server/build/integration/ldap_features/ldap-openldap.feature
Arthur Schiwon 54299f4e66
set the ldapGroupMemberAssocAttr for group tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-22 12:48:12 +02:00

171 lines
6.6 KiB
Gherkin

Feature: LDAP
Background:
Given using api version "2"
And having a valid LDAP configuration
Scenario: Test valid configuration by logging in
Given Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Test valid configuration with port in the hostname by logging in
Given modify LDAP configuration
| ldapHost | openldap:389 |
And cookies are reset
And Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Test valid configuration with LDAP protocol by logging in
Given modify LDAP configuration
| ldapHost | ldap://openldap |
And cookies are reset
And Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Test valid configuration with LDAP protocol and port by logging in
Given modify LDAP configuration
| ldapHost | ldap://openldap:389 |
And cookies are reset
And Logging in using web as "alice"
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
Then the HTTP status code should be "200"
Scenario: Look for a known LDAP user
Given As an "admin"
And sending "GET" to "/cloud/users?search=alice"
Then the OCS status code should be "200"
And looking up details for the first result matches expectations
| email | alice@nextcloud.ci |
| displayname | Alice |
Scenario: Test group filter with one specific group
Given modify LDAP configuration
| ldapGroupFilter | cn=RedGroup |
| ldapGroupMemberAssocAttr | member |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the "groups" result should match
| RedGroup | 1 |
| GreenGroup | 0 |
| BlueGroup | 0 |
| PurpleGroup | 0 |
Scenario: Test group filter with two specific groups
Given modify LDAP configuration
| ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
| ldapGroupMemberAssocAttr | member |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the "groups" result should match
| RedGroup | 1 |
| GreenGroup | 1 |
| BlueGroup | 0 |
| PurpleGroup | 0 |
Scenario: Test group filter ruling out a group from a different base
Given modify LDAP configuration
| ldapGroupFilter | (objectClass=groupOfNames) |
| ldapGroupMemberAssocAttr | member |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin"
And sending "GET" to "/cloud/groups"
Then the OCS status code should be "200"
And the "groups" result should match
| RedGroup | 1 |
| GreenGroup | 1 |
| BlueGroup | 1 |
| PurpleGroup | 1 |
| SquareGroup | 0 |
Scenario: Test backup server
Given modify LDAP configuration
| ldapBackupHost | openldap |
| ldapBackupPort | 389 |
| ldapHost | foo.bar |
| ldapPort | 2456 |
And Logging in using web as "alice"
Then the HTTP status code should be "200"
Scenario: Test backup server offline
Given modify LDAP configuration
| ldapBackupHost | off.line |
| ldapBackupPort | 3892 |
| ldapHost | foo.bar |
| ldapPort | 2456 |
Then Expect ServerException on failed web login as "alice"
Scenario: Test LDAP server offline, no backup server
Given modify LDAP configuration
| ldapHost | foo.bar |
| ldapPort | 2456 |
Then Expect ServerException on failed web login as "alice"
Scenario: Test LDAP group membership with intermediate groups not matching filter
Given modify LDAP configuration
| ldapBaseGroups | ou=OtherGroups,dc=nextcloud,dc=ci |
| ldapGroupFilter | (&(cn=Gardeners)(objectclass=groupOfNames)) |
| ldapNestedGroups | 1 |
| useMemberOfToDetectMembership | 1 |
| ldapUserFilter | (&(objectclass=inetorgperson)(!(uid=alice))) |
| ldapExpertUsernameAttr | uid |
| ldapGroupMemberAssocAttr | member |
And As an "admin"
# for population
And sending "GET" to "/cloud/groups"
And sending "GET" to "/cloud/groups/Gardeners/users"
Then the OCS status code should be "200"
And the "users" result should match
| alice | 0 |
| clara | 1 |
| elisa | 1 |
| gustaf | 1 |
| jesper | 1 |
Scenario: Test LDAP group membership with intermediate groups not matching filter and without memberof
Given modify LDAP configuration
| ldapBaseGroups | ou=OtherGroups,dc=nextcloud,dc=ci |
| ldapGroupFilter | (&(cn=Gardeners)(objectclass=groupOfNames)) |
| ldapNestedGroups | 1 |
| useMemberOfToDetectMembership | 0 |
| ldapUserFilter | (&(objectclass=inetorgperson)(!(uid=alice))) |
| ldapExpertUsernameAttr | uid |
| ldapGroupMemberAssocAttr | member |
And As an "admin"
# for population
And sending "GET" to "/cloud/groups"
And sending "GET" to "/cloud/groups/Gardeners/users"
Then the OCS status code should be "200"
And the "users" result should match
| alice | 0 |
| clara | 1 |
| elisa | 1 |
| gustaf | 1 |
| jesper | 1 |
Scenario: Test LDAP group membership with intermediate groups not matching filter, numeric group ids
Given modify LDAP configuration
| ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci |
| ldapGroupFilter | (&(cn=2000)(objectclass=groupOfNames)) |
| ldapNestedGroups | 1 |
| useMemberOfToDetectMembership | 1 |
| ldapUserFilter | (&(objectclass=inetorgperson)(!(uid=alice))) |
| ldapExpertUsernameAttr | uid |
| ldapGroupMemberAssocAttr | member |
And As an "admin"
# for population
And sending "GET" to "/cloud/groups"
And sending "GET" to "/cloud/groups/2000/users"
Then the OCS status code should be "200"
And the "users" result should match
| alice | 0 |
| clara | 1 |
| elisa | 1 |
| gustaf | 1 |
| jesper | 1 |