You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by se...@apache.org on 2021/06/20 10:30:53 UTC
[directory-studio] branch master updated: DIRSTUDIO-1220: SASL
security layer
This is an automated email from the ASF dual-hosted git repository.
seelmann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-studio.git
The following commit(s) were added to refs/heads/master by this push:
new 18ad16e DIRSTUDIO-1220: SASL security layer
18ad16e is described below
commit 18ad16e89deb2998ee0fef0f16a9a85a0df1ddd2
Author: Stefan Seelmann <ma...@stefan-seelmann.de>
AuthorDate: Sun Jun 13 09:18:00 2021 +0200
DIRSTUDIO-1220: SASL security layer
---
...directory.studio.eclipse-trgt-platform.template | 2 +-
pom.xml | 4 +-
.../core/DirectoryApiConnectionWrapperTest.java | 199 ++++++++++-
.../test/integration/junit5/OpenLdapServer.java | 24 +-
.../test/integration/junit5/OpenLdapConfig.ldif | 3 +-
.../test/integration/ui/AbstractTestBase.java | 4 +
.../integration/ui/NewConnectionWizardTest.java | 383 +++++++++++++++++++--
.../test/integration/ui/SchemaBrowserTest.java | 6 +-
tools/testlab/README.md | 2 +-
9 files changed, 581 insertions(+), 46 deletions(-)
diff --git a/eclipse-trgt-platform/template/org.apache.directory.studio.eclipse-trgt-platform.template b/eclipse-trgt-platform/template/org.apache.directory.studio.eclipse-trgt-platform.template
index 1359ada..b4d55df 100644
--- a/eclipse-trgt-platform/template/org.apache.directory.studio.eclipse-trgt-platform.template
+++ b/eclipse-trgt-platform/template/org.apache.directory.studio.eclipse-trgt-platform.template
@@ -19,7 +19,7 @@
@author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
-->
<?pde version="3.8"?>
-<target name="Apache Directory Studio Platform" sequenceNumber="473">
+<target name="Apache Directory Studio Platform" sequenceNumber="477">
<locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="planner" includeSource="true" type="InstallableUnit">
diff --git a/pom.xml b/pom.xml
index 7a8dd41..1c6e024 100644
--- a/pom.xml
+++ b/pom.xml
@@ -94,8 +94,8 @@
<org.apache.commons.lang3.bundleversion>3.12.0</org.apache.commons.lang3.bundleversion>
<org.apache.commons.pool.version>2.9.0</org.apache.commons.pool.version>
<org.apache.commons.pool.bundleversion>2.9.0</org.apache.commons.pool.bundleversion>
- <org.apache.directory.api.version>2.0.2</org.apache.directory.api.version>
- <org.apache.directory.api.bundleversion>2.0.2</org.apache.directory.api.bundleversion>
+ <org.apache.directory.api.version>2.0.3-SNAPSHOT</org.apache.directory.api.version>
+ <org.apache.directory.api.bundleversion>2.0.3.SNAPSHOT</org.apache.directory.api.bundleversion>
<org.apache.directory.server.version>2.0.0.AM26</org.apache.directory.server.version>
<org.apache.mina.version>2.1.3</org.apache.mina.version>
<org.apache.mina.bundleversion>2.1.3</org.apache.mina.bundleversion>
diff --git a/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/core/DirectoryApiConnectionWrapperTest.java b/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/core/DirectoryApiConnectionWrapperTest.java
index 1e7cef8..2509959 100644
--- a/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/core/DirectoryApiConnectionWrapperTest.java
+++ b/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/core/DirectoryApiConnectionWrapperTest.java
@@ -92,7 +92,6 @@ import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
import org.apache.directory.studio.connection.core.ConnectionParameter;
import org.apache.directory.studio.connection.core.ConnectionParameter.AuthenticationMethod;
import org.apache.directory.studio.connection.core.ConnectionParameter.EncryptionMethod;
-import org.apache.directory.studio.connection.core.ConnectionParameter.Krb5Configuration;
import org.apache.directory.studio.connection.core.ConnectionParameter.Krb5CredentialConfiguration;
import org.apache.directory.studio.connection.core.ICertificateHandler.TrustLevel;
import org.apache.directory.studio.connection.core.IReferralHandler;
@@ -378,16 +377,45 @@ public class DirectoryApiConnectionWrapperTest
/**
- * Test binding to the server using SASL and no encryption.
+ * Test binding to the server using SASL auth and no encryption.
*/
@ParameterizedTest
@LdapServersSource(mode = Mode.All)
- public void testSaslBindPlain( TestLdapServer ldapServer )
+ public void testSaslDigestMd5BindAuthPlain( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindPlain( ldapServer, SaslQoP.AUTH );
+ }
+
+
+ /**
+ * Test binding to the server using SASL auth-int and no encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.Fedora389ds)
+ public void testSaslDigestMd5BindAuthIntPlain( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindPlain( ldapServer, SaslQoP.AUTH_INT );
+ }
+
+
+ /**
+ * Test binding to the server using SASL auth-conf and no encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.Fedora389ds)
+ public void testSaslDigestMd5BindAuthConfPlain( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindPlain( ldapServer, SaslQoP.AUTH_CONF );
+ }
+
+
+ private void testSaslDigestMd5BindPlain( TestLdapServer ldapServer, SaslQoP saslQoP )
{
ldapServer.setConfidentialityRequired( false );
StudioProgressMonitor monitor = getProgressMonitor();
Connection connection = getConnection( monitor, ldapServer, "user.1", "password" );
connection.setAuthMethod( AuthenticationMethod.SASL_DIGEST_MD5 );
+ connection.getConnectionParameter().setSaslQop( SaslQoP.AUTH_CONF );
assertFalse( connectionWrapper.isConnected() );
@@ -432,11 +460,39 @@ public class DirectoryApiConnectionWrapperTest
/**
- * Test binding to the server using SASL and ldaps:// encryption.
+ * Test binding to the server using SASL auth and ldaps:// encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.Fedora389ds)
+ public void testSaslDigestMd5BindAuthLdaps( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindLdaps( ldapServer, SaslQoP.AUTH );
+ }
+
+
+ /**
+ * Test binding to the server using SASL auth-int and ldaps:// encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.Fedora389ds)
+ public void testSaslDigestMd5BindAuthIntLdaps( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindLdaps( ldapServer, SaslQoP.AUTH_INT );
+ }
+
+
+ /**
+ * Test binding to the server using SASL auth-conf and ldaps:// encryption.
*/
@ParameterizedTest
@LdapServersSource(mode = Mode.All)
- public void testSaslBindLdaps( TestLdapServer ldapServer )
+ public void testSaslDigestMd5BindAuthConfLdaps( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindLdaps( ldapServer, SaslQoP.AUTH_CONF );
+ }
+
+
+ private void testSaslDigestMd5BindLdaps( TestLdapServer ldapServer, SaslQoP saslQoP )
{
ldapServer.setConfidentialityRequired( true );
StudioProgressMonitor monitor = getProgressMonitor();
@@ -444,6 +500,7 @@ public class DirectoryApiConnectionWrapperTest
connection.setPort( ldapServer.getPortSSL() );
connection.setEncryptionMethod( EncryptionMethod.LDAPS );
connection.setAuthMethod( AuthenticationMethod.SASL_DIGEST_MD5 );
+ connection.getConnectionParameter().setSaslQop( saslQoP );
acceptAllCertificates();
assertFalse( connectionWrapper.isConnected() );
@@ -462,17 +519,46 @@ public class DirectoryApiConnectionWrapperTest
/**
- * Test binding to the server using SASL and StartTLS encryption.
+ * Test binding to the server using SASL auth and StartTLS encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.Fedora389ds)
+ public void testSaslDigestMd5BindAuthStartTls( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindStartTls( ldapServer, SaslQoP.AUTH );
+ }
+
+
+ /**
+ * Test binding to the server using SASL auth-int and StartTLS encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.Fedora389ds)
+ public void testSaslDigestMd5BindAuthIntStartTls( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindStartTls( ldapServer, SaslQoP.AUTH_INT );
+ }
+
+
+ /**
+ * Test binding to the server using SASL auth-conf and StartTLS encryption.
*/
@ParameterizedTest
@LdapServersSource(mode = Mode.All)
- public void testSaslBindStartTls( TestLdapServer ldapServer )
+ public void testSaslDigestMd5BindAuthConfStartTls( TestLdapServer ldapServer )
+ {
+ testSaslDigestMd5BindStartTls( ldapServer, SaslQoP.AUTH_CONF );
+ }
+
+
+ private void testSaslDigestMd5BindStartTls( TestLdapServer ldapServer, SaslQoP saslQoP )
{
ldapServer.setConfidentialityRequired( true );
StudioProgressMonitor monitor = getProgressMonitor();
Connection connection = getConnection( monitor, ldapServer, "user.1", "password" );
connection.setEncryptionMethod( EncryptionMethod.START_TLS );
connection.setAuthMethod( AuthenticationMethod.SASL_DIGEST_MD5 );
+ connection.getConnectionParameter().setSaslQop( saslQoP );
acceptAllCertificates();
assertFalse( connectionWrapper.isConnected() );
@@ -491,11 +577,39 @@ public class DirectoryApiConnectionWrapperTest
/**
- * Test binding to the server using GSSAPI and no encryption.
