diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5a93c351..e4ecfef0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -87,12 +87,12 @@ jobs: - name: Create ldif files run: node ./scripts/ldif.js && ls -la - name: Import ldif into openldap - run: ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f big-00000.ldif && ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f big-00001.ldif && ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f big-00002.ldif + run: ./scripts/import.sh - name: Build baton-ldap run: go build ./cmd/baton-ldap - name: Run baton-ldap run: ./baton-ldap - name: Revoke grants - run: ./baton-ldap --revoke-grant 'group:cn=testgroup00000,dc=example,dc=org:member:user:cn=testuser00999@example.com,dc=example,dc=org' && ./baton-ldap --revoke-grant 'group:cn=othertestgroup00000,dc=example,dc=org:member:user:cn=testuser00999@example.com,dc=example,dc=org' + run: ./baton-ldap --revoke-grant 'group:cn=testgroup00000,dc=example,dc=org:member:user:cn=testuser00099@example.com,dc=example,dc=org' && ./baton-ldap --revoke-grant 'group:cn=othertestgroup00000,dc=example,dc=org:member:user:cn=testuser00099@example.com,dc=example,dc=org' - name: Grant entitlements - run: ./baton-ldap --grant-entitlement 'group:cn=testgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00999@example.com,dc=example,dc=org' --grant-principal-type 'user' && ./baton-ldap --grant-entitlement 'group:cn=othertestgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00999@example.com,dc=example,dc=org' --grant-principal-type 'user' + run: ./baton-ldap --grant-entitlement 'group:cn=testgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00099@example.com,dc=example,dc=org' --grant-principal-type 'user' && ./baton-ldap --grant-entitlement 'group:cn=othertestgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00099@example.com,dc=example,dc=org' --grant-principal-type 'user' diff --git a/scripts/import.sh b/scripts/import.sh new file mode 100755 index 00000000..29c3bff9 --- /dev/null +++ b/scripts/import.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -euxo pipefail + + +for filename in big-*.ldif; do + [ -e "$filename" ] || continue + ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f "$filename" +done diff --git a/scripts/ldif.js b/scripts/ldif.js index 306b32b0..5e0a6734 100644 --- a/scripts/ldif.js +++ b/scripts/ldif.js @@ -8,18 +8,21 @@ const fs = require('node:fs'); const userCount = 1000; const groupCount = 50; const maxFileSize = 2000000; // php ldap admin has a 2MB limit +const usersPerGroup = 100; let fileSize = 0; let fileCount = 0; const baseFileName = "big-"; -let f; +let f = null; // Only pass strings that constitute full objects to write(). // Otherwise the object will span across multiple files and import will fail. function write (data, opts = {}) { fileSize += data.length; if (fileSize > maxFileSize) { - fs.closeSync(f); + if (f) { + fs.closeSync(f); + } fileSize = data.length; fileCount++; f = null; @@ -56,7 +59,7 @@ cn: testgroup${groupIdStr} gidNumber: ${groupId} `; - for (let userId = 0; userId < userCount; userId++) { + for (let userId = 0; userId < usersPerGroup; userId++) { const userIdStr = ("00000" + userId).slice(-5); groupStr += `memberUid: testuser${userIdStr}@example.com `; @@ -75,7 +78,7 @@ cn: othertestgroup${groupIdStr} owner: cn=testuser00000@example.com,dc=example,dc=org `; - for (let userId = 0; userId < userCount; userId++) { + for (let userId = 0; userId < usersPerGroup; userId++) { const userIdStr = ("00000" + userId).slice(-5); groupStr += `uniquemember: cn=testuser${userIdStr}@example.com,dc=example,dc=org `;