Testplan for user_ldap 0.16.0

[GeraldLeikam]

User_Ldap Test Plan

Setup

Setup details (click to view)

• vi tasks/user_ldap.sh -> ldap_server=95.217.210.161 (small server from below)
• bash ./make_oc10_apps.sh user_ldap=0.16.0-rc2 windows_network_drive oauth2
  • https://oc1090beta1-ldap-0160-rc2-20211126.jw-qa.owncloud.works
• bash ./make_oc10_apps.sh user_ldap=0.15.4 windows_network_drive oauth2 (for upgrade testing!)
  • https://oc1090beta1-ldap-0154-20211126.jw-qa.owncloud.works

OpenLDAP:

Prepare one LDAP backends for testing either of:

1. big server

   • 1200 users, 50 groups via releases/oc10/apps/ldap/genusers.py
   • three base DNs (we initially configure only one to owncloud)
   • nested groups

2. small ldap server

• less than 1000 users, less than 40 groups
• two base DNs (we initially configure only one to owncloud)

(outdated: https://github.com/owncloud/docker-servers/tree/owncloud-openldap)

Testing functionality

Upgrade

• connect owncloud to ldap via previous release of user_ldap,
  • ldap users can log in
  • upgrade user_ldap to current release candidate
  • recurring ldap users can still log in.
  • new first time ldap users can log in
• connect owncloud to ldap via current release candidate
  • ldap users can log in

ldap:test-config

• Run occ command ldap:test-config with a valid configID
  • Access fine, The configuration is valid and the connection could be established!
• Run occ command ldap:test-config with a wrong host
  • (the host changed from a valid configuration) | Lost connection to LDAP server
• Run occ command ldap:test-config with empty password
  • The configuration is invalid. Please have a look at the logs for further details
• Run occ command ldap:test-config with invalid configID
  • ERROR: Invalid configID

ldap:show-config

• Run occ command ldap:show-config with no parameters
  • Show all configurations available | The 1st LDAP configuration we set has no id, only an empty chain #89
• Run occ command ldap:show-config with valid configID
  • Show only the specified configuration
• Run occ command ldap:show-config with invalid configID
  • ERROR: Invalid configID
• Run occ command ldap:show-config with show-password flag
  • ldapAgentPassword shows the password in the result
• Run occ command ldap:show-config without show-password flag
  • ldapAgentPassword hides the password in the result (uses “****”)

ldap:set-config

• Run occ command ldap:set-config with invalid configID
  • ERROR: Invalid configID
• Run occ command ldap:set-config with valid configID
  • The config is set

ldap:search

• Run occ command ldap:search with valid configuration and longer limit
  • Show results
• Run occ command ldap:search with offset multiple of limit (both positive)
  • Show results
• Run occ command ldap:search name (default configuration)
  • Show filtered results
• Run occ command ldap:search name (fixed configuration – added “displayName” and/or other attributes in the User Search Attributes field in the wizard)
  • Show filtered results
• XXX Run occ command ldap:search --group group (fixed configuration – added “displayName” and/or other attributes in the Group Search Attributes field in the wizard)
  • Show filtered results
• XXX Run occ command Group without search occ ldap:search --group ''
  • Show groups (currently 15 or less)

ldap:check-user

• Run occ command ldap:check-user with a good oC user id (the lengthy guuid string)
  • Show success message
• Run occ command ldap:check-user with a wrong oC user id
  • ERROR: ldap user not recognized
• Run occ command ldap:check-user with a good oC user id + disabled "Configuration Active" in Advanced->Connection settings
  • ERROR: Cannot check user existence, because disabled LDAP configurations are present.
• Run occ command ldap:check-user Good oc user id + all disabled configuration + force option; then enable the configuration and recheck
  • Success message

ldap:create-empty-config

• Run occ command ldap:create-empty-config
  • Creates an empty LDAP configuration

ldap:delete-config

• Run occ command ldap:delete-config
  • Deletes an existing LDAP configuration

user:sync

• Run occ command sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy"
  • This command syncs users stored in LDAP external backend service

ldap:update-group

• Run occ command ldap:update-group XXX Command no longer exists. obsoleted by user:sync
  • Update the specified group membership information stored locally

Test LDAP properties

• email Set a field as mail in advanced tab
  • check that the mails are set with the right backend information in personal page for LDAP users
• avatar Login with a user with an avatar field set in LDAP backend
  • The avatar is shown instead of the username
• nested group In advanced tab , check nested groups checkbox
  • In users page the nested group should appear with all the users of the subgroup
• internalUserAttribute In expert tab , set an attribute as Internal Username
  • The attribute is now used as internal Username

User account table integration

• Run occ user:sync -l
  • list all known backend classes
• Run occ user:sync "OCA\User_LDAP\User_Proxy"
  • synchronize LDAP users from a given backend to the accounts table
• Make changes in oC backend and ReRun occ user:sync "OCA\User_LDAP\User_Proxy" choosing disabling accounts option
  • Synchronize LDAP users from a given backend updated to the accounts table and disable the previous accounts
• Make changes in oC backend and ReRun occ user:sync "OCA\User_LDAP\User_Proxy" choosing deleting accounts option
  • Synchronize LDAP users from a given backend updated to the accounts table and delete the previous accounts

Wizard General

• configuration: from valid config, change to a wrong url and change back to the good ones
  • configuration is shown as ok
• user filter: choose one of the “only those object” select
  • Filter is correctly applied in the users page
• login filter: checked with LDAP username (uid) and with LDAP email
  • users can login with both uid and email fields
• More apps in the User authentication Panel
  • occ app:enable oauth2 -> The tabs do not overlap with user_ldap

Wizard Configuration Users

• 1. “Manually enter LDAP filters” is enabled
  2. The input field for manually writing LDAP filter is shown
  (“raw mode”)
  3. Click on “Edit LDAP Query”
  • 1. A Configuration Dialog is shown
    2. Subsqeuent action is coherent with button click (either switch or stay)
• 1a. “Manually enter LDAP filters” is enabled and assisted mode is active
  1b. or “Manually enter LDAP filters” is disabled
  3. Click on “Edit LDAP Query”
  • 1. Mode is toggled directly
    2. If assisted mode is activated for the first time, object class and groups detection is run once
• 1. Be in Assisted Mode
  2. Open object class multiselect
  3. Change values up to your choice and close it
  • 1. After closing, the LDAP filter is being updated (shown next to “LDAP Filter:”)
    2. The filter contains exactly all selected object classes
• 1. Have the extended group selector
  2. Perform search with the search input field
  • 1. According to the value entered groups are filtered correspondingly in both fields
• XXX 1. Have the extended group selector
  2. Select one or more groups in the “available groups” list
  3. Click the “>” / "<" buttons
  • XXX The selected groups are added to / removed as expected. -> user group two-column widget adds [object window] when nothing is selected #700
• 1. Have a properly set up filter
  2. Click on “Verify settings and count users”
  • 1. A count is done, indicated by a spinner next to the button
    2. When done, a label appears saying “xx users found”, if more then 1000 users are available “> 1000 users found“ is shown
• 1. Have a filter set up that does not return users
  2. Click on “Verify settings and count users”
  • 1. A count is done, indicated by a spinner next to the button
    2. When done, a label appears saying “0 users found”

Wizard Configuration groups

• 1. Have other tabs completed correctly
  2. “Manually enter LDAP filters” is disabled
  3. Move to Groups tab
  • XXX 1. Detection for Object Classes and Groups is running
    2.If more than 40 groups available, a different group selection tool is presented (not the known multiselect)
    3. No filter is created initially, no text next to “LDAP Filter:”
• 1. Have other tabs completed correctly
  2. “Manually enter LDAP filters” is enabled
  3. Move to Groups tab
  • 1. A raw input field for the LDAP filter is presented.
    2. The multi select box elements are disabled
    3. i.e. Neither object classes nor groups are being detected
• 1. “Manually enter LDAP filters” is enabled
  2. The input field for manually writing LDAP filter is shown
  (“raw mode”)
  3. Click on “Edit LDAP Query”
  • 1. A Configuration Dialog is shown
    2. Subsequent action is coherent with button click (either switch or stay)
• 1a. “Manually enter LDAP filters” is enabled and assisted mode is active
  1b. or “Manually enter LDAP filters” is disabled
  3. Click on “Edit LDAP Query”
  • 1. Mode is toggled directly
    2. If assisted mode is activated for the first time, object class and groups detection is run once
• 1. Have a filter set up that does not return groups
  2. Click on “Verify settings and count groups”
  • 1. A count is done, indicated by a spinner next to the button
    2. When done, a label appears saying “0 groups found”

Wizard Configuration Advanced

• 1. Have other tabs completed correctly
  2. Go to Advanced Tab
  3. Be in Connection Settings
  • 1. See that configuration is active
• 1. Have other tabs completed correctly
  2. Go to Advanced Tab
  3. Open Directory Settings
  • 1. User Display Name field should be not displayName, but displayname (lowercase) or cn (due to auto-detection in the background)
    2. Group-Member-Associtation should be correct (depends on OpenLDAP, AD typically has “member (AD)”)
• 1. Have other tabs completed correctly
  2. Go to Advanced Tab
  3. Open Special Attributes
  • 1. “Email field” should be filled in (given that at least one user has mail or mailPrimaryAddress set, So that auto-detection can do its job)
• 1. Click on “Test configuration”
  • 1. A message will appear with the result of the Test

Maintenance Commands

• occ ldap:invalidate-cache XXX take no parameter <user name>
• occ group:list-members <group name>
• occ user:list-groups <user id>
• occ file:scan --group <group>
• occ background:queue:ex ... TODO: find expected behacviour
• occ ldap:search --group ''

[jnweiger]

Changlog Testing

• Change color of warning sign for expert settings #678
• Fix user group selection layout #672 - ⛔ unclear reproducer -> fix user group selection layout #672 (comment)
• Add a command to invalidate the LDAP cache #670
• Adjust command description #671
• Drop PHP 7.2 in sonar-project.properties #680
• When checking memberof, apply the group filter after getting all groups #683 -> nested groups work when checkbox nested groups is unchecked #699
• Include "memberOf"-based algorithms to find users within groups Users in group algos rel0160 #697

[jnweiger]

Testplan completed with minor issues (but more complete than ever before)

QA passed.

[jnweiger]

Release done. Testplan updates merged back to template. Closing.