diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2018-02-13 09:12:45 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2018-02-13 09:12:45 -0500 |
| commit | b4e2ada347bd8ae941171bd0761462e5b11b765d (patch) | |
| tree | 40e246e3e33456d8743aae032986b446ee848f92 | |
| parent | ebdb42a0d6a61b93a5bb9f4204408edf5959332c (diff) | |
| download | postgresql-b4e2ada347bd8ae941171bd0761462e5b11b765d.tar.gz postgresql-b4e2ada347bd8ae941171bd0761462e5b11b765d.zip | |
In LDAP test, restart after pg_hba.conf changes
Instead of issuing a reload after pg_hba.conf changes between test
cases, run a full restart. With a reload, an error in the new
pg_hba.conf is ignored and the tests will continue to run with the old
settings, invalidating the subsequent test cases. With a restart, a
faulty pg_hba.conf will lead to the test being aborted, which is what
we'd rather want.
| -rw-r--r-- | src/test/ldap/t/001_auth.pl | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl index 5508da459f3..a83d96ae919 100644 --- a/src/test/ldap/t/001_auth.pl +++ b/src/test/ldap/t/001_auth.pl @@ -130,7 +130,7 @@ note "simple bind"; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="uid=" ldapsuffix=",dc=example,dc=net"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'wrong'; test_access($node, 'test0', 2, 'simple bind authentication fails if user not found in LDAP'); @@ -142,7 +142,7 @@ note "search+bind"; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'wrong'; test_access($node, 'test0', 2, 'search+bind authentication fails if user not found in LDAP'); @@ -154,7 +154,7 @@ note "LDAP URLs"; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn?uid?sub"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'wrong'; test_access($node, 'test0', 2, 'search+bind with LDAP URL authentication fails if user not found in LDAP'); @@ -166,7 +166,7 @@ note "search filters"; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 0, 'search filter finds by uid'); @@ -177,7 +177,7 @@ note "search filters in LDAP URLs"; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub?(|(uid=\$username)(mail=\$username))"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 0, 'search filter finds by uid'); @@ -189,7 +189,7 @@ test_access($node, 'test2@example.net', 0, 'search filter finds by mail'); # override. It might be useful in a case like this. unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 0, 'combined LDAP URL and search filter'); @@ -199,7 +199,7 @@ note "diagnostic message"; # note bad ldapprefix with a question mark that triggers a diagnostic message unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="?uid=" ldapsuffix=""}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 2, 'any attempt fails due to bad search pattern'); @@ -209,7 +209,7 @@ note "TLS"; # request StartTLS with ldaptls=1 unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)" ldaptls=1}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 0, 'StartTLS'); @@ -217,7 +217,7 @@ test_access($node, 'test1', 0, 'StartTLS'); # request LDAPS with ldapscheme=ldaps unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapscheme=ldaps ldapport=$ldaps_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 0, 'LDAPS'); @@ -225,7 +225,7 @@ test_access($node, 'test1', 0, 'LDAPS'); # request LDAPS with ldapurl=ldaps://... unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)"}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 0, 'LDAPS with URL'); @@ -233,7 +233,7 @@ test_access($node, 'test1', 0, 'LDAPS with URL'); # bad combination of LDAPS and StartTLS unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)" ldaptls=1}); -$node->reload; +$node->restart; $ENV{"PGPASSWORD"} = 'secret1'; test_access($node, 'test1', 2, 'bad combination of LDAPS and StartTLS'); |