Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ISPN-13355 Support Remote LDAP Server for testing purposes #9439

Merged
merged 1 commit into from Nov 5, 2021
Merged

ISPN-13355 Support Remote LDAP Server for testing purposes #9439

merged 1 commit into from Nov 5, 2021

Conversation

diegolovison
Copy link
Contributor

@diegolovison diegolovison commented Jul 9, 2021
edited

diegolovison
diegolovison commented Jul 9, 2021
View reviewed changes
server/tests/src/test/java/org/infinispan/server/test/core/ldap/README.md Outdated
mvn verify -s maven-settings.xml -pl server/tests -Dit.test="AuthorizationLDAPIT,AuthenticationImplicitIT,AuthenticationLDAPIT,AuthenticationMultiEndpointIT" -Dorg.infinispan.test.ldapServer=empty -fae
```
```
[ERROR] Tests run: 202, Failures: 14, Errors: 29, Skipped: 0
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tristantarrant why when using an LDAP server that does nothing. Do we still have test passing?
For the tests above AuthorizationLDAPIT,AuthenticationImplicitIT,AuthenticationLDAPIT,AuthenticationMultiEndpointIT, Do we still need the LDAP server?

@tristantarrant
Copy link
Member

I ran the tests with mvn verify -pl server/tests -Dit.test=AuthenticationLDAPIT -Dorg.infinispan.test.ldapServer=empty

and I got:

[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   AuthenticationLDAPIT.testReadWrite[DIGEST-MD5] » Transport org.infinispan.clie...
[ERROR]   AuthenticationLDAPIT.testReadWrite[DIGEST-SHA-256] » Transport org.infinispan....
[ERROR]   AuthenticationLDAPIT.testReadWrite[DIGEST-SHA-384] » Transport org.infinispan....
[ERROR]   AuthenticationLDAPIT.testReadWrite[DIGEST-SHA-512] » Transport org.infinispan....
[ERROR]   AuthenticationLDAPIT.testReadWrite[DIGEST-SHA] » Transport org.infinispan.clie...
[ERROR]   AuthenticationLDAPIT.testReadWrite[PLAIN] » Transport org.infinispan.client.ho...
[ERROR]   AuthenticationLDAPIT.testReadWrite[SCRAM-SHA-1] » Transport org.infinispan.cli...
[ERROR]   AuthenticationLDAPIT.testReadWrite[SCRAM-SHA-256] » Transport org.infinispan.c...
[ERROR]   AuthenticationLDAPIT.testReadWrite[SCRAM-SHA-384] » Transport org.infinispan.c...
[ERROR]   AuthenticationLDAPIT.testReadWrite[SCRAM-SHA-512] » Transport org.infinispan.c...
[INFO] 
[ERROR] Tests run: 11, Failures: 0, Errors: 10, Skipped: 0

@tristantarrant
Copy link
Member

AuthorizationLDAPIT gives me:

