add test with ldap- and pg-server
This commit is contained in:
parent
634a952269
commit
56534e4f93
36
test/fixtures/config-ldapdb.yaml
vendored
Normal file
36
test/fixtures/config-ldapdb.yaml
vendored
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
ldap_connection:
|
||||||
|
host: localhost
|
||||||
|
port: 1389
|
||||||
|
# auth:
|
||||||
|
# method: :simple
|
||||||
|
# username: dc=example,dc=com
|
||||||
|
# password:
|
||||||
|
|
||||||
|
ldap_users:
|
||||||
|
base: dc=example,dc=com
|
||||||
|
filter: (&(cn=*)(sAMAccountName=*))
|
||||||
|
name_attribute: sAMAccountName
|
||||||
|
|
||||||
|
ldap_groups:
|
||||||
|
base: dc=example,dc=com
|
||||||
|
filter: (member=*)
|
||||||
|
name_attribute: cn
|
||||||
|
member_attribute: member
|
||||||
|
|
||||||
|
pg_connection:
|
||||||
|
host: localhost
|
||||||
|
dbname: postgres
|
||||||
|
|
||||||
|
pg_users:
|
||||||
|
# WHERE-condition to identify LDAP generated users
|
||||||
|
# filter: rolcanlogin AND oid IN (SELECT pam.member FROM pg_auth_members pam JOIN pg_roles pr ON pr.oid=pam.roleid WHERE pr.rolname='edv')
|
||||||
|
filter: rolcanlogin AND NOT rolsuper
|
||||||
|
create_options: LOGIN
|
||||||
|
|
||||||
|
pg_groups:
|
||||||
|
# WHERE-condition to identify LDAP generated groups
|
||||||
|
# filter: NOT rolcanlogin AND rolname='edv'
|
||||||
|
filter: NOT rolcanlogin
|
||||||
|
create_options: NOLOGIN
|
||||||
|
grant_options:
|
38
test/fixtures/ldapdb.yaml
vendored
Normal file
38
test/fixtures/ldapdb.yaml
vendored
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
---
|
||||||
|
dc=example,dc=com:
|
||||||
|
cn:
|
||||||
|
- Top object
|
||||||
|
cn=Fred Flintstone,dc=example,dc=com:
|
||||||
|
cn:
|
||||||
|
- Fred Flintstone
|
||||||
|
mail:
|
||||||
|
- fred@bedrock.org
|
||||||
|
- fred.flintstone@bedrock.org
|
||||||
|
sn:
|
||||||
|
- Flintstone
|
||||||
|
sAMAccountName:
|
||||||
|
- fred
|
||||||
|
cn=Wilma Flintstone,dc=example,dc=com:
|
||||||
|
cn:
|
||||||
|
- Wilma Flintstone
|
||||||
|
mail:
|
||||||
|
- wilma@bedrock.org
|
||||||
|
sAMAccountName:
|
||||||
|
- wilma
|
||||||
|
cn=Flintstones,dc=example,dc=com:
|
||||||
|
cn:
|
||||||
|
- Flintstones
|
||||||
|
member:
|
||||||
|
- cn=Fred Flintstone,dc=example,dc=com
|
||||||
|
- cn=Wilma Flintstone,dc=example,dc=com
|
||||||
|
cn=Wilmas,dc=example,dc=com:
|
||||||
|
cn:
|
||||||
|
- Wilmas
|
||||||
|
member:
|
||||||
|
- cn=Wilma Flintstone,dc=example,dc=com
|
||||||
|
cn=All Users,dc=example,dc=com:
|
||||||
|
cn:
|
||||||
|
- All Users
|
||||||
|
member:
|
||||||
|
- cn=Wilmas,dc=example,dc=com
|
||||||
|
- cn=Fred Flintstone,dc=example,dc=com
|
41
test/ldap_server.rb
Normal file
41
test/ldap_server.rb
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
#!/usr/local/bin/ruby -w
|
||||||
|
|
||||||
|
# This is a trivial LDAP server which just stores directory entries in RAM.
|
||||||
|
# It does no validation or authentication. This is intended just to
|
||||||
|
# demonstrate the API, it's not for real-world use!!
|
||||||
|
|
||||||
|
require 'rubygems'
|
||||||
|
require 'ldap/server'
|
||||||
|
|
||||||
|
# We subclass the Operation class, overriding the methods to do what we need
|
||||||
|
|
||||||
|
class HashOperation < LDAP::Server::Operation
|
||||||
|
def initialize(connection, messageID, hash)
|
||||||
|
super(connection, messageID)
|
||||||
|
@hash = hash # an object reference to our directory data
|
||||||
|
end
|
||||||
|
|
||||||
|
def search(basedn, scope, deref, filter)
|
||||||
|
basedn.downcase!
