You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/08/06 03:38:00 UTC
svn commit: r683079 - in /directory/apacheds/branches/bigbang: protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/ server-integ/src/test/java/org/apache/directory/server/operations/bind/ server-integ/src/test/java/org/apache/di...

Author: akarasulu
Date: Tue Aug  5 18:37:59 2008
New Revision: 683079

URL: http://svn.apache.org/viewvc?rev=683079&view=rev
Log:
adding test for Bind operation with referrals as well as small referral handling code - consolidated some tests from server-unit

Added:
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java
Removed:
    directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java
Modified:
    directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java

Modified: directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java?rev=683079&r1=683078&r2=683079&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-newldap/src/main/java/org/apache/directory/server/newldap/handlers/NewBindHandler.java Tue Aug  5 18:37:59 2008
@@ -31,6 +31,7 @@
 
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.entry.ClonedServerEntry;
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.BindOperationContext;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
@@ -119,7 +120,45 @@
         
         try
         {
-	        // And call the OperationManager bind operation.
+            /*
+             * Referral handling as specified by RFC 3296 here:
+             *    
+             *      http://www.faqs.org/rfcs/rfc3296.html
+             *      
+             * See section 5.6.1 where if the bind principal DN is a referral 
+             * we return an invalidCredentials result response.  Optionally we
+             * could support delegated authentication in the future with this
+             * potential.  See the following JIRA for more on this possibility:
+             * 
+             *      https://issues.apache.org/jira/browse/DIRSERVER-1217
+             *      
+             * NOTE: if this is done then this handler should extend the 
+             * a modified form of the SingleReplyRequestHandler so it can 
+             * detect conditions where ancestors of the DN are referrals
+             * and delegate appropriately.
+             */
+            ClonedServerEntry principalEntry = getLdapServer().getDirectoryService()
+                .getAdminSession().lookup( bindRequest.getName() );
+            if ( principalEntry == null || 
+                 principalEntry.getOriginalEntry().contains( SchemaConstants.OBJECT_CLASS_AT, 
+                     SchemaConstants.REFERRAL_OC ) )
+            {
+                LdapResult result = bindRequest.getResultResponse().getLdapResult();
+                result.setErrorMessage( "Bind principalDn points to referral." );
+                result.setMatchedDn( bindRequest.getName() );
+                result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );
+                ldapSession.getIoSession().write( bindRequest.getResultResponse() );
+                return;
+            }
+
+            // TODO - might cause issues since lookups are not returning all 
+            // attributes right now - this is an optimization that can be 
+            // enabled later after determining whether or not this will cause
+            // issues.
+            // reuse the looked up entry so we don't incur another lookup
+            // opContext.setEntry( principalEntry );
+
+            // And call the OperationManager bind operation.
 	        getLdapServer().getDirectoryService().getOperationManager().bind( opContext );
 	        
