You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/08/06 03:38:00 UTC
svn commit: r683079 - in /directory/apacheds/branches/bigbang:
protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/
server-integ/src/test/java/org/apache/directory/server/operations/bind/
server-integ/src/test/java/org/apache/di...
Author: akarasulu
Date: Tue Aug 5 18:37:59 2008
New Revision: 683079
URL: http://svn.apache.org/viewvc?rev=683079&view=rev
Log:
adding test for Bind operation with referrals as well as small referral handling code - consolidated some tests from server-unit
Added:
directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/
directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java
Removed:
directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java
Modified:
directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java
Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java?rev=683079&r1=683078&r2=683079&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java Tue Aug 5 18:37:59 2008
@@ -31,6 +31,7 @@
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
@@ -119,7 +120,45 @@
try
{
- // And call the OperationManager bind operation.
+ /*
+ * Referral handling as specified by RFC 3296 here:
+ *
+ * http://www.faqs.org/rfcs/rfc3296.html
+ *
+ * See section 5.6.1 where if the bind principal DN is a referral
+ * we return an invalidCredentials result response. Optionally we
+ * could support delegated authentication in the future with this
+ * potential. See the following JIRA for more on this possibility:
+ *
+ * https://issues.apache.org/jira/browse/DIRSERVER-1217
+ *
+ * NOTE: if this is done then this handler should extend the
+ * a modified form of the SingleReplyRequestHandler so it can
+ * detect conditions where ancestors of the DN are referrals
+ * and delegate appropriately.
+ */
+ ClonedServerEntry principalEntry = getLdapServer().getDirectoryService()
+ .getAdminSession().lookup( bindRequest.getName() );
+ if ( principalEntry == null ||
+ principalEntry.getOriginalEntry().contains( SchemaConstants.OBJECT_CLASS_AT,
+ SchemaConstants.REFERRAL_OC ) )
+ {
+ LdapResult result = bindRequest.getResultResponse().getLdapResult();
+ result.setErrorMessage( "Bind principalDn points to referral." );
+ result.setMatchedDn( bindRequest.getName() );
+ result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );
+ ldapSession.getIoSession().write( bindRequest.getResultResponse() );
+ return;
+ }
+
+ // TODO - might cause issues since lookups are not returning all
+ // attributes right now - this is an optimization that can be
+ // enabled later after determining whether or not this will cause
+ // issues.
+ // reuse the looked up entry so we don't incur another lookup
+ // opContext.setEntry( principalEntry );
+
+ // And call the OperationManager bind operation.
getLdapServer().getDirectoryService().getOperationManager().bind( opContext );
// As a result, store the created session in the Core Session
Added: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java?rev=683079&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java (added)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java Tue Aug 5 18:37:59 2008
@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.operations.bind;
+
+
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPConstraints;
+import netscape.ldap.LDAPControl;
+import netscape.ldap.LDAPException;
+
+import org.apache.directory.server.core.integ.Level;
+import org.apache.directory.server.core.integ.annotations.ApplyLdifs;
+import org.apache.directory.server.core.integ.annotations.CleanupLevel;
+import org.apache.directory.server.integ.SiRunner;
+import org.apache.directory.server.newldap.LdapServer;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+
+/**
