Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Greetings,
I was trying to establish a simple test to test the validity of the LDAP server and that LDAP module. Using the Harry Potter schema. However everything appears to be in good shape when I create my bash script. However, it appears that the grants.ldif file is missing. The hogwarts file with all the profiles/characters is in good shape, but I can't seem to find the grants.ldif file. I'm an ldap novice, so I wouldn't know how to create a grants.ldif file. I'm assuming it has something to do with permissions and commenting it out breaks the ldapadd function.
Thanks in advance,
Chad
Comments
Comment #2
grahlWill look into this next week
Comment #3
grahlHi Chad
The test data does not currently contain a grants file for OpenLDAP, the only thing we have at the moment is the informal group structure documented in documentation.notes.txt and groups.csv. The reason is that the test infrastructure in 7 relied on a separate test server implementation which simulated said data. If you were willing to provide a more complete example for OpenLDAP I'd very much appreciate it if we could get rid of those notes (and ideally directly add it to the Docker example).
Are you considering contributing your tests to this module or are you planning to just use them internally? I just want to give you a heads up that due to the dependency on a running LDAP server and the LDAP extension that I won't be merging any integration tests which cannot be run on drupal.org by itself, which has neither. Thus, the communication to OpenLDAP would have to be mocked and that's a significant effort, which is why I've for now focused on unit tests but any support here would be much appreciated.
Comment #4
grahlComment #5
grahlFull working docker example has been committed to docs.
Comment #7
grahlI'm reopening this since the current grants are insufficient (i.e. they are too lenient and do not present a clean test case).
Ideally, we'd have an exact profile for:
- service_account
- user
- anon_user
(Pure anon is probably pointless.)
Also, the service account profile should receive grants for modifying groups so this can be tested as well.
Help would be appreciated, I find the olcAccess schema rather incomprehensible.
Comment #8
grahlComment #9
grahl