Skip to content

Commit 64cd974

Browse files
jkakavasjkakavas
authored
Fix Active Directory tests (elastic#47358)
Fixes multiple Active Directory related tests that run against the samba fixture. Some were failing since we changed the realm settings format in 7.0 and a few were slightly broken in other ways. We can move to cleanup the tests in a follow up but this work fits better to be done with or after we move the tests from a Samba based fixture to a real(-ish) Microsoft Active Directory based fixture. Resolves: elastic#33425, elastic#35738
1 parent f52afa3 commit 64cd974

File tree

11 files changed

+129
-170
lines changed

11 files changed

+129
-170
lines changed

x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/samba4.crt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDoDCCAoigAwIBAgIUMVGoHuyNTjTFaoRmqFELz75jzDEwDQYJKoZIhvcNAQEL
3+
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
4+
cmF0ZWQgQ0EwHhcNMTgwMjE1MTc0OTExWhcNMjEwMjE0MTc0OTExWjARMQ8wDQYD
5+
VQQDEwZzYW1iYTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtGBwa
6+
n+7JN2vweSUsYh4zPmh8RPIE+nEVjK1lx/rADUBY7UVjfTYC+MVKKiezZe7gYCNT
7+
7JNKazPpgVI9e3ZFKw/UxomLqRuuvn5bTh+1tMs3afY5+GGzi7oPmEbBO3ceg0Hi
8+
rNSTDa1rfroZnRYK8uIeSZacQnAW90plITI7rBBt9jq+W9albFbDybfDgNv+yS/C
9+
rzIsofm4rbFC3SMRYfrT6HvwDhjOmmYKZci5x7tsn0T+3tSiR44Bw5/DgiN5kX3m
10+
/kl9qg1eoYWbCUy1dKmQlb4Nb4uNcxrIugLB3zjBkfhMZ0OHoveKh/lJASTWik9k
11+
xQ9rEYbpsRbuXpsHAgMBAAGjgcwwgckwHQYDVR0OBBYEFJOLa7UXKtLPibgKeFh7
12+
Kq1+rS0/MG8GA1UdIwRoMGaAFGaNmN5mi9jaMW25MEWYgt+5OkDBoTikNjA0MTIw
13+
MAYDVQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBD
14+
QYIUdwsnIxjgSneHNVKT6JNCCsrQ3T0wLAYDVR0RBCUwI4IJbG9jYWxob3N0hwR/
15+
AAABhxAAAAAAAAAAAAAAAAAAAAABMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQAD
16+
ggEBAEHqT1WHkcF8DuOgyIBx7wKcUVQ5H1qYYlJ1xgMGrKFFZLUzouLcON7oadEu
17+
HLIJ4Z3AKD3bqWpcls5XJ9MTECGR48tou67x9cXqTV7jR3Rh0H/VGwzwhR85vbpu
18+
o8ielOPL8XAQOfnAFESJii5sfCU4ZwLg+3evmGZdKfhU6rqQtLimgG/Gm96vOJne
19+
y0a/TZTWrfAarithkOHHXSSAhEI5SdW5SlZAytF4AmYqFvafwxe1+NyFwfCRy0Xl
20+
H40WgVsq+z84psU+WyORb3THX5rgB4au9nuMXOqFKAtrJSI/uApncYraaqU28rqB
21+
gYd8XrtjhKOLw+6viqAKu8l7/cs=
22+
-----END CERTIFICATE-----

x-pack/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ADLdapUserSearchSessionFactoryTests.java

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@
66
package org.elasticsearch.xpack.security.authc.ldap;
77

88
import org.elasticsearch.action.support.PlainActionFuture;
9-
import org.elasticsearch.common.Strings;
109
import org.elasticsearch.common.settings.SecureString;
1110
import org.elasticsearch.common.settings.Settings;
1211
import org.elasticsearch.common.util.concurrent.ThreadContext;
@@ -15,10 +14,8 @@
1514
import org.elasticsearch.threadpool.TestThreadPool;
1615
import org.elasticsearch.threadpool.ThreadPool;
1716
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
18-
import org.elasticsearch.xpack.core.security.authc.ldap.support.LdapSearchScope;
1917
import org.elasticsearch.xpack.core.ssl.SSLService;
2018
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
21-
import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase;
2219
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
2320
import org.junit.After;
2421
import org.junit.Before;
@@ -49,7 +46,7 @@ public void init() throws Exception {
4946

