You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2020/06/16 13:23:00 UTC

svn commit: r1878888 - in /httpd/test/framework/trunk: scripts/httpd-sub.ldif scripts/httpd.ldif scripts/ldap-init.sh scripts/non-anon.ldif t/conf/extra.conf.in t/modules/ldap.t

Author: jorton
Date: Tue Jun 16 13:22:59 2020
New Revision: 1878888

URL: http://svn.apache.org/viewvc?rev=1878888&view=rev
Log:
Add LDAP referral chasing config test, and scripts/ldap-init.sh
to run both required containers with slapd.  Relies on a
httpd_slapd container which is built like in httpd's
test/travis_Dockerfile_slapd.

Added:
    httpd/test/framework/trunk/scripts/httpd-sub.ldif
    httpd/test/framework/trunk/scripts/ldap-init.sh   (with props)
    httpd/test/framework/trunk/scripts/non-anon.ldif
Modified:
    httpd/test/framework/trunk/scripts/httpd.ldif
    httpd/test/framework/trunk/t/conf/extra.conf.in
    httpd/test/framework/trunk/t/modules/ldap.t

Added: httpd/test/framework/trunk/scripts/httpd-sub.ldif
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/scripts/httpd-sub.ldif?rev=1878888&view=auto
==============================================================================
--- httpd/test/framework/trunk/scripts/httpd-sub.ldif (added)
+++ httpd/test/framework/trunk/scripts/httpd-sub.ldif Tue Jun 16 13:22:59 2020
@@ -0,0 +1,15 @@
+dn: cn=httpd,dc=example,dc=com
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: httpd
+description: Service Account for httpd
+userPassword: mod_authnz_ldap
+
+dn: ou=dept,dc=example,dc=com
+ou: dept
+objectClass: organizationalUnit
+
+# Group
+dn: cn=Subgroup,ou=dept,dc=example,dc=com
+objectClass: groupOfUniqueNames
+uniqueMember: uid=beta,dc=example,dc=com

Modified: httpd/test/framework/trunk/scripts/httpd.ldif
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/scripts/httpd.ldif?rev=1878888&r1=1878887&r2=1878888&view=diff
==============================================================================
--- httpd/test/framework/trunk/scripts/httpd.ldif (original)
+++ httpd/test/framework/trunk/scripts/httpd.ldif Tue Jun 16 13:22:59 2020
@@ -1,3 +1,10 @@
+dn: cn=httpd,dc=example,dc=com
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: httpd
+description: Service Account for httpd
+userPassword: mod_authnz_ldap
+
 dn: uid=alpha,dc=example,dc=com
 objectClass: inetOrgPerson
 cn: Alpha Person
@@ -34,8 +41,16 @@ uid: delta
 roomnumber: 43
 userPassword: Delta
 
+# Group
 dn: cn=Group One, dc=example,dc=com
 objectClass: groupOfUniqueNames
 uniqueMember: uid=alpha,dc=example,dc=com
 uniqueMember: uid=beta,dc=example,dc=com
 uniqueMember: uid=delta,dc=example,dc=com
+
+# Referral
+dn: ou=dept,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: dept
+ref: ldap://localhost:8390/ou=dept,dc=example,dc=com

Added: httpd/test/framework/trunk/scripts/ldap-init.sh
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/scripts/ldap-init.sh?rev=1878888&view=auto
==============================================================================
--- httpd/test/framework/trunk/scripts/ldap-init.sh (added)
+++ httpd/test/framework/trunk/scripts/ldap-init.sh Tue Jun 16 13:22:59 2020
@@ -0,0 +1,13 @@
+#!/bin/bash -ex
+DOCKER=${DOCKER:-`which docker 2>/dev/null || which podman 2>/dev/null`}
+cid1=`${DOCKER} run -d -p 8389:389 httpd_ldap`
+cid2=`${DOCKER} run -d -p 8390:389 httpd_ldap`
+sleep 5
+
+# Disable anonymous bind; must be done as an authenticated local user
+# hence via ldapadd -Y EXTERNAL within the container.
+${DOCKER} exec -i $cid1 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/non-anon.ldif
+${DOCKER} exec -i $cid2 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/non-anon.ldif
+
+ldapadd -x -H ldap://localhost:8389 -D cn=admin,dc=example,dc=com -w travis < scripts/httpd.ldif
+ldapadd -x -H ldap://localhost:8390 -D cn=admin,dc=example,dc=com -w travis < scripts/httpd-sub.ldif

