[checkmk-commits] Fixed LDAP config tests

22 Oct 2018

Module: check_mk
Branch: master
Commit: 62e0166ec18db0ea0e9c7592690ff28e3cf81254
URL:   
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=62e0166ec18db0…

Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt;
Date:   Thu Oct 18 07:45:25 2018 +0200

Fixed LDAP config tests

Change-Id: I5dc40617f64b114bc7bed4e9e1ede7e1d442a996

---

 cmk/gui/plugins/userdb/ldap_connector.py         | 47 +++++++++++++++++-------
 cmk/gui/wato/pages/ldap.py                       | 25 +++++++------
 tests/unit/cmk/gui/test_userdb_ldap_connector.py |  2 +-
 3 files changed, 48 insertions(+), 26 deletions(-)

diff --git a/cmk/gui/plugins/userdb/ldap_connector.py
b/cmk/gui/plugins/userdb/ldap_connector.py
index 53c8a60..b93d433 100644
--- a/cmk/gui/plugins/userdb/ldap_connector.py
+++ b/cmk/gui/plugins/userdb/ldap_connector.py
@@ -68,7 +68,7 @@ from cmk.gui.valuespec import *
 from cmk.gui.i18n import _
 from cmk.gui.globals import html
 from cmk.gui.exceptions import MKGeneralException, MKUserError
-from . import UserConnector, user_connector_registry
+from cmk.gui.plugins.userdb.utils import UserConnector, user_connector_registry
 
 if cmk.is_managed_edition():
     import cmk.gui.cme.managed as managed
@@ -710,7 +710,7 @@ class LDAPUserConnector(UserConnector):
 
 
 
-    def _get_users(self, add_filter = ''):
+    def get_users(self, add_filter = ''):
         user_id_attr = self._user_id_attr()
 
         columns = [
@@ -750,6 +750,21 @@ class LDAPUserConnector(UserConnector):
         return result
 
 
+    def get_groups(self, specific_dn = None):
+        filt = self.ldap_filter('groups')
+        dn   = self.get_group_dn()
+
+        if specific_dn:
+            # When using AD, the groups can be filtered by the DN attribute. With
+            # e.g. OpenLDAP this is not possible. In that case, change the DN.
+            if self.is_active_directory():
+                filt = '(&%s(distinguishedName=%s))' % (filt, specific_dn)
+            else:
+                dn = specific_dn
+
+        return self._ldap_search(dn, filt, ['cn'],
self._config['group_scope'])
+
+
     # TODO: Use get_group_memberships()?
     def _get_filter_group_members(self, filter_group_dn):
         member_attr = self._member_attr().lower()
@@ -1072,7 +1087,7 @@ class LDAPUserConnector(UserConnector):
         self._logger.info('SYNC STARTED')
         self._logger.info('  SYNC PLUGINS: %s' % ',
'.join(self._config['active_plugins'].keys()))
 
-        ldap_users = self._get_users()
+        ldap_users = self.get_users()
 
         import cmk.gui.userdb as userdb # TODO: Cleanup
         users = userdb.load_users(lock = True)
@@ -2251,15 +2266,7 @@ ldap_attribute_plugins['groups_to_attributes'] = {
 #   '----------------------------------------------------------------------'
 
 def ldap_sync_groups_to_roles(connection, plugin, params, user_id, ldap_user, user):
-    import cmk.gui.userdb as userdb # TODO: Cleanup
-
-    # Load the needed LDAP groups, which match the DNs mentioned in the role sync plugin
config
-    ldap_groups = {}
-    for connection_id, group_dns in get_groups_to_fetch(connection, params).items():
-        conn = userdb.get_connection(connection_id)
-        ldap_groups.update(dict(conn.get_group_memberships(group_dns,
-                                filt_attr = 'distinguishedname',
-                                nested = params.get('nested', False))))
+    ldap_groups = fetch_needed_groups_for_groups_to_roles(connection, params)
 
     # posixGroup objects use the memberUid attribute to specify the group
     # memberships. This is the username instead of the users DN. So the
@@ -2294,7 +2301,21 @@ def ldap_sync_groups_to_roles(connection, plugin, params, user_id,
ldap_user, us
     return {'roles': list(roles)}
 
