sources/ldap: implement test

2025-02-21 14:07:01 +01:00
parent f6a3105fa5
commit cdfd92c49e
2 changed files with 15 additions and 6 deletions
--- a/authentik/sources/ldap/tests/mock_freeipa.py
+++ b/authentik/sources/ldap/tests/mock_freeipa.py
@ -101,12 +101,21 @@ def mock_freeipa_connection(password: str) -> Connection:
        "cn=user4,ou=users,dc=goauthentik,dc=io",
        {
            "name": "user4_sn",
+            "uid": "user4_sn",
            "objectClass": "person",
            "memberOf": [
-              "cn=group1,ou=groups,dc=goauthentik,dc=io",
+              "cn=reverse-lookup-group,ou=groups,dc=goauthentik,dc=io",
            ]
        },
    )
+    connection.strategy.add_entry(
+        "cn=reverse-lookup-group,ou=groups,dc=goauthentik,dc=io",
+        {
+            "cn": "reverse-lookup-group",
+            "uid": "reverse-lookup-group",
+            "objectClass": "groupOfNames",
+        },
+    )
    # Locked out user
    connection.strategy.add_entry(
        "cn=user-nsaccountlock,ou=users,dc=goauthentik,dc=io",
--- a/authentik/sources/ldap/tests/test_sync.py
+++ b/authentik/sources/ldap/tests/test_sync.py
@ -167,6 +167,7 @@ class LDAPSyncTests(TestCase):
        self.source.object_uniqueness_field = "uid"
        self.source.group_object_filter = "(objectClass=groupOfNames)"
        self.source.lookup_groups_from_user = True
+        self.source.group_membership_field = "memberOf"
        self.source.user_property_mappings.set(
            LDAPSourcePropertyMapping.objects.filter(
                Q(managed__startswith="goauthentik.io/sources/ldap/default")
@ -180,7 +181,6 @@ class LDAPSyncTests(TestCase):
        )
        connection = MagicMock(return_value=mock_freeipa_connection(LDAP_PASSWORD))
        with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
-            self.source.save()
            user_sync = UserLDAPSynchronizer(self.source)
            user_sync.sync_full()
            group_sync = GroupLDAPSynchronizer(self.source)
@ -188,11 +188,11 @@ class LDAPSyncTests(TestCase):
            membership_sync = MembershipLDAPSynchronizer(self.source)
            membership_sync.sync_full()

-            self.assertTrue(User.objects.filter(username="user4_sn").exists())
+            self.assertTrue(User.objects.filter(username="user4_sn").exists(), "User does not exist")
            # Test if membership mapping based on memberOf works.
-            memberof_group = Group.objects.filter(name="group1").first()
-            self.assertTrue(memberof_group.exists())
-            self.assertTrue(memberof_group.users.filter(name="user4_sn").exists())
+            memberof_group = Group.objects.filter(name="reverse-lookup-group")
+            self.assertTrue(memberof_group.exists(), "Group does not exist")
+            self.assertTrue(memberof_group.first().users.filter(username="user4_sn").exists(), "User not a member of the group")

    def test_sync_groups_ad(self):
        """Test group sync"""