Add a test for memberof attribute
This commit is contained in:
Jo Rhett
committed by
Amélie Lilith Krejčí
Amélie Lilith Krejčí
parent
49067f8cdc
commit
f6a3105fa5
@ -96,6 +96,17 @@ def mock_freeipa_connection(password: str) -> Connection:
|
|||||||
"objectClass": "posixAccount",
|
"objectClass": "posixAccount",
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
# User with groups in memberOf attribute
|
||||||
|
connection.strategy.add_entry(
|
||||||
|
"cn=user4,ou=users,dc=goauthentik,dc=io",
|
||||||
|
{
|
||||||
|
"name": "user4_sn",
|
||||||
|
"objectClass": "person",
|
||||||
|
"memberOf": [
|
||||||
|
"cn=group1,ou=groups,dc=goauthentik,dc=io",
|
||||||
|
]
|
||||||
|
},
|
||||||
|
)
|
||||||
# Locked out user
|
# Locked out user
|
||||||
connection.strategy.add_entry(
|
connection.strategy.add_entry(
|
||||||
"cn=user-nsaccountlock,ou=users,dc=goauthentik,dc=io",
|
"cn=user-nsaccountlock,ou=users,dc=goauthentik,dc=io",
|
||||||
|
|||||||
@ -162,6 +162,38 @@ class LDAPSyncTests(TestCase):
|
|||||||
self.assertFalse(User.objects.filter(username="user1_sn").exists())
|
self.assertFalse(User.objects.filter(username="user1_sn").exists())
|
||||||
self.assertFalse(User.objects.get(username="user-nsaccountlock").is_active)
|
self.assertFalse(User.objects.get(username="user-nsaccountlock").is_active)
|
||||||
|
|
||||||
|
def test_sync_groups_freeipa_memberOf(self):
|
||||||
|
"""Test group sync when membership is derived from memberOf user attribute"""
|
||||||
|
self.source.object_uniqueness_field = "uid"
|
||||||
|
self.source.group_object_filter = "(objectClass=groupOfNames)"
|
||||||
|
self.source.lookup_groups_from_user = True
|
||||||
|
self.source.user_property_mappings.set(
|
||||||
|
LDAPSourcePropertyMapping.objects.filter(
|
||||||
|
Q(managed__startswith="goauthentik.io/sources/ldap/default")
|
||||||
|
| Q(managed__startswith="goauthentik.io/sources/ldap/openldap")
|
||||||
|
)
|
||||||
|
)
|
||||||
|
self.source.group_property_mappings.set(
|
||||||
|
LDAPSourcePropertyMapping.objects.filter(
|
||||||
|
managed="goauthentik.io/sources/ldap/openldap-cn"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
connection = MagicMock(return_value=mock_freeipa_connection(LDAP_PASSWORD))
|
||||||
|
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
|
||||||
|
self.source.save()
|
||||||
|
user_sync = UserLDAPSynchronizer(self.source)
|
||||||
|
user_sync.sync_full()
|
||||||
|
group_sync = GroupLDAPSynchronizer(self.source)
|
||||||
|
group_sync.sync_full()
|
||||||
|
membership_sync = MembershipLDAPSynchronizer(self.source)
|
||||||
|
membership_sync.sync_full()
|
||||||
|
|
||||||
|
self.assertTrue(User.objects.filter(username="user4_sn").exists())
|
||||||
|
# Test if membership mapping based on memberOf works.
|
||||||
|
memberof_group = Group.objects.filter(name="group1").first()
|
||||||
|
self.assertTrue(memberof_group.exists())
|
||||||
|
self.assertTrue(memberof_group.users.filter(name="user4_sn").exists())
|
||||||
|
|
||||||
def test_sync_groups_ad(self):
|
def test_sync_groups_ad(self):
|
||||||
"""Test group sync"""
|
"""Test group sync"""
|
||||||
self.source.user_property_mappings.set(
|
self.source.user_property_mappings.set(
|
||||||
|
|||||||
Reference in New Issue
Block a user