fix ldap tests to not depend on external services

Author: jdaugherty

gradle.properties

@@ -20,6 +20,7 @@ projectVersion=7.0.0-SNAPSHOT
 grailsVersion=7.0.0-SNAPSHOT
 javaVersion=17
 
+unboundidLdapSdk=7.0.2
 apacheDsVersion=1.5.4
 asciidoctorGradlePluginVersion=4.0.4
 casClientCoreVersion=4.0.4

plugin-ldap/examples/custom-user-details-context-mapper/build.gradle

@@ -37,6 +37,9 @@ dependencies {
     implementation 'org.webjars:bootstrap:4.1.3'
     implementation 'org.webjars:jquery:3.3.1'
 
+    // to not depend on an external ldap server
+    implementation "com.unboundid:unboundid-ldapsdk:$unboundidLdapSdk"
+
     runtimeOnly 'com.bertramlabs.plugins:asset-pipeline-grails'
     runtimeOnly 'com.h2database:h2'
     runtimeOnly 'com.zaxxer:HikariCP'

plugin-ldap/examples/custom-user-details-context-mapper/grails-app/conf/application.groovy

@@ -47,12 +47,11 @@ grails {
 				authorityJoinClassName = 'com.test.UserRole'
 			}
 
-			// http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
 			ldap {
 				context {
-					managerDn = 'cn=read-only-admin,dc=example,dc=com'
-					managerPassword = 'password'
-					server = 'ldap://ldap.forumsys.com:389/' //'ldap://[ip]:[port]/'
+					managerDn = 'cn=admin,dc=example,dc=com'
+					managerPassword = 'secret'
+					server = System.getProperty('grails.test.ldap.url')
 				}
 				authorities {
 					ignorePartialResultException = true
@@ -61,7 +60,7 @@ grails {
 					defaultRole = 'ROLE_USER'
 				}
 				search {
-					base = 'dc=example,dc=com'
+					base = 'ou=people,dc=example,dc=com'
 				}
 			}
 		}

plugin-ldap/examples/custom-user-details-context-mapper/grails-app/init/com/test/Application.groovy

@@ -19,14 +19,70 @@
 
 package com.test
 
+import com.unboundid.ldap.listener.InMemoryDirectoryServer
+import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig
+import com.unboundid.ldap.listener.InMemoryListenerConfig
+import com.unboundid.ldap.sdk.Attribute
+import com.unboundid.ldap.sdk.Entry
 import grails.boot.GrailsApp
 import grails.boot.config.GrailsAutoConfiguration
 
 import groovy.transform.CompileStatic
 
 @CompileStatic
 class Application extends GrailsAutoConfiguration {
+    static InMemoryDirectoryServer directoryServer
     static void main(String[] args) {
+        InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig('dc=example,dc=com')
+        config.addAdditionalBindCredentials('cn=admin,dc=example,dc=com', 'secret')
+        config.setListenerConfigs(
+                InMemoryListenerConfig.createLDAPConfig(
+                        'default',
+                        null,
+                        0,
+                        null,
+                        false,
+                        false
+                )
+        )
+
+        directoryServer = new InMemoryDirectoryServer(config)
+        Entry base = new Entry(
+                "dc=example,dc=com",
+                new Attribute("objectClass", "top", "domain"),
+                new Attribute("dc", "example"))
+        directoryServer.add(base)
+
+        Entry people = new Entry(
+                "ou=people,dc=example,dc=com",
+                new Attribute("objectClass", "top", "organizationalUnit"),
+                new Attribute("ou", "people"));
+        directoryServer.add(people)
+
+        Entry jane = new Entry(
+                "uid=jane,ou=people,dc=example,dc=com",
+                new Attribute("objectClass", "inetOrgPerson"),
+                new Attribute("uid", "jane"),
+                new Attribute("cn", "Jane Doe"),
+                new Attribute("sn", "Doe"),
+                new Attribute("mail", "jane@example.com"),
+                new Attribute("telephoneNumber", "+1 555 111 2222"),
+                new Attribute("userPassword", "password")
+        )
+        directoryServer.add(jane)
+
+        directoryServer.startListening()
+
+        System.setProperty('grails.test.ldap.url', "ldap://localhost:${directoryServer.getListenPort()}" as String)
+
         GrailsApp.run(Application, args)
     }
+
+    @Override
+    void onShutdown(Map<String, Object> event) {
+        if(directoryServer) {
+            directoryServer.close()
+            directoryServer = null
+        }
+    }
 }

