mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-23 05:59:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Adjust educational LDAP Attribute and Objectclasses

Browse Source 
This is largely untested and might need further adjustments, but should
be "good enough" to not block us for now.
This commit is contained in:
Ralf Haferkamp
2025-01-29 11:11:55 +01:00
parent 1c96633985
commit 734a1dc76b
6 changed files with 157 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
deployments/examples/shared/config/ldap/schemas/20_opencloud_education_schema.ldif Normal file
View File

@@ -0,0 +1,45 @@
# This LDIF files describes the LDAP schema related to the Education
# endpoints of the libregraph API
dn: cn=openCloudEdu,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openCloudEdu
olcAttributeTypes: ( openCloudOid:1.1.6 NAME 'openCloudMemberOfSchool'
DESC 'Used as a backreference to the school(s) to which a user or class is assigned'
EQUALITY uuidMatch
SYNTAX 1.3.6.1.1.16.1 )
olcAttributeTypes: ( openCloudOid:1.1.7 NAME 'openCloudEducationExternalId'
DESC 'An externally assigned string id for an education related object'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( openCloudOid:1.1.8 NAME 'openCloudEducationClassType'
DESC 'category of a class e.g. "course" or "class"'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( openCloudOid:1.1.9 NAME 'openCloudEducationTeacherMember'
DESC 'references a user who is assigned as a teacher to a class'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: ( openCloudOid:1.1.10 NAME 'openCloudEducationSchoolNumber'
DESC 'An externally assigned identifier for a school'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( openCloudOid:1.1.11 NAME 'openCloudEducationSchoolTerminationTimestamp'
DESC 'A Timestamp at which a school is considered to be disabled'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
olcObjectClasses: ( openCloudOid:1.2.3 NAME 'openCloudEducationUser'
DESC 'OpenCloud education user objectclass'
SUP openCloudUser
AUXILIARY
MAY ( userClass $ openCloudMemberOfSchool ) )
olcObjectClasses: ( openCloudOid:1.2.4 NAME 'openCloudEducationClass'
DESC 'OpenCloud education class objectclass'
SUP openCloudObject
AUXILIARY
MAY ( openCloudEducationExternalId $ openCloudEducationClassType $ openCloudEducationTeacherMember $ openCloudMemberOfSchool ) )
olcObjectClasses: ( openCloudOid:1.2.5 NAME 'openCloudEducationSchool'
DESC 'OpenCloud education school objectclass'
SUP openCloudObject
AUXILIARY
MAY ( openCloudEducationSchoolNumber $ openCloudEducationSchoolTerminationTimestamp ) )

14
services/graph/pkg/identity/ldap_education_class.go
View File

@@ -7,8 +7,8 @@ import (
"github.com/go-ldap/ldap/v3"
"github.com/libregraph/idm/pkg/ldapdn"
libregraph "github.com/owncloud/libre-graph-api-go"
"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
libregraph "github.com/owncloud/libre-graph-api-go"
)
type educationClassAttributeMap struct {
@@ -19,9 +19,9 @@ type educationClassAttributeMap struct {
func newEducationClassAttributeMap() educationClassAttributeMap {
return educationClassAttributeMap{
externalID: "ocEducationExternalId",
classification: "ocEducationClassType",
teachers: "ocEducationTeacherMember",
externalID: "openCloudEducationExternalId",
classification: "openCloudEducationClassType",
teachers: "openCloudEducationTeacherMember",
}
}
@@ -66,7 +66,7 @@ func (i *LDAP) GetEducationClasses(ctx context.Context) ([]*libregraph.Education
// CreateEducationClass implements the EducationBackend interface for the LDAP backend.
// An EducationClass is mapped to an LDAP entry of the "groupOfNames" structural ObjectClass.
// With a few additional Attributes added on top via the "ocEducationClass" auxiliary ObjectClass.
