Table Of Contents

Previous topic

10.1.1.1. CredentialStore data injection

Next topic

10.1.1.3. UserList data injection

10.1.1.2. LDAPServer data injection¶

To inject user defined LDAP database into the LDAPServer API when testing outside the SPS box.

Patch/overwrite the safeguard.sessions.plugin_impl.ldap_server.ldap_servers with your own LDAP like database.

The ldap_servers is a dictionary where the key is the name of the LDAP Server policy to define, and the value itself is a dictionary where “users”, “groups” keys define users and groups respectively. See the example for more detail.

10.1.1.2.1. Example usage with pytest and monkeypatch¶

from safeguard.sessions.plugin import LDAPServer
from safeguard.sessions.plugin import PluginConfiguration as PluginConfig
from safeguard.sessions.plugin_impl.ldap_server import ldap_servers

def test_user_list(monkeypatch):
    # Data injection
    testdb = {
        'users': {
            'root': {
                'description': 'adminuser',
                'cn': 'root',
                'multivalue': ['a', 'b'],
                'numeric': 1000,
            },
            'wsmith': {
                'description': 'user',
                'cn': 'wsmith',
                'multivalue': ['x', 'y'],
            },
        },
        'groups': {
            'admins': ['root'],
            'dbuser': ['wsmith']
        }
    }
    monkeypatch.setitem(ldap_servers, 'adserver', testdb)

    # Test the injected data
    pc = PluginConfig('''
    [ldap_server]
    name=adserver
    ''')

    ls = LDAPServer.from_config(pc)

    assert ls.get_user_string_attribute('numeric') == ['1000']
    assert ls.filter_user_groups('root', ['admins']) == ['admins']