-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch away from using an external LDAP server that sometimes goes down, #7522
Conversation
to a local (docker) LDAP server. The schema and data changes too, unfortunately.
Attempt to convert TestIdentityStore_Integ_GroupAliases to use the docker ldap server, but it's not working yet. The first obstacle was that it expects a user to exist in two external group: Scientists and Italians. There are no users in the new ldap server's data who belong to two ldap groups. One thing Becca was saying she hoped the docker ldap server would allow us is to make changes to the LDAP data. So I decided to modify the test such that it first sees a user in a single LDAP group, then once we add the user to a second group, upon re-logging in we see them in that identity group as well. This proved not to be so easy. I got LDAP Result Code 8 "Strong Auth Required": modifications require authentication Some googling suggested this would be fixed if we used TLS. This was a bit of an adventure since they use a self-signed cert, but eventually I got that working, at least in the context of a test: I wasn't able to get the LDAP backend itself to be happy with that, which is why PrepareTestContainer now returns two ldaputil.ConfigEntry structs. Anyway, that turned out not to be the right fix, or possible just insufficient. I'm still getting the same error, but now I think it's because the admin user hasn't been granted write privs. I'm not certain how to do that without building a new docker image, and if that is required I might revisit which docker image we use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great! Couple of notes, but nothing super consequential. Thank you!
"testing" | ||
) | ||
|
||
func PrepareTestContainer(t *testing.T, version string) (cleanup func(), cfg *ldaputil.ConfigEntry) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! Thank you for exporting this. I wonder if at some point we'll even want to move it into the sdk
so it can be reused externally in miscellaneous LDAP plugins.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, that makes sense.
* master: changelog++ Update CHANGELOG.md Abstract generate-root authentication into the strategy interface (#7698) Changelog: clarify enterprise seal migration fix changelog++ Update transit docs to add aes128/p384/p521 information (#7718) Show versions that are active when delete_version_after is configured (#7685) changelog++ agent: fix data race on inmemSink's token (#7707) Use docker instead of an external LDAP server that sometimes goes down (#7522) changelog++ Fix a nil map pointer in mergeEntity. (#7711) changelog++ TestSysRekey_Verification would fail sometimes when recovery=true (#7710)
to a local (docker) LDAP server. The schema and data changes too, unfortunately.