Merge remote-tracking branch 'upstream/4.3-dev' into fix_ldap_ssl

joomla · Jan 26, 2023 · 6b60708 · 6b60708
2 parents b1030e4 + c720afa
commit 6b60708
Show file tree

Hide file tree

Showing 8 changed files with 148 additions and 76 deletions.
diff --git a/phpunit-pgsql.xml.dist b/phpunit-pgsql.xml.dist
@@ -14,5 +14,24 @@
 		<const name="JTEST_DB_NAME" value="test_joomla" />
 		<const name="JTEST_DB_USER" value="root" />
 		<const name="JTEST_DB_PASSWORD" value="joomla_ut" />
+
+		<!--ldap settings are preconfigured to work with bitnami/openldap docker image-->
+		<const name="JTEST_LDAP_HOST" value="openldap" /> <!-- to disable ldap tests: set to an empty value -->
+		<const name="JTEST_LDAP_PORT" value="1389" />
+		<const name="JTEST_LDAP_PORT_SSL" value="1636" />
+		<!--CACERTFILE path is relative to JPATH_ROOT-->
+		<const name="JTEST_LDAP_CACERTFILE" value="./tests/Codeception/_data/certs/CA.crt" />
+		<const name="JTEST_LDAP_USEV3" value="1" />
+		<const name="JTEST_LDAP_NOREFERRALS" value="1" />
+		<const name="JTEST_LDAP_BASE" value="dc=example,dc=org" />
+		<const name="JTEST_LDAP_SEARCH" value="uid=[search]" />
+		<const name="JTEST_LDAP_DIRECT_USERDN" value="cn=[username],ou=users,dc=example,dc=org" />
+		<const name="JTEST_LDAP_FULLNAME" value="cn" />
+		<const name="JTEST_LDAP_EMAIL" value="mail" />
+		<const name="JTEST_LDAP_UID" value="uid" />
+		<const name="JTEST_LDAP_SEARCH_DN" value="cn=customuser,ou=users,dc=example,dc=org" />
+		<const name="JTEST_LDAP_SEARCH_PASSWORD" value="custompassword" />
+		<const name="JTEST_LDAP_TESTUSER" value="customuser" />
+		<const name="JTEST_LDAP_TESTPASSWORD" value="custompassword" />
 	</php>
 </phpunit>
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -14,5 +14,24 @@
 		<const name="JTEST_DB_NAME" value="test_joomla" />
 		<const name="JTEST_DB_USER" value="joomla_ut" />
 		<const name="JTEST_DB_PASSWORD" value="joomla_ut" />
+
+		<!--ldap settings are preconfigured to work with bitnami/openldap docker image-->
+		<const name="JTEST_LDAP_HOST" value="openldap" /> <!-- to disable ldap tests: set to an empty value -->
+		<const name="JTEST_LDAP_PORT" value="1389" />
+		<const name="JTEST_LDAP_PORT_SSL" value="1636" />
+		<!--CACERTFILE path is relative to JPATH_ROOT-->