+ * Tests the server to make sure standard compare operations work properly.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+@RunWith ( SiRunner.class )
+@CleanupLevel ( Level.SUITE )
+@ApplyLdifs( {
+ // Entry # 1
+ "dn: uid=akarasulu,ou=users,ou=system\n" +
+ "objectClass: uidObject\n" +
+ "objectClass: person\n" +
+ "objectClass: top\n" +
+ "uid: akarasulu\n" +
+ "cn: Alex Karasulu\n" +
+ "sn: karasulu\n\n" +
+ // Entry # 2
+ "dn: ou=Computers,uid=akarasulu,ou=users,ou=system\n" +
+ "objectClass: organizationalUnit\n" +
+ "objectClass: top\n" +
+ "ou: computers\n" +
+ "description: Computers for Alex\n" +
+ "seeAlso: ou=Machines,uid=akarasulu,ou=users,ou=system\n\n" +
+ // Entry # 3
+ "dn: uid=akarasuluref,ou=users,ou=system\n" +
+ "objectClass: extensibleObject\n" +
+ "objectClass: uidObject\n" +
+ "objectClass: referral\n" +
+ "objectClass: top\n" +
+ "uid: akarasuluref\n" +
+ "userPassword: secret\n" +
+ "ref: ldap://localhost:10389/uid=akarasulu,ou=users,ou=system\n" +
+ "ref: ldap://foo:10389/uid=akarasulu,ou=users,ou=system\n" +
+ "ref: ldap://bar:10389/uid=akarasulu,ou=users,ou=system\n\n"
+ }
+)
+public class BindIT
+{
+ public static LdapServer ldapServer;
+
+
+ @Test
+ public void testConnectWithIllegalLDAPVersion() throws Exception
+ {
+ LDAPConnection conn = null;
+
+ try
+ {
+ conn = new LDAPConnection();
+ conn.connect( 100, "localhost", ldapServer.getIpPort(), "uid=admin,ou=system", "secret" );
+ fail( "try to connect with illegal version number should fail" );
+ }
+ catch ( LDAPException e )
+ {
+ assertEquals( "statuscode", LDAPException.PROTOCOL_ERROR, e.getLDAPResultCode() );
+ }
+ finally
+ {
+ if ( conn != null )
+ {
+ conn.disconnect();
+ }
+ }
+ }
+
+
+ /**
+ * Tests bind operation on referral entry.
+ */
+ @Test
+ public void testOnReferralWithOrWithoutManageDsaItControl() throws Exception
+ {
+ LDAPConnection conn = new LDAPConnection();
+ LDAPConstraints constraints = new LDAPConstraints();
+ constraints.setClientControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) );
+ constraints.setServerControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) );
+ conn.setConstraints( constraints );
+
+ try
+ {
+ conn.connect( 3, "localhost", ldapServer.getIpPort(),
+ "uid=akarasuluref,ou=users,ou=system", "secret", constraints );
+ fail( "try to connect with illegal version number should fail" );
+ }
+ catch( LDAPException e )
+ {
+ assertEquals( "statuscode", LDAPException.INVALID_CREDENTIALS, e.getLDAPResultCode() );
+ }
+
+ try
+ {
+ conn.connect( 3, "localhost", ldapServer.getIpPort(),
+ "uid=akarasuluref,ou=users,ou=system", "secret" );
+ fail( "try to connect with illegal version number should fail" );
+ }
+ catch( LDAPException e )
+ {
+ assertEquals( "statuscode", LDAPException.INVALID_CREDENTIALS, e.getLDAPResultCode() );
+ }
+ }
+}
Modified: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java?rev=683079&r1=683078&r2=683079&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java (original)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java Tue Aug 5 18:37:59 2008
@@ -27,6 +27,7 @@
import org.apache.directory.server.integ.SiSuite;
import org.apache.directory.server.operations.add.AddIT;
import org.apache.directory.server.operations.add.AddingEntriesWithSpecialCharactersInRDNIT;
+import org.apache.directory.server.operations.bind.BindIT;
import org.apache.directory.server.operations.compare.CompareIT;
import org.apache.directory.server.operations.compare.MatchingRuleCompareIT;
import org.apache.directory.server.operations.delete.DeleteIT;
@@ -60,7 +61,8 @@
ModifyRemoveIT.class,
ModifyReplaceIT.class,
ModifyRdnIT.class,
- ModifyDnReferralIT.class
+ ModifyDnReferralIT.class,
+ BindIT.class
} )
@CleanupLevel ( Level.SUITE )
@Mode ( SetupMode.ROLLBACK )