mirror of https://github.com/nextcloud/server.git
Merge pull request #8855 from nextcloud/feature/noid/ldap-integration-autotests
behat integration tests for LDAPpull/10688/head
commit
d05c815796
@ -1,127 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||
* @author Joas Schilling <coding@schilljs.com>
|
||||
*
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\User_LDAP\Tests\Integration\Lib;
|
||||
|
||||
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
|
||||
|
||||
require_once __DIR__ . '/../Bootstrap.php';
|
||||
|
||||
class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
|
||||
|
||||
/**
|
||||
* prepares the LDAP environment and sets up a test configuration for
|
||||
* the LDAP backend.
|
||||
*/
|
||||
public function init() {
|
||||
require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
|
||||
require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
|
||||
require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
|
||||
parent::init();
|
||||
}
|
||||
|
||||
/**
|
||||
* tests whether the group filter works with one specific group, while the
|
||||
* input is the same.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case1() {
|
||||
$this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
|
||||
|
||||
$dns = ['cn=RedGroup,ou=Groups,' . $this->base];
|
||||
$result = $this->access->groupsMatchFilter($dns);
|
||||
return ($dns === $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests whether a filter for limited groups is effective when more existing
|
||||
* groups were passed for validation.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case2() {
|
||||
$this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
|
||||
|
||||
$dns = [
|
||||
'cn=RedGroup,ou=Groups,' . $this->base,
|
||||
'cn=BlueGroup,ou=Groups,' . $this->base,
|
||||
'cn=PurpleGroup,ou=Groups,' . $this->base
|
||||
];
|
||||
$result = $this->access->groupsMatchFilter($dns);
|
||||
|
||||
$status =
|
||||
count($result) === 2
|
||||
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
|
||||
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests whether a filter for limited groups is effective when more existing
|
||||
* groups were passed for validation.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case3() {
|
||||
$this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
|
||||
|
||||
$dns = [
|
||||
'cn=RedGroup,ou=Groups,' . $this->base,
|
||||
'cn=PurpleGroup,ou=Groups,' . $this->base,
|
||||
'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
|
||||
];
|
||||
$result = $this->access->groupsMatchFilter($dns);
|
||||
|
||||
$status =
|
||||
count($result) === 2
|
||||
&& in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
|
||||
&& in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
||||
/**
|
||||
* sets up the LDAP configuration to be used for the test
|
||||
*/
|
||||
protected function initConnection() {
|
||||
parent::initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'ldapBaseGroups' => 'ou=Groups,' . $this->base,
|
||||
'ldapUserFilter' => 'objectclass=inetOrgPerson',
|
||||
'ldapUserDisplayName' => 'displayName',
|
||||
'ldapGroupDisplayName' => 'cn',
|
||||
'ldapLoginFilter' => 'uid=%uid',
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
/** @var string $host */
|
||||
/** @var int $port */
|
||||
/** @var string $adn */
|
||||
/** @var string $apwd */
|
||||
/** @var string $bdn */
|
||||
$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
|
||||
$test->init();
|
||||
$test->run();
|
@ -1,124 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||
* @author Joas Schilling <coding@schilljs.com>
|
||||
*
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\User_LDAP\Tests\Integration\Lib;
|
||||
|
||||
use OC\ServerNotAvailableException;
|
||||
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
|
||||
use OCA\User_LDAP\Mapping\UserMapping;
|
||||
use OCA\User_LDAP\User_LDAP;
|
||||
|
||||
require_once __DIR__ . '/../Bootstrap.php';
|
||||
|
||||
class IntegrationTestBackupServer extends AbstractIntegrationTest {
|
||||
/** @var UserMapping */
|
||||
protected $mapping;
|
||||
|
||||
/** @var User_LDAP */
|
||||
protected $backend;
|
||||
|
||||
/**
|
||||
* sets up the LDAP configuration to be used for the test
|
||||
*/
|
||||
protected function initConnection() {
|
||||
parent::initConnection();
|
||||
$originalHost = $this->connection->ldapHost;
|
||||
$originalPort = $this->connection->ldapPort;
|
||||
$this->connection->setConfiguration([
|
||||
'ldapHost' => 'qwertz.uiop',
|
||||
'ldapPort' => '32123',
|
||||
'ldap_backup_host' => $originalHost,
|
||||
'ldap_backup_port' => $originalPort,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* tests that a backup connection is being used when the main LDAP server