// With a few additional Attributes added on top via the "openCloudEducationClass" auxiliary ObjectClass.
func (i *LDAP) CreateEducationClass(ctx context.Context, class libregraph.EducationClass) (*libregraph.EducationClass, error) {
logger := i.logger.SubloggerWithRequestID(ctx)
logger.Debug().Str("backend", "ldap").Msg("create educationClass")
@@ -208,7 +208,7 @@ func (i *LDAP) UpdateEducationClass(ctx context.Context, id string, class libreg
func (i *LDAP) updateClassExternalID(ctx context.Context, dn, externalID string) (string, error) {
logger := i.logger.SubloggerWithRequestID(ctx)
newDN := fmt.Sprintf("ocEducationExternalId=%s", externalID)
newDN := fmt.Sprintf("openCloudEducationExternalId=%s", externalID)
mrdn := ldap.NewModifyDNRequest(dn, newDN, true, "")
i.logger.Debug().Str("Backend", "ldap").
@@ -339,7 +339,7 @@ func (i *LDAP) groupToEducationClass(group libregraph.Group, e *ldap.Entry) *lib
func (i *LDAP) getEducationClassLDAPDN(class libregraph.EducationClass) string {
attributeTypeAndValue := ldap.AttributeTypeAndValue{
Type: "ocEducationExternalId",
Type: "openCloudEducationExternalId",
Value: class.GetExternalId(),
}
return fmt.Sprintf("%s,%s", attributeTypeAndValue.String(), i.groupBaseDN)

80
services/graph/pkg/identity/ldap_education_class_test.go
View File

@@ -6,36 +6,36 @@ import (
"testing"
"github.com/go-ldap/ldap/v3"
libregraph "github.com/owncloud/libre-graph-api-go"
"github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
libregraph "github.com/owncloud/libre-graph-api-go"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
)
var classEntry = ldap.NewEntry("ocEducationExternalId=Math0123",
var classEntry = ldap.NewEntry("openCloudEducationExternalId=Math0123",
map[string][]string{
"cn": {"Math"},
"ocEducationExternalId": {"Math0123"},
"ocEducationClassType": {"course"},
"entryUUID": {"abcd-defg"},
"cn": {"Math"},
"openCloudEducationExternalId": {"Math0123"},
"openCloudEducationClassType": {"course"},
"entryUUID": {"abcd-defg"},
})
var classEntryWithSchool = ldap.NewEntry("ocEducationExternalId=Math0123",
var classEntryWithSchool = ldap.NewEntry("openCloudEducationExternalId=Math0123",
map[string][]string{
"cn": {"Math"},
"ocEducationExternalId": {"Math0123"},
"ocEducationClassType": {"course"},
"entryUUID": {"abcd-defg"},
"ocMemberOfSchool": {"abcd-defg"},
"cn": {"Math"},
"openCloudEducationExternalId": {"Math0123"},
"openCloudEducationClassType": {"course"},
"entryUUID": {"abcd-defg"},
"openCloudMemberOfSchool": {"abcd-defg"},
})
var classEntryWithMember = ldap.NewEntry("ocEducationExternalId=Math0123",
var classEntryWithMember = ldap.NewEntry("openCloudEducationExternalId=Math0123",
map[string][]string{
"cn": {"Math"},
"ocEducationExternalId": {"Math0123"},
"ocEducationClassType": {"course"},
"entryUUID": {"abcd-defg"},
"member": {"uid=user"},
"cn": {"Math"},
"openCloudEducationExternalId": {"Math0123"},
"openCloudEducationClassType": {"course"},
"entryUUID": {"abcd-defg"},
"member": {"uid=user"},
})
func TestCreateEducationClass(t *testing.T) {
@@ -107,25 +107,25 @@ func TestGetEducationClass(t *testing.T) {
{
name: "Test search class using id",
id: "abcd-defg",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=abcd-defg)(ocEducationExternalId=abcd-defg)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=abcd-defg)(openCloudEducationExternalId=abcd-defg)))",
expectedItemNotFound: false,
},
{
name: "Test search class using unknown Id",
id: "xxxx-xxxx",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=xxxx-xxxx)(ocEducationExternalId=xxxx-xxxx)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=xxxx-xxxx)(openCloudEducationExternalId=xxxx-xxxx)))",
expectedItemNotFound: true,
},
{
name: "Test search class using external ID",
id: "Math0123",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=Math0123)(ocEducationExternalId=Math0123)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=Math0123)(openCloudEducationExternalId=Math0123)))",
expectedItemNotFound: false,
},
{
name: "Test search school using unknown externalID",
id: "Unknown3210",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=Unknown3210)(ocEducationExternalId=Unknown3210)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=Unknown3210)(openCloudEducationExternalId=Unknown3210)))",
expectedItemNotFound: true,
},
}
@@ -137,7 +137,7 @@ func TestGetEducationClass(t *testing.T) {
Scope: 2,
SizeLimit: 1,
Filter: tt.filter,
Attributes: []string{"cn", "entryUUID", "ocEducationClassType", "ocEducationExternalId", "ocMemberOfSchool", "ocEducationTeacherMember"},
Attributes: []string{"cn", "entryUUID", "openCloudEducationClassType", "openCloudEducationExternalId", "openCloudMemberOfSchool", "openCloudEducationTeacherMember"},
Controls: []ldap.Control(nil),
}
if tt.expectedItemNotFound {
@@ -174,25 +174,25 @@ func TestDeleteEducationClass(t *testing.T) {
{
name: "Test search class using id",
id: "abcd-defg",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=abcd-defg)(ocEducationExternalId=abcd-defg)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=abcd-defg)(openCloudEducationExternalId=abcd-defg)))",
expectedItemNotFound: false,
},
{
name: "Test search class using unknown Id",
id: "xxxx-xxxx",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=xxxx-xxxx)(ocEducationExternalId=xxxx-xxxx)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=xxxx-xxxx)(openCloudEducationExternalId=xxxx-xxxx)))",
expectedItemNotFound: true,
},
{
name: "Test search class using external ID",
id: "Math0123",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=Math0123)(ocEducationExternalId=Math0123)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=Math0123)(openCloudEducationExternalId=Math0123)))",
expectedItemNotFound: false,
},
{
name: "Test search school using unknown externalID",
id: "Unknown3210",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=Unknown3210)(ocEducationExternalId=Unknown3210)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=Unknown3210)(openCloudEducationExternalId=Unknown3210)))",
expectedItemNotFound: true,
},
}
@@ -204,7 +204,7 @@ func TestDeleteEducationClass(t *testing.T) {
Scope: 2,
SizeLimit: 1,
Filter: tt.filter,
Attributes: []string{"cn", "entryUUID", "ocEducationClassType", "ocEducationExternalId", "ocMemberOfSchool", "ocEducationTeacherMember"},
Attributes: []string{"cn", "entryUUID", "openCloudEducationClassType", "openCloudEducationExternalId", "openCloudMemberOfSchool", "openCloudEducationTeacherMember"},
Controls: []ldap.Control(nil),
}
if tt.expectedItemNotFound {
@@ -213,7 +213,7 @@ func TestDeleteEducationClass(t *testing.T) {
lm.On("Search", sr).Return(&ldap.SearchResult{Entries: []*ldap.Entry{classEntry}}, nil)
}
dr := &ldap.DelRequest{
DN: "ocEducationExternalId=Math0123",
DN: "openCloudEducationExternalId=Math0123",
}
lm.On("Del", dr).Return(nil)
@@ -243,25 +243,25 @@ func TestGetEducationClassMembers(t *testing.T) {
{
name: "Test search class using id",
id: "abcd-defg",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=abcd-defg)(ocEducationExternalId=abcd-defg)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=abcd-defg)(openCloudEducationExternalId=abcd-defg)))",
expectedItemNotFound: false,
},
{
name: "Test search class using unknown Id",
