# Re2o est un logiciel d'administration développé initiallement au rezometz. Il # se veut agnostique au réseau considéré, de manière à être installable en # quelques clics. # # Copyright © 2017 Gabriel Détraz # Copyright © 2017 Goulven Kermarec # Copyright © 2017 Augustin Lemesle # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """Defines the custom runners for Re2o. """ import volatildap import os.path from django.test.runner import DiscoverRunner from django.conf import settings from users.models import LdapUser, LdapUserGroup, LdapServiceUser, LdapServiceUserGroup # The path of this file __here = os.path.dirname(os.path.realpath(__file__)) # The absolute path where to find the schemas for the LDAP schema_path = os.path.abspath(os.path.join(__here, 'ldap', 'schema')) # The absolute path of the "radius.schema" file radius_schema_path = os.path.join(schema_path, 'radius.schema') # The absolute path of the "samba.schema" file samba_schema_path = os.path.join(schema_path, 'samba.schema') # The suffix for the LDAP suffix = 'dc=example,dc=net' # The admin CN of the LDAP rootdn = 'cn=admin,'+suffix # Defines all ldap_entry mandatory for Re2o under a key-value list format # that can be used directly by volatildap. For more on how to generate this # data, see https://gitlab.federez.net/re2o/scripts/blob/master/print_ldap_entries.py ldapentry_Utilisateurs = ('cn=Utilisateurs,'+suffix, { 'cn': ['Utilisateurs'], 'sambaSID': ['500'], 'uid': ['Users'], 'objectClass': ['posixGroup', 'top', 'sambaSamAccount', 'radiusprofile'], 'gidNumber': ['500'], }) ldapentry_groups = ('ou=groups,'+suffix, { 'ou': ['groups'], 'objectClass': ['organizationalUnit'], 'description': ["Groupes d'utilisateurs"], }) ldapentry_services = ('ou=services,ou=groups,'+suffix, { 'ou': ['services'], 'objectClass': ['organizationalUnit'], 'description': ['Groupes de comptes techniques'], }) ldapentry_service_users = ('ou=service-users,'+suffix, { 'ou': ['service-users'], 'objectClass': ['organizationalUnit'], 'description': ["Utilisateurs techniques de l'annuaire"], }) ldapentry_freeradius = ('cn=freeradius,ou=service-users,'+suffix, { 'cn': ['freeradius'], 'objectClass': ['applicationProcess', 'simpleSecurityObject'], 'userPassword': ['FILL_IT'], }) ldapentry_nssauth = ('cn=nssauth,ou=service-users,'+suffix, { 'cn': ['nssauth'], 'objectClass': ['applicationProcess', 'simpleSecurityObject'], 'userPassword': ['FILL_IT'], }) ldapentry_auth = ('cn=auth,ou=services,ou=groups,'+suffix, { 'cn': ['auth'], 'objectClass': ['groupOfNames'], 'member': ['cn=nssauth,ou=service-users,'+suffix], }) ldapentry_posix = ('ou=posix,ou=groups,'+suffix, { 'ou': ['posix'], 'objectClass': ['organizationalUnit'], 'description': ['Groupes de comptes POSIX'], }) ldapentry_wifi = ('cn=wifi,ou=service-users,'+suffix, { 'cn': ['wifi'], 'objectClass': ['applicationProcess', 'simpleSecurityObject'], 'userPassword': ['FILL_IT'], }) ldapentry_usermgmt = ('cn=usermgmt,ou=services,ou=groups,'+suffix, { 'cn': ['usermgmt'], 'objectClass': ['groupOfNames'], 'member': ['cn=wifi,ou=service-users,'+suffix], }) ldapentry_replica = ('cn=replica,ou=service-users,'+suffix, { 'cn': ['replica'], 'objectClass': ['applicationProcess', 'simpleSecurityObject'], 'userPassword': ['FILL_IT'], }) ldapentry_readonly = ('cn=readonly,ou=services,ou=groups,'+suffix, { 'cn': ['readonly'], 'objectClass': ['groupOfNames'], 'member': ['cn=replica,ou=service-users,'+suffix, 'cn=freeradius,ou=service-users,'+suffix], }) ldapbasic = dict([ldapentry_Utilisateurs, ldapentry_groups, ldapentry_services, ldapentry_service_users, ldapentry_freeradius, ldapentry_nssauth, ldapentry_auth, ldapentry_posix, ldapentry_wifi, ldapentry_usermgmt, ldapentry_replica, ldapentry_readonly]) class DiscoverLdapRunner(DiscoverRunner): """Discovers all the tests in the project This is a simple subclass of the default test runner `django.test.runner.DiscoverRunner` that creates a test LDAP right after the test databases are setup and destroys it right before the test databases are setup. It also ensure re2o's settings are using this new LDAP. """ # The `volatildap.LdapServer` instance initiated with the minimal # structure required by Re2o ldap_server = volatildap.LdapServer( suffix=suffix, rootdn=rootdn, initial_data=ldapbasic, schemas=['core.schema', 'cosine.schema', 'inetorgperson.schema', 'nis.schema', radius_schema_path, samba_schema_path] ) def __init__(self, *args, **kwargs): settings.DATABASES['ldap']['USER'] = self.ldap_server.rootdn settings.DATABASES['ldap']['PASSWORD'] = self.ldap_server.rootpw settings.DATABASES['ldap']['NAME'] = self.ldap_server.uri settings.LDAP['base_user_dn'] = ldapentry_Utilisateurs[0] settings.LDAP['base_userservice_dn'] = ldapentry_service_users[0] settings.LDAP['base_usergroup_dn'] = ldapentry_posix[0] settings.LDAP['base_userservicegroup_dn'] = ldapentry_services[0] settings.LDAP['user_gid'] = ldapentry_Utilisateurs[1].get('gidNumber', ["500"])[0] LdapUser.base_dn = settings.LDAP['base_user_dn'] LdapUserGroup.base_dn = settings.LDAP['base_usergroup_dn'] LdapServiceUser.base_dn = settings.LDAP['base_userservice_dn'] LdapServiceUserGroup.base_dn = settings.LDAP['base_userservicegroup_dn'] super(DiscoverLdapRunner, self).__init__(*args, **kwargs) def setup_databases(self, *args, **kwargs): ret = super(DiscoverLdapRunner, self).setup_databases(*args, **kwargs) self.ldap_server.start() return ret def teardown_databases(self, *args, **kwargs): self.ldap_server.stop() super(DiscoverLdapRunner, self).teardown_databases(*args, **kwargs)