Add LdapUserBackend and (skipping) test

The test is skipped due to the tight coupling of the Ldap Protocol Backend to the rest of the application, this has to be addressed as soon as the Connection is cleaned up refs #4265 refs #4250
2013-06-10 16:03:51 +02:00 · 2013-06-10 16:03:51 +02:00 · e325ad3417
parent 70e8562814
commit e325ad3417
2 changed files with 138 additions and 3 deletions
--- a/library/Icinga/Authentication/Backend/LdapUserBackend.php
+++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php
@ -0,0 +1,53 @@
+<?php
+
+namespace Icinga\Authentication\Backend;
+
+use Icinga\Authentication\User as User;
+use Icinga\Protocol\Ldap;
+
+class LdapUserBackend implements UserBackend
+{
+    protected $connection;
+
+    public function __construct($config)
+    {
+        $this->connection = new Ldap\Connection($config);
+    }
+
+    public function hasUsername($username)
+    {
+        if (! $username) {
+            return false;
+        }
+        return $this->connection->fetchOne(
+            $this->selectUsername($username)
+        ) === $username;
+    }
+
+    protected function stripAsterisks($string)
+    {
+        return str_replace('*', '', $string);
+    }
+
+    protected function selectUsername($username)
+    {
+        return $this->connection->select()
+            ->from('user', array('sAMAccountName'))
+            ->where('sAMAccountName', $this->stripAsterisks($username));
+    }
+
+    public function authenticate($username, $password = null)
+    {
+        if (empty($username) || empty($password)) {
+            return false;
+        }
+        if (! $this->connection->testCredentials(
+            $this->connection->fetchDN($this->selectUsername($username)),
+            $password
+        )) {
+            return false;
+        }
+        $user = new User($username);
+        return $user;
+    }
+}
--- a/test/php/library/Icinga/Authentication/LdapUserBackendTest.php
+++ b/test/php/library/Icinga/Authentication/LdapUserBackendTest.php
@ -4,11 +4,95 @@ namespace Tests\Icinga\Authentication;
 /**
 *
 * Test class for Ldapuserbackend 
-* Created Fri, 07 Jun 2013 10:38:16 +0000 
+* Created Mon, 10 Jun 2013 07:54:34 +0000 
 *
 **/
 class LdapuserbackendTest extends \PHPUnit_Framework_TestCase
 {
+    // Change this according to your ldap test server
+    const ADMIN_DN = "cn=admin,dc=icinga,dc=org";
+    const ADMIN_PASS = "admin";
+
+    private $users = array(
+        "cn=John Doe, dc=icinga, dc=org" =>  array(
+            "cn" => "John Doe",
+            "sn" => "Doe",
+            "objectclass" => "inetOrgPerson",
+            "givenName" => "John",
+            "mail" => "john@doe.local"
+        ),
+        "cn=Jane Woe, dc=icinga, dc=org" => array(
+            "cn" => "Jane Woe",
+            "sn" => "Woe",
+            "objectclass" => "inetOrgPerson",
+            "givenName" => "Jane",
+            "mail" => "jane@woe.local"
+        )
+    );
+
+    private function getLDAPConnection()
+    {
+        $this->markTestSkipped("LDAP User Backend is currently not testable, as it would require to Boostrap most of the application (see Protocol\Ldap\Connection)");
+        return;
+        $ldapConn = ldap_connect("localhost", 389);
+        if (!$ldapConn) {
+            $this->markTestSkipped("Could not connect to test-ldap server, skipping test");
+            return null;
+        }
+        $bind = ldap_bind($ldapConn, self::ADMIN_DN, self::ADMIN_PASS);
+        if (!$bind) {
+            $this->markTestSkipped("Could not bind to test-ldap server, skipping test");
+            return null;
+        }
+        return $ldapConn;
+    }
+    
+    private function clearTestData($connection)
+    {
+        foreach ($this->users as $ou => $info) {
+            @ldap_delete($connection, $ou);
+        }
+    }
+
+    private function insertTestdata($connection)
+    {
+        foreach ($this->users as $ou => $info) {
+            if (ldap_add($connection, $ou, $info) === false) {
+                $this->markTestSkipped("Couldn't set up test-ldap users, skipping test");
+            }
+        }
+
+    }
+
+    protected function setUp()
+    {
+        $conn = $this->getLDAPConnection();
+        if ($conn == null) {
+            return;
+        }
+        $this->clearTestData($conn);
+        $this->insertTestData($conn);
+        $result = ldap_list($conn, "dc=icinga, dc=org", "(cn=John Doe)");
+        if (ldap_count_entries($conn, $result) < 1) {
+            $this->markTestSkipped("Couldn't set up test users, skipping test");
+        }
+        $result = ldap_list($conn, "dc=icinga, dc=org", "(cn=Jane Woe)");
+        if (ldap_count_entries($conn, $result) < 1) {
+            $this->markTestSkipped("Couldn't set up test users, skipping test");
+        }
+        ldap_close($conn);
+    }
+
+    public function tearDown()
+    {
+        $conn = $this->getLDAPConnection();
+        if ($conn == null) {
+            return;
+        }
+
+        $this->clearTestData($conn);
+        ldap_close($conn);
+    }

    /**
    * Test for LdapUserBackend::HasUsername() 
@ -16,7 +100,6 @@ class LdapuserbackendTest extends \PHPUnit_Framework_TestCase
    **/
    public function testHasUsername()
    {
-        $this->markTestIncomplete('testHasUsername is not implemented yet');
    }

    /**
@ -27,5 +110,4 @@ class LdapuserbackendTest extends \PHPUnit_Framework_TestCase
    {
        $this->markTestIncomplete('testAuthenticate is not implemented yet');
    }
-
 }