Add test of LDAP binary data update

And validation that empty / missing expansions don't produce updates

diff --git a/src/tests/modules/ldap/auth.unlang b/src/tests/modules/ldap/auth.unlang
index 11fc9d3a85bb4be7970a62ce03b2e2aeeb062374..7a8f883760099957a92d518c6abc1d175cc5849c 100644 (file)
--- a/src/tests/modules/ldap/auth.unlang
+++ b/src/tests/modules/ldap/auth.unlang
@@ -1,4 +1,5 @@
 string test_string
+octets test_octets
 
 #
 #  Run the "ldap" module
@@ -56,4 +57,31 @@ if (!(&test_string == "User %{User-Name} authenticated")) {
        test_fail
 }
 
+# userPKCS12 is set to be updated from Class - which doesn't exist - check nothing was added
+&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+
+if (&test_octets) {
+       test_fail
+}
+
+# Add dummy octet data and re-run the LDAP update to check the data is added
+&Class := 0x01020304
+ldap.send.access-accept
+
+&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+
+if (&test_octets != 0x01020304) {
+       test_fail
+}
+
+# Remove the RADIUS attribute and check that the update doesn't clear the LDAP attribute
+&request -= &Class[*]
+ldap.send.access-accept
+
+&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+
+if (&test_octets != 0x01020304) {
+       test_fail
+}
+
 test_pass

diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf
index 54085afea67d872947dc578e469bb021cb78123b..7c821edd08b4572e5f49533812c49703bb12225a 100644 (file)
--- a/src/tests/modules/ldap/module.conf
+++ b/src/tests/modules/ldap/module.conf
@@ -326,6 +326,7 @@ ldap {
                access-accept {
                        update {
                                description := "User %{User-Name} authenticated"
+                               userPKCS12 := &Class
                        }
                }
        }