diff --git a/.drone.yml b/.drone.yml
index da877a95d50b9a0d6328bfbe27564e4b78313702..2ac98e4523ff6a7844b88df58892d2edbaf05d4b 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -562,6 +562,26 @@ pipeline:
when:
matrix:
TESTS: integration-ldap-features
+ integration-ldap-openldap-features:
+ image: nextcloudci/integration-php7.0:integration-php7.0-6
+ commands:
+ - ./occ maintenance:install --admin-pass=admin --data-dir=/dev/shm/nc_int
+ - ./occ app:enable user_ldap
+ - cd build/integration
+ - ./run.sh ldap_features/ldap-openldap.feature
+ when:
+ matrix:
+ TESTS: integration-ldap-openldap-features
+ integration-ldap-openldap-uid-features:
+ image: nextcloudci/integration-php7.0:integration-php7.0-6
+ commands:
+ - ./occ maintenance:install --admin-pass=admin --data-dir=/dev/shm/nc_int
+ - ./occ app:enable user_ldap
+ - cd build/integration
+ - ./run.sh ldap_features/openldap-uid-username.feature
+ when:
+ matrix:
+ TESTS: integration-ldap-openldap-uid-features
integration-trashbin:
image: nextcloudci/integration-php7.0:integration-php7.0-8
commands:
@@ -828,6 +848,10 @@ matrix:
- TESTS: integration-filesdrop-features
- TESTS: integration-transfer-ownership-features
- TESTS: integration-ldap-features
+ - TESTS: integration-ldap-openldap-features
+ ENABLE_OPENLDAP: true
+ - TESTS: integration-ldap-openldap-uid-features
+ ENABLE_OPENLDAP: true
- TESTS: integration-trashbin
- TESTS: integration-remote-api
- TESTS: integration-download
@@ -1007,5 +1031,15 @@ services:
when:
matrix:
TESTS: acceptance
+ openldap:
+ image: nextcloudci/openldap:openldap-4
+ environment:
+ - SLAPD_DOMAIN=nextcloud.ci
+ - SLAPD_ORGANIZATION=Nextcloud
+ - SLAPD_PASSWORD=admin
+ - SLAPD_ADDITIONAL_MODULES=memberof
+ when:
+ matrix:
+ ENABLE_OPENLDAP: true
branches: [ master, stable* ]
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index 91089e779a034834c73bf130160db1567a5a611b..a03b4a4cb9c6a730913300fe5c7eb923c9234ac3 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -609,23 +609,23 @@ class Access extends LDAPUtility implements IUserTools {
//NOTE: mind, disabling cache affects only this instance! Using it
// outside of core user management will still cache the user as non-existing.
$originalTTL = $this->connection->ldapCacheTTL;
- $this->connection->setConfiguration(array('ldapCacheTTL' => 0));
+ $this->connection->setConfiguration(['ldapCacheTTL' => 0]);
if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName))
|| (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) {
if($mapper->map($fdn, $intName, $uuid)) {
- $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
- if($this->ncUserManager instanceof PublicEmitter) {
+ $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
+ if($this->ncUserManager instanceof PublicEmitter && $isUser) {
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
}
$newlyMapped = true;
return $intName;
}
}
- $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
+ $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
- if($this->ncUserManager instanceof PublicEmitter) {
+ if($this->ncUserManager instanceof PublicEmitter && $isUser) {
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
}
$newlyMapped = true;
diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php
deleted file mode 100644
index 87c2e408424d7e70a7b4ad05c58d6c82575f1d98..0000000000000000000000000000000000000000
--- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestAccessGroupsMatchFilter.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Joas Schilling <coding@schilljs.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\User_LDAP\Tests\Integration\Lib;
-
-use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
-
-require_once __DIR__ . '/../Bootstrap.php';
-
-class IntegrationTestAccessGroupsMatchFilter extends AbstractIntegrationTest {
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- require(__DIR__ . '/../setup-scripts/createExplicitGroups.php');
- require(__DIR__ . '/../setup-scripts/createExplicitGroupsDifferentOU.php');
- parent::init();
- }
-
- /**
- * tests whether the group filter works with one specific group, while the
- * input is the same.