plugin-ldap/examples/custom-user-details-context-mapper/src/integration-test/groovy/com/test/CustomUserDetailsContextMapperFunctionalSpec.groovy

@@ -19,12 +19,14 @@
 
 package com.test
 
+import grails.plugin.geb.ContainerGebConfiguration
 import grails.testing.mixin.integration.Integration
 import pages.IndexPage
 import pages.SecureSuperuserPage
 import pages.SecureUserPage
 
 @Integration
+@ContainerGebConfiguration(reporting = true)
 class CustomUserDetailsContextMapperFunctionalSpec extends AbstractSecurityFunctionalSpec {
 
 	void 'secured urls are not visible without auth'() {
@@ -49,13 +51,15 @@ class CustomUserDetailsContextMapperFunctionalSpec extends AbstractSecurityFunct
 		assertContentContains 'Please Login'
 
 		when:
-		login 'galileo', 'password'
+		report("At Login")
+		login 'jane', 'password'
 
 		then:
 		at SecureUserPage
+		report("At secured")
 
 		and:
-		assertContentContains('galileo@ldap.forumsys.com')
+		assertContentContains('jane@example.com')
 
 		when:
 		logout()

plugin-ldap/examples/retrieve-group-roles/build.gradle

@@ -36,6 +36,9 @@ dependencies {
     implementation 'org.webjars:bootstrap:4.1.3'
     implementation 'org.webjars:jquery:3.3.1'
 
+    // to not depend on an external ldap server
+    implementation "com.unboundid:unboundid-ldapsdk:$unboundidLdapSdk"
+
     runtimeOnly 'com.bertramlabs.plugins:asset-pipeline-grails'
     runtimeOnly 'com.h2database:h2'
     runtimeOnly 'com.zaxxer:HikariCP'

plugin-ldap/examples/retrieve-group-roles/grails-app/conf/application.groovy

@@ -18,53 +18,52 @@
  */
 
 grails {
-	plugin {
-		springsecurity {
-			authority {
-				className = 'com.test.Role'
-			}
-			controllerAnnotations.staticRules = [
-				[pattern: '/',               access: 'permitAll'],
-				[pattern: '/logoff',         access: 'permitAll'],
-				[pattern: '/error',          access: 'permitAll'],
-				[pattern: '/index',          access: 'permitAll'],
-				[pattern: '/index.gsp',      access: 'permitAll'],
-				[pattern: '/shutdown',       access: 'permitAll'],
-				[pattern: '/assets/**',      access: 'permitAll'],
-				[pattern: '/secure/users',   access: 'permitAll'],
-				[pattern: '/**/js/**',       access: 'permitAll'],
-				[pattern: '/**/css/**',      access: 'permitAll'],
-				[pattern: '/**/images/**',   access: 'permitAll'],
-				[pattern: '/**/favicon.ico', access: 'permitAll']
-			]
-			password.algorithm = 'SHA-256'
-			rememberMe {
-				persistent = true
-				persistentToken.domainClassName = 'com.test.PersistentLogin'
-			}
-			userLookup {
-				userDomainClassName = 'com.test.User'
-				authorityJoinClassName = 'com.test.UserRole'
-			}
+    plugin {
+        springsecurity {
+            authority {
+                className = 'com.test.Role'
+            }
+            controllerAnnotations.staticRules = [
+                    [pattern: '/', access: 'permitAll'],
+                    [pattern: '/logoff', access: 'permitAll'],
+                    [pattern: '/error', access: 'permitAll'],
+                    [pattern: '/index', access: 'permitAll'],
+                    [pattern: '/index.gsp', access: 'permitAll'],
+                    [pattern: '/shutdown', access: 'permitAll'],
+                    [pattern: '/assets/**', access: 'permitAll'],
+                    [pattern: '/secure/users', access: 'permitAll'],
+                    [pattern: '/**/js/**', access: 'permitAll'],
+                    [pattern: '/**/css/**', access: 'permitAll'],
+                    [pattern: '/**/images/**', access: 'permitAll'],
+                    [pattern: '/**/favicon.ico', access: 'permitAll']
+            ]
+            password.algorithm = 'SHA-256'
+            rememberMe {
+                persistent = true
+                persistentToken.domainClassName = 'com.test.PersistentLogin'
+            }
+            userLookup {
+                userDomainClassName = 'com.test.User'
+                authorityJoinClassName = 'com.test.UserRole'
+            }
 
-			// http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
-			ldap {
-				context {
-					managerDn = 'cn=read-only-admin,dc=example,dc=com'
-					managerPassword = 'password'
-					server = 'ldap://ldap.forumsys.com:389/' //'ldap://[ip]:[port]/'
-				}
-				authorities {
-					ignorePartialResultException = true
-					retrieveGroupRoles = true
-					groupSearchBase='ou=mathematicians,dc=example,dc=com'
-					retrieveDatabaseRoles = true
-					defaultRole = 'ROLE_USER'
-				}
-				search {
-					base = 'dc=example,dc=com'
-				}
-			}
-		}
-	}
+            ldap {
+                context {
+                    managerDn = 'cn=admin,dc=example,dc=com'
+                    managerPassword = 'secret'
+                    server = System.getProperty('grails.test.ldap.url')
+                }
+                authorities {
+                    ignorePartialResultException = true
+                    retrieveGroupRoles = true
+                    groupSearchBase = 'ou=mathematicians,dc=example,dc=com'
+                    retrieveDatabaseRoles = true
+                    defaultRole = 'ROLE_USER'
+                }
+                search {
+                    base = 'dc=example,dc=com'
+                }
+            }
+        }
+    }
 }

plugin-ldap/examples/retrieve-group-roles/grails-app/init/com/test/Application.groovy

@@ -19,14 +19,125 @@
 
 package com.test
 
+import com.unboundid.ldap.listener.InMemoryDirectoryServer
+import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig
+import com.unboundid.ldap.listener.InMemoryListenerConfig
+import com.unboundid.ldap.sdk.Attribute
+import com.unboundid.ldap.sdk.Entry
 import grails.boot.GrailsApp
 import grails.boot.config.GrailsAutoConfiguration
 
