From Fedora Project Wiki
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
[[Category:Test Days]] | |||
[[Category:QA Templates]] | |||
{|border="1" | {|border="1" | ||
|-style="color: white; background-color: #3074c2; font-weight: bold" | |-style="color: white; background-color: #3074c2; font-weight: bold" | ||
Line 179: | Line 182: | ||
| proftpd | | proftpd | ||
| jgorig | | jgorig | ||
| | | | ||
|- | |- | ||
| pure-ftpd | | pure-ftpd | ||
Line 494: | Line 497: | ||
{{admon/warning|Test OpenLDAP with MozNSS primarily|Please, use mainly openldap03. The other servers are only for reference, to reveal possible behavior changes.}} | {{admon/warning|Test OpenLDAP with MozNSS primarily|Please, use mainly openldap03. The other servers are only for reference, to reveal possible behavior changes.}} | ||
{| | {| | ||
Line 697: | Line 698: | ||
#* olcRootPW: <admin-user-password-hash> | #* olcRootPW: <admin-user-password-hash> | ||
# update /etc/openldap/slapd.d/cn=config/olcDatabase={2}monitor.ldif | # update /etc/openldap/slapd.d/cn=config/olcDatabase={2}monitor.ldif | ||
#* olcAccess: {0}to * by dn.base="cn=manager,dc=copper,dc=testday" read by * | #* olcAccess: {0}to * by dn.base="cn=manager,dc=copper,dc=testday" read by * non | ||
# start your server: <code>service slapd start</code> | # start your server: <code>service slapd start</code> | ||
# try your serve functionality | # try your serve functionality | ||
Line 705: | Line 706: | ||
#* download example [http://jvcelak.fedorapeople.org/testday-101014/root_copper.ldif root DN nodes] (LDIF) | #* download example [http://jvcelak.fedorapeople.org/testday-101014/root_copper.ldif root DN nodes] (LDIF) | ||
#* update DNs in that file | #* update DNs in that file | ||
#* import that file into the database: <br/><code>ldapadd | #* import that file into the database: <br/><code>ldapadd -x -D "cn=Manager,dc=copper,dc=testday" -W -f root.ldif</code> | ||
# install BDB configuration file | # install BDB configuration file | ||
#* <code>cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/ | #* <code>cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_EXAMPLE</code> | ||
# restart your server: <code>service slapd restart</code> | # restart your server: <code>service slapd restart</code> | ||
# '''your server is now configured and running without TLS''' | # '''your server is now configured and running without TLS''' | ||
Line 807: | Line 808: | ||
* OK: Ldap backend with TLS, works as a proxy (tested including loops) | * OK: Ldap backend with TLS, works as a proxy (tested including loops) | ||
* OK: self-signed certificates | * OK: self-signed certificates | ||
** verification with OpenSSL fails when connecting to localhost (host name doesn't match) | ** verification with OpenSSL fails when connecting to localhost (host name doesn't match) | ||
** verification with MozNSS works well when connecting to localhost or hostname | ** verification with MozNSS works well when connecting to localhost or hostname | ||
Line 951: | Line 951: | ||
* referring to another server using ldap:server:dn works | * referring to another server using ldap:server:dn works | ||
* volumes mounted as expected | * volumes mounted as expected | ||
== Test Results == | |||
After you are finished testing, please file a testing report below. The first report can | |||