- *
- * @return bool
- */
- protected function case1() {
- $this->connection->setConfiguration(['ldapGroupFilter' => 'cn=RedGroup']);
-
- $dns = ['cn=RedGroup,ou=Groups,' . $this->base];
- $result = $this->access->groupsMatchFilter($dns);
- return ($dns === $result);
- }
-
- /**
- * Tests whether a filter for limited groups is effective when more existing
- * groups were passed for validation.
- *
- * @return bool
- */
- protected function case2() {
- $this->connection->setConfiguration(['ldapGroupFilter' => '(|(cn=RedGroup)(cn=PurpleGroup))']);
-
- $dns = [
- 'cn=RedGroup,ou=Groups,' . $this->base,
- 'cn=BlueGroup,ou=Groups,' . $this->base,
- 'cn=PurpleGroup,ou=Groups,' . $this->base
- ];
- $result = $this->access->groupsMatchFilter($dns);
-
- $status =
- count($result) === 2
- && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
- && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
-
- return $status;
- }
-
- /**
- * Tests whether a filter for limited groups is effective when more existing
- * groups were passed for validation.
- *
- * @return bool
- */
- protected function case3() {
- $this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']);
-
- $dns = [
- 'cn=RedGroup,ou=Groups,' . $this->base,
- 'cn=PurpleGroup,ou=Groups,' . $this->base,
- 'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base
- ];
- $result = $this->access->groupsMatchFilter($dns);
-
- $status =
- count($result) === 2
- && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result)
- && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result);
-
- return $status;
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'ldapBaseGroups' => 'ou=Groups,' . $this->base,
- 'ldapUserFilter' => 'objectclass=inetOrgPerson',
- 'ldapUserDisplayName' => 'displayName',
- 'ldapGroupDisplayName' => 'cn',
- 'ldapLoginFilter' => 'uid=%uid',
- ]);
- }
-}
-
-/** @var string $host */
-/** @var int $port */
-/** @var string $adn */
-/** @var string $apwd */
-/** @var string $bdn */
-$test = new IntegrationTestAccessGroupsMatchFilter($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestBackupServer.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestBackupServer.php
deleted file mode 100644
index 0eef5507538e89a5b3ef8001e754d860218a3c5e..0000000000000000000000000000000000000000
--- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestBackupServer.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Joas Schilling <coding@schilljs.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\User_LDAP\Tests\Integration\Lib;
-
-use OC\ServerNotAvailableException;
-use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../Bootstrap.php';
-
-class IntegrationTestBackupServer extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $originalHost = $this->connection->ldapHost;
- $originalPort = $this->connection->ldapPort;
- $this->connection->setConfiguration([
- 'ldapHost' => 'qwertz.uiop',
- 'ldapPort' => '32123',
- 'ldap_backup_host' => $originalHost,
- 'ldap_backup_port' => $originalPort,
- ]);
- }
-
- /**
- * tests that a backup connection is being used when the main LDAP server
- * is offline
- *
- * Beware: after starting docker, the LDAP host might not be ready yet, thus
- * causing a false positive. Retry in that case… or increase the sleep time
- * in run-test.sh
- *
- * @return bool
- */
- protected function case1() {
- try {
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * ensures that an exception is thrown if LDAP main server and LDAP backup
- * server are not available
- *
- * @return bool
- */
- protected function case2() {
- // reset possible LDAP connection
- $this->initConnection();
- try {
- $this->connection->setConfiguration([
- 'ldap_backup_host' => 'qwertz.uiop',
- 'ldap_backup_port' => '32123',
- ]);
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return true;
- }
- return false;
- }
-
- /**
- * ensures that an exception is thrown if main LDAP server is down and a
- * backup server is not given
- *
- * @return bool
- */
- protected function case3() {
- // reset possible LDAP connection
- $this->initConnection();
- try {
- $this->connection->setConfiguration([
- 'ldap_backup_host' => '',
- 'ldap_backup_port' => '',
- ]);
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return true;
- }
- return false;
- }
-}
-
-/** @var string $host */
-/** @var int $port */
-/** @var string $adn */
-/** @var string $apwd */
-/** @var string $bdn */
-$test = new IntegrationTestBackupServer($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestBatchApplyUserAttributes.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestBatchApplyUserAttributes.php
deleted file mode 100644
index 24476c9a8683cc08fc1459627a16cb8a7df2a8b6..0000000000000000000000000000000000000000
--- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestBatchApplyUserAttributes.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Joas Schilling <coding@schilljs.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\User_LDAP\Tests\Integration\Lib;
-
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
-
-require_once __DIR__ . '/../Bootstrap.php';
-
-class IntegrationTestBatchApplyUserAttributes extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- require(__DIR__ . '/../setup-scripts/createUsersWithoutDisplayName.php');
- parent::init();
-
- $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
- $this->mapping->clear();
- $this->access->setUserMapper($this->mapping);
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'ldapUserDisplayName' => 'displayname',
- ]);
- }
-
- /**
- * indirectly tests whether batchApplyUserAttributes does it job properly,
- * when a user without display name is included in the result set from LDAP.
