You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by se...@apache.org on 2021/06/20 09:17:02 UTC
[directory-server] branch master updated: DIRSERVER-1670: Test SASL
auth and confidentiality
This is an automated email from the ASF dual-hosted git repository.
seelmann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
The following commit(s) were added to refs/heads/master by this push:
new 77a842e DIRSERVER-1670: Test SASL auth and confidentiality
77a842e is described below
commit 77a842e7442936903141ad031eeabdd7ffb0573f
Author: Stefan Seelmann <ma...@stefan-seelmann.de>
AuthorDate: Sun Jun 20 11:16:48 2021 +0200
DIRSERVER-1670: Test SASL auth and confidentiality
---
installers/src/test/docker/archive.test | 16 ++++++++++++
installers/src/test/docker/bin.test | 14 +++++++++++
installers/src/test/docker/config.ldif | 33 +++++++++++++++++++++++++
installers/src/test/docker/data.ldif | 29 ++++++++++++++++++++++
installers/src/test/docker/deb.test | 14 +++++++++++
installers/src/test/docker/rpm.test | 16 +++++++++++-
installers/src/test/docker/run-archive-tests.sh | 4 +++
installers/src/test/docker/run-bin-tests.sh | 2 ++
installers/src/test/docker/run-deb-tests.sh | 2 +-
installers/src/test/docker/run-rpm-tests.sh | 2 +-
10 files changed, 129 insertions(+), 3 deletions(-)
diff --git a/installers/src/test/docker/archive.test b/installers/src/test/docker/archive.test
index e0ff7cc..6646697 100644
--- a/installers/src/test/docker/archive.test
+++ b/installers/src/test/docker/archive.test
@@ -89,6 +89,22 @@ fi
# search
ldapsearch -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -s base -b "dc=example,dc=com"
+# configure SASL auth
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /config.ldif
+/opt/${DIRNAME}/bin/apacheds.sh stop
+wait_for_apacheds_down
+/opt/${DIRNAME}/bin/apacheds.sh start
+wait_for_apacheds_up
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /data.ldif
+
+# test SASL auth and confidentiality
+ldapwhoami -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret |& tee /tmp/ldapwhoami.log
+grep "SASL/DIGEST-MD5 authentication started" /tmp/ldapwhoami.log
+grep "SASL username: user.1" /tmp/ldapwhoami.log
+grep "SASL SSF: 128" /tmp/ldapwhoami.log
+grep "SASL data security layer installed." /tmp/ldapwhoami.log
+ldapsearch -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret -s sub -b "ou=users,ou=system"
+
# repair (stop before, should be started afterwards)
/opt/${DIRNAME}/bin/apacheds.sh stop
wait_for_apacheds_down
diff --git a/installers/src/test/docker/bin.test b/installers/src/test/docker/bin.test
index 74fbbf6..ece9225 100644
--- a/installers/src/test/docker/bin.test
+++ b/installers/src/test/docker/bin.test
@@ -79,6 +79,20 @@ service ${SERVICE_NAME} status && test $? -eq 0
# search
ldapsearch -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -s base -b "dc=example,dc=com"
+# configure SASL auth
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /config.ldif
+service ${SERVICE_NAME} restart
+wait_for_apacheds
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /data.ldif
+
+# test SASL auth and confidentiality
+ldapwhoami -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret |& tee /tmp/ldapwhoami.log
+grep "SASL/DIGEST-MD5 authentication started" /tmp/ldapwhoami.log
+grep "SASL username: user.1" /tmp/ldapwhoami.log
