Add basic test of LDAP profile check_attribute

ndptech · ndptech · commit 80392474b8c6 · 2025-01-29T15:37:57.000Z
diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf
@@ -278,6 +278,7 @@ ldap {
 		attribute = 'radiusProfileDn'
 		attribute_suspend = "radiusProfileSuspendedDn"
 		sort_by = 'radiusProfilePriority'
+		check_attribute = 'radiusProfileCondition'
 	}
 
 	#
diff --git a/src/tests/modules/ldap/xlat_profile.unlang b/src/tests/modules/ldap/xlat_profile.unlang
@@ -71,4 +71,17 @@ if (reply.Reply-Message != 'Guten Tag') {
 
 reply := {}
 
+# Re-run the above with a different user name - the profile with "Guten Tag"
+# as the reply message has a condition of User-Name == bob
+&User-Name := 'john'
+if (!%ldap.profile('cn=nested,ou=profiles,dc=example,dc=com')) {
+	test_fail
+}
+
+if (reply.Reply-Message != 'Good Day') {
+	test_fail
+}
+
+reply := {}
+
 test_pass
diff --git a/src/tests/salt-test-server/salt/ldap/base.ldif b/src/tests/salt-test-server/salt/ldap/base.ldif
@@ -128,6 +128,7 @@ objectClass: radiusprofile
 cn: child1
 radiusAttribute: reply.Reply-Message := 'Guten Tag'
 radiusProfilePriority: 2
+radiusProfileCondition: User-Name == 'bob'
 
 dn: cn=child2,cn=nested,ou=profiles,dc=example,dc=com
 objectClass: freeradiusPolicy

Original file line number	Diff line number	Diff line change
`@@ -278,6 +278,7 @@ ldap {`
`278`	`278`	`attribute = 'radiusProfileDn'`
`279`	`279`	`attribute_suspend = "radiusProfileSuspendedDn"`
`280`	`280`	`sort_by = 'radiusProfilePriority'`
	`281`	`+ check_attribute = 'radiusProfileCondition'`
`281`	`282`	`}`
`282`	`283`
`283`	`284`	`#`