From: Nick Porter Date: Mon, 20 Mar 2023 18:56:55 +0000 (+0000) Subject: CI: Update test LDAP config to allow SASL binds X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f676343867684bdf021f5bef7376c8695096e03;p=thirdparty%2Ffreeradius-server.git CI: Update test LDAP config to allow SASL binds --- diff --git a/scripts/ci/ldap/slapd.conf b/scripts/ci/ldap/slapd.conf index f179e35e585..ba406a4cc02 100644 --- a/scripts/ci/ldap/slapd.conf +++ b/scripts/ci/ldap/slapd.conf @@ -27,6 +27,17 @@ database config rootdn "cn=admin,cn=config" rootpw secret +# Options to allow DIGEST-MD5 SASL binds using passwords in the LDAP directory +password-hash {CLEARTEXT} + +authz-regexp + uid=admin,cn=[^,]*,cn=auth + cn=admin,dc=example,dc=com + +authz-regexp + uid=([^,]*),cn=[^,]*,cn=auth + uid=$1,ou=people,dc=example,dc=com + ####################################################################### # mdb database definitions can be added here, or added by ldapadd ####################################################################### diff --git a/scripts/ci/ldap/slapd2.conf b/scripts/ci/ldap/slapd2.conf index a943de9afea..14a90026419 100644 --- a/scripts/ci/ldap/slapd2.conf +++ b/scripts/ci/ldap/slapd2.conf @@ -26,6 +26,15 @@ database config rootdn "cn=admin,cn=config" rootpw secret +# SASL mapping of users to DNs so we can do PLAIN / LOGIN over ldaps +authz-regexp + uid=admin,cn=[^,]*,cn=auth + cn=admin,dc=example,dc=com + +authz-regexp + uid=([^,]*),cn=[^,]*,cn=auth + uid=$1,ou=people,dc=subdept,dc=example,dc=com + # # Certificates for SSL/TLS connections # Note - these will not match the host name so clients need to use diff --git a/src/tests/salt-test-server/salt/ldap/base.ldif b/src/tests/salt-test-server/salt/ldap/base.ldif index c943794189c..6f43e2fd8bd 100644 --- a/src/tests/salt-test-server/salt/ldap/base.ldif +++ b/src/tests/salt-test-server/salt/ldap/base.ldif @@ -12,9 +12,8 @@ olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read -olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage -olcAccess: to dn.base="" by * read -olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read +olcAccess: to dn.base="" by dn="cn=admin,cn=config" manage by * read +olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage by dn="cn=admin,dc=example,dc=com" write by * read dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig diff --git a/src/tests/salt-test-server/salt/ldap/base2.ldif b/src/tests/salt-test-server/salt/ldap/base2.ldif index 4ee1632a6cd..f4228bbd631 100644 --- a/src/tests/salt-test-server/salt/ldap/base2.ldif +++ b/src/tests/salt-test-server/salt/ldap/base2.ldif @@ -11,10 +11,9 @@ olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none -olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage olcAccess: to attrs=shadowLastChange by self write by * read -olcAccess: to dn.base="" by * read -olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read +olcAccess: to dn.base="" by dn="cn=admin,cn=config" manage by * read +olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage by dn="cn=admin,dc=example,dc=com" write by * read # Create top-level object in domain dn: dc=example,dc=com