- *
- * @return bool
- */
- protected function case1() {
- $result = $this->access->fetchListOfUsers('objectclass=person', 'dn');
- // on the original issue, PHP would emit a fatal error
- // – cannot catch it here, but will render the test as unsuccessful
- return is_array($result) && !empty($result);
- }
-
-}
-
-/** @var string $host */
-/** @var int $port */
-/** @var string $adn */
-/** @var string $apwd */
-/** @var string $bdn */
-$test = new IntegrationTestBatchApplyUserAttributes($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestConnect.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestConnect.php
deleted file mode 100644
index f4fc0f189b41933de2b11d439e824883efa40edf..0000000000000000000000000000000000000000
--- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestConnect.php
+++ /dev/null
@@ -1,172 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Joas Schilling <coding@schilljs.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\User_LDAP\Tests\Integration\Lib;
-
-use OC\ServerNotAvailableException;
-use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-
-require_once __DIR__ . '/../Bootstrap.php';
-
-class IntegrationTestConnect extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /** @var string */
- protected $host;
-
- /** @var int */
- protected $port;
-
- public function __construct($host, $port, $bind, $pwd, $base) {
- // make sure host is a simple host name
- if(strpos($host, '://') !== false) {
- $host = substr_replace($host, '', 0, strpos($host, '://') + 3);
- }
- if(strpos($host, ':') !== false) {
- $host = substr_replace($host, '', strpos($host, ':'));
- }
- $this->host = $host;
- $this->port = $port;
- parent::__construct($host, $port, $bind, $pwd, $base);
- }
-
- /**
- * test that a faulty host will does not connect successfully
- *
- * @return bool
- */
- protected function case1() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => 'qwertz.uiop',
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return true;
- }
- return false;
- }
-
- /**
- * tests that a connect succeeds when only a hostname is provided
- *
- * @return bool
- */
- protected function case2() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => $this->host,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * tests that a connect succeeds when an LDAP URL is provided
- *
- * @return bool
- */
- protected function case3() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => 'ldap://' . $this->host,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * tests that a connect succeeds when an LDAP URL with port is provided
- *
- * @return bool
- */
- protected function case4() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => 'ldap://' . $this->host . ':' . $this->port,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * tests that a connect succeeds when a hostname with port is provided
- *
- * @return bool
- */
- protected function case5() {
- // reset possible LDAP connection
- $this->initConnection();
- $this->connection->setConfiguration([
- 'ldapHost' => $this->host . ':' . $this->port,
- ]);
- try {
- $this->connection->getConnectionResource();
- } catch (ServerNotAvailableException $e) {
- return false;
- }
- return true;
- }
-
- /**
- * repeat case1, only to make sure that not a connection was reused by
- * accident.
