From: Nick Porter Date: Tue, 7 May 2024 17:11:52 +0000 (+0100) Subject: Add test for LDAP profile from multiple objects X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d28ed0860dceaa1b77a47c0a9b0279f31fc21fc9;p=thirdparty%2Ffreeradius-server.git Add test for LDAP profile from multiple objects --- diff --git a/src/tests/modules/ldap/auth_nested_profile.attrs b/src/tests/modules/ldap/auth_nested_profile.attrs new file mode 100644 index 00000000000..16ea93b5075 --- /dev/null +++ b/src/tests/modules/ldap/auth_nested_profile.attrs @@ -0,0 +1,14 @@ +# +# Input packet +# +Packet-Type = Access-Request +User-Name = "peter" +User-Password = "letmein" +NAS-IP-Address = 1.2.3.5 + +# +# Expected answer +# +Packet-Type == Access-Accept +Acct-Interim-Interval == 7200 +Framed-IP-Netmask == "255.255.192.0" diff --git a/src/tests/modules/ldap/auth_nested_profile.unlang b/src/tests/modules/ldap/auth_nested_profile.unlang new file mode 100644 index 00000000000..516b58d0b63 --- /dev/null +++ b/src/tests/modules/ldap/auth_nested_profile.unlang @@ -0,0 +1,33 @@ +string test_string + +# +# Run the "ldap" module +# +ldap + +#IP address is defined in cn=profile2 +if !(&control.Framed-IP-Address == 1.2.3.6) { + test_fail +} + +# IP netmask defined in cn=reply,cn=profile2 +if (!(&reply.Framed-IP-Netmask == 255.255.192.0)) { + test_fail +} + +if (!(&reply.Acct-Interim-Interval == 7200)) { + test_fail +} + +# Attempt a bind authentication +ldap.authenticate + +ldap.send + +&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=peter,ou=people,dc=example,dc=com?description") + +if (!(&test_string == "User %{User-Name} authenticated")) { + test_fail +} + +test_pass diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf index 6fa1028d961..e874a363fec 100644 --- a/src/tests/modules/ldap/module.conf +++ b/src/tests/modules/ldap/module.conf @@ -266,6 +266,7 @@ ldap { profile { # Filter for RADIUS profile objects filter = '(objectclass=radiusprofile)' + scope = 'sub' # The default profile applied to all users. default = 'cn=radprofile,ou=profiles,dc=example,dc=com' diff --git a/src/tests/modules/ldap/xlat_profile.unlang b/src/tests/modules/ldap/xlat_profile.unlang index 09cd526cc5b..70c3a7ec04d 100644 --- a/src/tests/modules/ldap/xlat_profile.unlang +++ b/src/tests/modules/ldap/xlat_profile.unlang @@ -43,4 +43,19 @@ group { &reply := {} } +if (!%ldap.profile('cn=profile3,ou=profiles,dc=example,dc=com')) { + test_fail +} + +if (!((&reply.Framed-IP-Netmask == 255.255.192.0) && \ + (&reply.Acct-Interim-Interval == 7200) && \ + (&request.Service-Type == ::Framed-User) && \ + (&control.Framed-IP-Address == 1.2.3.6) && \ + (&control.Reply-Message == 'Salut'))) { + test_fail +} + +&control := {} +&reply := {} + test_pass diff --git a/src/tests/salt-test-server/salt/ldap/base.ldif b/src/tests/salt-test-server/salt/ldap/base.ldif index c6a2a04cbbd..65dcbc005de 100644 --- a/src/tests/salt-test-server/salt/ldap/base.ldif +++ b/src/tests/salt-test-server/salt/ldap/base.ldif @@ -89,6 +89,21 @@ radiusRequestAttribute: Service-Type := 'Framed-User' radiusControlAttribute: Framed-IP-Address := 1.2.3.5 radiusControlAttribute: Reply-Message := "Bonjour" +dn: cn=profile3,ou=profiles,dc=example,dc=com +objectClass: freeradiusPolicy +objectClass: radiusprofile +cn: profile3 +radiusRequestAttribute: Service-Type := 'Framed-User' +radiusControlAttribute: Framed-IP-Address := 1.2.3.6 +radiusControlAttribute: Reply-Message := "Salut" + +dn: cn=reply,cn=profile3,ou=profiles,dc=example,dc=com +objectClass: freeradiusPolicy +objectClass: radiusprofile +cn: reply +radiusReplyAttribute: Framed-IP-Netmask := 255.255.192.0 +radiusReplyAttribute: Acct-Interim-Interval := 7200 + dn: cn=suspended,ou=profiles,dc=example,dc=com objectClass: freeradiusPolicy objectClass: radiusprofile @@ -127,6 +142,23 @@ radiusControlAttribute: Vendor-Specific.Cisco.AVPair += 'bar' radiusProfileDN: cn=profile1,ou=profiles,dc=example,dc=com dialupAccess: enabled +dn: uid=peter,ou=people,dc=example,dc=com +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +objectClass: radiusprofile +uid: peter +sn: Parker +givenName: Peter +cn: Peter Parker +displayName: Peter Parker +userPassword: letmein +uidNumber: 102 +gidNumber: 102 +homeDirectory: /home/peter +radiusProfileDN: cn=profile3,ou=profiles,dc=example,dc=com +dialupAccess: enabled + dn: uid=bob,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount