1d514e5dcSNagaraju Goruganti #include "config.h" 237fb3feeSRatan Gupta #include "phosphor-ldap-config/ldap_config.hpp" 3e1f4db62SRatan Gupta #include "phosphor-ldap-config/ldap_config_mgr.hpp" 4d514e5dcSNagaraju Goruganti 5d514e5dcSNagaraju Goruganti #include <phosphor-logging/log.hpp> 6d514e5dcSNagaraju Goruganti #include <phosphor-logging/elog-errors.hpp> 7d514e5dcSNagaraju Goruganti #include <sdbusplus/bus.hpp> 8d514e5dcSNagaraju Goruganti #include <xyz/openbmc_project/Common/error.hpp> 9d514e5dcSNagaraju Goruganti #include <sdbusplus/bus.hpp> 10d514e5dcSNagaraju Goruganti #include <gmock/gmock.h> 11d514e5dcSNagaraju Goruganti #include <gtest/gtest.h> 1295a29314SRatan Gupta 1395a29314SRatan Gupta #include <filesystem> 14d514e5dcSNagaraju Goruganti #include <fstream> 15d514e5dcSNagaraju Goruganti #include <string> 16d514e5dcSNagaraju Goruganti #include <sys/types.h> 17d514e5dcSNagaraju Goruganti 18d514e5dcSNagaraju Goruganti namespace phosphor 19d514e5dcSNagaraju Goruganti { 20d514e5dcSNagaraju Goruganti namespace ldap 21d514e5dcSNagaraju Goruganti { 2295a29314SRatan Gupta namespace fs = std::filesystem; 23d514e5dcSNagaraju Goruganti namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server; 24d514e5dcSNagaraju Goruganti using Config = phosphor::ldap::Config; 2595a29314SRatan Gupta static constexpr const char* dbusPersistFile = "Config"; 26d514e5dcSNagaraju Goruganti 27d514e5dcSNagaraju Goruganti class TestLDAPConfig : public testing::Test 28d514e5dcSNagaraju Goruganti { 29d514e5dcSNagaraju Goruganti public: 30d514e5dcSNagaraju Goruganti TestLDAPConfig() : bus(sdbusplus::bus::new_default()) 31d514e5dcSNagaraju Goruganti { 32d514e5dcSNagaraju Goruganti } 33d514e5dcSNagaraju Goruganti void SetUp() override 34d514e5dcSNagaraju Goruganti { 35d514e5dcSNagaraju Goruganti using namespace phosphor::ldap; 36d514e5dcSNagaraju Goruganti char tmpldap[] = "/tmp/ldap_test.XXXXXX"; 37d514e5dcSNagaraju Goruganti dir = fs::path(mkdtemp(tmpldap)); 38d514e5dcSNagaraju Goruganti fs::path tslCacertFilePath{TLS_CACERT_FILE}; 39d514e5dcSNagaraju Goruganti tslCacertFile = tslCacertFilePath.filename().c_str(); 40d514e5dcSNagaraju Goruganti fs::path confFilePath{LDAP_CONFIG_FILE}; 41d514e5dcSNagaraju Goruganti ldapconfFile = confFilePath.filename().c_str(); 42d514e5dcSNagaraju Goruganti std::fstream fs; 43d514e5dcSNagaraju Goruganti fs.open(dir / defaultNslcdFile, std::fstream::out); 44d514e5dcSNagaraju Goruganti fs.close(); 45d514e5dcSNagaraju Goruganti fs.open(dir / nsSwitchFile, std::fstream::out); 46d514e5dcSNagaraju Goruganti fs.close(); 47d514e5dcSNagaraju Goruganti } 48d514e5dcSNagaraju Goruganti 49d514e5dcSNagaraju Goruganti void TearDown() override 50d514e5dcSNagaraju Goruganti { 51d514e5dcSNagaraju Goruganti fs::remove_all(dir); 52d514e5dcSNagaraju Goruganti } 53d514e5dcSNagaraju Goruganti 54d514e5dcSNagaraju Goruganti protected: 55d514e5dcSNagaraju Goruganti fs::path dir; 56d514e5dcSNagaraju Goruganti std::string tslCacertFile; 57d514e5dcSNagaraju Goruganti std::string ldapconfFile; 58d514e5dcSNagaraju Goruganti sdbusplus::bus::bus bus; 59d514e5dcSNagaraju Goruganti }; 60d514e5dcSNagaraju Goruganti 61d514e5dcSNagaraju Goruganti class MockConfigMgr : public phosphor::ldap::ConfigMgr 62d514e5dcSNagaraju Goruganti { 63d514e5dcSNagaraju Goruganti public: 64d514e5dcSNagaraju Goruganti MockConfigMgr(sdbusplus::bus::bus& bus, const char* path, 6595a29314SRatan Gupta const char* filePath, const char* dbusPersistentFile, 6695a29314SRatan Gupta const char* caCertFile) : 6795a29314SRatan Gupta phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile, 6895a29314SRatan Gupta caCertFile) 69d514e5dcSNagaraju Goruganti { 70d514e5dcSNagaraju Goruganti } 71d514e5dcSNagaraju Goruganti MOCK_METHOD1(restartService, void(const std::string& service)); 72d514e5dcSNagaraju Goruganti MOCK_METHOD1(stopService, void(const std::string& service)); 7327d4c011SRatan Gupta std::unique_ptr<Config>& getOpenLdapConfigPtr() 74d514e5dcSNagaraju Goruganti { 7527d4c011SRatan Gupta return openLDAPConfigPtr; 76d514e5dcSNagaraju Goruganti } 77d514e5dcSNagaraju Goruganti 783a1c2741SRatan Gupta std::string configBindPassword() 793a1c2741SRatan Gupta { 8027d4c011SRatan Gupta return getADConfigPtr()->lDAPBindPassword; 813a1c2741SRatan Gupta } 823a1c2741SRatan Gupta 8327d4c011SRatan Gupta std::unique_ptr<Config>& getADConfigPtr() 84d514e5dcSNagaraju Goruganti { 8527d4c011SRatan Gupta return ADConfigPtr; 8627d4c011SRatan Gupta } 