authentik.sources.ldap.tests.mock_freeipa
ldap testing utils
1"""ldap testing utils""" 2 3from ldap3 import MOCK_SYNC, OFFLINE_DS389_1_3_3, Connection, Server 4 5 6def mock_freeipa_connection(password: str) -> Connection: 7 """Create mock FreeIPA-ish connection""" 8 server = Server("my_fake_server", get_info=OFFLINE_DS389_1_3_3) 9 _pass = "foo" # noqa # nosec 10 connection = Connection( 11 server, 12 user="cn=my_user,dc=goauthentik,dc=io", 13 password=_pass, 14 client_strategy=MOCK_SYNC, 15 ) 16 # Entry for password checking 17 connection.strategy.add_entry( 18 "cn=user,ou=users,dc=goauthentik,dc=io", 19 { 20 "name": "test-user", 21 "uid": "unique-test-group", 22 "objectClass": "person", 23 "displayName": "Erin M. Hagens", 24 }, 25 ) 26 connection.strategy.add_entry( 27 "cn=group1,ou=groups,dc=goauthentik,dc=io", 28 { 29 "cn": "group1", 30 "uid": "unique-test-group", 31 "objectClass": "groupOfNames", 32 "member": ["cn=user0,ou=users,dc=goauthentik,dc=io"], 33 }, 34 ) 35 # Group without SID 36 connection.strategy.add_entry( 37 "cn=group2,ou=groups,dc=goauthentik,dc=io", 38 { 39 "cn": "group2", 40 "objectClass": "groupOfNames", 41 }, 42 ) 43 connection.strategy.add_entry( 44 "cn=user0,ou=users,dc=goauthentik,dc=io", 45 { 46 "userPassword": password, 47 "name": "user0_sn", 48 "uid": "user0_sn", 49 "objectClass": "person", 50 }, 51 ) 52 # User without SID 53 connection.strategy.add_entry( 54 "cn=user1,ou=users,dc=goauthentik,dc=io", 55 { 56 "userPassword": "test1111", 57 "name": "user1_sn", 58 "objectClass": "person", 59 }, 60 ) 61 # Duplicate users 62 connection.strategy.add_entry( 63 "cn=user2,ou=users,dc=goauthentik,dc=io", 64 { 65 "userPassword": "test2222", 66 "name": "user2_sn", 67 "uid": "unique-test2222", 68 "objectClass": "person", 69 }, 70 ) 71 connection.strategy.add_entry( 72 "cn=user3,ou=users,dc=goauthentik,dc=io", 73 { 74 "userPassword": "test2222", 75 "name": "user2_sn", 76 "uid": "unique-test2222", 77 "objectClass": "person", 78 }, 79 ) 80 # Group with posixGroup and memberUid 81 connection.strategy.add_entry( 82 "cn=group-posix,ou=groups,dc=goauthentik,dc=io", 83 { 84 "cn": "group-posix", 85 "objectClass": "posixGroup", 86 "memberUid": ["user-posix"], 87 }, 88 ) 89 # User with posixAccount 90 connection.strategy.add_entry( 91 "cn=user-posix,ou=users,dc=goauthentik,dc=io", 92 { 93 "userPassword": password, 94 "uid": "user-posix", 95 "cn": "user-posix", 96 "objectClass": "posixAccount", 97 }, 98 ) 99 # User with groups in memberOf attribute 100 connection.strategy.add_entry( 101 "cn=user4,ou=users,dc=goauthentik,dc=io", 102 { 103 "name": "user4_sn", 104 "uid": "user4_sn", 105 "objectClass": "person", 106 "memberOf": [ 107 "cn=reverse-lookup-group,ou=groups,dc=goauthentik,dc=io", 108 ], 109 }, 110 ) 111 connection.strategy.add_entry( 112 "cn=reverse-lookup-group,ou=groups,dc=goauthentik,dc=io", 113 { 114 "cn": "reverse-lookup-group", 115 "uid": "reverse-lookup-group", 116 "objectClass": "groupOfNames", 117 }, 118 ) 119 # Locked out user 120 connection.strategy.add_entry( 121 "cn=user-nsaccountlock,ou=users,dc=goauthentik,dc=io", 122 { 123 "userPassword": password, 124 "uid": "user-nsaccountlock", 125 "cn": "user-nsaccountlock", 126 "objectClass": "person", 127 "nsaccountlock": ["TRUE"], 128 }, 129 ) 130 connection.bind() 131 return connection
