Home Verkennen Help
Inloggen
kennyh
/
emqx4.3
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

test(ldap): add test cases for `memberof`

firest 1 jaar geleden
bovenliggende
fc2cf76ed1
commit
d2bd3e6db1
6 gewijzigde bestanden met toevoegingen van 77 en 16 verwijderingen
Gecombineerde weergave Toon Diff Stats
  1. 23 3
      .ci/docker-compose-file/openldap/Dockerfile
  2. 14 0
      .ci/docker-compose-file/openldap/entrypoint
  3. 2 1
      .ci/docker-compose-file/openldap/slapd.conf
  4. 28 2
      apps/emqx_auth_ldap/test/emqx_authn_ldap_SUITE.erl
  5. 1 1
      apps/emqx_ldap/src/emqx_ldap.app.src
  6. 9 9
      apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl

+ 23 - 3
.ci/docker-compose-file/openldap/Dockerfile
Bestand weergeven 

@@ -1,8 +1,26 @@
 
-FROM docker.io/zmstone/openldap:2.5.16@sha256:a813922115a1d1f1b974399595921d1778fae22b3f1ee15dcfa8cfa89700dbc7
 
+FROM buildpack-deps:bookworm
 
 
 
+ARG LDAP_TAG=2.5.16
 
+
 
+RUN apt-get update && apt-get install -y groff groff-base ldap-utils
 
+RUN wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-${LDAP_TAG}.tgz \
 
+    && tar xvzf openldap-${LDAP_TAG}.tgz \
 
+    && cd openldap-${LDAP_TAG} \
 
+    && ./configure --enable-memberof --enable-refint && make depend && make && make install \
 
+    && cd .. && rm -rf  openldap-${LDAP_TAG}
 
+
 
+## entrypoint
 
+COPY .ci/docker-compose-file/openldap/entrypoint /usr/local/etc/openldap/entrypoint
 
+
 
+## conf && schema
 
 COPY .ci/docker-compose-file/openldap/slapd.conf /usr/local/etc/openldap/slapd.conf
 
 COPY .ci/docker-compose-file/openldap/slapd.conf /usr/local/etc/openldap/slapd.conf
 
-COPY apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
 
 COPY apps/emqx_ldap/test/data/emqx.schema /usr/local/etc/openldap/schema/emqx.schema
 
 COPY apps/emqx_ldap/test/data/emqx.schema /usr/local/etc/openldap/schema/emqx.schema
 
+
 
+## data
 
+COPY apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
 
+COPY apps/emqx_ldap/test/data/emqx.groups.ldif /usr/local/etc/openldap/schema/emqx.groups.ldif
 
+
 
+## pem
 
 COPY .ci/docker-compose-file/certs/ca.crt /usr/local/etc/openldap/cacert.pem
 
 COPY .ci/docker-compose-file/certs/ca.crt /usr/local/etc/openldap/cacert.pem
 
 COPY .ci/docker-compose-file/certs/server.crt /usr/local/etc/openldap/cert.pem
 
 COPY .ci/docker-compose-file/certs/server.crt /usr/local/etc/openldap/cert.pem
 
 COPY .ci/docker-compose-file/certs/server.key /usr/local/etc/openldap/key.pem
 
 COPY .ci/docker-compose-file/certs/server.key /usr/local/etc/openldap/key.pem
 
@@ -14,6 +32,8 @@ WORKDIR /usr/local/etc/openldap
 
 
 
 EXPOSE 389 636
 
 EXPOSE 389 636
 
 
 
-ENTRYPOINT ["/usr/local/libexec/slapd", "-h", "ldap:/// ldaps:///", "-d", "3", "-f", "/usr/local/etc/openldap/slapd.conf"]
 
+#ENTRYPOINT ["/usr/local/libexec/slapd", "-h", "ldap:/// ldaps:///", "-d", "3", "-f", "/usr/local/etc/openldap/slapd.conf"]
 
