You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Instead of issuing a reload after pg_hba.conf changes between test
cases, run a full restart. With a reload, an error in the new
pg_hba.conf is ignored and the tests will continue to run with the old
settings, invalidating the subsequent test cases. With a restart, a
faulty pg_hba.conf will lead to the test being aborted, which is what
we'd rather want.
Copy file name to clipboardExpand all lines: src/test/ldap/t/001_auth.pl
+11-11
Original file line number
Diff line number
Diff line change
@@ -130,7 +130,7 @@ sub test_access
130
130
131
131
unlink($node->data_dir . '/pg_hba.conf');
132
132
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="uid=" ldapsuffix=",dc=example,dc=net"});
133
-
$node->reload;
133
+
$node->restart;
134
134
135
135
$ENV{"PGPASSWORD"} = 'wrong';
136
136
test_access($node, 'test0', 2, 'simple bind authentication fails if user not found in LDAP');
@@ -142,7 +142,7 @@ sub test_access
142
142
143
143
unlink($node->data_dir . '/pg_hba.conf');
144
144
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn"});
145
-
$node->reload;
145
+
$node->restart;
146
146
147
147
$ENV{"PGPASSWORD"} = 'wrong';
148
148
test_access($node, 'test0', 2, 'search+bind authentication fails if user not found in LDAP');
@@ -154,7 +154,7 @@ sub test_access
154
154
155
155
unlink($node->data_dir . '/pg_hba.conf');
156
156
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn?uid?sub"});
157
-
$node->reload;
157
+
$node->restart;
158
158
159
159
$ENV{"PGPASSWORD"} = 'wrong';
160
160
test_access($node, 'test0', 2, 'search+bind with LDAP URL authentication fails if user not found in LDAP');
@@ -166,7 +166,7 @@ sub test_access
166
166
167
167
unlink($node->data_dir . '/pg_hba.conf');
168
168
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"});
169
-
$node->reload;
169
+
$node->restart;
170
170
171
171
$ENV{"PGPASSWORD"} = 'secret1';
172
172
test_access($node, 'test1', 0, 'search filter finds by uid');
@@ -177,7 +177,7 @@ sub test_access
177
177
178
178
unlink($node->data_dir . '/pg_hba.conf');
179
179
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub?(|(uid=\$username)(mail=\$username))"});
180
-
$node->reload;
180
+
$node->restart;
181
181
182
182
$ENV{"PGPASSWORD"} = 'secret1';
183
183
test_access($node, 'test1', 0, 'search filter finds by uid');
@@ -189,7 +189,7 @@ sub test_access
189
189
# override. It might be useful in a case like this.
190
190
unlink($node->data_dir . '/pg_hba.conf');
191
191
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"});
192
-
$node->reload;
192
+
$node->restart;
193
193
194
194
$ENV{"PGPASSWORD"} = 'secret1';
195
195
test_access($node, 'test1', 0, 'combined LDAP URL and search filter');
@@ -199,7 +199,7 @@ sub test_access
199
199
# note bad ldapprefix with a question mark that triggers a diagnostic message
200
200
unlink($node->data_dir . '/pg_hba.conf');
201
201
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="?uid=" ldapsuffix=""});
202
-
$node->reload;
202
+
$node->restart;
203
203
204
204
$ENV{"PGPASSWORD"} = 'secret1';
205
205
test_access($node, 'test1', 2, 'any attempt fails due to bad search pattern');
@@ -209,31 +209,31 @@ sub test_access
209
209
# request StartTLS with ldaptls=1
210
210
unlink($node->data_dir . '/pg_hba.conf');
211
211
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)" ldaptls=1});
212
-
$node->reload;
212
+
$node->restart;
213
213
214
214
$ENV{"PGPASSWORD"} = 'secret1';
215
215
test_access($node, 'test1', 0, 'StartTLS');
216
216
217
217
# request LDAPS with ldapscheme=ldaps
218
218
unlink($node->data_dir . '/pg_hba.conf');
219
219
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapscheme=ldaps ldapport=$ldaps_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)"});
220
-
$node->reload;
220
+
$node->restart;
221
221
222
222
$ENV{"PGPASSWORD"} = 'secret1';
223
223
test_access($node, 'test1', 0, 'LDAPS');
224
224
225
225
# request LDAPS with ldapurl=ldaps://...
226
226
unlink($node->data_dir . '/pg_hba.conf');
227
227
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)"});
228
-
$node->reload;
228
+
$node->restart;
229
229
230
230
$ENV{"PGPASSWORD"} = 'secret1';
231
231
test_access($node, 'test1', 0, 'LDAPS with URL');
232
232
233
233
# bad combination of LDAPS and StartTLS
234
234
unlink($node->data_dir . '/pg_hba.conf');
235
235
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)" ldaptls=1});
236
-
$node->reload;
236
+
$node->restart;
237
237
238
238
$ENV{"PGPASSWORD"} = 'secret1';
239
239
test_access($node, 'test1', 2, 'bad combination of LDAPS and StartTLS');
0 commit comments