diff options
| author | Jon Robertson <jonrober@stanford.edu> | 2015-08-27 10:34:22 -0700 | 
|---|---|---|
| committer | Jon Robertson <jonrober@stanford.edu> | 2015-11-18 23:48:07 -0800 | 
| commit | 6b0cad572edef05d119abc8fc843c8c5d33665b8 (patch) | |
| tree | ed2a02e79d6026bdb09e999da433033c0492bee5 /perl/t/verifier | |
| parent | e353e236cf6828647820b2d83529cc4a4f08cef2 (diff) | |
Added Wallet::ACL::LDAP::Attribute::Root
Added a version of the LDAP attribute ACL.  Like the root version for
NetDB, this requires that the principal end in /root, and then strips
off /root before doing matching against the given LDAP attribute.
Change-Id: I23119ef9c9ce3e0556f5d71a509815f2efc1bbe6
Diffstat (limited to 'perl/t/verifier')
| -rwxr-xr-x | perl/t/verifier/ldap-attr.t | 37 | 
1 files changed, 30 insertions, 7 deletions
| diff --git a/perl/t/verifier/ldap-attr.t b/perl/t/verifier/ldap-attr.t index 3caaf8b..cff3b63 100755 --- a/perl/t/verifier/ldap-attr.t +++ b/perl/t/verifier/ldap-attr.t @@ -24,16 +24,18 @@ plan skip_all => 'LDAP verifier tests only run for maintainer'      unless $ENV{RRA_MAINTAINER_TESTS};  # Declare a plan. -plan tests => 10; +plan tests => 22;  require_ok ('Wallet::ACL::LDAP::Attribute'); +require_ok ('Wallet::ACL::LDAP::Attribute::Root'); -my $host   = 'ldap.stanford.edu'; -my $base   = 'cn=people,dc=stanford,dc=edu'; -my $filter = 'uid'; -my $user   = 'jonrober@stanford.edu'; -my $attr   = 'suPrivilegeGroup'; -my $value  = 'stanford:stanford'; +my $host     = 'ldap.stanford.edu'; +my $base     = 'cn=people,dc=stanford,dc=edu'; +my $filter   = 'uid'; +my $user     = 'jonrober@stanford.edu'; +my $rootuser = 'jonrober/root@stanford.edu'; +my $attr     = 'suPrivilegeGroup'; +my $value    = 'stanford:stanford';  # Remove the realm from principal names.  package Wallet::Config; @@ -73,4 +75,25 @@ SKIP: {      is ($verifier->check ('user-does-not-exist', "$attr=$value"), 0,          "Checking for nonexistent user fails");      is ($verifier->error, undef, '...with no error'); + +    # Then also test the root version. +    $verifier = eval { Wallet::ACL::LDAP::Attribute::Root->new }; +    isa_ok ($verifier, 'Wallet::ACL::LDAP::Attribute::Root'); +    is ($verifier->check ($user, "$attr=$value"), 0, +        "Checking as a non /root user fails"); +    is ($verifier->error, undef, '...with no error'); +    is ($verifier->check ($rootuser, "$attr=$value"), 1, +        "Checking $attr=$value succeeds"); +    is ($verifier->error, undef, '...with no error'); +    is ($verifier->check ($rootuser, "$attr=BOGUS"), 0, +        "Checking $attr=BOGUS fails"); +    is ($verifier->error, undef, '...with no error'); +    is ($verifier->check ($rootuser, "BOGUS=$value"), undef, +        "Checking BOGUS=$value fails with error"); +    is ($verifier->error, +        'cannot check LDAP attribute BOGUS for jonrober: Undefined attribute type', +        '...with correct error'); +    is ($verifier->check ('user-does-not-exist', "$attr=$value"), 0, +        "Checking for nonexistent user fails"); +    is ($verifier->error, undef, '...with no error');  } | 
