--- /dev/null
+# -*- text -*-
+#
+# test configuration file. Do not install/
+#
+# $id: $
+#
+
+#
+# Minimal radiusd.conf for testing
+#
+
+testdir = $ENV{TESTDIR}
+output = $ENV{OUTPUT}
+run_dir = ${output}
+raddb = raddb
+pidfile = ${run_dir}/radiusd.pid
+panic_action = "gdb -batch -x src/tests/panic.gdb %e %p > ${run_dir}/gdb.log 2>&1; cat ${run_dir}/gdb.log"
+
+maindir = ${raddb}
+radacctdir = ${run_dir}/radacct
+modconfdir = ${maindir}/mods-config
+certdir = ${maindir}/certs
+cadir = ${maindir}/certs
+test_port = $ENV{TEST_PORT}
+
+# Only for testing!
+# Setting this on a production system is a BAD IDEA.
+security {
+ allow_vulnerable_openssl = yes
+}
+
+# Only during migration
+migrate {
+ tmpl_tokenize_all_nested = yes
+}
+
+global {
+ ldap {
+ ldap_debug = 0x0801
+ }
+}
+
+policy {
+ linelogprep {
+ &control.Tmp-String-0 := "%{Packet-Type} %{LDAP-Sync.DN} %{LDAP-Sync.Entry-DN} %{Proto.radius.User-Name}"
+ }
+
+ grouplog {
+ foreach &Tmp-String-1 {
+ &control.Tmp-String-0 := "Group member %{Foreach-Variable-0}"
+ linelog
+ }
+ }
+
+ $INCLUDE ${maindir}/policy.d/
+}
+
+client localhost {
+ ipaddr = 127.0.0.1
+ secret = testing123
+}
+
+modules {
+
+ #
+ # Minimal LDAP module config to allow queries
+ # to fake initial cookie
+ #
+ ldap {
+ server = $ENV{RFC4533_TEST_SERVER}
+ identity = 'cn=admin,dc=example,dc=com'
+ password = 'secret'
+ base_dn = 'dc=example,dc=com'
+ user {
+ base_dn = "ou=people,${..base_dn}"
+ }
+ }
+
+ linelog {
+ format = "%{control.Tmp-String-0}"
+ destination = file
+
+ file {
+ filename = ${run_dir}/linelog.out
+ }
+ }
+
+ linelog cookielog {
+ format = "Cookie = %{control.Tmp-String-0}"
+ destination = file
+
+ file {
+ filename = ${run_dir}/cookielog.out
+ }
+ }
+
+ always reject {
+ rcode = reject
+ }
+ always fail {
+ rcode = fail
+ }
+ always ok {
+ rcode = ok
+ }
+ always handled {
+ rcode = handled
+ }
+ always invalid {
+ rcode = invalid
+ }
+ always disallow {
+ rcode = disallow
+ }
+ always notfound {
+ rcode = notfound
+ }
+ always noop {
+ rcode = noop
+ }
+ always updated {
+ rcode = updated
+ }
+}
+
+#
+# This virtual server connects to an LDAP server and listens
+# for packets received as the result of directory changes.
+#
+server test {
+ namespace = ldap_sync
+
+ listen {
+ transport = ldap
+
+ ldap {
+ server = $ENV{RFC4533_TEST_SERVER}
+ identity = 'cn=admin,dc=example,dc=com'
+ password = 'secret'
+
+ options {
+ res_timeout = 120
+ srv_timelimit = 60
+ idle = 60
+ probes = 3
+ interval = 3
+ reconnection_delay = 10
+ }
+ }
+
+ sync {
+ base_dn = "ou=people,dc=example,dc=com"
+ filter = "(objectClass=posixAccount)"
+
+ update {
+ &Proto.radius.User-Name = 'uid'
+ &Password.With-Header = 'userPassword'
+ }
+ }
+
+ sync {
+ base_dn = "ou=groups,dc=example,dc=com"
+ filter = "(objectClass=groupOfNames)"
+ scope = "sub"
+
+ update {
+ &Tmp-String-1 += "member"
+ }
+ }
+ }
+
+ load Cookie {
+ &control.Tmp-String-0 := "%{ldap:ldap:///%{LDAP-Sync.Directory-Root-DN}?contextCSN?base}"
+
+ if (&control.Tmp-String-0 != "") {
+ &reply.LDAP-Sync.Cookie := "rid=000,csn=%{control.Tmp-String-0}"
+ updated
+ }
+ }
+
+ store Cookie {
+ &control.Tmp-String-0 := &LDAP-Sync.Cookie
+ cookielog
+ }
+
+ recv Add {
+ linelogprep
+ linelog
+ grouplog
+ }
+
+ recv Modify {
+ linelogprep
+ linelog
+ grouplog
+ }
+
+ recv Delete {
+ linelogprep
+ linelog
+ grouplog
+ }
+
+ recv Present {
+ linelogprep
+ linelog
+ }
+}
projects / thirdparty / freeradius-server.git / commitdiff
