|
1
|
|
|
2
|
/**********************************************
|
|
3
|
* this is a summary of how to test ldap_user manually.
|
|
4
|
* it attempts to cover all facets of the automated simpletests
|
|
5
|
**********************************************/
|
|
6
|
|
|
7
|
---------------------------------------
|
|
8
|
--- setup
|
|
9
|
Remove remnants of existing ldap_user install:
|
|
10
|
- Disable and uninstall ldap_user module.
|
|
11
|
- Clear any variables that may not have been uninstalled:
|
|
12
|
DELETE FROM variable where name like 'ldap_user%'
|
|
13
|
- Delete the user(2) you use for testing.
|
|
14
|
- Clear watchdog logs.
|
|
15
|
|
|
16
|
# drush 5 commands for 1.
|
|
17
|
drush -y pm-disable ldap_authorization_drupal_role
|
|
18
|
drush -y pm-uninstall ldap_authorization_drupal_role
|
|
19
|
drush -y pm-disable ldap_authorization_og
|
|
20
|
drush -y pm-uninstall ldap_authorization_og
|
|
21
|
drush -y pm-disable ldap_authorization
|
|
22
|
drush -y pm-uninstall ldap_authorization
|
|
23
|
drush -y pm-disable ldap_sso
|
|
24
|
drush -y pm-uninstall ldap_sso
|
|
25
|
drush -y pm-disable ldap_authentication
|
|
26
|
drush -y pm-uninstall ldap_authentication
|
|
27
|
drush -y pm-disable ldap_user
|
|
28
|
drush -y pm-uninstall ldap_user
|
|
29
|
drush -y sql-query "DELETE FROM variable where name like 'ldap_user%'"
|
|
30
|
drush -y watchdog-delete all
|
|
31
|
|
|
32
|
|
|
33
|
2. Enable LDAP User module and create Drupal user test fields
|
|
34
|
- Enable ldap_user module and check watchdog logs
|
|
35
|
- Prepare user settings/entity for testing
|
|
36
|
-- add field_lname, field_fname, field_dept, and field_display_name text fields to Drupal user
|
|
37
|
|
|
38
|
# drush 5 commands for 2.
|
|
39
|
drush -y pm-enable ldap_user
|
|
40
|
drush watchdog-show
|
|
41
|
drush field-create user field_user_dept,text,text_textfield --entity_type=user
|
|
42
|
drush field-create user field_user_lname,text,text_textfield --entity_type=user
|
|
43
|
drush field-create user field_user_fname,text,text_textfield --entity_type=user
|
|
44
|
drush field-create user field_user_display_name,text,text_textfield --entity_type=user
|
|
45
|
---------------------------------------
|
|
46
|
|
|
47
|
================================================================
|
|
48
|
Tests for LDAP Entry ==> Drupal User Provisioning (simpletest: ldap_user/tests/ldap_user.test LdapUserIntegrationTests::testProvisionToDrupal)
|
|
49
|
================================================================
|
|
50
|
6.A. Setup: Configure LDAP User for Provisioning Drupal Account from LDAP Entry (admin/config/people/ldap/user)
|
|
51
|
-- analogous simpletest configuration is in ldap_test/ldap_user.conf.inc in $conf['provisionToDrupalWithMappings']
|
|
52
|
A. LDAP Servers Providing Provisioning Data: Select enabled server
|
|
53
|
B. Drupal Account Provisioning Events: [x] Create or Synch to Drupal user anytime a Drupal user account is created or updated.
|
|
54
|
C. Existing Drupal User Account Conflict: [x] Associate Drupal account with LDAP Entry
|
|
55
|
D. Application of Drupal Account settings to LDAP Authenticated Users: [x] Account Creating Settings ... do not affect...
|
|
56
|
E. Basic Provisioning to LDAP Settings: for server, select "none"
|
|
57
|
F. Rest Webservice: leave disabled
|
|
58
|
G. Server mappings section. Provisioning from LDAP to Drupal mappings. (Source LDAP Tokens will vary from ldap to ldap)
|
|
59
|
i. [givenname] -- to drupal user -> Field: First Name [x] on drupal user creation [x] on synch...
|
|
60
|
ii. [sn:0] -- to drupal user -> Field: Last Name [x] on drupal user creation [x] on synch...
|
|
61
|
iii. [givenname] [sn] -- to drupal user -> Field: Display Name [x] on drupal user creation [ ] on synch...
|
|
62
|
iv. Physics -- to drupal user -> Field: Department [x] on drupal user creation [ ] on synch...
|
|
63
|
|
|
64
|
6.B. Event: Drupal user create provision/synching.
|
|
65
|
A. Create new user via admin/people/create [drush user-create jdoe --mail=test@test.com --password="sdfw3452352se"]
|
|
66
|
B. field_lname, field_fname, field_dept, and field_display_name should be visible and populated
|
|
67
|
C. goto admin/config/people/ldap/user/test enter the username and hit the test button. this will show the user object and entity
|
|
68
|
[drush user-information jdoe --full]
|
|
69
|
if the devel module is enabled. In "user object (before provisioning or synching)"
|
|
70
|
i. user object->ldap_user_puid_sid should be the id of the server
|
|
71
|
ii. user object->ldap_user_puid should be the value of the puid attribute
|
|
72
|
iii. user object->ldap_user_puid_property should be the name of the puid attribute
|
|
73
|
iv. user object->ldap_user_current_dn should be the dn of the ldap entry
|
|
74
|
v. user object->mail and init should be correct, matching email
|
|
75
|
vii. user authmap should be empty. this record is only generated when account created via ldap authentication
|
|
76
|
[drush -y sql-query "SELECT * FROM authmap WHERE authname = 'jdoe'"]
|
|
77
|
D. Now edit the the First Name, Last Name, Display Name, and Department for that user /user/[uid]/edit. and Save.
|
|
78
|
E. Results after save should be Dept and Display Name were changed; First name and Last Name reverted to LDAP provided first and last name.
|
|
79
|
|
|
80
|
6.C. Event: user logon/authenticate. Test create drupal account.
|
|
81
|
enable ldap authentication, mixed mode
|
|
82
|
A.1. Change "Drupal Account Provisioning Events" to only "...on successful authentication" (admin/config/people/ldap/user)
|
|
83
|
A.2. Authenticate with a user not in drupal (be sure user is deleted before test)
|
|
84
|
B. view the user from the user list (admin/people/people) and make sure
|
|
85
|
field_lname, field_fname, field_dept, and field_display_name should be visible and populated
|
|
86
|
or use [drush user-information jdoe --full]
|
|
87
|
C. goto admin/config/people/ldap/user/test/<username> and hit the test button. this will show the user object and entity
|
|
88
|
if the devel module is enabled
|
|
89
|
i. user object->ldap_user_puid_sid should be the id of the server
|
|
90
|
ii. user object->ldap_user_puid should be the value of the puid attribute
|
|
91
|
iii. user object->ldap_user_puid_property should be the name of the puid attribute
|
|
92
|
iv. user object->ldap_user_current_dn should be the dn of the ldap entry
|
|
93
|
v. user object->mail and init should be correct, matching email
|
|
94
|
vii. user authmap should have an entry where module=ldap_authentication and authname=username
|
|
95
|
[drush -y sql-query "SELECT * FROM authmap WHERE authname = 'jdoe'"]
|
|
96
|
D. Now edit the the First Name, Last Name, Display Name, and Department for that user /user/[uid]/edit. and Save.
|
|
97
|
E. Results after save should be Dept and Display Name were changed; First name and Last Name reverted to LDAP provided first and last name.
|
|
98
|
F. Change First Name, Last Name, Display Name, and Department in database manually.
|
|
99
|
E. Log user in again.
|
|
100
|
F. Results after save should be Dept and Display Name were changed; First name and Last Name reverted to LDAP provided first and last name.
|
|
101
|
|
|
102
|
==============================================
|
|
103
|
Tests for provisioning from Drupal User => LDAP Entry
|
|
104
|
==============================================
|
|
105
|
|
|
106
|
7. General tests for ldap entry provisioning
|
|
107
|
A. Setup (as admin) in ldap user settings (admin/config/people/ldap/user)
|
|
108
|
- select "None" in "LDAP Servers Providing Provisioning Data"
|
|
109
|
- enable an ldap server in BASIC PROVISIONING TO LDAP SETTINGS
|
|
110
|
- check all "LDAP Entry Provisioning Events"
|
|
111
|
- disable REST webservice
|
|
112
|
- in mappings table (alter to fit your LDAP)
|
|
113
|
-- Source Drupal User Attribute or token | Target LDAP Token | on creation | on update
|
|
114
|
-- "cn=[property.name],ou=people,dc=ldap,dc=mycompany,dc=com" [dn] [x] [x]
|
|
115
|
-- 'Property: Username [cn] [x] [x]
|
|
116
|
-- mydrupalsite.com[property.uid] [guid] [x] [x]
|
|
117
|
-- [field.field_fname] [field.field_lname] [displayname] [x] [x]
|
|
118
|
-- [field.field_lname] [sn] [x] [ ]
|
|
119
|
-- [field.field_fname] [givenname] [x] [ ]
|
|
120
|
|
|
121
|
B. Create and approve new user, populating first and last name.
|
|
122
|
-- confirm that ldap entry exists with proper attributes from mapping
|
|
123
|
-- confirm that drupal user has no ldap authmap (unless was there before)
|
|
124
|
-- confirm there is no ldap_user_puid_sid, ldap_user_puid, ldap_user_puid_property, ldap_user_current_dn; these are for prov in other direction
|
|
125
|
-- confirm that user->ldap_user_prov_entries has a value of the form: <sid>|<dn> to indicate ldap account was provisioned based on this drupal user.
