Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve test compatibility between UnboundID and OpenLDAP #1964

Closed
7 tasks
steve-todorov opened this issue Nov 28, 2020 · 1 comment · Fixed by #1909
Closed
7 tasks

Improve test compatibility between UnboundID and OpenLDAP #1964

steve-todorov opened this issue Nov 28, 2020 · 1 comment · Fixed by #1909
Assignees
@steve-todorov

Comments

@steve-todorov
Copy link
Member

steve-todorov commented Nov 28, 2020
edited

Task Description

The default UnboundID instance provided by Spring Boot can be partially configured, but unfortunately it lacks the ability to addAdditionalBindCredentials() and import multiple LDIF files (you can define only one via spring.ldap.embedded.ldif).

Not being able to configure additional bind credentials causes conflicting configuration issues:

  1. UnboundID instance provided with Spring Boot uses manager DN uid=admin,ou=system (without base dn) and a hard-coded password - secret.
  2. OpenLDAP via docker container uses cn=admin,dc=carlspring,dc=com (including the base dn) and whatever password you define. You cannot change the managerDn since it will break startup scripts in the image and OpenLDAP won't start.

This becomes an inconvenience when having to test manually, because you are constantly going to be spending time on replacing configuration values via the UI which get lost upon every Strongbox restart (i.e. mvn spring-boot:run, ctrl + c, mvn spring-boot:run).

Using one big LDIF file is not very easy to read and making changes to it would require a full mvn clean install -Dintegration.tests to ensure all tests in all modules are working right. Separating things into one base file and additional LDIF files per test case would improve the reliability since changes would be affecting only certain test cases.

Tasks

  • Implement a new configuration class which can:
    • Set additional binding credentials via InMemoryDirectoryServerConfig.addAdditionalBindCredentials().
      Note: it's complicated to add dynamic manager credentials (i.e. the property must be a string, but also a collection, and furthermore must allow for DN:password format) which is why this is going to be hardcoded for now and improved if this ever becomes a necessity.
    • Import multiple LDIF files.
    • Check org.springframework.security.ldap.server.UnboundIdContainer and org.springframework.boot.autoconfigure.ldap.embedded.EmbeddedLdapAutoConfiguration which can be used as base for this new class.
  • Go over existing test cases and convert them to use the new configuration class - remove whatever is obsolete.
  • Align the docker-compose.yml configuration for OpenLDAP so it works agian.
  • Write a guide regarding how to test this in the README.md files for the related modules.

Task Relationships

This task:

Help
@steve-todorov steve-todorov self-assigned this Nov 28, 2020
@steve-todorov steve-todorov linked a pull request Dec 1, 2020 that will close this issue
Issue-1840: Improve password encoding support for LDAP #1909
Merged
16 tasks
@steve-todorov
Copy link
Member Author

This has been fixed as part of PR #1909.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@steve-todorov steve-todorov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue-1840: Improve password encoding support for LDAP madhukarbharti/strongbox
1 participant
@steve-todorov