+
 
+ENTRYPOINT ["./entrypoint"]
 
 
 
 CMD []
 
 CMD []

+ 14 - 0
.ci/docker-compose-file/openldap/entrypoint
Bestand weergeven 

@@ -0,0 +1,14 @@
 
+#!/bin/bash
 
+
 
+set -e
 
+
 
+/usr/local/libexec/slapd -h "ldap:/// ldaps:///" -f /usr/local/etc/openldap/slapd.conf
 
+
 
+if [ ! -f ADDED_GROUPS ]; then
 
+    ldapadd -x -D cn=root,dc=emqx,dc=io -w public -f /usr/local/etc/openldap/schema/emqx.groups.ldif
 
+    touch ADDED_GROUPS
 
+fi
 
+
 
+PID=$(pgrep -o slapd)
 
+tail -f --pid="$PID"
 
+

+ 2 - 1
.ci/docker-compose-file/openldap/slapd.conf
Bestand weergeven 

@@ -11,5 +11,6 @@ database mdb
 
 suffix "dc=emqx,dc=io"
 
 suffix "dc=emqx,dc=io"
 
 rootdn "cn=root,dc=emqx,dc=io"
 
 rootdn "cn=root,dc=emqx,dc=io"
 
 rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W
 
 rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W
 
-
 
 directory       /usr/local/etc/openldap/data
 
 directory       /usr/local/etc/openldap/data
 
+overlay memberof
 
+memberof-refint TRUE

+ 28 - 2
apps/emqx_auth_ldap/test/emqx_authn_ldap_SUITE.erl
Bestand weergeven 

@@ -336,16 +336,21 @@ deprecated_raw_ldap_auth_config() ->
 
     }.
 
     }.
 
 
 
 user_seeds() ->
 
 user_seeds() ->
 
-    New = fun(Username, Password, Result) ->
 
+    New4 = fun(Username, Password, Result, Params) ->
 
         #{
 
         #{
 
             credentials => #{
 
             credentials => #{
 
                 username => Username,
 
                 username => Username,
 
                 password => Password
 
                 password => Password
 
             },
 
             },
 
-            config_params => #{},
 
+            config_params => Params,
 
             result => Result
 
             result => Result
 
         }
 
         }
 
     end,
 
     end,
 
+
 
+    New = fun(Username, Password, Result) ->
 
+        New4(Username, Password, Result, #{})
 
+    end,
 
+
 
     Valid =
 
     Valid =
 
         lists:map(
 
         lists:map(
 
             fun(Idx) ->
 
             fun(Idx) ->
 
@@ -368,6 +373,27 @@ user_seeds() ->
 
             <<"mqttuser0009 \\\\test\\\\">>,
 
             <<"mqttuser0009 \\\\test\\\\">>,
 
             <<"mqttuser0009 \\\\test\\\\">>,
 
             <<"mqttuser0009 \\\\test\\\\">>,
 
             {ok, #{is_superuser => true}}
 
             {ok, #{is_superuser => true}}
 
+        ),
 
+        %% not in group
 
+        New4(
 
+            <<"mqttuser0002">>,
 
+            <<"mqttuser0002">>,
 
+            {error, not_authorized},
 
+            #{<<"filter">> => <<"(memberOf=cn=test,ou=Groups,dc=emqx,dc=io)">>}
 
+        ),
 
+        %% in group
 
+        New4(
 
+            <<"mqttuser0003">>,
 
+            <<"mqttuser0003">>,
 
+            {ok, #{is_superuser => false}},
 
+            #{<<"filter">> => <<"(memberOf=cn=test,ou=Groups,dc=emqx,dc=io)">>}
 
+        ),
 
+        %% non exists group
 
+        New4(
 
+            <<"mqttuser0003">>,
 
+            <<"mqttuser0003">>,
 
+            {error, not_authorized},
 
+            #{<<"filter">> => <<"(memberOf=cn=nonexists,ou=Groups,dc=emqx,dc=io)">>}
 
         )
 
         )
 
         | Valid
 
         | Valid
 
     ].
 