 import groovy.transform.CompileStatic
 
 @CompileStatic
 class Application extends GrailsAutoConfiguration {
+    static InMemoryDirectoryServer directoryServer
+    static private Entry scientistsUnit
+
     static void main(String[] args) {
+        InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig('dc=example,dc=com')
+        config.addAdditionalBindCredentials('cn=admin,dc=example,dc=com', 'secret')
+        config.setListenerConfigs(
+                InMemoryListenerConfig.createLDAPConfig(
+                        'default',
+                        null,
+                        0,
+                        null,
+                        false,
+                        false
+                )
+        )
+
+        directoryServer = new InMemoryDirectoryServer(config)
+        Entry base = new Entry(
+                'dc=example,dc=com',
+                new Attribute('objectClass', 'top', 'domain'),
+                new Attribute('dc', 'example'))
+        directoryServer.add(base)
+
+        Entry people = new Entry(
+                'ou=people,dc=example,dc=com',
+                new Attribute('objectClass', 'top', 'organizationalUnit'),
+                new Attribute('ou', 'people'));
+        directoryServer.add(people)
+
+        def mathematiciansUnit = new Entry('ou=mathematicians,dc=example,dc=com',
+                new Attribute('objectClass', 'top', 'organizationalUnit'),
+                new Attribute('ou', 'mathematicians'))
+        directoryServer.add(mathematiciansUnit)
+
+        scientistsUnit = new Entry('ou=scientists,dc=example,dc=com',
+                new Attribute('objectClass', 'top', 'organizationalUnit'),
+                new Attribute('ou', 'scientists'))
+        directoryServer.add(scientistsUnit)
+
+        Entry jane = new Entry(
+                'uid=jane,ou=people,dc=example,dc=com',
+                new Attribute('objectClass', 'inetOrgPerson'),
+                new Attribute('uid', 'jane'),
+                new Attribute('cn', 'Jane Doe'),
+                new Attribute('sn', 'Doe'),
+                new Attribute('mail', 'jane@example.com'),
+                new Attribute('telephoneNumber', '+1 555 111 2222'),
+                new Attribute('userPassword', 'password')
+        )
+        directoryServer.add(jane)
+
+        for (String uid : ['riemann', 'gauss', 'euler', 'euclid']) {
+            directoryServer.add(new Entry(
+                    "uid=${uid},ou=mathematicians,dc=example,dc=com" as String,
+                    new Attribute('objectClass', 'inetOrgPerson'),
+                    new Attribute('uid', uid),
+                    new Attribute('cn', uid.substring(0, 1).toUpperCase() + uid.substring(1)),
+                    new Attribute('sn', uid.substring(0, 1).toUpperCase() + uid.substring(1)),
+                    new Attribute('userPassword', 'password')
+            ))
+        }
+
+        Entry mathGroup = new Entry(
+                'cn=mathematicians,ou=mathematicians,dc=example,dc=com',
+                new Attribute('objectClass', 'top', 'groupOfUniqueNames'),
+                new Attribute('cn', 'mathematicians'),
+                new Attribute('uniqueMember',
+                        'uid=riemann,ou=mathematicians,dc=example,dc=com',
+                        'uid=gauss,ou=mathematicians,dc=example,dc=com',
+                        'uid=euler,ou=mathematicians,dc=example,dc=com',
+                        'uid=euclid,ou=mathematicians,dc=example,dc=com'))
+        directoryServer.add(mathGroup)
+
+        for (String uid : ['einstein', 'newton', 'galieleo', 'tesla']) {
+            directoryServer.add(new Entry(
+                    "uid=${uid},ou=scientists,dc=example,dc=com" as String,
+                    new Attribute('objectClass', 'inetOrgPerson'),
+                    new Attribute('uid', uid),
+                    new Attribute('cn', uid.substring(0, 1).toUpperCase() + uid.substring(1)),
+                    new Attribute('sn', uid.substring(0, 1).toUpperCase() + uid.substring(1)),
+                    new Attribute('userPassword', 'password')
+            ))
+        }
+        Entry scientistGroup = new Entry(
+                'cn=scientists,ou=scientists,dc=example,dc=com',
+                new Attribute('objectClass', 'top', 'groupOfUniqueNames'),
+                new Attribute('cn', 'scientists'),
+                new Attribute('uniqueMember',
+                        'uid=einstein,ou=scientists,dc=example,dc=com',
+                        'uid=newton,ou=scientists,dc=example,dc=com',
+                        'uid=galieleo,ou=scientists,dc=example,dc=com',
+                        'uid=tesla,ou=scientists,dc=example,dc=com'))
+        directoryServer.add(scientistGroup)
+
+        directoryServer.startListening()
+
+        System.setProperty('grails.test.ldap.url', "ldap://localhost:${directoryServer.getListenPort()}" as String)
+
         GrailsApp.run(Application, args)
     }
+
+    @Override
+    void onShutdown(Map<String, Object> event) {
+        if (directoryServer) {
+            directoryServer.close()
+            directoryServer = null
+        }
+    }
 }