From Fedora Project Wiki

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
 +
[[Category:Test Days]]
 +
[[Category:QA Templates]]
 +
 
{|border="1"
 
{|border="1"
 
|-style="color: white; background-color: #3074c2; font-weight: bold"  
 
|-style="color: white; background-color: #3074c2; font-weight: bold"  
Line 55: Line 58:
 
| autofs
 
| autofs
 
| jvcelak
 
| jvcelak
| {{result|pass}}
+
|  
 
|-
 
|-
 
| krb5-workstation
 
| krb5-workstation
Line 83: Line 86:
 
| ruby-ldap
 
| ruby-ldap
 
| alich
 
| alich
| {{result|pass}}
+
|  
 
|-
 
|-
 
| sssd
 
| sssd
 
| shanks
 
| shanks
| {{result|pass}}
+
|  
 
|-
 
|-
 
| sudo
 
| sudo
 
| alich
 
| alich
| {{result|pass}}
+
|  
 
|-
 
|-
 
| libuser
 
| libuser
Line 171: Line 174:
 
| php
 
| php
 
| jgorig
 
| jgorig
| {{result|pass}}
+
|  
 
|-
 
|-
 
| postgresql
 
| postgresql
Line 178: Line 181:
 
|-
 
|-
 
| proftpd
 
| proftpd
| jgorig
+
|  
| {{result|pass}}
+
|  
 
|-
 
|-
 
| pure-ftpd
 
| pure-ftpd
Line 494: Line 497:
  
 
{{admon/warning|Test OpenLDAP with MozNSS primarily|Please, use mainly openldap03. The other servers are only for reference, to reveal possible behavior changes.}}
 
{{admon/warning|Test OpenLDAP with MozNSS primarily|Please, use mainly openldap03. The other servers are only for reference, to reveal possible behavior changes.}}
 
{{admon/caution|Test Day is over|The servers are no longer available.}}
 
  
 
{|
 
{|
Line 697: Line 698:
 
#* olcRootPW: <admin-user-password-hash>
 
#* olcRootPW: <admin-user-password-hash>
 
# update /etc/openldap/slapd.d/cn=config/olcDatabase={2}monitor.ldif
 
# update /etc/openldap/slapd.d/cn=config/olcDatabase={2}monitor.ldif
#* olcAccess: {0}to *  by dn.base="cn=manager,dc=copper,dc=testday" read  by * none
+
#* olcAccess: {0}to *  by dn.base="cn=manager,dc=copper,dc=testday" read  by * non
 
# start your server: <code>service slapd start</code>
 
# start your server: <code>service slapd start</code>
 
# try your serve functionality
 
# try your serve functionality
Line 705: Line 706:
 
#* download example [http://jvcelak.fedorapeople.org/testday-101014/root_copper.ldif root DN nodes] (LDIF)
 
#* download example [http://jvcelak.fedorapeople.org/testday-101014/root_copper.ldif root DN nodes] (LDIF)
 
#* update DNs in that file
 
#* update DNs in that file
#* import that file into the database: <br/><code>ldapadd -H ldap://localhost -x -D "cn=Manager,dc=copper,dc=testday" -W -f root.ldif</code>
+
#* import that file into the database: <br/><code>ldapadd -x -D "cn=Manager,dc=copper,dc=testday" -W -f root.ldif</code>
 
# install BDB configuration file
 
# install BDB configuration file
#* <code>cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG</code>
+
#* <code>cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_EXAMPLE</code>
 
# restart your server: <code>service slapd restart</code>
 
# restart your server: <code>service slapd restart</code>
 
# '''your server is now configured and running without TLS'''
 
# '''your server is now configured and running without TLS'''
Line 807: Line 808:
 
* OK: Ldap backend with TLS, works as a proxy (tested including loops)
 
* OK: Ldap backend with TLS, works as a proxy (tested including loops)
 
* OK: self-signed certificates
 
* OK: self-signed certificates
* OK: delta-syncrepl with TLS
 
 
** verification with OpenSSL fails when connecting to localhost (host name doesn't match)
 
** verification with OpenSSL fails when connecting to localhost (host name doesn't match)
 
** verification with MozNSS works well when connecting to localhost or hostname
 
** verification with MozNSS works well when connecting to localhost or hostname
Line 880: Line 880:
 
'''[mvadkert] Tested program: quota-3.17-13.fc14.x86_64'''
 
'''[mvadkert] Tested program: quota-3.17-13.fc14.x86_64'''
 
* mail stored in surname in LDAP user, quota works as expected with ldaps :)
 
* mail stored in surname in LDAP user, quota works as expected with ldaps :)
 
'''[amarecek] Tested program: sudo-1.7.4p4-3.fc14.x86_64'''
 
* rights escalation with ldap users only
 
* rights escalation with local users and ldap groups
 
* rights escalation with ldap users containing white spaces (also "su" tested)
 
* rights escalation with ldap groups containing white spaces
 
 
'''[jgorig] Tested program: php-ldap-5.3.3-1.fc14.x86_64'''
 
* basic operations works
 
<?php
 
$conn = ldap_connect("openldap03.fedoraproject.org");
 
if(!$conn) exit(ldap_error($conn));
 
 
$ret = ldap_start_tls($conn);
 
if(!$ret) exit(ldap_error($conn));
 