- *
- * @return bool
- */
- protected function case6() {
- return $this->case1();
- }
-}
-
-/** @var string $host */
-/** @var int $port */
-/** @var string $adn */
-/** @var string $apwd */
-/** @var string $bdn */
-$test = new IntegrationTestConnect($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php
index d54d001c4ad9e75d1d82d1d1e09ee9d5fce7eb1a..fcb2e59b4a9c6ef0e7f9bae8f20119ec818d6832 100644
--- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php
+++ b/apps/user_ldap/tests/Integration/Lib/IntegrationTestPaging.php
@@ -58,30 +58,12 @@ class IntegrationTestPaging extends AbstractIntegrationTest {
]);
}
- /**
- * tests that paging works properly against a simple example (reading all
- * of few users in small steps)
- *
- * @return bool
- */
- protected function case1() {
- $filter = 'objectclass=inetorgperson';
- $attributes = ['cn', 'dn'];
-
- $result = $this->access->searchUsers($filter, $attributes);
- if(count($result) === 7) {
- return true;
- }
-
- return false;
- }
-
/**
* fetch first three, afterwards all users
*
* @return bool
*/
- protected function case2() {
+ protected function case1() {
$filter = 'objectclass=inetorgperson';
$attributes = ['cn', 'dn'];
@@ -102,23 +84,6 @@ class IntegrationTestPaging extends AbstractIntegrationTest {
return true;
}
-
- /**
- * reads all remaining users starting first page
- *
- * @return bool
- */
- protected function case3() {
- $filter = 'objectclass=inetorgperson';
- $attributes = ['cn', 'dn'];
-
- $result = $this->access->searchUsers($filter, $attributes, null, $this->pagingSize);
- if(count($result) === (7 - $this->pagingSize)) {
- return true;
- }
-
- return false;
- }
}
/** @var string $host */
diff --git a/apps/user_ldap/tests/Integration/Lib/IntegrationTestUserHome.php b/apps/user_ldap/tests/Integration/Lib/IntegrationTestUserHome.php
deleted file mode 100644
index 9ee5a7efac2044ed02760f5278ef4cb19d6c4ff9..0000000000000000000000000000000000000000
--- a/apps/user_ldap/tests/Integration/Lib/IntegrationTestUserHome.php
+++ /dev/null
@@ -1,186 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Jörn Friedrich Dreyer <jfd@butonic.de>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Vinicius Cubas Brand <vinicius@eita.org.br>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OCA\User_LDAP\Tests\Integration\Lib;
-
-use OCA\User_LDAP\FilesystemHelper;
-use OCA\User_LDAP\LogWrapper;
-use OCA\User_LDAP\User\Manager as LDAPUserManager;
-use OCA\User_LDAP\Tests\Integration\AbstractIntegrationTest;
-use OCA\User_LDAP\Mapping\UserMapping;
-use OCA\User_LDAP\User_LDAP;
-use OCP\Image;
-
-require_once __DIR__ . '/../Bootstrap.php';
-
-class IntegrationTestUserHome extends AbstractIntegrationTest {
- /** @var UserMapping */
- protected $mapping;
-
- /** @var User_LDAP */
- protected $backend;
-
- /**
- * prepares the LDAP environment and sets up a test configuration for
- * the LDAP backend.
- */
- public function init() {
- require(__DIR__ . '/../setup-scripts/createExplicitUsers.php');
- parent::init();
-
- $this->mapping = new UserMapping(\OC::$server->getDatabaseConnection());
- $this->mapping->clear();
- $this->access->setUserMapper($this->mapping);
- $this->backend = new User_LDAP($this->access, \OC::$server->getConfig(), \OC::$server->getNotificationManager(), \OC::$server->getUserSession(), \OC::$server->query('LDAPUserPluginManager'));
- }
-
- /**
- * sets up the LDAP configuration to be used for the test
- */
- protected function initConnection() {
- parent::initConnection();
- $this->connection->setConfiguration([
- 'homeFolderNamingRule' => 'homeDirectory',
- ]);
- }
-
- /**
- * initializes an LDAP user manager instance
- * @return LDAPUserManager
- */
- protected function initUserManager() {
- $this->userManager = new LDAPUserManager(
- \OC::$server->getConfig(),
- new FilesystemHelper(),
- new LogWrapper(),
- \OC::$server->getAvatarManager(),
- new Image(),
- \OC::$server->getDatabaseConnection(),
- \OC::$server->getUserManager(),
- \OC::$server->getNotificationManager()
- );
- }
-
- /**
- * homeDirectory on LDAP is empty. Return values of getHome should be
- * identical to user name, following Nextcloud default.