id: "xxxx-xxxx",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=xxxx-xxxx)(ocEducationExternalId=xxxx-xxxx)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=xxxx-xxxx)(openCloudEducationExternalId=xxxx-xxxx)))",
expectedItemNotFound: true,
},
{
name: "Test search class using external ID",
id: "Math0123",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=Math0123)(ocEducationExternalId=Math0123)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=Math0123)(openCloudEducationExternalId=Math0123)))",
expectedItemNotFound: false,
},
{
name: "Test search school using unknown externalID",
id: "Unknown3210",
filter: "(&(objectClass=ocEducationClass)(|(entryUUID=Unknown3210)(ocEducationExternalId=Unknown3210)))",
filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=Unknown3210)(openCloudEducationExternalId=Unknown3210)))",
expectedItemNotFound: true,
},
}
@@ -282,7 +282,7 @@ func TestGetEducationClassMembers(t *testing.T) {
Scope: 2,
SizeLimit: 1,
Filter: tt.filter,
Attributes: []string{"cn", "entryUUID", "ocEducationClassType", "ocEducationExternalId", "ocMemberOfSchool", "ocEducationTeacherMember", "member"},
Attributes: []string{"cn", "entryUUID", "openCloudEducationClassType", "openCloudEducationExternalId", "openCloudMemberOfSchool", "openCloudEducationTeacherMember", "member"},
Controls: []ldap.Control(nil),
}
if tt.expectedItemNotFound {
@@ -346,7 +346,7 @@ func TestLDAP_UpdateEducationClass(t *testing.T) {
assertion: func(tt assert.TestingT, err error, i ...interface{}) bool { return assert.Nil(tt, err) },
modifyData: modifyData{
arg: &ldap.ModifyRequest{
DN: "ocEducationExternalId=Math0123",
DN: "openCloudEducationExternalId=Math0123",
Changes: []ldap.Change{
{
Operation: ldap.ReplaceAttribute,
@@ -383,8 +383,8 @@ func TestLDAP_UpdateEducationClass(t *testing.T) {
},
modifyDNData: modifyDNData{
arg: &ldap.ModifyDNRequest{
DN: "ocEducationExternalId=Math0123",
NewRDN: "ocEducationExternalId=Math3210",
DN: "openCloudEducationExternalId=Math0123",
NewRDN: "openCloudEducationExternalId=Math3210",
DeleteOldRDN: true,
NewSuperior: "",
},
@@ -409,7 +409,7 @@ func TestLDAP_UpdateEducationClass(t *testing.T) {
assertion: func(tt assert.TestingT, err error, i ...interface{}) bool { return assert.Nil(tt, err) },
modifyData: modifyData{
arg: &ldap.ModifyRequest{
DN: "ocEducationExternalId=Math3210,ou=groups,dc=test",
DN: "openCloudEducationExternalId=Math3210,ou=groups,dc=test",
Changes: []ldap.Change{
{
Operation: ldap.ReplaceAttribute,
@@ -423,8 +423,8 @@ func TestLDAP_UpdateEducationClass(t *testing.T) {
},
modifyDNData: modifyDNData{
arg: &ldap.ModifyDNRequest{
DN: "ocEducationExternalId=Math0123",
NewRDN: "ocEducationExternalId=Math3210",
DN: "openCloudEducationExternalId=Math0123",
NewRDN: "openCloudEducationExternalId=Math3210",
DeleteOldRDN: true,
NewSuperior: "",
},

14
services/graph/pkg/identity/ldap_education_school.go
View File

@@ -55,15 +55,15 @@ var (
func defaultEducationConfig() educationConfig {
return educationConfig{
schoolObjectClass: "ocEducationSchool",
schoolObjectClass: "openCloudEducationSchool",
schoolScope: ldap.ScopeWholeSubtree,
memberOfSchoolAttribute: "ocMemberOfSchool",
memberOfSchoolAttribute: "openCloudMemberOfSchool",
schoolAttributeMap: newSchoolAttributeMap(),
userObjectClass: "ocEducationUser",
userObjectClass: "openCloudEducationUser",
userAttributeMap: newEducationUserAttributeMap(),
classObjectClass: "ocEducationClass",
classObjectClass: "openCloudEducationClass",
classAttributeMap: newEducationClassAttributeMap(),
}
}
@@ -104,9 +104,9 @@ func newEducationConfig(config config.LDAP) (educationConfig, error) {
func newSchoolAttributeMap() schoolAttributeMap {