AuthorizationLDAPIT.testAdminAndDeployerCanManageSchema » Transport org.infini...
[ERROR]   AuthorizationLDAPIT.testAdminCanRemoveCacheWithoutRole » Transport org.infinis...
[ERROR]   AuthorizationLDAPIT.testBulkReadUsersCanQuery » Transport org.infinispan.clien...
[ERROR]   AuthorizationLDAPIT.testExecScripts » Transport org.infinispan.client.hotrod.e...
[ERROR]   AuthorizationLDAPIT.testHotRodAdminAndDeployerCanDoEverything » Transport org....
[ERROR]   AuthorizationLDAPIT.testHotRodBulkOperationsExplicit » Transport org.infinispa...
[ERROR]   AuthorizationLDAPIT.testHotRodBulkOperationsImplicit » Transport org.infinispa...
[ERROR]   AuthorizationLDAPIT.testHotRodReaderCannotWriteExplicit » Transport org.infini...
[ERROR]   AuthorizationLDAPIT.testHotRodReaderCannotWriteImplicit » Transport org.infini...
[ERROR]   AuthorizationLDAPIT.testHotRodWriterCannotReadExplicit » Transport org.infinis...
[ERROR]   AuthorizationLDAPIT.testHotRodWriterCannotReadImplicit » Transport org.infinis...
[ERROR]   AuthorizationLDAPIT.testNonBulkReadUsersCannotQuery » Transport org.infinispan...
[ERROR]   AuthorizationLDAPIT.testNonCreatorsSchema » Transport org.infinispan.client.ho...
[ERROR]   AuthorizationLDAPIT>AbstractAuthorization.testRestAdminCanDoEverything:115 » Security
[ERROR]   AuthorizationLDAPIT>AbstractAuthorization.testRestReaderCannotWriteExplicit:260->AbstractAuthorization.testRestReaderCannotWrite:264->AbstractAuthorization.restCreateAuthzCache:586 » Security
[ERROR]   AuthorizationLDAPIT>AbstractAuthorization.testRestReaderCannotWriteImplicit:255->AbstractAuthorization.testRestReaderCannotWrite:264->AbstractAuthorization.restCreateAuthzCache:586 » Security
[ERROR]   AuthorizationLDAPIT>AbstractAuthorization.testRestWriterCannotReadExplicit:217->AbstractAuthorization.testRestWriterCannotRead:221->AbstractAuthorization.restCreateAuthzCache:586 » Security
[ERROR]   AuthorizationLDAPIT>AbstractAuthorization.testRestWriterCannotReadImplicit:171->AbstractAuthorization.testRestWriterCannotRead:221->AbstractAuthorization.restCreateAuthzCache:586 » Security
[ERROR]   AuthorizationLDAPIT.testScriptUpload » Transport org.infinispan.client.hotrod....

@tristantarrant
Copy link
Member

AuthenticationImplicitIT and AuthenticationMultiEndpointIT have nothing to do with LDAP

@diegolovison
Copy link
Contributor Author

diegolovison commented Jul 26, 2021
edited

@tristantarrant in this case:

  • AuthenticationImplicitIT: can I remove .addListener(new LdapServerListener()) ?
  • AuthenticationMultiEndpointIT: can I remove .addListener(new LdapServerListener()) ?

I am assuming that all tests that contain LdapServerListener has a relationship with LDAP

@tristantarrant
Copy link
Member

Those were probably leftovers

@diegolovison
Copy link
Contributor Author

@tristantarrant I have updated the PR

Few things to have in mind:

  • Removed LdapServerListener from AuthenticationImplicitIT and AuthenticationMultiEndpointIT
  • Moved dn from infinispan-kerberos.ldif and infinispan.ldif to infinispan-dn.ldif
  • infinispan-dn.ldif is executed only for Apache LDAP Server. Keycloak Ldap has a default dn. I wasn't able to change it. This is the reason for the split.
  • ApacheLdapServer was copied from the original code.
  • LdapServerListener becomes a delegate to an LDAP Server

It is working:

  • Debug org.infinispan.server.security.authorization.AuthorizationLDAPIT#testBulkReadUsersCanQuery without any additional VM argument. It will execute with the Apache Server and the test will pass.

It is not working

I was not able to understand why

@tristantarrant
Copy link
Member

tristantarrant commented Sep 21, 2021
edited

It may depend on how the user password attribute is configured on RHDS. It may be necessary to use direct-verification instead and setting user-password-mapper.verifiable to false

@diegolovison diegolovison changed the title AbstractLdapServer ISPN-13355 Support Remote LDAP Server for testing purposes Oct 5, 2021
@diegolovison diegolovison marked this pull request as ready for review October 5, 2021 17:48
@tristantarrant tristantarrant merged commit 02323bf into infinispan:main Nov 5, 2021
@tristantarrant
Copy link
Member

Cherry-picked to 13.0.x too. Thanks @diegolovison

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@diegolovison @tristantarrant