- *
- * @return bool
- */
- protected function case1() {
- \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', false);
- $userManager = \OC::$server->getUserManager();
- $userManager->clearBackends();
- $userManager->registerBackend($this->backend);
- $users = $userManager->search('', 5, 0);
-
- foreach($users as $user) {
- $home = $user->getHome();
- $uid = $user->getUID();
- $posFound = strpos($home, '/' . $uid);
- $posExpected = strlen($home) - (strlen($uid) + 1);
- if($posFound === false || $posFound !== $posExpected) {
- print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
- return false;
- }
- }
-
- return true;
- }
-
- /**
- * homeDirectory on LDAP is empty. Having the attributes set is enforced.
- *
- * @return bool
- */
- protected function case2() {
- \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
- $userManager = \OC::$server->getUserManager();
- // clearing backends is critical, otherwise the userManager will have
- // the user objects cached and the value from case1 returned
- $userManager->clearBackends();
- $userManager->registerBackend($this->backend);
- $users = $userManager->search('', 5, 0);
-
- try {
- foreach ($users as $user) {
- $user->getHome();
- print('User home was retrieved without throwing an Exception!' . PHP_EOL);
- return false;
- }
- } catch (\Exception $e) {
- if(strpos($e->getMessage(), 'Home dir attribute') === 0) {
- return true;
- }
- }
-
- return false;
- }
-
- /**
- * homeDirectory on LDAP is set to "attr:" which is effectively empty.
- * Return values of getHome should be Nextcloud default.
- *
- * @return bool
- */
- protected function case3() {
- \OC::$server->getConfig()->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', true);
- $this->connection->setConfiguration([
- 'homeFolderNamingRule' => 'attr:',
- ]);
- $userManager = \OC::$server->getUserManager();
- $userManager->clearBackends();
- $userManager->registerBackend($this->backend);
- $users = $userManager->search('', 5, 0);
-
- try {
- foreach ($users as $user) {
- $home = $user->getHome();
- $uid = $user->getUID();
- $posFound = strpos($home, '/' . $uid);
- $posExpected = strlen($home) - (strlen($uid) + 1);
- if ($posFound === false || $posFound !== $posExpected) {
- print('"' . $user->getUID() . '" was not found in "' . $home . '" or does not end with it.' . PHP_EOL);
- return false;
- }
- }
- } catch (\Exception $e) {
- print("Unexpected Exception: " . $e->getMessage() . PHP_EOL);
- return false;
- }
-
- return true;
- }
-}
-
-/** @var string $host */
-/** @var int $port */
-/** @var string $adn */
-/** @var string $apwd */
-/** @var string $bdn */
-$test = new IntegrationTestUserHome($host, $port, $adn, $apwd, $bdn);
-$test->init();
-$test->run();
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index 32e02bad2a329bbd91096007f57f943a1149e0bd..f6c93aa5174d6a04a02166eea777c888de3371c8 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -497,4 +497,11 @@ trait BasicStructure {
$file->isDir() ? rmdir($file) : unlink($file);
}
}
+
+ /**
+ * @Given /^cookies are reset$/
+ */
+ public function cookiesAreReset() {
+ $this->cookieJar = new CookieJar();
+ }
}
diff --git a/build/integration/features/bootstrap/LDAPContext.php b/build/integration/features/bootstrap/LDAPContext.php
index e2b3001151527092446ed4f400977bb238ad1a47..ee7acab6f5f7ac6355a98c48b6ed83a64b021c30 100644
--- a/build/integration/features/bootstrap/LDAPContext.php
+++ b/build/integration/features/bootstrap/LDAPContext.php
@@ -32,6 +32,14 @@ class LDAPContext implements Context {
protected $apiUrl;
+ /** @AfterScenario */
+ public function teardown() {
+ if($this->configID === null) {
+ return;
+ }
+ $this->sendingTo('DELETE', $this->apiUrl . '/' . $this->configID);
+ }
+
/**
* @Given /^the response should contain a tag "([^"]*)"$/
*/
@@ -82,4 +90,110 @@ class LDAPContext implements Context {