|
||||
* is offline
|
||||
*
|
||||
* Beware: after starting docker, the LDAP host might not be ready yet, thus
|
||||
* causing a false positive. Retry in that case… or increase the sleep time
|
||||
* in run-test.sh
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case1() {
|
||||
try {
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* ensures that an exception is thrown if LDAP main server and LDAP backup
|
||||
* server are not available
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case2() {
|
||||
// reset possible LDAP connection
|
||||
$this->initConnection();
|
||||
try {
|
||||
$this->connection->setConfiguration([
|
||||
'ldap_backup_host' => 'qwertz.uiop',
|
||||
'ldap_backup_port' => '32123',
|
||||
]);
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* ensures that an exception is thrown if main LDAP server is down and a
|
||||
* backup server is not given
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case3() {
|
||||
// reset possible LDAP connection
|
||||
$this->initConnection();
|
||||
try {
|
||||
$this->connection->setConfiguration([
|
||||
'ldap_backup_host' => '',
|
||||
'ldap_backup_port' => '',
|
||||
]);
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/** @var string $host */
|
||||
/** @var int $port */
|
||||
/** @var string $adn */
|
||||
/** @var string $apwd */
|
||||
/** @var string $bdn */
|
||||
$test = new IntegrationTestBackupServer($host, $port, $adn, $apwd, $bdn);
|
||||
$test->init();
|
||||
$test->run();
|
@ -1,172 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||
* @author Joas Schilling <coding@schilljs.com>
|
||||
*
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\User_LDAP\Tests\Integration\Lib;
|
||||
|
||||
use OC\ServerNotAvailableException;
|
||||
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
|
||||
use OCA\User_LDAP\Mapping\UserMapping;
|
||||
use OCA\User_LDAP\User_LDAP;
|
||||
|
||||
require_once __DIR__ . '/../Bootstrap.php';
|
||||
|
||||
class IntegrationTestConnect extends AbstractIntegrationTest {
|
||||
/** @var UserMapping */
|
||||
protected $mapping;
|
||||
|
||||
/** @var User_LDAP */
|
||||
protected $backend;
|
||||
|
||||
/** @var string */
|
||||
protected $host;
|
||||
|
||||
/** @var int */
|
||||
protected $port;
|
||||
|
||||
public function __construct($host, $port, $bind, $pwd, $base) {
|
||||
// make sure host is a simple host name
|
||||
if(strpos($host, '://') !== false) {
|
||||
$host = substr_replace($host, '', 0, strpos($host, '://') + 3);
|
||||
}
|
||||
if(strpos($host, ':') !== false) {
|
||||
$host = substr_replace($host, '', strpos($host, ':'));
|
||||
}
|
||||
$this->host = $host;
|
||||
$this->port = $port;
|
||||
parent::__construct($host, $port, $bind, $pwd, $base);
|
||||
}
|
||||
|
||||
/**
|
||||
* test that a faulty host will does not connect successfully
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case1() {
|
||||
// reset possible LDAP connection
|
||||
$this->initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'ldapHost' => 'qwertz.uiop',
|
||||
]);
|
||||
try {
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* tests that a connect succeeds when only a hostname is provided
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case2() {
|
||||
// reset possible LDAP connection
|
||||
$this->initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'ldapHost' => $this->host,
|
||||
]);
|
||||
try {
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* tests that a connect succeeds when an LDAP URL is provided
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case3() {
|
||||
// reset possible LDAP connection
|
||||
$this->initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'ldapHost' => 'ldap://' . $this->host,
|
||||
]);
|
||||
try {
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* tests that a connect succeeds when an LDAP URL with port is provided
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case4() {
|
||||
// reset possible LDAP connection
|
||||
$this->initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'ldapHost' => 'ldap://' . $this->host . ':' . $this->port,
|
||||
]);
|
||||
try {
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* tests that a connect succeeds when a hostname with port is provided
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case5() {
|
||||
// reset possible LDAP connection
|
||||
$this->initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'ldapHost' => $this->host . ':' . $this->port,
|
||||
]);
|
||||
try {
|
||||
$this->connection->getConnectionResource();
|
||||