+ * Test binding to the server using GSSAPI auth and no encryption.
*/
@ParameterizedTest
@LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
- public void testSaslGssapiBindPlain( TestLdapServer ldapServer )
+ public void testSaslGssapiBindAuthPlain( TestLdapServer ldapServer )
+ {
+ testSaslGssapiBindPlain( ldapServer, SaslQoP.AUTH );
+ }
+
+
+ /**
+ * Test binding to the server using GSSAPI auth-int and no encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testSaslGssapiBindAuthIntPlain( TestLdapServer ldapServer )
+ {
+ testSaslGssapiBindPlain( ldapServer, SaslQoP.AUTH_INT );
+ }
+
+
+ /**
+ * Test binding to the server using GSSAPI auth-conf and no encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testSaslGssapiBindAuthConfPlain( TestLdapServer ldapServer )
+ {
+ testSaslGssapiBindPlain( ldapServer, SaslQoP.AUTH_CONF );
+ }
+
+
+ private void testSaslGssapiBindPlain( TestLdapServer ldapServer, SaslQoP saslQoP )
{
TestFixture.skipIfKdcServerIsNotAvailable();
@@ -504,6 +618,7 @@ public class DirectoryApiConnectionWrapperTest
Connection connection = getConnection( monitor, ldapServer, "hnelson", "secret" );
connection.setAuthMethod( AuthenticationMethod.SASL_GSSAPI );
connection.getConnectionParameter().setKrb5CredentialConfiguration( Krb5CredentialConfiguration.OBTAIN_TGT );
+ connection.getConnectionParameter().setSaslQop( saslQoP );
assertFalse( connectionWrapper.isConnected() );
@@ -521,11 +636,39 @@ public class DirectoryApiConnectionWrapperTest
/**
- * Test binding to the server using GSSAPI and ldaps:// encryption.
+ * Test binding to the server using GSSAPI auth and ldaps:// encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testSaslGssapiBindAuthLdaps( TestLdapServer ldapServer ) throws Exception
+ {
+ testSaslGssapiBindLdaps( ldapServer, SaslQoP.AUTH );
+ }
+
+
+ /**
+ * Test binding to the server using GSSAPI auth-int and ldaps:// encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testSaslGssapiBindAuthIntLdaps( TestLdapServer ldapServer ) throws Exception
+ {
+ testSaslGssapiBindLdaps( ldapServer, SaslQoP.AUTH_INT );
+ }
+
+
+ /**
+ * Test binding to the server using GSSAPI auth-conf and ldaps:// encryption.
*/
@ParameterizedTest
@LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
- public void testSaslGssapiBindLdaps( TestLdapServer ldapServer ) throws Exception
+ public void testSaslGssapiBindAuthConfLdaps( TestLdapServer ldapServer ) throws Exception
+ {
+ testSaslGssapiBindLdaps( ldapServer, SaslQoP.AUTH_CONF );
+ }
+
+
+ private void testSaslGssapiBindLdaps( TestLdapServer ldapServer, SaslQoP saslQoP ) throws Exception
{
TestFixture.skipIfKdcServerIsNotAvailable();
@@ -543,6 +686,7 @@ public class DirectoryApiConnectionWrapperTest
connection.setEncryptionMethod( EncryptionMethod.LDAPS );
connection.setAuthMethod( AuthenticationMethod.SASL_GSSAPI );
connection.getConnectionParameter().setKrb5CredentialConfiguration( Krb5CredentialConfiguration.USE_NATIVE );
+ connection.getConnectionParameter().setSaslQop( saslQoP );
acceptAllCertificates();
assertFalse( connectionWrapper.isConnected() );
@@ -561,11 +705,39 @@ public class DirectoryApiConnectionWrapperTest
/**
- * Test binding to the server using GSSAPI and StartTLS encryption.
+ * Test binding to the server using GSSAPI auth and StartTLS encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testSaslGssapiBindAuthStartTls( TestLdapServer ldapServer )
+ {
+ testSaslGssapiBindStartTls( ldapServer, SaslQoP.AUTH );
+ }
+
+
+ /**
+ * Test binding to the server using GSSAPI auth-int and StartTLS encryption.
*/
@ParameterizedTest
@LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
- public void testSaslGssapiBindStartTls( TestLdapServer ldapServer )
+ public void testSaslGssapiBindAuthIntStartTls( TestLdapServer ldapServer )
+ {
+ testSaslGssapiBindStartTls( ldapServer, SaslQoP.AUTH_INT );
+ }
+
+
+ /**
+ * Test binding to the server using GSSAPI auth-conf and StartTLS encryption.
+ */
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testSaslGssapiBindAuthConfStartTls( TestLdapServer ldapServer )
+ {
+ testSaslGssapiBindStartTls( ldapServer, SaslQoP.AUTH_CONF );
+ }
+
+
+ private void testSaslGssapiBindStartTls( TestLdapServer ldapServer, SaslQoP saslQoP )
{
TestFixture.skipIfKdcServerIsNotAvailable();
@@ -575,6 +747,7 @@ public class DirectoryApiConnectionWrapperTest
connection.setEncryptionMethod( EncryptionMethod.START_TLS );
connection.setAuthMethod( AuthenticationMethod.SASL_GSSAPI );
connection.getConnectionParameter().setKrb5CredentialConfiguration( Krb5CredentialConfiguration.OBTAIN_TGT );
+ connection.getConnectionParameter().setSaslQop( saslQoP );
acceptAllCertificates();
assertFalse( connectionWrapper.isConnected() );
diff --git a/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/junit5/OpenLdapServer.java b/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/junit5/OpenLdapServer.java
index 5a1e971..0fd4ff6 100644
--- a/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/junit5/OpenLdapServer.java
+++ b/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/junit5/OpenLdapServer.java
@@ -21,8 +21,6 @@
package org.apache.directory.studio.test.integration.junit5;
-import static org.apache.directory.studio.test.integration.junit5.Constants.LOCALHOST;
-
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
@@ -88,12 +86,28 @@ public class OpenLdapServer extends TestLdapServer
@Override
public void setConfidentialityRequired( boolean confidentialityRequired )
{
+ if ( confidentialityRequired )
+ {
+ setSecurityProps( 256, 256 );
+ }
+ else
+ {
+ setSecurityProps( 0, 0 );
+ }
+ }
+
+
+ public void setSecurityProps( int ssf, int tls )
+ {
+
try ( LdapConnection connection = openConnection() )
{
connection.bind( OPENLDAP_CONFIG_DN, OPENLDAP_CONFIG_PASSWORD );
- Modification modification = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
- "olcSecurity", confidentialityRequired ? "ssf=256 tls=256" : "ssf=0 tls=0" );
- connection.modify( "cn=config", modification );
+ Modification modification1 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ "olcSecurity", "ssf=" + ssf + " tls=" + tls );
+ Modification modification2 = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
+ "olcSaslSecProps", "noplain,noanonymous,minssf=" + ssf );
+ connection.modify( "cn=config", modification1, modification2 );
}
catch ( LdapNoSuchAttributeException e )
{
diff --git a/tests/test.integration.core/src/main/resources/org/apache/directory/studio/test/integration/junit5/OpenLdapConfig.ldif b/tests/test.integration.core/src/main/resources/org/apache/directory/studio/test/integration/junit5/OpenLdapConfig.ldif
index 158317f..c9cdc8f 100644
--- a/tests/test.integration.core/src/main/resources/org/apache/directory/studio/test/integration/junit5/OpenLdapConfig.ldif
+++ b/tests/test.integration.core/src/main/resources/org/apache/directory/studio/test/integration/junit5/OpenLdapConfig.ldif
@@ -21,7 +21,8 @@ replace: olcAccess
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
-olcAccess: {2}to dn.base="cn=Subschema" by dn.exact="uid=user.1,ou=users,dc=example,dc=org" none by * read
+# Forbid user.8 to read the schema, used in SchemaBrowserTest
+olcAccess: {2}to dn.base="cn=Subschema" by dn.exact="uid=user.8,ou=users,dc=example,dc=org" none by * read
-
dn: olcDatabase={1}mdb,cn=config
diff --git a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/AbstractTestBase.java b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/AbstractTestBase.java
index 817847f..7978ed9 100644
--- a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/AbstractTestBase.java
+++ b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/AbstractTestBase.java
@@ -32,6 +32,8 @@ import org.apache.commons.lang3.ArrayUtils;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
+import org.apache.directory.studio.ldapbrowser.core.BrowserCoreConstants;
+import org.apache.directory.studio.ldapbrowser.core.BrowserCorePlugin;
