my $base = $ldap->{base} or die ldapserver_error('base');
$ldapname = $ldap->{user} ;
$ldappassword = $ldap->{pass} ;
+$ldap->{anonymous_bind} = 1 unless $ldapname && $ldappassword;
our %mapping = %{$ldap->{mapping}}; # FIXME dpavlin -- don't die because of || (); from 6eaf8511c70eb82d797c941ef528f4310a15e9f9
my @mapkeys = keys %mapping;
$debug and print STDERR "Got ", scalar(@mapkeys), " ldap mapkeys ( total ): ", join ' ', @mapkeys, "\n";
$userldapentry = $search->shift_entry;
}
} else {
- my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
+ my $res = ($ldap->{anonymous_bind}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
if ($res->code) { # connection refused
warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res);
return 0;
warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($user_ldap_bind_ret);
return -1;
}
+
}
# To get here, LDAP has accepted our user's login attempt.
# Variables controlling LDAP behaviour
my $desired_authentication_result = 'success';
my $desired_connection_result = 'error';
-my $desired_bind_result = 'error';
+my $desired_admin_bind_result = 'error';
my $desired_compare_result = 'error';
my $desired_search_result = 'error';
my $desired_count_result = 1;
-my $non_anonymous_bind_result = 'error';
+my $desired_bind_result = 'error';
my $ret;
# Mock the context module
$desired_authentication_result = 'success';
$anonymous_bind = 1;
- $desired_bind_result = 'error';
+ $desired_admin_bind_result = 'error';
$desired_search_result = 'error';
reload_ldap_module();
$desired_authentication_result = 'success';
$anonymous_bind = 1;
- $desired_bind_result = 'success';
+ $desired_admin_bind_result = 'success';
$desired_search_result = 'success';
$desired_count_result = 1;
- $non_anonymous_bind_result = 'success';
+ $desired_bind_result = 'success';
$update = 1;
reload_ldap_module();
'checkpw_ldap returns 0 if user lookup returns 0'
);
- $non_anonymous_bind_result = 'error';
+ $desired_bind_result = 'error';
reload_ldap_module();
warning_like {
# regression tests for bug 12831
$desired_authentication_result = 'error';
$anonymous_bind = 0;
- $desired_bind_result = 'error';
+ $desired_admin_bind_result = 'error';
$desired_search_result = 'success';
$desired_count_result = 0; # user auth problem
- $non_anonymous_bind_result = 'error';
+ $desired_bind_result = 'error';
reload_ldap_module();
warning_like {
# Anonymous bind
$anonymous_bind = 1;
- $desired_bind_result = 'error';
- $non_anonymous_bind_result = 'error';
+ $desired_admin_bind_result = 'error';
+ $desired_bind_result = 'error';
reload_ldap_module();
warning_like {
is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
$anonymous_bind = 1;
- $desired_bind_result = 'success';
- $non_anonymous_bind_result = 'success';
- $desired_compare_result = 'error';
+ $desired_admin_bind_result = 'success';
+ $desired_bind_result = 'error';
reload_ldap_module();
warning_like {
# Non-anonymous bind
$anonymous_bind = 0;
- $desired_bind_result = 'success';
- $non_anonymous_bind_result = 'error';
- $desired_compare_result = 'dont care';
+ $desired_admin_bind_result = 'error';
+ $desired_bind_result = 'error';
reload_ldap_module();
warning_like {
is( $ret, 0, 'checkpw_ldap returns 0 if bind fails' );
$anonymous_bind = 0;
- $desired_bind_result = 'success';
- $non_anonymous_bind_result = 'success';
- $desired_compare_result = 'error';
+ $desired_admin_bind_result = 'success';
+ $desired_bind_result = 'error';
reload_ldap_module();
warning_like {
my $mocked_ldap = Test::MockObject->new();
- $mocked_ldap->mock(
- 'bind',
- sub {
-
- my @args = @_;
- my $mocked_message;
-
- if ( $#args > 1 ) {
-
- # Args passed => non-anonymous bind
- if ( $non_anonymous_bind_result eq 'error' ) {
- return mock_net_ldap_message( 1, 1, 'error_name',
- 'error_text' );
- }
- else {
- return mock_net_ldap_message( 0, 0, q{}, q{} );
- }
- }
- else {
- $mocked_message = mock_net_ldap_message(
- ( $desired_bind_result eq 'error' ) ? 1 : 0, # code
- ( $desired_bind_result eq 'error' ) ? 1 : 0, # error
- ( $desired_bind_result eq 'error' )
- ? 'error_name'
- : 0, # error_name
- ( $desired_bind_result eq 'error' )
- ? 'error_text'
- : 0 # error_text
- );
- }
-
- return $mocked_message;
+ $mocked_ldap->mock( 'bind', sub {
+ if (is_admin_bind(@_)) {
+ return mock_net_ldap_message(
+ ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # code
+ ($desired_admin_bind_result eq 'error' ) ? 1 : 0, # error
+ ($desired_admin_bind_result eq 'error' ) ? 'error_name' : 0, # error_name
+ ($desired_admin_bind_result eq 'error' ) ? 'error_text' : 0 # error_text
+ );
}
- );
-
- $mocked_ldap->mock(
- 'compare',
- sub {
-
- my $mocked_message;
-
- if ( $desired_compare_result eq 'error' ) {
- $mocked_message =
- mock_net_ldap_message( 1, 1, 'error_name', 'error_text' );
- }
- else {
- # we expect return code 6 for success
- $mocked_message = mock_net_ldap_message( 6, 0, q{}, q{} );
+ else {
+ if ( $desired_bind_result eq 'error' ) {
+ return mock_net_ldap_message(1,1,'error_name','error_text');
}
-
- return $mocked_message;
+ return mock_net_ldap_message(0,0,'','');
}
- );
+ });
$mocked_ldap->mock(
'search',
return;
}
-$schema->storage->txn_rollback();
+sub is_admin_bind {
+ my @args = @_;
+
+ if ($#args <= 1 || $args[1] eq 'cn=Manager,dc=metavore,dc=com') {
+ return 1;
+ }
+
+ return 0;
+}
+
+$schema->storage->txn_rollback;
1;