1# The ldap extension tests 2 3To ease testing LDAP-Setups we've created a vagrant-setup. 4 5## Prerequisites 6 7You will need [vagrant](https://www.vagrantup.com) on your box. 8 9## Usage 10 11To use it follow these steps: 12 13* Create a `Vagrantfile` with the following content. 14* Go to that directory and run "vagrant up" 15 16```Vagrantfile 17$setup = <<<SETUP 18apt-get update 19 20DEBIAN_FRONTEND=noninteractive aptitude install -q -y slapd ldap-utils 21 22export SLAPPASS=`slappasswd -s password` 23 24echo "dn: olcDatabase={1}hdb,cn=config 25changetype: modify 26replace: olcSuffix 27olcSuffix: dc=nodomain 28- 29replace: olcRootDN 30olcRootDN: dc=admin,dc=nodomain 31- 32replace: olcRootPW 33olcRootPW: ${SLAPPASS}" | ldapmodify -Y EXTERNAL -H ldapi:/// 34 35echo "dn: dc=nodomain 36objectClass: dcObject 37objectClass: organization 38o: Example 39dc: example 40 41dn: ou=extldap,dc=nodomain 42objectClass: organizationalUnit 43ou: extldap" | ldapadd -c -x -H ldap://localhost:389 -D "dc=admin,dc=nodomain" -w password 44SETUP 45 46Vagrant.configure(2) do |config| 47 config.vm.box = "ubuntu/trusty64" 48 config.vm.network "private_network", ip: "192.168.33.10" 49 config.vm.provision "shell", inline: $setup 50end 51``` 52 53Now you will have a virtual machine up and running on IP-Address `192.168.10.33` 54listening on port 369 for incoming LDAP-connections. The machine is already 55configured to execute the LDAP-Tests. 56 57The next step is to go into the PHP-Source-directory. Configure and make the 58source as appropriate. 59 60Before running the LDAP-Tests you need to set some environment-variables: 61 62```bash 63export LDAP_TEST_PASSWD="password" 64export LDAP_TEST_BASE="ou=extldap,dc=nodomain" 65export LDAP_TEST_USER="dc=admin,dc=nodomain" 66export LDAP_TEST_HOST=192.168.33.10 67``` 68 69Now you can run the test-suite by calling `make test`. To test only the 70LDAP-Tests, run `make test TESTS=ext/ldap`. 71 72CAVEAT: The current setup does not (yet) test secure connections. 73 74## Old README 75 76Most tests here rely on the availability of an LDAP server configured with TLS. 77 78### Client/Server configuration 79 80OpenLDAP 2.4.31 has been used with the configuration below. 81 82Notes: 83 841. A self signed certificate can be generated using: 85 86 ```bash 87 openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 3650 88 ``` 89 90 It is used for testing ldap_start_tls(), which also requires 91 `TLS_REQCERT never` in client configuration. 92 932. An empty LDAP structure is required for the tests to be PASSed (except for 94 base and admin) 95 96If you use a debian based distribution, prefer the use of `dpkg-reconfigure`. 97Otherwise you may alter these configuration files: 98 99#### (/etc/openldap/)slapd.conf 100 101```txt 102TLSCACertificateFile /etc/openldap/ssl/server.pem 103TLSCertificateFile /etc/openldap/ssl/server.pem 104TLSCertificateKeyFile /etc/openldap/ssl/server.pem 105TLSVerifyClient never 106 107# hdb is used instead of bdb as it enables the usage of referrals & aliases 108database hdb 109suffix "dc=my-domain,dc=com" 110checkpoint 32 30 111rootdn "cn=Manager,dc=my-domain,dc=com" 112rootpw secret 113directory /var/lib/openldap-data 114index objectClass eq 115 116authz-regexp 117 uid=Manager,cn=digest-md5,cn=auth 118 cn=Manager,dc=my-domain,dc=com 119``` 120 121#### (/etc/openldap/)ldap.conf 122 123```txt 124TLS_REQCERT never 125``` 126 127#### Tests configuration 128 129The following environment variables may be defined: 130 131```txt 132LDAP_TEST_HOST (default: localhost) Host to connect to 133LDAP_TEST_PORT (default: 389) Port to connect to 134LDAP_TEST_BASE (default: dc=my-domain,dc=com) Base to use. May be the ldap root or a subtree. (ldap_search_variation6 will fail if a subtree is used) 135LDAP_TEST_USER (default: cn=Manager,dc=my-domain,dc=com) DN used for binding 136LDAP_TEST_SASL_USER (default: Manager) SASL user used for SASL binding 137LDAP_TEST_PASSWD (default: secret) Password used for plain and SASL binding 138LDAP_TEST_OPT_PROTOCOL_VERSION (default: 3) Version of LDAP protocol to use 139LDAP_TEST_SKIP_BIND_FAILURE (default: true) Whether to fail the test or not in case binding fails 140``` 141 142## Credits 143 144* Davide Mendolia (idaf1er@gmail.com) 145* Patrick Allaert (patrick.allaert@gmail.com) 146* Côme Bernigaud (mcmic@php.net) 147