 
-def get_groups_to_fetch(connection, params):
+def fetch_needed_groups_for_groups_to_roles(connection, params):
+    import cmk.gui.userdb as userdb # TODO: Cleanup
+
+    # Load the needed LDAP groups, which match the DNs mentioned in the role sync plugin
config
+    ldap_groups = {}
+    for connection_id, group_dns in _get_groups_to_fetch(connection, params).items():
+        conn = userdb.get_connection(connection_id)
+        ldap_groups.update(dict(conn.get_group_memberships(group_dns,
+                                filt_attr = 'distinguishedname',
+                                nested = params.get('nested', False))))
+
+    return ldap_groups
+
+
+def _get_groups_to_fetch(connection, params):
     groups_to_fetch = {}
     for group_specs in params.itervalues():
         if type(group_specs) == list:
diff --git a/cmk/gui/wato/pages/ldap.py b/cmk/gui/wato/pages/ldap.py
index 638da55..d9ecb9a 100644
--- a/cmk/gui/wato/pages/ldap.py
+++ b/cmk/gui/wato/pages/ldap.py
@@ -31,6 +31,7 @@ import cmk.gui.config as config
 import cmk.gui.watolib as watolib
 import cmk.gui.userdb as userdb
 import cmk.gui.table as table
+import cmk.gui.plugins.userdb.ldap_connector
 from cmk.gui.log import logger
 from cmk.gui.htmllib import HTML
 from cmk.gui.exceptions import MKUserError
@@ -262,7 +263,7 @@ class ModeEditLDAPConnection(LDAPMode):
                           
'href="https://mathias-kettner.com/checkmk_multisite_ldap_integration.html">'
                            'LDAP Documentation</a>.'))))
         else:
-            connection = userdb.get_connection(self._connection_id)
+            connection = userdb.get_connection(self._connection_id) # type:
cmk.gui.plugins.userdb.ldap_connector.LDAPUserConnector
             for address in connection.servers():
                 html.h3("%s: %s" % (_('Server'), address))
                 table.begin('test', searchable = False)
@@ -382,22 +383,22 @@ class ModeEditLDAPConnection(LDAPMode):
         if 'groups_to_roles' not in active_plugins:
             return True, _('Skipping this test (Plugin is not enabled)')
 
+        params = active_plugins['groups_to_roles']
         connection.connect(enforce_new = True, enforce_server = address)
-        num = 0
+
+        ldap_groups =
cmk.gui.plugins.userdb.ldap_connector.fetch_needed_groups_for_groups_to_roles(connection,
params)
+
+        num_groups = 0
         for role_id, group_distinguished_names in
active_plugins['groups_to_roles'].items():
             if type(group_distinguished_names) != list:
                 group_distinguished_names = [group_distinguished_names]
 
-            for dn in group_distinguished_names:
-                if type(dn) in [ str, unicode ]:
-                    num += 1
-                    try:
-                        ldap_groups = connection.get_groups(dn)
-                        if not ldap_groups:
-                            return False, _('Could not find the group specified for
role %s') % role_id
-                    except Exception, e:
-                        return False, _('Error while fetching group for role %s:
%s') % (role_id, e)
-        return True, _('Found all %d groups.') % num
+            for dn, _search_connection_id in group_distinguished_names:
+                if dn.lower() not in ldap_groups:
+                    return False, _('Could not find the group specified for role
%s') % role_id
+
+                num_groups += 1
+        return True, _('Found all %d groups.') % num_groups
 
 
     def _valuespec(self):
diff --git a/tests/unit/cmk/gui/test_userdb_ldap_connector.py
b/tests/unit/cmk/gui/test_userdb_ldap_connector.py
index e9f8584..6d62510 100644
--- a/tests/unit/cmk/gui/test_userdb_ldap_connector.py
+++ b/tests/unit/cmk/gui/test_userdb_ldap_connector.py
@@ -353,7 +353,7 @@ def test_non_contact_attributes(mocked_ldap):
 
 
 def test_get_users(mocked_ldap):
-    users = mocked_ldap._get_users()
+    users = mocked_ldap.get_users()
     assert len(users) == 3
 
     assert u"härry" in users


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] Fixed LDAP config tests