return schoolAttributeMap{
displayName: "ou",
schoolNumber: "ocEducationSchoolNumber",
id: "owncloudUUID",
terminationDate: "ocEducationSchoolTerminationTimestamp",
schoolNumber: "openCloudEducationSchoolNumber",
id: "openCloudUUID",
terminationDate: "openCloudEducationSchoolTerminationTimestamp",
}
}

92
services/graph/pkg/identity/ldap_education_school_test.go
View File

@@ -7,10 +7,10 @@ import (
"time"
"github.com/go-ldap/ldap/v3"
libregraph "github.com/owncloud/libre-graph-api-go"
"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
"github.com/opencloud-eu/opencloud/services/graph/pkg/errorcode"
"github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
libregraph "github.com/owncloud/libre-graph-api-go"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
)
@@ -42,30 +42,30 @@ var eduConfig = config.LDAP{
var schoolEntry = ldap.NewEntry("ou=Test School",
map[string][]string{
"ou": {"Test School"},
"ocEducationSchoolNumber": {"0123"},
"owncloudUUID": {"abcd-defg"},
"ou": {"Test School"},
"openCloudEducationSchoolNumber": {"0123"},
"openCloudUUID": {"abcd-defg"},
})
var schoolEntry1 = ldap.NewEntry("ou=Test School1",
map[string][]string{
"ou": {"Test School1"},
"ocEducationSchoolNumber": {"0042"},
"owncloudUUID": {"hijk-defg"},
"ou": {"Test School1"},
"openCloudEducationSchoolNumber": {"0042"},
"openCloudUUID": {"hijk-defg"},
})
var schoolEntryWithTermination = ldap.NewEntry("ou=Test School",
map[string][]string{
"ou": {"Test School"},
"ocEducationSchoolNumber": {"0123"},
"owncloudUUID": {"abcd-defg"},
"ocEducationSchoolTerminationTimestamp": {"20420131120000Z"},
"ou": {"Test School"},
"openCloudEducationSchoolNumber": {"0123"},
"openCloudUUID": {"abcd-defg"},
"openCloudEducationSchoolTerminationTimestamp": {"20420131120000Z"},
})
var (
filterSchoolSearchByIdExisting = "(&(objectClass=ocEducationSchool)(|(owncloudUUID=abcd-defg)(ocEducationSchoolNumber=abcd-defg)))"
filterSchoolSearchByIdNonexistant = "(&(objectClass=ocEducationSchool)(|(owncloudUUID=xxxx-xxxx)(ocEducationSchoolNumber=xxxx-xxxx)))"
filterSchoolSearchByNumberExisting = "(&(objectClass=ocEducationSchool)(|(owncloudUUID=0123)(ocEducationSchoolNumber=0123)))"
filterSchoolSearchByNumberNonexistant = "(&(objectClass=ocEducationSchool)(|(owncloudUUID=3210)(ocEducationSchoolNumber=3210)))"
filterSchoolSearchByIdExisting = "(&(objectClass=openCloudEducationSchool)(|(openCloudUUID=abcd-defg)(openCloudEducationSchoolNumber=abcd-defg)))"
filterSchoolSearchByIdNonexistant = "(&(objectClass=openCloudEducationSchool)(|(openCloudUUID=xxxx-xxxx)(openCloudEducationSchoolNumber=xxxx-xxxx)))"
filterSchoolSearchByNumberExisting = "(&(objectClass=openCloudEducationSchool)(|(openCloudUUID=0123)(openCloudEducationSchoolNumber=0123)))"
filterSchoolSearchByNumberNonexistant = "(&(objectClass=openCloudEducationSchool)(|(openCloudUUID=3210)(openCloudEducationSchoolNumber=3210)))"
)
func TestCreateEducationSchool(t *testing.T) {
@@ -104,7 +104,7 @@ func TestCreateEducationSchool(t *testing.T) {
return false
}
for _, attr := range ar.Attributes {
if attr.Type == "ocEducationSchoolTerminationTimestamp" {
if attr.Type == "openCloudEducationSchoolTerminationTimestamp" {
return false
}
}
@@ -124,8 +124,8 @@ func TestCreateEducationSchool(t *testing.T) {
BaseDN: "",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationSchool)(ocEducationSchoolNumber=0123))",
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Filter: "(&(objectClass=openCloudEducationSchool)(openCloudEducationSchoolNumber=0123))",
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
lm.On("Search", schoolNumberSearchRequest).
@@ -138,8 +138,8 @@ func TestCreateEducationSchool(t *testing.T) {
BaseDN: "",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationSchool)(ocEducationSchoolNumber=0666))",
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Filter: "(&(objectClass=openCloudEducationSchool)(openCloudEducationSchoolNumber=0666))",
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
lm.On("Search", existingSchoolNumberSearchRequest).
@@ -152,8 +152,8 @@ func TestCreateEducationSchool(t *testing.T) {
BaseDN: "",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationSchool)(ocEducationSchoolNumber=1111))",
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Filter: "(&(objectClass=openCloudEducationSchool)(openCloudEducationSchoolNumber=1111))",
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
lm.On("Search", schoolNumberSearchRequestError).
@@ -166,8 +166,8 @@ func TestCreateEducationSchool(t *testing.T) {
BaseDN: "ou=Test School,",
Scope: 0,
SizeLimit: 1,
Filter: "(objectClass=ocEducationSchool)",
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Filter: "(objectClass=openCloudEducationSchool)",
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
lm.On("Search", schoolLookupAfterCreate).
@@ -209,7 +209,7 @@ func TestUpdateEducationSchoolTerminationDate(t *testing.T) {
}
for _, mod := range mr.Changes {
if mod.Operation == ldap.ReplaceAttribute &&
mod.Modification.Type == "ocEducationSchoolTerminationTimestamp" &&
mod.Modification.Type == "openCloudEducationSchoolTerminationTimestamp" &&
mod.Modification.Vals[0] == "20420131120000Z" {
return true
}
@@ -355,7 +355,7 @@ func TestDeleteEducationSchool(t *testing.T) {
Scope: 2,
SizeLimit: 1,
Filter: tt.filter,
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
if tt.expectedItemNotFound {
@@ -424,7 +424,7 @@ func TestGetEducationSchool(t *testing.T) {
Scope: 2,
SizeLimit: 1,
Filter: tt.filter,
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
if tt.expectedItemNotFound {
@@ -457,8 +457,8 @@ func TestGetEducationSchools(t *testing.T) {
BaseDN: "",
Scope: 2,
SizeLimit: 0,
Filter: "(objectClass=ocEducationSchool)",
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Filter: "(objectClass=openCloudEducationSchool)",
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
lm.On("Search", sr1).Return(&ldap.SearchResult{Entries: []*ldap.Entry{schoolEntry, schoolEntry1}}, nil)
@@ -475,7 +475,7 @@ var schoolByIDSearch1 *ldap.SearchRequest = &ldap.SearchRequest{
Scope: 2,
SizeLimit: 1,
Filter: filterSchoolSearchByIdExisting,
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
@@ -484,7 +484,7 @@ var schoolByNumberSearch *ldap.SearchRequest = &ldap.SearchRequest{
Scope: 2,
SizeLimit: 1,
Filter: filterSchoolSearchByNumberExisting,
Attributes: []string{"ou", "owncloudUUID", "ocEducationSchoolNumber", "ocEducationSchoolTerminationTimestamp"},
Attributes: []string{"ou", "openCloudUUID", "openCloudEducationSchoolNumber", "openCloudEducationSchoolTerminationTimestamp"},
Controls: []ldap.Control(nil),
}
@@ -492,7 +492,7 @@ var userByIDSearch1 *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=people,dc=test",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationUser)(|(uid=abcd-defg)(entryUUID=abcd-defg)))",
Filter: "(&(objectClass=openCloudEducationUser)(|(uid=abcd-defg)(entryUUID=abcd-defg)))",
Attributes: eduUserAttrs,
Controls: []ldap.Control(nil),
}
