Changes between Version 8 and Version 9 of LdapPluginTests
- Timestamp:
- Jul 22, 2015, 10:37:41 AM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
LdapPluginTests
v8 v9 1 = Testing LDAP extensions = 2 3 [[PageOutline]] 4 5 This page gives some hints about how to test the LdapPlugin extension, and provides some examples about deploying [http://www.openldap.org OpenLDAP] to perform the [http://trac-hacks.org/browser/ldapplugin/0.9/ldapplugin/tests tests]. 6 7 == Prerequistes == 8 9 The examples in this page assume that you are working with a Linux server (Debian), with OpenLDAP 2.2 or greater.[[BR]] 10 The `slapd` server should have been installed and you should also have access to the Ldap utils (which usually comes with a separate package) namely: 1 [[PageOutline(2-5,Contents,pullout)]] 2 3 = Testing LDAP extensions 4 5 This page gives some guidelines on testing the LdapPlugin extension, and provides some examples about deploying [http://www.openldap.org OpenLDAP] to perform the [http://trac-hacks.org/browser/ldapplugin/0.9/ldapplugin/tests tests]. 6 7 == Prerequistes 8 9 The examples in this page assume that you are working with a Linux server (Debian), with OpenLDAP 2.2 or greater. 10 11 The `slapd` server should be installed and you should also have access to the Ldap utils, which usually come with a separate package: 11 12 * server tools: `slapadd`, `slapcat` 12 13 * client tools: `ldapsearch`, `ldapadd`, `ldapmodify`, `ldapdelete` … … 14 15 All the commands are run using the superuser (root) account. 15 16 16 == Create the directory config file == 17 18 The following config file is somewhat more complex than it could be, as it uses ACL, etc.[[BR]] 19 However this is a good base to elaborate a more complex LDAP setup and ... that's the file I use to test the extension ;-) 17 == Create the directory config file 18 19 The following config file is somewhat more complex than it could be, as it uses ACL, etc. However this is a good base to elaborate a more complex LDAP setup and which is the file I used to test the extension. 20 20 21 21 {{{ … … 87 87 }}} 88 88 89 You should include this file from the main OpenLDAP configuration file, usually located here: `/etc/ldap/slapd.conf`. 90 You need to include these definitions at the bottom of the file. 91 92 == Configure your system logger == 93 94 OpenLDAP errors are somewhat cryptic. You can find useful information in the log produced by the server. 95 96 It is very useful to compare requests made by standard utilities such as `ldapsearch` and the requests made by the extension:[[BR]] 97 If an ldapsearch request fails, blame your server configuration (or your directory content) not the Trac Ldap Extension ;-) 98 99 1. Add the following entry in `/etc/syslog.conf` 89 You should include this file from the main OpenLDAP configuration file, usually located here: `/etc/ldap/slapd.conf`. You need to include these definitions at the bottom of the file. 90 91 == Configure your system logger 92 93 OpenLDAP errors can be cryptic. You can find useful information however in the log produced by the server. 94 95 It is useful to compare requests made by standard utilities such as `ldapsearch` and the requests made by the extension: if an ldapsearch request fails, blame your server configuration (or your directory content) not the Trac Ldap Extension. 96 97 1. Add the following entry in `/etc/syslog.conf`: 100 98 {{{ 101 99 # Log OpenLDAP 102 100 local4.* -/var/log/openldap.all 103 101 }}} 104 1. Reload the syslog configuration 102 1. Reload the syslog configuration: 105 103 {{{ 106 104 /etc/init.d/sysklogd reload … … 111 109 }}} 112 110 113 == Start up the LDAP server ==114 115 1. Create the directory where the LDAP directory files will reside 111 == Start up the LDAP server 112 113 1. Create the directory where the LDAP directory files will reside: 116 114 {{{ 117 115 mkdir /var/local/db/tracldap 118 116 }}} 119 1. Start up the server 117 1. Start up the server: 120 118 {{{ 121 119 /etc/init.d/slapd start … … 124 122 You should not get any error. If you get an error message (carefully check the log file), please fix up your LDAP configuration before resuming installation. 125 123 126 If everything is ok, shut down the server right now, because we need to initialize the LDAP directory127 128 == Initializing the directory ==124 If everything is ok, shut down the server, because we need to initialize the LDAP directory before continuing. 