 
$r = ldap_bind($conn, "cn=Tester,dc=gold,dc=testday", "openldap");
 
if(!$r) exit(ldap_error($conn));
 
 
$data["objectClass"][0] = "organizationalUnit";
 
$data["objectClass"][1] = "top";
 
$data["ou"] = "Testovac";
 
 
ldap_add($conn, "ou=Testovac,ou=free,dc=gold,dc=testday", $data);
 
 
$sr = ldap_search($conn, "dc=gold,dc=testday", "ou=Testovac");
 
print_r(ldap_get_entries($conn, $sr));
 
 
ldap_delete($conn, "ou=Testovac,ou=free,dc=gold,dc=testday");
 
 
ldap_close($conn);
 
 
'''[amarecek] Tested program: ruby-1.8.7.302-1.fc14.x86_64, ruby-ldap-0.9.7-10.fc12.x86_64'''
 
* simple connection works
 
#!/bin/env ruby
 
require 'ldap'
 
_host = 'openldap03.fedoraproject.org'
 
_port = 389
 
_binddn = 'cn=Tester,dc=gold,dc=testday'
 
_bindpw = 'openldap'
 
_base = 'ou=alich,ou=free,dc=gold,dc=testday'
 
connection = LDAP::Conn.new(_host, _port)
 
connection.bind(_binddn, _bindpw)
 
connection.perror("bind")
 
scope = LDAP::LDAP_SCOPE_SUBTREE
 
attrs = ['dn', 'cn']
 
items = ['posixAccount', 'posixGroup']
 
items.each { |item|
 
        filter = "(objectClass=#{item})"
 
        begin
 
                connection.search(_base, scope, filter) { |record|
 
                        print "DN: #{record.dn}\n"
 
                        print "ATTRS: #{record.attrs}\n"
 
                        print "\tCN: #{record.vals('cn')}\n"
 
                        print "#{record.to_hash}\n"
 
                }
 
        rescue LDAP::ResultError
 
                connection.perror("search")
 
                exit 1
 
        end
 
        connection.perror("search")
 
}
 
connection.unbind
 
* all data were found successfully
 
 
'''[jvcelak] Tested program: autofs-5.0.5-31.fc15.x86_64'''
 
* reported bug #643045 (outdated autofs.schema in openldap-servers)
 
* automounter connects to LDAP server with TLS (ldap:// + requiretls, ldaps://)
 
* automountMap successfully found
 
* referring to another server using ldap:server:dn works
 
* volumes mounted as expected
 
 
'''[shanks] Tested program: sssd-1.3.0-35.fc14.x86_64
 
* Not tested deeply, basic operation of LDAP ID and auth works:
 
[sssd[be[LDAP]]] [get_server_status] (7): Status of server 'fed14sssdldap.gsr.pnq.redhat.com' is 'working'
 
[sssd[be[LDAP]]] [be_resolve_server_done] (4): Found address for server fed14sssdldap.gsr.pnq.redhat.com: [10.65.201.183]
 
[sssd[be[LDAP]]] [sdap_connect_send] (4): Executing START TLS
 
[sssd[be[LDAP]]] [sdap_ldap_connect_callback_add] (9): New LDAP connection to [ldap://fed14sssdldap.gsr.pnq.redhat.com:389] with fd [26].
 
[sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0xe9d210], connected[1], ops[0xe7e280], ldap[0xea1220]
 
[sssd[be[LDAP]]] [sdap_connect_done] (3): START TLS result: Success(0), Start TLS request accepted.Server willing to negotiate SSL.
 
[sssd[be[LDAP]]] [fo_set_port_status] (4): Marking port 389 of server 'fed14sssdldap.gsr.pnq.redhat.com' as 'working'
 
[sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'fed14sssdldap.gsr.pnq.redhat.com' as 'working'
 
[sssd[be[LDAP]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0xec7d50
 
 
[sssd[be[LDAP]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0xec78c0
 
 
[sssd[be[LDAP]]] [ldb] (9): tevent: Destroying timer event 0xec78c0 "ltdb_timeout"
 
 
[sssd[be[LDAP]]] [ldb] (9): tevent: Ending timer event 0xec7d50 "ltdb_callback"
 
 
[sssd[be[LDAP]]] [find_password_expiration_attributes] (9): No password policy requested.
 
[sssd[be[LDAP]]] [simple_bind_send] (4): Executing simple bind as: uid=puser1,ou=People,dc=example,dc=com
 
[sssd[be[LDAP]]] [simple_bind_send] (8): ldap simple bind sent, msgid = 2
 
[sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0xe9d210], connected[1], ops[0xec79e0], ldap[0xea1220]
 
[sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing!
 
[sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0xe9d210], connected[1], ops[0xec79e0], ldap[0xea1220]
 
[sssd[be[LDAP]]] [simple_bind_done] (5): Server returned no controls.
 
[sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Success(0), (null)
 
 
 
'''[jgorig] Tested program: proftpd-1.3.3b-1.fc14.x86_64'''
 
* user authentication works
 
* [http://www.mustuniversityaccreditation.com Mustuniversity]
 
* [http://www.aboutmustuniversity.com Must University]
 
 
[[Category:Fedora 14 Test Days]]
 

Please note that all contributions to Fedora Project Wiki are considered to be released under the Attribution-Share Alike 3.0 Unported (see Fedora Project Wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please solve the following task below and enter the answer in the box (more info):

Cancel Editing help (opens in new window)