summaryrefslogtreecommitdiff
path: root/ext/ldap/tests/README
blob: edc44eb4b085f0d0d10c431dd444c39277a4e35b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
To ease testing LDAP-Setups we've created a vagrant-setup.

Prerequisits:
=============

You will need vagrant on your box. Get it from https://www.vagrantup.com

Usage:
======

To use it follow these steps:

* Create a Vagrant-file with the following content.
* Go to that directory and run "vagrant up"

```
$setup = <<<SETUP
apt-get update

DEBIAN_FRONTEND=noninteractive aptitude install -q -y slapd ldap-utils

export SLAPPASS=`slappasswd -s password`

echo "dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=nodomain
-
replace: olcRootDN
olcRootDN: dc=admin,dc=nodomain
-
replace: olcRootPW
olcRootPW: ${SLAPPASS}" | ldapmodify -Y EXTERNAL -H ldapi:///

echo "dn: dc=nodomain
objectClass: dcObject
objectClass: organization
o: Example
dc: example

dn: ou=extldap,dc=nodomain
objectClass: organizationalUnit
ou: extldap" | ldapadd -c -x -H ldap://localhost:389 -D "dc=admin,dc=nodomain" -w password
SETUP

Vagrant.configure(2) do |config|
  config.vm.box = "ubuntu/trusty64"
  config.vm.network "private_network", ip: "192.168.33.10"
  config.vm.provision "shell", inline: $setup
end
```

Now you will have a virtual machine up and running on IP-Address 192.168.10.33 listening on port 369 for incomming LDAP-connections. The machine is already configured to execute the LDAP-Tests

The next step is to go into the PHP-Source-directory. Configure and make the source as appropriate.

Before running the LDAP-Tests you need to set some environment-variables:

export LDAP_TEST_PASSWD="password"
export LDAP_TEST_BASE="ou=extldap,dc=nodomain"
export LDAP_TEST_USER="dc=admin,dc=nodomain"
export LDAP_TEST_HOST=192.168.33.10

Now you can run the test-suite by calling "make test". To test only the LDAP-Tests, run "make test TESTS=ext/ldap"

CAVEAT: The current setup does not (yet) test secure connections. 


========
OLD README

Most tests here relies on the availability of an LDAP server configured with TLS.

Client/Server configuration:
===========================================================
OpenLDAP 2.4.31 has been used with the configuration below.

Notes:
1.  A self signed certificate can be generated using:
    $ openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 3650
    It is used for testing ldap_start_tls(), which also requires "TLS_REQCERT never" in client configuration
2.  An empty LDAP structure is required for the tests to be PASSed (except for base and admin)

If you use a debian based distribution, prefer the use of dpkg-reconfigure.
Otherwise you may alter these configuration files:

	(/etc/openldap/)slapd.conf:
-----------------------------------------------------------
TLSCACertificateFile /etc/openldap/ssl/server.pem
TLSCertificateFile /etc/openldap/ssl/server.pem
TLSCertificateKeyFile /etc/openldap/ssl/server.pem
TLSVerifyClient never

# hdb is used instead of bdb as it enables the usage of referrals & aliases
database        hdb
suffix          "dc=my-domain,dc=com"
checkpoint      32      30
rootdn          "cn=Manager,dc=my-domain,dc=com"
rootpw          secret
directory       /var/lib/openldap-data
index   objectClass     eq

authz-regexp
	uid=Manager,cn=digest-md5,cn=auth
	cn=Manager,dc=my-domain,dc=com


(/etc/openldap/)ldap.conf:
-----------------------------------------------------------
TLS_REQCERT never

Tests configuration:
===========================================================
The following environment variables may be defined:
LDAP_TEST_HOST (default: localhost)                        Host to connect to
LDAP_TEST_PORT (default: 389)                              Port to connect to
LDAP_TEST_BASE (default: dc=my-domain,dc=com)              Base to use. May be the ldap root or a subtree. (ldap_search_variation6 will fail if a subtree is used)
LDAP_TEST_USER (default: cn=Manager,dc=my-domain,dc=com)   DN used for binding
LDAP_TEST_SASL_USER (default: Manager)                     SASL user used for SASL binding
LDAP_TEST_PASSWD (default: secret)                         Password used for plain and SASL binding
LDAP_TEST_OPT_PROTOCOL_VERSION (default: 3)                Version of LDAP protocol to use
LDAP_TEST_SKIP_BIND_FAILURE (default: true)                Whether to fail the test or not in case binding fails

Credits:
===========================================================
Davide Mendolia <idaf1er@gmail.com>
Patrick Allaert <patrick.allaert@gmail.com>
Côme Bernigaud <mcmic@php.net>