def
mock_freeipa_connection(password: str) -> ldap3.core.connection.Connection:
7def mock_freeipa_connection(password: str) -> Connection: 8 """Create mock FreeIPA-ish connection""" 9 server = Server("my_fake_server", get_info=OFFLINE_DS389_1_3_3) 10 _pass = "foo" # noqa # nosec 11 connection = Connection( 12 server, 13 user="cn=my_user,dc=goauthentik,dc=io", 14 password=_pass, 15 client_strategy=MOCK_SYNC, 16 ) 17 # Entry for password checking 18 connection.strategy.add_entry( 19 "cn=user,ou=users,dc=goauthentik,dc=io", 20 { 21 "name": "test-user", 22 "uid": "unique-test-group", 23 "objectClass": "person", 24 "displayName": "Erin M. Hagens", 25 }, 26 ) 27 connection.strategy.add_entry( 28 "cn=group1,ou=groups,dc=goauthentik,dc=io", 29 { 30 "cn": "group1", 31 "uid": "unique-test-group", 32 "objectClass": "groupOfNames", 33 "member": ["cn=user0,ou=users,dc=goauthentik,dc=io"], 34 }, 35 ) 36 # Group without SID 37 connection.strategy.add_entry( 38 "cn=group2,ou=groups,dc=goauthentik,dc=io", 39 { 40 "cn": "group2", 41 "objectClass": "groupOfNames", 42 }, 43 ) 44 connection.strategy.add_entry( 45 "cn=user0,ou=users,dc=goauthentik,dc=io", 46 { 47 "userPassword": password, 48 "name": "user0_sn", 49 "uid": "user0_sn", 50 "objectClass": "person", 51 }, 52 ) 53 # User without SID 54 connection.strategy.add_entry( 55 "cn=user1,ou=users,dc=goauthentik,dc=io", 56 { 57 "userPassword": "test1111", 58 "name": "user1_sn", 59 "objectClass": "person", 60 }, 61 ) 62 # Duplicate users 63 connection.strategy.add_entry( 64 "cn=user2,ou=users,dc=goauthentik,dc=io", 65 { 66 "userPassword": "test2222", 67 "name": "user2_sn", 68 "uid": "unique-test2222", 69 "objectClass": "person", 70 }, 71 ) 72 connection.strategy.add_entry( 73 "cn=user3,ou=users,dc=goauthentik,dc=io", 74 { 75 "userPassword": "test2222", 76 "name": "user2_sn", 77 "uid": "unique-test2222", 78 "objectClass": "person", 79 }, 80 ) 81 # Group with posixGroup and memberUid 82 connection.strategy.add_entry( 83 "cn=group-posix,ou=groups,dc=goauthentik,dc=io", 84 { 85 "cn": "group-posix", 86 "objectClass": "posixGroup", 87 "memberUid": ["user-posix"], 88 }, 89 ) 90 # User with posixAccount 91 connection.strategy.add_entry( 92 "cn=user-posix,ou=users,dc=goauthentik,dc=io", 93 { 94 "userPassword": password, 95 "uid": "user-posix", 96 "cn": "user-posix", 97 "objectClass": "posixAccount", 98 }, 99 ) 100 # User with groups in memberOf attribute 101 connection.strategy.add_entry( 102 "cn=user4,ou=users,dc=goauthentik,dc=io", 103 { 104 "name": "user4_sn", 105 "uid": "user4_sn", 106 "objectClass": "person", 107 "memberOf": [ 108 "cn=reverse-lookup-group,ou=groups,dc=goauthentik,dc=io", 109 ], 110 }, 111 ) 112 connection.strategy.add_entry( 113 "cn=reverse-lookup-group,ou=groups,dc=goauthentik,dc=io", 114 { 115 "cn": "reverse-lookup-group", 116 "uid": "reverse-lookup-group", 117 "objectClass": "groupOfNames", 118 }, 119 ) 120 # Locked out user 121 connection.strategy.add_entry( 122 "cn=user-nsaccountlock,ou=users,dc=goauthentik,dc=io", 123 { 124 "userPassword": password, 125 "uid": "user-nsaccountlock", 126 "cn": "user-nsaccountlock", 127 "objectClass": "person", 128 "nsaccountlock": ["TRUE"], 129 }, 130 ) 131 connection.bind() 132 return connection
Create mock FreeIPA-ish connection