+		<const name="JTEST_LDAP_CACERTFILE" value="./tests/Codeception/_data/certs/CA.crt" />
+		<const name="JTEST_LDAP_USEV3" value="1" />
+		<const name="JTEST_LDAP_NOREFERRALS" value="1" />
+		<const name="JTEST_LDAP_BASE" value="dc=example,dc=org" />
+		<const name="JTEST_LDAP_SEARCH" value="uid=[search]" />
+		<const name="JTEST_LDAP_DIRECT_USERDN" value="cn=[username],ou=users,dc=example,dc=org" />
+		<const name="JTEST_LDAP_FULLNAME" value="cn" />
+		<const name="JTEST_LDAP_EMAIL" value="mail" />
+		<const name="JTEST_LDAP_UID" value="uid" />
+		<const name="JTEST_LDAP_SEARCH_DN" value="cn=customuser,ou=users,dc=example,dc=org" />
+		<const name="JTEST_LDAP_SEARCH_PASSWORD" value="custompassword" />
+		<const name="JTEST_LDAP_TESTUSER" value="customuser" />
+		<const name="JTEST_LDAP_TESTPASSWORD" value="custompassword" />
 	</php>
 </phpunit>
diff --git a/tests/Codeception/_data/certs/openldap.crt b/tests/Codeception/_data/certs/openldap.crt
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIF1zCCA7+gAwIBAgIUVO1vbw6tlI0GLCZu7yxNoDmfiSgwDQYJKoZIhvcNAQEN
+MIIF3TCCA8WgAwIBAgIUb6Wqq+KHS+eES3Ddvt2F+U8nA7owDQYJKoZIhvcNAQEN
 BQAwPDELMAkGA1UEBhMCQUExEDAOBgNVBAoMB0pvb21sYSExGzAZBgNVBAMMEkpv
-b21sYSEgVGVzdGluZyBDQTAgFw0yMjA4MjQxOTE0MzJaGA8yMDcyMDgxMTE5MTQz
-MlowMjELMAkGA1UEBhMCQUExEDAOBgNVBAoMB0pvb21sYSExETAPBgNVBAMMCG9w
+b21sYSEgVGVzdGluZyBDQTAgFw0yMjA5MTQyMTIzMzNaGA8yMDcyMDkwMTIxMjMz
+M1owMjELMAkGA1UEBhMCQUExEDAOBgNVBAoMB0pvb21sYSExETAPBgNVBAMMCG9w
 ZW5sZGFwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzN4z9Y9JUTYf
 9Bv/jqGYe3JqsUJvft32ic8+3OC/7jwuH8i1x0RvknfWR6UYL/qohfnlQY+wy+nZ
 XJ9akZ+jBTXyuSvZBihaVar0wQIBzm90Vy9dOOPTJvLSKYqFfdgxPXvpiBcNq22a
@@ -14,21 +14,21 @@ zFsrAsWBlbEoSpZnwDZshKvl1nYFIrcWVrwgskPW4Y4/NpNuM75QVwbM1gaqnVAX
 bdgllGNqsq3KpYr3E4qZmj79HjO8Z9i56TDC5e3fg2HmncppX6+Oa61nmQCJlaTB
 dI3FeN7HTJVOurirGa+Ro/UUwHVLP7yP4EIHmC1FQuvdL3YVFH09H/S4vKT6gg60
 1jTOlOE+0YlX4gQuTOefTMKIUyrquwaWnYwcgNxPL7LADYof8ITTVxc21aYrL5Gb
-OIaF15ofz2WixDEYFozbHCOMi9e5RyMCAwEAAaOB2DCB1TAJBgNVHRMEAjAAMBEG
-CWCGSAGG+EIBAQQEAwIGQDATBgNVHSUEDDAKBggrBgEFBQcDATAeBgNVHREEFzAV
-gghvcGVubGRhcIIJbG9jYWxob3N0MB0GA1UdDgQWBBSrIfqN57PP8BqrBsT70rDf
-HqUkqDBhBgNVHSMEWjBYoUCkPjA8MQswCQYDVQQGEwJBQTEQMA4GA1UECgwHSm9v
-bWxhITEbMBkGA1UEAwwSSm9vbWxhISBUZXN0aW5nIENBghRX6TGnGiRx5hnIiEXx
-shahjVbi/zANBgkqhkiG9w0BAQ0FAAOCAgEASFHgP7JZDVIBm/fMXI2cS5nPhaZN
-sMtrlBV4FinuHXDP3y2LFIyWox8NJi8PsD/31yL8fC+J4OnKXHrvJEcnkOIM9BnN
-I8avD6u3jco/52CW3kDmrA8zmxAEGUs0AyZkkeYzU/2nTHahxAMwG7HN5cPWc1gW
-Ep7647Y3qs1qOLZu82Qweaw1OExo4id/pX6ENrxrHDlVwOSC1gtIN/tex13WYdvt
-ejov71Dy6tkXVgLlViI36ajRYvlTYIca3TnCFq3WOEjQEEurSWi9dX1n/2UmAPtW
-33JD+fRr/HEFTzTGWansM/7Y4YSUi6VisNvp2SxxzQj+deGkc/mj5JqqFsNiuUTC
-szraD4aOKe9M8iv9lHiGvq0jFXuo11HluB1xlFkxOOMoAQVHFmoQBzfq+oglPjxW
-9IOBNwAwyqua82652F8KiMzBT2xBT6bkZhQjmjkJMMQ7Eo/sQ2r24mNju1sSjtkf
-ROv9bNgh0cEB/DKHoX2doBh78568iBvFxlI9yJcq9MGSUjomaYxfDNVPJDLTdUZ1
-zR0GeDqJGGQvLomX8F5YPQhALHdneAl9hlvvrEww3usiRAsmkuGFyD+3ry3qdEPK
-GJ63H/bmlCxQoIVoQv6et+PSME320gN+YD5oHgbvPsngjc0jl+QgOYJ2ybcRsPGH
-+50lsHBi/osmBz8=
+OIaF15ofz2WixDEYFozbHCOMi9e5RyMCAwEAAaOB3jCB2zAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDATBgNVHSUEDDAKBggrBgEFBQcDATAkBgNVHREEHTAb
+gghvcGVubGRhcIIJbG9jYWxob3N0hwR/AAABMB0GA1UdDgQWBBSrIfqN57PP8Bqr
+BsT70rDfHqUkqDBhBgNVHSMEWjBYoUCkPjA8MQswCQYDVQQGEwJBQTEQMA4GA1UE
+CgwHSm9vbWxhITEbMBkGA1UEAwwSSm9vbWxhISBUZXN0aW5nIENBghRX6TGnGiRx
+5hnIiEXxshahjVbi/zANBgkqhkiG9w0BAQ0FAAOCAgEASMcOIRPsR4BV0Q2Nv/OF
+EdM4xjEF+J9mLW7foncs9qOUkOsAJv3mX8pkv3pnQHKwoZmz8KGYyu+SHkfN8NdB
++wBR+qgkuASNHFJQKpBTUfb8yBVjuPOpJKsrkhfznupVYndfhx/PoSCN1Wv9wb/m
+G3ZhkP9Qc60uOXlCkRydidAxZosPtVmiVxp1T/ZOIaSrtVrZpT94E+MSJFdbQ86r
+fKmgED5oKNj2YrWybkZjJD7GfIGijqUqOO4lIml32VeZKvgnk1mLFMKMoOtXaLKt
+lTk0xScbhu8hVGzrVcjykUkRqL6aAS9c7LIY3acSFiu/s2LwglAcm0q1Sli1+2mH
++GpWgR8tm7gWzCXOtAWj34Zkh5HR+9VwX4ZuuRE5G1STHsgPxJtIJu3mKkvSUyPa
+eWBriZagYlkwc25Em6Ec+4LjgSajPz1Tf+urYI+hZUt1udloynGkCR8exSdFOVpl
+aCvHxn4rRhMzaeXT4NJ8G8VvjuDycKFEcYVLkPNgDqj+/wU5E9pKhDpO8aLgByMO
+2USp2VXc6EEbIWNb0lzpo1w7DqsJCKMKWRtzVXO66PuAZiZ6K5KVHXwlMwODnm7Y
+0Un6h1kKIElS8M1Ys8GJgrHyvmESgSCjYUJi+MnQE85Evt/6EhUj4p43G5d5YR89
+9Qr5nKZGI88JzsGcigaTW7M=
 -----END CERTIFICATE-----
diff --git a/...in/Authentication/Ldap/LdapPluginTest.php → ...in/Authentication/Ldap/LdapPluginTest.php b/...in/Authentication/Ldap/LdapPluginTest.php → ...in/Authentication/Ldap/LdapPluginTest.php
@@ -31,8 +31,8 @@
  */
 class LdapPluginTest extends UnitTestCase
 {
-    public const LDAPPORT = "1389";
-    public const SSLPORT = "1636";
+    public const LDAPPORT = JTEST_LDAP_PORT;
+    public const SSLPORT = JTEST_LDAP_PORT_SSL;
 
     /**
      * The default options
@@ -75,8 +75,10 @@ private function getPlugin($options): LdapPlugin
 
     private function acceptCertificates(): void
     {
-        ldap_set_option(null, LDAP_OPT_X_TLS_CACERTDIR, JPATH_ROOT . '/tests/Codeception/_data/certs');
-        ldap_set_option(null, LDAP_OPT_X_TLS_CACERTFILE, JPATH_ROOT . '/tests/Codeception/_data/certs/CA.crt');
+        //TODO make this (and LDAP_OPT_X_CERTFILE and LDAP_OPT_X_TLS_REQUIRE_CERT) Joomla ldap setting
+        $cert = JPATH_ROOT . '/' . JTEST_LDAP_CACERTFILE;
+        ldap_set_option(null, LDAP_OPT_X_TLS_CACERTDIR, dirname($cert));
+        ldap_set_option(null, LDAP_OPT_X_TLS_CACERTFILE, $cert);
     }
 
     private function getAdminConnection(array $options): Ldap
@@ -99,8 +101,15 @@ private function getAdminConnection(array $options): Ldap
 
     private function requireEncryption($encryption, $options): void
     {
-        $ldap = $this->getAdminConnection($options);
-        //TODO configure openldap to require the requested encryption
+        //$ldap = $this->getAdminConnection($options);
+        //TODO configure openldap (only if given permission in phpunit.xml, so people can use their own ldap server) to require the requested encryption to be sure encryption is used
+    }
+
+    private function skipIfAskedFor($options): void
+    {
+        if (empty($options["host"])) {
+            $this->markTestSkipped("No LDAP host provided, skipping test against LDAP server.");
+        }
     }
 
     /**
@@ -115,26 +124,28 @@ public function setUp(): void
         // tests are executed in parallel as root
         // setUp is executed before every test
         $this->default_options = [
-            'host' => "openldap",
+            /* fixed options for all tests */
+            'host' => JTEST_LDAP_HOST,
+            'use_ldapV3' => JTEST_LDAP_USEV3,
+            'no_referrals' => JTEST_LDAP_NOREFERRALS,
+            'base_dn' => JTEST_LDAP_BASE,
+            'search_string' => JTEST_LDAP_SEARCH,
+            'users_dn' => JTEST_LDAP_DIRECT_USERDN,
+            'username' => JTEST_LDAP_SEARCH_DN,
+            'password' => JTEST_LDAP_SEARCH_PASSWORD,
+            'ldap_fullname' => JTEST_LDAP_FULLNAME,
+            'ldap_email' => JTEST_LDAP_EMAIL,
+            'ldap_uid' => JTEST_LDAP_UID,
+            'ldap_debug' => 0,
+            /* changing options to test all code */
             'port' => self::LDAPPORT,
-            'use_ldapV3' => 1,
             'encryption' => "none",
-            'no_referrals' => 0,
             'auth_method' => "bind",
-            'base_dn' => "dc=example,dc=org",
-            'search_string' => "uid=[search]",
-            'users_dn' => "cn=[username],ou=users,dc=example,dc=org",
-            'username' => "",
-            'password' => "",
-            'ldap_fullname' => "cn",
-            'ldap_email' => "mail",
-            'ldap_uid' => "uid",
-            'ldap_debug' => 0
         ];
 
         $this->default_credentials = [
-            'username' => "customuser",
-            'password' => "custompassword",
+            'username' => JTEST_LDAP_TESTUSER,
+            'password' => JTEST_LDAP_TESTPASSWORD,
             'secretkey' => null
         ];
     }
@@ -151,17 +162,17 @@ public function tearDown(): void
     }
 
     /**
-     * @testdox  can perform an authentication using anonymous search
+     * @testdox  can perform an authentication using bind and search
      *
      * @return  void
      *
      * @since   4.3.0
      */
-    public function testOnUserAuthenticateAnonymousSearch()
+    public function testOnUserAuthenticateBindAndSearch()
     {
         $options = $this->default_options;
         $options["auth_method"] = "search";
-        $options["users_dn"] = "";
+        $this->skipIfAskedFor($options);
         $plugin = $this->getPlugin($options);
 
         $response = new AuthenticationResponse();
@@ -178,9 +189,10 @@ public function testOnUserAuthenticateAnonymousSearch()
      */
     public function testOnUserAuthenticateDirect()
     {
-        $this->markTestSkipped("Fix provided in PR #37959");
-
-        $plugin = $this->getPlugin($this->default_options);
+        $options = $this->default_options;
+        $options["auth_method"] = "bind";
+        $this->skipIfAskedFor($options);
+        $plugin = $this->getPlugin($options);
 
         $response = new AuthenticationResponse();
         $plugin->onUserAuthenticate($this->default_credentials, [], $response);
@@ -196,28 +208,32 @@ public function testOnUserAuthenticateDirect()
      */
     public function testInvalidOnUserAuthenticateDirect()
     {
-        $plugin = $this->getPlugin($this->default_options);
+        $options = $this->default_options;
+        $options["auth_method"] = "bind";
+        // this one should have the same result with or without LDAP server running
+        $plugin = $this->getPlugin($options);
+
         $credentials = $this->default_credentials;
-        $credentials['password'] = "wrongpassword";
+        $credentials['password'] = "arandomverywrongpassword_à!joqf";
 
         $response = new AuthenticationResponse();
         $plugin->onUserAuthenticate($credentials, [], $response);
         $this->assertEquals(Authentication::STATUS_FAILURE, $response->status);
     }
 
     /**
-     * @testdox  can perform an authentication using anonymous search
+     * @testdox  can perform an authentication on STARTTLS encrypted connection (using bind and search)
      *
      * @return  void
      *
      * @since   4.3.0
      */
-    public function testOnUserAuthenticateAnonymousSearchTLS()
+    public function testOnUserAuthenticateBindAndSearchTLS()
     {
         $options = $this->default_options;
         $options["auth_method"] = "search";
-        $options["users_dn"] = "";
         $options["encryption"] = "tls";
+        $this->skipIfAskedFor($options);
         $plugin = $this->getPlugin($options);
 
         $this->acceptCertificates();
@@ -229,19 +245,19 @@ public function testOnUserAuthenticateAnonymousSearchTLS()
     }
 
     /**
-     * @testdox  can perform an authentication using anonymous search
+     * @testdox  can perform an authentication on SSL/TLS encrypted connection (using bind and search)
      *
      * @return  void
      *
      * @since   4.3.0
      */
-    public function testOnUserAuthenticateAnonymousSearchSSL()
+    public function testOnUserAuthenticateBindAndSearchSSL()
     {
         $options = $this->default_options;
         $options["auth_method"] = "search";
-        $options["users_dn"] = "";
         $options["encryption"] = "ssl";
         $options["port"] = self::SSLPORT;
+        $this->skipIfAskedFor($options);
         $plugin = $this->getPlugin($options);
 
         $this->acceptCertificates();

diff --git a/tests/Integration/README.md b/tests/Integration/README.md
@@ -8,18 +8,18 @@ When you are checking out the current development branch of 4.x and run `compose
 
