Add test for LDAP profile from multiple objects

author Nick Porter <nick@portercomputing.co.uk>

Tue, 7 May 2024 17:11:52 +0000 (18:11 +0100)

committer Nick Porter <nick@portercomputing.co.uk>

Tue, 7 May 2024 17:30:28 +0000 (18:30 +0100)
author Nick Porter <nick@portercomputing.co.uk>
Tue, 7 May 2024 17:11:52 +0000 (18:11 +0100)
committer Nick Porter <nick@portercomputing.co.uk>
Tue, 7 May 2024 17:30:28 +0000 (18:30 +0100)
diff --git a/src/tests/modules/ldap/auth_nested_profile.attrs b/src/tests/modules/ldap/auth_nested_profile.attrs

new file mode 100644 (file)

index 0000000..16ea93b
--- /dev/null
+++ b/src/tests/modules/ldap/auth_nested_profile.attrs
@@ -0,0 +1,14 @@
+#
+#  Input packet
+#
+Packet-Type = Access-Request
+User-Name = "peter"
+User-Password = "letmein"
+NAS-IP-Address = 1.2.3.5
+
+#
+#  Expected answer
+#
+Packet-Type == Access-Accept
+Acct-Interim-Interval == 7200
+Framed-IP-Netmask == "255.255.192.0"
diff --git a/src/tests/modules/ldap/auth_nested_profile.unlang b/src/tests/modules/ldap/auth_nested_profile.unlang

new file mode 100644 (file)

index 0000000..516b58d
--- /dev/null
+++ b/src/tests/modules/ldap/auth_nested_profile.unlang
@@ -0,0 +1,33 @@
+string test_string
+
+#
+#  Run the "ldap" module
+#
+ldap
+
+#IP address is defined in cn=profile2
+if !(&control.Framed-IP-Address == 1.2.3.6) {
+        test_fail
+}
+
+# IP netmask defined in cn=reply,cn=profile2
+if (!(&reply.Framed-IP-Netmask == 255.255.192.0)) {
+        test_fail
+}
+
+if (!(&reply.Acct-Interim-Interval == 7200)) {
+        test_fail
+}
+
+# Attempt a bind authentication
+ldap.authenticate
+
+ldap.send
+
+&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=peter,ou=people,dc=example,dc=com?description")
+
+if (!(&test_string == "User %{User-Name} authenticated")) {
+       test_fail
+}
+
+test_pass
diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf

index 6fa1028d96155b1ea8a3011d3de423c552189ad9..e874a363fec98efb1d73907da5b89fca2b09d0bd 100644 (file)
--- a/src/tests/modules/ldap/module.conf
+++ b/src/tests/modules/ldap/module.conf
@@ -266,6 +266,7 @@ ldap {
         profile {
                 #  Filter for RADIUS profile objects
                 filter = '(objectclass=radiusprofile)'
+               scope = 'sub'
  
                 #  The default profile applied to all users.
                 default = 'cn=radprofile,ou=profiles,dc=example,dc=com'
diff --git a/src/tests/modules/ldap/xlat_profile.unlang b/src/tests/modules/ldap/xlat_profile.unlang

index 09cd526cc5be52e7eb3f7e5d04dabebfa6ebdbb1..70c3a7ec04d688e9acbc4647047adc212ed157ed 100644 (file)
--- a/src/tests/modules/ldap/xlat_profile.unlang
+++ b/src/tests/modules/ldap/xlat_profile.unlang
@@ -43,4 +43,19 @@ group {
        &reply := {}
  }
  
+if (!%ldap.profile('cn=profile3,ou=profiles,dc=example,dc=com')) {
+       test_fail
+}
+
+if (!((&reply.Framed-IP-Netmask == 255.255.192.0) && \
+      (&reply.Acct-Interim-Interval == 7200) && \
+      (&request.Service-Type == ::Framed-User) && \
+      (&control.Framed-IP-Address == 1.2.3.6) && \
+      (&control.Reply-Message == 'Salut'))) {
+       test_fail
+}
+
+&control := {}
+&reply := {}
+
  test_pass
diff --git a/src/tests/salt-test-server/salt/ldap/base.ldif b/src/tests/salt-test-server/salt/ldap/base.ldif

index c6a2a04cbbdac3ea48cd3a25e708a702fe7e4cda..65dcbc005de32c5fea4f8cd36f8790adfc03500f 100644 (file)
--- a/src/tests/salt-test-server/salt/ldap/base.ldif
+++ b/src/tests/salt-test-server/salt/ldap/base.ldif
@@ -89,6 +89,21 @@ radiusRequestAttribute: Service-Type := 'Framed-User'
  radiusControlAttribute: Framed-IP-Address := 1.2.3.5
  radiusControlAttribute: Reply-Message := "Bonjour"
  
+dn: cn=profile3,ou=profiles,dc=example,dc=com
+objectClass: freeradiusPolicy
+objectClass: radiusprofile
+cn: profile3
+radiusRequestAttribute: Service-Type := 'Framed-User'
+radiusControlAttribute: Framed-IP-Address := 1.2.3.6
+radiusControlAttribute: Reply-Message := "Salut"
+
+dn: cn=reply,cn=profile3,ou=profiles,dc=example,dc=com
+objectClass: freeradiusPolicy
+objectClass: radiusprofile
+cn: reply
+radiusReplyAttribute: Framed-IP-Netmask := 255.255.192.0
+radiusReplyAttribute: Acct-Interim-Interval := 7200
+
  dn: cn=suspended,ou=profiles,dc=example,dc=com
  objectClass: freeradiusPolicy
  objectClass: radiusprofile
@@ -127,6 +142,23 @@ radiusControlAttribute: Vendor-Specific.Cisco.AVPair += 'bar'
  radiusProfileDN: cn=profile1,ou=profiles,dc=example,dc=com
  dialupAccess: enabled
  
+dn: uid=peter,ou=people,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: radiusprofile
+uid: peter
+sn: Parker
+givenName: Peter
+cn: Peter Parker
+displayName: Peter Parker
+userPassword: letmein
+uidNumber: 102
+gidNumber: 102
+homeDirectory: /home/peter
+radiusProfileDN: cn=profile3,ou=profiles,dc=example,dc=com
+dialupAccess: enabled
+
  dn: uid=bob,ou=people,dc=example,dc=com
  objectClass: inetOrgPerson
  objectClass: posixAccount
author	Nick Porter <nick@portercomputing.co.uk>
	Tue, 7 May 2024 17:11:52 +0000 (18:11 +0100)
committer	Nick Porter <nick@portercomputing.co.uk>
	Tue, 7 May 2024 17:30:28 +0000 (18:30 +0100)
src/tests/modules/ldap/auth_nested_profile.attrs	[new file with mode: 0644]	patch \| blob
src/tests/modules/ldap/auth_nested_profile.unlang	[new file with mode: 0644]	patch \| blob
src/tests/modules/ldap/module.conf		patch \| blob \| blame \| history
src/tests/modules/ldap/xlat_profile.unlang		patch \| blob \| blame \| history
src/tests/salt-test-server/salt/ldap/base.ldif		patch \| blob \| blame \| history