Example 11 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class AuthenticationDetailsTestCase method testAuthTypePLAINAnonymous.
/**
* Tests the behavior for the case in which the JSON object has an
* authentication-details field that has an authentication type of PLAIN and
* is configured for anonymous authentication.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAuthTypePLAINAnonymous() throws Exception {
final InMemoryDirectoryServer ds = getTestDS();
final JSONObject o = new JSONObject(new JSONField("server-details", new JSONObject(new JSONField("single-server", new JSONObject(new JSONField("address", "localhost"), new JSONField("port", ds.getListenPort()))))), new JSONField("authentication-details", new JSONObject(new JSONField("authentication-type", "PLAIN"), new JSONField("authentication-id", "dn:"), new JSONField("password", ""))));
final LDAPConnectionDetailsJSONSpecification spec = new LDAPConnectionDetailsJSONSpecification(o);
assertNotNull(spec.getBindRequest());
assertTrue(spec.getBindRequest() instanceof PLAINBindRequest);
final PLAINBindRequest bindRequest = (PLAINBindRequest) spec.getBindRequest();
assertEquals(bindRequest.getAuthenticationID(), "dn:");
assertNull(bindRequest.getAuthorizationID());
assertEquals(bindRequest.getPasswordString(), "");
}
Also used :
InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
Test(org.testng.annotations.Test)
Example 12 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class InMemoryDirectoryServerPasswordEncodingTestCase method testMultiplePasswords.
/**
* Tests password encoding functionality for entries with multiple passwords.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testMultiplePasswords() throws Exception {
// Create an in-memory directory server instance with support for a lot of
// password encoders.
final InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=example,dc=com");
config.setPasswordEncoders(new ClearInMemoryPasswordEncoder("{CLEAR}", null));
assertNotNull(config.getPasswordAttributes());
assertFalse(config.getPasswordAttributes().isEmpty());
assertEquals(config.getPasswordAttributes(), Collections.singleton("userPassword"));
assertNotNull(config.getPrimaryPasswordEncoder());
assertNotNull(config.getSecondaryPasswordEncoders());
assertTrue(config.getSecondaryPasswordEncoders().isEmpty());
assertNotNull(config.toString());
final InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
ds.startListening();
// Add some base entries to the server.
final LDAPConnection conn = ds.getConnection();
conn.add("dn: dc=example,dc=com", "objectClass: top", "objectClass: domain", "dc: example");
conn.add("dn: ou=People,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: People");
// Add an entry with multiple passwords in the clear.
conn.add("dn: uid=multiple.unencoded,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: multiple.unencoded", "givenName: Multiple", "sn: Unencoded", "cn: Multiple Unencoded", "userPassword: password1", "userPassword: password2");
// Add an entry with multiple pre-encoded passwords.
conn.add("dn: uid=multiple.encoded,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: multiple.unencoded", "givenName: Multiple", "sn: Encoded", "cn: Multiple Encoded", "userPassword: {CLEAR}password1", "userPassword: {CLEAR}password2");
// Verify that we can bind with both passwords for both users.
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.unencoded,ou=People,dc=example,dc=com", "password1"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.unencoded,ou=People,dc=example,dc=com", "password2"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new PLAINBindRequest("dn:uid=multiple.unencoded,ou=People,dc=example,dc=com", "password1"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new PLAINBindRequest("dn:uid=multiple.unencoded,ou=People,dc=example,dc=com", "password2"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.encoded,ou=People,dc=example,dc=com", "password1"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.encoded,ou=People,dc=example,dc=com", "password2"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new PLAINBindRequest("dn:uid=multiple.encoded,ou=People,dc=example,dc=com", "password1"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new PLAINBindRequest("dn:uid=multiple.encoded,ou=People,dc=example,dc=com", "password2"), ResultCode.SUCCESS);
// Verify that we can modify the first user to remove just one of the
// passwords and replace it with a different value.
assertResultCodeEquals(conn, new ModifyRequest("dn: uid=multiple.unencoded,ou=People,dc=example,dc=com", "changetype: modify", "delete: userPassword", "userPassword: password1", "-", "add: userPassword", "userPassword: password3"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.unencoded,ou=People,dc=example,dc=com", "password1"), ResultCode.INVALID_CREDENTIALS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.unencoded,ou=People,dc=example,dc=com", "password2"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.unencoded,ou=People,dc=example,dc=com", "password3"), ResultCode.SUCCESS);
// Verify that we can use the password modify extended operation to
// replace the password for the second user.
assertResultCodeEquals(conn, new PasswordModifyExtendedRequest("dn:uid=multiple.encoded,ou=People,dc=example,dc=com", null, "newPassword"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.encoded,ou=People,dc=example,dc=com", "password1"), ResultCode.INVALID_CREDENTIALS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.encoded,ou=People,dc=example,dc=com", "password2"), ResultCode.INVALID_CREDENTIALS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=multiple.encoded,ou=People,dc=example,dc=com", "newPassword"), ResultCode.SUCCESS);
conn.close();
ds.shutDown(true);
}
Also used :
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
ModifyRequest(com.unboundid.ldap.sdk.ModifyRequest)
PasswordModifyExtendedRequest(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest)
Test(org.testng.annotations.Test)
Example 13 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class InMemoryDirectoryServerPasswordEncodingTestCase method testBroadFunctionality.
/**
* Tests a broad set of password encoding functionality.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testBroadFunctionality() throws Exception {
// Create an in-memory directory server instance with support for a lot of
// password encoders.
final InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=example,dc=com");
final MessageDigest sha1Digest = CryptoHelper.getMessageDigest("SHA-1");
config.setPasswordEncoders(new ClearInMemoryPasswordEncoder("{CLEAR}", null), new ClearInMemoryPasswordEncoder("{HEX}", HexPasswordEncoderOutputFormatter.getLowercaseInstance()), new ClearInMemoryPasswordEncoder("{BASE64}", Base64PasswordEncoderOutputFormatter.getInstance()), new UnsaltedMessageDigestInMemoryPasswordEncoder("{SHA}", Base64PasswordEncoderOutputFormatter.getInstance(), sha1Digest));
assertNotNull(config.getPasswordAttributes());
assertFalse(config.getPasswordAttributes().isEmpty());
assertEquals(config.getPasswordAttributes(), Collections.singleton("userPassword"));
assertNotNull(config.getPrimaryPasswordEncoder());
assertNotNull(config.getSecondaryPasswordEncoders());
assertFalse(config.getSecondaryPasswordEncoders().isEmpty());
assertNotNull(config.toString());
final InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
ds.startListening();
// Import LDIF data into the in-memory directory server. It will include a
// mix of clear-text and encoded passwords.
final byte[] passwordBytes = StaticUtils.getBytes("password");
final String clearPassword = "{CLEAR}password";
final String hexPassword = "{HEX}" + StaticUtils.toHex(passwordBytes);
final String base64Password = "{BASE64}" + Base64.encode(passwordBytes);
final String shaPassword = "{SHA}" + Base64.encode(sha1Digest.digest(passwordBytes));
final File ldifFile = createTempFile("dn: dc=example,dc=com", "objectClass: top", "objectClass: domain", "dc: example", "", "dn: ou=People,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: People", "", "dn: uid=imported.unencoded,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: imported.unencoded", "givenName: Imported", "sn: Unencoded", "cn: Imported Unencoded", "userPassword: password", "", "dn: uid=imported.clear,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: imported.clear", "givenName: Imported", "sn: Clear", "cn: Imported Clear", "userPassword: " + clearPassword, "", "dn: uid=imported.hex,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: imported.hex", "givenName: Imported", "sn: Hex", "cn: Imported Hex", "userPassword: " + hexPassword, "", "dn: uid=imported.base64,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: imported.base64", "givenName: Imported", "sn: Base64", "cn: Imported Base64", "userPassword: " + base64Password, "", "dn: uid=imported.sha,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: imported.sha", "givenName: Imported", "sn: SHA", "cn: Imported SHA", "userPassword: " + shaPassword);
ds.importFromLDIF(true, ldifFile.getAbsolutePath());
// Verify that the passwords in the import were handled properly. The
// unencoded password should have been encoded. The encoded passwords
// should have been left intact.