import org.apache.directory.studio.test.integration.junit5.SkipTestIfLdapServerIsNotAvailableInterceptor;
import org.apache.directory.studio.test.integration.junit5.TestLdapServer;
import org.apache.directory.studio.test.integration.ui.bots.ApacheDSServersViewBot;
@@ -72,6 +74,8 @@ public class AbstractTestBase
searchLogsViewBot = studioBot.getSearchLogsViewBot();
modificationLogsViewBot = studioBot.getModificationLogsViewBot();
serversViewBot = studioBot.getApacheDSServersViewBot();
+ BrowserCorePlugin.getDefault()
+ .getPluginPreferences().setValue( BrowserCoreConstants.PREFERENCE_LDIF_LINE_WIDTH, 1000 );
}
diff --git a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java
index 4785dd7..43f21df 100644
--- a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java
+++ b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java
@@ -32,6 +32,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.UnknownHostException;
+import java.util.Arrays;
import org.apache.directory.api.ldap.model.constants.SaslQoP;
import org.apache.directory.api.ldap.model.constants.SaslSecurityStrength;
@@ -40,9 +41,14 @@ import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
import org.apache.directory.studio.connection.core.ConnectionManager;
import org.apache.directory.studio.connection.core.ConnectionParameter.AuthenticationMethod;
import org.apache.directory.studio.connection.core.ConnectionParameter.EncryptionMethod;
+import org.apache.directory.studio.ldapbrowser.core.BrowserConnectionManager;
+import org.apache.directory.studio.ldapbrowser.core.BrowserCorePlugin;
+import org.apache.directory.studio.ldapbrowser.core.model.IBrowserConnection;
+import org.apache.directory.studio.ldapbrowser.core.model.IRootDSE;
import org.apache.directory.studio.test.integration.junit5.LdapServerType;
import org.apache.directory.studio.test.integration.junit5.LdapServersSource;
import org.apache.directory.studio.test.integration.junit5.LdapServersSource.Mode;
+import org.apache.directory.studio.test.integration.junit5.OpenLdapServer;
import org.apache.directory.studio.test.integration.junit5.TestFixture;
import org.apache.directory.studio.test.integration.junit5.TestLdapServer;
import org.apache.directory.studio.test.integration.ui.bots.CertificateTrustDialogBot;
@@ -373,7 +379,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCreateConnectionNoEncryptionSimpleAuthOK( TestLdapServer server ) throws UnknownHostException
{
// enter connection parameter
@@ -414,7 +420,6 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
@LdapServersSource(mode = Mode.All)
public void testCreateConnectionNoEncryptionSimpleAuthConfidentialityRequired( TestLdapServer server )
-
{
setConnectionParameters( server, EncryptionMethod.NONE );
@@ -433,7 +438,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCreateConnectionNoEncryptionSaslCramMd5OK( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.NONE );
@@ -453,8 +458,8 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
- public void testCreateConnectionNoEncryptionSaslDigestMd5OK( TestLdapServer server )
+ @LdapServersSource
+ public void testCreateConnectionNoEncryptionSaslDigestMd5AuthOK( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.NONE );
@@ -473,7 +478,69 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All, except = LdapServerType.Fedora389ds, reason = "Only secure binds configured for 389ds")
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Bug in SASL filter in ApacheDS 2.0.0.M26")
+ public void testCreateConnectionNoEncryptionSaslDigestMd5AuthIntOK( TestLdapServer server )
+ {
+ // Configure OpenLDAP with ssf=1 (1 implies integrity protection only)
+ if ( server instanceof OpenLdapServer )
+ {
+ OpenLdapServer openLdapServer = ( OpenLdapServer ) server;
+ openLdapServer.setSecurityProps( 1, 0 );
+ }
+
+ setConnectionParameters( server, EncryptionMethod.NONE );
+
+ wizardBot.selectDigestMD5Authentication();
+ wizardBot.typeUser( "user.1" );
+ wizardBot.typePassword( "password" );
+ if ( server.getType() == LdapServerType.ApacheDS )
+ {
+ wizardBot.typeRealm( "EXAMPLE.ORG" );
+ }
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_INT );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.NONE, AuthenticationMethod.SASL_DIGEST_MD5,
+ "user.1", "password" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Bug in SASL filter in ApacheDS 2.0.0.M26.")