be used as an example how it should look like. If you encounter any issue, please first | |||
consult it on IRC. If it will be verified as a bug, file a bugzilla against openldap | |||
component and add a note about it to your report. | |||
'''Tested program: abcd-1.5-3-fc14.x86_64''' | |||
* tried against all referential servers | |||
* tried TLS connection with and without client certificate | |||
* all test were tun with option CDEF turned on | |||
* all test were running fine, except one | |||
* bug #123456 was filed | |||
* bug #123457 was filed | |||
'''[omoris] Tested program: openldap-servers-2.4.22-7.fc14.i686 openldap-clients-2.4.22-7.fc14.i686''' | |||
* executed upstream self-test included in source rpm | |||
* all passed | |||
'''[ksrot] Tested program: curl-7.21.0-5.fc14.x86_64''' | |||
* tried the query LDAP database using following commands: | |||
curl 'ldap://openldap03.fedoraproject.org/dc=gold,dc=testday??sub' | |||
curl --cacert /etc/testday/cacert.pem 'ldaps://openldap03.fedoraproject.org/dc=gold,dc=testday??sub' | |||
curl 'ldap://openldap01.fedoraproject.org/dc=silver,dc=testday??sub' | |||
curl --cacert /etc/testday/cacert.pem 'ldaps://openldap01.fedoraproject.org/dc=silver,dc=testday??sub' | |||
* output looked fine | |||
'''[jvcelak] Tested program: openldap-2.4.23-1.fc15.x86_64 openldap-2.4.21-10.fc13.x86_64''' | |||
* reported bug #641946 (slapd init script gets stuck in an infinite loop) | |||
* OK: CA signed certificates (now used on silver and bronze) | |||
* OK: sub-CA signed certificates (now used on gold) | |||
* OK: referral chasing with TLS (tested including loops) | |||
* OK: Ldap backend with TLS, works as a proxy (tested including loops) | |||
* OK: self-signed certificates | |||
** verification with OpenSSL fails when connecting to localhost (host name doesn't match) | |||
** verification with MozNSS works well when connecting to localhost or hostname | |||
** verification with MozNSS fails when using certificate and hostname doesn't match | |||
* MozNSS error messages often miss explanation (like -8172 Unknown error) | |||
'''[mvadkert] Tested program: openssh-5.5p1-21.fc14.2.x86_64''' | |||
* omoris and jvcelak added openssh.scheme and a test user | |||
* tested with ssh-ldap-helper | |||
root@freedom openldap]# /usr/libexec/openssh/ssh-ldap-helper -vvv -f /etc/openldap/ldap.conf -s user2 | |||
debug1: Reading configuration data /etc/openldap/ldap.conf | |||
debug3: === Configuration === | |||
debug3: URI ldaps://openldap03.fedoraproject.org | |||
debug3: Host openldap03.fedoraproject.org | |||
debug3: Port 636 | |||
debug3: SSL Yes | |||
debug3: Ldap_Version 3 | |||
debug3: Base ou=omoris,ou=free,dc=gold,dc=testday | |||
debug3: BindDN cn=Tester,dc=gold,dc=testday | |||
debug3: BindPW openldap | |||
debug3: Scope Sub | |||
[snip] | |||
debug1: LDAP do connect | |||
debug3: Set TLS CA cert dir /etc/openldap/cacerts | |||
debug3: Set TLS check peer to 1 | |||
debug3: LDAP initialize ldaps://openldap03.fedoraproject.org | |||
[snip] | |||
debug3: LDAP search scope = 2 (&(objectclass=posixAccount)(objectclass=ldapPublicKey)(uid=user2)) | |||
ssh-rsa | |||