 	        // As a result, store the created session in the Core Session

Added: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java?rev=683079&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java (added)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java Tue Aug  5 18:37:59 2008
@@ -0,0 +1,141 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.server.operations.bind;
+
+
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPConstraints;
+import netscape.ldap.LDAPControl;
+import netscape.ldap.LDAPException;
+
+import org.apache.directory.server.core.integ.Level;
+import org.apache.directory.server.core.integ.annotations.ApplyLdifs;
+import org.apache.directory.server.core.integ.annotations.CleanupLevel;
+import org.apache.directory.server.integ.SiRunner;
+import org.apache.directory.server.newldap.LdapServer;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+
+/**
+ * Tests the server to make sure standard compare operations work properly.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+@RunWith ( SiRunner.class ) 
+@CleanupLevel ( Level.SUITE )
+@ApplyLdifs( {
+    // Entry # 1
+    "dn: uid=akarasulu,ou=users,ou=system\n" +
+    "objectClass: uidObject\n" +
+    "objectClass: person\n" +
+    "objectClass: top\n" +
+    "uid: akarasulu\n" +
+    "cn: Alex Karasulu\n" +
+    "sn: karasulu\n\n" + 
+    // Entry # 2
+    "dn: ou=Computers,uid=akarasulu,ou=users,ou=system\n" +
+    "objectClass: organizationalUnit\n" +
+    "objectClass: top\n" +
+    "ou: computers\n" +
+    "description: Computers for Alex\n" +
+    "seeAlso: ou=Machines,uid=akarasulu,ou=users,ou=system\n\n" + 
+    // Entry # 3
+    "dn: uid=akarasuluref,ou=users,ou=system\n" +
+    "objectClass: extensibleObject\n" +
+    "objectClass: uidObject\n" +
+    "objectClass: referral\n" +
+    "objectClass: top\n" +
+    "uid: akarasuluref\n" +
+    "userPassword: secret\n" +
+    "ref: ldap://localhost:10389/uid=akarasulu,ou=users,ou=system\n" + 
+    "ref: ldap://foo:10389/uid=akarasulu,ou=users,ou=system\n" +
+    "ref: ldap://bar:10389/uid=akarasulu,ou=users,ou=system\n\n"
+    }
+)
+public class BindIT
+{
+    public static LdapServer ldapServer;
+    
+
+    @Test
+    public void testConnectWithIllegalLDAPVersion() throws Exception
+    {
+        LDAPConnection conn = null;
+        
+        try
+        {
+            conn = new LDAPConnection();
+            conn.connect( 100, "localhost", ldapServer.getIpPort(), "uid=admin,ou=system", "secret" );
+            fail( "try to connect with illegal version number should fail" );
+        }
+        catch ( LDAPException e )
+        {
+            assertEquals( "statuscode", LDAPException.PROTOCOL_ERROR, e.getLDAPResultCode() );
+        }
+        finally
+        {
+            if ( conn != null )
+            {
+                conn.disconnect();
+            }
+        }
+    }
+
+    
+    /**
+     * Tests bind operation on referral entry.
+     */
+    @Test
+    public void testOnReferralWithOrWithoutManageDsaItControl() throws Exception
+    {
+        LDAPConnection conn = new LDAPConnection();
+        LDAPConstraints constraints = new LDAPConstraints();
+        constraints.setClientControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) );
+        constraints.setServerControls( new LDAPControl( LDAPControl.MANAGEDSAIT, true, new byte[0] ) );
+        conn.setConstraints( constraints );
+        
+        try
+        {
+            conn.connect( 3, "localhost", ldapServer.getIpPort(), 
+                "uid=akarasuluref,ou=users,ou=system", "secret", constraints );
+            fail( "try to connect with illegal version number should fail" );
+        }
+        catch( LDAPException e )
+        {
+            assertEquals( "statuscode", LDAPException.INVALID_CREDENTIALS, e.getLDAPResultCode() );
+        }
+        
+        try
+        {
+            conn.connect( 3, "localhost", ldapServer.getIpPort(), 
+                "uid=akarasuluref,ou=users,ou=system", "secret" );
+            fail( "try to connect with illegal version number should fail" );
+        }
+        catch( LDAPException e )
+        {
+            assertEquals( "statuscode", LDAPException.INVALID_CREDENTIALS, e.getLDAPResultCode() );
+        }
+    }
+}

Modified: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java?rev=683079&r1=683078&r2=683079&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java (original)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java Tue Aug  5 18:37:59 2008
@@ -27,6 +27,7 @@
 import org.apache.directory.server.integ.SiSuite;
 import org.apache.directory.server.operations.add.AddIT;
 import org.apache.directory.server.operations.add.AddingEntriesWithSpecialCharactersInRDNIT;
+import org.apache.directory.server.operations.bind.BindIT;
 import org.apache.directory.server.operations.compare.CompareIT;
 import org.apache.directory.server.operations.compare.MatchingRuleCompareIT;
 import org.apache.directory.server.operations.delete.DeleteIT;
@@ -60,7 +61,8 @@
         ModifyRemoveIT.class,
         ModifyReplaceIT.class,
         ModifyRdnIT.class,
-        ModifyDnReferralIT.class
+        ModifyDnReferralIT.class,
+        BindIT.class
         } )
 @CleanupLevel ( Level.SUITE )
 @Mode ( SetupMode.ROLLBACK )