assertEquals(ds.getEntry("uid=imported.unencoded,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), "{CLEAR}password");
assertEquals(ds.getEntry("uid=imported.clear,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), clearPassword);
assertEquals(ds.getEntry("uid=imported.hex,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), hexPassword);
assertEquals(ds.getEntry("uid=imported.base64,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), base64Password);
assertEquals(ds.getEntry("uid=imported.sha,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), shaPassword);
// Test methods for interacting with passwords.
assertNotNull(ds.getPasswordAttributes());
assertEquals(ds.getPasswordAttributes(), Collections.singletonList("userPassword"));
assertNotNull(ds.getPrimaryPasswordEncoder());
assertEquals(ds.getPrimaryPasswordEncoder().getPrefix(), "{CLEAR}");
assertNotNull(ds.getAllPasswordEncoders());
assertFalse(ds.getAllPasswordEncoders().isEmpty());
for (final String dn : new String[] { "uid=imported.unencoded,ou=People,dc=example,dc=com", "uid=imported.clear,ou=People,dc=example,dc=com", "uid=imported.hex,ou=People,dc=example,dc=com", "uid=imported.base64,ou=People,dc=example,dc=com", "uid=imported.sha,ou=People,dc=example,dc=com" }) {
final Entry entry = ds.getEntry(dn);
assertNotNull(entry);
assertNotNull(ds.getPasswordsInEntry(entry, null));
assertFalse(ds.getPasswordsInEntry(entry, null).isEmpty());
assertNotNull(ds.getPasswordsInEntry(entry, new ASN1OctetString("password")));
assertFalse(ds.getPasswordsInEntry(entry, new ASN1OctetString("password")).isEmpty());
assertNotNull(ds.getPasswordsInEntry(entry, new ASN1OctetString("wrong")));
assertTrue(ds.getPasswordsInEntry(entry, new ASN1OctetString("wrong")).isEmpty());
}
// Get a connection and verify that we can authenticate as each of those
// users with the right password, but not with the wrong password.
final LDAPConnection conn = ds.getConnection();
for (final String dn : new String[] { "uid=imported.unencoded,ou=People,dc=example,dc=com", "uid=imported.clear,ou=People,dc=example,dc=com", "uid=imported.hex,ou=People,dc=example,dc=com", "uid=imported.base64,ou=People,dc=example,dc=com", "uid=imported.sha,ou=People,dc=example,dc=com" }) {
assertResultCodeEquals(conn, new SimpleBindRequest(dn, "password"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest(dn, "wrong"), ResultCode.INVALID_CREDENTIALS);
assertResultCodeEquals(conn, new PLAINBindRequest("dn:" + dn, "password"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("dn:" + dn, "wrong"), ResultCode.INVALID_CREDENTIALS);
}
// Verify that we can't bind with the pre-encoded representation of the
// password.
assertResultCodeEquals(conn, new SimpleBindRequest("uid=imported.clear,ou=People,dc=example,dc=com", clearPassword), ResultCode.INVALID_CREDENTIALS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=imported.hex,ou=People,dc=example,dc=com", hexPassword), ResultCode.INVALID_CREDENTIALS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=imported.base64,ou=People,dc=example,dc=com", base64Password), ResultCode.INVALID_CREDENTIALS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=imported.sha,ou=People,dc=example,dc=com", shaPassword), ResultCode.INVALID_CREDENTIALS);
// Verify that we can add a user with an unencoded password, that it
// will be properly encoded, and that we can bind with that password.
