[pbs-devel] [PATCH v3 proxmox 5/6] ldap: tests: add LDAP integration tests
Lukas Wagner
l.wagner at proxmox.com
Tue Jan 24 11:03:36 CET 2023
This commit adds integration tests to ensure that the crate works as intended.
The tests are executed against a real LDAP server, namely `glauth`. `glauth` was
chosen because it ships as a single, statically compiled binary and can
be configured with a single configuration file.
The tests are written as off-the-shelf unit tests. However, they are
#[ignored] by default, as they have some special requirements:
* They required the GLAUTH_BIN environment variable to be set,
pointing to the location of the `glauth` binary. `glauth` will be
started and stopped automatically by the test suite.
* Tests have to be executed sequentially (`--test-threads 1`),
otherwise multiple instances of the glauth server might bind to the
same port.
The `run_integration_tests.sh` checks whether GLAUTH_BIN is set, or if
not, attempts to find `glauth` on PATH. The script also ensures that the
tests are run sequentially.
Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
---
proxmox-ldap/Cargo.toml | 2 +
proxmox-ldap/run_integration_tests.sh | 31 ++++
proxmox-ldap/src/lib.rs | 2 +-
.../tests/assets/generate_certificate.sh | 4 +
proxmox-ldap/tests/assets/glauth.cfg | 67 +++++++
proxmox-ldap/tests/assets/glauth.crt | 29 +++
proxmox-ldap/tests/assets/glauth.key | 52 ++++++
proxmox-ldap/tests/assets/glauth_v6.cfg | 67 +++++++
proxmox-ldap/tests/glauth.rs | 166 ++++++++++++++++++
9 files changed, 419 insertions(+), 1 deletion(-)
create mode 100755 proxmox-ldap/run_integration_tests.sh
create mode 100755 proxmox-ldap/tests/assets/generate_certificate.sh
create mode 100644 proxmox-ldap/tests/assets/glauth.cfg
create mode 100644 proxmox-ldap/tests/assets/glauth.crt
create mode 100644 proxmox-ldap/tests/assets/glauth.key
create mode 100644 proxmox-ldap/tests/assets/glauth_v6.cfg
create mode 100644 proxmox-ldap/tests/glauth.rs
diff --git a/proxmox-ldap/Cargo.toml b/proxmox-ldap/Cargo.toml
index 70fba73..02cdb14 100644
--- a/proxmox-ldap/Cargo.toml
+++ b/proxmox-ldap/Cargo.toml
@@ -14,3 +14,5 @@ ldap3 = { workspace = true, default_features = false, features = ["tls"] }
serde = { workspace = true, features = ["derive"] }
native-tls.workspace = true
+[dev_dependencies]
+proxmox-async.workspace = true
diff --git a/proxmox-ldap/run_integration_tests.sh b/proxmox-ldap/run_integration_tests.sh
new file mode 100755
index 0000000..03b6d9b
--- /dev/null
+++ b/proxmox-ldap/run_integration_tests.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Run integration tests for the proxmox_ldap crate.
+# At this time, the tests require `glauth` to be available,
+# either explicitly passed via $GLAUTH_PATH, or somewhere
+# on $PATH.
+#
+# Tested with glauth v2.1.0
+
+function run_tests {
+ # All tests that need glauth running are ignored, so
+ # that we can run `cargo test` without caring about them
+ # Also, only run on 1 thread, because otherwise
+ # glauth would need a separate port for each rurnning test
+ exec cargo test -- --ignored --test-threads 1
+}
+
+
+if [ -z ${GLAUTH_BIN+x} ];
+then
+ GLAUTH_BIN=$(command -v glauth)
+ if [ $? -eq 0 ] ;
+ then
+ export GLAUTH_BIN
+ else
+ echo "glauth not found in PATH"
+ exit 1
+ fi
+fi
+
+run_tests
diff --git a/proxmox-ldap/src/lib.rs b/proxmox-ldap/src/lib.rs
index 903ce1a..3815b27 100644
--- a/proxmox-ldap/src/lib.rs
+++ b/proxmox-ldap/src/lib.rs
@@ -62,7 +62,7 @@ pub struct SearchParameters {
pub user_filter: Option<String>,
}
-#[derive(Serialize, Deserialize)]
+#[derive(Serialize, Deserialize, Debug)]
/// Single LDAP user search result
pub struct SearchResult {
/// The full user's domain
diff --git a/proxmox-ldap/tests/assets/generate_certificate.sh b/proxmox-ldap/tests/assets/generate_certificate.sh
new file mode 100755
index 0000000..0c15216
--- /dev/null
+++ b/proxmox-ldap/tests/assets/generate_certificate.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+openssl req -x509 -newkey rsa:4096 -keyout glauth.key -out glauth.crt -days 36500 -nodes -subj '/CN=localhost'
+
diff --git a/proxmox-ldap/tests/assets/glauth.cfg b/proxmox-ldap/tests/assets/glauth.cfg
new file mode 100644
index 0000000..7255169
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth.cfg
@@ -0,0 +1,67 @@
+debug = true
+[ldap]
+ enabled = true
+ listen = "0.0.0.0:3893"
+
+[ldaps]
+ enabled = true
+ listen = "0.0.0.0:3894"
+ cert = "tests/assets/glauth.crt"
+ key = "tests/assets/glauth.key"
+
+
+
+[backend]
+ datastore = "config"
+ baseDN = "dc=example,dc=com"
+ nameformat = "cn"
+ groupformat = "ou"
+
+# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
+
+[[users]]
+ name = "test1"
+ givenname="Test 1"
+ sn="User"
+ mail = "test1 at example.com"
+ uidnumber = 1001
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test2"
+ givenname="Test 2"
+ sn="User"
+ mail = "test2 at example.com"
+ uidnumber = 1002
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test3"
+ givenname="Test 3"
+ sn="User"
+ mail = "test3 at example.com"
+ uidnumber = 1003
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+
+[[users]]
+ name = "serviceuser"
+ mail = "serviceuser at example.com"
+ uidnumber = 1111
+ primarygroup = 1001
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+ [[users.capabilities]]
+ action = "search"
+ object = "*"
+
+[[groups]]
+ name = "testgroup"
+ gidnumber = 1000
+
+[[groups]]
+ name = "svcaccts"
+ gidnumber = 1001
+
diff --git a/proxmox-ldap/tests/assets/glauth.crt b/proxmox-ldap/tests/assets/glauth.crt
new file mode 100644
index 0000000..6c0fdb7
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCzCCAvOgAwIBAgIUREnN1wK1O6wTcVxSk6d5o0yHwjswDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIzMDExNzEwMjEwNFoYDzIxMjIx
+MjI0MTAyMTA0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC/6A+m00AXHsvecYiuzBLgL6laTCqjIXyoHKdI5znI
+YOCXokCFDQI/wct1tA3GlIGuezECAHr76uF5G6T6DbSnbzE6Jd7ElKbQhnypwJc1
+4JsB7SYZVAz+Pj7CkjqmIEjwWWIFqotIvT/GfasHva/fGKKHhGFiU9N1gPthmrDr
+vwr5q2b+2FxyzkBlHD0pdOIO/aXOjISkS0MqOHRmUuoADXPjonWe0ujF/oI33ZOm
+8Xw+bdTuHEpgaioDP5LaSGdK+Y/1lOFqt8/9W8sCmo/Q8cLH1wZlkycl4d4jeMtK
+BB/iPot8n+9uMtZCjHS8zmedZKoIFGlnfHYmP8ckY7pHXfNoun/sHB9kXHlx0Rv2
+NCnd/117oGv6FFEio6lf+11Cm6qNYOxzsoZY6VpozMrI9CDFrMGwzvUuirzMmJql
+0TgrWJQE43bo5Rxkdd30TuqghXV9ENwG1sXacun2GGxuc5F6QG6l6k5H0dOh3gGG
+v7NAPKuIRi7oDJ3+B8wS4PTnroqRGVoKX7luQj2JrAB7mt42fE1iL9eEIjsde678
+oomnoOVcgWOpJCzJ5J10cNddhBO1JGMN/iHULeHLKzxWBptZTYWIwKp5hgZCK1s+
+fiuvh8CRxiI5IwyDLlQbI4kf6iLxipFqIHNsddYRnzZIW/iogRfdd0iPvqorXucV
+tQIDAQABo1MwUTAdBgNVHQ4EFgQULLKz9hnIn5jU7ELlth4DXPhGrywwHwYDVR0j
+BBgwFoAULLKz9hnIn5jU7ELlth4DXPhGrywwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAOr9nQEvwNF2qcIteYV3WgRt//oSf/L+qYANVD86ZUK2c
+07zWL9mKxXwXCz1ncfjLMMb/ZO3gnrI2yW5MJdyHup+28ESqMmvNX1Sz9hkjqaP0
+irM3sD56FhjUYa8H8g3k1kKl7N4ogt0JZpwJt+JFoRHu1vaWKahOmn8owP789CPQ
+391zyhqZHOowmHSd0lu8AWSdIuzU5Q5Vk38+GW4gHAxsSG0hWempg3U7g9DOAXbe
+kFHSa8H4bpXMdwndZJPv+NhA8LYG5UC2aD86dUWXrfEMuXLqvxMpYIZ76A3UZUWl
++zmEKHmjCumz5WdjnPGIC/NJiREM6kUd/UqWv4XuPkgQjmnlsB4POKaV658uYFvF
+HnLPEkwT6jnJqyMH0YGhbwZdbS/UpARvoZ4ZkpKFVLB3SlG/8cn+YtXLMBwefAUr
+cAwzLCcu28LX/bq+65HldFxjYr2XddcbJErLvyfl5w/+UaqrCnSXiSL5yqxpcie6
+w3r+U5Ei51iJEJTJIabcQiH0+dkLNVRvaCywcChgUjHqNdTtZvGuvGiwvfJ3ItSI
+HkvcWug5pO+kyNmaDPLPYtL4mm9tIMgdIIwXZSHcOC459aVvh+5Mmqwat4Ijfa7+
+TBkr87t671pL1XH5eeeUKYbFpKq/ZxA+O8LT9IXeLyediLvcf7V5BqwuuPHkzHw=
+-----END CERTIFICATE-----
diff --git a/proxmox-ldap/tests/assets/glauth.key b/proxmox-ldap/tests/assets/glauth.key
new file mode 100644
index 0000000..d29e06a
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC/6A+m00AXHsve
+cYiuzBLgL6laTCqjIXyoHKdI5znIYOCXokCFDQI/wct1tA3GlIGuezECAHr76uF5
+G6T6DbSnbzE6Jd7ElKbQhnypwJc14JsB7SYZVAz+Pj7CkjqmIEjwWWIFqotIvT/G
+fasHva/fGKKHhGFiU9N1gPthmrDrvwr5q2b+2FxyzkBlHD0pdOIO/aXOjISkS0Mq
+OHRmUuoADXPjonWe0ujF/oI33ZOm8Xw+bdTuHEpgaioDP5LaSGdK+Y/1lOFqt8/9
+W8sCmo/Q8cLH1wZlkycl4d4jeMtKBB/iPot8n+9uMtZCjHS8zmedZKoIFGlnfHYm
+P8ckY7pHXfNoun/sHB9kXHlx0Rv2NCnd/117oGv6FFEio6lf+11Cm6qNYOxzsoZY
+6VpozMrI9CDFrMGwzvUuirzMmJql0TgrWJQE43bo5Rxkdd30TuqghXV9ENwG1sXa
+cun2GGxuc5F6QG6l6k5H0dOh3gGGv7NAPKuIRi7oDJ3+B8wS4PTnroqRGVoKX7lu
+Qj2JrAB7mt42fE1iL9eEIjsde678oomnoOVcgWOpJCzJ5J10cNddhBO1JGMN/iHU
+LeHLKzxWBptZTYWIwKp5hgZCK1s+fiuvh8CRxiI5IwyDLlQbI4kf6iLxipFqIHNs
+ddYRnzZIW/iogRfdd0iPvqorXucVtQIDAQABAoICAQCP5fzGhSVLsOYB+HQbTh7h
+SBve/7oA9L06ebHecrPbUvlV+m4S1nxXPoPH0Kl7vCO5p9pJu/58I9XKMDZ24gwS
+eMga6AawtR6Ywh98UlOQLMlOmnq1B1du1VHOKEQeCZtnzj44LXefpXjK57R1a4ES
+8q/8mgFD78NiGsNkntAHFguuxx3F/orj81BKAPDDw0c3Im9QAAH+CAlnAUoW6Bla
+zLuXd1xnKZMt0/fk2Bs9VVpqnYTKvx/uR+0U3njJgP0jNRsDdQ3KLeah/lCttSQd
+8wqxOsUrKTpzp3ggdRVKfOlDhs6lNnAc27XZ1OQ8JzF+zdrJkDSxSpx1deFnofgs
++POJRTcEuun9n/C7uROpkJLZyufXAFeo6idcK4qdc3NgldbkuctwlXjHy25z7iCK
+gK3Cw2vvgNjt0S09pd9UYWf8RZsGm7IYhSDp7im5RAZSDbUam/rQ9WuhLTFfkK8l
+HGEXK1x1YS2vGJF/GjYAfyOtuSrq1lB1TjF+tu+GTe0hA6q9SJNzziGznw1Rvz0u
+Nqo/GXHYW8z1XGXBFvWuOLwPGAty7WLGgmNP4cIxdcZHe+NbpCXm7VXOF3L43MOI
+z6kdL1JGklKcauycnz9HCmZiyke1QoFmDzKuwZNyGE1Mi7nQ/++0BtB3VV4D0vrw
+aL/5J4vOusHKEgBYAQUoSQKCAQEA+Em6o6p1f9GKvTuWgL+fcQ+NUgYKcgQ2tLx3
+ZuPOI11ZJN+IKLgp1qnhqfn00BJLuMq3djgvMIxsYYZ8U3KrCtNyLUN7MT6BNceq
+wv+IX3zhlRrvw9PABVdP23RqoTOmaAVIpj3CIRqRqI+oFjR6XgWqJi2K5j5Hr6+f
+tIgonvIHRW1qxo5EcDwU267zPFPGhoWGZgDBoBICjCx0QfYgn8WrltymyBDJxmVj
+P2A0kZjvwf5nfjRmRE0hdL/sWlOuTpt2VBqNTJoCw+Dq6n+FEUtfWDnCKT3tj06X
+LXCDJ6j/+wnKU4pD9pOpSr80pq3kWBKkWTiHII7NUJ4Ed+VKGwKCAQEAxd4DL5kI
+3q2t5Q5ZSdd8UhPf2nTy15UGuKucABwHsLdtpA4Sn/wjw1QJHrEWXxJREhOOKPUz
+U/RN4FkbpkO74iMDgmYCh40+e41zPcNzStBj+Ol0UklQ9E+S2XWVH6Xwq6GYpvS3
+qg4BKis7mPPNdOEE8yNLT7C4NU3nbH+TtjxaJmSrcqRzYRPsPTMt8Xzl/G7UOJfS
+EtKTYoJ9Rnsp45n8v0QXhU3klH/SjsP6mQMeUw5l6sWA0NJAsYVjlYJdn+Fll6Px
+Orvms0Mxab3803vBXIh9pavf4qu1yGMMZPESWluXCoPktcZkUQm1XSSc90eEByxZ
++377mU3aUTMcbwKCAQEAhAmRe6AWxFaG1YNu0iEVhWaj3M7hlyiufwcK6GiVIzFt
+SrKlEiJ9/W5yV5ZZnp1cL3V+gxv13HeQ23xNeYMteqBfw7pzNQjsZdE8+l4yA7XB
+sS2V/CoLn8uC6E3MttVk1USaEe4d4sTiWSWsWcKmoIGarprhlvff34oiADu4fm5v
+d3hspBLcSmNpJDqxl49lr/wqMOyOC7YILMsnODzPtKfGTIAjIZnr89nPIdDjo9oV
+BrFoEDGFgSUTeabm5lJCDAOYtbk5E1eDyO8/fl06Qqw2lBCDNLN+NguxUbTXyquR
+FctrEWoiImr8SIfOVCV9nWishdYN5j6K6Shfb/M7qQKCAQBcDGQ/CFpv/SwgmwQ+
+rdhP9p706eLvF40A7BSumFubgjmnUESp2Ipqm/WCKa/WmpbMafyAYVF3hPeVnt6W
+AnytPsyrJPmYRcUDhVJPMVW5QCjB6xkKDsFyZnJSZ7jv+Cp2Lb7uLHokyk8QZvxa
+s1CpRuUelxS6BeQsKAm5F8CHzpvBsKNxub9TMgl8jwqYhRoYzRY9HaPEzeFyunG9
+EB70mvZRpEOs6AembbBuag1ykVjSGqifBzJd8vHVo9AoBXW4owq3+LSINlGko2Wh
+Y5jyaWgSvAx3vfVxZaAzkKB7dQqsrl8drS4AwkJ40KNmqVm8T7DEBYX20aQKNYWS
+sMxRAoIBAQD3ycMDd0CP8aAbOwLVwHboNzeZNpLCx8oXV16/qID0PO7M8kT1d+0x
+V38FxL3UGafWSwsRZhU4GrwNDJVK6LA40m5v3CiZF1tsUJLlwSR7If4MXTU6g9uC
+x35EXdr+kcKSw6QCVRc1CcPRUIwRisqn67SDeREDzZUtAoCyZex0dOj9mzVc+HID
+Wh4SeBmHbeToCFRhIANSsAj0psO0nuvAgVDEekGiQ/m9DrZriEiZ/adniUd0gSHi
+lpgXcqNlVS4/Pp56GkdEOvHleVr5R+y0P1NCNcdl+iRxmfdIMhEwrSZnqfjntXMU
+yWQL2XczMt+NRQn+v23VKpQVK/R9PMEV
+-----END PRIVATE KEY-----
diff --git a/proxmox-ldap/tests/assets/glauth_v6.cfg b/proxmox-ldap/tests/assets/glauth_v6.cfg
new file mode 100644
index 0000000..c30107d
--- /dev/null
+++ b/proxmox-ldap/tests/assets/glauth_v6.cfg
@@ -0,0 +1,67 @@
+debug = true
+[ldap]
+ enabled = true
+ listen = "[::]:3893"
+
+[ldaps]
+ enabled = true
+ listen = "[::]:3894"
+ cert = "tests/assets/glauth.crt"
+ key = "tests/assets/glauth.key"
+
+
+
+[backend]
+ datastore = "config"
+ baseDN = "dc=example,dc=com"
+ nameformat = "cn"
+ groupformat = "ou"
+
+# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
+
+[[users]]
+ name = "test1"
+ givenname="Test 1"
+ sn="User"
+ mail = "test1 at example.com"
+ uidnumber = 1001
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test2"
+ givenname="Test 2"
+ sn="User"
+ mail = "test2 at example.com"
+ uidnumber = 1002
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+[[users]]
+ name = "test3"
+ givenname="Test 3"
+ sn="User"
+ mail = "test3 at example.com"
+ uidnumber = 1003
+ primarygroup = 1000
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+
+
+[[users]]
+ name = "serviceuser"
+ mail = "serviceuser at example.com"
+ uidnumber = 1111
+ primarygroup = 1001
+ passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8" # password
+ [[users.capabilities]]
+ action = "search"
+ object = "*"
+
+[[groups]]
+ name = "testgroup"
+ gidnumber = 1000
+
+[[groups]]
+ name = "svcaccts"
+ gidnumber = 1001
+
diff --git a/proxmox-ldap/tests/glauth.rs b/proxmox-ldap/tests/glauth.rs
new file mode 100644
index 0000000..a45e992
--- /dev/null
+++ b/proxmox-ldap/tests/glauth.rs
@@ -0,0 +1,166 @@
+use std::{
+ process::{Child, Command, Stdio},
+ thread::sleep,
+ time::Duration,
+};
+
+use anyhow::{Context, Error};
+use proxmox_ldap::*;
+
+struct GlauthServer {
+ handle: Child,
+}
+
+impl GlauthServer {
+ fn new(path: &str) -> Result<Self, Error> {
+ let glauth_bin = std::env::var("GLAUTH_BIN").context("GLAUTH_BIN is not set")?;
+ let handle = Command::new(&glauth_bin)
+ .arg("-c")
+ .arg(path)
+ .stdin(Stdio::null())
+ .stdout(Stdio::null())
+ .stderr(Stdio::null())
+ .spawn()
+ .context("Could not start glauth process")?;
+
+ // Make 'sure' that glauth is up
+ sleep(Duration::from_secs(1));
+
+ Ok(Self { handle })
+ }
+}
+
+impl Drop for GlauthServer {
+ fn drop(&mut self) {
+ self.handle.kill().ok();
+ }
+}
+
+fn authenticate(con: &LdapConnection, user: &str, pass: &str) -> Result<(), Error> {
+ proxmox_async::runtime::block_on(con.authenticate_user(user, pass))
+}
+
+fn default_config() -> LdapConfig {
+ LdapConfig {
+ servers: vec!["localhost".into()],
+ port: Some(3893),
+ user_attr: "cn".into(),
+ base_dn: "dc=example,dc=com".into(),
+ bind_dn: Some("cn=serviceuser,ou=svcaccts,dc=example,dc=com".into()),
+ bind_password: Some("password".into()),
+ tls_mode: LdapConnectionMode::Ldap,
