Allow for multiple user RDNs in LDAP

Fixes #1600
2016-07-07 14:26:14 -04:00 · 2016-07-07 14:26:14 -04:00 · adaeeba5d0
commit adaeeba5d0
parent 40473f9fbd
7 changed files with 129 additions and 43 deletions
--- a/test/test_ldap.py
+++ b/test/test_ldap.py
@ -2,9 +2,7 @@ import unittest

 from app import app
 from initdb import setup_database_for_testing, finished_database_for_testing
-from data import model
 from data.users import LDAPUsers
-
 from mockldap import MockLdap

 class TestLDAP(unittest.TestCase):
@ -20,6 +18,10 @@ class TestLDAP(unittest.TestCase):
        'dc': ['quay', 'io'],
        'ou': 'employees'
      },
+      'ou=otheremployees,dc=quay,dc=io': {
+        'dc': ['quay', 'io'],
+        'ou': 'otheremployees'
+      },
      'uid=testy,ou=employees,dc=quay,dc=io': {
        'dc': ['quay', 'io'],
        'ou': 'employees',
@ -63,6 +65,13 @@ class TestLDAP(unittest.TestCase):
        'uid': ['multientry'],
        'another': ['key']
      },
+       'uid=secondaryuser,ou=otheremployees,dc=quay,dc=io': {
+        'dc': ['quay', 'io'],
+        'ou': 'otheremployees',
+        'uid': ['secondaryuser'],
+        'userPassword': ['somepass'],
+        'mail': ['foosecondary@bar.com']
+      },
    })

    self.mockldap.start()
@ -73,9 +82,10 @@ class TestLDAP(unittest.TestCase):
    user_rdn = ['ou=employees']
    uid_attr = 'uid'
    email_attr = 'mail'
+    secondary_user_rdns = ['ou=otheremployees']

    ldap = LDAPUsers('ldap://localhost', base_dn, admin_dn, admin_passwd, user_rdn,
-                     uid_attr, email_attr)
+                     uid_attr, email_attr, secondary_user_rdns=secondary_user_rdns)

    self.ldap = ldap

@ -112,6 +122,15 @@ class TestLDAP(unittest.TestCase):
    (response, _) = self.ldap.confirm_existing_user('someuser', 'somepass')
    self.assertEquals(response.username, 'someuser')

+  def test_login_secondary(self):
+    # Verify we can login.
+    (response, _) = self.ldap.verify_and_link_user('secondaryuser', 'somepass')
+    self.assertEquals(response.username, 'secondaryuser')
+
+    # Verify we can confirm the user.
+    (response, _) = self.ldap.confirm_existing_user('secondaryuser', 'somepass')
+    self.assertEquals(response.username, 'secondaryuser')
+
  def test_invalid_password(self):
    # Verify we cannot login with an invalid password.
    (response, err_msg) = self.ldap.verify_and_link_user('someuser', 'invalidpass')