assertResultCodeEquals(conn, new AddRequest("dn: uid=added.unencoded,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: added.unencoded", "givenName: Added", "sn: Unencoded", "cn: Added Unencoded", "userPassword: added"), ResultCode.SUCCESS);
assertEquals(ds.getEntry("uid=added.unencoded,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), "{CLEAR}added");
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.unencoded,ou=People,dc=example,dc=com", "added"), ResultCode.SUCCESS);
// Verify that we can add a user with a pre-encoded password, and that it
// will be left alone.
final String hexOfAdded = "{HEX}" + StaticUtils.toHex(StaticUtils.getBytes("added"));
assertResultCodeEquals(conn, new AddRequest("dn: uid=added.hex,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: added.unencoded", "givenName: Added", "sn: Hex", "cn: Added Hex", "userPassword: " + hexOfAdded), ResultCode.SUCCESS);
assertEquals(ds.getEntry("uid=added.hex,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), hexOfAdded);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.hex,ou=People,dc=example,dc=com", "added"), ResultCode.SUCCESS);
// Verify that we can replace a password with a modify containing an
// unencoded value and that it will behave properly.
assertResultCodeEquals(conn, new ModifyRequest("dn: uid=added.unencoded,ou=People,dc=example,dc=com", "changetype: modify", "replace: userPassword", "userPassword: replaced"), ResultCode.SUCCESS);
assertEquals(ds.getEntry("uid=added.unencoded,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), "{CLEAR}replaced");
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.unencoded,ou=People,dc=example,dc=com", "replaced"), ResultCode.SUCCESS);
// Verify that we can replace a password with a modify containing an
// encoded value and that it will behave properly.
final String hexOfReplaced = "{HEX}" + StaticUtils.toHex(StaticUtils.getBytes("replaced"));
assertResultCodeEquals(conn, new ModifyRequest("dn: uid=added.hex,ou=People,dc=example,dc=com", "changetype: modify", "replace: userPassword", "userPassword: " + hexOfReplaced), ResultCode.SUCCESS);
assertEquals(ds.getEntry("uid=added.hex,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), hexOfReplaced);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.hex,ou=People,dc=example,dc=com", "replaced"), ResultCode.SUCCESS);
// Verify that we can perform a password change as a delete-then-add with
// clear-text values.
assertResultCodeEquals(conn, new ModifyRequest("dn: uid=added.unencoded,ou=People,dc=example,dc=com", "changetype: modify", "delete: userPassword", "userPassword: replaced", "-", "add: userPassword", "userPassword: deleted-then-added"), ResultCode.SUCCESS);
assertEquals(ds.getEntry("uid=added.unencoded,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), "{CLEAR}deleted-then-added");
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.unencoded,ou=People,dc=example,dc=com", "deleted-then-added"), ResultCode.SUCCESS);
// Verify that we can perform a password change as a delete-then-add with
// pre-encoded values. For the heck of it, we'll throw in an additional
// modification that doesn't target a password attribute.
final String hexOfDeletedThenAdded = "{HEX}" + StaticUtils.toHex(StaticUtils.getBytes("deleted-then-added"));
assertResultCodeEquals(conn, new ModifyRequest("dn: uid=added.hex,ou=People,dc=example,dc=com", "changetype: modify", "delete: userPassword", "userPassword: " + hexOfReplaced, "-", "add: userPassword", "userPassword: " + hexOfDeletedThenAdded, "-", "replace: description", "description: foo"), ResultCode.SUCCESS);
assertEquals(ds.getEntry("uid=added.hex,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), hexOfDeletedThenAdded);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.hex,ou=People,dc=example,dc=com", "deleted-then-added"), ResultCode.SUCCESS);
// Verify that we can't delete a nonexistent password value when we provide
// the value in the clear.
assertResultCodeEquals(conn, new ModifyRequest("dn: uid=added.unencoded,ou=People,dc=example,dc=com", "changetype: modify", "delete: userPassword", "userPassword: nonexistent"), ResultCode.NO_SUCH_ATTRIBUTE);
assertEquals(ds.getEntry("uid=added.unencoded,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), "{CLEAR}deleted-then-added");
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.unencoded,ou=People,dc=example,dc=com", "deleted-then-added"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.unencoded,ou=People,dc=example,dc=com", "nonexistent"), ResultCode.INVALID_CREDENTIALS);
// Verify that we can't delete a nonexistent password value when we provide
// the value in a pre-encoded form.