+ verify_certificate: false,
+ additional_trusted_certificates: None,
+ certificate_store_path: Some("/etc/ssl/certs".into()),
+ }
+}
+
+#[test]
+#[ignore]
+fn test_authentication() -> Result<(), Error> {
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(default_config());
+
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+ assert!(authenticate(&connection, "test2", "password").is_ok());
+ assert!(authenticate(&connection, "test3", "password").is_ok());
+ assert!(authenticate(&connection, "test1", "invalid").is_err());
+ assert!(authenticate(&connection, "invalid", "password").is_err());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_authentication_via_ipv6() -> Result<(), Error> {
+ let _glauth = GlauthServer::new("tests/assets/glauth_v6.cfg")?;
+
+ let settings = LdapConfig {
+ servers: vec!["[::1]".into()],
+ ..default_config()
+ };
+
+ let connection = LdapConnection::new(settings);
+
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_authentication_via_ldaps() -> Result<(), Error> {
+ let settings = LdapConfig {
+ port: Some(3894),
+ tls_mode: LdapConnectionMode::Ldaps,
+ verify_certificate: true,
+ additional_trusted_certificates: Some(vec!["tests/assets/glauth.crt".into()]),
+ ..default_config()
+ };
+
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(settings);
+
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+ assert!(authenticate(&connection, "test1", "invalid").is_err());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_fallback() -> Result<(), Error> {
+ let settings = LdapConfig {
+ servers: vec!["invalid.host".into(), "localhost".into()],
+ ..default_config()
+ };
+
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(settings);
+ assert!(authenticate(&connection, "test1", "password").is_ok());
+
+ Ok(())
+}
+
+#[test]
+#[ignore]
+fn test_search() -> Result<(), Error> {
+ let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
+
+ let connection = LdapConnection::new(default_config());
+
+ let params = SearchParameters {
+ attributes: vec!["cn".into(), "mail".into(), "sn".into()],
+ user_classes: vec!["posixAccount".into()],
+ user_filter: Some("(cn=test*)".into()),
+ };
+
+ let search_results = proxmox_async::runtime::block_on(connection.search_entities(¶ms))?;
+
+ assert_eq!(search_results.len(), 3);
+
+ for a in search_results {
+ assert!(a.dn.starts_with("cn=test"));
+ assert!(a.dn.ends_with("ou=testgroup,ou=users,dc=example,dc=com"));
+
+ assert!(a
+ .attributes
+ .get("mail")
+ .unwrap()
+ .get(0)
+ .unwrap()
+ .ends_with("@example.com"));
+ assert!(a
+ .attributes
+ .get("sn")
+ .unwrap()
+ .get(0)
+ .unwrap()
+ .eq("User".into()));
+ }
+
+ Ok(())
+}
--
2.30.2
More information about the pbs-devel
mailing list