+grep "SASL SSF: 128" /tmp/ldapwhoami.log
+grep "SASL data security layer installed." /tmp/ldapwhoami.log
+ldapsearch -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret -s sub -b "ou=users,ou=system"
+
# repair (stop before, should be started afterwards)
service ${SERVICE_NAME} stop
service ${SERVICE_NAME} repair
diff --git a/installers/src/test/docker/config.ldif b/installers/src/test/docker/config.ldif
new file mode 100644
index 0000000..5ac02bb
--- /dev/null
+++ b/installers/src/test/docker/config.ldif
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
+changetype: modify
+replace: ads-saslHost
+ads-saslHost: localhost
+-
+replace: ads-saslPrincipal
+ads-saslPrincipal: ldap/localhost@EXAMPLE.COM
+-
+
+dn: ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
+changetype: modify
+replace: ads-enabled
+ads-enabled: FALSE
+-
+
diff --git a/installers/src/test/docker/data.ldif b/installers/src/test/docker/data.ldif
new file mode 100644
index 0000000..f01e126
--- /dev/null
+++ b/installers/src/test/docker/data.ldif
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+dn: uid=user.1,ou=users,ou=system
+changetype: add
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: user.1
+sn: User1
+cn: User1
+userPassword: secret
+
diff --git a/installers/src/test/docker/deb.test b/installers/src/test/docker/deb.test
index 7d2cc6a..508f29f 100644
--- a/installers/src/test/docker/deb.test
+++ b/installers/src/test/docker/deb.test
@@ -70,6 +70,20 @@ service ${SERVICE_NAME} status && test $? -eq 0
# search
ldapsearch -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -s base -b "dc=example,dc=com"
+# configure SASL auth
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /config.ldif
+service ${SERVICE_NAME} restart
+wait_for_apacheds
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /data.ldif
+
+# test SASL auth and confidentiality
+ldapwhoami -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret |& tee /tmp/ldapwhoami.log
+grep "SASL/DIGEST-MD5 authentication started" /tmp/ldapwhoami.log
+grep "SASL username: user.1" /tmp/ldapwhoami.log
+grep "SASL SSF: 128" /tmp/ldapwhoami.log
+grep "SASL data security layer installed." /tmp/ldapwhoami.log
+ldapsearch -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret -s sub -b "ou=users,ou=system"
+
# repair (stop before and start after)
service ${SERVICE_NAME} stop
service ${SERVICE_NAME} repair
diff --git a/installers/src/test/docker/rpm.test b/installers/src/test/docker/rpm.test
index e4885b9..90bb352 100644
--- a/installers/src/test/docker/rpm.test
+++ b/installers/src/test/docker/rpm.test
@@ -39,7 +39,7 @@ wait_for_apacheds() {
}
# install packages
-yum -y -q install openldap-clients nmap procps
+yum -y -q install openldap-clients cyrus-sasl-md5 nmap procps
command -v java >/dev/null 2>&1 || yum -y -q install java-latest-openjdk-headless || yum -y -q install java-openjdk-headless
java -version
@@ -72,6 +72,20 @@ wait_for_apacheds
# search
ldapsearch -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -s base -b "dc=example,dc=com"
+# configure SASL auth
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /config.ldif
+/etc/init.d/${SERVICE_NAME} restart
+wait_for_apacheds
+ldapmodify -h localhost -p 10389 -x -D "uid=admin,ou=system" -w secret -f /data.ldif
+
+# test SASL auth and confidentiality
