package org.zstack.test.ldap;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPInterface;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchScope;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.zapodot.junit.ldap.EmbeddedLdapRule;
import org.zapodot.junit.ldap.EmbeddedLdapRuleBuilder;
import org.zstack.core.cloudbus.CloudBus;
import org.zstack.core.componentloader.ComponentLoader;
import org.zstack.header.identity.AccountInventory;
import org.zstack.header.identity.SessionInventory;
import org.zstack.header.query.QueryCondition;
import org.zstack.ldap.*;
import org.zstack.test.Api;
import org.zstack.test.ApiSender;
import org.zstack.test.ApiSenderException;
import org.zstack.test.DBUtil;
import org.zstack.test.deployer.Deployer;
import org.zstack.utils.Utils;
import org.zstack.utils.logging.CLogger;
import java.util.ArrayList;
import java.util.stream.Collectors;
public class TestLdapBindUnbind {
CLogger logger = Utils.getLogger(TestLdapBindUnbind.class);
public static final String DOMAIN_DSN = "dc=example,dc=com";
@Rule
public EmbeddedLdapRule embeddedLdapRule = EmbeddedLdapRuleBuilder.newInstance().bindingToPort(1888).
usingDomainDsn(DOMAIN_DSN).importingLdifs("users-import.ldif").build();
Deployer deployer;
Api api;
ComponentLoader loader;
CloudBus bus;
SessionInventory session;
LdapManager ldapManager;
@Before
public void setUp() throws Exception {
DBUtil.reDeployDB();
deployer = new Deployer("deployerXml/ldap/TestLdap.xml");
deployer.addSpringConfig("LdapManagerImpl.xml");
deployer.build();
api = deployer.getApi();
loader = deployer.getComponentLoader();
ldapManager = loader.getComponent(LdapManager.class);
bus = loader.getComponent(CloudBus.class);
session = api.loginAsAdmin();
}
private void queryLdapServer() throws ApiSenderException {
ApiSender sender = api.getApiSender();
// query ldap server
APIQueryLdapServerMsg msg12 = new APIQueryLdapServerMsg();
msg12.setConditions(new ArrayList<QueryCondition>());
msg12.setSession(session);
APIQueryLdapServerReply reply12 = sender.call(msg12, APIQueryLdapServerReply.class);
logger.debug(reply12.getInventories().stream().map(LdapServerInventory::getUrl).collect(Collectors.joining(", ")));
}
@Test
public void test() throws ApiSenderException, LDAPException {
final LDAPInterface ldapConnection = embeddedLdapRule.ldapConnection();
final SearchResult searchResult = ldapConnection.search(DOMAIN_DSN, SearchScope.SUB, "(objectClass=person)");
Assert.assertEquals(3, searchResult.getEntryCount());
ApiSender sender = api.getApiSender();
// add ldap server
APIAddLdapServerMsg msg13 = new APIAddLdapServerMsg();
msg13.setName("miao");
msg13.setDescription("miao desc");
msg13.setUrl("ldap://localhost:1888");
msg13.setBase(DOMAIN_DSN);
msg13.setUsername("");
msg13.setPassword("");
msg13.setEncryption("None");
msg13.setSession(session);
APIAddLdapServerEvent evt13 = sender.send(msg13, APIAddLdapServerEvent.class);
logger.debug(evt13.getInventory().getName());
queryLdapServer();
// bind account with a not exist uid
try {
AccountInventory ai12 = api.createAccount("ldapuser3", "hello-kitty");
APICreateLdapBindingMsg msg22 = new APICreateLdapBindingMsg();
msg22.setAccountUuid(ai12.getUuid());
msg22.setLdapUid("Not exist");
msg22.setSession(session);
APICreateLdapBindingEvent evt22 = sender.send(msg22, APICreateLdapBindingEvent.class);
logger.debug(evt22.getInventory().getUuid());
} catch (Exception e) {
logger.trace("bind account with a non-existent uid", e);
}
// bind a not exist account with a not exist uid
try {
APICreateLdapBindingMsg msg22 = new APICreateLdapBindingMsg();
msg22.setAccountUuid("not exist account uuid");
msg22.setLdapUid("Not exist");
msg22.setSession(session);
APICreateLdapBindingEvent evt22 = sender.send(msg22, APICreateLdapBindingEvent.class);
logger.debug(evt22.getInventory().getUuid());
} catch (Exception e) {
logger.trace("bind account with a non-existent uid", e);
}
// bind account
AccountInventory ai1 = api.createAccount("ldapuser1", "hello-kitty");
APICreateLdapBindingMsg msg2 = new APICreateLdapBindingMsg();
msg2.setAccountUuid(ai1.getUuid());
msg2.setLdapUid("sclaus");
msg2.setSession(session);
APICreateLdapBindingEvent evt2 = sender.send(msg2, APICreateLdapBindingEvent.class);
logger.debug(evt2.getInventory().getUuid());
// bind another account with the same uid
try {
AccountInventory ai12 = api.createAccount("ldapuser2", "hello-kitty");
APICreateLdapBindingMsg msg22 = new APICreateLdapBindingMsg();
msg22.setAccountUuid(ai12.getUuid());
msg22.setLdapUid("sclaus");
msg22.setSession(session);
APICreateLdapBindingEvent evt22 = sender.send(msg22, APICreateLdapBindingEvent.class);
logger.debug(evt22.getInventory().getUuid());
} catch (Exception e) {
logger.trace("bind account the same uid", e);
}
// login with right ldap uid and right ldap password
APILogInByLdapMsg msg3 = new APILogInByLdapMsg();
msg3.setUid("sclaus");
msg3.setPassword("password");
msg3.setServiceId(bus.makeLocalServiceId(LdapConstant.SERVICE_ID));
APILogInByLdapReply reply3 = sender.call(msg3, APILogInByLdapReply.class);
logger.debug(reply3.getInventory().getAccountUuid());
logger.debug(reply3.getAccountInventory().getName());
// login with right ldap uid and wrong ldap password
try {
APILogInByLdapMsg msg31 = new APILogInByLdapMsg();
msg31.setUid("sclaus");
msg31.setPassword("wrong password");
msg31.setServiceId(bus.makeLocalServiceId(LdapConstant.SERVICE_ID));
APILogInByLdapReply reply31 = sender.call(msg31, APILogInByLdapReply.class);
logger.debug(reply31.getInventory().getAccountUuid());
logger.debug(reply31.getAccountInventory().getName());
} catch (Exception e) {
}
// login with wrong ldap uid
try {
APILogInByLdapMsg msg31 = new APILogInByLdapMsg();
msg31.setUid("wrong ldap uid");
msg31.setPassword("wrong password");
msg31.setServiceId(bus.makeLocalServiceId(LdapConstant.SERVICE_ID));
APILogInByLdapReply reply31 = sender.call(msg31, APILogInByLdapReply.class);
logger.debug(reply31.getInventory().getAccountUuid());
logger.debug(reply31.getAccountInventory().getName());
} catch (Exception e) {
}
// unbind account
APIDeleteLdapBindingMsg msg4 = new APIDeleteLdapBindingMsg();
msg4.setUuid(evt2.getInventory().getUuid());
msg4.setSession(session);
APIDeleteLdapBindingEvent evt4 = sender.send(msg4, APIDeleteLdapBindingEvent.class);
Assert.assertTrue(evt4.getError() == null);
}
}