Refactor LDAP test to remove dependency on mockldap

tdruez · tdruez · commit f2b4f076b3be · 2025-10-29T12:18:27.000+04:00
Signed-off-by: tdruez &lt;tdruez@aboutcode.org&gt;
diff --git a/dje/tests/test_ldap.py b/dje/tests/test_ldap.py
@@ -11,6 +11,7 @@
 
 from django.apps import apps
 from django.conf import settings
+from django.contrib.auth import authenticate
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group
 from django.contrib.auth.models import Permission
@@ -21,11 +22,12 @@
 from django.urls import reverse
 
 import ldap
+import slapdtest
 from django_auth_ldap.backend import _LDAPUserGroups
 from django_auth_ldap.config import GroupOfNamesType
 from django_auth_ldap.config import LDAPSearch
 from guardian.shortcuts import assign_perm
-from mockldap import MockLdap
+from ldap.ldapobject import SimpleLDAPObject
 
 from dje.ldap_backend import DejaCodeLDAPBackend
 from dje.models import Dataspace
@@ -38,103 +40,88 @@
 Product = apps.get_model("product_portfolio", "Product")
 
 
-AUTH_LDAP_USER_ATTR_MAP = {
-    "first_name": "givenName",
-    "last_name": "sn",
-    "email": "mail",
-}
-
-
-LDAP_GROUP_SETTINGS = {
-    "AUTH_LDAP_GROUP_SEARCH": LDAPSearch(
-        "ou=groups,dc=nexb,dc=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
-    ),
-    "AUTH_LDAP_GROUP_TYPE": GroupOfNamesType(),
-}
+LDIF = """
+dn: o=test
+objectClass: organization
+o: test
+
+dn: ou=people,o=test
+objectClass: organizationalUnit
+ou: people
+
+dn: ou=groups,o=test
+objectClass: organizationalUnit
+ou: groups
+
+dn: uid=bob,ou=people,o=test
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: posixAccount
+cn: bob
+uid: bob
+userPassword: secret
+uidNumber: 1001
+gidNumber: 50
+givenName: Robert
+sn: Smith
+homeDirectory: /home/bob
+mail: bob@test.com
+
+dn: cn=active,ou=groups,o=test
+cn: active
+objectClass: groupOfNames
+member: uid=bob,ou=people,o=test
+"""
 
 
 @override_settings(
-    AUTH_LDAP_SERVER_URI="ldap://localhost/",
     AUTHENTICATION_BACKENDS=("dje.ldap_backend.DejaCodeLDAPBackend",),
     AUTH_LDAP_DATASPACE="nexB",
-    AUTH_LDAP_USER_SEARCH=LDAPSearch(
-        "ou=people,dc=nexb,dc=com", ldap.SCOPE_SUBTREE, "(samaccountname=%(user)s)"
+    AUTH_LDAP_START_TLS=False,
+    AUTH_LDAP_USER_DN_TEMPLATE="uid=%(user)s,ou=people,o=test",
+    AUTH_LDAP_USER_SEARCH=LDAPSearch("ou=people,o=test", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"),
+    AUTH_LDAP_UBIND_AS_AUTHENTICATING_USER=True,
+    AUTH_LDAP_USER_ATTR_MAP={
+        "first_name": "givenName",
+        "last_name": "sn",
+        "email": "mail",
+    },
+    AUTH_LDAP_GROUP_SEARCH=LDAPSearch(
+        "ou=groups,o=test", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
     ),
-    **LDAP_GROUP_SETTINGS,
+    AUTH_LDAP_GROUP_TYPE=GroupOfNamesType(),
 )
 class DejaCodeLDAPBackendTestCase(TestCase):
-    top = ("dc=com", {"dc": "com"})
-    nexb = ("dc=nexb,dc=com", {"dc": "nexb"})
-    people = ("ou=people,dc=nexb,dc=com", {"ou": "people"})
-    groups = ("ou=groups,dc=nexb,dc=com", {"ou": "groups"})
-
-    bob = (
-        "cn=bob,ou=people,dc=nexb,dc=com",
-        {
-            "cn": "bob",
-            "samaccountname": "bob",
-            "uid": ["bob"],
-            "userPassword": ["secret"],
-            "mail": ["bob@test.com"],
-            "givenName": ["Robert"],
-            "sn": ["Smith"],
-        },
-    )
-
-    group_active = (
-        "cn=active,ou=groups,dc=nexb,dc=com",
-        {
-            "cn": ["active"],
-            "objectClass": ["groupOfNames"],
-            "member": ["cn=bob,ou=people,dc=nexb,dc=com"],
-        },
-    )
-
-    group_not_in_database = (
-        "cn=not_in_database,ou=groups,dc=nexb,dc=com",
-        {
-            "cn": ["not_in_database"],
-            "objectClass": ["groupOfNames"],
-            "member": ["cn=bob,ou=people,dc=nexb,dc=com"],
-        },
-    )
-
-    group_superuser = (
-        "cn=superuser,ou=groups,dc=nexb,dc=com",
-        {
-            "cn": ["superuser"],
-            "objectClass": ["groupOfNames"],
-            "member": ["cn=bob,ou=people,dc=nexb,dc=com"],
-        },
-    )
-
-    # This is the content of our mock LDAP directory. It takes the form
-    # {dn: {attr: [value, ...], ...}, ...}.
-    directory = dict(
-        [
-            top,
-            nexb,
-            people,
-            groups,
-            bob,
-            group_active,
-            group_not_in_database,
-            group_superuser,
-        ]
-    )
+    server_class = slapdtest.SlapdObject
+    ldap_object_class = SimpleLDAPObject
 