+ public void testCreateConnectionNoEncryptionSaslDigestMd5AuthConfOK( TestLdapServer server )
+ {
+ // Configure OpenLDAP with ssf=128 (128 allows RC4, Blowfish and other modern strong ciphers)
+ if ( server instanceof OpenLdapServer )
+ {
+ OpenLdapServer openLdapServer = ( OpenLdapServer ) server;
+ openLdapServer.setSecurityProps( 128, 0 );
+ }
+
+ setConnectionParameters( server, EncryptionMethod.NONE );
+
+ wizardBot.selectDigestMD5Authentication();
+ wizardBot.typeUser( "user.1" );
+ wizardBot.typePassword( "password" );
+ if ( server.getType() == LdapServerType.ApacheDS )
+ {
+ wizardBot.typeRealm( "EXAMPLE.ORG" );
+ }
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.NONE, AuthenticationMethod.SASL_DIGEST_MD5,
+ "user.1", "password" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.Fedora389ds, reason = "Only secure binds configured for 389ds")
public void testCreateConnectionNoEncryptionSaslDigestMd5ConfidentialityRequired( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.NONE );
@@ -491,8 +558,8 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
- public void testCreateConnectionNoEncryptionSaslGssapiNativeTgtOK( TestLdapServer server ) throws Exception
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionNoEncryptionSaslGssapiNativeTgtAuthOK( TestLdapServer server ) throws Exception
{
TestFixture.skipIfKdcServerIsNotAvailable();
@@ -520,8 +587,44 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
- public void testCreateConnectionNoEncryptionSaslGssapiObtainOK( TestLdapServer server )
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionNoEncryptionSaslGssapiNativeTgtAuthConfOK( TestLdapServer server ) throws Exception
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ // Configure OpenLDAP with ssf=128 (128 allows RC4, Blowfish and other modern strong ciphers)
+ if ( server instanceof OpenLdapServer )
+ {
+ OpenLdapServer openLdapServer = ( OpenLdapServer ) server;
+ openLdapServer.setSecurityProps( 128, 0 );
+ }
+
+ // obtain native TGT
+ String[] cmd =
+ { "/bin/sh", "-c", "echo secret | /usr/bin/kinit hnelson" };
+ Process process = Runtime.getRuntime().exec( cmd );
+ int exitCode = process.waitFor();
+ assertEquals( 0, exitCode );
+
+ setConnectionParameters( server, EncryptionMethod.NONE );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+ wizardBot.selectUseNativeTgt();
+ wizardBot.selectUseNativeSystemConfiguration();
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.NONE, AuthenticationMethod.SASL_GSSAPI,
+ "", "" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionNoEncryptionSaslGssapiObtainAuthOK( TestLdapServer server )
{
TestFixture.skipIfKdcServerIsNotAvailable();
@@ -543,7 +646,37 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionNoEncryptionSaslGssapiObtainAuthConfOK( TestLdapServer server )
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ // Configure OpenLDAP with ssf=128 (128 allows RC4, Blowfish and other modern strong ciphers)
+ if ( server instanceof OpenLdapServer )
+ {
+ OpenLdapServer openLdapServer = ( OpenLdapServer ) server;
+ openLdapServer.setSecurityProps( 128, 0 );
+ }
+
+ setConnectionParameters( server, EncryptionMethod.NONE );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectObtainTgtFromKdc();
+ wizardBot.typeUser( "hnelson" );
+ wizardBot.typePassword( "secret" );
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.NONE, AuthenticationMethod.SASL_GSSAPI,
+ "hnelson", "secret" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource
public void testCreateConnectionLdapsEncryptionNoAuthOK( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.LDAPS );
@@ -555,7 +688,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCreateConnectionLdapsEncryptionSimpleAuthOK( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.LDAPS );
@@ -586,8 +719,8 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
- public void testCreateConnectionLdapsEncryptionSaslDigestMd5Ok( TestLdapServer server )
+ @LdapServersSource
+ public void testCreateConnectionLdapsEncryptionSaslDigestMd5AuthOk( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.LDAPS );
@@ -603,6 +736,48 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Bug in SASL filter in ApacheDS 2.0.0.M26.")
+ public void testCreateConnectionLdapsEncryptionSaslDigestMd5AuthIntOk( TestLdapServer server )
+ {
+ setConnectionParameters( server, EncryptionMethod.LDAPS );
+
+ wizardBot.selectDigestMD5Authentication();
+ wizardBot.typeUser( "user.1" );
+ wizardBot.typePassword( "password" );
+ if ( server.getType() == LdapServerType.ApacheDS )
+ {
+ wizardBot.typeRealm( "EXAMPLE.ORG" );
+ }
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_INT );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ finishAndAssertConnection( server, EncryptionMethod.LDAPS, AuthenticationMethod.SASL_DIGEST_MD5,
+ "user.1", "password" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Bug in SASL filter in ApacheDS 2.0.0.M26.")
