build/integration/ldap_features/ldap-openldap.feature


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

# SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
Feature: LDAP
  Background:
    Given using api version "2"
    And having a valid LDAP configuration

  Scenario: Test valid configuration by logging in
    Given Logging in using web as "alice"
    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
    Then the HTTP status code should be "200"

  Scenario: Test valid configuration with port in the hostname by logging in
    Given modify LDAP configuration
      | ldapHost | openldap:389 |
    And cookies are reset
    And Logging in using web as "alice"
    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
    Then the HTTP status code should be "200"

  Scenario: Test valid configuration with LDAP protocol by logging in
    Given modify LDAP configuration
      | ldapHost | ldap://openldap |
    And cookies are reset
    And Logging in using web as "alice"
    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
    Then the HTTP status code should be "200"

  Scenario: Test valid configuration with LDAP protocol and port by logging in
    Given modify LDAP configuration
      | ldapHost | ldap://openldap:389 |
    And cookies are reset
    And Logging in using web as "alice"
    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
    Then the HTTP status code should be "200"

  Scenario: Look for a known LDAP user
    Given As an "admin"
    And sending "GET" to "/cloud/users?search=alice"
    Then the OCS status code should be "200"
    And looking up details for the first result matches expectations
      | email           | alice@nextcloud.ci |
      | displayname     | Alice              |

  Scenario: Test group filter with one specific group
    Given modify LDAP configuration
      | ldapGroupFilter          | cn=RedGroup |
      | ldapGroupMemberAssocAttr | member |
      | ldapBaseGroups           | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci  |
    And As an "admin"
    And sending "GET" to "/cloud/groups"
    Then the OCS status code should be "200"
    And the "groups" result should match
      | RedGroup     | 1 |
      | GreenGroup   | 0 |
      | BlueGroup    | 0 |
      | PurpleGroup  | 0 |

  Scenario: Test group filter with two specific groups
    Given modify LDAP configuration
      | ldapGroupFilter          | (\|(cn=RedGroup)(cn=GreenGroup)) |
      | ldapGroupMemberAssocAttr | member |
      | ldapBaseGroups           | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
    And As an "admin"
    And sending "GET" to "/cloud/groups"
    Then the OCS status code should be "200"
    And the "groups" result should match
      | RedGroup     | 1 |
      | GreenGroup   | 1 |
      | BlueGroup    | 0 |
      | PurpleGroup  | 0 |

  Scenario: Test group filter ruling out a group from a different base
    Given modify LDAP configuration
      | ldapGroupFilter          | (objectClass=groupOfNames) |
      | ldapGroupMemberAssocAttr | member |
      | ldapBaseGroups           | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
    And As an "admin"
    And sending "GET" to "/cloud/groups"
    Then the OCS status code should be "200"
    And the "groups" result should match
      | RedGroup     | 1 |
      | GreenGroup   | 1 |
      | BlueGroup    | 1 |
      | PurpleGroup  | 1 |
      | SquareGroup  | 0 |

  Scenario: Test backup server
    Given modify LDAP configuration
      | ldapBackupHost | openldap |
      | ldapBackupPort | 389      |
      | ldapHost       | foo.bar  |
      | ldapPort       | 2456     |
    And Logging in using web as "alice"
    Then the HTTP status code should be "200"

  Scenario: Test backup server offline
    Given modify LDAP configuration
      | ldapBackupHost | off.line |
      | ldapBackupPort | 3892     |
      | ldapHost       | foo.bar  |
      | ldapPort       | 2456     |
    Then Expect ServerException on failed web login as "alice"

  Scenario: Test LDAP server offline, no backup server
    Given modify LDAP configuration
      | ldapHost       | foo.bar  |
      | ldapPort       | 2456     |
    Then Expect ServerException on failed web login as "alice"

  Scenario: Test LDAP group membership with intermediate groups not matching filter
    Given modify LDAP configuration
      | ldapBaseGroups                | ou=OtherGroups,dc=nextcloud,dc=ci |
      | ldapGroupFilter               | (&(cn=Gardeners)(objectclass=groupOfNames)) |
      | ldapNestedGroups              | 1 |
      | useMemberOfToDetectMembership | 1 |
      | ldapUserFilter                | (&(objectclass=inetorgperson)(!(uid=alice))) |
      | ldapExpertUsernameAttr        | uid |
      | ldapGroupMemberAssocAttr      | member |
    And As an "admin"
    # for population
    And sending "GET" to "/cloud/groups"
    And sending "GET" to "/cloud/groups/Gardeners/users"
    Then the OCS status code should be "200"
    And the "users" result should match
      | alice  | 0 |
      | clara  | 1 |
      | elisa  | 1 |
      | gustaf | 1 |
      | jesper | 1 |

  Scenario: Test LDAP group membership with intermediate groups not matching filter and without memberof
    Given modify LDAP configuration
      | ldapBaseGroups                | ou=OtherGroups,dc=nextcloud,dc=ci |
      | ldapGroupFilter               | (&(cn=Gardeners)(objectclass=groupOfNames)) |
      | ldapNestedGroups              | 1 |
      | useMemberOfToDetectMembership | 0 |
      | ldapUserFilter                | (&(objectclass=inetorgperson)(!(uid=alice))) |
      | ldapExpertUsernameAttr        | uid |
      | ldapGroupMemberAssocAttr      | member |
    And As an "admin"
    # for population
    And sending "GET" to "/cloud/groups"
    And sending "GET" to "/cloud/groups/Gardeners/users"
    Then the OCS status code should be "200"
    And the "users" result should match
      | alice  | 0 |
      | clara  | 1 |
      | elisa  | 1 |
      | gustaf | 1 |
      | jesper | 1 |

  Scenario: Test LDAP group membership with intermediate groups not matching filter, numeric group ids
    Given modify LDAP configuration
      | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
      | ldapGroupFilter               | (&(cn=2000)(objectclass=groupOfNames)) |
      | ldapNestedGroups              | 1 |
      | useMemberOfToDetectMembership | 1 |
      | ldapUserFilter                | (&(objectclass=inetorgperson)(!(uid=alice))) |
      | ldapExpertUsernameAttr        | uid |
      | ldapGroupMemberAssocAttr      | member |
    And As an "admin"
    # for population
    And sending "GET" to "/cloud/groups"
    And sending "GET" to "/cloud/groups/2000/users"
    Then the OCS status code should be "200"
    And the "users" result should match
      | alice  | 0 |
      | clara  | 1 |
      | elisa  | 1 |
      | gustaf | 1 |
      | jesper | 1 |