8727d4c011SRatan Gupta void restore() 8827d4c011SRatan Gupta { 89*21e88cb5SRatan Gupta phosphor::ldap::ConfigMgr::restore(); 90d514e5dcSNagaraju Goruganti return; 91d514e5dcSNagaraju Goruganti } 92d514e5dcSNagaraju Goruganti 9327d4c011SRatan Gupta void createDefaultObjects() 9427d4c011SRatan Gupta { 9527d4c011SRatan Gupta phosphor::ldap::ConfigMgr::createDefaultObjects(); 9627d4c011SRatan Gupta } 9727d4c011SRatan Gupta 98d514e5dcSNagaraju Goruganti friend class TestLDAPConfig; 99d514e5dcSNagaraju Goruganti }; 100d514e5dcSNagaraju Goruganti 101d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testCreate) 102d514e5dcSNagaraju Goruganti { 103d514e5dcSNagaraju Goruganti auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 1043b4d06a1SNagaraju Goruganti auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 105*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 106d514e5dcSNagaraju Goruganti 107d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath)) 108d514e5dcSNagaraju Goruganti { 109d514e5dcSNagaraju Goruganti fs::remove(configFilePath); 110d514e5dcSNagaraju Goruganti } 111d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath)); 1123b4d06a1SNagaraju Goruganti MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 11395a29314SRatan Gupta dbusPersistentFilePath.c_str(), 1143b4d06a1SNagaraju Goruganti tlsCacertfile.c_str()); 11527d4c011SRatan Gupta 116ec11754bSRatan Gupta EXPECT_CALL(manager, stopService("nslcd.service")).Times(2); 1173a1c2741SRatan Gupta EXPECT_CALL(manager, restartService("nslcd.service")).Times(2); 118ec11754bSRatan Gupta EXPECT_CALL(manager, restartService("nscd.service")).Times(2); 119*21e88cb5SRatan Gupta 120aeaf9413SRatan Gupta manager.createConfig( 121aeaf9413SRatan Gupta "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp", 122aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 123aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 12427d4c011SRatan Gupta manager.getADConfigPtr()->enabled(true); 12595a29314SRatan Gupta 126ec11754bSRatan Gupta manager.createConfig("ldap://9.194.251.137/", "cn=Users", 127ec11754bSRatan Gupta "cn=Users,dc=test", "MyLdap123", 128ec11754bSRatan Gupta ldap_base::Create::SearchScope::sub, 129ec11754bSRatan Gupta ldap_base::Create::Type::OpenLdap, "uid", "gid"); 130ec11754bSRatan Gupta manager.getOpenLdapConfigPtr()->enabled(false); 131ec11754bSRatan Gupta 132ec11754bSRatan Gupta // Below setting of username/groupname attr is to make sure 133ec11754bSRatan Gupta // that in-active config should not call the start/stop service. 134ec11754bSRatan Gupta manager.getOpenLdapConfigPtr()->userNameAttribute("abc"); 135ec11754bSRatan Gupta EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc"); 136ec11754bSRatan Gupta 137ec11754bSRatan Gupta manager.getOpenLdapConfigPtr()->groupNameAttribute("def"); 138ec11754bSRatan Gupta EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def"); 139ec11754bSRatan Gupta 140d514e5dcSNagaraju Goruganti EXPECT_TRUE(fs::exists(configFilePath)); 14127d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPServerURI(), 14227d4c011SRatan Gupta "ldap://9.194.251.136/"); 14327d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com"); 14427d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp"); 14527d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPSearchScope(), 146d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::sub); 14727d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPType(), 148d514e5dcSNagaraju Goruganti ldap_base::Config::Type::ActiveDirectory); 14927d4c011SRatan Gupta 15027d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid"); 15127d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid"); 15227d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), ""); 1533a1c2741SRatan Gupta EXPECT_EQ(manager.configBindPassword(), "MyLdap12"); 1543a1c2741SRatan Gupta // change the password 15527d4c011SRatan Gupta manager.getADConfigPtr()->lDAPBindDNPassword("MyLdap14"); 15627d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), ""); 1573a1c2741SRatan Gupta EXPECT_EQ(manager.configBindPassword(), "MyLdap14"); 158d514e5dcSNagaraju Goruganti } 159d514e5dcSNagaraju Goruganti 16027d4c011SRatan Gupta TEST_F(TestLDAPConfig, testDefaultObject) 16127d4c011SRatan Gupta { 16227d4c011SRatan Gupta auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 16327d4c011SRatan Gupta auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 164*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 