final String hexOfNonexistent = "{HEX}" + StaticUtils.toHex(StaticUtils.getBytes("nonexistent"));
assertResultCodeEquals(conn, new ModifyRequest("dn: uid=added.hex,ou=People,dc=example,dc=com", "changetype: modify", "delete: userPassword", "userPassword: " + hexOfNonexistent), ResultCode.NO_SUCH_ATTRIBUTE);
assertEquals(ds.getEntry("uid=added.hex,ou=People,dc=example,dc=com", "userPassword").getAttributeValue("userPassword"), hexOfDeletedThenAdded);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.hex,ou=People,dc=example,dc=com", "deleted-then-added"), ResultCode.SUCCESS);
assertResultCodeEquals(conn, new SimpleBindRequest("uid=added.hex,ou=People,dc=example,dc=com", "nonexistent"), ResultCode.INVALID_CREDENTIALS);
// Verify that we can't delete a password from an entry that doesn't have a
// password. Try the request first without any values to delete, and then
// with a specific value.
assertResultCodeEquals(conn, new ModifyRequest("dn: dc=example,dc=com", "changetype: modify", "delete: userPassword"), ResultCode.NO_SUCH_ATTRIBUTE);
assertResultCodeEquals(conn, new ModifyRequest("dn: dc=example,dc=com", "changetype: modify", "delete: userPassword", "userPassword: nonexistent"), ResultCode.NO_SUCH_ATTRIBUTE);
conn.close();
ds.shutDown(true);
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
ModifyRequest(com.unboundid.ldap.sdk.ModifyRequest)
AddRequest(com.unboundid.ldap.sdk.AddRequest)
Entry(com.unboundid.ldap.sdk.Entry)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
MessageDigest(java.security.MessageDigest)
File(java.io.File)
Test(org.testng.annotations.Test)
Example 14 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class InMemoryDirectoryServerPasswordEncodingTestCase method testNoPasswordAttributes.
/**
* Tests the behavior for a server configured without any password attributes.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testNoPasswordAttributes() throws Exception {
// Create an in-memory directory server instance with support for a lot of
// password encoders.
final InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=example,dc=com");
final MessageDigest sha1Digest = CryptoHelper.getMessageDigest("SHA-1");
config.setPasswordAttributes();
config.setPasswordEncoders(new ClearInMemoryPasswordEncoder("{CLEAR}", null), new ClearInMemoryPasswordEncoder("{HEX}", HexPasswordEncoderOutputFormatter.getLowercaseInstance()), new ClearInMemoryPasswordEncoder("{BASE64}", Base64PasswordEncoderOutputFormatter.getInstance()), new UnsaltedMessageDigestInMemoryPasswordEncoder("{SHA}", Base64PasswordEncoderOutputFormatter.getInstance(), sha1Digest));
assertNotNull(config.getPasswordAttributes());
assertTrue(config.getPasswordAttributes().isEmpty());
assertNotNull(config.getPrimaryPasswordEncoder());
assertNotNull(config.getSecondaryPasswordEncoders());
assertFalse(config.getSecondaryPasswordEncoders().isEmpty());
assertNotNull(config.toString());
final InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
ds.startListening();
// Add some base entries to the server.
final LDAPConnection conn = ds.getConnection();
conn.add("dn: dc=example,dc=com", "objectClass: top", "objectClass: domain", "dc: example");
conn.add("dn: ou=People,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: People");
// Add an entry with a userPassword value.
conn.add("dn: uid=test.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "userPassword: password");
// Verify that we can't perform a simple bind as the user.
assertResultCodeEquals(conn, new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com", "password"), ResultCode.INVALID_CREDENTIALS);
// Verify that we can't perform a SASL PLAIN bind as the user.
