diff options
-rw-r--r-- | ipaserver/plugins/ldap2.py | 2 | ||||
-rw-r--r-- | tests/test_ipaserver/test_ldap.py | 118 |
2 files changed, 119 insertions, 1 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index cc635b66c..15b602457 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -121,7 +121,7 @@ def get_schema(url, conn=None): tmpdir = None has_conn = conn is not None - if (not api.env.in_server or api.env.context not in ['lite', 'server'] + if ((not api.env.in_server or api.env.context not in ['lite', 'server']) and conn is None): # The schema is only needed on the server side return None diff --git a/tests/test_ipaserver/test_ldap.py b/tests/test_ipaserver/test_ldap.py new file mode 100644 index 000000000..464fc3e8a --- /dev/null +++ b/tests/test_ipaserver/test_ldap.py @@ -0,0 +1,118 @@ +# Authors: +# Rob Crittenden <rcritten@redhat.com> +# +# Copyright (C) 2010 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Test some simple LDAP requests using the ldap2 backend + +# This fetches a certificate from a host principal so we can ensure that the +# schema is working properly. We know this because the schema will tell the +# encoder not to utf-8 encode binary attributes. + +# The DM password needs to be set in ~/.ipa/.dmpw + +import nose +import os +from ipaserver.plugins.ldap2 import ldap2 +from ipalib.plugins.service import service, service_show +import nss.nss as nss +from ipalib import api, x509, create_api +from ipapython import ipautil + +class test_ldap(object): + """ + Test various LDAP client bind methods. + """ + + def setUp(self): + self.conn = None + self.ldapuri = 'ldap://%s' % api.env.host + self.ccache = '/tmp/krb5cc_%d' % os.getuid() + nss.nss_init_nodb() + self.dn = 'krbprincipalname=ldap/%s@%s,cn=services,cn=accounts,%s' % (api.env.host, api.env.realm, api.env.basedn) + + def tearDown(self): + if self.conn: + self.conn.disconnect() + + def test_anonymous(self): + """ + Test an anonymous LDAP bind using ldap2 + """ + self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri) + self.conn.connect() + (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate']) + cert = entry_attrs.get('usercertificate') + cert = cert[0] + serial = unicode(x509.get_serial_number(cert, x509.DER)) + assert serial is not None + + def test_GSSAPI(self): + """ + Test a GSSAPI LDAP bind using ldap2 + """ + if not ipautil.file_exists(self.ccache): + raise nose.SkipTest('Missing ccache %s' % self.ccache) + self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri) + self.conn.connect(ccache='FILE:%s' % self.ccache) + (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate']) + cert = entry_attrs.get('usercertificate') + cert = cert[0] + serial = unicode(x509.get_serial_number(cert, x509.DER)) + assert serial is not None + + def test_simple(self): + """ + Test a simple LDAP bind using ldap2 + """ + pwfile = api.env.dot_ipa + os.sep + ".dmpw" + if ipautil.file_exists(pwfile): + fp = open(pwfile, "r") + dm_password = fp.read().rstrip() + fp.close() + else: + raise nose.SkipTest("No directory manager password in %s" % pwfile) + self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri) + self.conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) + (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate']) + cert = entry_attrs.get('usercertificate') + cert = cert[0] + serial = unicode(x509.get_serial_number(cert, x509.DER)) + assert serial is not None + + def test_Backend(self): + """ + Test using the ldap2 Backend directly (ala ipa-server-install) + """ + + # Create our own api because the one generated for the tests is + # a client-only api. Then we register in the commands and objects + # we need for the test. + myapi = create_api(mode=None) + myapi.bootstrap(context='cli', in_server=True, in_tree=True) + myapi.register(ldap2) + myapi.register(service) + myapi.register(service_show) + myapi.finalize() + myapi.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw='password') + + result = myapi.Command['service_show']('ldap/%s@%s' % (myapi.env.host, myapi.env.realm,)) + entry_attrs = result['result'] + cert = entry_attrs.get('usercertificate') + cert = cert[0] + serial = unicode(x509.get_serial_number(cert, x509.DER)) + assert serial is not None |