· 7 years ago · Dec 19, 2018, 03:30 PM
1
2/**********************************************
3 * this is a summary of how to test ldap_user manually.
4 * it attempts to cover all facets of the automated simpletests
5 **********************************************/
6
7---------------------------------------
8--- setup
9Remove remnants of existing ldap_user install:
10- Disable and uninstall ldap_user module.
11- Clear any variables that may not have been uninstalled:
12 DELETE FROM variable where name like 'ldap_user%'
13- Delete the user(2) you use for testing.
14- Clear watchdog logs.
15
16# drush 5 commands for 1.
17drush -y pm-disable ldap_authorization_drupal_role
18drush -y pm-uninstall ldap_authorization_drupal_role
19drush -y pm-disable ldap_authorization_og
20drush -y pm-uninstall ldap_authorization_og
21drush -y pm-disable ldap_authorization
22drush -y pm-uninstall ldap_authorization
23drush -y pm-disable ldap_sso
24drush -y pm-uninstall ldap_sso
25drush -y pm-disable ldap_authentication
26drush -y pm-uninstall ldap_authentication
27drush -y pm-disable ldap_user
28drush -y pm-uninstall ldap_user
29drush -y sql-query "DELETE FROM variable where name like 'ldap_user%'"
30drush -y watchdog-delete all
31
32
332. Enable LDAP User module and create Drupal user test fields
34- Enable ldap_user module and check watchdog logs
35- Prepare user settings/entity for testing
36 -- add field_lname, field_fname, field_dept, and field_display_name text fields to Drupal user
37
38# drush 5 commands for 2.
39drush -y pm-enable ldap_user
40drush watchdog-show
41drush field-create user field_user_dept,text,text_textfield --entity_type=user
42drush field-create user field_user_lname,text,text_textfield --entity_type=user
43drush field-create user field_user_fname,text,text_textfield --entity_type=user
44drush field-create user field_user_display_name,text,text_textfield --entity_type=user
45---------------------------------------
46
47================================================================
48Tests for LDAP Entry ==> Drupal User Provisioning (simpletest: ldap_user/tests/ldap_user.test LdapUserIntegrationTests::testProvisionToDrupal)
49================================================================
506.A. Setup: Configure LDAP User for Provisioning Drupal Account from LDAP Entry (admin/config/people/ldap/user)
51 -- analogous simpletest configuration is in ldap_test/ldap_user.conf.inc in $conf['provisionToDrupalWithMappings']
52 A. LDAP Servers Providing Provisioning Data: Select enabled server
53 B. Drupal Account Provisioning Events: [x] Create or Synch to Drupal user anytime a Drupal user account is created or updated.
54 C. Existing Drupal User Account Conflict: [x] Associate Drupal account with LDAP Entry
55 D. Application of Drupal Account settings to LDAP Authenticated Users: [x] Account Creating Settings ... do not affect...
56 E. Basic Provisioning to LDAP Settings: for server, select "none"
57 F. Rest Webservice: leave disabled
58 G. Server mappings section. Provisioning from LDAP to Drupal mappings. (Source LDAP Tokens will vary from ldap to ldap)
59 i. [givenname] -- to drupal user -> Field: First Name [x] on drupal user creation [x] on synch...
60 ii. [sn:0] -- to drupal user -> Field: Last Name [x] on drupal user creation [x] on synch...
61 iii. [givenname] [sn] -- to drupal user -> Field: Display Name [x] on drupal user creation [ ] on synch...
62 iv. Physics -- to drupal user -> Field: Department [x] on drupal user creation [ ] on synch...
63
646.B. Event: Drupal user create provision/synching.
65 A. Create new user via admin/people/create [drush user-create jdoe --mail=test@test.com --password="sdfw3452352se"]
66 B. field_lname, field_fname, field_dept, and field_display_name should be visible and populated
67 C. goto admin/config/people/ldap/user/test enter the username and hit the test button. this will show the user object and entity
68 [drush user-information jdoe --full]
69 if the devel module is enabled. In "user object (before provisioning or synching)"
70 i. user object->ldap_user_puid_sid should be the id of the server
71 ii. user object->ldap_user_puid should be the value of the puid attribute
72 iii. user object->ldap_user_puid_property should be the name of the puid attribute
73 iv. user object->ldap_user_current_dn should be the dn of the ldap entry
74 v. user object->mail and init should be correct, matching email
75 vii. user authmap should be empty. this record is only generated when account created via ldap authentication
76 [drush -y sql-query "SELECT * FROM authmap WHERE authname = 'jdoe'"]
77 D. Now edit the the First Name, Last Name, Display Name, and Department for that user /user/[uid]/edit. and Save.
78 E. Results after save should be Dept and Display Name were changed; First name and Last Name reverted to LDAP provided first and last name.
79
806.C. Event: user logon/authenticate. Test create drupal account.
81 enable ldap authentication, mixed mode
82 A.1. Change "Drupal Account Provisioning Events" to only "...on successful authentication" (admin/config/people/ldap/user)
83 A.2. Authenticate with a user not in drupal (be sure user is deleted before test)
84 B. view the user from the user list (admin/people/people) and make sure
85 field_lname, field_fname, field_dept, and field_display_name should be visible and populated
86 or use [drush user-information jdoe --full]
87 C. goto admin/config/people/ldap/user/test/<username> and hit the test button. this will show the user object and entity
88 if the devel module is enabled
89 i. user object->ldap_user_puid_sid should be the id of the server
90 ii. user object->ldap_user_puid should be the value of the puid attribute
91 iii. user object->ldap_user_puid_property should be the name of the puid attribute
92 iv. user object->ldap_user_current_dn should be the dn of the ldap entry
93 v. user object->mail and init should be correct, matching email
94 vii. user authmap should have an entry where module=ldap_authentication and authname=username
95 [drush -y sql-query "SELECT * FROM authmap WHERE authname = 'jdoe'"]
96 D. Now edit the the First Name, Last Name, Display Name, and Department for that user /user/[uid]/edit. and Save.
97 E. Results after save should be Dept and Display Name were changed; First name and Last Name reverted to LDAP provided first and last name.
98 F. Change First Name, Last Name, Display Name, and Department in database manually.
99 E. Log user in again.
100 F. Results after save should be Dept and Display Name were changed; First name and Last Name reverted to LDAP provided first and last name.
101
102 ==============================================
103 Tests for provisioning from Drupal User => LDAP Entry
104 ==============================================
105
1067. General tests for ldap entry provisioning
107 A. Setup (as admin) in ldap user settings (admin/config/people/ldap/user)
108 - select "None" in "LDAP Servers Providing Provisioning Data"
109 - enable an ldap server in BASIC PROVISIONING TO LDAP SETTINGS
110 - check all "LDAP Entry Provisioning Events"
111 - disable REST webservice
112 - in mappings table (alter to fit your LDAP)
113 -- Source Drupal User Attribute or token | Target LDAP Token | on creation | on update
114 -- "cn=[property.name],ou=people,dc=ldap,dc=mycompany,dc=com" [dn] [x] [x]
115 -- 'Property: Username [cn] [x] [x]
116 -- mydrupalsite.com[property.uid] [guid] [x] [x]
117 -- [field.field_fname] [field.field_lname] [displayname] [x] [x]
118 -- [field.field_lname] [sn] [x] [ ]
119 -- [field.field_fname] [givenname] [x] [ ]
120
121 B. Create and approve new user, populating first and last name.
122 -- confirm that ldap entry exists with proper attributes from mapping
123 -- confirm that drupal user has no ldap authmap (unless was there before)
124 -- confirm there is no ldap_user_puid_sid, ldap_user_puid, ldap_user_puid_property, ldap_user_current_dn; these are for prov in other direction
125 -- confirm that user->ldap_user_prov_entries has a value of the form: <sid>|<dn> to indicate ldap account was provisioned based on this drupal user.
