1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
# The ldap extension tests
To ease testing LDAP-Setups we've created a vagrant-setup.
## Prerequisites
You will need [vagrant](https://www.vagrantup.com) on your box.
## Usage
To use it follow these steps:
* Create a `Vagrantfile` with the following content.
* Go to that directory and run "vagrant up"
```Vagrantfile
$setup = <<<SETUP
apt-get update
DEBIAN_FRONTEND=noninteractive aptitude install -q -y slapd ldap-utils
export SLAPPASS=`slappasswd -s password`
echo "dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=nodomain
-
replace: olcRootDN
olcRootDN: dc=admin,dc=nodomain
-
replace: olcRootPW
olcRootPW: ${SLAPPASS}" | ldapmodify -Y EXTERNAL -H ldapi:///
echo "dn: dc=nodomain
objectClass: dcObject
objectClass: organization
o: Example
dc: example
dn: ou=extldap,dc=nodomain
objectClass: organizationalUnit
ou: extldap" | ldapadd -c -x -H ldap://localhost:389 -D "dc=admin,dc=nodomain" -w password
SETUP
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.network "private_network", ip: "192.168.33.10"
config.vm.provision "shell", inline: $setup
end
```
Now you will have a virtual machine up and running on IP-Address `192.168.10.33`
listening on port 369 for incoming LDAP-connections. The machine is already
configured to execute the LDAP-Tests.
The next step is to go into the PHP-Source-directory. Configure and make the
source as appropriate.
Before running the LDAP-Tests you need to set some environment-variables:
```bash
export LDAP_TEST_PASSWD="password"
export LDAP_TEST_BASE="ou=extldap,dc=nodomain"
export LDAP_TEST_USER="dc=admin,dc=nodomain"
export LDAP_TEST_HOST=192.168.33.10
```
Now you can run the test-suite by calling `make test`. To test only the
LDAP-Tests, run `make test TESTS=ext/ldap`.
CAVEAT: The current setup does not (yet) test secure connections.
## Old README
Most tests here rely on the availability of an LDAP server configured with TLS.
### Client/Server configuration
OpenLDAP 2.4.31 has been used with the configuration below.
Notes:
1. A self signed certificate can be generated using:
```bash
openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 3650
```
It is used for testing ldap_start_tls(), which also requires
`TLS_REQCERT never` in client configuration.
2. An empty LDAP structure is required for the tests to be PASSed (except for
base and admin)
If you use a debian based distribution, prefer the use of `dpkg-reconfigure`.
Otherwise you may alter these configuration files:
#### (/etc/openldap/)slapd.conf
```txt
TLSCACertificateFile /etc/openldap/ssl/server.pem
TLSCertificateFile /etc/openldap/ssl/server.pem
TLSCertificateKeyFile /etc/openldap/ssl/server.pem
TLSVerifyClient never
# hdb is used instead of bdb as it enables the usage of referrals & aliases
database hdb
suffix "dc=my-domain,dc=com"
checkpoint 32 30
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /var/lib/openldap-data
index objectClass eq
authz-regexp
uid=Manager,cn=digest-md5,cn=auth
cn=Manager,dc=my-domain,dc=com
```
#### (/etc/openldap/)ldap.conf
```txt
TLS_REQCERT never
```
#### Tests configuration
The following environment variables may be defined:
```txt
LDAP_TEST_HOST (default: localhost) Host to connect to
LDAP_TEST_PORT (default: 389) Port to connect to
LDAP_TEST_BASE (default: dc=my-domain,dc=com) Base to use. May be the ldap root or a subtree. (ldap_search_variation6 will fail if a subtree is used)
LDAP_TEST_USER (default: cn=Manager,dc=my-domain,dc=com) DN used for binding
LDAP_TEST_SASL_USER (default: Manager) SASL user used for SASL binding
LDAP_TEST_PASSWD (default: secret) Password used for plain and SASL binding
LDAP_TEST_OPT_PROTOCOL_VERSION (default: 3) Version of LDAP protocol to use
LDAP_TEST_SKIP_BIND_FAILURE (default: true) Whether to fail the test or not in case binding fails
```
## Credits
* Davide Mendolia (idaf1er@gmail.com)
* Patrick Allaert (patrick.allaert@gmail.com)
* Côme Bernigaud (mcmic@php.net)
|