16527d4c011SRatan Gupta 16627d4c011SRatan Gupta if (fs::exists(configFilePath)) 16727d4c011SRatan Gupta { 16827d4c011SRatan Gupta fs::remove(configFilePath); 16927d4c011SRatan Gupta } 17027d4c011SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath)); 17127d4c011SRatan Gupta 17227d4c011SRatan Gupta MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 17327d4c011SRatan Gupta dbusPersistentFilePath.c_str(), 17427d4c011SRatan Gupta tlsCacertfile.c_str()); 17527d4c011SRatan Gupta 17627d4c011SRatan Gupta manager.createDefaultObjects(); 17727d4c011SRatan Gupta 17827d4c011SRatan Gupta EXPECT_NE(nullptr, manager.getADConfigPtr()); 17927d4c011SRatan Gupta EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr()); 18027d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->lDAPType(), 18127d4c011SRatan Gupta ldap_base::Config::Type::ActiveDirectory); 18227d4c011SRatan Gupta EXPECT_EQ(manager.getOpenLdapConfigPtr()->lDAPType(), 18327d4c011SRatan Gupta ldap_base::Config::Type::OpenLdap); 18427d4c011SRatan Gupta } 185*21e88cb5SRatan Gupta 186d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testRestores) 187d514e5dcSNagaraju Goruganti { 188d514e5dcSNagaraju Goruganti auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 1893b4d06a1SNagaraju Goruganti auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 190*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 191d514e5dcSNagaraju Goruganti 192d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath)) 193d514e5dcSNagaraju Goruganti { 194d514e5dcSNagaraju Goruganti fs::remove(configFilePath); 195d514e5dcSNagaraju Goruganti } 196d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath)); 1973b4d06a1SNagaraju Goruganti MockConfigMgr* managerPtr = new MockConfigMgr( 19895a29314SRatan Gupta bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 19995a29314SRatan Gupta dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 200*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 201*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 202*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 203aeaf9413SRatan Gupta managerPtr->createConfig( 204aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 205aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 206aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 207*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(false); 208*21e88cb5SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath)); 209*21e88cb5SRatan Gupta EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled()); 210*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true); 21195a29314SRatan Gupta 212d514e5dcSNagaraju Goruganti EXPECT_TRUE(fs::exists(configFilePath)); 213d514e5dcSNagaraju Goruganti // Restore from configFilePath 214*21e88cb5SRatan Gupta managerPtr->restore(); 215d514e5dcSNagaraju Goruganti // validate restored properties 216*21e88cb5SRatan Gupta EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled()); 217*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 218d514e5dcSNagaraju Goruganti "ldap://9.194.251.138/"); 219*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com"); 220*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp"); 221*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 222d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::sub); 223*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 224d514e5dcSNagaraju Goruganti ldap_base::Config::Type::ActiveDirectory); 225*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid"); 226*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid"); 227*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDNPassword(), ""); 2283a1c2741SRatan Gupta EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12"); 229d514e5dcSNagaraju Goruganti delete managerPtr; 230d514e5dcSNagaraju Goruganti } 231d514e5dcSNagaraju Goruganti 232d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPServerURI) 233d514e5dcSNagaraju Goruganti { 234d514e5dcSNagaraju Goruganti auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 2353b4d06a1SNagaraju Goruganti auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 236*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 2373b4d06a1SNagaraju Goruganti 238d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath)) 239d514e5dcSNagaraju Goruganti { 240d514e5dcSNagaraju Goruganti fs::remove(configFilePath); 241d514e5dcSNagaraju Goruganti } 242d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath)); 2433b4d06a1SNagaraju Goruganti MockConfigMgr* managerPtr = new MockConfigMgr( 24495a29314SRatan Gupta bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 24595a29314SRatan Gupta dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 246*21e88cb5SRatan Gupta 247*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 248*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 249*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 250d514e5dcSNagaraju Goruganti 251aeaf9413SRatan Gupta managerPtr->createConfig( 252aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 253aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 254aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 255*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true); 25695a29314SRatan Gupta 257d514e5dcSNagaraju Goruganti // Change LDAP Server URI 258*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->lDAPServerURI("ldap://9.194.251.139/"); 259*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 2603b4d06a1SNagaraju Goruganti "ldap://9.194.251.139/"); 261*21e88cb5SRatan Gupta 262*21e88cb5SRatan Gupta // Change LDAP Server URI to make it secure 2633b4d06a1SNagaraju Goruganti EXPECT_THROW( 264*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->lDAPServerURI("ldaps://9.194.251.139/"), 2653b4d06a1SNagaraju Goruganti NoCACertificate); 266d514e5dcSNagaraju Goruganti 267*21e88cb5SRatan Gupta // check once again 268*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 269*21e88cb5SRatan Gupta "ldap://9.194.251.139/"); 270*21e88cb5SRatan Gupta 271*21e88cb5SRatan Gupta managerPtr->restore(); 272d514e5dcSNagaraju Goruganti // Check LDAP Server URI 273*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 2743b4d06a1SNagaraju Goruganti "ldap://9.194.251.139/"); 275d514e5dcSNagaraju Goruganti delete managerPtr; 276d514e5dcSNagaraju Goruganti } 277d514e5dcSNagaraju Goruganti 278d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPBindDN) 279d514e5dcSNagaraju Goruganti { 280d514e5dcSNagaraju Goruganti auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 2813b4d06a1SNagaraju Goruganti auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 282*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 2833b4d06a1SNagaraju Goruganti 284d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath)) 285d514e5dcSNagaraju Goruganti { 286d514e5dcSNagaraju Goruganti fs::remove(configFilePath); 287d514e5dcSNagaraju Goruganti } 288d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath)); 2893b4d06a1SNagaraju Goruganti MockConfigMgr* managerPtr = new MockConfigMgr( 29095a29314SRatan Gupta bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 29195a29314SRatan Gupta dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 292*21e88cb5SRatan Gupta 293*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 294*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 295*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 296d514e5dcSNagaraju Goruganti 297aeaf9413SRatan Gupta managerPtr->createConfig( 298aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 299aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 300aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 301*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true); 30295a29314SRatan Gupta 303d514e5dcSNagaraju Goruganti // Change LDAP BindDN 304*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->lDAPBindDN( 305d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 306*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), 307d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 308d514e5dcSNagaraju Goruganti // Change LDAP BindDN 309d514e5dcSNagaraju Goruganti EXPECT_THROW( 310d514e5dcSNagaraju Goruganti { 311d514e5dcSNagaraju Goruganti try 312d514e5dcSNagaraju Goruganti { 313*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->lDAPBindDN(""); 314d514e5dcSNagaraju Goruganti } 315d514e5dcSNagaraju Goruganti catch (const InvalidArgument& e) 316d514e5dcSNagaraju Goruganti { 317d514e5dcSNagaraju Goruganti throw; 318d514e5dcSNagaraju Goruganti } 319d514e5dcSNagaraju Goruganti }, 320d514e5dcSNagaraju Goruganti InvalidArgument); 321d514e5dcSNagaraju Goruganti 322*21e88cb5SRatan Gupta managerPtr->restore(); 323d514e5dcSNagaraju Goruganti // Check LDAP BindDN after restoring 324*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), 325d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 326d514e5dcSNagaraju Goruganti delete managerPtr; 327d514e5dcSNagaraju Goruganti } 328d514e5dcSNagaraju Goruganti 329d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPBaseDN) 330d514e5dcSNagaraju Goruganti { 331d514e5dcSNagaraju Goruganti auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 3323b4d06a1SNagaraju Goruganti auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 333*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 3343b4d06a1SNagaraju Goruganti 335d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath)) 336d514e5dcSNagaraju Goruganti { 337d514e5dcSNagaraju Goruganti fs::remove(configFilePath); 338d514e5dcSNagaraju Goruganti } 339d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath)); 3403b4d06a1SNagaraju Goruganti MockConfigMgr* managerPtr = new MockConfigMgr( 34195a29314SRatan Gupta bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 34295a29314SRatan Gupta dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 343*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 344*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 345*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 346aeaf9413SRatan Gupta managerPtr->createConfig( 347aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 348aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 349aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 350*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true); 351d514e5dcSNagaraju Goruganti // Change LDAP BaseDN 352*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->lDAPBaseDN( 353d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 354*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), 355d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 356d514e5dcSNagaraju Goruganti // Change LDAP BaseDN 357d514e5dcSNagaraju Goruganti EXPECT_THROW( 358d514e5dcSNagaraju Goruganti { 359d514e5dcSNagaraju Goruganti try 360d514e5dcSNagaraju Goruganti { 361*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->lDAPBaseDN(""); 362d514e5dcSNagaraju Goruganti } 363d514e5dcSNagaraju Goruganti catch (const InvalidArgument& e) 364d514e5dcSNagaraju Goruganti { 365d514e5dcSNagaraju Goruganti throw; 366d514e5dcSNagaraju Goruganti } 367d514e5dcSNagaraju Goruganti }, 368d514e5dcSNagaraju Goruganti InvalidArgument); 369d514e5dcSNagaraju Goruganti 370*21e88cb5SRatan Gupta managerPtr->restore(); 371d514e5dcSNagaraju Goruganti // Check LDAP BaseDN after restoring 372*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), 373d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 374d514e5dcSNagaraju Goruganti delete managerPtr; 375d514e5dcSNagaraju Goruganti } 376d514e5dcSNagaraju Goruganti 377d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testSearchScope) 378d514e5dcSNagaraju Goruganti { 379d514e5dcSNagaraju Goruganti auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 3803b4d06a1SNagaraju Goruganti auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 381*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 3823b4d06a1SNagaraju Goruganti 383d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath)) 384d514e5dcSNagaraju Goruganti { 385d514e5dcSNagaraju Goruganti fs::remove(configFilePath); 386d514e5dcSNagaraju Goruganti } 387d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath)); 3883b4d06a1SNagaraju Goruganti MockConfigMgr* managerPtr = new MockConfigMgr( 38995a29314SRatan Gupta bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 39095a29314SRatan Gupta dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 391*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 392*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 393*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 394aeaf9413SRatan Gupta managerPtr->createConfig( 395aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 396aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 397aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 398*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true); 39995a29314SRatan Gupta 400d514e5dcSNagaraju Goruganti // Change LDAP SearchScope 401*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->lDAPSearchScope( 402d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::one); 403*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 404d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::one); 405d514e5dcSNagaraju Goruganti 406*21e88cb5SRatan Gupta managerPtr->restore(); 407d514e5dcSNagaraju Goruganti // Check LDAP SearchScope after restoring 