126
127 C. Change lastname, first name, and display name and save user
128 -- confirm that appropriate attributes were changed in ldap entry
129
130 D. Delete user in drupal.
131 -- confirm that ldap entry for user is removed.
132
1337.1 "provisionToLdapEmailVerification":
134Test ldap entry provisioning workflow: User requests account -> email verification of account -> user gets one time logon via email and sets password
135 A. Setup (as admin):
136 -- at admin/config/people/accounts: select "Visitors" and check "Require e-mail verification"
137 -- configure to ldap provisioning admin/config/people/ldap/user
138 -- [x] Create LDAP entry when a Drupal Account has a status of approved... in "LDAP Entry Provisioning Options"
139 -- [x] Update LDAP entry when Drupal Account that has a corresponding LDAP entry is updated...in "LDAP Entry Provisioning Options"
140 drush vset --yes user_email_verification 1
141 drush vset --yes user_register 1
142 -- map required fields and make sure password is one of the fields
143 B. Test
144 -- as anonymous user: create user at user/register.
145 -- as admin confirm that account was created, no ldap entry was created, and user has status of 1 (active)
146 -- as user, go to link in email.
147 -- as admin confirm that ldap entry is still not created
148 -- as user, click on first time logon button
149 -- desired result: ldap entry should be created, but ldap entry password will be none or random.
150 -- as user, set password and whatever initial user profile or fields you want
151 -- desired result: check that ldap entry has correct password and altered fields are correctly synched to ldap
152
153
154
1557.2 Test ldap entry provisioning workflow: Admin creates account that has a status of 1, but user requests new password to get started.
156
1578. Test admin/people/create form and LDAP Options.
158 8.1 Test validation of existing ldap user admin/people/create form
159 A. Setup. Enable and configure Drupal to LDAP provisioning of users.
160 On MANUAL DRUPAL ACCOUNT CREATION AND UPDATES, select "Show option on user create form".
161 B. Attempt to create user at admin/people/create with a username that conflicts with existing ldap entry.
162 Check "create corresponding ldap entry" on form.
163 C. Success: On form submit, error should indicate ldap user exists.
164
165 8.2 Test manual selection of ldap associate in admin/people/create form
166 A. Setup. On admin/config/people/ldap/user, set Existing Drupal User Account Conflict to "Don't associate"
167 On MANUAL DRUPAL ACCOUNT CREATION AND UPDATES, select "Show option on user create form".
168 B. at admin/people/create select "Make this an ldap associated account".
169 C. Success: in ldap user,
170 fields: ldap_user_puid_sid, ldap_user_current_dn, ldap_user_puid, ldap_user_puid_property should be populated if in use
171 other synch and provision fields should not be synched
172 in the database in the authmaps table, a record should exist with module=ldap_user and authname=<username tested>
173
174 8.3 Test manual selection of ldap associate AND "Create corresponding LDAP Entry" in admin/people/create form
175 A. Setup. On admin/config/people/ldap/user, set Existing Drupal User Account Conflict to "Don't associate"
176 On MANUAL DRUPAL ACCOUNT CREATION AND UPDATES, select "Show option on user create form".
177 Configure provisioning to ldap on admin/config/people/ldap/user
178 B. Manually create user that is not in ldap already.
179 Select: "Make this an ldap associated account"
180 Check: "create corresponding ldap entry"
181 submit
182 C. Success:
183 ldap entry exists,
184 drupal user exists,
185 fields: ldap_user_puid_sid, ldap_user_current_dn, ldap_user_puid, ldap_user_puid_property should be populated if in use
186 in the database in the authmaps table, a record should exist with module=ldap_user and authname=<username tested>
187 8.4 Test manual selection of "Create corresponding LDAP Entry" and Do not make this an LDAP Associated account in admin/people/create form
188 -- is this even allowable? What's the use case for this?