assertResultCodeEquals(conn, new PLAINBindRequest("dn:uid=test.user,ou=People,dc=example,dc=com", "password"), ResultCode.INVALID_CREDENTIALS);
// Verify that we can't perform a password modify operation on the user
// entry.
assertResultCodeEquals(conn, new PasswordModifyExtendedRequest("dn:uid=test.user,ou=People,dc=example,dc=com", null, "newPassword"), ResultCode.UNWILLING_TO_PERFORM);
conn.close();
ds.shutDown(true);
}
Also used :
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
MessageDigest(java.security.MessageDigest)
PasswordModifyExtendedRequest(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest)
Test(org.testng.annotations.Test)
Example 15 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class InMemoryOperationInterceptorTestCase method testSASLBindWithTransformations.
/**
* Tests to ensure that processing works correctly for SASL bind operations.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testSASLBindWithTransformations() throws Exception {
final LDAPConnection conn = ds.getConnection();
PLAINBindRequest bindRequest = new PLAINBindRequest("dn:cn=Directory Manager", "password");
assertResultCodeEquals(conn, bindRequest, ResultCode.SUCCESS);
bindRequest = new PLAINBindRequest("dn:cn=Directory Manager", "password", ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.ALTER_DN));
assertResultCodeEquals(conn, bindRequest, ResultCode.SUCCESS);
bindRequest = new PLAINBindRequest("dn:cn=Directory Manager", "password", ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.REJECT_REQUEST));
assertResultCodeEquals(conn, bindRequest, ResultCode.UNWILLING_TO_PERFORM);
bindRequest = new PLAINBindRequest("dn:cn=Directory Manager", "password", ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.REQUEST_RUNTIME_EXCEPTION));
assertResultCodeEquals(conn, bindRequest, ResultCode.OTHER);
bindRequest = new PLAINBindRequest("dn:cn=Directory Manager", "password", ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.ERROR_RESULT));
assertResultCodeEquals(conn, bindRequest, ResultCode.UNWILLING_TO_PERFORM);
bindRequest = new PLAINBindRequest("dn:cn=Directory Manager", "password", ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.RESULT_RUNTIME_EXCEPTION));
assertResultCodeEquals(conn, bindRequest, ResultCode.OTHER);
bindRequest = new PLAINBindRequest("dn:cn=Directory Manager", "password", ControlBasedOperationInterceptor.createControls(ControlBasedOperationInterceptor.TransformType.INJECT_INTERMEDIATE_RESPONSE));
final TestIntermediateResponseListener testIRListener = new TestIntermediateResponseListener();
bindRequest.setIntermediateResponseListener(testIRListener);
assertResultCodeEquals(conn, bindRequest, ResultCode.SUCCESS);
assertEquals(testIRListener.getCount(), 2);
conn.close();
}
Also used :
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
TestIntermediateResponseListener(com.unboundid.ldap.sdk.TestIntermediateResponseListener)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
Test(org.testng.annotations.Test)
Aggregations
PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)22
Test (org.testng.annotations.Test)18
SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)12
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)11
LDAPException (com.unboundid.ldap.sdk.LDAPException)8
BindRequest (com.unboundid.ldap.sdk.BindRequest)7
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)6
BindResult (com.unboundid.ldap.sdk.BindResult)6
CRAMMD5BindRequest (com.unboundid.ldap.sdk.CRAMMD5BindRequest)5
DN (com.unboundid.ldap.sdk.DN)5
DIGESTMD5BindRequest (com.unboundid.ldap.sdk.DIGESTMD5BindRequest)4
AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)4
Control (com.unboundid.ldap.sdk.Control)3
EXTERNALBindRequest (com.unboundid.ldap.sdk.EXTERNALBindRequest)3
ModifyRequest (com.unboundid.ldap.sdk.ModifyRequest)3
ResultCode (com.unboundid.ldap.sdk.ResultCode)3
AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)3
WhoAmIExtendedRequest (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)3
InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)2
BindResponseProtocolOp (com.unboundid.ldap.protocol.BindResponseProtocolOp)2