} catch (ServerNotAvailableException $e) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* repeat case1, only to make sure that not a connection was reused by
|
||||
* accident.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case6() {
|
||||
return $this->case1();
|
||||
}
|
||||
}
|
||||
|
||||
/** @var string $host */
|
||||
/** @var int $port */
|
||||
/** @var string $adn */
|
||||
/** @var string $apwd */
|
||||
/** @var string $bdn */
|
||||
$test = new IntegrationTestConnect($host, $port, $adn, $apwd, $bdn);
|
||||
$test->init();
|
||||
$test->run();
|
@ -1,186 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
*
|
||||
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||
* @author Joas Schilling <coding@schilljs.com>
|
||||
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
||||
* @author Morris Jobke <hey@morrisjobke.de>
|
||||
* @author Vinicius Cubas Brand <vinicius@eita.org.br>
|
||||
*
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\User_LDAP\Tests\Integration\Lib;
|
||||
|
||||
use OCA\User_LDAP\FilesystemHelper;
|
||||
use OCA\User_LDAP\LogWrapper;
|
||||
use OCA\User_LDAP\User\Manager as LDAPUserManager;
|
||||
use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
|
||||
use OCA\User_LDAP\Mapping\UserMapping;
|
||||
use OCA\User_LDAP\User_LDAP;
|
||||
use OCP\Image;
|
||||
|
||||
require_once __DIR__ . '/../Bootstrap.php';
|
||||
|
||||
class IntegrationTestUserHome extends AbstractIntegrationTest {
|
||||
/** @var UserMapping */
|
||||
protected $mapping;
|
||||
|
||||
/** @var User_LDAP */
|
||||
protected $backend;
|
||||
|
||||
/**
|
||||
* prepares the LDAP environment and sets up a test configuration for
|
||||
* the LDAP backend.
|
||||
*/
|
||||
public function init() {
|
||||
require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
|
||||
parent::init();
|
||||
|
||||
$this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
|
||||
$this->mapping->clear();
|
||||
$this->access->setUserMapper($this->mapping);
|
||||
$this->backend = new User_LDAP($this->access, \OC::$server->getConfig(), \OC::$server->getNotificationManager(), \OC::$server->getUserSession(), \OC::$server->query('LDAPUserPluginManager'));
|
||||
}
|
||||
|
||||
/**
|
||||
* sets up the LDAP configuration to be used for the test
|
||||
*/
|
||||
protected function initConnection() {
|
||||
parent::initConnection();
|
||||
$this->connection->setConfiguration([
|
||||
'homeFolderNamingRule' => 'homeDirectory',
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* initializes an LDAP user manager instance
|
||||
* @return LDAPUserManager
|
||||
*/
|
||||
protected function initUserManager() {
|
||||
$this->userManager = new LDAPUserManager(
|
||||
\OC::$server->getConfig(),
|
||||
new FilesystemHelper(),
|
||||
new LogWrapper(),
|
||||
\OC::$server->getAvatarManager(),
|
||||
new Image(),
|
||||
\OC::$server->getDatabaseConnection(),
|
||||
\OC::$server->getUserManager(),
|
||||
\OC::$server->getNotificationManager()
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* homeDirectory on LDAP is empty. Return values of getHome should be
|
||||
* identical to user name, following Nextcloud default.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case1() {
|
||||
\OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', false);
|
||||
$userManager = \OC::$server->getUserManager();
|
||||
$userManager->clearBackends();
|
||||
$userManager->registerBackend($this->backend);
|
||||
$users = $userManager->search('', 5, 0);
|
||||
|
||||
foreach($users as $user) {
|
||||
$home = $user->getHome();
|
||||
$uid = $user->getUID();
|
||||
$posFound = strpos($home, '/' . $uid);
|
||||
$posExpected = strlen($home) - (strlen($uid) + 1);
|
||||
if($posFound === false || $posFound !== $posExpected) {
|
||||
print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* homeDirectory on LDAP is empty. Having the attributes set is enforced.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case2() {
|
||||
\OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
|
||||
$userManager = \OC::$server->getUserManager();
|
||||
// clearing backends is critical, otherwise the userManager will have
|
||||
// the user objects cached and the value from case1 returned
|
||||
$userManager->clearBackends();
|
||||
$userManager->registerBackend($this->backend);
|
||||
$users = $userManager->search('', 5, 0);
|
||||
|
||||
try {
|
||||
foreach ($users as $user) {
|
||||
$user->getHome();
|
||||
print('User home was retrieved without throwing an Exception!' . PHP_EOL);
|
||||
return false;
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
if(strpos($e->getMessage(), 'Home dir attribute') === 0) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* homeDirectory on LDAP is set to "attr:" which is effectively empty.
