Ldap hierarchy tests

infra/test-util/src/main/java/com/evolveum/midpoint/test/ldap/OpenDJController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2013 Evolveum
+ * Copyright (c) 2010-2016 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -549,6 +549,10 @@ public static String getAttributeValue(Entry response, String name) {
 		assertEquals("Too many attributes for name "+name+": ",
 				1, attrs.size());
 		Attribute attribute = attrs.get(0);
+		return getAttributeValue(attribute);
+	}
+
+	public static String getAttributeValue(Attribute attribute) {
 		return attribute.iterator().next().getValue().toString();
 	}
 
@@ -801,14 +805,28 @@ public String dumpEntries() throws DirectoryException {
 
 		StringBuilder sb = new StringBuilder();
 		for (SearchResultEntry searchEntry: op.getSearchEntries()) {
-			sb.append(searchEntry.toLDIFString());
+			sb.append(toHumanReadableLdifoid(searchEntry));
 			sb.append("\n");
 		}
 
 		return sb.toString();
 	}
 
-    public Collection<String> getGroupUniqueMembers(String groupDn) throws DirectoryException {
+    private String toHumanReadableLdifoid(Entry entry) {
+		StringBuilder sb = new StringBuilder();
+		sb.append("dn: ").append(entry.getDN()).append("\n");
+		for (Attribute attribute: entry.getAttributes()) {
+			for (AttributeValue val: attribute) {
+				sb.append(attribute.getName());
+				sb.append(": ");
+				sb.append(val);
+				sb.append("\n");
+			}
+		}
+		return sb.toString();
+	}
+
+	public Collection<String> getGroupUniqueMembers(String groupDn) throws DirectoryException {
     	Entry groupEntry = fetchEntry(groupDn);
         if (groupEntry == null) {
             throw new IllegalArgumentException(groupDn + " was not found");

testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestLdapFlat.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2016 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.evolveum.midpoint.testing.story;
+
+
+import static org.testng.AssertJUnit.assertNotNull;
+
+import java.io.File;
+
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.Entry;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.test.util.MidPointTestConstants;
+import com.evolveum.midpoint.util.exception.CommonException;
+import com.evolveum.midpoint.util.exception.CommunicationException;
+import com.evolveum.midpoint.util.exception.ConfigurationException;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.exception.SecurityViolationException;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+
+/**
+ * Flat LDAP structure. All accounts in ou=people. The organizational structure is
+ * reflected to (non-nested) LDAP groups. Users are members of the groups to reflect
+ * the orgstruct.
+ *  
+ * @author Radovan Semancik
+ *
+ */
+@ContextConfiguration(locations = {"classpath:ctx-story-test-main.xml"})
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+public class TestLdapFlat extends AbstractLdapHierarchyTest {
+
+	public static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "flat-ldap");
+
+	@Override
+	public void initSystem(Task initTask, OperationResult initResult) throws Exception {
+		super.initSystem(initTask, initResult);
+	}
+
+	@Override
+	protected File getTestDir() {
+		return TEST_DIR;
+	}
+
+	@Override
+	protected PrismObject<UserType> getAndAssertUser(String username, String directOrgGroupname, String... indirectGroupNames) throws SchemaException, CommonException, SecurityViolationException, CommunicationException, ConfigurationException, DirectoryException {
+		PrismObject<UserType> user = super.getAndAssertUser(username, directOrgGroupname, indirectGroupNames);
+		Entry accountEntry = openDJController.searchSingle("uid="+username);
+
+		Entry groupEntry = openDJController.searchSingle("cn="+directOrgGroupname);
+		assertNotNull("No group LDAP entry for "+directOrgGroupname, groupEntry);
+		openDJController.assertUniqueMember(groupEntry, accountEntry.getDN().toString());
+
+		if (indirectGroupNames != null) {
+			for (String expectedGroupName: indirectGroupNames) {
+				groupEntry = openDJController.searchSingle("cn="+expectedGroupName);
+				assertNotNull("No group LDAP entry for "+expectedGroupName, groupEntry);
+				openDJController.assertUniqueMember(groupEntry, accountEntry.getDN().toString());
+			}
+		}
+
+		return user;
+	}
+
+}

testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestLdapNested.java

@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2016 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.evolveum.midpoint.testing.story;
+
+
+import static org.testng.AssertJUnit.assertNotNull;
+
+import java.io.File;
+
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.Entry;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.task.api.Task;
+import com.evolveum.midpoint.test.util.MidPointTestConstants;
+import com.evolveum.midpoint.util.exception.CommonException;
+import com.evolveum.midpoint.util.exception.CommunicationException;
+import com.evolveum.midpoint.util.exception.ConfigurationException;
+import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.exception.SecurityViolationException;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+
+/**
+ * Semi-flat LDAP structure. All accounts in ou=people. The organizational structure is
+ * reflected to nested LDAP groups. Users are members of the groups to reflect
+ * their direct membership in orgstruct. Group are member of other groups to reflect
+ * the org tree. Not there is no structure of OUs.
+ *  
+ * @author Radovan Semancik
+ *
+ */
+@ContextConfiguration(locations = {"classpath:ctx-story-test-main.xml"})
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+public class TestLdapNested extends AbstractLdapHierarchyTest {
+
+	public static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "nested-ldap");
+
+	@Override
+	public void initSystem(Task initTask, OperationResult initResult) throws Exception {
+		super.initSystem(initTask, initResult);
+	}
+
+	@Override
+	protected File getTestDir() {
+		return TEST_DIR;
+	}
+
+	@Override
+	protected PrismObject<UserType> getAndAssertUser(String username, String directOrgGroupname, String... indirectGroupNames) throws SchemaException, CommonException, SecurityViolationException, CommunicationException, ConfigurationException, DirectoryException {
+		PrismObject<UserType> user = super.getAndAssertUser(username, directOrgGroupname, indirectGroupNames);
+		Entry accountEntry = openDJController.searchSingle("uid="+username);
+
+		Entry groupEntry = openDJController.searchSingle("cn="+directOrgGroupname);
+		assertNotNull("No group LDAP entry for "+directOrgGroupname, groupEntry);
+		openDJController.assertUniqueMember(groupEntry, accountEntry.getDN().toString());
+
+		return user;
+	}
+
+	@Override
+	protected PrismObject<OrgType> getAndAssertFunctionalOrg(String orgName, String directParentOrgOid) throws SchemaException, ObjectNotFoundException, SecurityViolationException, CommunicationException, ConfigurationException, DirectoryException {
+		PrismObject<OrgType> org = super.getAndAssertFunctionalOrg(orgName, directParentOrgOid);
+		if (directParentOrgOid != null && !ORG_TOP_OID.equals(directParentOrgOid)) {
+			Entry groupEntry = openDJController.searchSingle("cn="+orgName);
+			PrismObject<OrgType> parentOrg = getObject(OrgType.class, directParentOrgOid);
+			Entry parentGroupEntry = openDJController.searchSingle("cn="+parentOrg.getName());
+			assertNotNull("No group LDAP entry for "+parentOrg.getName(), parentGroupEntry);
+			openDJController.assertUniqueMember(parentGroupEntry, groupEntry.getDN().toString());
+		}
+		return org;
+	}
+}

testing/story/src/test/resources/flat-ldap/resource-opendj.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2065 Evolveum
+  ~ Copyright (c) 2010-2016 Evolveum
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -73,7 +73,6 @@
             <attribute>
                 <ref>ri:dn</ref>
                 <displayName>Distinguished Name</displayName>
-                <matchingRule>mr:stringIgnoreCase</matchingRule>
                 <outbound>
                     <!-- Name cannot be weak. Changes in name trigger object rename. -->
 					<source>
@@ -137,7 +136,6 @@
 
             <attribute>
                 <ref>ri:uid</ref>
-                <matchingRule>mr:stringIgnoreCase</matchingRule>
                 <outbound>
                 	<!-- This MUST be weak in case of OpenDJ. If DN (name) is changed then the uid will be changed
                 	     as a side-effect as it is a naming attribute. -->
@@ -205,7 +203,6 @@
 			<attribute>
 				<c:ref>ri:dn</c:ref>
 				<displayName>Distinguished Name</displayName>
-				<matchingRule>mr:stringIgnoreCase</matchingRule>
 				<outbound>
 					<source>
 						<c:path>$focus/name</c:path>
@@ -222,7 +219,6 @@
 			<attribute>
 				<c:ref>ri:cn</c:ref>
 				<displayName>Common Name</displayName>
-				<matchingRule>mr:stringIgnoreCase</matchingRule>
 				<outbound>
 					<source>
 						<c:path>$focus/name</c:path>

testing/story/src/test/resources/nested-ldap/org-top.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2015 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<org oid="00000000-8888-6666-0000-100000000001"
+	xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+       xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'>
+	<name>TOP</name>
+	<displayName>Top</displayName>
+	<identifier>0000</identifier>
+	<orgType>functional</orgType>
+</org>