Menu
I am using the Spring Security ActiveDirectoryLdapAuthenticationProvider with Spring Boot (annotation based config) to authenticate with Active Directory and generate tokens. All works fine.
I wish to add some integration tests that simulate the whole process, and I was thinking of maybe using the Spring embedded LDAP server for that.
I added this ldif file that I got from another example I found online.
#Actual test data
dn: dc=test,dc=com
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: local
# Organizational Units
dn: ou=groups,dc=test,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=test,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people
# Create People
dn: uid=testuser,ou=people,dc=test,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Test
sn: User
uid: testuser
password: secret
# Create Groups
dn: cn=developers,ou=groups,dc=test,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: developers
ou: developer
uniqueMember: uid=testuser,ou=people,dc=test,dc=com
dn: cn=managers,ou=groups,dc=test,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: managers
ou: manager
uniqueMember: uid=testuser,ou=people,dc=test,dc=com
But this of course does not include any of the Active Directory schema stuff.
Each user needs to have a sAMAccountName and needs to have the memberOf attribute to determine which groups it is in.
Is there any way to make this behave similar to active directory so that the Spring ActiveDirectoryLdapAuthenticationProvider binds to it with the user's username and password and gets its group membership to populate its authorities?
Otherwise if this is not viable, is there any other way to mock this and have a proper test?
244
We can populate the embedded LDAP server using a .ldif file. The following file populates the embedded LDAP server with organizational units, persons and groups. We use spring boot to bootstrap our application. Spring boot configures the embedded ldap server and populates it with corresponding entries found in the .ldif file.
LdapTemplate is used for creation and modification of LDAP entries: When we are working on a Spring Boot project, we can use Spring Boot Starter Data Ldap dependency that will automatically instrument LdapContextSource and LdapTemplate for us.
LDAP Authentication in Active Directory Spring Security There are two ways to implement active directory authentication using LDAP protocol in spring security, the first way is a programmatic and declarative way which requires some coding and some configuration.
For testing purposes, we create an embedded LDAP server and populate it test data, located in the test-schema.ldif file. The embedded LDAP server is created on startup, before our integration tests are executed. The LDAP servers gets populated using the following test-schema.ldif file. We are using this Person object to map our LDAP entries to.
You could use spring ldap-testing dependency which provides an Apache DS to setup an embedded ldap server. See
article: https://www.baeldung.com/spring-ldap#testing
sources: https://github.com/eugenp/tutorials/blob/master/spring-ldap/src/test/java/com/baeldung/ldap/javaconfig/TestConfig.java
Other in Memory LDAP Java implementation that you can use are: https://docs.ldap.com/ldap-sdk/docs/in-memory-directory-server.html
// Create the configuration to use for the server.
InMemoryDirectoryServerConfig config =
new InMemoryDirectoryServerConfig("dc=example,dc=com");
config.addAdditionalBindCredentials("cn=Directory Manager", "password");
// Create the directory server instance, populate it with data from the
// "test-data.ldif" file, and start listening for client connections.
InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
ds.importFromLDIF(true, "test-data.ldif");
ds.startListening();
Or: https://github.com/inbloom/ldap-in-memory
You could also use a full blown ldap server inside a testcontainer if you prefer a more production like scenario.
121
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
