Example 11 with LdapSettings
use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.
the class LdapUserAuthenticatorTest method testSyncFromLdapEntryExistingUser.
@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntryExistingUser() {
final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
final LdapEntry userEntry = new LdapEntry();
final LdapSettings ldapSettings = mock(LdapSettings.class);
when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
final HashMap<String, Object> fields = Maps.newHashMap();
fields.put("permissions", Collections.singletonList("test:permission:1234"));
when(userService.load(anyString())).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), fields));
final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
assertThat(ldapUser).isNotNull();
assertThat(ldapUser.getPermissions()).contains("test:permission:1234");
assertThat(ldapUser.isExternalUser()).isTrue();
assertThat(ldapUser.getName()).isEqualTo("user");
assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used :
User(org.graylog2.plugin.database.users.User)
UserImpl(org.graylog2.users.UserImpl)
Permissions(org.graylog2.shared.security.Permissions)
LdapEntry(org.graylog2.shared.security.ldap.LdapEntry)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)
UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet)
Test(org.junit.Test)
Example 12 with LdapSettings
use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.
the class LdapUserAuthenticatorTest method testSyncFromLdapEntry.
@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.DELETE_ALL)
public void testSyncFromLdapEntry() {
final LdapUserAuthenticator authenticator = spy(new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC));
final LdapEntry userEntry = new LdapEntry();
final LdapSettings ldapSettings = mock(LdapSettings.class);
when(ldapSettings.getDisplayNameAttribute()).thenReturn("displayName");
when(ldapSettings.getDefaultGroupId()).thenReturn("54e3deadbeefdeadbeef0001");
when(ldapSettings.getAdditionalDefaultGroupIds()).thenReturn(Collections.emptySet());
when(userService.create()).thenReturn(new UserImpl(null, new Permissions(Collections.emptySet()), Maps.newHashMap()));
final User ldapUser = authenticator.syncFromLdapEntry(userEntry, ldapSettings, "user");
assertThat(ldapUser).isNotNull();
assertThat(ldapUser.isExternalUser()).isTrue();
assertThat(ldapUser.getName()).isEqualTo("user");
assertThat(ldapUser.getEmail()).isEqualTo("user@localhost");
assertThat(ldapUser.getHashedPassword()).isEqualTo("User synced from LDAP.");
assertThat(ldapUser.getTimeZone()).isEqualTo(DateTimeZone.UTC);
assertThat(ldapUser.getRoleIds()).containsOnly("54e3deadbeefdeadbeef0001");
assertThat(ldapUser.getPermissions()).isNotEmpty();
}
Also used :
User(org.graylog2.plugin.database.users.User)
UserImpl(org.graylog2.users.UserImpl)
Permissions(org.graylog2.shared.security.Permissions)
LdapEntry(org.graylog2.shared.security.ldap.LdapEntry)
LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)
UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet)
Test(org.junit.Test)
Example 13 with LdapSettings
use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.
the class LdapUserAuthenticatorTest method setUp.
@Before
public void setUp() throws Exception {
server = getLdapServer();
final LdapConnectionConfig ldapConfig = new LdapConnectionConfig();
ldapConfig.setLdapHost("localHost");
ldapConfig.setLdapPort(server.getPort());
ldapConfig.setName(ADMIN_DN);
ldapConfig.setCredentials(ADMIN_PASSWORD);
configuration = mock(Configuration.class);
when(configuration.getPasswordSecret()).thenReturn(PASSWORD_SECRET);
ldapConnector = new LdapConnector(10000);
ldapSettingsService = mock(LdapSettingsService.class);
userService = mock(UserService.class);
ldapSettings = new LdapSettingsImpl(configuration, mock(RoleService.class));
ldapSettings.setEnabled(true);
ldapSettings.setUri(URI.create("ldap://localhost:" + server.getPort()));
ldapSettings.setUseStartTls(false);
ldapSettings.setSystemUsername(ADMIN_DN);
ldapSettings.setSystemPassword(ADMIN_PASSWORD);
ldapSettings.setSearchBase("ou=users,dc=example,dc=com");
ldapSettings.setSearchPattern("(&(objectClass=posixAccount)(uid={0}))");
ldapSettings.setDisplayNameAttribute("cn");
ldapSettings.setActiveDirectory(false);
ldapSettings.setGroupSearchBase("ou=groups,dc=example,dc=com");
ldapSettings.setGroupIdAttribute("cn");
ldapSettings.setGroupSearchPattern("(|(objectClass=groupOfNames)(objectClass=posixGroup))");
}
Also used :
LdapSettingsService(org.graylog2.security.ldap.LdapSettingsService)
Configuration(org.graylog2.Configuration)
UserService(org.graylog2.shared.users.UserService)
LdapSettingsImpl(org.graylog2.security.ldap.LdapSettingsImpl)
LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig)
LdapConnector(org.graylog2.security.ldap.LdapConnector)
Before(org.junit.Before)
Example 14 with LdapSettings
use of org.graylog2.shared.security.ldap.LdapSettings in project graylog2-server by Graylog2.
the class LdapUserAuthenticatorTest method testDoGetAuthenticationInfoDeniesEmptyPassword.
@Test
public void testDoGetAuthenticationInfoDeniesEmptyPassword() throws Exception {
final LdapUserAuthenticator authenticator = new LdapUserAuthenticator(ldapConnector, ldapSettingsService, userService, mock(RoleService.class), DateTimeZone.UTC);
when(ldapSettingsService.load()).thenReturn(ldapSettings);
assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", (char[]) null))).isNull();
assertThat(authenticator.doGetAuthenticationInfo(new UsernamePasswordToken("john", new char[0]))).isNull();
}
Also used :
RoleService(org.graylog2.users.RoleService)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.junit.Test)
Aggregations
LdapSettings (org.graylog2.shared.security.ldap.LdapSettings)10
Test (org.junit.Test)5
UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)4
User (org.graylog2.plugin.database.users.User)4
ApiOperation (io.swagger.annotations.ApiOperation)3
Path (javax.ws.rs.Path)3
LdapConnectionConfig (org.apache.directory.ldap.client.api.LdapConnectionConfig)3
RequiresPermissions (org.apache.shiro.authz.annotation.RequiresPermissions)3
NotFoundException (org.graylog2.database.NotFoundException)3
ValidationException (org.graylog2.plugin.database.ValidationException)3
LdapEntry (org.graylog2.shared.security.ldap.LdapEntry)3
UserImpl (org.graylog2.users.UserImpl)3
Consumes (javax.ws.rs.Consumes)2
PUT (javax.ws.rs.PUT)2
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2
LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)2
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)2
AuditEvent (org.graylog2.audit.jersey.AuditEvent)2
NoAuditEvent (org.graylog2.audit.jersey.NoAuditEvent)2
TrustAllX509TrustManager (org.graylog2.security.TrustAllX509TrustManager)2