|
||||||
|
|
||||||
|
case scope
|
||||||
|
when LDAP::Server::BaseObject
|
||||||
|
# client asked for single object by DN
|
||||||
|
obj = @hash[basedn]
|
||||||
|
raise LDAP::ResultError::NoSuchObject unless obj
|
||||||
|
send_SearchResultEntry(basedn, obj) if LDAP::Server::Filter.run(filter, obj)
|
||||||
|
|
||||||
|
when LDAP::Server::WholeSubtree
|
||||||
|
@hash.each do |dn, av|
|
||||||
|
next unless dn.index(basedn, -basedn.length) # under basedn?
|
||||||
|
next unless LDAP::Server::Filter.run(filter, av) # attribute filter?
|
||||||
|
send_SearchResultEntry(dn, av)
|
||||||
|
end
|
||||||
|
|
||||||
|
else
|
||||||
|
raise LDAP::ResultError::UnwillingToPerform, "OneLevel not implemented"
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -1,8 +1,72 @@
|
|||||||
|
#!/usr/bin/env ruby
|
||||||
|
|
||||||
require "test/unit"
|
require "test/unit"
|
||||||
require "pg_ldap_sync"
|
require "pg_ldap_sync/application"
|
||||||
|
require 'yaml'
|
||||||
|
require 'test/ldap_server'
|
||||||
|
require 'fileutils'
|
||||||
|
|
||||||
class TestPgLdapSync < Test::Unit::TestCase
|
class TestPgLdapSync < Test::Unit::TestCase
|
||||||
|
def log_and_run( *cmd )
|
||||||
|
puts cmd.join(' ')
|
||||||
|
system( *cmd )
|
||||||
|
raise "Command failed: [%s]" % [cmd.join(' ')] unless $?.success?
|
||||||
|
end
|
||||||
|
|
||||||
|
def start_ldap_server
|
||||||
|
yaml_fname = File.join(File.dirname(__FILE__), "fixtures/ldapdb.yaml")
|
||||||
|
directory = File.open(yaml_fname){|f| YAML::load(f.read) }
|
||||||
|
|
||||||
|
# Listen for incoming LDAP connections. For each one, create a Connection
|
||||||
|
# object, which will invoke a HashOperation object for each request.
|
||||||
|
|
||||||
|
@ldap_server = LDAP::Server.new(
|
||||||
|
:port => 1389,
|
||||||
|
:nodelay => true,
|
||||||
|
:listen => 10,
|
||||||
|
# :ssl_key_file => "key.pem",
|
||||||
|
# :ssl_cert_file => "cert.pem",
|
||||||
|
# :ssl_on_connect => true,
|
||||||
|
:operation_class => HashOperation,
|
||||||
|
:operation_args => [directory]
|
||||||
|
)
|
||||||
|
@ldap_server.run_tcpserver
|
||||||
|
end
|
||||||
|
|
||||||
|
def stop_ldap_server
|
||||||
|
@ldap_server.stop
|
||||||
|
end
|
||||||
|
|
||||||
|
def start_pg_server
|
||||||
|
@port = 54321
|
||||||
|
ENV['PGPORT'] = @port.to_s
|
||||||
|
ENV['PGHOST'] = 'localhost'
|
||||||
|
unless File.exist?('temp/pg_data')
|
||||||
|
FileUtils.mkdir_p 'temp/pg_data'
|
||||||
|
log_and_run 'initdb', '-D', 'temp/pg_data'
|
||||||
|
end
|
||||||
|
log_and_run 'pg_ctl', '-w', '-o', "-k .", '-D', 'temp/pg_data', 'start'
|
||||||
|
log_and_run 'psql', '-e', '-c', "DROP ROLE IF EXISTS fred, wilma, \"Flintstones\", \"Wilmas\", \"All Users\"", 'postgres'
|
||||||
|
end
|
||||||
|
|
||||||
|
def stop_pg_server
|
||||||
|
log_and_run 'pg_ctl', '-w', '-o', "-k .", '-D', 'temp/pg_data', 'stop'
|
||||||
|
end
|
||||||
|
|
||||||
|
def setup
|
||||||
|
start_ldap_server
|
||||||
|
start_pg_server
|
||||||
|
end
|
||||||
|
|
||||||
|
def teardown
|
||||||
|
stop_ldap_server
|
||||||
|
stop_pg_server
|
||||||
|
end
|
||||||
|
|
||||||
def test_sanity
|
def test_sanity
|
||||||
flunk "write tests or I will kneecap you"
|
PgLdapSync::Application.run(%w[-c test/fixtures/config-ldapdb.yaml -vv])
|
||||||
|
|
||||||
|
ENV['LC_MESSAGES'] = 'C'
|
||||||
|
log_and_run 'psql', '-c', "\\du", 'postgres'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Reference in New Issue
Block a user