public function settingTheLDAPConfigurationTo(TableNode $configData) {
$this->sendingToWith('PUT', $this->apiUrl . '/' . $this->configID, $configData);
}
+
+ /**
+ * @Given /^having a valid LDAP configuration$/
+ */
+ public function havingAValidLDAPConfiguration() {
+ $this->asAn('admin');
+ $this->creatingAnLDAPConfigurationAt('/apps/user_ldap/api/v1/config');
+ $data = new TableNode([
+ ['configData[ldapHost]', 'openldap'],
+ ['configData[ldapPort]', '389'],
+ ['configData[ldapBase]', 'dc=nextcloud,dc=ci'],
+ ['configData[ldapAgentName]', 'cn=admin,dc=nextcloud,dc=ci'],
+ ['configData[ldapAgentPassword]', 'admin'],
+ ['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'],
+ ['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'],
+ ['configData[ldapUserDisplayName]', 'displayname'],
+ ['configData[ldapGroupDisplayName]', 'cn'],
+ ['configData[ldapEmailAttribute]', 'mail'],
+ ['configData[ldapConfigurationActive]', '1'],
+ ]);
+ $this->settingTheLDAPConfigurationTo($data);
+ $this->asAn('');
+ }
+
+ /**
+ * @Given /^looking up details for the first result matches expectations$/
+ * @param TableNode $expectations
+ */
+ public function lookingUpDetailsForTheFirstResult(TableNode $expectations) {
+ $userResultElements = simplexml_load_string($this->response->getBody())->data[0]->users[0]->element;
+ $userResults = json_decode(json_encode($userResultElements), 1);
+ $userId = array_shift($userResults);
+
+ $this->sendingTo('GET', '/cloud/users/' . $userId);
+ $this->theRecordFieldsShouldMatch($expectations);
+ }
+
+ /**
+ * @Given /^modify LDAP configuration$/
+ */
+ public function modifyLDAPConfiguration(TableNode $table) {
+ $originalAsAn = $this->currentUser;
+ $this->asAn('admin');
+ $configData = $table->getRows();
+ foreach($configData as &$row) {
+ $row[0] = 'configData[' . $row[0] . ']';
+ }
+ $this->settingTheLDAPConfigurationTo(new TableNode($configData));
+ $this->asAn($originalAsAn);
+ }
+
+ /**
+ * @Given /^the "([^"]*)" result should match$/
+ */
+ public function theGroupResultShouldMatch(string $type, TableNode $expectations) {
+ $listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
+ $extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
+ foreach($expectations->getRows() as $expectation) {
+ if((int)$expectation[1] === 1) {
+ Assert::assertContains($expectation[0], $extractedIDsArray);
+ } else {
+ Assert::assertNotContains($expectation[0], $extractedIDsArray);
+ }
+ }
+ }
+
+ /**
+ * @Given /^Expect ServerException on failed web login as "([^"]*)"$/
+ */
+ public function expectServerExceptionOnFailedWebLoginAs($login) {
+ try {
+ $this->loggingInUsingWebAs($login);
+ } catch (\GuzzleHttp\Exception\ServerException $e) {
+ Assert::assertEquals(500, $e->getResponse()->getStatusCode());
+ return;
+ }
+ Assert::assertTrue(false, 'expected Exception not received');
+ }
+
+ /**
+ * @Given /^the "([^"]*)" result should contain "([^"]*)" of$/
+ */
+ public function theResultShouldContainOf($type, $expectedCount, TableNode $expectations) {
+ $listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
+ $extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
+ $uidsFound = 0;
+ foreach($expectations->getRows() as $expectation) {
+ if(in_array($expectation[0], $extractedIDsArray)) {
+ $uidsFound++;
+ }
+ }
+ Assert::assertSame((int)$expectedCount, $uidsFound);
+ }
+
+ /**
+ * @Given /^the record's fields should match$/
+ */
+ public function theRecordFieldsShouldMatch(TableNode $expectations) {
+ foreach($expectations->getRowsHash() as $k => $v) {
+ $value = (string)simplexml_load_string($this->response->getBody())->data[0]->$k;
+ Assert::assertEquals($v, $value, "got $value");
+ }
+
+ $backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend;
+ Assert::assertEquals('LDAP', $backend);
+ }
}
diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature
index 8e65f4c1a0ea6f457deeb13ef87eebef5fda4a34..10b4c1bc005eeee47eacf2fc24e25594beefd6cb 100644
--- a/build/integration/features/provisioning-v1.feature
+++ b/build/integration/features/provisioning-v1.feature
@@ -342,6 +342,7 @@ Feature: provisioning
| theming |
| twofactor_backupcodes |
| updatenotification |
+ | user_ldap |
| workflowengine |
| files_external |
| oauth2 |
diff --git a/build/integration/ldap_features/ldap-openldap.feature b/build/integration/ldap_features/ldap-openldap.feature
new file mode 100644
index 0000000000000000000000000000000000000000..4c507e74595980a47d1796d627da1de93eb66199
--- /dev/null
+++ b/build/integration/ldap_features/ldap-openldap.feature
@@ -0,0 +1,104 @@
+Feature: LDAP
+ Background:
+ Given using api version "2"
+ And having a valid LDAP configuration
+
+ Scenario: Test valid configuration by logging in
+ Given Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Test valid configuration with port in the hostname by logging in
+ Given modify LDAP configuration
+ | ldapHost | openldap:389 |
+ And cookies are reset
+ And Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Test valid configuration with LDAP protocol by logging in
+ Given modify LDAP configuration
+ | ldapHost | ldap://openldap |
+ And cookies are reset
+ And Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Test valid configuration with LDAP protoccol and port by logging in
+ Given modify LDAP configuration
+ | ldapHost | ldap://openldap:389 |
+ And cookies are reset
+ And Logging in using web as "alice"
+ And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+ Then the HTTP status code should be "200"
+
+ Scenario: Look for a known LDAP user
+ Given As an "admin"
+ And sending "GET" to "/cloud/users?search=alice"
+ Then the OCS status code should be "200"
+ And looking up details for the first result matches expectations
+ | email | alice@nextcloud.ci |
+ | displayname | Alice |
+
+ Scenario: Test group filter with one specific group
+ Given modify LDAP configuration
+ | ldapGroupFilter | cn=RedGroup |
+ | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
+ And As an "admin"
+ And sending "GET" to "/cloud/groups"
+ Then the OCS status code should be "200"
+ And the "groups" result should match
+ | RedGroup | 1 |
+ | GreenGroup | 0 |
+ | BlueGroup | 0 |
+ | PurpleGroup | 0 |
+
+ Scenario: Test group filter with two specific groups
+ Given modify LDAP configuration
+ | ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
+ | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
+ And As an "admin"
+ And sending "GET" to "/cloud/groups"
+ Then the OCS status code should be "200"
+ And the "groups" result should match
+ | RedGroup | 1 |
+ | GreenGroup | 1 |
+ | BlueGroup | 0 |
+ | PurpleGroup | 0 |
+
+ Scenario: Test group filter ruling out a group from a different base
+ Given modify LDAP configuration
+ | ldapGroupFilter | (objectClass=groupOfNames) |
+ | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
+ And As an "admin"
+ And sending "GET" to "/cloud/groups"
+ Then the OCS status code should be "200"
+ And the "groups" result should match
+ | RedGroup | 1 |
+ | GreenGroup | 1 |
+ | BlueGroup | 1 |
+ | PurpleGroup | 1 |
+ | SquareGroup | 0 |
+
+ Scenario: Test backup server
+ Given modify LDAP configuration
+ | ldapBackupHost | openldap |
+ | ldapBackupPort | 389 |
+ | ldapHost | foo.bar |
+ | ldapPort | 2456 |
+ And Logging in using web as "alice"
+ Then the HTTP status code should be "200"
+
+ Scenario: Test backup server offline
+ Given modify LDAP configuration
+ | ldapBackupHost | off.line |
+ | ldapBackupPort | 3892 |
+ | ldapHost | foo.bar |
+ | ldapPort | 2456 |
+ Then Expect ServerException on failed web login as "alice"
+
+ Scenario: Test LDAP server offline, no backup server
+ Given modify LDAP configuration
+ | ldapHost | foo.bar |
+ | ldapPort | 2456 |
+ Then Expect ServerException on failed web login as "alice"