|
||||
* Return values of getHome should be Nextcloud default.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function case3() {
|
||||
\OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
|
||||
$this->connection->setConfiguration([
|
||||
'homeFolderNamingRule' => 'attr:',
|
||||
]);
|
||||
$userManager = \OC::$server->getUserManager();
|
||||
$userManager->clearBackends();
|
||||
$userManager->registerBackend($this->backend);
|
||||
$users = $userManager->search('', 5, 0);
|
||||
|
||||
try {
|
||||
foreach ($users as $user) {
|
||||
$home = $user->getHome();
|
||||
$uid = $user->getUID();
|
||||
$posFound = strpos($home, '/' . $uid);
|
||||
$posExpected = strlen($home) - (strlen($uid) + 1);
|
||||
if ($posFound === false || $posFound !== $posExpected) {
|
||||
print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
print("Unexpected Exception: " . $e->getMessage() . PHP_EOL);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/** @var string $host */
|
||||
/** @var int $port */
|
||||
/** @var string $adn */
|
||||
/** @var string $apwd */
|
||||
/** @var string $bdn */
|
||||
$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
|
||||
$test->init();
|
||||
$test->run();
|
@ -0,0 +1,104 @@
|
||||
Feature: LDAP
|
||||
Background:
|
||||
Given using api version "2"
|
||||
And having a valid LDAP configuration
|
||||
|
||||
Scenario: Test valid configuration by logging in
|
||||
Given Logging in using web as "alice"
|
||||
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Test valid configuration with port in the hostname by logging in
|
||||
Given modify LDAP configuration
|
||||
| ldapHost | openldap:389 |
|
||||
And cookies are reset
|
||||
And Logging in using web as "alice"
|
||||
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Test valid configuration with LDAP protocol by logging in
|
||||
Given modify LDAP configuration
|
||||
| ldapHost | ldap://openldap |
|
||||
And cookies are reset
|
||||
And Logging in using web as "alice"
|
||||
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Test valid configuration with LDAP protoccol and port by logging in
|
||||
Given modify LDAP configuration
|
||||
| ldapHost | ldap://openldap:389 |
|
||||
And cookies are reset
|
||||
And Logging in using web as "alice"
|
||||
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Look for a known LDAP user
|
||||
Given As an "admin"
|
||||
And sending "GET" to "/cloud/users?search=alice"
|
||||
Then the OCS status code should be "200"
|
||||
And looking up details for the first result matches expectations
|
||||
| email | alice@nextcloud.ci |
|
||||
| displayname | Alice |
|
||||
|
||||
Scenario: Test group filter with one specific group
|
||||
Given modify LDAP configuration
|
||||
| ldapGroupFilter | cn=RedGroup |
|
||||
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/groups"
|
||||
Then the OCS status code should be "200"
|
||||
And the "groups" result should match
|
||||
| RedGroup | 1 |
|
||||
| GreenGroup | 0 |
|
||||
| BlueGroup | 0 |
|
||||
| PurpleGroup | 0 |
|
||||
|
||||
Scenario: Test group filter with two specific groups
|
||||
Given modify LDAP configuration
|
||||
| ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
|
||||
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/groups"
|
||||
Then the OCS status code should be "200"
|
||||
And the "groups" result should match
|
||||
| RedGroup | 1 |
|
||||
| GreenGroup | 1 |
|
||||
| BlueGroup | 0 |
|
||||
| PurpleGroup | 0 |
|
||||
|
||||
Scenario: Test group filter ruling out a group from a different base
|
||||
Given modify LDAP configuration
|
||||
| ldapGroupFilter | (objectClass=groupOfNames) |
|
||||
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/groups"
|
||||
Then the OCS status code should be "200"
|
||||
And the "groups" result should match
|
||||
| RedGroup | 1 |
|
||||
| GreenGroup | 1 |
|
||||
| BlueGroup | 1 |