 1. Checkout the current Joomla 4.x development branch from Github. (https://github.com/joomla/joomla-cms.git)
 2. Run `composer install` in the root of your checkout.
-3. Copy `./phpunit.xml.dist` to `./phpunit.xml`. Edit configuration file `./phpunit.xml`. Within the `<php>` adapt
-`JTEST_DB_ENGINE`, `JTEST_DB_HOST`, `JTEST_DB_NAME`, `JTEST_DB_USER`, and `JTEST_DB_PASSWORD`
+3. Copy `./phpunit.xml.dist` to `./phpunit.xml`. Edit configuration file `./phpunit.xml`. Within the `<php>` adapt the value of
+`JTEST_DB_ENGINE` (mysqli or pgsql), `JTEST_DB_HOST`, `JTEST_DB_NAME`, `JTEST_DB_USER`, and `JTEST_DB_PASSWORD`
 to your local environment.
 ```
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit bootstrap="tests/Unit/bootstrap.php" colors="false">
 	<testsuites>
 		<testsuite name="Unit">
-			<directory suffix="Test.php">./tests/Unit/Libraries</directory>
+			<directory suffix="Test.php">./tests/Unit</directory>
 		</testsuite>
 		<testsuite name="Integration">
-			<directory suffix="Test.php">./tests/Integration/Libraries</directory>
+			<directory suffix="Test.php">./tests/Integration</directory>
 		</testsuite>
 	</testsuites>
 	<php>
@@ -28,10 +28,17 @@ to your local environment.
 		<const name="JTEST_DB_NAME" value="joomla_db" />
 		<const name="JTEST_DB_USER" value="Your DB user" />
 		<const name="JTEST_DB_PASSWORD" value="Your Password" />
+		...
 	</php>
 </phpunit>
 ```
-4. Run `./libraries/vendor/bin/phpunit --testsuite Integration`.
+4. Run an openldap docker image and/or configure the ldap settings in `./phpunit.xml`.
+   * If you set JTEST_LDAP_HOST to `localhost` (or change your hosts file so "openldap" points to the ip where the service listens for connections), the following command should give you a working configuration. If needed, replace `$(pwd)` with the path to where the docker service can access the Joomla root.
+`docker run --rm --name openldap --env LDAP_ADMIN_USERNAME=admin --env LDAP_ADMIN_PASSWORD=adminpassword --env LDAP_USERS=customuser --env LDAP_PASSWORDS=custompassword --publish 1389:1389 --publish 1636:1636 --env LDAP_ENABLE_TLS=yes --env LDAP_TLS_CERT_FILE=/opt/bitnami/certs/openldap.crt --env LDAP_TLS_KEY_FILE=/opt/bitnami/certs/openldap.key --env LDAP_TLS_CA_FILE=/opt/bitnami/certs/CA.crt --env LDAP_CONFIG_ADMIN_ENABLED=yes --env LDAP_CONFIG_ADMIN_USERNAME=admin --env LDAP_CONFIG_ADMIN_PASSWORD=configpassword --env BITNAMI_DEBUG=true -v $(pwd)/tests/Codeception/_data/certs:/opt/bitnami/certs bitnami/openldap:latest`
+   * If your ldap server supports "None", "STARTTLS" and "SSL/TLS" encryption and works with both "Bind and Search" and "Bind Directly as User" methods, you can use your own if you configure the `JTEST_LDAP_` directives in your `phpunit.xml` file according to your environment.
+   * If you do not want to run the docker openldap image and don't have an LDAP server running, you can skip the LDAP tests if you set JTEST_LDAP_HOST to an empty value.
+5. Run `./libraries/vendor/bin/phpunit --testsuite Integration`.
+
 You should now see on the command line something like this:
 
 ```
@@ -44,3 +51,5 @@ Time: 155 ms, Memory: 10.00 MB
 
 OK (8 tests, 33 assertions)
 ```
+
+If you configured your environment for the integration tests, you can run integration and unit tests at once, using `./libraries/vendor/bin/phpunit`.
diff --git a/tests/README.md b/tests/README.md
@@ -5,12 +5,16 @@ Joomla maintains a range of different methods to run automated tests on its code
 
 Unit tests
 ==========
-The unit tests are checking the specific PHP code of the Joomla framework with the help of PHPUnit. For further information on the tests and on how to run them, please check out tests/unit/README.md
+The unit tests are checking the specific PHP code of the Joomla framework with the help of PHPUnit. For further information on the tests and on how to run them, please check out [tests/Unit/README.md](Unit/README.md).
+
+Integration tests
+==========
+The integration tests are checking the parts of PHP code of the Joomla CMS that interact with external services with the help of PHPUnit. For further information on the tests and on how to run them, please check out [tests/Integration/README.md](Integration/README.md).
 
