mirror of
https://github.com/documize/community.git
synced 2025-07-25 08:09:43 +02:00
Authentication tests against LDAP and AD
This commit is contained in:
sauls8t
parent
2a2831e576
commit
e7bff0359a
2 changed files with 156 additions and 0 deletions
|
|
@ -219,3 +219,80 @@ func TestADServer_Groups(t *testing.T) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestADServer_Authenticate(t *testing.T) {
|
||||
c := lm.LDAPConfig{}
|
||||
c.ServerHost = "40.117.188.17"
|
||||
c.ServerPort = 389
|
||||
c.EncryptionType = "none"
|
||||
c.BaseDN = "DC=mycompany,DC=local"
|
||||
c.BindDN = "CN=ad-admin,CN=Users,DC=mycompany,DC=local"
|
||||
c.BindPassword = "8B5tNRLvbk8K"
|
||||
c.UserFilter = ""
|
||||
c.GroupFilter = ""
|
||||
|
||||
address := fmt.Sprintf("%s:%d", c.ServerHost, c.ServerPort)
|
||||
t.Log("Connecting to AD server", address)
|
||||
l, err := ld.Dial("tcp", address)
|
||||
if err != nil {
|
||||
t.Error("Error: unable to dial AD server: ", err.Error())
|
||||
return
|
||||
}
|
||||
defer l.Close()
|
||||
|
||||
if c.EncryptionType == "starttls" {
|
||||
t.Log("Using StartTLS with AD server")
|
||||
err = l.StartTLS(&tls.Config{InsecureSkipVerify: true})
|
||||
if err != nil {
|
||||
t.Error("Error: unable to startTLS with AD server: ", err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Authenticate with AD server using admin credentials.
|
||||
t.Log("Binding AD admin user")
|
||||
err = l.Bind(c.BindDN, c.BindPassword)
|
||||
if err != nil {
|
||||
t.Error("Error: unable to bind specified admin user to AD: ", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
username := `bob.johnson`
|
||||
password := "Pass@word1!"
|
||||
filter := fmt.Sprintf("(sAMAccountName=%s)", username)
|
||||
|
||||
searchRequest := ld.NewSearchRequest(
|
||||
c.BaseDN,
|
||||
ld.ScopeWholeSubtree, ld.NeverDerefAliases, 0, 0, false,
|
||||
filter,
|
||||
[]string{"mail"},
|
||||
nil,
|
||||
)
|
||||
|
||||
t.Log("AD search filter:", filter)
|
||||
sr, err := l.Search(searchRequest)
|
||||
if err != nil {
|
||||
t.Error("Error: unable to execute directory search: ", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if len(sr.Entries) == 0 {
|
||||
t.Error("Error: user not found")
|
||||
return
|
||||
}
|
||||
if len(sr.Entries) != 1 {
|
||||
t.Error("Error: too many users found during authentication")
|
||||
return
|
||||
}
|
||||
|
||||
userdn := sr.Entries[0].DN
|
||||
|
||||
// Bind as the user to verify their password
|
||||
err = l.Bind(userdn, password)
|
||||
if err != nil {
|
||||
t.Error("Error: invalid credentials", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
t.Log("Authenticated", username)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue