From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 27 Feb 2025 13:51:04 +0000 (+0000)
Subject: Add fallthrough to LDAP tests
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d52d78dcf40098bb145fc737382294897db3523;p=thirdparty%2Ffreeradius-server.git

Add fallthrough to LDAP tests
---

diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf
index 15c42c9a22c..8ee20162a23 100644
--- a/src/tests/modules/ldap/module.conf
+++ b/src/tests/modules/ldap/module.conf
@@ -279,6 +279,7 @@ ldap {
 		attribute_suspend = "radiusProfileSuspendedDn"
 		sort_by = 'radiusProfilePriority'
 		check_attribute = 'radiusProfileCondition'
+		fallthrough_attribute = 'radiusProfileFallthrough'
 	}
 
 	#
diff --git a/src/tests/modules/ldap/xlat_profile.unlang b/src/tests/modules/ldap/xlat_profile.unlang
index ba0a67cf529..0f33744b7b6 100644
--- a/src/tests/modules/ldap/xlat_profile.unlang
+++ b/src/tests/modules/ldap/xlat_profile.unlang
@@ -71,6 +71,18 @@ if (reply.Reply-Message != 'Guten Tag') {
 
 reply := {}
 
+# Test fallthrough processing.
+if (!%ldap.profile('cn=nested2,ou=profiles,dc=example,dc=com')) {
+	test_fail
+}
+
+# fallthrough condition should mean only the second profile will be applied
+if (reply.Reply-Message != 'Good Day') {
+	test_fail
+}
+
+reply := {}
+
 # Re-run the above with a different user name - the profile with "Guten Tag"
 # as the reply message has a condition of User-Name == bob
 &User-Name := 'john'
@@ -84,4 +96,15 @@ if (reply.Reply-Message != 'Good Day') {
 
 reply := {}
 
+if (!%ldap.profile('cn=nested2,ou=profiles,dc=example,dc=com')) {
+	test_fail
+}
+
+# fallthrough condition should mean only the first profile is applied
+if (reply.Reply-Message != 'Guten Tag') {
+	test_fail
+}
+
+reply := {}
+
 test_pass
diff --git a/src/tests/salt-test-server/salt/ldap/base.ldif b/src/tests/salt-test-server/salt/ldap/base.ldif
index 5db1d8e18d2..d3335cd0cf0 100644
--- a/src/tests/salt-test-server/salt/ldap/base.ldif
+++ b/src/tests/salt-test-server/salt/ldap/base.ldif
@@ -119,7 +119,6 @@ radiusReplyAttribute: Reply-Message := 'User-Suspended'
 
 dn: cn=nested,ou=profiles,dc=example,dc=com
 objectClass: freeradiusPolicy
-objectClass: radiusprofile
 cn: nested
 
 dn: cn=child1,cn=nested,ou=profiles,dc=example,dc=com
@@ -144,6 +143,25 @@ cn: child3
 radiusAttribute: reply.Reply-Message = 'Buna Ziua'
 radiusProfilePriority: 3
 
+dn: cn=nested2,ou=profiles,dc=example,dc=com
+objectClass: freeradiusPolicy
+cn: nested2
+
+dn: cn=child1,cn=nested2,ou=profiles,dc=example,dc=com
+objectClass: freeradiusPolicy
+objectClass: radiusprofile
+cn: child1
+radiusAttribute: reply.Reply-Message := 'Guten Tag'
+radiusProfilePriority: 1
+radiusProfileFallthrough: User-Name == 'bob'
+
+dn: cn=child2,cn=nested2,ou=profiles,dc=example,dc=com
+objectClass: freeradiusPolicy
+objectClass: radiusprofile
+cn: child2
+radiusAttribute: reply.Reply-Message := 'Good Day'
+radiusProfilePriority: 2
+
 dn: uid=adminuser,ou=people,dc=example,dc=com
 objectClass: inetOrgPerson
 uid: adminuser