5047
globalSettings = Settings.builder()
5148
.put("path.home", createTempDir())
52-
.put("xpack.security.authc.realms.active_directory.ad.ssl.certificate_authorities", certPath)
49+
.put("xpack.security.authc.realms.ldap.ad-as-ldap-test.ssl.certificate_authorities", certPath)
5350
.build();
5451
sslService = new SSLService(globalSettings, env);
5552
threadPool = new TestThreadPool("ADLdapUserSearchSessionFactoryTests");
@@ -60,15 +57,12 @@ public void shutdown() {
6057
terminate(threadPool);
6158
}
6259

63-
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/35738")
6460
public void testUserSearchWithActiveDirectory() throws Exception {
6561
String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com";
6662
String userSearchBase = "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
6763
Settings settings = Settings.builder()
68-
.put(LdapTestCase.buildLdapSettings(
69-
new String[] { ActiveDirectorySessionFactoryTests.AD_LDAP_URL },
70-
Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE, null,
71-
true))
64+
.put("url", ActiveDirectorySessionFactoryTests.AD_LDAP_URL)
65+
.put("group_search.base_dn", groupSearchBase)
7266
.put("user_search.base_dn", userSearchBase)
7367
.put("bind_dn", "ironman@ad.test.elasticsearch.com")
7468
.put("bind_password", ActiveDirectorySessionFactoryTests.PASSWORD)
@@ -79,13 +73,13 @@ public void testUserSearchWithActiveDirectory() throws Exception {
7973
Settings.Builder builder = Settings.builder()
8074
.put(globalSettings);
8175
settings.keySet().forEach(k -> {
82-
builder.copy("xpack.security.authc.realms.ad-as-ldap-test." + k, k, settings);
76+
builder.copy("xpack.security.authc.realms.ldap.ad-as-ldap-test." + k, k, settings);
8377

8478
});
8579
Settings fullSettings = builder.build();
8680
sslService = new SSLService(fullSettings, TestEnvironment.newEnvironment(fullSettings));
87-
RealmConfig config = new RealmConfig(new RealmConfig.RealmIdentifier("ad", "ad-as-ldap-test"), globalSettings,
88-
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
81+
RealmConfig config = new RealmConfig(new RealmConfig.RealmIdentifier("ldap", "ad-as-ldap-test"), fullSettings,
82+
TestEnvironment.newEnvironment(fullSettings), new ThreadContext(fullSettings));
8983
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
9084

9185
String user = "Bruce Banner";

x-pack/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/AbstractActiveDirectoryTestCase.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -84,10 +84,10 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IO
8484
Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
8585

8686
// fake realms so ssl will get loaded
87-
builder.putList("xpack.security.authc.realms.foo.ssl.certificate_authorities", certificatePaths);
88-
builder.put("xpack.security.authc.realms.foo.ssl.verification_mode", VerificationMode.FULL);
89-
builder.putList("xpack.security.authc.realms.bar.ssl.certificate_authorities", certificatePaths);
90-
builder.put("xpack.security.authc.realms.bar.ssl.verification_mode", VerificationMode.CERTIFICATE);
87+
builder.putList("xpack.security.authc.realms.active_directory.foo.ssl.certificate_authorities", certificatePaths);
88+
builder.put("xpack.security.authc.realms.active_directory.foo.ssl.verification_mode", VerificationMode.FULL);
89+
builder.putList("xpack.security.authc.realms.active_directory.bar.ssl.certificate_authorities", certificatePaths);
90+
builder.put("xpack.security.authc.realms.active_directory.bar.ssl.verification_mode", VerificationMode.CERTIFICATE);
9191
globalSettings = builder.build();
9292
Environment environment = TestEnvironment.newEnvironment(globalSettings);
9393
sslService = new SSLService(globalSettings, environment);

0 commit comments

Comments
 (0)