-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add integration test for testing modify_attributes_using_ppolicy (#14)
- Loading branch information
David Coutadeur
committed
Apr 26, 2024
1 parent
becedf3
commit 482a57a
Showing
1 changed file
with
72 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,6 +15,9 @@ final class IntegrationTest extends TestCase | |
public $attributes = array("cn"); | ||
public $context = "dc=fusioniam,dc=org"; | ||
|
||
public $adminDN = "cn=lemonldapng,ou=dsa,o=admin,dc=fusioniam,dc=org"; | ||
public $adminPW = "secret"; | ||
|
||
public $user_branch = "ou=users,o=acme,dc=fusioniam,dc=org"; | ||
public $ldap_entry_dn1 = "uid=test,ou=users,o=acme,dc=fusioniam,dc=org"; | ||
public $ldap_entry1 = [ | ||
|
@@ -23,7 +26,18 @@ final class IntegrationTest extends TestCase | |
"sn" => "test", | ||
"uid" => "test", | ||
"userPassword" => "secret", | ||
"mail" => array("[email protected]", "[email protected]") | ||
"mail" => array("[email protected]", "[email protected]"), | ||
"pwdPolicySubentry" => "cn=ppolicy1,ou=ppolicies,o=acme,dc=fusioniam,dc=org" | ||
]; | ||
public $ppolicy_branch = "ou=ppolicies,o=acme,dc=fusioniam,dc=org"; | ||
public $ldap_ppolicy_dn1 = "cn=ppolicy1,ou=ppolicies,o=acme,dc=fusioniam,dc=org"; | ||
public $ldap_ppolicy1 = [ | ||
"objectclass" => array("organizationalRole", "pwdPolicy"), | ||
"cn" => array("ppolicy1"), | ||
"pwdAttribute" => "userPassword", | ||
"pwdAllowUserChange" => "TRUE", | ||
"pwdInHistory" => "5", | ||
"pwdLockout" => "TRUE" | ||
]; | ||
|
||
/* | ||
|
@@ -49,6 +63,7 @@ protected function setUp(): void | |
if( $info["count"] == 0) | ||
{ | ||
// if it does not exist, add the entry | ||
$r = ldap_add($ldap, $this->ldap_ppolicy_dn1, $this->ldap_ppolicy1); | ||
$r = ldap_add($ldap, $this->ldap_entry_dn1, $this->ldap_entry1); | ||
} | ||
} | ||
|
@@ -78,6 +93,7 @@ protected function tearDown(): void | |
{ | ||
// if it exists, delete the entry | ||
$r = ldap_delete($ldap, $this->ldap_entry_dn1); | ||
$r = ldap_delete($ldap, $this->ldap_ppolicy_dn1); | ||
} | ||
} | ||
|
||
|
@@ -92,7 +108,7 @@ public function test_ldap_get_first_available_value(): void | |
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); | ||
|
||
// binding to ldap server | ||
$ldapbind = ldap_bind($ldap, $this->managerDN, $this->managerPW); | ||
$ldapbind = ldap_bind($ldap, $this->adminDN, $this->adminPW); | ||
|
||
// search for added entry | ||
$sr = ldap_search($ldap, $this->ldap_entry_dn1, "(objectClass=*)", $this->attributes); | ||
|
@@ -112,7 +128,7 @@ public function test_ldap_get_mail_for_notification(): void | |
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); | ||
|
||
// binding to ldap server | ||
$ldapbind = ldap_bind($ldap, $this->managerDN, $this->managerPW); | ||
$ldapbind = ldap_bind($ldap, $this->adminDN, $this->adminPW); | ||
|
||
// search for added entry | ||
$sr = ldap_search($ldap, $this->ldap_entry_dn1, "(objectClass=*)", $GLOBALS['mail_attributes']); | ||
|
@@ -130,8 +146,8 @@ public function test_connect(): void | |
$ldapInstance = new \Ltb\Ldap( | ||
$this->host, | ||
false, | ||
$this->managerDN, | ||
$this->managerPW, | ||
$this->adminDN, | ||
$this->adminPW, | ||
10, | ||
null, | ||
null, | ||
|
@@ -149,8 +165,8 @@ public function test_get_list(): void | |
$ldapInstance = new \Ltb\Ldap( | ||
$this->host, | ||
false, | ||
$this->managerDN, | ||
$this->managerPW, | ||
$this->adminDN, | ||
$this->adminPW, | ||
10, | ||
$this->user_branch, | ||
0, | ||
|
@@ -167,4 +183,53 @@ public function test_get_list(): void | |
|
||
} | ||
|
||
public function test_modify_attributes_using_ppolicy_failure(): void | ||
{ | ||
|
||
$userdata1 = [ # first modification => accepted | ||
"userPassword" => "secret2", | ||
]; | ||
$userdata2 = [ # second modification => refused because already present in history | ||
"userPassword" => "secret", | ||
]; | ||
|
||
|
||
$ldapInstance = new \Ltb\Ldap( | ||
$this->host, | ||
false, | ||
$this->adminDN, | ||
$this->adminPW, | ||
10, | ||
$this->user_branch, | ||
0, | ||
null | ||
); | ||
|
||
list($ldap, $msg) = $ldapInstance->connect(); | ||
|
||
|
||
# Modify the password a first time | ||
list($error_code, $error_msg, $ppolicy_error_code) = | ||
$ldapInstance->modify_attributes_using_ppolicy( | ||
$this->ldap_entry_dn1, | ||
$userdata1 | ||
); | ||
|
||
$this->assertEquals(0, $error_code, 'Weird error code returned while modifying userPassword'); | ||
$this->assertEquals('', $error_msg, 'Weird msg returned while modifying userPassword'); | ||
$this->assertFalse($ppolicy_error_code, 'Weird ppolicy_error_code returned while modifying userPassword'); | ||
|
||
# Modify the password a second time with failure | ||
list($error_code, $error_msg, $ppolicy_error_code) = | ||
$ldapInstance->modify_attributes_using_ppolicy( | ||
$this->ldap_entry_dn1, | ||
$userdata2 | ||
); | ||
|
||
$this->assertEquals(19, $error_code, 'Weird error code returned in modify_attributes_using_ppolicy with failure'); | ||
$this->assertEquals('Password is in history of old passwords', $error_msg, 'Weird msg returned in modify_attributes_using_ppolicy with failure'); | ||
$this->assertEquals(8, $ppolicy_error_code, 'Weird ppolicy_error_code returned in modify_attributes_using_ppolicy with failure'); | ||
|
||
} | ||
|
||
} |