Ver Fonte

Add stronger test for LDAP_DOMAIN and LDAP_BASE_DN

This will check the perfect match between values given by user in
LDAP_DOMAIN and LDAP_BASE_DN and make the container run fail
if they do not match

Test added to check this enforcement
Olivier Bourdon há 6 anos atrás
pai
commit
ca45bbf58f
3 ficheiros alterados com 25 adições e 1 exclusões
  1. 6 1
      image/service/slapd/startup.sh
  2. 13 0
      test/test.bats
  3. 6 0
      test/test_helper.bash

+ 6 - 1
image/service/slapd/startup.sh

@@ -51,7 +51,12 @@ if [ ! -e "$FIRST_START_DONE" ]; then
 
       LDAP_BASE_DN=${LDAP_BASE_DN::-1}
     fi
-
+    # Check that LDAP_BASE_DN and LDAP_DOMAIN are in sync
+    domain_from_base_dn=$(echo $LDAP_BASE_DN | tr ',' '\n' | sed -e 's/^.*=//' | tr '\n' '.' | sed -e 's/\.$//')
+    if [ "$domain_from_base_dn" != "$LDAP_DOMAIN" ]; then
+      log-helper error "Error: domain $domain_from_base_dn derived from LDAP_BASE_DN $LDAP_BASE_DN does not match LDAP_DOMAIN $LDAP_DOMAIN"
+      exit 1
+    fi
   }
 
   function is_new_schema() {

+ 13 - 0
test/test.bats

@@ -19,6 +19,19 @@ load test_helper
 
 }
 
+@test "ldap domain with ldap base dn" {
+
+  run_image -h ldap.example.org -e LDAP_TLS=false -e LDAP_DOMAIN=example.com -e LDAP_BASE_DN="dc=example,dc=org"
+
+  sleep 2
+
+  CSTATUS=$(check_container)
+  clear_container
+
+  [ "$CSTATUS" != "running 0" ]
+
+}
+
 @test "ldapsearch database from created volumes" {
 
   rm -rf VOLUMES && mkdir -p VOLUMES/config VOLUMES/database

+ 6 - 0
test/test_helper.bash

@@ -34,6 +34,12 @@ wait_process() {
   wait_process_by_cid $CONTAINER_ID $@
 }
 
+check_container() {
+  # "Status" = "exited", and "ExitCode" != 0,
+  local CSTAT=$(docker inspect -f "{{ .State.Status }} {{ .State.ExitCode }}" $CONTAINER_ID)
+  echo "$CSTAT"
+}
+
 # generic functions
 get_container_ip_by_cid() {
   local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1)