From 0bc8f1656b036e247caf2d14e444044936266888 Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Sat, 17 Oct 2015 17:01:51 +0200 Subject: [PATCH] More AD conntests --- .../testing/conntest/AbstractAdLdapTest.java | 800 +++++++++--------- .../testing/conntest/AbstractLdapTest.java | 14 +- .../resources/ad-ldap/resource-localhost.xml | 15 + 3 files changed, 429 insertions(+), 400 deletions(-) diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractAdLdapTest.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractAdLdapTest.java index 2d02f9dc953..60c3d5ad655 100644 --- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractAdLdapTest.java +++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractAdLdapTest.java @@ -24,6 +24,7 @@ import java.io.File; import java.io.IOException; import java.util.Collection; +import java.util.List; import javax.xml.namespace.QName; @@ -457,408 +458,395 @@ public void test200AssignAccountBarbossa() throws Exception { assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, USER_BARBOSSA_PASSWORD); + assertAttribute(entry, "userAccountControl", "512"); + ResourceAttribute createTimestampAttribute = ShadowUtil.getAttribute(shadow, new QName(MidPointConstants.NS_RI, "createTimeStamp")); assertNotNull("No createTimestamp in "+shadow, createTimestampAttribute); Long createTimestamp = createTimestampAttribute.getRealValue(); // LDAP server may be on a different host. Allow for some clock offset. - TestUtil.assertBetween("Wrong createTimestamp in "+shadow, roundTsDown(tsStart)-1000, roundTsUp(tsEnd)+1000, createTimestamp); - } - -// @Test -// public void test210ModifyAccountBarbossaTitle() throws Exception { -// final String TEST_NAME = "test210ModifyAccountBarbossaTitle"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// ObjectDelta delta = ObjectDelta.createEmptyModifyDelta(ShadowType.class, accountBarbossaOid, prismContext); -// QName attrQName = new QName(MidPointConstants.NS_RI, "title"); -// ResourceAttributeDefinition attrDef = accountObjectClassDefinition.findAttributeDefinition(attrQName); -// PropertyDelta attrDelta = PropertyDelta.createModificationReplaceProperty( -// new ItemPath(ShadowType.F_ATTRIBUTES, attrQName), attrDef, "Captain"); -// delta.addModification(attrDelta); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// modelService.executeChanges(MiscSchemaUtil.createCollection(delta), null, task, result); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); -// assertAttribute(entry, "title", "Captain"); -// -// PrismObject user = getUser(USER_BARBOSSA_OID); -// String shadowOid = getSingleLinkOid(user); -// assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); -// } -// -// @Test -// public void test220ModifyUserBarbossaPassword() throws Exception { -// final String TEST_NAME = "test220ModifyUserBarbossaPassword"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// ProtectedStringType userPasswordPs = new ProtectedStringType(); -// userPasswordPs.setClearValue("hereThereBeMonsters"); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// modifyUserReplace(USER_BARBOSSA_OID, -// new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE), -// task, result, userPasswordPs); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); -// assertAttribute(entry, "title", "Captain"); -// assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, "hereThereBeMonsters"); -// -// PrismObject user = getUser(USER_BARBOSSA_OID); -// String shadowOid = getSingleLinkOid(user); -// assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); -// } -// -// @Test -// public void test230DisableBarbossa() throws Exception { -// final String TEST_NAME = "test230DisableBarbossa"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// modifyUserReplace(USER_BARBOSSA_OID, -// new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), -// task, result, ActivationStatusType.DISABLED); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// PrismObject user = getUser(USER_BARBOSSA_OID); -// assertAdministrativeStatus(user, ActivationStatusType.DISABLED); -// -// Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); -// assertAttribute(entry, "loginDisabled", "TRUE"); -// -// String shadowOid = getSingleLinkOid(user); -// PrismObject shadow = getObject(ShadowType.class, shadowOid); -// assertAdministrativeStatus(shadow, ActivationStatusType.DISABLED); -// } -// -// @Test -// public void test239EnableBarbossa() throws Exception { -// final String TEST_NAME = "test239EnableBarbossa"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// modifyUserReplace(USER_BARBOSSA_OID, -// new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), -// task, result, ActivationStatusType.ENABLED); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// PrismObject user = getUser(USER_BARBOSSA_OID); -// assertAdministrativeStatus(user, ActivationStatusType.ENABLED); -// -// Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); -// assertAttribute(entry, "loginDisabled", "FALSE"); -// -// String shadowOid = getSingleLinkOid(user); -// PrismObject shadow = getObject(ShadowType.class, shadowOid); -// assertAdministrativeStatus(shadow, ActivationStatusType.ENABLED); -// } -// -// -//// /** -//// * This should create account with a group. And disabled. -//// */ -//// @Test -//// public void test250AssignGuybrushPirates() throws Exception { -//// final String TEST_NAME = "test250AssignGuybrushPirates"; -//// TestUtil.displayTestTile(this, TEST_NAME); -//// -//// // GIVEN -//// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -//// OperationResult result = task.getResult(); -//// -//// modifyUserReplace(USER_GUYBRUSH_OID, -//// new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), -//// task, result, ActivationStatusType.DISABLED); -//// -//// // WHEN -//// TestUtil.displayWhen(TEST_NAME); -//// assignRole(USER_GUYBRUSH_OID, ROLE_PIRATES_OID, task, result); -//// -//// // THEN -//// TestUtil.displayThen(TEST_NAME); -//// result.computeStatus(); -//// TestUtil.assertSuccess(result); -//// -//// Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME); -//// display("Entry", entry); -//// assertAttribute(entry, "loginDisabled", "TRUE"); -//// -//// assertEDirGroupMember(entry, GROUP_PIRATES_NAME); -//// -//// PrismObject user = getUser(USER_GUYBRUSH_OID); -//// assertAdministrativeStatus(user, ActivationStatusType.DISABLED); -//// String shadowOid = getSingleLinkOid(user); -//// -//// PrismObject shadow = getObject(ShadowType.class, shadowOid); -//// IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupPiratesOid); -//// assertAdministrativeStatus(shadow, ActivationStatusType.DISABLED); -//// } -// -// @Test -// public void test260EnableGyubrush() throws Exception { -// final String TEST_NAME = "test260EnableGyubrush"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// modifyUserReplace(USER_GUYBRUSH_OID, -// new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), -// task, result, ActivationStatusType.ENABLED); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// PrismObject user = getUser(USER_GUYBRUSH_OID); -// assertAdministrativeStatus(user, ActivationStatusType.ENABLED); -// -// Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME); -// assertAttribute(entry, "loginDisabled", "FALSE"); -// -// String shadowOid = getSingleLinkOid(user); -// PrismObject shadow = getObject(ShadowType.class, shadowOid); -// assertAdministrativeStatus(shadow, ActivationStatusType.ENABLED); -// } -// -//// @Test -//// public void test300AssignBarbossaPirates() throws Exception { -//// final String TEST_NAME = "test300AssignBarbossaPirates"; -//// TestUtil.displayTestTile(this, TEST_NAME); -//// -//// // GIVEN -//// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -//// OperationResult result = task.getResult(); -//// -//// // WHEN -//// TestUtil.displayWhen(TEST_NAME); -//// assignRole(USER_BARBOSSA_OID, ROLE_PIRATES_OID, task, result); -//// -//// // THEN -//// TestUtil.displayThen(TEST_NAME); -//// result.computeStatus(); -//// TestUtil.assertSuccess(result); -//// -//// Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); -//// display("Entry", entry); -//// assertAttribute(entry, "title", "Captain"); -//// -//// assertEDirGroupMember(entry, GROUP_PIRATES_NAME); -//// -//// PrismObject user = getUser(USER_BARBOSSA_OID); -//// String shadowOid = getSingleLinkOid(user); -//// assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); -//// -//// PrismObject shadow = getObject(ShadowType.class, shadowOid); -//// IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupPiratesOid); -//// -//// } -// -// @Test -// public void test390ModifyUserBarbossaRename() throws Exception { -// final String TEST_NAME = "test390ModifyUserBarbossaRename"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// modifyUserReplace(USER_BARBOSSA_OID, UserType.F_NAME, task, result, PrismTestUtil.createPolyString(USER_CPTBARBOSSA_USERNAME)); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// Entry entry = assertLdapAccount(USER_CPTBARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); -// assertAttribute(entry, "title", "Captain"); -// -// PrismObject user = getUser(USER_BARBOSSA_OID); -// String shadowOid = getSingleLinkOid(user); -// assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); -// PrismObject shadow = getObject(ShadowType.class, shadowOid); -// display("Shadow after rename (model)", shadow); -// -// PrismObject repoShadow = repositoryService.getObject(ShadowType.class, shadowOid, null, result); -// display("Shadow after rename (repo)", repoShadow); -// -// assertNoLdapAccount(USER_BARBOSSA_USERNAME); -// } -// -// // TODO: create account with a group membership -// -// @Test -// public void test500AddOrgMeleeIsland() throws Exception { -// final String TEST_NAME = "test500AddOrgMeleeIsland"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// PrismObject org = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(OrgType.class).instantiate(); -// OrgType orgType = org.asObjectable(); -// orgType.setName(new PolyStringType(GROUP_MELEE_ISLAND_NAME)); -// AssignmentType metaroleAssignment = new AssignmentType(); -// ObjectReferenceType metaroleRef = new ObjectReferenceType(); -// metaroleRef.setOid(ROLE_META_ORG_OID); -// metaroleRef.setType(RoleType.COMPLEX_TYPE); -// metaroleAssignment.setTargetRef(metaroleRef); -// orgType.getAssignment().add(metaroleAssignment); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// addObject(org, task, result); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// orgMeleeIslandOid = org.getOid(); -// Entry entry = assertLdapGroup(GROUP_MELEE_ISLAND_NAME); -// -// org = getObject(OrgType.class, orgMeleeIslandOid); -// groupMeleeOid = getSingleLinkOid(org); -// PrismObject shadow = getShadowModel(groupMeleeOid); -// display("Shadow (model)", shadow); -// } -// -//// @Test -//// public void test510AssignGuybrushMeleeIsland() throws Exception { -//// final String TEST_NAME = "test510AssignGuybrushMeleeIsland"; -//// TestUtil.displayTestTile(this, TEST_NAME); -//// -//// // GIVEN -//// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -//// OperationResult result = task.getResult(); -//// -//// // WHEN -//// TestUtil.displayWhen(TEST_NAME); -//// assignOrg(USER_GUYBRUSH_OID, orgMeleeIslandOid, task, result); -//// -//// // THEN -//// TestUtil.displayThen(TEST_NAME); -//// result.computeStatus(); -//// TestUtil.assertSuccess(result); -//// -//// Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME); -//// -//// PrismObject user = getUser(USER_GUYBRUSH_OID); -//// String shadowOid = getSingleLinkOid(user); -//// PrismObject shadow = getShadowModel(shadowOid); -//// display("Shadow (model)", shadow); -//// -//// assertEDirGroupMember(entry, GROUP_PIRATES_NAME); -//// -//// IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupMeleeOid); -//// } -// -// -//// @Test -//// public void test890UnAssignBarbossaPirates() throws Exception { -//// final String TEST_NAME = "test890UnAssignBarbossaPirates"; -//// TestUtil.displayTestTile(this, TEST_NAME); -//// -//// // TODO: do this on another account. There is a bad interference