From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 24 Aug 2023 12:57:48 +0000 (+0100)
Subject: Add LDAP test using SASL for user auth binds
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a38dcf726878fe08190cece83c58ca9a6f2d4295;p=thirdparty%2Ffreeradius-server.git

Add LDAP test using SASL for user auth binds
---

diff --git a/src/tests/modules/ldap/auth_sasl.attrs b/src/tests/modules/ldap/auth_sasl.attrs
new file mode 100644
index 00000000000..d08077d093f
--- /dev/null
+++ b/src/tests/modules/ldap/auth_sasl.attrs
@@ -0,0 +1,12 @@
+#
+#  Input packet
+#
+Packet-Type = Access-Request
+User-Name = "john"
+User-Password = "password"
+NAS-IP-Address = 1.2.3.5
+
+#
+#  Expected answer
+#
+Packet-Type == Access-Accept
diff --git a/src/tests/modules/ldap/auth_sasl.unlang b/src/tests/modules/ldap/auth_sasl.unlang
new file mode 100644
index 00000000000..6a362f03f04
--- /dev/null
+++ b/src/tests/modules/ldap/auth_sasl.unlang
@@ -0,0 +1,13 @@
+#
+#  Run the "ldap" module
+#
+ldapsasl
+
+if (!(&control.LDAP-UserDN == "uid=john,ou=people,dc=example,dc=com")) {
+        test_fail
+}
+
+# Attempt a bind authentication
+ldapsasl.authenticate
+
+test_pass
diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf
index 238076e5f23..9f74b60d94d 100644
--- a/src/tests/modules/ldap/module.conf
+++ b/src/tests/modules/ldap/module.conf
@@ -699,3 +699,50 @@ ldap ldaptls {
 		retry_delay = 1
 	}
 }
+
+#
+#  Fourth LDAP connection using SASL for auth binds
+#
+ldap ldapsasl {
+	server = "$ENV{LDAP_TEST_SERVER}"
+	port = $ENV{LDAP_TEST_SERVER_PORT}
+
+	identity = 'cn=admin,dc=example,dc=com'
+	password = secret
+
+	base_dn = 'dc=example,dc=com'
+
+	sasl {
+	}
+
+	user {
+		base_dn = "ou=people,${..base_dn}"
+		filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
+		sasl {
+			mech = 'DIGEST-MD5'
+			authname = &User-Name
+		}
+	}
+
+	options {
+		chase_referrals = yes
+		rebind = yes
+		referral_depth = 2
+		timeout = 10
+		timelimit = 3
+		idle = 60
+		probes = 3
+		interval = 3
+	}
+
+	pool {
+		start = 0
+		min = 1
+		max = 4
+		spare = 3
+		uses = 0
+		lifetime = 0
+		idle_timeout = 60
+		retry_delay = 1
+	}
+}