diff --git a/spec/tools/miqldap_to_sssd/cli_spec.rb b/spec/tools/miqldap_to_sssd/cli_spec.rb index 92b7a9f1648..6002872f177 100644 --- a/spec/tools/miqldap_to_sssd/cli_spec.rb +++ b/spec/tools/miqldap_to_sssd/cli_spec.rb @@ -20,6 +20,16 @@ expect(opts).to eq(:basedn_domain => "example.com") end + it "should parse bind DN" do + opts = described_class.new.parse(%w(-b cn=Manager,dc=example,dc=com)).options.slice(:bind_dn) + expect(opts).to eq(:bind_dn => "cn=Manager,dc=example,dc=com") + end + + it "should parse bind pwd" do + opts = described_class.new.parse(%w(-p password)).options.slice(:bind_pwd) + expect(opts).to eq(:bind_pwd => "password") + end + it "should parse TLS cacert path and directory" do opts = described_class.new.parse(%w(-c /a/path/to/a/cacert)).options.slice(:tls_cacert, :tls_cacertdir) expect(opts).to eq(:tls_cacert => "/a/path/to/a/cacert", :tls_cacertdir => "/a/path/to/a") diff --git a/spec/tools/miqldap_to_sssd/miqldap_configuration_spec.rb b/spec/tools/miqldap_to_sssd/miqldap_configuration_spec.rb index 0f5f7d3cebb..f222b39cbe7 100644 --- a/spec/tools/miqldap_to_sssd/miqldap_configuration_spec.rb +++ b/spec/tools/miqldap_to_sssd/miqldap_configuration_spec.rb @@ -4,19 +4,45 @@ describe MiqLdapToSssd::MiqLdapConfiguration do describe '#retrieve_initial_settings' do + let(:settings) { {:tls_cacert => 'cert', :basedn_domain => "example.com"} } + it 'raises an error when the basedn domain can not be determined' do expect(MiqLdapToSssd::LOGGER).to receive(:fatal) - subject = described_class.new(:basedn => nil, :basedn_domain => nil) + subject = described_class.new(settings.merge(:basedn => nil, :basedn_domain => nil)) expect { subject.retrieve_initial_settings }.to raise_error(MiqLdapToSssd::MiqLdapConfigurationArgumentError) end - it 'does not modify basedn_domain if providedn' do - subject = described_class.new(:basedn_domain => "example.com") + it 'when mode is ldap and bind dn is nil raises an error' do + expect(MiqLdapToSssd::LOGGER).to receive(:fatal) + subject = described_class.new(settings.merge(:mode => 'ldap', :bind_pwd => nil)) + expect { subject.retrieve_initial_settings }.to raise_error(MiqLdapToSssd::MiqLdapConfigurationArgumentError) + end + + it 'when mode is ldaps and bind dn is nil does not raises an error' do + expect(MiqLdapToSssd::LOGGER).to_not receive(:fatal) + subject = described_class.new(settings.merge(:mode => 'ldaps', :bind_dn => nil)) + expect { subject.retrieve_initial_settings }.to_not raise_error + end + + it 'when mode is ldap and bind pwd is nil raises an error' do + expect(MiqLdapToSssd::LOGGER).to receive(:fatal) + subject = described_class.new(settings.merge(:mode => 'ldap', :bind_pwd => nil)) + expect { subject.retrieve_initial_settings }.to raise_error(MiqLdapToSssd::MiqLdapConfigurationArgumentError) + end + + it 'when mode is ldaps and bind pwd is nil does not raises an error' do + expect(MiqLdapToSssd::LOGGER).to_not receive(:fatal) + subject = described_class.new(settings.merge(:mode => 'ldaps', :bind_pwd => nil)) + expect { subject.retrieve_initial_settings }.to_not raise_error + end + + it 'does not modify basedn_domain if provided' do + subject = described_class.new(settings.merge(:basedn_domain => "example.com")) expect(subject.retrieve_initial_settings[:basedn_domain]).to eq("example.com") end it 'sets basedn_domain from mixed case basedn' do - subject = described_class.new(:basedn => "CN=Users,DC=Example,DC=COM") + subject = described_class.new(settings.merge(:basedn => "CN=Users,DC=Example,DC=COM")) expect(subject.retrieve_initial_settings[:basedn_domain]).to eq("example.com") end end diff --git a/tools/miqldap_to_sssd/cli.rb b/tools/miqldap_to_sssd/cli.rb index ae0f7ffd1e6..18f60caccf3 100644 --- a/tools/miqldap_to_sssd/cli.rb +++ b/tools/miqldap_to_sssd/cli.rb @@ -18,6 +18,18 @@ def parse(args) :default => nil, :type => :string + opt :bind_dn, + "The Bind DN, credential to use to authenticate against LDAP e.g. cn=Manager,dc=example,dc=com", + :short => "b", + :default => nil, + :type => :string + + opt :bind_pwd, + "The Base DN domain name, e.g. example.com", + :short => "p", + :default => nil, + :type => :string + opt :tls_cacert, "Path to certificate file", :short => "c", diff --git a/tools/miqldap_to_sssd/miqldap_configuration.rb b/tools/miqldap_to_sssd/miqldap_configuration.rb index 02d6bf5ee67..731be6aed0a 100644 --- a/tools/miqldap_to_sssd/miqldap_configuration.rb +++ b/tools/miqldap_to_sssd/miqldap_configuration.rb @@ -6,6 +6,12 @@ class MiqLdapConfiguration NO_BASE_DN_DOMAIN = "Unable to determine base DN domain name\nA Base DN domain name must be " << "specified on the command line when a Base DN is not already configured.".freeze + NO_BIND_DN = "Unable to determine bind DN\nA Bind DN must be specified on the command " << + "line when a bind DN is not already configured.".freeze + + NO_BIND_PWD = "Unable to determine bind pwd\nA Bind pwd must be specified on the command " << + "line when a bind pwd is not already configured.".freeze + attr_accessor :initial_settings def initialize(options = {}) @@ -14,6 +20,8 @@ def initialize(options = {}) def retrieve_initial_settings check_for_tls_certs + check_for_bind_dn + check_for_bind_pwd derive_domain end @@ -26,6 +34,20 @@ def check_for_basedn_domain end end + def check_for_bind_dn + if initial_settings[:bind_dn].nil? && initial_settings[:mode] == "ldap" + LOGGER.fatal(NO_BIND_DN) + raise MiqLdapConfigurationArgumentError, NO_BIND_DN + end + end + + def check_for_bind_pwd + if initial_settings[:bind_pwd].nil? && initial_settings[:mode] == "ldap" + LOGGER.fatal(NO_BIND_PWD) + raise MiqLdapConfigurationArgumentError, NO_BIND_PWD + end + end + def check_for_tls_certs if initial_settings[:mode] == "ldaps" && initial_settings[:tls_cacert].nil? LOGGER.fatal(NO_TLS_CERTS)