125 126 == Initializing the directory 129 127 130 128 We need to create the top-most entry (the local root) of the LDAP hierarchical directory. … … 139 137 objectClass: organization 140 138 }}} 141 1. Then inject this LDIF data into the LDAP directory using the server tool . '''Yes''', the server should be down at this very moment139 1. Then inject this LDIF data into the LDAP directory using the server tool, and the server should be down at this moment: 142 140 {{{ 143 141 /usr/sbin/slapadd -b "dc=example,dc=org" -l init.ldif 144 142 }}} 145 1. At this point, you can restart the LDAP server143 1. Restart the LDAP server: 146 144 {{{ 147 145 /etc/init.d/slapd start … … 150 148 Now that the server is up and running, we can inject the initial directory entries that are expected by the extension unit tests. 151 149 152 1. Copy the following LDIF data in another file, `dirtest.ldif` 150 1. Copy the following LDIF data in another file, `dirtest.ldif`: 153 151 {{{ 154 152 # Group definition … … 203 201 objectClass: tracuser 204 202 }}} 205 1. Add those entries to the directory using the client tool. This won't work if the LDAP server is down 203 1. Add those entries to the directory using the client tool. This won't work if the LDAP server is down: 206 204 {{{ 207 205 ldapadd -D "uid=root,dc=example,dc=org" -x -W -f direst.ldif 208 206 }}} 209 You'll be prompted for the user password, ''i.e.'' the password for user `uid=root`. This password is defined in the LDAP directory config file, here: "Trac"210 211 At this point,you should be able to fully use the directory:207 You'll be prompted for the user password, ie the password for user `uid=root`. This password is defined in the LDAP directory config file, here `Trac`. 208 209 Now you should be able to fully use the directory: 212 210 1. Search entries using an anonymous bind: 213 211 {{{ 214 215 212 ldapsearch -b "dc=example,dc=org" -x objectclass=* 216 213 }}} 217 214 218 1. Search entries using an authenticated bind (password for trac is "Trac"too):215 1. Search entries using an authenticated bind (password for Trac is `Trac` too): 219 216 {{{ 220 217 ldapsearch -b "dc=example,dc=org" -D "uid=trac,dc=example,dc=org" -x -W objectclass=* 221 218 }}} 222 219 223 1. You can also add new entries and remove them if you like. But do not forget that the Ldap Extension unit tests expect the directory to be set up as described up to now224 225 == Clean up ==220 1. You can also add new entries and remove them if you like. However, the Ldap Extension unit tests expect the directory to be set up as described above. 221 222 == Clean up 226 223 227 224 If the test fails or some part of the installation procedure fails, you want to clean up the LDAP directory to restart from a clean environment. 228 225 229 1. Shut down the OpenLDAP server 226 1. Shut down the OpenLDAP server: 230 227 {{{ 231 228 /etc/init.d/slapd stop 232 229 }}} 233 1. Remove the LDAP database files 230 1. Remove the LDAP database files: 234 231 {{{ 235 232 rm /var/local/db/tracldap/* 236 233 }}} 237 1. Reinitialize the directory (see above) 238 239 == Troubleshooting == 240 241 OpenLDAP server is very touchy, so double check your configuration files and your LDIF files if you get into troubles in the early setup stage. 242 243 === Common errors === 244 245 * `slapadd: could not parse entry (line=n)`[[BR]] 246 This usually means that your initial LDIF file is malformed: 247 * DOS vs. UNIX line ending mismatch 248 * Extra trailing space 249 250 * `ldapsearch` returns no result 251 1. Ensure that your base tree match the one defined in the LDIF file 252 1. Try disabling the ACL (comment the rules and restart the `slapd` server) 234 1. Reinitialize the directory, see above. 235 236 == Troubleshooting 237 238 OpenLDAP server is sensitive to its configuration settings, so double check your configuration files and your LDIF files if you encounter errors in the early setup stage. 239 240 === Common errors 241 242 * `slapadd: could not parse entry (line=n)`, which usually means that your initial LDIF file is malformed: 243 * DOS vs. UNIX line ending mismatch. 244 * Trailing space. 245 246 * `ldapsearch` returns no result: 247 1. Ensure that your base tree match the one defined in the LDIF file. 248 1. Try disabling the ACL, comment the rules and restart the `slapd` server.