|
||||
| PurpleGroup | 1 |
|
||||
| SquareGroup | 0 |
|
||||
|
||||
Scenario: Test backup server
|
||||
Given modify LDAP configuration
|
||||
| ldapBackupHost | openldap |
|
||||
| ldapBackupPort | 389 |
|
||||
| ldapHost | foo.bar |
|
||||
| ldapPort | 2456 |
|
||||
And Logging in using web as "alice"
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Test backup server offline
|
||||
Given modify LDAP configuration
|
||||
| ldapBackupHost | off.line |
|
||||
| ldapBackupPort | 3892 |
|
||||
| ldapHost | foo.bar |
|
||||
| ldapPort | 2456 |
|
||||
Then Expect ServerException on failed web login as "alice"
|
||||
|
||||
Scenario: Test LDAP server offline, no backup server
|
||||
Given modify LDAP configuration
|
||||
| ldapHost | foo.bar |
|
||||
| ldapPort | 2456 |
|
||||
Then Expect ServerException on failed web login as "alice"
|
@ -0,0 +1,88 @@
|
||||
Feature: LDAP
|
||||
Background:
|
||||
Given using api version "2"
|
||||
And having a valid LDAP configuration
|
||||
And modify LDAP configuration
|
||||
| ldapExpertUsernameAttr | uid |
|
||||
|
||||
Scenario: Look for a expected LDAP users
|
||||
Given As an "admin"
|
||||
And sending "GET" to "/cloud/users"
|
||||
Then the OCS status code should be "200"
|
||||
And the "users" result should match
|
||||
| alice | 1 |
|
||||
| elisa | 1 |
|
||||
| ghost | 0 |
|
||||
|
||||
Scenario: check default home of an LDAP user
|
||||
Given As an "admin"
|
||||
And sending "GET" to "/cloud/users/alice"
|
||||
Then the OCS status code should be "200"
|
||||
And the record's fields should match
|
||||
| storageLocation | /dev/shm/nc_int/alice |
|
||||
|
||||
Scenario: check custom relative home of an LDAP user
|
||||
Given modify LDAP configuration
|
||||
| homeFolderNamingRule | sn |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/users/alice"
|
||||
Then the OCS status code should be "200"
|
||||
And the record's fields should match
|
||||
| storageLocation | /dev/shm/nc_int/Alfgeirdottir |
|
||||
|
||||
Scenario: check custom absolute home of an LDAP user
|
||||
Given modify LDAP configuration
|
||||
| homeFolderNamingRule | roomNumber |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/users/elisa"
|
||||
Then the OCS status code should be "200"
|
||||
And the record's fields should match
|
||||
| storageLocation | /dev/shm/elisa-data |
|
||||
|
||||
Scenario: Fetch all users, invoking pagination
|
||||
Given modify LDAP configuration
|
||||
| ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
|
||||
| ldapPagingSize | 2 |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/users"
|
||||
Then the OCS status code should be "200"
|
||||
And the "users" result should match
|
||||
| ebba | 1 |
|
||||
| eindis | 1 |
|
||||
| fjolnir | 1 |
|
||||
| gunna | 1 |
|
||||
| juliana | 1 |
|
||||
| leo | 1 |
|
||||
| stigur | 1 |
|
||||
|
||||
Scenario: Fetch all users, invoking pagination
|
||||
Given modify LDAP configuration
|
||||
| ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
|
||||
| ldapPagingSize | 2 |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/users?limit=10"
|
||||
Then the OCS status code should be "200"
|
||||
And the "users" result should match
|
||||
| ebba | 1 |
|
||||
| eindis | 1 |
|
||||
| fjolnir | 1 |
|
||||
| gunna | 1 |
|
||||
| juliana | 1 |
|
||||
| leo | 1 |
|
||||
| stigur | 1 |
|
||||
|
||||
Scenario: Fetch from second batch of all users, invoking pagination
|
||||
Given modify LDAP configuration
|
||||
| ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
|
||||
| ldapPagingSize | 2 |
|
||||
And As an "admin"
|
||||
And sending "GET" to "/cloud/users?limit=10&offset=2"
|
||||
Then the OCS status code should be "200"
|
||||
And the "users" result should contain "5" of
|
||||
| ebba |
|
||||
| eindis |
|
||||
| fjolnir |
|
||||
| gunna |
|
||||
| juliana |
|
||||
| leo |
|
||||
| stigur |
|
Loading…
Reference in New Issue