testing ldap implementations
play

Testing LDAP Implementations Emmanuel Lcharny Do who need tests - PowerPoint PPT Presentation

Apr 13, 2023 •217 likes •501 views

Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't need it... We have users ! We have users ! LDAP project phases Initial analysis Development + tests Costs Conformance tests Tests are

  1. Testing LDAP Implementations Emmanuel Lécharny

  2. Do who need tests anyway ? OSS projects don't need it... We have users !

  3. We have users !

  4. LDAP project phases • Initial analysis • Development + tests Costs • Conformance tests Tests are costly, and must be run frequently...

  5. LDAP Tests • Unit tests • Integration tests • Performance tests

  6. I

  7. Unit Tests in Java • Need a server we can launch • Need an API • More than that, need some mechanism to speed up tests

  8. ApacheDS test framework • We can start a server using annotations • We provide an easy to use API • Tests can be run concurrently • No need to start/stop or cleanup the server for each test

  9. Simple test • Creation of a DirectoryService • Creation of a LdapServer • Extends AbstractLdapTestUnit • Get an LdapConnection • And now we can send requests...

  10. Code @RunWith(FrameworkRunner.class class) // Define the DirectoryService @CreateDS() // Define the LDAP protocol layer @CreateLdapServer( transports = { @CreateTransport(protocol = "LDAP") }) public public class class A_SimpleServerTest extends extends AbstractLdapTestUnit { /** * A simple test */ @Test public public void void test() throws throws Exception { LdapServer ldapServer = getLdapServer (); // Get an admin connection on the defined server LdapConnection connection = new new LdapNetworkConnection( "localhost", ldapServer.getPort() ); connection.bind( "uid=admin,ou=system", "secret" ); // Check that we can read an entry assertNotNull ( connection.lookup( "ou=system" ) ); // And close the connection connection.close(); } }

  11. Test with entries injection • Same as the previous example • Injection of entries with @ApplyLdifs @ApplyLdifs or @ApplyLdifFiles @ApplyLdifFiles

  12. Code @ApplyLdifs( // Inject an entry { // Entry # 1 "dn: uid=elecharny,ou=users,ou=system", "objectClass: uidObject", "objectClass: person", "objectClass: top", "uid: elecharny", "cn: Emmanuel Lécharny", "sn: lecharny", "userPassword: emmanuel" }) @CreateDS() // Define the DirectoryService @CreateLdapServer( // Define the LDAP protocol layer transports = { @CreateTransport(protocol = "LDAP") }) public public class class B_LdifEntryServerTest extends extends AbstractLdapTestUnit { /** * A test where we bind using the added entry credentials */ @Test public public void void testBindUser() throws throws Exception { // Get a connection (not bound yet) on the server LdapConnection connection = getWiredConnection ( getLdapServer () ); connection.bind( "uid=elecharny,ou=users,ou=system", "emmanuel" ); // Check that we can read an entry assertNotNull ( connection.lookup( "uid=elecharny,ou=users,ou=system" ) ); // And close the connection connection.close(); } }

  13. Test with partition creation • Creation of a DirectoryService • Creation of a Partition • Creation of indexes • Etc...

  14. Code @RunWith(FrameworkRunner.class class) // Define the DirectoryService @CreateDS( partitions = { @CreatePartition( name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry( entryLdif = "dn: dc=example,dc=com\n" + "dc: example\n" + "objectClass: top\n" + "objectClass: domain\n\n" ), indexes = { @CreateIndex( attribute = "objectClass" ), @CreateIndex( attribute = "dc" ), @CreateIndex( attribute = "ou" ) } ) }) @CreateLdapServer( // Define the LDAP protocol layer transports = { @CreateTransport(protocol = "LDAP") }) public public class class D_ServerWithPartitionTest extends extends AbstractLdapTestUnit { @Test public public void void test() throws throws Exception { // Get an admin connection on the defined server LdapConnection connection = getWiredConnection ( getLdapServer (), "uid=admin,ou=system", "secret" ); // Check that we can read the Example context entry assertNotNull ( connection.lookup( "dc=example,dc=com" ) ); ...

  15. Saving start/stop delays • No need to start a fresh server for each test • No need to revert the modifjcations when the test is done • Automatic rollback • OTOH, kills concurrent tests...

  16. Defjning more than one server • May be needed • Can be associated to a suite, a class or a method

  17. Modifying the schema • Easy to modify • Use @ApplyLdifs or @ApplyLidfFiles for that purpose • Will be reverted when the test will end, as usual

  18. II

  19. JMeter • User friendly GUI • Tests can be exported and executed • Remote agents can be used • No code needed

  20. III

  21. API • Schema aware • Easy to use • Deal locally with comparisons

  22. Problem @ApplyLdifs( { // Entry # 1 "dn: cn=Test Lookup,ou=system", "objectClass: person", "cn: Test Lookup", "sn: sn test" }) public void testLookupCn() throws Exception { LdapConnection connection = LdapConnection connection = getWiredConnection ( getLdapServer (), "uid=admin,ou=system", "secret" ); Entry entry = connection.lookup( Entry entry = connection.lookup( "cn=test lookup,ou=system", "cn" ); assertNotNull ( entry ); // Check that we don't have any operational attributes : // We should have only 3 attributes : objectClass, cn and sn assertEquals ( 1, entry.size() ); // Check that all the user attributes are present assertTrue ( entry.contains( "cn", "Test Lookup" ) ); assertFalse ( entry.contains( "cn", "test lookup" ) ); assertFalse ( entry.contains( "2.5.4.3", "test lookup" ) ); assertFalse ( entry.contains( "CN", " test LOOKUP " ) ); } }

  23. Solution @ApplyLdifs( { // Entry # 1 "dn: cn=Test Lookup,ou=system", "objectClass: person", "cn: Test Lookup", "sn: sn test" }) public void testLookupCn() throws Exception { LdapConnection connection = LdapConnection connection = getWiredConnection ( getLdapServer (), "uid=admin,ou=system", "secret" ); // Make the connection schema aware connection.loadSchema(); Entry entry = connection.lookup( Entry entry = connection.lookup( "cn=test lookup,ou=system", "cn" ); assertNotNull ( entry ); // Check that we don't have any operational attributes : // We should have only 3 attributes : objectClass, cn and sn assertEquals ( 1, entry.size() ); // Check that all the user attributes are present assertTrue ( entry.contains( "cn", "Test Lookup" ) ); assertTrue ( entry.contains( "cn", "test lookup" ) ); assertTrue ( entry.contains( "2.5.4.3", "test lookup" ) ); assertTrue ( entry.contains( "CN", " test LOOKUP " ) ); } }

  24. IV

  25. Future • Use Studio to register scenarii • 'Reboot' Slamd effort (or design a new tool) • Provide a Groovy LDAP API • Add LDAP assertions • Make the Java tests able to start another server • LDAPUnit : a dedicated LDAP test framework

  26. Thanks !

  27. Q/R

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP LDAP Servers Information Structure Protocol Overview LDAP operations UNDERSTANDING LDAP LDAP stands for Lightweight Directory Access

268 views • 12 slides
LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

What is LDAP Lightweight Directory Access Protocol Phonebook Based on X.500 DAP on OSI stack Developed in '93 @ UMich LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many implementations OpenLDAP

544 views • 6 slides
How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

Getting Started What do you already know about ldap ? . . . . . . . . . . . . . . slide #3 What Do You Want? . . . . . . . . . . . . . . . . . . . . . . . . . . . . slide #4 Argument for LDAP Account Information . . . . . . . . . . . . . . . . .

442 views • 26 slides
Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View Implementations Designing testable code High-level Model-View design T est-drivers and mock objects Unit test execution KDE ItemViews

268 views • 23 slides
Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan

Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan

IWCT2017 (ICST 2017 Workshop), Tokyo, Mar 13, 2017 Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan and Jian Zhang Institute of Software, Chinese Academy of Sciences dengxi15@otcaix.iscas.ac.cn

670 views • 21 slides
LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com http://www.samba.org/~idra What is LDB ? LDB is an LDAP-like database interface LDAP-like data model support LDAP like search expressions but it

1.03k views • 24 slides
Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution Felix Rath ,

Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution Felix Rath ,

Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution Felix Rath , Daniel Schemmel, Klaus Wehrle https://comsys.rwth-aachen.de EPIQ Workshop, Heraklion, Greece, 2018-12-04 QUANT ? Mozquic ? mvfst ? picoquic ?

1.45k views • 97 slides
DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999 Peter Gietz, University of Tbingen Peter.Gietz@directory.dfn.de DESIRE LDAP Index system

855 views • 12 slides
Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002 andrew.findlay@skills-1st.co.uk Security with LDAP Applications of LDAP White Pages NIS (Network Information System) Authentication

257 views • 15 slides
KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC attributes except for those used to store key data Keys Extension draft: Defines attributes used to store key data Flow of Data to LDAP

798 views • 10 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg <roland.hedberg@adm.umu.se> The transition -starting point Admin interface LDAP Scripts The transition - toward nirvana Admin interface LDAP Scripts

497 views • 22 slides
dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit of History Number of systems Own user administra:on system Some users had access

519 views • 10 slides
UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity System UCSBnetID authentication UCSB-wide student and employee info http://www.identity.ucsb.edu/ LDAP Overview Lightweight Directory Access Protocol

604 views • 24 slides
Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands

231 views • 6 slides
Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic Poitou OpenDS ludovic.poitou@sun.com A poor man's choice: JNDI or JLDAP/Netscape LDAP SDK Good News: Apache Directory Client API OpenDS

678 views • 20 slides
Cooks Theorem 1 Cook showed that SATISFIABILITY is NP-complete. The terms used to specify it

Cooks Theorem 1 Cook showed that SATISFIABILITY is NP-complete. The terms used to specify it

The Theory of NP-Completeness Peter Cappello Department of Computer Science University of California, Santa Barbara Santa Barbara, CA 93106 cappello@cs.ucsb.edu Please read the corresponding chapter before attending this lecture.

531 views • 20 slides
1 (First two from last weekend...) 1. I become more effective and productive as a

1 (First two from last weekend...) 1. I become more effective and productive as a

The God Life p.7: Holding On To The Eternal Ticket 05.27.12 Scripture: 2 Peter 1:10-11 Video: Charlie Gets The Golden Ticket [3:00] from Willy Wonka Fundamental Question: Been debated for 2,000 years - is our salvation assured or do we

396 views • 4 slides
A (VERY) Brief Introduction to Machine Learning for ITOA Toufic Boubez, PhD VP Engineering,

A (VERY) Brief Introduction to Machine Learning for ITOA Toufic Boubez, PhD VP Engineering,

A (VERY) Brief Introduction to Machine Learning for ITOA Toufic Boubez, PhD VP Engineering, Machine Learning Splunk Inc. Disclaimer During the course of this presentation, we may make forward looking statements regarding future events or the

1.35k views • 98 slides
Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer

Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer

Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Tools and Techniques For SWHM 1 Introduction New project,

364 views • 7 slides
Doing big.LITTLE right: little and big obstacles Uladizislau Rezki, Vitaly Wool Softprise

Doing big.LITTLE right: little and big obstacles Uladizislau Rezki, Vitaly Wool Softprise

softprise CONSULTING O Doing big.LITTLE right: little and big obstacles Uladizislau Rezki, Vitaly Wool Softprise Consulting O 2015 www.softprise.net softprise CONSULTING O What is big.LITTLE? Complex multicore CPU architecture

635 views • 26 slides
On quantitative absolute continuity of harmonic measure and big piece approximation by chord-arc

On quantitative absolute continuity of harmonic measure and big piece approximation by chord-arc

On quantitative absolute continuity of harmonic measure and big piece approximation by chord-arc domains Steve Hofmann (joint work with J. M. Martell) April 21, 2018 Steve Hofmann (joint work with J. M. Martell) On quantitative absolute

579 views • 35 slides
Sync Points in the Intel Gfx Driver Jesse Barnes Intel Open Source Technology Center 1 Agenda

Sync Points in the Intel Gfx Driver Jesse Barnes Intel Open Source Technology Center 1 Agenda

Sync Points in the Intel Gfx Driver Jesse Barnes Intel Open Source Technology Center 1 Agenda History and other implementations Other I/O layers - block device ordering NV_fence, ARB_sync EGL_native_fence_sync, Android

987 views • 17 slides
Representing and Learning Regular Sets and Functions Jeffrey Heinz Department of Linguistics and

Representing and Learning Regular Sets and Functions Jeffrey Heinz Department of Linguistics and

Representing and Learning Regular Sets and Functions Jeffrey Heinz Department of Linguistics and Cognitive Science Support from NSF#1123692 and #1035577 PRECISE seminar University of Pennsylvania November 20, 2014 1 Collaborators Jim

860 views • 48 slides

More recommend