Propchange: httpd/test/framework/trunk/scripts/ldap-init.sh
------------------------------------------------------------------------------
    svn:executable = *

Added: httpd/test/framework/trunk/scripts/non-anon.ldif
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/scripts/non-anon.ldif?rev=1878888&view=auto
==============================================================================
--- httpd/test/framework/trunk/scripts/non-anon.ldif (added)
+++ httpd/test/framework/trunk/scripts/non-anon.ldif Tue Jun 16 13:22:59 2020
@@ -0,0 +1,14 @@
+dn: cn=config
+changetype: modify
+add: olcDisallows
+olcDisallows: bind_anon
+
+dn: cn=config
+changetype: modify
+add: olcRequires
+olcRequires: authc
+
+dn: olcDatabase={-1}frontend,cn=config
+changetype: modify
+add: olcRequires
+olcRequires: authc

Modified: httpd/test/framework/trunk/t/conf/extra.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/extra.conf.in?rev=1878888&r1=1878887&r2=1878888&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/extra.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/extra.conf.in Tue Jun 16 13:22:59 2020
@@ -771,22 +771,39 @@ LimitRequestFields    32
 <IfDefine LDAP>
   Alias /modules/ldap/simple @DocumentRoot@
   Alias /modules/ldap/group @DocumentRoot@
+  Alias /modules/ldap/refer @DocumentRoot@
+
   # Simple user lookup
   <Location /modules/ldap/simple>
+     AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+     AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+     AuthLDAPBindPassword mod_authnz_ldap
      AuthType Basic
      AuthName ldap-simple@httpd.apache.org
      AuthBasicProvider ldap
-     AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
      Require valid-user
   </Location>
   # Static group configuration
   <Location /modules/ldap/group>
+     AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+     AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+     AuthLDAPBindPassword mod_authnz_ldap
      AuthType Basic
      AuthName ldap-group@httpd.apache.org
      AuthBasicProvider ldap
-     AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
      Require ldap-group cn=Group One,dc=example,dc=com
   </Location>
+  # Referral configuration -- the second user is only found if
+  # httpd follows the referral.
+  <Location /modules/ldap/refer>
+     AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+     AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+     AuthLDAPBindPassword mod_authnz_ldap
+     AuthType Basic
+     AuthName ldap-refer@httpd.apache.org
+     AuthBasicProvider ldap
+     Require ldap-group cn=Subgroup,ou=dept,dc=example,dc=com
+  </Location>
 </IfDefine>
 
 ##

Modified: httpd/test/framework/trunk/t/modules/ldap.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/modules/ldap.t?rev=1878888&r1=1878887&r2=1878888&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/modules/ldap.t (original)
+++ httpd/test/framework/trunk/t/modules/ldap.t Tue Jun 16 13:22:59 2020
@@ -25,6 +25,8 @@ my @cases = (
     ['/modules/ldap/simple/' => 'gamma', 'Gamma', 200],
     ['/modules/ldap/group/' => 'gamma', 'Gamma', 401],
     ['/modules/ldap/group/' => 'delta', 'Delta', 200],
+    ['/modules/ldap/refer/' => 'alpha', 'Alpha', 401],
+    ['/modules/ldap/refer/' => 'beta', 'Beta', 200],
 );
 
 plan tests => scalar @cases,