Testing LDAP Backend

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Testing LDAP Backend

Jeff Anderson-6
Hello,

I'm trying to figure out how to write tests for ticket #2507, which is
the LDAP auth backend. I find it difficult to create repeatable tests
across different "supported" ldap servers. If I were to write tests for
a specific ldap server, I'd need to know what is in that server to make
the tests work. Furthermore, I'd need to know where that server is to
make it work.

I'd like an opinion on how to tackle this. I think that I should ship
some info that one could slapadd into an empty ldap server, and require
the test runner to put ldap settings in their test runner settings.py.

Is this too cumbersome for test runners? I really don't know how to make
it easier.

How do I handle the case where someone tries to run the test, but they
have supplied bad LDAP settings, or haven't added any data to ldap?

Thanks for any insight!


Jeff Anderson

http://code.djangoproject.com/ticket/2507


signature.asc (204 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Testing LDAP Backend

Malcolm Tredinnick


On Tue, 2008-11-25 at 10:52 -0700, Jeff Anderson wrote:

> Hello,
>
> I'm trying to figure out how to write tests for ticket #2507, which is
> the LDAP auth backend. I find it difficult to create repeatable tests
> across different "supported" ldap servers. If I were to write tests for
> a specific ldap server, I'd need to know what is in that server to make
> the tests work. Furthermore, I'd need to know where that server is to
> make it work.
>
> I'd like an opinion on how to tackle this. I think that I should ship
> some info that one could slapadd into an empty ldap server, and require
> the test runner to put ldap settings in their test runner settings.py.
>
> Is this too cumbersome for test runners? I really don't know how to make
> it easier.
>
> How do I handle the case where someone tries to run the test, but they
> have supplied bad LDAP settings, or haven't added any data to ldap?

I think this is going to be a difficult situation. By default, no
testing can really happen, since it's a bit of a burden to require
people to have a running LDAP server (or have one installed that can be
started up) just for this particular auth method. But having some tests
in that backend that can be run would be useful.

I don't know enough what needs to be supplied to the backend, but could
you look for a setting that contained username/password for a user in
the LDAP backend. Presumably there's already some server settings that
are required to tell Django (including the tests) where to look? So
somebody wanting to test this will need to have access to an LDAP server
and know a username and password that can be used to test against it.

It would be disappointing if this sort of change required normal test
running to become more complicated. But I haven't seen you suggesting
that would be the case and I'm willing to say that the LDAP backend just
doesn't get tested in the normal run of things (and you and one or two
other people are going to have to commit to running it regularly and
keeping up with changes; maybe somebody can provide a buildbot slave
that also tests it).

Analogous case, by the way, is we don't automatically test the modpython
handler, since requiring the full Apache setup is a bit of unnecessary
overhead for the core tests. It'd be nice to have some "can be run
manually" tests for that, but that's pretty far down the pony request
list.

Regards,
Malcolm



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django developers" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: Testing LDAP Backend

Ross Lawley-2
Hi,

I googled and noticed http://products.ingeniweb.com/catalog/iw-mock.ldap which allows mocking / monkey patching of the ldap interface.   Also custom ldif files could be created to test different settings / combinations (I'm not sure how much they can cover - things like pre binding for LDAP look up etc)

Where these tests would go I'm not sure - create an integration test directory?  At least any bugs for LDAP in the future could have test cases written for them and it would help stop any regressions.

Rozza

On Wed, Nov 26, 2008 at 1:22 AM, Malcolm Tredinnick <[hidden email]> wrote:


On Tue, 2008-11-25 at 10:52 -0700, Jeff Anderson wrote:
> Hello,
>
> I'm trying to figure out how to write tests for ticket #2507, which is
> the LDAP auth backend. I find it difficult to create repeatable tests
> across different "supported" ldap servers. If I were to write tests for
> a specific ldap server, I'd need to know what is in that server to make
> the tests work. Furthermore, I'd need to know where that server is to
> make it work.
>
> I'd like an opinion on how to tackle this. I think that I should ship
> some info that one could slapadd into an empty ldap server, and require
> the test runner to put ldap settings in their test runner settings.py.
>
> Is this too cumbersome for test runners? I really don't know how to make
> it easier.
>
> How do I handle the case where someone tries to run the test, but they
> have supplied bad LDAP settings, or haven't added any data to ldap?

I think this is going to be a difficult situation. By default, no
testing can really happen, since it's a bit of a burden to require
people to have a running LDAP server (or have one installed that can be
started up) just for this particular auth method. But having some tests
in that backend that can be run would be useful.

I don't know enough what needs to be supplied to the backend, but could
you look for a setting that contained username/password for a user in
the LDAP backend. Presumably there's already some server settings that
are required to tell Django (including the tests) where to look? So
somebody wanting to test this will need to have access to an LDAP server
and know a username and password that can be used to test against it.

It would be disappointing if this sort of change required normal test
running to become more complicated. But I haven't seen you suggesting
that would be the case and I'm willing to say that the LDAP backend just
doesn't get tested in the normal run of things (and you and one or two
other people are going to have to commit to running it regularly and
keeping up with changes; maybe somebody can provide a buildbot slave
that also tests it).

Analogous case, by the way, is we don't automatically test the modpython
handler, since requiring the full Apache setup is a bit of unnecessary
overhead for the core tests. It'd be nice to have some "can be run
manually" tests for that, but that's pretty far down the pony request
list.

Regards,
Malcolm






--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django developers" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---