aboutsummaryrefslogtreecommitdiffstats
path: root/build/integration/openldap_numerical_features/openldap-numerical-id.feature
blob: f4d2b1d77d2757167c31effccb47b5c48b72c680 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
Feature: LDAP
  Background:
    Given using api version "2"
    And having a valid LDAP configuration
    And modify LDAP configuration
      | ldapExpertUsernameAttr | employeeNumber |
      | ldapLoginFilter        | (&(objectclass=inetorgperson)(employeeNumber=%uid)) |

# Those tests are dedicated to ensure Nc is working when it is provided with
# users having numerical IDs

Scenario: Look for a expected LDAP users
  Given As an "admin"
  And sending "GET" to "/cloud/users"
  Then the OCS status code should be "200"
  And the "users" result should match
    | 92379 | 1 |
    | 50194 | 1 |

Scenario: check default home of an LDAP user
  Given As an "admin"
  And sending "GET" to "/cloud/users/92379"
  Then the OCS status code should be "200"
  And the record's fields should match
    | storageLocation | /dev/shm/nc_int/92379 |

Scenario: Test by logging in
  Given cookies are reset
  And Logging in using web as "92379"
  And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
  Then the HTTP status code should be "200"

Scenario: Test LDAP group retrieval with numeric group ids and nesting
  # Nesting does not play a role here really
  Given modify LDAP configuration
    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
    | ldapGroupFilter               | (objectclass=groupOfNames) |
    | ldapGroupMemberAssocAttr      | member |
    | ldapNestedGroups              | 1 |
    | useMemberOfToDetectMembership | 1 |
  And As an "admin"
  And sending "GET" to "/cloud/groups"
  Then the OCS status code should be "200"
  And the "groups" result should match
    | 2000 | 1 |
    | 3000 | 1 |
    | 3001 | 1 |
    | 3002 | 1 |

Scenario: Test LDAP group membership with intermediate groups not matching filter, numeric group ids
  Given modify LDAP configuration
    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
    | ldapGroupFilter               | (&(cn=2000)(objectclass=groupOfNames)) |
    | ldapNestedGroups              | 1 |
    | useMemberOfToDetectMembership | 1 |
    | ldapUserFilter                | (&(objectclass=inetorgperson)(!(uid=alice))) |
    | ldapGroupMemberAssocAttr      | member |
  And As an "admin"
  # for population
  And sending "GET" to "/cloud/groups"
  And sending "GET" to "/cloud/groups/2000/users"
  Then the OCS status code should be "200"
  And the "users" result should match
    | 92379 | 0 |
    | 54172 | 1 |
    | 50194 | 1 |
    | 59376 | 1 |
    | 59463 | 1 |

Scenario: Test LDAP admin group mapping, empowered user
  Given modify LDAP configuration
    | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
    | ldapGroupFilter               | (objectclass=groupOfNames) |
    | ldapGroupMemberAssocAttr      | member |
    | ldapAdminGroup                | 3001   |
    | useMemberOfToDetectMembership | 1 |
  And cookies are reset
  # alice, part of the promoted group
  And Logging in using web as "92379"
  And sending "GET" to "/cloud/groups"
  And sending "GET" to "/cloud/groups/2000/users"
  And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
  Then the HTTP status code should be "200"

Scenario: Test LDAP admin group mapping, regular user (no access)
    Given modify LDAP configuration
      | ldapBaseGroups                | ou=NumericGroups,dc=nextcloud,dc=ci |
      | ldapGroupFilter               | (objectclass=groupOfNames) |
      | ldapGroupMemberAssocAttr      | member |
      | ldapAdminGroup                | 3001   |
      | useMemberOfToDetectMembership | 1 |
    And cookies are reset
    # gustaf, not part of the promoted group
    And Logging in using web as "59376"
    And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken
    Then the HTTP status code should be "403"