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
         cls.configure_logger()
-        # We only need to create the MockLdap instance once. The content we
-        # pass in will be used for all LDAP connections.
-        cls.mockldap = MockLdap(cls.directory)
+
+        cls.server = cls.server_class()
+        cls.server.suffix = "o=test"
+        cls.server.openldap_schema_files = [
+            "core.ldif",
+            "cosine.ldif",
+            "inetorgperson.ldif",
+            "nis.ldif",
+        ]
+        cls.server.start()
+        cls.server.ldapadd(LDIF)
+
+        # Override the AUTH_LDAP_SERVER_URI with the dynamic URI
+        cls._settings_override = override_settings(AUTH_LDAP_SERVER_URI=cls.server.ldap_uri)
+        cls._settings_override.enable()
 
     @classmethod
     def tearDownClass(cls):
         super().tearDownClass()
-        del cls.mockldap
+        cls.server.stop()
+        # Disable the settings override
+        cls._settings_override.disable()
 
     @classmethod
     def configure_logger(cls):
@@ -145,24 +132,46 @@ def configure_logger(cls):
     def setUp(self):
         cache.clear()
 
-        # Patch ldap.initialize
-        self.mockldap.start()
-        self.ldapobj = self.mockldap["ldap://localhost/"]
-
-        # DejaCode objects
         self.nexb_dataspace = Dataspace.objects.create(name="nexB")
         self.dejacode_group_active = Group.objects.create(name="active")
         self.dejacode_group1 = Group.objects.create(name="group1")
-
         change_license_perm = Permission.objects.get_by_natural_key(
             "change_license", "license_library", "license"
         )
         self.dejacode_group_active.permissions.add(change_license_perm)
 
-    def tearDown(self):
-        # Stop patching ldap.initialize and reset state.
-        self.mockldap.stop()
-        del self.ldapobj
+    def test_ldap_authentication_populate_user(self):
+        user = authenticate(username="bob", password="secret")
+        self.assertEqual(user.username, "bob")
+        self.assertEqual(user.first_name, "Robert")
+        self.assertEqual(user.last_name, "Smith")
+        self.assertEqual(user.email, "bob@test.com")
+
+    def test_bind_and_search(self):
+        # Connect to the temporary slapd server
+        conn = self.ldap_object_class(self.server.ldap_uri)
+        conn.simple_bind_s(self.server.root_dn, self.server.root_pw)
+
+        # Search for the top entry
+        result = conn.search_s(self.server.suffix, ldap.SCOPE_BASE)
+        self.assertEqual(len(result), 1)
+        dn, entry = result[0]
+        self.assertEqual(dn, self.server.suffix)
+
+    def test_ldap_group_active_properly_setup_and_searchable(self):
+        conn = self.ldap_object_class(self.server.ldap_uri)
+        results = conn.search_s("ou=groups,o=test", ldap.SCOPE_ONELEVEL, "(cn=active)")
+        expected = [
+            (
+                "cn=active,ou=groups,o=test",
+                {
+                    "cn": [b"active"],
+                    "objectClass": [b"groupOfNames"],
+                    "member": [b"uid=bob,ou=people,o=test"],
+                },
+            )
+        ]
+        self.assertEqual(expected, results)
 
     @override_settings(AUTH_LDAP_AUTOCREATE_USER=False)
     def test_ldap_authentication_no_autocreate_user(self):
@@ -208,7 +217,7 @@ def test_ldap_authentication_autocreate_user_proper_dataspace(self):
         # Next login, the DB user is re-used
         self.assertTrue(self.client.login(username="bob", password="secret"))
 