with rename. -//// -//// // GIVEN -//// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -//// OperationResult result = task.getResult(); -//// -//// // WHEN -//// TestUtil.displayWhen(TEST_NAME); -//// unassignRole(USER_BARBOSSA_OID, ROLE_PIRATES_OID, task, result); -//// -//// // THEN -//// TestUtil.displayThen(TEST_NAME); -//// result.computeStatus(); -//// TestUtil.assertSuccess(result); -//// -//// Entry entry = assertLdapAccount(USER_CPTBARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); -//// display("Entry", entry); -//// assertAttribute(entry, "title", "Captain"); -//// -//// assertEDirNoGroupMember(entry, GROUP_PIRATES_NAME); -//// -//// PrismObject user = getUser(USER_BARBOSSA_OID); -//// String shadowOid = getSingleLinkOid(user); -//// assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); -//// -//// PrismObject shadow = getObject(ShadowType.class, shadowOid); -//// IntegrationTestTools.assertNoAssociation(shadow, getAssociationGroupQName(), groupPiratesOid); -//// -//// } -// -// @Test -// public void test899UnAssignAccountBarbossa() throws Exception { -// final String TEST_NAME = "test899UnAssignAccountBarbossa"; -// TestUtil.displayTestTile(this, TEST_NAME); -// -// // GIVEN -// Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); -// OperationResult result = task.getResult(); -// -// // WHEN -// TestUtil.displayWhen(TEST_NAME); -// unassignAccount(USER_BARBOSSA_OID, getResourceOid(), null, task, result); -// -// // THEN -// TestUtil.displayThen(TEST_NAME); -// result.computeStatus(); -// TestUtil.assertSuccess(result); -// -// assertNoLdapAccount(USER_BARBOSSA_USERNAME); -// assertNoLdapAccount(USER_CPTBARBOSSA_USERNAME); -// -// PrismObject user = getUser(USER_BARBOSSA_OID); -// assertNoLinkedAccount(user); -// } -// + TestUtil.assertBetween("Wrong createTimestamp in "+shadow, roundTsDown(tsStart)-5000, roundTsUp(tsEnd)+5000, createTimestamp); + } + + @Test + public void test210ModifyAccountBarbossaTitle() throws Exception { + final String TEST_NAME = "test210ModifyAccountBarbossaTitle"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + ObjectDelta delta = ObjectDelta.createEmptyModifyDelta(ShadowType.class, accountBarbossaOid, prismContext); + QName attrQName = new QName(MidPointConstants.NS_RI, "title"); + ResourceAttributeDefinition attrDef = accountObjectClassDefinition.findAttributeDefinition(attrQName); + PropertyDelta attrDelta = PropertyDelta.createModificationReplaceProperty( + new ItemPath(ShadowType.F_ATTRIBUTES, attrQName), attrDef, "Captain"); + delta.addModification(attrDelta); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + modelService.executeChanges(MiscSchemaUtil.createCollection(delta), null, task, result); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + assertAttribute(entry, "title", "Captain"); + assertAttribute(entry, "userAccountControl", "512"); + + PrismObject user = getUser(USER_BARBOSSA_OID); + String shadowOid = getSingleLinkOid(user); + assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); + } + + @Test + public void test220ModifyUserBarbossaPassword() throws Exception { + final String TEST_NAME = "test220ModifyUserBarbossaPassword"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + ProtectedStringType userPasswordPs = new ProtectedStringType(); + userPasswordPs.setClearValue("here.There.Be.Monsters"); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + modifyUserReplace(USER_BARBOSSA_OID, + new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE), + task, result, userPasswordPs); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + assertAttribute(entry, "title", "Captain"); + assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, "here.There.Be.Monsters"); + assertAttribute(entry, "userAccountControl", "512"); + + PrismObject user = getUser(USER_BARBOSSA_OID); + String shadowOid = getSingleLinkOid(user); + assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); + } + + @Test + public void test230DisableBarbossa() throws Exception { + final String TEST_NAME = "test230DisableBarbossa"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + modifyUserReplace(USER_BARBOSSA_OID, + new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), + task, result, ActivationStatusType.DISABLED); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + PrismObject user = getUser(USER_BARBOSSA_OID); + assertAdministrativeStatus(user, ActivationStatusType.DISABLED); + + Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + assertAttribute(entry, "userAccountControl", "514"); + + String shadowOid = getSingleLinkOid(user); + PrismObject shadow = getObject(ShadowType.class, shadowOid); + assertAdministrativeStatus(shadow, ActivationStatusType.DISABLED); + + try { + assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, "here.There.Be.Monsters"); + AssertJUnit.fail("Password authentication works, but it should fail"); + } catch (SecurityException e) { + // this is expected + } + } + + @Test + public void test239EnableBarbossa() throws Exception { + final String TEST_NAME = "test239EnableBarbossa"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + modifyUserReplace(USER_BARBOSSA_OID, + new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), + task, result, ActivationStatusType.ENABLED); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + PrismObject user = getUser(USER_BARBOSSA_OID); + assertAdministrativeStatus(user, ActivationStatusType.ENABLED); + + Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + assertAttribute(entry, "userAccountControl", "512"); + + String shadowOid = getSingleLinkOid(user); + PrismObject shadow = getObject(ShadowType.class, shadowOid); + assertAdministrativeStatus(shadow, ActivationStatusType.ENABLED); + } + + + /** + * This should create account with a group. And disabled. + */ + @Test + public void test250AssignGuybrushPirates() throws Exception { + final String TEST_NAME = "test250AssignGuybrushPirates"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + modifyUserReplace(USER_GUYBRUSH_OID, + new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), + task, result, ActivationStatusType.DISABLED); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + assignRole(USER_GUYBRUSH_OID, ROLE_PIRATES_OID, task, result); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME); + display("Entry", entry); + assertAttribute(entry, "userAccountControl", "514"); + + assertLdapGroupMember(entry, GROUP_PIRATES_NAME); + + PrismObject user = getUser(USER_GUYBRUSH_OID); + assertAdministrativeStatus(user, ActivationStatusType.DISABLED); + String shadowOid = getSingleLinkOid(user); + + PrismObject shadow = getObject(ShadowType.class, shadowOid); + IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupPiratesOid); + assertAdministrativeStatus(shadow, ActivationStatusType.DISABLED); + } + + @Test + public void test255ModifyUserGuybrushPassword() throws Exception { + final String TEST_NAME = "test255ModifyUserGuybrushPassword"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + ProtectedStringType userPasswordPs = new ProtectedStringType(); + userPasswordPs.setClearValue("wanna.be.a.123"); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + modifyUserReplace(USER_GUYBRUSH_OID, + new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE), + task, result, userPasswordPs); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME); + assertAttribute(entry, "userAccountControl", "514"); + + try { + assertLdapPassword(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME, "wanna.be.a.123"); + AssertJUnit.fail("Password authentication works, but it should fail"); + } catch (SecurityException e) { + // this is expected, account is disabled + } + } + + @Test + public void test260EnableGyubrush() throws Exception { + final String TEST_NAME = "test260EnableGyubrush"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + modifyUserReplace(USER_GUYBRUSH_OID, + new ItemPath(UserType.F_ACTIVATION, ActivationType.F_ADMINISTRATIVE_STATUS), + task, result, ActivationStatusType.ENABLED); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + PrismObject user = getUser(USER_GUYBRUSH_OID); + assertAdministrativeStatus(user, ActivationStatusType.ENABLED); + + Entry entry = assertLdapAccount(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME); + assertAttribute(entry, "userAccountControl", "512"); + + String shadowOid = getSingleLinkOid(user); + PrismObject shadow = getObject(ShadowType.class, shadowOid); + assertAdministrativeStatus(shadow, ActivationStatusType.ENABLED); + + assertLdapPassword(USER_GUYBRUSH_USERNAME, USER_GUYBRUSH_FULL_NAME, "wanna.be.a.123"); + } + + @Test + public void test300AssignBarbossaPirates() throws Exception { + final String TEST_NAME = "test300AssignBarbossaPirates"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + assignRole(USER_BARBOSSA_OID, ROLE_PIRATES_OID, task, result); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + display("Entry", entry); + assertAttribute(entry, "title", "Captain"); + + assertLdapGroupMember(entry, GROUP_PIRATES_NAME); + + PrismObject user = getUser(USER_BARBOSSA_OID); + String shadowOid = getSingleLinkOid(user); + assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); + + PrismObject shadow = getObject(ShadowType.class, shadowOid); + IntegrationTestTools.assertAssociation(shadow, getAssociationGroupQName(), groupPiratesOid); + + } + + @Test + public void test390ModifyUserBarbossaRename() throws Exception { + final String TEST_NAME = "test390ModifyUserBarbossaRename"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + ObjectDelta objectDelta = createModifyUserReplaceDelta(USER_BARBOSSA_OID, UserType.F_NAME, + PrismTestUtil.createPolyString(USER_CPTBARBOSSA_USERNAME)); + objectDelta.addModificationReplaceProperty(UserType.F_FULL_NAME, + PrismTestUtil.createPolyString(USER_CPTBARBOSSA_FULL_NAME)); + Collection> deltas = MiscSchemaUtil.createCollection(objectDelta); + + + // WHEN + TestUtil.displayWhen(TEST_NAME); + modelService.executeChanges(deltas, null, task, result); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + Entry entry = assertLdapAccount(USER_CPTBARBOSSA_USERNAME, USER_CPTBARBOSSA_FULL_NAME); + assertAttribute(entry, "title", "Captain"); + + PrismObject user = getUser(USER_BARBOSSA_OID); + String shadowOid = getSingleLinkOid(user); + assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); + PrismObject shadow = getObject(ShadowType.class, shadowOid); + display("Shadow after rename (model)", shadow); + + PrismObject repoShadow = repositoryService.getObject(ShadowType.class, shadowOid, null, result); + display("Shadow after rename (repo)", repoShadow); + + assertNoLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + } + + // TODO: create account with a group membership + + + @Test + public void test890UnAssignBarbossaPirates() throws Exception { + final String TEST_NAME = "test890UnAssignBarbossaPirates"; + TestUtil.displayTestTile(this, TEST_NAME); + + // TODO: do this on another account. There is a bad interference with rename. + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + unassignRole(USER_BARBOSSA_OID, ROLE_PIRATES_OID, task, result); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + Entry entry = assertLdapAccount(USER_CPTBARBOSSA_USERNAME, USER_CPTBARBOSSA_FULL_NAME); + display("Entry", entry); + assertAttribute(entry, "title", "Captain"); + + assertLdapNoGroupMember(entry, GROUP_PIRATES_NAME); + + PrismObject user = getUser(USER_BARBOSSA_OID); + String shadowOid = getSingleLinkOid(user); + assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); + + PrismObject shadow = getObject(ShadowType.class, shadowOid); + IntegrationTestTools.assertNoAssociation(shadow, getAssociationGroupQName(), groupPiratesOid); + + } + + @Test + public void test899UnAssignAccountBarbossa() throws Exception { + final String TEST_NAME = "test899UnAssignAccountBarbossa"; + TestUtil.displayTestTile(this, TEST_NAME); + + // GIVEN + Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME); + OperationResult result = task.getResult(); + + // WHEN + TestUtil.displayWhen(TEST_NAME); + unassignAccount(USER_BARBOSSA_OID, getResourceOid(), null, task, result); + + // THEN + TestUtil.displayThen(TEST_NAME); + result.computeStatus(); + TestUtil.assertSuccess(result); + + assertNoLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + assertNoLdapAccount(USER_CPTBARBOSSA_USERNAME, USER_CPTBARBOSSA_FULL_NAME); + + PrismObject user = getUser(USER_BARBOSSA_OID); + assertNoLinkedAccount(user); + } + @Override protected void assertAccountShadow(PrismObject shadow, String dn) throws SchemaException { @@ -876,7 +864,21 @@ protected Entry assertLdapAccount(String samAccountName, String cn) throws LdapE assertAttribute(entry, ATTRIBUTE_SAM_ACCOUNT_NAME_NAME, samAccountName); return entry; } - + + @Override + protected void assertNoLdapAccount(String uid) throws LdapException, IOException, CursorException { + throw new UnsupportedOperationException("Boom! Cannot do this here. This is bloody AD! We need full name!"); + } + + protected void assertNoLdapAccount(String uid, String cn) throws LdapException, IOException, CursorException { + LdapNetworkConnection connection = ldapConnect(); + List entriesCn = ldapSearch(connection, "(cn="+cn+")"); + List entriesSamAccountName = ldapSearch(connection, "(sAMAccountName="+uid+")"); + ldapDisconnect(connection); + + assertEquals("Unexpected number of entries for cn="+cn+": "+entriesCn, 0, entriesCn.size()); + assertEquals("Unexpected number of entries for sAMAccountName="+uid+": "+entriesSamAccountName, 0, entriesSamAccountName.size()); + } @Override protected String toAccountDn(String username) { diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java index beede9c14d0..729b76f8367 100644 --- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java +++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/AbstractLdapTest.java @@ -560,6 +560,16 @@ protected void assertNoLdapAccount(String uid) throws LdapException, IOException assertEquals("Unexpected number of entries for uid="+uid+": "+entries, 0, entries.size()); } + protected void assertLdapGroupMember(Entry accountEntry, String groupName) throws LdapException, IOException, CursorException { + Entry groupEntry = getLdapGroupByName(groupName); + assertAttributeContains(groupEntry, getLdapGroupMemberAttribute(), accountEntry.getDn().toString()); + } + + protected void assertLdapNoGroupMember(Entry accountEntry, String groupName) throws LdapException, IOException, CursorException { + Entry groupEntry = getLdapGroupByName(groupName); + assertAttributeNotContains(groupEntry, getLdapGroupMemberAttribute(), accountEntry.getDn().toString()); + } + protected List ldapSearch(LdapNetworkConnection connection, String filter) throws LdapException, CursorException { return ldapSearch(connection, getLdapSuffix(), filter, SearchScope.SUBTREE, "*", getPrimaryIdentifierAttributeName()); } @@ -717,7 +727,9 @@ public X509Certificate[] getAcceptedIssuers() { bindRequest.setCredentials(bindPassword); bindRequest.setSimple(true); BindResponse bindResponse = connection.bind(bindRequest); - assertTrue("Bind as "+bindDn+" failed: "+bindResponse.getLdapResult().getDiagnosticMessage()+" ("+bindResponse.getLdapResult().getResultCode()+")", bindResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS); + if (bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) { + throw new SecurityException("Bind as "+bindDn+" failed: "+bindResponse.getLdapResult().getDiagnosticMessage()+" ("+bindResponse.getLdapResult().getResultCode()+")"); + } LOGGER.trace("LDAP connected to {}:{}, bound as {}", getLdapServerHost(), getLdapServerPort(), bindDn); return connection; diff --git a/testing/conntest/src/test/resources/ad-ldap/resource-localhost.xml b/testing/conntest/src/test/resources/ad-ldap/resource-localhost.xml index 80071616cad..cd86c6caf3b 100644 --- a/testing/conntest/src/test/resources/ad-ldap/resource-localhost.xml +++ b/testing/conntest/src/test/resources/ad-ldap/resource-localhost.xml @@ -146,6 +146,15 @@ + + ri:pwdLastSet + + + -1 + + + + ri:createTimeStamp explicit @@ -162,6 +171,12 @@ ri:memberOf ri:dn + + + + + +