tests: LDAP - Improvements to LDIF test data#3506
Merged
polarathene merged 3 commits intodocker-mailserver:masterfrom Aug 28, 2023
Merged
tests: LDAP - Improvements to LDIF test data#3506polarathene merged 3 commits intodocker-mailserver:masterfrom
polarathene merged 3 commits intodocker-mailserver:masterfrom
Conversation
- The `uniqueIdentifier` attribute is not appropriate and was relying on `objectClass: extensibleObject` as a workaround to allow it. A more appropriate attribute to use instead is `userID` (_short name: `uid`_). - Removing `extensibleObject` now requires switching the user accounts to use `inetOrgPerson` class (_which inherits from `organizationalPerson`_). which allows the attributes `givenName`, `userID` and `mail` (_also provided via the `PostfixBookMailAccount` class_). - The LDAP root object now uses `dc` attributes for `example.test` instead of `localhost.localdomain`. This has nothing to do with DMS or LDAP containers networking config, nor the users mail addresses. - Users are now grouped under the organizational unit of `users` instead of `people`. Purely a naming change out of preference, no functional difference. The LDAP test ENV has been updated to accommodate the above changes. An additional ENV override was required for SASLAuthd to switch an attribute set for `ldap_filter` in `/etc/saslauthd.conf` from the implicit default of `uniqueIdentifier` (_that we set during startup as an ENV default for fallback_) to the `userID` attribute.
georglauterbach
approved these changes
Aug 28, 2023
casperklein
approved these changes
Aug 28, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Another iterative change for LDAP test.
I could stage these out in a multi-commit PR but I'm choosing to preserve some change history and provide smaller diff for review, before introducing a change for v13 (outside of the tests, but will also affect this LDAP test going forward).
No change to DMS beyond the LDAP test and it's test data.
Changes:
uniqueIdentifierattribute is not appropriate and was relying onobjectClass: extensibleObjectas a workaround to allow it. A more appropriate attribute to use instead isuserID(short name:uid).extensibleObjectnow requires switching the user accounts to useinetOrgPersonclass (which inherits fromorganizationalPerson). which allows the attributesgivenName,userIDandmail(also provided via thePostfixBookMailAccountclass).dcattributes forexample.testinstead oflocalhost.localdomain. This has nothing to do with DMS or LDAP containers networking config, nor the users mail addresses.usersinstead ofpeople. Purely a naming change out of preference, no functional difference.The LDAP test ENV has been updated to accommodate the above changes. An additional ENV override was required for SASLAuthd to switch an attribute set for
ldap_filterin/etc/saslauthd.conffrom the implicit default ofuniqueIdentifier(that we set during startup as an ENV default for fallback) to theuserIDattribute.Relevant history:
uniqueIdentifierwas introduce into DMS via the original LDAP support PR Add ldap auth for postfix and dovecot #352 but lacks information on the choice (that PR was another attempt building off from the work in Added features: saslauthd-ldap support, postfix-ldap support, postfix… #335 ). There is no mention of this attribute in LDAP docs for SASLAuthd, Dovecot, or Postfix.userIDas part of the LDAP DN for users and thus the lookup query filters may have a slight impact on test-cases for LDAP spoofing (SPOOF_PROTECTION=1), as theldap-senders.cffile (contributed by Add LDAP_QUERY_FILTER_SENDERS setting for spoof protection with LDAP #1902 ) has aresult_attributevalue ofmail, uid, returning theuserIDattribute which now exists in the LDIF test data. However, those test cases need some rework anyway 😅Type of change
Checklist: