diff options
author | Nagaraju Goruganti <ngorugan@in.ibm.com> | 2018-11-08 03:13:38 -0600 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-19 21:37:57 -0500 |
commit | 3b4d06a1812566d4095524f2242e272e0b9f449f (patch) | |
tree | ee0ab69d90b48a2a67251019fb6c39eab1d21719 /test | |
parent | d514e5dc3de8dcd305328783ae11ee8e56b27d9a (diff) | |
download | phosphor-user-manager-3b4d06a1812566d4095524f2242e272e0b9f449f.tar.gz phosphor-user-manager-3b4d06a1812566d4095524f2242e272e0b9f449f.zip |
phosphor-ldap-conf: update nslcd.conf file with tls_cacertfile info
tls_cacertfile specifies the path to the X.509 certificate for
peer authentication.
Also updated the file with "tls_reqcert hard", to force the
behavior: if no certificate is provided, or a bad certificate
is provided, the session is immediately terminated.
Tested: tested using below given commands
1.curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d \
'{"data":[true,"ldaps://<host_ip>/","cn=<user-id>,dc=Corp,dc=ibm,dc=com",\
"cn=Users,dc=Corp,dc=ibm,dc=com", "<password>",\
"xyz.openbmc_project.User.Ldap.Create.SearchScope.sub",\
"xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory"] \
}' https://$BMC_IP//xyz/openbmc_project/user/ldap/action/CreateConfig
2.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data":true}'\
https://$BMC_IP/xyz/openbmc_project/user/ldap/config/attr/SecureLDAP
3.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d \
'{"data":"ldap://<host_ip>/"}' \
https://$BMC_IP/xyz/openbmc_project/ldap/config/attr/LDAPServerURI
when "/etc/ssl/certs/Root-CA.pem" doesn't exist on target, we get below
given exception(if we try to set SecureLDAP is true):
"DBusException: xyz.openbmc_project.Common.Error.NoCACertificate: \
Server's CA certificate has not been provided."
Change-Id: I56ffe8b08bb71307b4f2bfe9cf935b6113e4579a
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/ldap_config_test.cpp | 57 |
1 files changed, 36 insertions, 21 deletions
diff --git a/test/ldap_config_test.cpp b/test/ldap_config_test.cpp index 8f9a07c..a0447c9 100644 --- a/test/ldap_config_test.cpp +++ b/test/ldap_config_test.cpp @@ -65,8 +65,8 @@ class MockConfigMgr : public phosphor::ldap::ConfigMgr { public: MockConfigMgr(sdbusplus::bus::bus& bus, const char* path, - const char* filePath) : - phosphor::ldap::ConfigMgr(bus, path, filePath) + const char* filePath, const char* caCertFile) : + phosphor::ldap::ConfigMgr(bus, path, filePath, caCertFile) { } MOCK_METHOD1(restartService, void(const std::string& service)); @@ -88,13 +88,15 @@ class MockConfigMgr : public phosphor::ldap::ConfigMgr TEST_F(TestLDAPConfig, testCreate) { auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; + auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; if (fs::exists(configFilePath)) { fs::remove(configFilePath); } EXPECT_FALSE(fs::exists(configFilePath)); - MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str()); + MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), + tlsCacertfile.c_str()); EXPECT_CALL(manager, restartService("nslcd.service")).Times(2); EXPECT_CALL(manager, restartService("nscd.service")).Times(1); manager.createConfig("ldap://9.194.251.136/", "cn=Users,dc=com", @@ -115,14 +117,15 @@ TEST_F(TestLDAPConfig, testCreate) TEST_F(TestLDAPConfig, testRestores) { auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; + auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; if (fs::exists(configFilePath)) { fs::remove(configFilePath); } EXPECT_FALSE(fs::exists(configFilePath)); - MockConfigMgr* managerPtr = - new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str()); + MockConfigMgr* managerPtr = new MockConfigMgr( + bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), tlsCacertfile.c_str()); EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(4); EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); managerPtr->createConfig("ldap://9.194.251.138/", "cn=Users,dc=com", @@ -150,14 +153,16 @@ TEST_F(TestLDAPConfig, testRestores) TEST_F(TestLDAPConfig, testLDAPServerURI) { auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; + auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; + if (fs::exists(configFilePath)) { fs::remove(configFilePath); } EXPECT_FALSE(fs::exists(configFilePath)); - MockConfigMgr* managerPtr = - new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str()); - EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(6); + MockConfigMgr* managerPtr = new MockConfigMgr( + bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), tlsCacertfile.c_str()); + EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(5); EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); managerPtr->createConfig("ldap://9.194.251.138/", "cn=Users,dc=com", @@ -165,33 +170,37 @@ TEST_F(TestLDAPConfig, testLDAPServerURI) ldap_base::Create::SearchScope::sub, ldap_base::Create::Type::ActiveDirectory); // Change LDAP Server URI - managerPtr->getConfigPtr()->lDAPServerURI("ldap://9.194.251.139"); + managerPtr->getConfigPtr()->lDAPServerURI("ldap://9.194.251.139/"); EXPECT_EQ(managerPtr->getConfigPtr()->lDAPServerURI(), - "ldap://9.194.251.139"); + "ldap://9.194.251.139/"); // Change LDAP Server URI - managerPtr->getConfigPtr()->lDAPServerURI("ldaps://9.194.251.139"); + EXPECT_THROW( + managerPtr->getConfigPtr()->lDAPServerURI("ldaps://9.194.251.139/"), + NoCACertificate); EXPECT_EQ(managerPtr->getConfigPtr()->lDAPServerURI(), - "ldaps://9.194.251.139"); + "ldap://9.194.251.139/"); // Delete LDAP configuration managerPtr->deleteObject(); managerPtr->restore(configFilePath.c_str()); // Check LDAP Server URI EXPECT_EQ(managerPtr->getConfigPtr()->lDAPServerURI(), - "ldaps://9.194.251.139"); + "ldap://9.194.251.139/"); delete managerPtr; } TEST_F(TestLDAPConfig, testLDAPBindDN) { auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; + auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; + if (fs::exists(configFilePath)) { fs::remove(configFilePath); } EXPECT_FALSE(fs::exists(configFilePath)); - MockConfigMgr* managerPtr = - new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str()); + MockConfigMgr* managerPtr = new MockConfigMgr( + bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), tlsCacertfile.c_str()); EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(5); EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); @@ -230,13 +239,15 @@ TEST_F(TestLDAPConfig, testLDAPBindDN) TEST_F(TestLDAPConfig, testLDAPBaseDN) { auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; + auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; + if (fs::exists(configFilePath)) { fs::remove(configFilePath); } EXPECT_FALSE(fs::exists(configFilePath)); - MockConfigMgr* managerPtr = - new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str()); + MockConfigMgr* managerPtr = new MockConfigMgr( + bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), tlsCacertfile.c_str()); EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(5); EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); managerPtr->createConfig("ldap://9.194.251.138/", "cn=Users,dc=com", @@ -274,13 +285,15 @@ TEST_F(TestLDAPConfig, testLDAPBaseDN) TEST_F(TestLDAPConfig, testSearchScope) { auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; + auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; + if (fs::exists(configFilePath)) { fs::remove(configFilePath); } EXPECT_FALSE(fs::exists(configFilePath)); - MockConfigMgr* managerPtr = - new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str()); + MockConfigMgr* managerPtr = new MockConfigMgr( + bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), tlsCacertfile.c_str()); EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(5); EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); managerPtr->createConfig("ldap://9.194.251.138/", "cn=Users,dc=com", @@ -305,13 +318,15 @@ TEST_F(TestLDAPConfig, testSearchScope) TEST_F(TestLDAPConfig, testLDAPType) { auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; + auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; + if (fs::exists(configFilePath)) { fs::remove(configFilePath); } EXPECT_FALSE(fs::exists(configFilePath)); - MockConfigMgr* managerPtr = - new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str()); + MockConfigMgr* managerPtr = new MockConfigMgr( + bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), tlsCacertfile.c_str()); EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(5); EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); managerPtr->createConfig("ldap://9.194.251.138/", "cn=Users,dc=com", |