@@ -501,7 +501,7 @@ var userByIDSearch2 *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=people,dc=test",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationUser)(|(uid=does-not-exist)(entryUUID=does-not-exist)))",
Filter: "(&(objectClass=openCloudEducationUser)(|(uid=does-not-exist)(entryUUID=does-not-exist)))",
Attributes: eduUserAttrs,
Controls: []ldap.Control(nil),
}
@@ -512,7 +512,7 @@ var userToSchoolModRequest *ldap.ModifyRequest = &ldap.ModifyRequest{
{
Operation: ldap.AddAttribute,
Modification: ldap.PartialAttribute{
Type: "ocMemberOfSchool",
Type: "openCloudMemberOfSchool",
Vals: []string{"abcd-defg"},
},
},
@@ -525,7 +525,7 @@ var userFromSchoolModRequest *ldap.ModifyRequest = &ldap.ModifyRequest{
{
Operation: ldap.DeleteAttribute,
Modification: ldap.PartialAttribute{
Type: "ocMemberOfSchool",
Type: "openCloudMemberOfSchool",
Vals: []string{"abcd-defg"},
},
},
@@ -533,12 +533,12 @@ var userFromSchoolModRequest *ldap.ModifyRequest = &ldap.ModifyRequest{
}
var classToSchoolModRequest *ldap.ModifyRequest = &ldap.ModifyRequest{
DN: "ocEducationExternalId=Math0123",
DN: "openCloudEducationExternalId=Math0123",
Changes: []ldap.Change{
{
Operation: ldap.AddAttribute,
Modification: ldap.PartialAttribute{
Type: "ocMemberOfSchool",
Type: "openCloudMemberOfSchool",
Vals: []string{"abcd-defg"},
},
},
@@ -546,12 +546,12 @@ var classToSchoolModRequest *ldap.ModifyRequest = &ldap.ModifyRequest{
}
var classFromSchoolModRequest *ldap.ModifyRequest = &ldap.ModifyRequest{
DN: "ocEducationExternalId=Math0123",
DN: "openCloudEducationExternalId=Math0123",
Changes: []ldap.Change{
{
Operation: ldap.DeleteAttribute,
Modification: ldap.PartialAttribute{
Type: "ocMemberOfSchool",
Type: "openCloudMemberOfSchool",
Vals: []string{"abcd-defg"},
},
},
@@ -609,7 +609,7 @@ var usersBySchoolIDSearch *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=people,dc=test",
Scope: 2,
SizeLimit: 0,
Filter: "(&(objectClass=ocEducationUser)(ocMemberOfSchool=abcd-defg))",
Filter: "(&(objectClass=openCloudEducationUser)(openCloudMemberOfSchool=abcd-defg))",
Attributes: eduUserAttrs,
Controls: []ldap.Control(nil),
}
@@ -632,8 +632,8 @@ var classesBySchoolIDSearch *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=groups,dc=test",
Scope: 2,
SizeLimit: 0,
Filter: "(&(objectClass=ocEducationClass)(ocMemberOfSchool=abcd-defg))",
Attributes: []string{"cn", "entryUUID", "ocEducationClassType", "ocEducationExternalId", "ocMemberOfSchool", "ocEducationTeacherMember"},
Filter: "(&(objectClass=openCloudEducationClass)(openCloudMemberOfSchool=abcd-defg))",
Attributes: []string{"cn", "entryUUID", "openCloudEducationClassType", "openCloudEducationExternalId", "openCloudMemberOfSchool", "openCloudEducationTeacherMember"},
Controls: []ldap.Control(nil),
}
@@ -655,8 +655,8 @@ var classesByUUIDSearchNotFound *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=groups,dc=test",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationClass)(|(entryUUID=does-not-exist)(ocEducationExternalId=does-not-exist)))",
Attributes: []string{"cn", "entryUUID", "ocEducationClassType", "ocEducationExternalId", "ocMemberOfSchool", "ocEducationTeacherMember"},
Filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=does-not-exist)(openCloudEducationExternalId=does-not-exist)))",
Attributes: []string{"cn", "entryUUID", "openCloudEducationClassType", "openCloudEducationExternalId", "openCloudMemberOfSchool", "openCloudEducationTeacherMember"},
Controls: []ldap.Control(nil),
}
@@ -664,8 +664,8 @@ var classesByUUIDSearchFound *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=groups,dc=test",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationClass)(|(entryUUID=abcd-defg)(ocEducationExternalId=abcd-defg)))",
Attributes: []string{"cn", "entryUUID", "ocEducationClassType", "ocEducationExternalId", "ocMemberOfSchool", "ocEducationTeacherMember"},
Filter: "(&(objectClass=openCloudEducationClass)(|(entryUUID=abcd-defg)(openCloudEducationExternalId=abcd-defg)))",
Attributes: []string{"cn", "entryUUID", "openCloudEducationClassType", "openCloudEducationExternalId", "openCloudMemberOfSchool", "openCloudEducationTeacherMember"},
Controls: []ldap.Control(nil),
}

24
services/graph/pkg/identity/ldap_education_user_test.go
View File

@@ -22,7 +22,7 @@ var eduUserAttrs = []string{
"userTypeAttribute",
"openCloudExternalIdentity",
"userClass",
"ocMemberOfSchool",
"openCloudMemberOfSchool",
}
var eduUserEntry = ldap.NewEntry("uid=user,ou=people,dc=test",
@@ -55,12 +55,12 @@ var renamedEduUserEntry = ldap.NewEntry("uid=newtestuser,ou=people,dc=test",
})
var eduUserEntryWithSchool = ldap.NewEntry("uid=user,ou=people,dc=test",
map[string][]string{
"uid": {"testuser"},
"displayname": {"Test User"},
"mail": {"user@example"},
"entryuuid": {"abcd-defg"},
"userClass": {"student"},
"ocMemberOfSchool": {"abcd-defg"},
"uid": {"testuser"},
"displayname": {"Test User"},
"mail": {"user@example"},
"entryuuid": {"abcd-defg"},
"userClass": {"student"},
"openCloudMemberOfSchool": {"abcd-defg"},
"openCloudExternalIdentity": {
"$ http://idp $ testuser",
"xxx $ http://idpnew $ xxxxx-xxxxx-xxxxx",
@@ -71,7 +71,7 @@ var sr1 *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=people,dc=test",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationUser)(|(uid=abcd-defg)(entryUUID=abcd-defg)))",
Filter: "(&(objectClass=openCloudEducationUser)(|(uid=abcd-defg)(entryUUID=abcd-defg)))",
Attributes: eduUserAttrs,
Controls: []ldap.Control(nil),
}
@@ -79,7 +79,7 @@ var sr2 *ldap.SearchRequest = &ldap.SearchRequest{
BaseDN: "ou=people,dc=test",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationUser)(|(uid=xxxx-xxxx)(entryUUID=xxxx-xxxx)))",
Filter: "(&(objectClass=openCloudEducationUser)(|(uid=xxxx-xxxx)(entryUUID=xxxx-xxxx)))",
Attributes: eduUserAttrs,
Controls: []ldap.Control(nil),
}
@@ -166,7 +166,7 @@ func TestGetEducationUsers(t *testing.T) {
BaseDN: "ou=people,dc=test",
Scope: 2,
SizeLimit: 0,
Filter: "(objectClass=ocEducationUser)",
Filter: "(objectClass=openCloudEducationUser)",
Attributes: eduUserAttrs,
Controls: []ldap.Control(nil),
}
@@ -186,7 +186,7 @@ func TestUpdateEducationUser(t *testing.T) {
BaseDN: "ou=people,dc=test",
Scope: 2,
SizeLimit: 1,
Filter: "(&(objectClass=ocEducationUser)(|(uid=testuser)(entryUUID=testuser)))",
Filter: "(&(objectClass=openCloudEducationUser)(|(uid=testuser)(entryUUID=testuser)))",
Attributes: eduUserAttrs,
}
userLookupReq := &ldap.SearchRequest{
@@ -200,7 +200,7 @@ func TestUpdateEducationUser(t *testing.T) {
BaseDN: "uid=newtestuser,ou=people,dc=test",
Scope: 0,
SizeLimit: 1,
Filter: "(objectClass=ocEducationUser)",
Filter: "(objectClass=openCloudEducationUser)",
Attributes: eduUserAttrs,
}
groupSearchReq := &ldap.SearchRequest{