From: Nick Porter <nick@portercomputing.co.uk>
Date: Wed, 8 Jan 2025 09:48:12 +0000 (+0000)
Subject: Add test of LDAP binary data update
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35a99a37a2e45251ceda30c10544c87570f9ac40;p=thirdparty%2Ffreeradius-server.git

Add test of LDAP binary data update

And validation that empty / missing expansions don't produce updates
---

diff --git a/src/tests/modules/ldap/auth.unlang b/src/tests/modules/ldap/auth.unlang
index 11fc9d3a85b..7a8f8837600 100644
--- a/src/tests/modules/ldap/auth.unlang
+++ b/src/tests/modules/ldap/auth.unlang
@@ -1,4 +1,5 @@
 string test_string
+octets test_octets
 
 #
 #  Run the "ldap" module
@@ -56,4 +57,31 @@ if (!(&test_string == "User %{User-Name} authenticated")) {
 	test_fail
 }
 
+# userPKCS12 is set to be updated from Class - which doesn't exist - check nothing was added
+&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+
+if (&test_octets) {
+	test_fail
+}
+
+# Add dummy octet data and re-run the LDAP update to check the data is added
+&Class := 0x01020304
+ldap.send.access-accept
+
+&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+
+if (&test_octets != 0x01020304) {
+	test_fail
+}
+
+# Remove the RADIUS attribute and check that the update doesn't clear the LDAP attribute
+&request -= &Class[*]
+ldap.send.access-accept
+
+&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+
+if (&test_octets != 0x01020304) {
+	test_fail
+}
+
 test_pass
diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf
index 54085afea67..7c821edd08b 100644
--- a/src/tests/modules/ldap/module.conf
+++ b/src/tests/modules/ldap/module.conf
@@ -326,6 +326,7 @@ ldap {
 		access-accept {
 			update {
 				description := "User %{User-Name} authenticated"
+				userPKCS12 := &Class
 			}
 		}
 	}