yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test: fix openldap docker runs

This commit is contained in:
Zaiming (Stone) Shi 2023-09-28 18:38:37 +02:00
parent b28e781c50
commit d858f8af39
3 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.ci/docker-compose-file/openldap/slapd.conf
View File

@ -1,14 +1,13 @@
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
include /usr/local/etc/openldap/schema/emqx.schema include /usr/local/etc/openldap/schema/emqx.schema
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/cert.pem TLSCertificateFile /usr/local/etc/openldap/cert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/key.pem TLSCertificateKeyFile /usr/local/etc/openldap/key.pem
database bdb database mdb
suffix "dc=emqx,dc=io" suffix "dc=emqx,dc=io"
rootdn "cn=root,dc=emqx,dc=io" rootdn "cn=root,dc=emqx,dc=io"
rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W

26
apps/emqx_ldap/test/data/emqx.io.ldif
View File

@ -13,6 +13,12 @@ objectClass: top
objectclass:organizationalUnit objectclass:organizationalUnit
ou:testdevice ou:testdevice
# create dashboard.emqx.io
dn:ou=dashboard,dc=emqx,dc=io
objectClass: top
objectclass:organizationalUnit
ou:dashboard
# create user admin # create user admin
dn:uid=admin,ou=testdevice,dc=emqx,dc=io dn:uid=admin,ou=testdevice,dc=emqx,dc=io
objectClass: top objectClass: top
@ -150,3 +156,23 @@ objectClass: mqttSecurity
uid: mqttuser0007 uid: mqttuser0007
isSuperuser: TRUE isSuperuser: TRUE
userPassword: {SHA}axpQGbl00j3jvOG058y313ocnBk= userPassword: {SHA}axpQGbl00j3jvOG058y313ocnBk=
## Try to test with base DN 'ou=dashboard,dc=emqx,dc=io'
## with a filter ugroup=group1
## this should return 2 users in the query and fail the test
## echo -n "viewer1" | sha1sum | cut -d' ' -f1 | xxd -r -p | base64
dn:uid=viewer1,ou=dashboard,dc=emqx,dc=io
objectClass: top
objectClass: dashboardUser
uid: viewer1
ugroup: group1
userPassword: {SHA}I/LgVpQ6joiHifK7pZEQ1+0AUlg=
## echo -n "viewer2" | sha1sum | cut -d' ' -f1 | xxd -r -p | base64
dn:uid=viewer2,ou=dashboard,dc=emqx,dc=io
objectClass: top
objectClass: dashboardUser
uid: viewer2
ugroup: group1
userPassword: {SHA}SR0qZpf8pYKKAbn6ILFvX91JuQg=

19
apps/emqx_ldap/test/data/emqx.schema
View File

@ -35,10 +35,11 @@ attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.4 NAME ( 'mqttAccountName' 'ma
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications ) USAGE userApplications )
attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.5.1 NAME 'ugroup'
objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4 NAME 'mqttUser' EQUALITY caseIgnoreMatch
AUXILIARY SUBSTR caseIgnoreSubstringsMatch
MAY ( mqttPublishTopic $ mqttSubscriptionTopic $ mqttPubSubTopic $ mqttAccountName $ isSuperuser) ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.2 NAME 'mqttDevice' objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.2 NAME 'mqttDevice'
SUP top SUP top
@ -50,3 +51,13 @@ objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.3 NAME 'mqttSecurity'
SUP top SUP top
AUXILIARY AUXILIARY
MUST ( userPassword ) ) MUST ( userPassword ) )
objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4 NAME 'mqttUser'
AUXILIARY
MAY ( mqttPublishTopic $ mqttSubscriptionTopic $ mqttPubSubTopic $ mqttAccountName $ isSuperuser ) )
objectclass (1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.5 NAME 'dashboardUser'
SUP top
STRUCTURAL
MUST ( uid $ userPassword )
MAY ( ugroup ))