xref: /PHP-7.2/ext/ldap/tests/README (revision 902d39a3)
1To ease testing LDAP-Setups we've created a vagrant-setup.
2
3Prerequisits:
4=============
5
6You will need vagrant on your box. Get it from https://www.vagrantup.com
7
8Usage:
9======
10
11To use it follow these steps:
12
13* Create a Vagrant-file with the following content.
14* Go to that directory and run "vagrant up"
15
16```
17$setup = <<<SETUP
18apt-get update
19
20DEBIAN_FRONTEND=noninteractive aptitude install -q -y slapd ldap-utils
21
22export SLAPPASS=`slappasswd -s password`
23
24echo "dn: olcDatabase={1}hdb,cn=config
25changetype: modify
26replace: olcSuffix
27olcSuffix: dc=nodomain
28-
29replace: olcRootDN
30olcRootDN: dc=admin,dc=nodomain
31-
32replace: olcRootPW
33olcRootPW: ${SLAPPASS}" | ldapmodify -Y EXTERNAL -H ldapi:///
34
35echo "dn: dc=nodomain
36objectClass: dcObject
37objectClass: organization
38o: Example
39dc: example
40
41dn: ou=extldap,dc=nodomain
42objectClass: organizationalUnit
43ou: extldap" | ldapadd -c -x -H ldap://localhost:389 -D "dc=admin,dc=nodomain" -w password
44SETUP
45
46Vagrant.configure(2) do |config|
47  config.vm.box = "ubuntu/trusty64"
48  config.vm.network "private_network", ip: "192.168.33.10"
49  config.vm.provision "shell", inline: $setup
50end
51```
52
53Now you will have a virtual machine up and running on IP-Address 192.168.10.33 listening on port 369 for incomming LDAP-connections. The machine is already configured to execute the LDAP-Tests
54
55The next step is to go into the PHP-Source-directory. Configure and make the source as appropriate.
56
57Before running the LDAP-Tests you need to set some environment-variables:
58
59export LDAP_TEST_PASSWD="password"
60export LDAP_TEST_BASE="ou=extldap,dc=nodomain"
61export LDAP_TEST_USER="dc=admin,dc=nodomain"
62export LDAP_TEST_HOST=192.168.33.10
63
64Now you can run the test-suite by calling "make test". To test only the LDAP-Tests, run "make test TESTS=ext/ldap"
65
66CAVEAT: The current setup does not (yet) test secure connections.
67
68
69========
70OLD README
71
72Most tests here relies on the availability of an LDAP server configured with TLS.
73
74Client/Server configuration:
75===========================================================
76OpenLDAP 2.4.31 has been used with the configuration below.
77
78Notes:
791.  A self signed certificate can be generated using:
80    $ openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 3650
81    It is used for testing ldap_start_tls(), which also requires "TLS_REQCERT never" in client configuration
822.  An empty LDAP structure is required for the tests to be PASSed (except for base and admin)
83
84If you use a debian based distribution, prefer the use of dpkg-reconfigure.
85Otherwise you may alter these configuration files:
86
87	(/etc/openldap/)slapd.conf:
88-----------------------------------------------------------
89TLSCACertificateFile /etc/openldap/ssl/server.pem
90TLSCertificateFile /etc/openldap/ssl/server.pem
91TLSCertificateKeyFile /etc/openldap/ssl/server.pem
92TLSVerifyClient never
93
94# hdb is used instead of bdb as it enables the usage of referrals & aliases
95database        hdb
96suffix          "dc=my-domain,dc=com"
97checkpoint      32      30
98rootdn          "cn=Manager,dc=my-domain,dc=com"
99rootpw          secret
100directory       /var/lib/openldap-data
101index   objectClass     eq
102
103authz-regexp
104	uid=Manager,cn=digest-md5,cn=auth
105	cn=Manager,dc=my-domain,dc=com
106
107
108(/etc/openldap/)ldap.conf:
109-----------------------------------------------------------
110TLS_REQCERT never
111
112Tests configuration:
113===========================================================
114The following environment variables may be defined:
115LDAP_TEST_HOST (default: localhost)                        Host to connect to
116LDAP_TEST_PORT (default: 389)                              Port to connect to
117LDAP_TEST_BASE (default: dc=my-domain,dc=com)              Base to use. May be the ldap root or a subtree. (ldap_search_variation6 will fail if a subtree is used)
118LDAP_TEST_USER (default: cn=Manager,dc=my-domain,dc=com)   DN used for binding
119LDAP_TEST_SASL_USER (default: Manager)                     SASL user used for SASL binding
120LDAP_TEST_PASSWD (default: secret)                         Password used for plain and SASL binding
121LDAP_TEST_OPT_PROTOCOL_VERSION (default: 3)                Version of LDAP protocol to use
122LDAP_TEST_SKIP_BIND_FAILURE (default: true)                Whether to fail the test or not in case binding fails
123
124Credits:
125===========================================================
126Davide Mendolia <idaf1er@gmail.com>
127Patrick Allaert <patrick.allaert@gmail.com>
128Côme Bernigaud <mcmic@php.net>
129