diff --git a/test/fixtures/config-ldapdb.yaml b/test/fixtures/config-ldapdb.yaml new file mode 100644 index 0000000..684ef6a --- /dev/null +++ b/test/fixtures/config-ldapdb.yaml @@ -0,0 +1,36 @@ +--- +ldap_connection: + host: localhost + port: 1389 +# auth: +# method: :simple +# username: dc=example,dc=com +# password: + +ldap_users: + base: dc=example,dc=com + filter: (&(cn=*)(sAMAccountName=*)) + name_attribute: sAMAccountName + +ldap_groups: + base: dc=example,dc=com + filter: (member=*) + name_attribute: cn + member_attribute: member + +pg_connection: + host: localhost + dbname: postgres + +pg_users: + # WHERE-condition to identify LDAP generated users +# filter: rolcanlogin AND oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='edv') + filter: rolcanlogin AND NOT rolsuper + create_options: LOGIN + +pg_groups: + # WHERE-condition to identify LDAP generated groups +# filter: NOT rolcanlogin AND rolname='edv' + filter: NOT rolcanlogin + create_options: NOLOGIN + grant_options: diff --git a/test/fixtures/ldapdb.yaml b/test/fixtures/ldapdb.yaml new file mode 100644 index 0000000..e0eb4c3 --- /dev/null +++ b/test/fixtures/ldapdb.yaml @@ -0,0 +1,38 @@ +--- +dc=example,dc=com: + cn: + - Top object +cn=Fred Flintstone,dc=example,dc=com: + cn: + - Fred Flintstone + mail: + - fred@bedrock.org + - fred.flintstone@bedrock.org + sn: + - Flintstone + sAMAccountName: + - fred +cn=Wilma Flintstone,dc=example,dc=com: + cn: + - Wilma Flintstone + mail: + - wilma@bedrock.org + sAMAccountName: + - wilma +cn=Flintstones,dc=example,dc=com: + cn: + - Flintstones + member: + - cn=Fred Flintstone,dc=example,dc=com + - cn=Wilma Flintstone,dc=example,dc=com +cn=Wilmas,dc=example,dc=com: + cn: + - Wilmas + member: + - cn=Wilma Flintstone,dc=example,dc=com +cn=All Users,dc=example,dc=com: + cn: + - All Users + member: + - cn=Wilmas,dc=example,dc=com + - cn=Fred Flintstone,dc=example,dc=com diff --git a/test/ldap_server.rb b/test/ldap_server.rb new file mode 100644 index 0000000..3bb1d4f --- /dev/null +++ b/test/ldap_server.rb @@ -0,0 +1,41 @@ +#!/usr/local/bin/ruby -w + +# This is a trivial LDAP server which just stores directory entries in RAM. +# It does no validation or authentication. This is intended just to +# demonstrate the API, it's not for real-world use!! + +require 'rubygems' +require 'ldap/server' + +# We subclass the Operation class, overriding the methods to do what we need + +class HashOperation < LDAP::Server::Operation + def initialize(connection, messageID, hash) + super(connection, messageID) + @hash = hash # an object reference to our directory data + end + + def search(basedn, scope, deref, filter) + basedn.downcase! + + case scope + when LDAP::Server::BaseObject + # client asked for single object by DN + obj = @hash[basedn] + raise LDAP::ResultError::NoSuchObject unless obj + send_SearchResultEntry(basedn, obj) if LDAP::Server::Filter.run(filter, obj) + + when LDAP::Server::WholeSubtree + @hash.each do |dn, av| + next unless dn.index(basedn, -basedn.length) # under basedn? + next unless LDAP::Server::Filter.run(filter, av) # attribute filter? + send_SearchResultEntry(dn, av) + end + + else + raise LDAP::ResultError::UnwillingToPerform, "OneLevel not implemented" + + end + end +end + diff --git a/test/test_pg_ldap_sync.rb b/test/test_pg_ldap_sync.rb index e772e91..42555f6 100644 --- a/test/test_pg_ldap_sync.rb +++ b/test/test_pg_ldap_sync.rb @@ -1,8 +1,72 @@ +#!/usr/bin/env ruby + require "test/unit" -require "pg_ldap_sync" +require "pg_ldap_sync/application" +require 'yaml' +require 'test/ldap_server' +require 'fileutils' class TestPgLdapSync < Test::Unit::TestCase + def log_and_run( *cmd ) + puts cmd.join(' ') + system( *cmd ) + raise "Command failed: [%s]" % [cmd.join(' ')] unless $?.success? + end + + def start_ldap_server + yaml_fname = File.join(File.dirname(__FILE__), "fixtures/ldapdb.yaml") + directory = File.open(yaml_fname){|f| YAML::load(f.read) } + + # Listen for incoming LDAP connections. For each one, create a Connection + # object, which will invoke a HashOperation object for each request. + + @ldap_server = LDAP::Server.new( + :port => 1389, + :nodelay => true, + :listen => 10, + # :ssl_key_file => "key.pem", + # :ssl_cert_file => "cert.pem", + # :ssl_on_connect => true, + :operation_class => HashOperation, + :operation_args => [directory] + ) + @ldap_server.run_tcpserver + end + + def stop_ldap_server + @ldap_server.stop + end + + def start_pg_server + @port = 54321 + ENV['PGPORT'] = @port.to_s + ENV['PGHOST'] = 'localhost' + unless File.exist?('temp/pg_data') + FileUtils.mkdir_p 'temp/pg_data' + log_and_run 'initdb', '-D', 'temp/pg_data' + end + log_and_run 'pg_ctl', '-w', '-o', "-k .", '-D', 'temp/pg_data', 'start' + log_and_run 'psql', '-e', '-c', "DROP ROLE IF EXISTS fred, wilma, \"Flintstones\", \"Wilmas\", \"All Users\"", 'postgres' + end + + def stop_pg_server + log_and_run 'pg_ctl', '-w', '-o', "-k .", '-D', 'temp/pg_data', 'stop' + end + + def setup + start_ldap_server + start_pg_server + end + + def teardown + stop_ldap_server + stop_pg_server + end + def test_sanity - flunk "write tests or I will kneecap you" + PgLdapSync::Application.run(%w[-c test/fixtures/config-ldapdb.yaml -vv]) + + ENV['LC_MESSAGES'] = 'C' + log_and_run 'psql', '-c', "\\du", 'postgres' end end