testing ldap implementations
play

Testing LDAP Implementations Emmanuel Lcharny Do who need tests - PowerPoint PPT Presentation

Apr 13, 2023 •217 likes •501 views

Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't need it... We have users ! We have users ! LDAP project phases Initial analysis Development + tests Costs Conformance tests Tests are

  1. Testing LDAP Implementations Emmanuel Lécharny

  2. Do who need tests anyway ? OSS projects don't need it... We have users !

  3. We have users !

  4. LDAP project phases • Initial analysis • Development + tests Costs • Conformance tests Tests are costly, and must be run frequently...

  5. LDAP Tests • Unit tests • Integration tests • Performance tests

  6. I

  7. Unit Tests in Java • Need a server we can launch • Need an API • More than that, need some mechanism to speed up tests

  8. ApacheDS test framework • We can start a server using annotations • We provide an easy to use API • Tests can be run concurrently • No need to start/stop or cleanup the server for each test

  9. Simple test • Creation of a DirectoryService • Creation of a LdapServer • Extends AbstractLdapTestUnit • Get an LdapConnection • And now we can send requests...

  10. Code @RunWith(FrameworkRunner.class class) // Define the DirectoryService @CreateDS() // Define the LDAP protocol layer @CreateLdapServer( transports = { @CreateTransport(protocol = "LDAP") }) public public class class A_SimpleServerTest extends extends AbstractLdapTestUnit { /** * A simple test */ @Test public public void void test() throws throws Exception { LdapServer ldapServer = getLdapServer (); // Get an admin connection on the defined server LdapConnection connection = new new LdapNetworkConnection( "localhost", ldapServer.getPort() ); connection.bind( "uid=admin,ou=system", "secret" ); // Check that we can read an entry assertNotNull ( connection.lookup( "ou=system" ) ); // And close the connection connection.close(); } }

  11. Test with entries injection • Same as the previous example • Injection of entries with @ApplyLdifs @ApplyLdifs or @ApplyLdifFiles @ApplyLdifFiles

  12. Code @ApplyLdifs( // Inject an entry { // Entry # 1 "dn: uid=elecharny,ou=users,ou=system", "objectClass: uidObject", "objectClass: person", "objectClass: top", "uid: elecharny", "cn: Emmanuel Lécharny", "sn: lecharny", "userPassword: emmanuel" }) @CreateDS() // Define the DirectoryService @CreateLdapServer( // Define the LDAP protocol layer transports = { @CreateTransport(protocol = "LDAP") }) public public class class B_LdifEntryServerTest extends extends AbstractLdapTestUnit { /** * A test where we bind using the added entry credentials */ @Test public public void void testBindUser() throws throws Exception { // Get a connection (not bound yet) on the server LdapConnection connection = getWiredConnection ( getLdapServer () ); connection.bind( "uid=elecharny,ou=users,ou=system", "emmanuel" ); // Check that we can read an entry assertNotNull ( connection.lookup( "uid=elecharny,ou=users,ou=system" ) ); // And close the connection connection.close(); } }

  13. Test with partition creation • Creation of a DirectoryService • Creation of a Partition • Creation of indexes • Etc...

  14. Code @RunWith(FrameworkRunner.class class) // Define the DirectoryService @CreateDS( partitions = { @CreatePartition( name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry( entryLdif = "dn: dc=example,dc=com\n" + "dc: example\n" + "objectClass: top\n" + "objectClass: domain\n\n" ), indexes = { @CreateIndex( attribute = "objectClass" ), @CreateIndex( attribute = "dc" ), @CreateIndex( attribute = "ou" ) } ) }) @CreateLdapServer( // Define the LDAP protocol layer transports = { @CreateTransport(protocol = "LDAP") }) public public class class D_ServerWithPartitionTest extends extends AbstractLdapTestUnit { @Test public public void void test() throws throws Exception { // Get an admin connection on the defined server LdapConnection connection = getWiredConnection ( getLdapServer (), "uid=admin,ou=system", "secret" ); // Check that we can read the Example context entry assertNotNull ( connection.lookup( "dc=example,dc=com" ) ); ...