     ].

+ 1 - 1
apps/emqx_ldap/src/emqx_ldap.app.src
Bestand weergeven 

@@ -1,6 +1,6 @@
 
 {application, emqx_ldap, [
 
 {application, emqx_ldap, [
 
     {description, "EMQX LDAP Connector"},
 
     {description, "EMQX LDAP Connector"},
 
-    {vsn, "0.1.9"},
 
+    {vsn, "0.1.10"},
 
     {registered, []},
 
     {registered, []},
 
     {applications, [
 
     {applications, [
 
         kernel,
 
         kernel,

+ 9 - 9
apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl
Bestand weergeven 

@@ -15,7 +15,7 @@ Header "%%--------------------------------------------------------------------
 
 %%--------------------------------------------------------------------".
 
 %%--------------------------------------------------------------------".
 
 
 
 Nonterminals
 
 Nonterminals
 
-filter filtercomp filterlist item simple present substring initial any final extensible attr value type dnattrs matchingrule pairedvalue.
 
+filter filtercomp filterlist item simple present substring initial any final extensible attr value type dnattrs matchingrule dnvalue.
 
 
 
 Terminals
 
 Terminals
 
 lparen rparen 'and' 'or' 'not' equal approx greaterOrEqual lessOrEqual asterisk colon dn string comma.
 
 lparen rparen 'and' 'or' 'not' equal approx greaterOrEqual lessOrEqual asterisk colon dn string comma.
 
@@ -53,7 +53,7 @@ item->
 
 simple ->
 
 simple ->
 
     attr equal value: equal('$1', '$3').
 
     attr equal value: equal('$1', '$3').
 
 simple ->
 
 simple ->
 
-    attr equal pairedvalue: equal('$1', '$3').
 
+    attr equal dnvalue: equal('$1', '$3').
 
 simple ->
 
 simple ->
 
     attr approx value: approx('$1', '$3').
 
     attr approx value: approx('$1', '$3').
 
 simple ->
 
 simple ->
 
@@ -102,10 +102,10 @@ attr ->
 
 value ->
 
 value ->
 
     string: get_value('$1').
 
     string: get_value('$1').
 
 
 
-pairedvalue ->
 
-    string equal string comma pairedvalue: make_paired_value('$1', '$3', '$5').
 
-pairedvalue ->
 
-    string equal string: make_paired_value('$1', '$3').
 
+dnvalue ->
 
+    string equal string comma dnvalue: make_dn_value('$1', '$3', '$5').
 
+dnvalue ->
 
+    string equal string: make_dn_value('$1', '$3').
 
 
 
 type ->
 
 type ->
 
     value: {type, '$1'}.
 
     value: {type, '$1'}.
 
@@ -157,13 +157,13 @@ flatten(List) -> lists:flatten(List).
 
 get_value({_Token, _Line, Value}) ->
 
 get_value({_Token, _Line, Value}) ->
 
     Value.
 
     Value.
 
 
 
-make_paired_value(Attr, Value) ->
 
+make_dn_value(Attr, Value) ->
 
     Attr1 = get_value(Attr),
 
     Attr1 = get_value(Attr),
 
     Value1 = get_value(Value),
 
     Value1 = get_value(Value),
 
     Attr1 ++ "=" ++ Value1.
 
     Attr1 ++ "=" ++ Value1.
 
 
 
-make_paired_value(Attr, Value, Next) ->
 
-    Prefix = make_paired_value(Attr, Value),
 
+make_dn_value(Attr, Value, Next) ->
 
+    Prefix = make_dn_value(Attr, Value),
 
     Prefix ++ "," ++ Next.
 
     Prefix ++ "," ++ Next.
 
 
 
 scan_and_parse(Bin) when is_binary(Bin) ->
 
 scan_and_parse(Bin) when is_binary(Bin) ->