mirror of https://github.com/minio/minio.git
190 lines
5.1 KiB
Go
190 lines
5.1 KiB
Go
// Copyright (c) 2015-2022 MinIO, Inc.
|
|
//
|
|
// This file is part of MinIO Object Storage stack
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package ldap
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/minio/minio-go/v7/pkg/set"
|
|
)
|
|
|
|
const (
|
|
EnvTestLDAPServer = "LDAP_TEST_SERVER"
|
|
)
|
|
|
|
func TestConfigValidator(t *testing.T) {
|
|
ldapServer := os.Getenv(EnvTestLDAPServer)
|
|
if ldapServer == "" {
|
|
t.Skip()
|
|
}
|
|
testCases := []struct {
|
|
cfg Config
|
|
expectedResult Result
|
|
}{
|
|
{
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
return v
|
|
}(),
|
|
expectedResult: ConnectivityError,
|
|
},
|
|
{
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
return v
|
|
}(),
|
|
expectedResult: ConnectivityError,
|
|
},
|
|
{
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
return v
|
|
}(),
|
|
expectedResult: LookupBindError,
|
|
},
|
|
{
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
v.LookupBindDN = "cn=admin,dc=min,dc=io"
|
|
v.LookupBindPassword = "admin1"
|
|
return v
|
|
}(),
|
|
expectedResult: LookupBindError,
|
|
},
|
|
{ // Case 4
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
v.LookupBindDN = "cn=admin,dc=min,dc=io"
|
|
v.LookupBindPassword = "admin"
|
|
return v
|
|
}(),
|
|
expectedResult: UserSearchParamsMisconfigured,
|
|
},
|
|
{
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
v.LookupBindDN = "cn=admin,dc=min,dc=io"
|
|
v.LookupBindPassword = "admin"
|
|
v.UserDNSearchFilter = "(uid=x)"
|
|
v.UserDNSearchBaseDistName = "dc=min,dc=io"
|
|
return v
|
|
}(),
|
|
expectedResult: UserSearchParamsMisconfigured,
|
|
},
|
|
{
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
v.LookupBindDN = "cn=admin,dc=min,dc=io"
|
|
v.LookupBindPassword = "admin"
|
|
v.UserDNSearchFilter = "(uid=%s)"
|
|
v.UserDNSearchBaseDistName = "dc=min,dc=io"
|
|
return v
|
|
}(),
|
|
expectedResult: ConfigOk,
|
|
},
|
|
{ // Case 7
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
v.LookupBindDN = "cn=admin,dc=min,dc=io"
|
|
v.LookupBindPassword = "admin"
|
|
v.UserDNSearchFilter = "(uid=%s)"
|
|
v.UserDNSearchBaseDistName = "dc=min,dc=io"
|
|
v.GroupSearchBaseDistName = "ou=swengg,dc=min,dc=io"
|
|
v.GroupSearchFilter = "(&(objectclass=groupofnames)(member=x))"
|
|
return v
|
|
}(),
|
|
expectedResult: GroupSearchParamsMisconfigured,
|
|
},
|
|
{
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
v.LookupBindDN = "cn=admin,dc=min,dc=io"
|
|
v.LookupBindPassword = "admin"
|
|
v.UserDNSearchFilter = "(uid=%s)"
|
|
v.UserDNSearchBaseDistName = "dc=min,dc=io"
|
|
v.GroupSearchFilter = "(&(objectclass=groupofnames)(member=x))"
|
|
return v
|
|
}(),
|
|
expectedResult: GroupSearchParamsMisconfigured,
|
|
},
|
|
{ // Case 9
|
|
cfg: func() Config {
|
|
v := Config{Enabled: true}
|
|
v.ServerAddr = ldapServer
|
|
v.serverInsecure = true
|
|
v.LookupBindDN = "cn=admin,dc=min,dc=io"
|
|
v.LookupBindPassword = "admin"
|
|
v.UserDNSearchFilter = "(uid=%s)"
|
|
v.UserDNSearchBaseDistName = "dc=min,dc=io"
|
|
v.GroupSearchBaseDistName = "ou=swengg,dc=min,dc=io"
|
|
v.GroupSearchFilter = "(&(objectclass=groupofnames)(member=%d))"
|
|
return v
|
|
}(),
|
|
expectedResult: ConfigOk,
|
|
},
|
|
}
|
|
|
|
expectedDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
|
|
expectedGroups := set.CreateStringSet(
|
|
"cn=projecta,ou=groups,ou=swengg,dc=min,dc=io",
|
|
"cn=projectb,ou=groups,ou=swengg,dc=min,dc=io",
|
|
)
|
|
|
|
for i, test := range testCases {
|
|
result := test.cfg.Validate()
|
|
if result.Result != test.expectedResult {
|
|
fmt.Printf("Result: %#v\n", result)
|
|
t.Fatalf("Case %d: Got `%s` expected `%s`", i, result.Result, string(test.expectedResult))
|
|
}
|
|
if result.IsOk() {
|
|
lookupResult, validationResult := test.cfg.ValidateLookup("dillon")
|
|
if !validationResult.IsOk() {
|
|
t.Fatalf("Case %d: Got unexpected validation failure: %#v\n", i, validationResult)
|
|
}
|
|
if lookupResult.DN != expectedDN {
|
|
t.Fatalf("Case %d: Got unexpected DN: %v", i, lookupResult.DN)
|
|
}
|
|
|
|
if test.cfg.GroupSearchFilter == "" {
|
|
continue
|
|
}
|
|
|
|
if !set.CreateStringSet(lookupResult.GroupDNMemberships...).Equals(expectedGroups) {
|
|
t.Fatalf("Case %d: Got unexpected groups: %v", i, lookupResult.GroupDNMemberships)
|
|
}
|
|
}
|
|
}
|
|
}
|