|
|
126
|
|
|
127
|
C. Change lastname, first name, and display name and save user
|
|
128
|
-- confirm that appropriate attributes were changed in ldap entry
|
|
129
|
|
|
130
|
D. Delete user in drupal.
|
|
131
|
-- confirm that ldap entry for user is removed.
|
|
132
|
|
|
133
|
7.1 "provisionToLdapEmailVerification":
|
|
134
|
Test ldap entry provisioning workflow: User requests account -> email verification of account -> user gets one time logon via email and sets password
|
|
135
|
A. Setup (as admin):
|
|
136
|
-- at admin/config/people/accounts: select "Visitors" and check "Require e-mail verification"
|
|
137
|
-- configure to ldap provisioning admin/config/people/ldap/user
|
|
138
|
-- [x] Create LDAP entry when a Drupal Account has a status of approved... in "LDAP Entry Provisioning Options"
|
|
139
|
-- [x] Update LDAP entry when Drupal Account that has a corresponding LDAP entry is updated...in "LDAP Entry Provisioning Options"
|
|
140
|
drush vset --yes user_email_verification 1
|
|
141
|
drush vset --yes user_register 1
|
|
142
|
-- map required fields and make sure password is one of the fields
|
|
143
|
B. Test
|
|
144
|
-- as anonymous user: create user at user/register.
|
|
145
|
-- as admin confirm that account was created, no ldap entry was created, and user has status of 1 (active)
|
|
146
|
-- as user, go to link in email.
|
|
147
|
-- as admin confirm that ldap entry is still not created
|
|
148
|
-- as user, click on first time logon button
|
|
149
|
-- desired result: ldap entry should be created, but ldap entry password will be none or random.
|
|
150
|
-- as user, set password and whatever initial user profile or fields you want
|
|
151
|
-- desired result: check that ldap entry has correct password and altered fields are correctly synched to ldap
|
|
152
|
|
|
153
|
|
|
154
|
|
|
155
|
7.2 Test ldap entry provisioning workflow: Admin creates account that has a status of 1, but user requests new password to get started.
|
|
156
|
|
|
157
|
8. Test admin/people/create form and LDAP Options.
|
|
158
|
8.1 Test validation of existing ldap user admin/people/create form
|
|
159
|
A. Setup. Enable and configure Drupal to LDAP provisioning of users.
|
|
160
|
On MANUAL DRUPAL ACCOUNT CREATION AND UPDATES, select "Show option on user create form".
|
|
161
|
B. Attempt to create user at admin/people/create with a username that conflicts with existing ldap entry.
|
|
162
|
Check "create corresponding ldap entry" on form.
|
|
163
|
C. Success: On form submit, error should indicate ldap user exists.
|
|
164
|
|
|
165
|
8.2 Test manual selection of ldap associate in admin/people/create form
|
|
166
|
A. Setup. On admin/config/people/ldap/user, set Existing Drupal User Account Conflict to "Don't associate"
|
|
167
|
On MANUAL DRUPAL ACCOUNT CREATION AND UPDATES, select "Show option on user create form".
|
|
168
|
B. at admin/people/create select "Make this an ldap associated account".
|
|
169
|
C. Success: in ldap user,
|
|
170
|
fields: ldap_user_puid_sid, ldap_user_current_dn, ldap_user_puid, ldap_user_puid_property should be populated if in use
|
|
171
|
other synch and provision fields should not be synched
|
|
172
|
in the database in the authmaps table, a record should exist with module=ldap_user and authname=<username tested>
|
|
173
|
|
|
174
|
8.3 Test manual selection of ldap associate AND "Create corresponding LDAP Entry" in admin/people/create form
|
|
175
|
A. Setup. On admin/config/people/ldap/user, set Existing Drupal User Account Conflict to "Don't associate"
|
|
176
|
On MANUAL DRUPAL ACCOUNT CREATION AND UPDATES, select "Show option on user create form".
|
|
177
|
Configure provisioning to ldap on admin/config/people/ldap/user
|
|
178
|
B. Manually create user that is not in ldap already.
|
|
179
|
Select: "Make this an ldap associated account"
|
|
180
|
Check: "create corresponding ldap entry"
|
|
181
|
submit
|
|
182
|
C. Success:
|
|
183
|
ldap entry exists,
|
|
184
|
drupal user exists,
|
|
185
|
fields: ldap_user_puid_sid, ldap_user_current_dn, ldap_user_puid, ldap_user_puid_property should be populated if in use
|
|
186
|
in the database in the authmaps table, a record should exist with module=ldap_user and authname=<username tested>
|
|
187
|
8.4 Test manual selection of "Create corresponding LDAP Entry" and Do not make this an LDAP Associated account in admin/people/create form
|
|
188
|
-- is this even allowable? What's the use case for this?
|