  15. Saving start/stop delays • No need to start a fresh server for each test • No need to revert the modifjcations when the test is done • Automatic rollback • OTOH, kills concurrent tests...

  16. Defjning more than one server • May be needed • Can be associated to a suite, a class or a method

  17. Modifying the schema • Easy to modify • Use @ApplyLdifs or @ApplyLidfFiles for that purpose • Will be reverted when the test will end, as usual

  18. II

  19. JMeter • User friendly GUI • Tests can be exported and executed • Remote agents can be used • No code needed

  20. III

  21. API • Schema aware • Easy to use • Deal locally with comparisons

  22. Problem @ApplyLdifs( { // Entry # 1 "dn: cn=Test Lookup,ou=system", "objectClass: person", "cn: Test Lookup", "sn: sn test" }) public void testLookupCn() throws Exception { LdapConnection connection = LdapConnection connection = getWiredConnection ( getLdapServer (), "uid=admin,ou=system", "secret" ); Entry entry = connection.lookup( Entry entry = connection.lookup( "cn=test lookup,ou=system", "cn" ); assertNotNull ( entry ); // Check that we don't have any operational attributes : // We should have only 3 attributes : objectClass, cn and sn assertEquals ( 1, entry.size() ); // Check that all the user attributes are present assertTrue ( entry.contains( "cn", "Test Lookup" ) ); assertFalse ( entry.contains( "cn", "test lookup" ) ); assertFalse ( entry.contains( "2.5.4.3", "test lookup" ) ); assertFalse ( entry.contains( "CN", " test LOOKUP " ) ); } }

  23. Solution @ApplyLdifs( { // Entry # 1 "dn: cn=Test Lookup,ou=system", "objectClass: person", "cn: Test Lookup", "sn: sn test" }) public void testLookupCn() throws Exception { LdapConnection connection = LdapConnection connection = getWiredConnection ( getLdapServer (), "uid=admin,ou=system", "secret" ); // Make the connection schema aware connection.loadSchema(); Entry entry = connection.lookup( Entry entry = connection.lookup( "cn=test lookup,ou=system", "cn" ); assertNotNull ( entry ); // Check that we don't have any operational attributes : // We should have only 3 attributes : objectClass, cn and sn assertEquals ( 1, entry.size() ); // Check that all the user attributes are present assertTrue ( entry.contains( "cn", "Test Lookup" ) ); assertTrue ( entry.contains( "cn", "test lookup" ) ); assertTrue ( entry.contains( "2.5.4.3", "test lookup" ) ); assertTrue ( entry.contains( "CN", " test LOOKUP " ) ); } }

  24. IV

  25. Future • Use Studio to register scenarii • 'Reboot' Slamd effort (or design a new tool) • Provide a Groovy LDAP API • Add LDAP assertions • Make the Java tests able to start another server • LDAPUnit : a dedicated LDAP test framework

  26. Thanks !

  27. Q/R

Recommend

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP LDAP Servers Information Structure Protocol Overview LDAP operations UNDERSTANDING LDAP LDAP stands for Lightweight Directory Access

268 views • 12 slides
LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

What is LDAP Lightweight Directory Access Protocol Phonebook Based on X.500 DAP on OSI stack Developed in '93 @ UMich LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many implementations OpenLDAP

544 views • 6 slides
How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

Getting Started What do you already know about ldap ? . . . . . . . . . . . . . . slide #3 What Do You Want? . . . . . . . . . . . . . . . . . . . . . . . . . . . . slide #4 Argument for LDAP Account Information . . . . . . . . . . . . . . . . .