AAAAB3NzaC1yc2EAAAABIwAAAQEAsDA+I14oBeVd7ceujknbvc3i2Qfnx2Q1vPatRcwPfWLF2H4fPUuUypkJjswvJXxZun+7h1tNpZPMvKCxMLNph4follk35MXT01LZYtW3rs3bdYL+9vBO7ns1+MDrrusotM3f+j90VhPVn5MhgPABVAaSVoTGn058d/N/R1pMMvnRrKhBYlLG0Yb4WesvJQCL9GkbPqjn7tWZQNbDqnIA/TgYe87ES7rsC8ZFObSYYhWXJqnYb8ysQRVLTRUxE/EzYWM0YUIuYIN9eRzUJW9rFmlVDalUjzwIK6dkhkl4xN3vX5lSL3OCJlwIxUoQLK2P9fEvbPlxd9IRSQNWFJO2HQ==mvadkert@dhcp-lab-118.englab.brq.redhat.com | |||
debug2: LDAP process user finished | |||
debug1: LDAP do close | |||
debug2: LDAP do close OK | |||
'''[jvcelak] Tested program: python-ldap-2.3.12-1.fc15.x86_64''' | |||
* not tested very deeply, basic operations work: | |||
#!/usr/bin/python | |||
import ldap | |||
import ldap.modlist as modlist | |||
l = ldap.initialize("ldaps://openldap03.fedoraproject.org", trace_level = 1) | |||
l.simple_bind_s("cn=Tester,dc=gold,dc=testday", "openldap") | |||
ldif = modlist.addModlist({ | |||
"objectClass" : [ "organizationalUnit", "top" ], | |||
"ou" : [ "jvcelak" ], | |||
}) | |||
l.add_s("ou=jvcelak,ou=free,dc=gold,dc=testday", ldif) | |||
print l.search_s("dc=gold,dc=testday", ldap.SCOPE_SUBTREE, "(cn=Manager)") | |||
l.delete_s("ou=jvcelak,ou=free,dc=gold,dc=testday") | |||
l.unbind_s() | |||
'''[mvadkert] Tested program: libuser-0.56.18-2.fc14''' | |||
* tested all libuser commands - found bug in lpasswd #643022 | |||
* generally works well after good setup in /etc/libuser.conf | |||
'''[omoris] Tested program: pam_ldap-185-5.fc14''' | |||
* tested password change, ssh connection, password change via ssh connection | |||
* no problems, works fine | |||
* testes via beakerlib using already prepared testcases | |||
'''[omoris] Tested program: nss_ldap-265-6.fc14 & nss-pam-ldapd.i686 0:0.7.7-1.fc14 ''' | |||
* tested getent, id of ldap users | |||
* no problems, works fine | |||
* testes via beakerlib using already prepared testcases | |||
'''[mvadkert] Tested program: quota-3.17-13.fc14.x86_64''' | |||
* mail stored in surname in LDAP user, quota works as expected with ldaps :) | |||
'''[amarecek] Tested program: sudo-1.7.4p4-3.fc14.x86_64''' | |||
* rights escalation with ldap users only, local users and ldap groups, ldap groups with white spaces. | |||
'''[jgorig] Tested program: php-ldap-5.3.3-1.fc14.x86_64''' | |||
* basic operations works | |||
<?php | |||
$conn = ldap_connect("openldap03.fedoraproject.org"); | |||
if(!$conn) exit(ldap_error($conn)); | |||
$ret = ldap_start_tls($conn); | |||
if(!$ret) exit(ldap_error($conn)); | |||
$r = ldap_bind($conn, "cn=Tester,dc=gold,dc=testday", "openldap"); | |||
if(!$r) exit(ldap_error($conn)); | |||
$data["objectClass"][0] = "organizationalUnit"; | |||
$data["objectClass"][1] = "top"; | |||
$data["ou"] = "Testovac"; | |||
ldap_add($conn, "ou=Testovac,ou=free,dc=gold,dc=testday", $data); | |||
$sr = ldap_search($conn, "dc=gold,dc=testday", "ou=Testovac"); | |||
print_r(ldap_get_entries($conn, $sr)); | |||
ldap_delete($conn, "ou=Testovac,ou=free,dc=gold,dc=testday"); | |||
ldap_close($conn); | |||
'''[shanks] Tested program: sssd-1.3.0-35.fc14.x86_64 | '''[shanks] Tested program: sssd-1.3.0-35.fc14.x86_64 | ||
Line 978: | Line 1,113: | ||
[sssd[be[LDAP]]] [simple_bind_done] (5): Server returned no controls. | [sssd[be[LDAP]]] [simple_bind_done] (5): Server returned no controls. | ||
[sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Success(0), (null) | [sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Success(0), (null) | ||