+ public void testCreateConnectionLdapsEncryptionSaslDigestMd5AuthConfOk( TestLdapServer server )
+ {
+ setConnectionParameters( server, EncryptionMethod.LDAPS );
+
+ wizardBot.selectDigestMD5Authentication();
+ wizardBot.typeUser( "user.1" );
+ wizardBot.typePassword( "password" );
+ if ( server.getType() == LdapServerType.ApacheDS )
+ {
+ wizardBot.typeRealm( "EXAMPLE.ORG" );
+ }
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ finishAndAssertConnection( server, EncryptionMethod.LDAPS, AuthenticationMethod.SASL_DIGEST_MD5,
+ "user.1", "password" );
+ }
+
+
+ @ParameterizedTest
@LdapServersSource(mode = Mode.All)
public void testCreateConnectionLdapsEncryptionSaslDigestMd5InvalidCredentials( TestLdapServer server )
{
@@ -642,7 +817,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCreateConnectionStartTlsEncryptionNoAuthOK( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.START_TLS );
@@ -654,7 +829,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCreateConnectionStartTlsEncryptionSimpleAuthOK( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.START_TLS );
@@ -685,7 +860,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCreateConnectionStartTlsEncryptionSaslDigestMd5OK( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.START_TLS );
@@ -721,7 +896,165 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionStartTlsEncryptionSaslGssapiNativeTgtAuthOK( TestLdapServer server )
+ throws Exception
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ // obtain native TGT
+ String[] cmd =
+ { "/bin/sh", "-c", "echo secret | /usr/bin/kinit hnelson" };
+ Process process = Runtime.getRuntime().exec( cmd );
+ int exitCode = process.waitFor();
+ assertEquals( 0, exitCode );
+
+ setConnectionParameters( server, EncryptionMethod.START_TLS );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+ wizardBot.selectUseNativeTgt();
+ wizardBot.selectUseNativeSystemConfiguration();
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.START_TLS, AuthenticationMethod.SASL_GSSAPI,
+ "", "" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionStartTlsEncryptionSaslGssapiNativeTgtAuthConfOK( TestLdapServer server )
+ throws Exception
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ // obtain native TGT
+ String[] cmd =
+ { "/bin/sh", "-c", "echo secret | /usr/bin/kinit hnelson" };
+ Process process = Runtime.getRuntime().exec( cmd );
+ int exitCode = process.waitFor();
+ assertEquals( 0, exitCode );
+
+ setConnectionParameters( server, EncryptionMethod.START_TLS );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+ wizardBot.selectUseNativeTgt();
+ wizardBot.selectUseNativeSystemConfiguration();
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.START_TLS, AuthenticationMethod.SASL_GSSAPI,
+ "", "" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionStartTlsEncryptionSaslGssapiNativeTgtAuthConfInvalidCredentials(
+ TestLdapServer server ) throws Exception
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ // obtain native TGT
+ String[] cmd =
+ { "/bin/sh", "-c", "echo secret | /usr/bin/kdestroy -A" };
+ Process process = Runtime.getRuntime().exec( cmd );
+ int exitCode = process.waitFor();
+ assertEquals( 0, exitCode );
+
+ setConnectionParameters( server, EncryptionMethod.START_TLS );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+ wizardBot.selectUseNativeTgt();
+ wizardBot.selectUseNativeSystemConfiguration();
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertThat( result, containsString( "Unable to obtain Principal Name for authentication" ) );
+
+ finishAndAssertConnectionError( "Unable to obtain Principal Name for authentication" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionStartTlsEncryptionSaslGssapiObtainAuthOK( TestLdapServer server )
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ setConnectionParameters( server, EncryptionMethod.START_TLS );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectObtainTgtFromKdc();
+ wizardBot.typeUser( "hnelson" );
+ wizardBot.typePassword( "secret" );
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.START_TLS, AuthenticationMethod.SASL_GSSAPI,
+ "hnelson", "secret" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionStartTlsEncryptionSaslGssapiObtainAuthConfOK( TestLdapServer server )
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ setConnectionParameters( server, EncryptionMethod.START_TLS );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectObtainTgtFromKdc();
+ wizardBot.typeUser( "hnelson" );
+ wizardBot.typePassword( "secret" );
