Table Of Contents

Previous topic

7.1. CredentialStore data injection

Next topic

7.3. UserList data injection

7.2. LDAPServer data injection¶

To inject user defined LDAP database into the LDAPServer API when testing outside the SPS box.

Patch/overwrite the safeguard.sessions.plugin_impl.ldap_server.ldap_servers with your own LDAP like database.

The ldap_servers is a dictionary where the key is the name of the LDAP Server policy to define, and the value itself is a dictionary where “users”, “groups” keys define users and groups respectively. See the example for more detail.

7.2.1. Example usage¶

from safeguard.sessions.plugin import LDAPServer
from safeguard.sessions.plugin import PluginConfiguration as PluginConfig
from safeguard.sessions.plugin_impl.ldap_server import ldap_servers

# Data injection of an LDAP database under the LDAP Server policy "adserver"
ldap_servers['adserver'] = {
    'users': {
        'root': {
            'description': 'adminuser',
            'cn': 'root',
            'multivalue': ['a', 'b'],
            'numeric': 1000,
        },
        'wsmith': {
            'description': 'user',
            'cn': 'wsmith',
            'multivalue': ['x', 'y'],
        },
    },
    'groups': {
        'admins': ['root'],
        'dbuser': ['wsmith']
    }
}


# Test the injected data
pc = PluginConfig('''
[ldap_server]
name=adserver
''')

ls = LDAPServer.from_config(pc)

assert ls.get_user_string_attribute('numeric') == ['1000']
assert ls.filter_user_groups('root', ['admins']) == ['admins']

7.2.2. Example usage with pytest and monkeypatch¶

from safeguard.sessions.plugin import LDAPServer
from safeguard.sessions.plugin import PluginConfiguration as PluginConfig
from safeguard.sessions.plugin_impl.ldap_server import ldap_servers

def test_user_list(monkeypatch):
    # Data injection
    testdb = {
        'users': {
            'root': {
                'description': 'adminuser',
                'cn': 'root',
                'multivalue': ['a', 'b'],
                'numeric': 1000,
            },
            'wsmith': {
                'description': 'user',
                'cn': 'wsmith',
                'multivalue': ['x', 'y'],
            },
        },
        'groups': {
            'admins': ['root'],
            'dbuser': ['wsmith']
        }
    }
    monkeypatch.setitem(ldap_servers, 'adserver', testdb)

    # Test the injected data
    pc = PluginConfig('''
    [ldap_server]
    name=adserver
    ''')

    ls = LDAPServer.from_config(pc)

    assert ls.get_user_string_attribute('numeric') == ['1000']
    assert ls.filter_user_groups('root', ['admins']) == ['admins']