408*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 409d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::one); 410d514e5dcSNagaraju Goruganti delete managerPtr; 411d514e5dcSNagaraju Goruganti } 412d514e5dcSNagaraju Goruganti 413d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPType) 414d514e5dcSNagaraju Goruganti { 415d514e5dcSNagaraju Goruganti auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 4163b4d06a1SNagaraju Goruganti auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 417*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 4183b4d06a1SNagaraju Goruganti 419d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath)) 420d514e5dcSNagaraju Goruganti { 421d514e5dcSNagaraju Goruganti fs::remove(configFilePath); 422d514e5dcSNagaraju Goruganti } 423d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath)); 4243b4d06a1SNagaraju Goruganti MockConfigMgr* managerPtr = new MockConfigMgr( 42595a29314SRatan Gupta bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 42695a29314SRatan Gupta dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 427*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 428*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 429*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 430aeaf9413SRatan Gupta managerPtr->createConfig( 431aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 432aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 433aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 434*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true); 43595a29314SRatan Gupta 436d514e5dcSNagaraju Goruganti // Change LDAP type 437*21e88cb5SRatan Gupta // will not be changed 438*21e88cb5SRatan Gupta EXPECT_THROW(managerPtr->getADConfigPtr()->lDAPType( 439*21e88cb5SRatan Gupta ldap_base::Config::Type::OpenLdap), 440*21e88cb5SRatan Gupta NotAllowed); 441*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 442*21e88cb5SRatan Gupta ldap_base::Config::Type::ActiveDirectory); 443d514e5dcSNagaraju Goruganti 444*21e88cb5SRatan Gupta managerPtr->restore(); 445d514e5dcSNagaraju Goruganti // Check LDAP type after restoring 446*21e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 447*21e88cb5SRatan Gupta ldap_base::Config::Type::ActiveDirectory); 448d514e5dcSNagaraju Goruganti delete managerPtr; 449d514e5dcSNagaraju Goruganti } 450*21e88cb5SRatan Gupta 451*21e88cb5SRatan Gupta TEST_F(TestLDAPConfig, filePermission) 452*21e88cb5SRatan Gupta { 453*21e88cb5SRatan Gupta auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 454*21e88cb5SRatan Gupta auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 455*21e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str()); 456*21e88cb5SRatan Gupta 457*21e88cb5SRatan Gupta if (fs::exists(configFilePath)) 458*21e88cb5SRatan Gupta { 459*21e88cb5SRatan Gupta fs::remove(configFilePath); 460*21e88cb5SRatan Gupta } 461*21e88cb5SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath)); 462*21e88cb5SRatan Gupta MockConfigMgr* managerPtr = new MockConfigMgr( 463*21e88cb5SRatan Gupta bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 464*21e88cb5SRatan Gupta dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 465*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 466*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 467*21e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 468*21e88cb5SRatan Gupta managerPtr->createConfig( 469*21e88cb5SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 470*21e88cb5SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub, 471*21e88cb5SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 472*21e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true); 473*21e88cb5SRatan Gupta 474*21e88cb5SRatan Gupta // Permission of the persistent file should be 640 475*21e88cb5SRatan Gupta // Others should not be allowed to read. 476*21e88cb5SRatan Gupta auto permission = 477*21e88cb5SRatan Gupta fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read; 478*21e88cb5SRatan Gupta auto persistFilepath = std::string(dir.c_str()); 479*21e88cb5SRatan Gupta persistFilepath += ADDbusObjectPath; 480*21e88cb5SRatan Gupta persistFilepath += "/config"; 481*21e88cb5SRatan Gupta 482*21e88cb5SRatan Gupta EXPECT_EQ(fs::status(persistFilepath).permissions(), permission); 483*21e88cb5SRatan Gupta delete managerPtr; 484*21e88cb5SRatan Gupta } 485*21e88cb5SRatan Gupta 486d514e5dcSNagaraju Goruganti } // namespace ldap 487d514e5dcSNagaraju Goruganti } // namespace phosphor 488