442 views • 26 slides
Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View Implementations Designing testable code High-level Model-View design T est-drivers and mock objects Unit test execution KDE ItemViews

268 views • 23 slides
Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan

Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan

IWCT2017 (ICST 2017 Workshop), Tokyo, Mar 13, 2017 Combinatorial Testing on Im Implementations of f HTML5 Support Xi Deng, Tianyong Wu, Jun Yan and Jian Zhang Institute of Software, Chinese Academy of Sciences dengxi15@otcaix.iscas.ac.cn

670 views • 21 slides
LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com http://www.samba.org/~idra What is LDB ? LDB is an LDAP-like database interface LDAP-like data model support LDAP like search expressions but it

1.03k views • 24 slides
Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution Felix Rath ,

Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution Felix Rath ,

Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution Felix Rath , Daniel Schemmel, Klaus Wehrle https://comsys.rwth-aachen.de EPIQ Workshop, Heraklion, Greece, 2018-12-04 QUANT ? Mozquic ? mvfst ? picoquic ?

1.45k views • 97 slides
DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999 Peter Gietz, University of Tbingen Peter.Gietz@directory.dfn.de DESIRE LDAP Index system

855 views • 12 slides
Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002 andrew.findlay@skills-1st.co.uk Security with LDAP Applications of LDAP White Pages NIS (Network Information System) Authentication

257 views • 15 slides
KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC attributes except for those used to store key data Keys Extension draft: Defines attributes used to store key data Flow of Data to LDAP

798 views • 10 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg <roland.hedberg@adm.umu.se> The transition -starting point Admin interface LDAP Scripts The transition - toward nirvana Admin interface LDAP Scripts

497 views • 22 slides
dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit of History Number of systems Own user administra:on system Some users had access

519 views • 10 slides
UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity System UCSBnetID authentication UCSB-wide student and employee info http://www.identity.ucsb.edu/ LDAP Overview Lightweight Directory Access Protocol

604 views • 24 slides
Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands

231 views • 6 slides
Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic Poitou OpenDS ludovic.poitou@sun.com A poor man's choice: JNDI or JLDAP/Netscape LDAP SDK Good News: Apache Directory Client API OpenDS

678 views • 20 slides
Testing QUIC with packetdrill Vidhi Goel , Rui Paulo, Christoph Paasch Apple Inc SIGCOMM EPIQ

Testing QUIC with packetdrill Vidhi Goel , Rui Paulo, Christoph Paasch Apple Inc SIGCOMM EPIQ

Testing QUIC with packetdrill Vidhi Goel , Rui Paulo, Christoph Paasch Apple Inc SIGCOMM EPIQ August 14 2020 Is QUIC ready to ship? Unit testing Inter-op testing between ~20 implementations Performance sanity of HTTP/3 vs HTTP/2

366 views • 20 slides
Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP entry Indicate on attendance sheet Announcements Plan for today Its Co-op time Building a software system Orientation

475 views • 3 slides
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations Chad Brubaker Suman Jana Baishakhi Ray Sarfraz Khurshid Vitaly Shmatikov 116033910063 Content SSL/TLS

201 views • 18 slides
How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories Nick Urbanik How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of Vocational Education (Tsing Yi), Department of ICT Nick Urbanik

1.17k views • 106 slides
Singular value decomposition and its implementations W Wen Zhang Zh Anastasios Arvanitis Asif

Singular value decomposition and its implementations W Wen Zhang Zh Anastasios Arvanitis Asif

Singular value decomposition and its implementations W Wen Zhang Zh Anastasios Arvanitis Asif Al Rasheed Outlines Outlines Implementation of indirect method Matlab code Testing results Implementation of direct method

409 views • 13 slides
Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array Vector Linked Chain 2 Stack ADT #ifndef STACK_H_ #define STACK_H_ template<<typename ItemType> class

1.19k views • 71 slides
Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail

Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail

Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail (Cant change in mycourses) Jon, your mail bounced March 17 Lets settle things after class Enter stage left Spacethe final

382 views • 5 slides
Emulation in ns Presented by Alefiya Hussain What is Emulation Ability to introduce the

Emulation in ns Presented by Alefiya Hussain What is Emulation Ability to introduce the

Emulation in ns Presented by Alefiya Hussain What is Emulation Ability to introduce the simulator into a live network Application: Allows testing real-world implementations Allows testing simulated protocols Requirements

374 views • 13 slides

More recommend