+ldapwhoami -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret |& tee /tmp/ldapwhoami.log
+grep "SASL/DIGEST-MD5 authentication started" /tmp/ldapwhoami.log
+grep "SASL username: user.1" /tmp/ldapwhoami.log
+grep "SASL SSF: 128" /tmp/ldapwhoami.log
+grep "SASL data security layer installed." /tmp/ldapwhoami.log
+ldapsearch -h localhost -p 10389 -Y DIGEST-MD5 -N -O "minssf=128" -U user.1 -R example.com -w secret -s sub -b "ou=users,ou=system"
+
# repair (stop before and start after)
/etc/init.d/${SERVICE_NAME} stop
/etc/init.d/${SERVICE_NAME} repair
diff --git a/installers/src/test/docker/run-archive-tests.sh b/installers/src/test/docker/run-archive-tests.sh
index 063d8e9..67d1172 100755
--- a/installers/src/test/docker/run-archive-tests.sh
+++ b/installers/src/test/docker/run-archive-tests.sh
@@ -32,6 +32,8 @@ then
docker run -i --rm -h myhostname \
-v ${TGZ}:/apacheds.tar.gz \
-v ${TEST_SCRIPTS_DIR}/archive.test:/archive.test \
+ -v ${TEST_SCRIPTS_DIR}/config.ldif:/config.ldif \
+ -v ${TEST_SCRIPTS_DIR}/data.ldif:/data.ldif \
openjdk:8 bash /archive.test
fi
@@ -46,5 +48,7 @@ then
docker run -i --rm -h myhostname \
-v ${ZIP}:/apacheds.zip \
-v ${TEST_SCRIPTS_DIR}/archive.test:/archive.test \
+ -v ${TEST_SCRIPTS_DIR}/config.ldif:/config.ldif \
+ -v ${TEST_SCRIPTS_DIR}/data.ldif:/data.ldif \
openjdk:11 bash /archive.test
fi
diff --git a/installers/src/test/docker/run-bin-tests.sh b/installers/src/test/docker/run-bin-tests.sh
index 9a5ed0c..d97489f 100755
--- a/installers/src/test/docker/run-bin-tests.sh
+++ b/installers/src/test/docker/run-bin-tests.sh
@@ -32,6 +32,8 @@ then
docker run -i --rm -h myhostname \
-v ${BIN64}:/apacheds.bin \
-v ${TEST_SCRIPTS_DIR}/bin.test:/bin.test \
+ -v ${TEST_SCRIPTS_DIR}/config.ldif:/config.ldif \
+ -v ${TEST_SCRIPTS_DIR}/data.ldif:/data.ldif \
openjdk:8 bash /bin.test
echo
diff --git a/installers/src/test/docker/run-deb-tests.sh b/installers/src/test/docker/run-deb-tests.sh
index 61c4c4a..1d05daa 100755
--- a/installers/src/test/docker/run-deb-tests.sh
+++ b/installers/src/test/docker/run-deb-tests.sh
@@ -24,7 +24,7 @@ INSTALLERS_DIR="$TEST_SCRIPTS_DIR/../installers"
# Debian package 64bit
DEB64="${INSTALLERS_DIR}/apacheds-${project.version}-amd64.deb"
-DOCKER_CMD="docker run -i --rm -h myhostname -v ${DEB64}:/apacheds.deb -v ${TEST_SCRIPTS_DIR}/deb.test:/deb.test"
+DOCKER_CMD="docker run -i --rm -h myhostname -v ${DEB64}:/apacheds.deb -v ${TEST_SCRIPTS_DIR}/deb.test:/deb.test -v ${TEST_SCRIPTS_DIR}/config.ldif:/config.ldif -v ${TEST_SCRIPTS_DIR}/data.ldif:/data.ldif"
if [ -f ${DEB64} ]
then
echo
diff --git a/installers/src/test/docker/run-rpm-tests.sh b/installers/src/test/docker/run-rpm-tests.sh
index 249d8d5..1c2f075 100755
--- a/installers/src/test/docker/run-rpm-tests.sh
+++ b/installers/src/test/docker/run-rpm-tests.sh
@@ -24,7 +24,7 @@ INSTALLERS_DIR="$TEST_SCRIPTS_DIR/../installers"
# RPM package 64bit
RPM64="${INSTALLERS_DIR}/apacheds-${project.version}-x86_64.rpm"
-DOCKER_CMD="docker run -i --rm -h myhostname -v ${RPM64}:/apacheds.rpm -v ${TEST_SCRIPTS_DIR}/rpm.test:/rpm.test"
+DOCKER_CMD="docker run -i --rm -h myhostname -v ${RPM64}:/apacheds.rpm -v ${TEST_SCRIPTS_DIR}/rpm.test:/rpm.test -v ${TEST_SCRIPTS_DIR}/config.ldif:/config.ldif -v ${TEST_SCRIPTS_DIR}/data.ldif:/data.ldif"
if [ -f ${RPM64} ]
then
echo