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertNull( result, "Expected OK" );
+
+ finishAndAssertConnection( server, EncryptionMethod.START_TLS, AuthenticationMethod.SASL_GSSAPI,
+ "hnelson", "secret" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource(mode = Mode.All, except = LdapServerType.ApacheDS, reason = "Missing OSGi import: org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier cannot be found by org.apache.directory.server.protocol.shared_2.0.0.AM26")
+ public void testCreateConnectionStartTlsEncryptionSaslGssapiObtainAuthConfInvalidCredentials(
+ TestLdapServer server )
+ {
+ TestFixture.skipIfKdcServerIsNotAvailable();
+
+ setConnectionParameters( server, EncryptionMethod.START_TLS );
+
+ wizardBot.selectGssApiAuthentication();
+ wizardBot.selectObtainTgtFromKdc();
+ wizardBot.typeUser( "hnelson" );
+ wizardBot.typePassword( "invalid" );
+ wizardBot.selectQualityOfProtection( SaslQoP.AUTH_CONF );
+ wizardBot.selectProtectionStrength( SaslSecurityStrength.HIGH );
+
+ String result = wizardBot.clickCheckAuthenticationButton();
+ assertThat( result, containsString( "Integrity check on decrypted field failed (31) - PREAUTH_FAILED" ) );
+
+ finishAndAssertConnectionError( "Integrity check on decrypted field failed (31) - PREAUTH_FAILED" );
+ }
+
+
+ @ParameterizedTest
+ @LdapServersSource
public void testCheckNetworkParameterButtonNoEncryptionNotOk( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.NONE );
@@ -744,7 +1077,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCheckNetworkParameterButtonLdapsEncryptionNotOk( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.LDAPS );
@@ -772,7 +1105,7 @@ public class NewConnectionWizardTest extends AbstractTestBase
@ParameterizedTest
- @LdapServersSource(mode = Mode.All)
+ @LdapServersSource
public void testCheckNetworkParameterButtonStartTlsEncryptionNotOk( TestLdapServer server )
{
setConnectionParameters( server, EncryptionMethod.START_TLS );
@@ -860,6 +1193,16 @@ public class NewConnectionWizardTest extends AbstractTestBase
// ensure connection is visible in Connections view
assertEquals( 1, connectionsViewBot.getCount() );
+ // assert Root DSE and schema was read
+ BrowserConnectionManager browserConnectionManager = BrowserCorePlugin.getDefault().getConnectionManager();
+ IBrowserConnection browserConnection = browserConnectionManager.getBrowserConnection( connection );
+ IRootDSE rootDSE = browserConnection.getRootDSE();
+ assertTrue( Arrays.asList( rootDSE.getAttribute( "namingContexts" ).getStringValues() )
+ .contains( TestFixture.CONTEXT_DN.getName() ) );
+ assertFalse( browserConnection.getSchema().isDefault() );
+ assertTrue( browserConnection.getSchema().getObjectClassDescriptions().size() > 50 );
+ assertTrue( browserConnection.getSchema().getAttributeTypeDescriptions().size() > 100 );
+
// close connection
connectionsViewBot.closeSelectedConnections();
}
diff --git a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/SchemaBrowserTest.java b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/SchemaBrowserTest.java
index e8c0e04..625cfd1 100644
--- a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/SchemaBrowserTest.java
+++ b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/SchemaBrowserTest.java
@@ -21,7 +21,7 @@
package org.apache.directory.studio.test.integration.ui;
-import static org.apache.directory.studio.test.integration.junit5.TestFixture.USER1_DN;
+import static org.apache.directory.studio.test.integration.junit5.TestFixture.USER8_DN;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -77,8 +77,8 @@ public class SchemaBrowserTest extends AbstractTestBase
.getBrowserConnection( connection );
browserConnection.setSchema( Schema.DEFAULT_SCHEMA );
- // Open connection as uid=user.1 which is not allowed to read cn=subschema
- connection.setBindPrincipal( USER1_DN.getName() );
+ // Open connection as uid=user.8 which is not allowed to read cn=subschema
+ connection.setBindPrincipal( USER8_DN.getName() );
connection.setBindPassword( "password" );
ErrorDialogBot errorDialog = connectionsViewBot.openSelectedConnectionExpectingNoSchemaProvidedErrorDialog();
assertThat( errorDialog.getErrorDetails(),
diff --git a/tools/testlab/README.md b/tools/testlab/README.md
index 288766f..b3980d8 100644
--- a/tools/testlab/README.md
+++ b/tools/testlab/README.md
@@ -63,7 +63,7 @@ ldapwhoami -H ldap://fedora389ds.example.com:21389 -Y GSSAPI -N
### UI integration tests
```
-docker run -it --rm --cpus="1.5" \
+docker run -it --rm \
-u $(id -u):$(id -g) \
-v ~/.m2:/home/hnelson/.m2 \
-v $(pwd):/home/hnelson/project \