From: Arran Cudbard-Bell Date: Wed, 8 Jul 2015 14:53:20 +0000 (-0400) Subject: Split out group tests X-Git-Tag: release_3_0_9~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a419926ed12c5a57a12419f66100a9daaaf34092;p=thirdparty%2Ffreeradius-server.git Split out group tests --- diff --git a/src/tests/modules/ldap/auth.unlang b/src/tests/modules/ldap/auth.unlang index 5a84500eb2d..edf14bff563 100644 --- a/src/tests/modules/ldap/auth.unlang +++ b/src/tests/modules/ldap/auth.unlang @@ -58,14 +58,6 @@ if ("%{pairs:reply:}" == "") { test_fail } - -if (LDAP-Group == "foo") { - test_pass -} -else { - test_fail -} - ldap.post-auth update { diff --git a/src/tests/modules/ldap/groups_rfc2307bis.attrs b/src/tests/modules/ldap/groups_rfc2307bis.attrs new file mode 100644 index 00000000000..be988eeec42 --- /dev/null +++ b/src/tests/modules/ldap/groups_rfc2307bis.attrs @@ -0,0 +1,15 @@ +# +# Input packet +# +User-Name = "john" +User-Password = "password" +NAS-IP-Address = 1.2.3.5 + +# +# Expected answer +# +Response-Packet-Type == Access-Accept +Idle-Timeout == 3600 +Session-Timeout == 7200 +Acct-Interim-Interval == 1800 +Framed-IP-Netmask == "255.255.0.0" diff --git a/src/tests/modules/ldap/groups_rfc2307bis.unlang b/src/tests/modules/ldap/groups_rfc2307bis.unlang new file mode 100644 index 00000000000..cd93eb180c3 --- /dev/null +++ b/src/tests/modules/ldap/groups_rfc2307bis.unlang @@ -0,0 +1,41 @@ +# +# Run the "ldap" module +# +ldap + +# +# Resolve using group name attribute +# +if (LDAP-Group == 'foo') { + test_pass +} +else { + test_fail +} + +# +# Resolve using group DN +# +if (LDAP-Group == 'cn=foo,ou=groups,dc=example,dc=com') { + test_pass +} +else { + test_fail +} + +# +# Check we have these values cached +# +if (&LDAP-Cached-Membership[*] == 'foo') { + test_pass +} +else { + test_fail +} + +if (&LDAP-Cached-Membership[*] == 'cn=foo,ou=groups,dc=example,dc=com') { + test_pass +} +else { + test_fail +} diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf index bf978e6a255..3e5f1285b33 100644 --- a/src/tests/modules/ldap/module.conf +++ b/src/tests/modules/ldap/module.conf @@ -135,8 +135,7 @@ ldap { # user { # Where to start searching in the tree for users - base_dn = 'ou=people,dc=example,dc=com' - #base_dn = 'ou=people,${..base_dn}' + base_dn = "ou=people,${..base_dn}" # Filter for user objects, should be specific enough # to identify a single user object. @@ -199,14 +198,14 @@ ldap { # group { # Where to start searching in the tree for groups - base_dn = 'ou=groups,dc=example,dc=com' + base_dn = "ou=groups,${..base_dn}" # Filter for group objects, should match all available # group objects a user might be a member of. filter = '(objectClass=groupOfNames)' # Search scope, may be 'base', 'one', sub' or 'children' -# scope = 'sub' + scope = 'sub' # Attribute that uniquely identifies a group. # Is used when converting group DNs to group @@ -224,7 +223,7 @@ ldap { # Unless a conversion between group name and group DN is # needed, there's no requirement for the group objects # referenced to actually exist. -# membership_attribute = 'memberOf' + membership_attribute = 'memberOf' # If cacheable_name or cacheable_dn are enabled, # all group information for the user will be @@ -240,13 +239,13 @@ ldap { # the type that matches the format of your check items # i.e. if your groups are specified as DNs then enable # cacheable_dn else enable cacheable_name. -# cacheable_name = 'no' -# cacheable_dn = 'no' + cacheable_name = yes + cacheable_dn = yes # Override the normal cache attribute (-LDAP-Group) # and create a custom attribute. This can help if multiple # module instances are used in fail-over. -# cache_attribute = 'LDAP-Cached-Membership' + cache_attribute = 'LDAP-Cached-Membership' } # @@ -273,7 +272,7 @@ ldap { # client { # Where to start searching in the tree for clients - base_dn = 'ou=people,dc=example,dc=com' + base_dn = "ou=clients,${..base_dn}" # # Filter to match client objects