Hi Alex,
On Friday, June 15, 2007 3:34 PM, Alexander Klink wrote
> > > This should be combined with a check whether the child fails (see SCEP
> > > workflow). Still, this might lead to an infinitely looping workflow
> > > if the child does not end up in state 'SUCCESS' or 'FAILURE' for some
> > > reason ...
> > Yes, I tried that approach but looping happens time by time. May be it
is
> So what state is the LDAP publication workflow in if looping occurs?
> It has to be something else then 'SUCCESS' or 'FAILURE', right?
>
Right. Just in the middle of the process. Here and there.
> > I'll try to reproduce it and catch the log messages.
> That would be good. Maybe you can try writing test workflows that do
> nothing but sleeping to reproduce it? In this way, we could have an
> automated test for Workflow.pm and see when the problem goes away ...
Ok. I will try.
> > >> The main thing was to write a stand-alone package performing the
> > >> ldap operations and call it from workflow actions.
> > >> This way all main ldap operations can be tested automatically.
> > > Sounds good. But what LDAP server do you want to test it against? I
> > > believe it is possible to set up a test server using
Net::LDAP::Server,
> > > but it seems like it involves a good amount of work ...
> > I am using OpenLDAP as described in the draft.
> Hmmm, but that would introduce one more dependency on automated testing:
> an installed and configured OpenLDAP server. Have you looked into
> using Net::LDAP::Server yet?
>
Net::LDAP::Server has a rather poor functionality. Almost nothing.
I belive we cannot avoid more dependencies while using LDAP in OpenXPKI.
I have written a set of tests for the forthcoming LdapUtils.pm which
automatically configure, launch and stop OpenLDAP daemon.
This way we can check all the details: simple, SASL and TLS connections,
multivalue UTF-8 attributes and so on.
No modules uses LdapUtils.pm yet, so I could check it in together with the
test suite. To use it later I need to make more changes:
OpenXPKI::Init.pm - to add some new LDAP options in realm configuration,
OpenXPKI::Server::Workflow::Activity::LdapPublishing::*.pm - to use that
new realm configuration structure.
Then I could switch step by step LdapPublishing Activity to use the new
module.
Those changes will not affect the OpenXPKI server work as far as
<ldap_enable>no</ldap_enable>
is set in ldappublic.xml (hopefully).
Using OpenLDAP in test suite will be controlled by two environment
variables.
If they are not defined the server will not be configured and started and
the
corresponding tests will be skipped.
That is the plan. Comments are welcome.
Here is the draft of the manual for testing LdapUtils.pm
Using OpenLDAP and SASL to test OpenXPKI::LdapUtils
------------------------------------------------------------------
Tests for LdapUtils.pm check various types of connection to LDAP
server: simple bind via password, bind over TLS-session,
bind via SASL local database and using both TLS and SASL
with EXTERNAL mechanism.
To run those tests you need to configure LDAP-server and SASL.
The description assumes you are using the following software:
openldap-sasl-client
Open source LDAP client implementation
with SASL2 support
openldap-server
Open source LDAP server implementation
( use bdb type of database for testing )
cyrus-sasl2
RFC 2222 SASL (Simple Authentication and Security Layer)
Also perl package for SASL support must be installed:
Authen::SASL
Perl5 module for SASL authentication package
The main part of the procedure is described in guides for the
software mentioned above:
http://www.openldap.org/doc/admin23/
http://asg.web.cmu.edu/sasl/sasl-library.html
Ldap GUI browser could be useful to see what is going on:
WWW: http://www-unix.mcs.anl.gov/~gawor/ldap/index.html
After those steps are finished and you have the working
configuration of the ldap-server and sasl do the following steps:
1) Stop the ldap-server if running
In FreeBSD it is usually:
# /usr/etc/rc.d/slapd stop
3) Specify ldap-server configuration environment variables
to pass them to test script:
a) path to the ldap-server daemon -> OPENXPKI_LDAP_DAEMON_PATH
In the case of using csh and FreeBSD it may be:
# setenv OPENXPKI_LDAP_DAEMON_PATH /usr/local/libexec/slapd
b) path to the ldap-server modules -> OPENXPKI_LDAP_MODULE_PATH
In the case of using csh and FreeBSD it may be:
# setenv OPENXPKI_LDAP_MODULE_PATH /usr/local/libexec/openldap
4) permit ldap server to read sasldb2.db:
In the case of using FreeBSD you should probably add ldap server
owner ('ldap') to 'mail' group (cyrus assigns sasldb2 to mail group)
and run
# chmod 640 /usr/local/etc/sasldb2.db
5) add user 'sasl1' with password 'secret' to sasldb2.db :
# saslpasswd2 -c sasl1
(then insert password when asked)
6) run tests
How it works.
----------------
Test 00.t will perform the following tasks to prepaire the running
ldap-server for testing OpenXPKI::LdapUtils :
1) Check environment variables
OPENXPKI_LDAP_MODULE_PATH
OPENXPKI_LDAP_DAEMON_PATH
2) Check for already running ldap-server (via 'ps -U ldap')
3) Create directories for ldap_server files
4) Fill the xml-template faking realm configuration
5) Fill the xml-template of the ldap server config file
6) Create keys and certificates for TLS
7) Start ldap server
8) Create the top node in ldap tree
9) Create the semaphore file 'enable_talk_to_server'
to tell the other tests that they can use server
connections
Test 99.t will perform the following tasks to stop the running
ldap-server and make some cleanup :
1) Check for already running ldap-server and stop it
2) Delete directories for ldap_server files
3) Delete xml-file faking realm configuration
4) Delete semaphore file if it exists
Best regards,
Petr
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
OpenXPKI-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-devel
