tests/test_ipaserver/test_ldap.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

# Authors:
#   Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2010  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Test some simple LDAP requests using the ldap2 backend

# This fetches a certificate from a host principal so we can ensure that the
# schema is working properly. We know this because the schema will tell the
# encoder not to utf-8 encode binary attributes.

# The DM password needs to be set in ~/.ipa/.dmpw

import nose
import os
from ipaserver.plugins.ldap2 import ldap2
from ipalib.plugins.service import service, service_show
from ipalib.plugins.host import host
import nss.nss as nss
from ipalib import api, x509, create_api
from ipapython import ipautil

class test_ldap(object):
    """
    Test various LDAP client bind methods.
    """

    def setUp(self):
        self.conn = None
        self.ldapuri = 'ldap://%s' % api.env.host
        self.ccache = '/tmp/krb5cc_%d' % os.getuid()
        nss.nss_init_nodb()
        self.dn = 'krbprincipalname=ldap/%s@%s,cn=services,cn=accounts,%s' % (api.env.host, api.env.realm, api.env.basedn)

    def tearDown(self):
        if self.conn:
            self.conn.disconnect()

    def test_anonymous(self):
        """
        Test an anonymous LDAP bind using ldap2
        """
        self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
        self.conn.connect()
        (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
        serial = unicode(x509.get_serial_number(cert, x509.DER))
        assert serial is not None

    def test_GSSAPI(self):
        """
        Test a GSSAPI LDAP bind using ldap2
        """
        if not ipautil.file_exists(self.ccache):
            raise nose.SkipTest('Missing ccache %s' % self.ccache)
        self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
        self.conn.connect(ccache='FILE:%s' % self.ccache)
        (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
        serial = unicode(x509.get_serial_number(cert, x509.DER))
        assert serial is not None

    def test_simple(self):
        """
        Test a simple LDAP bind using ldap2
        """
        pwfile = api.env.dot_ipa + os.sep + ".dmpw"
        if ipautil.file_exists(pwfile):
            fp = open(pwfile, "r")
            dm_password = fp.read().rstrip()
            fp.close()
        else:
            raise nose.SkipTest("No directory manager password in %s" % pwfile)
        self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
        self.conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
        (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
        serial = unicode(x509.get_serial_number(cert, x509.DER))
        assert serial is not None

    def test_Backend(self):
        """
        Test using the ldap2 Backend directly (ala ipa-server-install)
        """

        # Create our own api because the one generated for the tests is
        # a client-only api. Then we register in the commands and objects
        # we need for the test.
        myapi = create_api(mode=None)
        myapi.bootstrap(context='cli', in_server=True, in_tree=True)
        myapi.register(ldap2)
        myapi.register(host)
        myapi.register(service)
        myapi.register(service_show)
        myapi.finalize()
        myapi.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw='password')

        result = myapi.Command['service_show']('ldap/%s@%s' %  (api.env.host, api.env.realm,))
        entry_attrs = result['result']
        cert = entry_attrs.get('usercertificate')
        cert = cert[0]
        serial = unicode(x509.get_serial_number(cert, x509.DER))
        assert serial is not None