-    @override_settings(AUTH_LDAP_USER_ATTR_MAP=AUTH_LDAP_USER_ATTR_MAP)
+    # @override_settings(AUTH_LDAP_USER_ATTR_MAP=AUTH_LDAP_USER_ATTR_MAP)
     def test_ldap_authentication_autocreate_user_with_attr_map(self):
         self.assertFalse(DejacodeUser.objects.filter(username="bob").exists())
 
@@ -221,7 +230,7 @@ def test_ldap_authentication_autocreate_user_with_attr_map(self):
         self.assertEqual(self.nexb_dataspace, created_user.dataspace)
 
     @override_settings(
-        AUTH_LDAP_USER_ATTR_MAP=AUTH_LDAP_USER_ATTR_MAP,
+        # AUTH_LDAP_USER_ATTR_MAP=AUTH_LDAP_USER_ATTR_MAP,
         AUTH_LDAP_ALWAYS_UPDATE_USER=True,
     )
     def test_ldap_authentication_update_user_with_attr_map(self):
@@ -243,22 +252,6 @@ def test_ldap_authentication_update_user_with_attr_map(self):
         self.assertEqual("bob@test.com", user.email)
         self.assertEqual(self.nexb_dataspace, user.dataspace)
 
-    def test_ldap_group_active_properly_setup_and_searchable(self):
-        conn = ldap.initialize("ldap://localhost/")
-        results = conn.search_s("ou=groups,dc=nexb,dc=com", ldap.SCOPE_ONELEVEL, "(cn=active)")
-
-        expected = [
-            (
-                "cn=active,ou=groups,dc=nexb,dc=com",
-                {
-                    "cn": ["active"],
-                    "objectClass": ["groupOfNames"],
-                    "member": ["cn=bob,ou=people,dc=nexb,dc=com"],
-                },
-            )
-        ]
-        self.assertEqual(expected, results)
-
     @override_settings(AUTH_LDAP_FIND_GROUP_PERMS=True)
     def test_ldap_authentication_group_permissions(self):
         bob = create_user("bob", self.nexb_dataspace, email="bob@test.com", is_staff=True)
@@ -390,3 +383,65 @@ def test_ldap_object_secured_access(self):
         # The `ObjectPermissionBackend` is not needed since `ProductSecuredManager.get_queryset()`
         # calls directly `guardian.shortcuts.get_objects_for_user`
         self.assertEqual(200, self.client.get(url).status_code)
+
+
+# class DejaCodeLDAPBackendTestCase(TestCase):
+#     top = ("dc=com", {"dc": "com"})
+#     nexb = ("dc=nexb,dc=com", {"dc": "nexb"})
+#     people = ("ou=people,dc=nexb,dc=com", {"ou": "people"})
+#     groups = ("ou=groups,dc=nexb,dc=com", {"ou": "groups"})
+#
+#     bob = (
+#         "cn=bob,ou=people,dc=nexb,dc=com",
+#         {
+#             "cn": "bob",
+#             "samaccountname": "bob",
+#             "uid": ["bob"],
+#             "userPassword": ["secret"],
+#             "mail": ["bob@test.com"],
+#             "givenName": ["Robert"],
+#             "sn": ["Smith"],
+#         },
+#     )
+#
+#     group_active = (
+#         "cn=active,ou=groups,dc=nexb,dc=com",
+#         {
+#             "cn": ["active"],
+#             "objectClass": ["groupOfNames"],
+#             "member": ["cn=bob,ou=people,dc=nexb,dc=com"],
+#         },
+#     )
+#
+#     group_not_in_database = (
+#         "cn=not_in_database,ou=groups,dc=nexb,dc=com",
+#         {
+#             "cn": ["not_in_database"],
+#             "objectClass": ["groupOfNames"],
+#             "member": ["cn=bob,ou=people,dc=nexb,dc=com"],
+#         },
+#     )
+#
+#     group_superuser = (
+#         "cn=superuser,ou=groups,dc=nexb,dc=com",
+#         {
+#             "cn": ["superuser"],
+#             "objectClass": ["groupOfNames"],
+#             "member": ["cn=bob,ou=people,dc=nexb,dc=com"],
+#         },
+#     )
+#
+#     # This is the content of our mock LDAP directory. It takes the form
+#     # {dn: {attr: [value, ...], ...}, ...}.
+#     directory = dict(
+#         [
+#             top,
+#             nexb,
+#             people,
+#             groups,
+#             bob,
+#             group_active,
+#             group_not_in_database,
+#             group_superuser,
+#         ]
+#     )
