From: Nick Porter Date: Fri, 19 Aug 2022 15:54:47 +0000 (+0100) Subject: Add config for testing Active Directory LDAP server X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc828c50ab239b4c29f5cef74b9807c349f3ffe8;p=thirdparty%2Ffreeradius-server.git Add config for testing Active Directory LDAP server --- diff --git a/src/tests/ldap_sync/active_directory/config/radiusd.conf b/src/tests/ldap_sync/active_directory/config/radiusd.conf new file mode 100644 index 00000000000..9d58a96b436 --- /dev/null +++ b/src/tests/ldap_sync/active_directory/config/radiusd.conf @@ -0,0 +1,177 @@ +# -*- text -*- +# +# test configuration file. Do not install/ +# +# $id: $ +# + +# +# Minimal radiusd.conf for testing +# + +testdir = $ENV{TESTDIR} +output = $ENV{OUTPUT} +run_dir = ${output} +raddb = raddb +pidfile = ${run_dir}/radiusd.pid +panic_action = "gdb -batch -x src/tests/panic.gdb %e %p > ${run_dir}/gdb.log 2>&1; cat ${run_dir}/gdb.log" + +maindir = ${raddb} +radacctdir = ${run_dir}/radacct +modconfdir = ${maindir}/mods-config +certdir = ${maindir}/certs +cadir = ${maindir}/certs +test_port = $ENV{TEST_PORT} + +# Only for testing! +# Setting this on a production system is a BAD IDEA. +security { + allow_vulnerable_openssl = yes +} + +# Only during migration +migrate { + tmpl_tokenize_all_nested = yes +} + +global { + ldap { + ldap_debug = 0x0801 + } +} + +policy { + linelogprep { + &control.Tmp-String-0 := "%{Packet-Type} %{LDAP-Sync.DN} %{LDAP-Sync.Entry-DN} %{Proto.radius.User-Name} %{Tmp-Integer-0} %{Tmp-String-0}" + } + + $INCLUDE ${maindir}/policy.d/ +} + +client localhost { + ipaddr = 127.0.0.1 + secret = testing123 +} + +modules { + + linelog { + format = "%{control.Tmp-String-0}" + destination = file + + file { + filename = "${run_dir}/linelog.out" + } + } + + always reject { + rcode = reject + } + always fail { + rcode = fail + } + always ok { + rcode = ok + } + always handled { + rcode = handled + } + always invalid { + rcode = invalid + } + always disallow { + rcode = disallow + } + always notfound { + rcode = notfound + } + always noop { + rcode = noop + } + always updated { + rcode = updated + } + +} + +# +# This virtual server connects to an LDAP server and listens +# for packets received as the result of directory changes. +# +server test { + namespace = ldap_sync + + listen { + transport = ldap + + ldap { + server = $ENV{ACTIVE_DIRECTORY_TEST_SERVER} + identity = 'administrator@example.com' + password = 'secret123!' + + options { + res_timeout = 120 + srv_timelimit = 60 + idle = 60 + probes = 3 + interval = 3 + reconnection_delay = 10 + } + } + + sync { + base_dn = "CN=Users,dc=example,dc=com" + filter = "(userAccountControl:1.2.840.113556.1.4.803:=512)" + scope = 'sub' + + update { + &Proto.radius.User-Name = 'sAMAccountName' + &Tmp-Integer-0 = 'userAccountControl' + } + } + + sync { + base_dn = "CN=Deleted Objects,dc=example,dc=com" + filter = "(userAccountControl:1.2.840.113556.1.4.803:=512)" + sub = "one" + + update { + &Proto.radius.User-Name = 'sAMAccountName' + &Tmp-Integer-0 = 'userAccountControl' + &Tmp-String-0 = 'isDeleted' + } + } + } + + load Cookie { + } + + store Cookie { + } + + recv Add { + linelogprep + linelog + } + + recv Modify { + linelogprep + linelog + } + + recv Delete { + # + # The DN changes for each deleted object - normalise the variable bit + # so we can check the output + # + if (&LDAP-Sync[0].Entry-DN =~ /(CN=.+:)[a-f0-9-]+(,CN=Deleted Objects,DC=example,DC=com)/) { + &request.LDAP-Sync[0].Entry-DN := "%{1}oldid%{2}" + } + linelogprep + linelog + } + + recv Present { + } + +}