 Javascript tests
 ==========
 The javascript tests test the Joomla-specific Javascript code. For further information on the tests and on how to run them, please check out https://docs.joomla.org/Special:MyLanguage/Running_JavaScript_Tests_for_the_Joomla_CMS
 
 Codeception tests
 ==========
-The Codeception tests test the user interface in a real browser and the webservices API of Joomla with the help of Codeception. For further information on the tests and on how to run them, please check out tests/Codeception/README.md
+The Codeception tests test the user interface in a real browser and the webservices API of Joomla with the help of Codeception. For further information on the tests and on how to run them, please check out [tests/Codeception/README.md](Codeception/README.md).
diff --git a/tests/Unit/README.md b/tests/Unit/README.md
@@ -8,18 +8,4 @@ When you are checking out the current development branch of 4.x and run `compose
 
 1. Checkout the current Joomla 4.x development branch from Github. (https://github.com/joomla/joomla-cms.git)
 2. Run `composer install` in the root of your checkout.
-3. Add the file `phpunit.xml` and update the values dependent on your environment. You can use the files `phpunit.xml.dist` and/or `phpunit-pgsql.xml.dist` as an example.
-
-```
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit bootstrap="tests/Unit/bootstrap.php" colors="false">
-...
-	<php>
-		...
-		<const name="JTEST_DB_NAME" value="YOUR_DB_NAME" />
-		<const name="JTEST_DB_USER" value="YOUR_USER" />
-		<const name="JTEST_DB_PASSWORD" value="YOUR_PASSWORD" />
-	</php>
-</phpunit>
-```
-4. Run `libraries/vendor/bin/phpunit`
+3. Run `./libraries/vendor/bin/phpunit --testsuite Unit`. The configuration file phpunit.xml.dist is used if phpunit.xml does not exist, but no edits are needed for the Unit tests.
diff --git a/tests/phpunit-appveyor.xml.dist b/tests/phpunit-appveyor.xml.dist
@@ -14,5 +14,24 @@
 		<const name="JTEST_DB_NAME" value="test_joomla" />
 		<const name="JTEST_DB_USER" value="root" />
 		<const name="JTEST_DB_PASSWORD" value="Password12!" />
+
+		<!--ldap settings are preconfigured to work with bitnami/openldap docker image-->
+		<const name="JTEST_LDAP_HOST" value="openldap" /> <!-- to disable ldap tests: set to an empty value -->
+		<const name="JTEST_LDAP_PORT" value="1389" />
+		<const name="JTEST_LDAP_PORT_SSL" value="1636" />
+		<!--CACERTFILE path is relative to JPATH_ROOT-->
+		<const name="JTEST_LDAP_CACERTFILE" value="./tests/Codeception/_data/certs/CA.crt" />
+		<const name="JTEST_LDAP_USEV3" value="1" />
+		<const name="JTEST_LDAP_NOREFERRALS" value="1" />
+		<const name="JTEST_LDAP_BASE" value="dc=example,dc=org" />
+		<const name="JTEST_LDAP_SEARCH" value="uid=[search]" />
+		<const name="JTEST_LDAP_DIRECT_USERDN" value="cn=[username],ou=users,dc=example,dc=org" />
+		<const name="JTEST_LDAP_FULLNAME" value="cn" />
+		<const name="JTEST_LDAP_EMAIL" value="mail" />
+		<const name="JTEST_LDAP_UID" value="uid" />
+		<const name="JTEST_LDAP_SEARCH_DN" value="cn=customuser,ou=users,dc=example,dc=org" />
+		<const name="JTEST_LDAP_SEARCH_PASSWORD" value="custompassword" />
+		<const name="JTEST_LDAP_TESTUSER" value="customuser" />
+		<const name="JTEST_LDAP_TESTPASSWORD" value="custompassword" />
 	</php>
 </phpunit>