Changes between Version 8 and Version 9 of LdapPluginTests


Ignore:
Timestamp:
Jul 22, 2015, 10:37:41 AM (9 years ago)
Author:
figaro
Comment:

Cosmetic changes

Legend:

Unmodified
Added
Removed
Modified
  • LdapPluginTests

    v8 v9  
    1 = Testing LDAP extensions =
    2 
    3 [[PageOutline]]
    4 
    5 This page gives some hints about how to test the LdapPlugin extension, and provides some examples about deploying [http://www.openldap.org OpenLDAP] to perform the [http://trac-hacks.org/browser/ldapplugin/0.9/ldapplugin/tests tests].
    6 
    7 == Prerequistes ==
    8 
    9 The examples in this page assume that you are working with a Linux server (Debian), with OpenLDAP 2.2 or greater.[[BR]]
    10 The `slapd` server should have been installed and you should also have access to the Ldap utils (which usually comes with a separate package) namely:
     1[[PageOutline(2-5,Contents,pullout)]]
     2
     3= Testing LDAP extensions
     4
     5This page gives some guidelines on testing the LdapPlugin extension, and provides some examples about deploying [http://www.openldap.org OpenLDAP] to perform the [http://trac-hacks.org/browser/ldapplugin/0.9/ldapplugin/tests tests].
     6
     7== Prerequistes
     8
     9The examples in this page assume that you are working with a Linux server (Debian), with OpenLDAP 2.2 or greater.
     10
     11The `slapd` server should be installed and you should also have access to the Ldap utils, which usually come with a separate package:
    1112 * server tools: `slapadd`, `slapcat`
    1213 * client tools: `ldapsearch`, `ldapadd`, `ldapmodify`, `ldapdelete`
     
    1415All the commands are run using the superuser (root) account.
    1516
    16 == Create the directory config file ==
    17 
    18 The following config file is somewhat more complex than it could be, as it uses ACL, etc.[[BR]]
    19 However this is a good base to elaborate a more complex LDAP setup and ... that's the file I use to test the extension ;-)
     17== Create the directory config file
     18
     19The following config file is somewhat more complex than it could be, as it uses ACL, etc. However this is a good base to elaborate a more complex LDAP setup and which is the file I used to test the extension.
    2020
    2121{{{
     
    8787}}}
    8888
    89 You should include this file from the main OpenLDAP configuration file, usually located here: `/etc/ldap/slapd.conf`.
    90 You need to include these definitions at the bottom of the file.
    91 
    92 == Configure your system logger ==
    93 
    94 OpenLDAP errors are somewhat cryptic. You can find useful information in the log produced by the server.
    95 
    96 It is very useful to compare requests made by standard utilities such as `ldapsearch` and the requests made by the extension:[[BR]]
    97 If an ldapsearch request fails, blame your server configuration (or your directory content) not the Trac Ldap Extension ;-)
    98 
    99  1. Add the following entry in `/etc/syslog.conf`
     89You should include this file from the main OpenLDAP configuration file, usually located here: `/etc/ldap/slapd.conf`. You need to include these definitions at the bottom of the file.
     90
     91== Configure your system logger
     92
     93OpenLDAP errors can be cryptic. You can find useful information however in the log produced by the server.
     94
     95It is useful to compare requests made by standard utilities such as `ldapsearch` and the requests made by the extension: if an ldapsearch request fails, blame your server configuration (or your directory content) not the Trac Ldap Extension.
     96
     97 1. Add the following entry in `/etc/syslog.conf`:
    10098{{{
    10199# Log OpenLDAP
    102100local4.*                       -/var/log/openldap.all
    103101}}}
    104  1. Reload the syslog configuration
     102 1. Reload the syslog configuration:
    105103{{{
    106104/etc/init.d/sysklogd reload
     
    111109}}}
    112110
    113 == Start up the LDAP server ==
    114 
    115  1. Create the directory where the LDAP directory files will reside
     111== Start up the LDAP server
     112
     113 1. Create the directory where the LDAP directory files will reside:
    116114{{{
    117115mkdir /var/local/db/tracldap
    118116}}}
    119  1. Start up the server
     117 1. Start up the server:
    120118{{{
    121119/etc/init.d/slapd start
     
    124122You should not get any error. If you get an error message (carefully check the log file), please fix up your LDAP configuration before resuming installation.
    125123
    126 If everything is ok, shut down the server right now, because we need to initialize the LDAP directory
    127 
    128 == Initializing the directory ==
     124If everything is ok, shut down the server, because we need to initialize the LDAP directory before continuing.
     125
     126== Initializing the directory
    129127
    130128We need to create the top-most entry (the local root) of the LDAP hierarchical directory.
     
    139137objectClass: organization
    140138}}}
    141  1. Then inject this LDIF data into the LDAP directory using the server tool. '''Yes''', the server should be down at this very moment
     139 1. Then inject this LDIF data into the LDAP directory using the server tool, and the server should be down at this moment:
    142140{{{
    143141/usr/sbin/slapadd -b "dc=example,dc=org" -l init.ldif
    144142}}}
    145  1. At this point, you can restart the LDAP server
     143 1. Restart the LDAP server:
    146144{{{
    147145/etc/init.d/slapd start
     
    150148Now that the server is up and running, we can inject the initial directory entries that are expected by the extension unit tests.
    151149
    152  1. Copy the following LDIF data in another file, `dirtest.ldif`
     150 1. Copy the following LDIF data in another file, `dirtest.ldif`:
    153151{{{
    154152# Group definition
     
    203201objectClass: tracuser
    204202}}}
    205  1. Add those entries to the directory using the client tool. This won't work if the LDAP server is down
     203 1. Add those entries to the directory using the client tool. This won't work if the LDAP server is down:
    206204{{{
    207205ldapadd -D "uid=root,dc=example,dc=org" -x -W -f direst.ldif
    208206}}}
    209 You'll be prompted for the user password, ''i.e.'' the password for user `uid=root`. This password is defined in the LDAP directory config file, here: "Trac"
    210 
    211 At this point, you should be able to fully use the directory:
     207You'll be prompted for the user password, ie the password for user `uid=root`. This password is defined in the LDAP directory config file, here `Trac`.
     208
     209Now you should be able to fully use the directory:
    212210 1. Search entries using an anonymous bind:
    213211{{{
    214 
    215212ldapsearch -b "dc=example,dc=org" -x objectclass=*
    216213}}}
    217214
    218  1. Search entries using an authenticated bind (password for trac is "Trac" too):
     215 1. Search entries using an authenticated bind (password for Trac is `Trac` too):
    219216{{{
    220217ldapsearch -b "dc=example,dc=org" -D "uid=trac,dc=example,dc=org" -x -W objectclass=*
    221218}}}
    222219
    223  1. You can also add new entries and remove them if you like. But do not forget that the Ldap Extension unit tests expect the directory to be set up as described up to now
    224 
    225 == Clean up ==
     220 1. You can also add new entries and remove them if you like. However, the Ldap Extension unit tests expect the directory to be set up as described above.
     221
     222== Clean up
    226223
    227224If the test fails or some part of the installation procedure fails, you want to clean up the LDAP directory to restart from a clean environment.
    228225
    229  1. Shut down the OpenLDAP server
     226 1. Shut down the OpenLDAP server:
    230227{{{
    231228/etc/init.d/slapd stop
    232229}}}
    233  1. Remove the LDAP database files
     230 1. Remove the LDAP database files:
    234231{{{
    235232rm /var/local/db/tracldap/*
    236233}}}
    237  1. Reinitialize the directory (see above)
    238 
    239 == Troubleshooting ==
    240 
    241 OpenLDAP server is very touchy, so double check your configuration files and your LDIF files if you get into troubles in the early setup stage.
    242 
    243 === Common errors ===
    244 
    245  * `slapadd: could not parse entry (line=n)`[[BR]]
    246  This usually means that your initial LDIF file is malformed:
    247    * DOS vs. UNIX line ending mismatch
    248    * Extra trailing space
    249 
    250  * `ldapsearch` returns no result
    251    1. Ensure that your base tree match the one defined in the LDIF file
    252    1. Try disabling the ACL (comment the rules and restart the `slapd` server)
     234 1. Reinitialize the directory, see above.
     235
     236== Troubleshooting
     237
     238OpenLDAP server is sensitive to its configuration settings, so double check your configuration files and your LDIF files if you encounter errors in the early setup stage.
     239
     240=== Common errors
     241
     242 * `slapadd: could not parse entry (line=n)`, which usually means that your initial LDIF file is malformed:
     243   * DOS vs. UNIX line ending mismatch.
     244   * Trailing space.
     245
     246 * `ldapsearch` returns no result:
     247   1. Ensure that your base tree match the one defined in the LDIF file.
     248   1. Try disabling the ACL, comment the rules and restart the `slapd` server.