userId;
$entry['sn'] = $userId;
$entry['uid'] = $setting["userid"];
$entry['homeDirectory'] = '/home/openldap/' . $setting["userid"];
$entry['objectclass'][] = 'posixAccount';
$entry['objectclass'][] = 'inetOrgPerson';
$entry['objectclass'][] = 'organizationalPerson';
$entry['objectclass'][] = 'person';
$entry['objectclass'][] = 'top';

$entry['userPassword'] = $setting["password"];
if (isset($setting["displayName"])) {
$entry['displayName'] = $setting["displayName"];
Expand All @@ -729,15 +738,13 @@ public function createLdapUser(array $setting):void {
$entry['gidNumber'] = 5000;
$entry['uidNumber'] = $uidNumber;

if (OcisHelper::isTestingParallelDeployment()) {
$entry['objectclass'][] = 'organizationalPerson';
if (OcisHelper::isTestingOnOcis()) {
$entry['objectclass'][] = 'ownCloud';
$entry['objectclass'][] = 'person';
$entry['objectclass'][] = 'top';
$entry['uid'] = $setting["userid"];
$entry['ownCloudSelector'] = $this->getOCSelector();
$entry['ownCloudUUID'] = $this->generateUUIDv4();
}
if (OcisHelper::isTestingParallelDeployment()) {
$entry['ownCloudSelector'] = $this->getOCSelector();
}

if ($this->federatedServerExists()) {
if (!\in_array($setting['userid'], $this->ldapCreatedUsers)) {
Expand All @@ -759,12 +766,22 @@ public function createLdapUser(array $setting):void {
*/
public function createLdapGroup(string $group):void {
$baseDN = $this->getLdapBaseDN();
$newDN = 'cn=' . $group . ',ou=' . $this->ou . ',' . $baseDN;
$newDN = 'cn=' . $group . ',ou=' . $this->ldapGroupsOU . ',' . $baseDN;
$entry = [];
$entry['cn'] = $group;
$entry['objectclass'][] = 'posixGroup';
$entry['objectclass'][] = 'top';
$entry['gidNumber'] = 5000;

if ($this->ldapGroupSchema == "rfc2307") {
$entry['objectclass'][] = 'posixGroup';
$entry['gidNumber'] = 5000;
} else {
$entry['objectclass'][] = 'groupOfNames';
$entry['member'] = "";
}
if (OcisHelper::isTestingOnOcis()) {
$entry['objectclass'][] = 'ownCloud';
$entry['ownCloudUUID'] = $this->generateUUIDv4();
}
$this->ldap->add($newDN, $entry);
\array_push($this->ldapCreatedGroups, $group);
// For syncing the ldap groups
Expand Down Expand Up @@ -836,22 +853,30 @@ public function setLdapSetting(string $configId, string $configKey, string $conf
* @throws Exception
*/
public function deleteLdapUsersAndGroups():void {
//delete created ldap users
$this->ldap->delete(
"ou=" . $this->ldapUsersOU . "," . $this->ldapBaseDN,
true
);
//delete all created ldap groups
$this->ldap->delete(
"ou=" . $this->ldapGroupsOU . "," . $this->ldapBaseDN,
true
);
foreach ($this->ldapCreatedUsers as $user) {
$this->ldap->delete(
"uid=" . ldap_escape($user, "", LDAP_ESCAPE_DN) . ",ou=" . $this->ldapUsersOU . "," . $this->ldapBaseDN,
);
$this->rememberThatUserIsNotExpectedToExist($user);
}
foreach ($this->ldapCreatedGroups as $group) {
$this->ldap->delete(
"cn=" . ldap_escape($group, "", LDAP_ESCAPE_DN) . ",ou=" . $this->ldapGroupsOU . "," . $this->ldapBaseDN,
);
$this->rememberThatGroupIsNotExpectedToExist($group);
}
if (!$this->skipImportLdif) {
//delete ou from LDIF import
$this->ldap->delete(
"ou=" . $this->ldapUsersOU . "," . $this->ldapBaseDN,
true
);
//delete all created ldap groups
$this->ldap->delete(
"ou=" . $this->ldapGroupsOU . "," . $this->ldapBaseDN,
true
);
}
$this->theLdapUsersHaveBeenResynced();
}

Expand Down Expand Up @@ -3258,7 +3283,7 @@ public function theTheFollowingUserShouldBelongToTheFollowingGroup(TableNode $ta
*/
public function getUsersOfLdapGroup(string $group):array {
$ou = $this->getLdapGroupsOU();
$entry = 'cn=' . $group . ',ou=' . $ou . ',' . 'dc=owncloud,dc=com';
$entry = 'cn=' . $group . ',ou=' . $ou . ',' . $this->ldapBaseDN;
$ldapResponse = $this->ldap->getEntry($entry);
return $ldapResponse["memberuid"];
}
Expand Down Expand Up @@ -3834,10 +3859,20 @@ public function addUserToLdapGroup(string $user, string $group, ?string $ou = nu
if ($ou === null) {
$ou = $this->getLdapGroupsOU();
}
$memberAttr = "";
$memberValue = "";
if ($this->ldapGroupSchema == "rfc2307") {
$memberAttr = "memberUID";
$memberValue = "$user";
} else {
$memberAttr = "member";
$userbase = "ou=" . $this->getLdapUsersOU() . "," . $this->ldapBaseDN;
$memberValue = "uid=$user" . "," . "$userbase";
}
$this->setTheLdapAttributeOfTheEntryTo(
"memberUid",
$memberAttr,
"cn=$group,ou=$ou",
$user,
$memberValue,
true
);
}
Expand Down Expand Up @@ -3868,9 +3903,19 @@ public function removeUserFromLdapGroup(string $user, string $group, ?string $ou
if ($ou === null) {
$ou = $this->getLdapGroupsOU();
}
$memberAttr = "";
$memberValue = "";
if ($this->ldapGroupSchema == "rfc2307") {
$memberAttr = "memberUID";
$memberValue = "$user";
} else {
$memberAttr = "member";
$userbase = "ou=" . $this->getLdapUsersOU() . "," . $this->ldapBaseDN;
$memberValue = "uid=$user" . "," . "$userbase";
}
$this->deleteValueFromLdapAttribute(
$user,
"memberUid",
$memberValue,
$memberAttr,
"cn=$group,ou=$ou"
);
$this->theLdapUsersHaveBeenReSynced();
Expand Down Expand Up @@ -4221,7 +4266,7 @@ public function userTriesToDeleteGroupUsingTheProvisioningApi(string $user, stri
public function groupExists(string $group):bool {
if ($this->isTestingWithLdap() && OcisHelper::isTestingOnOcisOrReva()) {
$baseDN = $this->getLdapBaseDN();
$newDN = 'cn=' . $group . ',ou=' . $this->ou . ',' . $baseDN;
$newDN = 'cn=' . $group . ',ou=' . $this->ldapGroupsOU . ',' . $baseDN;
if ($this->ldap->getEntry($newDN) !== null) {
return true;
}
Expand Down