我当前的任务是在我们的Web应用程序上进行质量检查自动化,但是我不想为其使用真实的凭据(为此我们使用LDAP服务器)。我的想法是在Web应用处于TEST_MODE时模拟LDAP服务器,但幸运的是,我发现我们用于身份验证的“ ldap3”(python模块)也支持模拟功能。示例代码在这里:
from ldap3 import Server, Connection, ALL, ALL_ATTRIBUTES, MOCK_SYNC
REAL_SERVER = 'my_real_server'
REAL_USER = 'cn=my_real_user,ou=test,o=lab'
REAL_PASSWORD = 'my_real_password'
# Retrieve server info and schema from a real server
server = Server(REAL_SERVER, get_info=ALL)
connection = Connection(server, REAL_USER, REAL_PASSWORD, auto_bind=True)
# Store server info and schema to json files
server.info.to_file('my_real_server_info.json')
server.schema.to_file('my_real_server_schema.json')
# Read entries from a portion of the DIT from real server and store them in a json file
if connection.search('ou=test,o=lab', '(objectclass=*)', attributes=ALL_ATTRIBUTES):
connection.response_to_file('my_real_server_entries.json', raw=True)
# Close the connection to the real server
connection.unbind()
# Create a fake server from the info and schema json files
fake_server = Server.from_definition('my_fake_server', 'my_real_server_info.json', 'my_real_server_schema.json')
# Create a MockSyncStrategy connection to the fake server
fake_connection = Connection(fake_server, user='cn=my_user,ou=test,o=lab', password='my_password', client_strategy=MOCK_SYNC)
# Populate the DIT of the fake server
fake_connection.strategy.entries_from_json('my_real_server_entries.json')
# Add a fake user for Simple binding
fake_connection.strategy.add_entry('cn=my_user,ou=test,o=lab', {'userPassword': 'my_password', 'sn': 'user_sn', 'revision': 0})
# Bind to the fake server
fake_connection.bind()
我在此示例后面加上我们的代码,并成功完成了一半。我将real_server_entries提取到json文件中,现在是进行假连接的一部分。因此,总结到此部分为止,一切都已完成:
# Create a MockSyncStrategy connection to the fake server
fake_connection = Connection(fake_server, user='cn=my_user,ou=test,o=lab', password='my_password', client_strategy=MOCK_SYNC)
我不太确定要替换user和password的地方。
我的代码的一部分:
_USER_SEARCH_FILTER = "(&(objectClass=user)(cn={}))"
_ALL_USERS_SEARCH_FILTER = "(&(objectCategory=person)(objectClass=user))"
_EMAIL_ATTRIBUTE = "mail"
_DISPLAY_NAME_ATTRIBUTE = "displayName"
_USERNAME_ATTRIBUTE = "cn"
_SEARCH_ATTRIBUTES = (
_EMAIL_ATTRIBUTE, _DISPLAY_NAME_ATTRIBUTE, _USERNAME_ATTRIBUTE)
_LDAP_CONNECTION_ERROR = "Connection to LDAP server %s:%s failed: %s"
_LDAP_SERVER = Server(host=LDAP.host, port=int(LDAP.port), get_info='ALL')
server = _LDAP_SERVER
_CONNECTION = Connection(
server,
LDAP.manager_dn, LDAP.manager_password,
auto_bind=True, client_strategy=RESTARTABLE
)
server.info.to_file('my_real_server_info.json')
server.schema.to_file('my_real_server_schema.json')
if _CONNECTION.search(LDAP.root_dn, _ALL_USERS_SEARCH_FILTER, attributes=_SEARCH_ATTRIBUTES):
_CONNECTION.response_to_file('my_real_server_entries.json', raw=True)
_CONNECTION.unbind()
mock_server = Server.from_definition('mock_server', 'my_real_server_info.json', 'my_real_server_schema.json')
mock_connection = Connection(mock_server, user='???', password='???', client_strategy=MOCK_SYNC)
mock_connection.strategy.entries_from_json('my_real_server_entries.json')
mock_connection.strategy.add_entry('LDAP.root_dn', { #My guess is that here I mock the attributes, but this is also the other problem I am having (check below) })
我遇到的另一个问题是,我什至不确定是否可以添加假用户,因为当我查看real_entries.json文件时,密码没有作为属性存储在那里(甚至的加密版本),我们拥有的唯一属性是:
`cn` - username
`displayName` - LASTNAME, FIRSTNAME
`mail` - example@mail.com