Search in sources :

Example 11 with LdapSettings

use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testSyncFromLdapEntryExistingUser.

@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntryExistingUser() {
    final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
    final LdapEntry userEntry = new LdapEntry();
    final LdapSettings ldapSettings = mock(LdapSettings.class);
    when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
    when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
    when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
    final HashMap<String, Object> fields = Maps.newHashMap();
    fields.put("permissions", Collections.singletonList("test:permission:1234"));
    when(userService.load(anyString())).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), fields));
    final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
    assertThat(ldapUser).isNotNull();
    assertThat(ldapUser.getPermissions()).contains("test:permission:1234");
    assertThat(ldapUser.isExternalUser()).isTrue();
    assertThat(ldapUser.getName()).isEqualTo("user");
    assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
    assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
    assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
    assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
    assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used : User(org.graylog2.plugin.database.users.User) UserImpl(org.graylog2.users.UserImpl) Permissions(org.graylog2.shared.security.Permissions) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings) UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet) Test(org.junit.Test)

Example 12 with LdapSettings

use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testSyncFromLdapEntry.

@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntry() {
    final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
    final LdapEntry userEntry = new LdapEntry();
    final LdapSettings ldapSettings = mock(LdapSettings.class);
    when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
    when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
    when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
    when(userService.create()).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), Maps.newHashMap()));
    final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
    assertThat(ldapUser).isNotNull();
    assertThat(ldapUser.isExternalUser()).isTrue();
    assertThat(ldapUser.getName()).isEqualTo("user");
    assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
    assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
    assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
    assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
    assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used : User(org.graylog2.plugin.database.users.User) UserImpl(org.graylog2.users.UserImpl) Permissions(org.graylog2.shared.security.Permissions) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings) UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet) Test(org.junit.Test)

Example 13 with LdapSettings

use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method setUp.

@Before
public void setUp() throws Exception {
    server = getLdapServer();
    final LdapConnectionConfig ldapConfig = new LdapConnectionConfig();
    ldapConfig.setLdapHost("localHost");
    ldapConfig.setLdapPort(server.getPort());
    ldapConfig.setName(ADMIN_DN);
    ldapConfig.setCredentials(ADMIN_PASSWORD);
    configuration = mock(Configuration.class);
    when(configuration.getPasswordSecret()).thenReturn(PASSWORD_SECRET);
    ldapConnector = new LdapConnector(10000);
    ldapSettingsService = mock(LdapSettingsService.class);
    userService = mock(UserService.class);
    ldapSettings = new LdapSettingsImpl(configuration, mock(RoleService.class));
    ldapSettings.setEnabled(true);
    ldapSettings.setUri(URI.create("ldap://localhost:" + server.getPort()));
    ldapSettings.setUseStartTls(false);
    ldapSettings.setSystemUsername(ADMIN_DN);
    ldapSettings.setSystemPassword(ADMIN_PASSWORD);
    ldapSettings.setSearchBase("ou=users,dc=example,dc=com");
    ldapSettings.setSearchPattern("(&(objectClass=posixAccount)(uid={0}))");
    ldapSettings.setDisplayNameAttribute("cn");
    ldapSettings.setActiveDirectory(false);
    ldapSettings.setGroupSearchBase("ou=groups,dc=example,dc=com");
    ldapSettings.setGroupIdAttribute("cn");
    ldapSettings.setGroupSearchPattern("(|(objectClass=groupOfNames)(objectClass=posixGroup))");
}
Also used : LdapSettingsService(org.graylog2.security.ldap.LdapSettingsService) Configuration(org.graylog2.Configuration) UserService(org.graylog2.shared.users.UserService) LdapSettingsImpl(org.graylog2.security.ldap.LdapSettingsImpl) LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig) LdapConnector(org.graylog2.security.ldap.LdapConnector) Before(org.junit.Before)

Example 14 with LdapSettings

use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.

the class LdapUserAuthenticatorTest method testDoGetAuthenticationInfoDeniesEmptyPassword.

@Test
public void testDoGetAuthenticationInfoDeniesEmptyPassword() throws Exception {
    final LdapUserAuthenticator authenticator = new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC);
    when(ldapSettingsService.load()).thenReturn(ldapSettings);
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", (char[]) null))).isNull();
    assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", new char[0]))).isNull();
}
Also used : RoleService(org.graylog2.users.RoleService) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

LdapSettings (org.graylog2.shared.security.ldap.LdapSettings)10 Test (org.junit.Test)5 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)4 User (org.graylog2.plugin.database.users.User)4 ApiOperation (io.swagger.annotations.ApiOperation)3 Path (javax.ws.rs.Path)3 LdapConnectionConfig (org.apache.directory.ldap.client.api.LdapConnectionConfig)3 RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)3 NotFoundException (org.graylog2.database.NotFoundException)3 ValidationException (org.graylog2.plugin.database.ValidationException)3 LdapEntry (org.graylog2.shared.security.ldap.LdapEntry)3 UserImpl (org.graylog2.users.UserImpl)3 Consumes (javax.ws.rs.Consumes)2 PUT (javax.ws.rs.PUT)2 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)2 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)2 AuditEvent (org.graylog2.audit.jersey.AuditEvent)2 NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)2 TrustAllX509TrustManager (org.graylog2.security.TrustAllX509TrustManager)2