1 files changed, 98 insertions, 0 deletions
diff --git a/build/integration/openldap_numerical_features/openldap-numerical-id.feature b/build/integration/openldap_numerical_features/openldap-numerical-id.feature
new file mode 100644
index 00000000000..f4d2b1d77d2
--- /dev/null
+++ b/build/integration/openldap_numerical_features/openldap-numerical-id.feature
@@ -0,0 +1,98 @@
+# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
+Feature: LDAP
+  Background:
+    Given using api version "2"
+    And having a valid LDAP configuration
+    And modify LDAP configuration
+      | ldapExpertUsernameAttr | employeeNumber |
+      | ldapLoginFilter        | (&(objectclass=inetorgperson)(employeeNumber=%uid)) |
+
+# Those tests are dedicated to ensure Nc is working when it is provided with
+# users having numerical IDs
+
+Scenario: Look for a expected LDAP users
+  Given As an "admin"
+  And sending "GET" to "/cloud/users"
+  Then the OCS status code should be "200"
+  And the "users" result should match
+    | 92379 | 1 |
+    | 50194 | 1 |
+
+Scenario: check default home of an LDAP user
+  Given As an "admin"
+  And sending "GET" to "/cloud/users/92379"
+  Then the OCS status code should be "200"
+  And the record's fields should match
+    | storageLocation | /dev/shm/nc_int/92379 |
+
+Scenario: Test by logging in
+  Given cookies are reset
+  And Logging in using web as "92379"
+  And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+  Then the HTTP status code should be "200"
+
+Scenario: Test LDAP group retrieval with numeric group ids and nesting
+  # Nesting does not play a role here really
+  Given modify LDAP configuration
+    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+    | ldapGroupFilter               | (objectclass=groupOfNames) |
+    | ldapGroupMemberAssocAttr      | member |
+    | ldapNestedGroups              | 1 |
+    | useMemberOfToDetectMembership | 1 |
+  And As an "admin"
+  And sending "GET" to "/cloud/groups"
+  Then the OCS status code should be "200"
+  And the "groups" result should match
+    | 2000 | 1 |
+    | 3000 | 1 |
+    | 3001 | 1 |
+    | 3002 | 1 |
+
+Scenario: Test LDAP group membership with intermediate groups not matching filter, numeric group ids
+  Given modify LDAP configuration
+    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+    | ldapGroupFilter               | (&(cn=2000)(objectclass=groupOfNames)) |
+    | ldapNestedGroups              | 1 |
+    | useMemberOfToDetectMembership | 1 |
+    | ldapUserFilter                | (&(objectclass=inetorgperson)(!(uid=alice))) |
+    | ldapGroupMemberAssocAttr      | member |
+  And As an "admin"
+  # for population
+  And sending "GET" to "/cloud/groups"
+  And sending "GET" to "/cloud/groups/2000/users"
+  Then the OCS status code should be "200"
+  And the "users" result should match
+    | 92379 | 0 |
+    | 54172 | 1 |
+    | 50194 | 1 |
+    | 59376 | 1 |
+    | 59463 | 1 |
+
+Scenario: Test LDAP admin group mapping, empowered user
+  Given modify LDAP configuration
+    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+    | ldapGroupFilter               | (objectclass=groupOfNames) |
+    | ldapGroupMemberAssocAttr      | member |
+    | ldapAdminGroup                | 3001   |
+    | useMemberOfToDetectMembership | 1 |
+  And cookies are reset
+  # alice, part of the promoted group
+  And Logging in using web as "92379"
+  And sending "GET" to "/cloud/groups"
+  And sending "GET" to "/cloud/groups/2000/users"
+  And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
+  Then the HTTP status code should be "200"
+
+Scenario: Test LDAP admin group mapping, regular user (no access)
+    Given modify LDAP configuration
+      | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
+      | ldapGroupFilter               | (objectclass=groupOfNames) |
+      | ldapGroupMemberAssocAttr      | member |
+      | ldapAdminGroup                | 3001   |
+      | useMemberOfToDetectMembership | 1 |
+    And cookies are reset
+    # gustaf, not part of the promoted group
+    And Logging in using web as "59376"
+    And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
+    Then the HTTP status code should be "403"