Merge pull request #16979 from jvlcek/bz1538813_miqldap_add_binddn_bi…

…ndpwd

Add support for bind dn and bind pwd on the command line.
(cherry picked from commit 8aea84d)

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1552785

spec/tools/miqldap_to_sssd/cli_spec.rb

@@ -20,6 +20,16 @@
       expect(opts).to eq(:basedn_domain => "example.com")
     end
 
+    it "should parse bind DN" do
+      opts = described_class.new.parse(%w(-b cn=Manager,dc=example,dc=com)).options.slice(:bind_dn)
+      expect(opts).to eq(:bind_dn => "cn=Manager,dc=example,dc=com")
+    end
+
+    it "should parse bind pwd" do
+      opts = described_class.new.parse(%w(-p password)).options.slice(:bind_pwd)
+      expect(opts).to eq(:bind_pwd => "password")
+    end
+
     it "should parse TLS cacert path and directory" do
       opts = described_class.new.parse(%w(-c /a/path/to/a/cacert)).options.slice(:tls_cacert, :tls_cacertdir)
       expect(opts).to eq(:tls_cacert => "/a/path/to/a/cacert", :tls_cacertdir => "/a/path/to/a")

spec/tools/miqldap_to_sssd/miqldap_configuration_spec.rb

@@ -4,19 +4,45 @@
 
 describe MiqLdapToSssd::MiqLdapConfiguration do
   describe '#retrieve_initial_settings' do
+    let(:settings) { {:tls_cacert => 'cert', :basedn_domain => "example.com"} }
+
     it 'raises an error when the basedn domain can not be determined' do
       expect(MiqLdapToSssd::LOGGER).to receive(:fatal)
-      subject = described_class.new(:basedn => nil, :basedn_domain => nil)
+      subject = described_class.new(settings.merge(:basedn => nil, :basedn_domain => nil))
       expect { subject.retrieve_initial_settings }.to raise_error(MiqLdapToSssd::MiqLdapConfigurationArgumentError)
     end
 
-    it 'does not modify basedn_domain if providedn' do
-      subject = described_class.new(:basedn_domain => "example.com")
+    it 'when mode is ldap and bind dn is nil raises an error' do
+      expect(MiqLdapToSssd::LOGGER).to receive(:fatal)
+      subject = described_class.new(settings.merge(:mode => 'ldap', :bind_pwd => nil))
+      expect { subject.retrieve_initial_settings }.to raise_error(MiqLdapToSssd::MiqLdapConfigurationArgumentError)
+    end
+
+    it 'when mode is ldaps and bind dn is nil does not raises an error' do
+      expect(MiqLdapToSssd::LOGGER).to_not receive(:fatal)
+      subject = described_class.new(settings.merge(:mode => 'ldaps', :bind_dn => nil))
+      expect { subject.retrieve_initial_settings }.to_not raise_error
+    end
+
+    it 'when mode is ldap and bind pwd is nil raises an error' do
+      expect(MiqLdapToSssd::LOGGER).to receive(:fatal)
+      subject = described_class.new(settings.merge(:mode => 'ldap', :bind_pwd => nil))
+      expect { subject.retrieve_initial_settings }.to raise_error(MiqLdapToSssd::MiqLdapConfigurationArgumentError)
+    end
+
+    it 'when mode is ldaps and bind pwd is nil does not raises an error' do
+      expect(MiqLdapToSssd::LOGGER).to_not receive(:fatal)
+      subject = described_class.new(settings.merge(:mode => 'ldaps', :bind_pwd => nil))
+      expect { subject.retrieve_initial_settings }.to_not raise_error
+    end
+
+    it 'does not modify basedn_domain if provided' do
+      subject = described_class.new(settings.merge(:basedn_domain => "example.com"))
       expect(subject.retrieve_initial_settings[:basedn_domain]).to eq("example.com")
     end
 
     it 'sets basedn_domain from mixed case basedn' do
-      subject = described_class.new(:basedn => "CN=Users,DC=Example,DC=COM")
+      subject = described_class.new(settings.merge(:basedn => "CN=Users,DC=Example,DC=COM"))
       expect(subject.retrieve_initial_settings[:basedn_domain]).to eq("example.com")
     end
   end

tools/miqldap_to_sssd/cli.rb

@@ -18,6 +18,18 @@ def parse(args)
             :default => nil,
             :type    => :string
 
+        opt :bind_dn,
+            "The Bind DN, credential to use to authenticate against LDAP e.g. cn=Manager,dc=example,dc=com",
+            :short   => "b",
+            :default => nil,
+            :type    => :string
+
+        opt :bind_pwd,
+            "The Base DN domain name, e.g. example.com",
+            :short   => "p",
+            :default => nil,
+            :type    => :string
+
         opt :tls_cacert,
             "Path to certificate file",
             :short   => "c",

tools/miqldap_to_sssd/miqldap_configuration.rb

@@ -6,6 +6,12 @@ class MiqLdapConfiguration
     NO_BASE_DN_DOMAIN = "Unable to determine base DN domain name\nA Base DN domain name must be " <<
                         "specified on the command line when a Base DN is not already configured.".freeze
 
+    NO_BIND_DN        = "Unable to determine bind DN\nA Bind DN must be specified on the command " <<
+                        "line when a bind DN is not already configured.".freeze
+
+    NO_BIND_PWD       = "Unable to determine bind pwd\nA Bind pwd must be specified on the command " <<
+                        "line when a bind pwd is not already configured.".freeze
+
     attr_accessor :initial_settings
 
     def initialize(options = {})
@@ -14,6 +20,8 @@ def initialize(options = {})
 
     def retrieve_initial_settings
       check_for_tls_certs
+      check_for_bind_dn
+      check_for_bind_pwd
       derive_domain
     end
 
@@ -26,6 +34,20 @@ def check_for_basedn_domain
       end
     end
 
+    def check_for_bind_dn
+      if initial_settings[:bind_dn].nil? && initial_settings[:mode] == "ldap"
+        LOGGER.fatal(NO_BIND_DN)
+        raise MiqLdapConfigurationArgumentError, NO_BIND_DN
+      end
+    end
+
+    def check_for_bind_pwd
+      if initial_settings[:bind_pwd].nil? && initial_settings[:mode] == "ldap"
+        LOGGER.fatal(NO_BIND_PWD)
+        raise MiqLdapConfigurationArgumentError, NO_BIND_PWD
+      end
+    end
+
     def check_for_tls_certs
       if initial_settings[:mode] == "ldaps" && initial_settings[:tls_cacert].nil?
         LOGGER.fatal(NO_TLS_CERTS)