Add LDAP referral chasing config test, and scripts/ldap-init.sh
to run both required containers with slapd. Relies on a
httpd_slapd container which is built like in httpd's
test/travis_Dockerfile_slapd.
git-svn-id: https://svn.apache.org/repos/asf/httpd/test/framework/trunk@1878888 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/scripts/httpd-sub.ldif b/scripts/httpd-sub.ldif
new file mode 100644
index 0000000..7908cb6
--- /dev/null
+++ b/scripts/httpd-sub.ldif
@@ -0,0 +1,15 @@
+dn: cn=httpd,dc=example,dc=com
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: httpd
+description: Service Account for httpd
+userPassword: mod_authnz_ldap
+
+dn: ou=dept,dc=example,dc=com
+ou: dept
+objectClass: organizationalUnit
+
+# Group
+dn: cn=Subgroup,ou=dept,dc=example,dc=com
+objectClass: groupOfUniqueNames
+uniqueMember: uid=beta,dc=example,dc=com
diff --git a/scripts/httpd.ldif b/scripts/httpd.ldif
index a205e79..b9211ee 100644
--- a/scripts/httpd.ldif
+++ b/scripts/httpd.ldif
@@ -1,3 +1,10 @@
+dn: cn=httpd,dc=example,dc=com
+objectClass: applicationProcess
+objectClass: simpleSecurityObject
+cn: httpd
+description: Service Account for httpd
+userPassword: mod_authnz_ldap
+
dn: uid=alpha,dc=example,dc=com
objectClass: inetOrgPerson
cn: Alpha Person
@@ -34,8 +41,16 @@
roomnumber: 43
userPassword: Delta
+# Group
dn: cn=Group One, dc=example,dc=com
objectClass: groupOfUniqueNames
uniqueMember: uid=alpha,dc=example,dc=com
uniqueMember: uid=beta,dc=example,dc=com
uniqueMember: uid=delta,dc=example,dc=com
+
+# Referral
+dn: ou=dept,dc=example,dc=com
+objectClass: referral
+objectClass: extensibleObject
+ou: dept
+ref: ldap://localhost:8390/ou=dept,dc=example,dc=com
diff --git a/scripts/ldap-init.sh b/scripts/ldap-init.sh
new file mode 100755
index 0000000..4466bfa
--- /dev/null
+++ b/scripts/ldap-init.sh
@@ -0,0 +1,13 @@
+#!/bin/bash -ex
+DOCKER=${DOCKER:-`which docker 2>/dev/null || which podman 2>/dev/null`}
+cid1=`${DOCKER} run -d -p 8389:389 httpd_ldap`
+cid2=`${DOCKER} run -d -p 8390:389 httpd_ldap`
+sleep 5
+
+# Disable anonymous bind; must be done as an authenticated local user
+# hence via ldapadd -Y EXTERNAL within the container.
+${DOCKER} exec -i $cid1 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/non-anon.ldif
+${DOCKER} exec -i $cid2 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/non-anon.ldif
+
+ldapadd -x -H ldap://localhost:8389 -D cn=admin,dc=example,dc=com -w travis < scripts/httpd.ldif
+ldapadd -x -H ldap://localhost:8390 -D cn=admin,dc=example,dc=com -w travis < scripts/httpd-sub.ldif
diff --git a/scripts/non-anon.ldif b/scripts/non-anon.ldif
new file mode 100644
index 0000000..535312c
--- /dev/null
+++ b/scripts/non-anon.ldif
@@ -0,0 +1,14 @@
+dn: cn=config
+changetype: modify
+add: olcDisallows
+olcDisallows: bind_anon
+
+dn: cn=config
+changetype: modify
+add: olcRequires
+olcRequires: authc
+
+dn: olcDatabase={-1}frontend,cn=config
+changetype: modify
+add: olcRequires
+olcRequires: authc
diff --git a/t/conf/extra.conf.in b/t/conf/extra.conf.in
index 6a33e8f..657d470 100644
--- a/t/conf/extra.conf.in
+++ b/t/conf/extra.conf.in
@@ -771,22 +771,39 @@
<IfDefine LDAP>
Alias /modules/ldap/simple @DocumentRoot@
Alias /modules/ldap/group @DocumentRoot@
+ Alias /modules/ldap/refer @DocumentRoot@
+
# Simple user lookup
<Location /modules/ldap/simple>
+ AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+ AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+ AuthLDAPBindPassword mod_authnz_ldap
AuthType Basic
AuthName ldap-simple@httpd.apache.org
AuthBasicProvider ldap
- AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
Require valid-user
</Location>
# Static group configuration
<Location /modules/ldap/group>
+ AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+ AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+ AuthLDAPBindPassword mod_authnz_ldap
AuthType Basic
AuthName ldap-group@httpd.apache.org
AuthBasicProvider ldap
- AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
Require ldap-group cn=Group One,dc=example,dc=com
</Location>
+ # Referral configuration -- the second user is only found if
+ # httpd follows the referral.
+ <Location /modules/ldap/refer>
+ AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+ AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+ AuthLDAPBindPassword mod_authnz_ldap
+ AuthType Basic
+ AuthName ldap-refer@httpd.apache.org
+ AuthBasicProvider ldap
+ Require ldap-group cn=Subgroup,ou=dept,dc=example,dc=com
+ </Location>
</IfDefine>
##
diff --git a/t/modules/ldap.t b/t/modules/ldap.t
index bb46990..d3bb8e9 100644
--- a/t/modules/ldap.t
+++ b/t/modules/ldap.t
@@ -25,6 +25,8 @@
['/modules/ldap/simple/' => 'gamma', 'Gamma', 200],
['/modules/ldap/group/' => 'gamma', 'Gamma', 401],
['/modules/ldap/group/' => 'delta', 'Delta', 200],
+ ['/modules/ldap/refer/' => 'alpha', 'Alpha', 401],
+ ['/modules/ldap/refer/' => 'beta', 'Beta', 200],
);
plan tests => scalar @cases,
