File: testRebindOperation.py

package info (click to toggle)
python-ldap3 2.9.1-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 3,236 kB
  • sloc: python: 30,487; makefile: 3
file content (113 lines) | stat: -rw-r--r-- 5,068 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
"""
"""

# Created on 2013.06.06
#
# Author: Giovanni Cannata
#
# Copyright 2013 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.

import unittest

from ldap3 import ANONYMOUS, SASL, NTLM, DIGEST_MD5
from test.config import test_sasl_user, test_sasl_password, random_id, get_connection, drop_connection, test_sasl_realm, \
    test_server_type, test_ntlm_user, test_ntlm_password, test_secondary_user, test_secondary_password, \
    test_sasl_secondary_user, test_sasl_secondary_password, test_sasl_secondary_user_dn, test_sasl_user_dn


class Test(unittest.TestCase):
    def test_bind_clear_text_to_secondary_user(self):
        connection = get_connection()
        self.assertTrue(connection.bound)
        connection.rebind(test_secondary_user, test_secondary_password)
        if test_server_type == 'EDIR':
            bound_dn = connection.extend.novell.get_bind_dn()
        else:
            bound_dn = connection.extend.standard.who_am_i()

        if bound_dn:
            if '\\' in bound_dn:  # for Active Directory
                domain, _, name = bound_dn.replace('u:', '').partition('\\')
                self.assertTrue(domain in test_secondary_user)
                self.assertTrue(name in test_secondary_user)
            else:
                self.assertTrue(test_secondary_user in bound_dn)
        else:
            self.fail('no user dn in extended response')

        drop_connection(connection)
        self.assertFalse(connection.bound)

    def test_bind_anonymous_to_secondary_user(self):
        connection = get_connection(bind=True, lazy_connection=False, authentication=ANONYMOUS)
        self.assertTrue(connection.bound)
        connection.rebind(test_secondary_user, test_secondary_password)
        if test_server_type == 'EDIR':
            bound_dn = connection.extend.novell.get_bind_dn()
        else:
            bound_dn = connection.extend.standard.who_am_i()

        if bound_dn:
            if '\\' in bound_dn:  # for Active Directory
                domain, _, name = bound_dn.replace('u:', '').partition('\\')
                self.assertTrue(domain in test_secondary_user)
                self.assertTrue(name in test_secondary_user)
            else:
                self.assertTrue(test_secondary_user in bound_dn)
        else:
            self.fail('no user dn in extended response')

        drop_connection(connection)
        self.assertFalse(connection.bound)

    def test_bind_sasl_digest_md5_to_secondary_sasl_user(self):
        if test_server_type not in ['AD', 'SLAPD']:
            connection = get_connection(bind=False, authentication=SASL, sasl_mechanism=DIGEST_MD5, sasl_credentials=(test_sasl_realm, test_sasl_user, test_sasl_password, None))
            connection.open()
            connection.bind()
            self.assertTrue(connection.bound)
            if test_server_type == 'EDIR':
                connected_user = connection.extend.novell.get_bind_dn()
            else:
                connected_user = str(connection.extend.standard.who_am_i())
            self.assertEqual(connected_user, test_sasl_user_dn)

            if connection.rebind(authentication=SASL, sasl_mechanism=DIGEST_MD5, sasl_credentials=(test_sasl_realm, test_sasl_secondary_user, test_sasl_secondary_password, None)):
                if test_server_type == 'EDIR':
                    connected_user = connection.extend.novell.get_bind_dn()
                else:
                    connected_user = connection.extend.standard.who_am_i()

                self.assertEqual(connected_user, test_sasl_secondary_user_dn)
            else:
                self.fail('secondary user sasl authentication failed')

            drop_connection(connection)
            self.assertFalse(connection.bound)

    def test_ntlm(self):
        if test_server_type == 'AD':
            connection = get_connection(bind=False, authentication=NTLM, ntlm_credentials=(test_ntlm_user, test_ntlm_password))
            connection.open()
            connection.bind()
            self.assertTrue(connection.bound)
            connected_user = str(connection.extend.standard.who_am_i())[2:]
            self.assertEqual(connected_user, test_ntlm_user)
            drop_connection(connection)
            self.assertFalse(connection.bound)