diff --git a/build/integration/ldap_features/openldap-uid-username.feature b/build/integration/ldap_features/openldap-uid-username.feature
new file mode 100644
index 0000000000000000000000000000000000000000..d267870ca26f81e38631895891966f8cbafd16b6
--- /dev/null
+++ b/build/integration/ldap_features/openldap-uid-username.feature
@@ -0,0 +1,88 @@
+Feature: LDAP
+ Background:
+ Given using api version "2"
+ And having a valid LDAP configuration
+ And modify LDAP configuration
+ | ldapExpertUsernameAttr | uid |
+
+ Scenario: Look for a expected LDAP users
+ Given As an "admin"
+ And sending "GET" to "/cloud/users"
+ Then the OCS status code should be "200"
+ And the "users" result should match
+ | alice | 1 |
+ | elisa | 1 |
+ | ghost | 0 |
+
+ Scenario: check default home of an LDAP user
+ Given As an "admin"
+ And sending "GET" to "/cloud/users/alice"
+ Then the OCS status code should be "200"
+ And the record's fields should match
+ | storageLocation | /dev/shm/nc_int/alice |
+
+ Scenario: check custom relative home of an LDAP user
+ Given modify LDAP configuration
+ | homeFolderNamingRule | sn |
+ And As an "admin"
+ And sending "GET" to "/cloud/users/alice"
+ Then the OCS status code should be "200"
+ And the record's fields should match
+ | storageLocation | /dev/shm/nc_int/Alfgeirdottir |
+
+ Scenario: check custom absolute home of an LDAP user
+ Given modify LDAP configuration
+ | homeFolderNamingRule | roomNumber |
+ And As an "admin"
+ And sending "GET" to "/cloud/users/elisa"
+ Then the OCS status code should be "200"
+ And the record's fields should match
+ | storageLocation | /dev/shm/elisa-data |
+
+ Scenario: Fetch all users, invoking pagination
+ Given modify LDAP configuration
+ | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
+ | ldapPagingSize | 2 |
+ And As an "admin"
+ And sending "GET" to "/cloud/users"
+ Then the OCS status code should be "200"
+ And the "users" result should match
+ | ebba | 1 |
+ | eindis | 1 |
+ | fjolnir | 1 |
+ | gunna | 1 |
+ | juliana | 1 |
+ | leo | 1 |
+ | stigur | 1 |
+
+ Scenario: Fetch all users, invoking pagination
+ Given modify LDAP configuration
+ | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
+ | ldapPagingSize | 2 |
+ And As an "admin"
+ And sending "GET" to "/cloud/users?limit=10"
+ Then the OCS status code should be "200"
+ And the "users" result should match
+ | ebba | 1 |
+ | eindis | 1 |
+ | fjolnir | 1 |
+ | gunna | 1 |
+ | juliana | 1 |
+ | leo | 1 |
+ | stigur | 1 |
+
+ Scenario: Fetch from second batch of all users, invoking pagination
+ Given modify LDAP configuration
+ | ldapBaseUsers | ou=PagingTest,dc=nextcloud,dc=ci |
+ | ldapPagingSize | 2 |
+ And As an "admin"
+ And sending "GET" to "/cloud/users?limit=10&offset=2"
+ Then the OCS status code should be "200"
+ And the "users" result should contain "5" of
+ | ebba |
+ | eindis |
+ | fjolnir |
+ | gunna |
+ | juliana |
+ | leo |
+ | stigur |
diff --git a/build/integration/run.sh b/build/integration/run.sh
index b747bb52c6bfb126b518d1812d186a69115df511..56f4ee7b07d31630654a617ea200563cdfdc06bc 100755
--- a/build/integration/run.sh
+++ b/build/integration/run.sh
@@ -22,6 +22,7 @@ else
exit 1
fi
fi
+NC_DATADIR=$($OCC config:system:get datadirectory)
composer install
@@ -48,6 +49,7 @@ if [ "$INSTALLED" == "true" ]; then
#Enable external storage app
$OCC app:enable files_external
+ $OCC app:enable user_ldap
mkdir -p work/local_storage
OUTPUT_CREATE_STORAGE=`$OCC files_external:create local_storage local null::null -c datadir=$PWD/work/local_storage`
@@ -70,10 +72,11 @@ if [ "$INSTALLED" == "true" ]; then
#Disable external storage app
$OCC app:disable files_external
+ $OCC app:disable user_ldap
fi
if [ -z $HIDE_OC_LOGS ]; then
- tail "${OC_PATH}/data/nextcloud.log"
+ tail "${NC_DATADIR}/nextcloud.log"
fi
echo "runsh: Exit code: $RESULT"