more ldap logging

2026-04-21 13:21:32 +10:00
parent d2a7145a4c
commit a8e38784d9
3 changed files with 183 additions and 36 deletions
@@ -124,3 +124,87 @@ func TestParseWhoAmIDN(t *testing.T) {
 		})
 	}
 }
+
+func TestUPNDomainFromBaseDN(t *testing.T) {
+	tests := []struct {
+		name   string
+		baseDN string
+		want   string
+	}{
+		{
+			name:   "standard dc chain",
+			baseDN: "dc=corpau,dc=wbcau,dc=westpac,dc=com,dc=au",
+			want:   "corpau.wbcau.westpac.com.au",
+		},
+		{
+			name:   "mixed dn parts",
+			baseDN: "ou=Users,dc=example,dc=com",
+			want:   "example.com",
+		},
+		{
+			name:   "no dc parts",
+			baseDN: "ou=Users,ou=Org",
+			want:   "",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := upnDomainFromBaseDN(tc.baseDN)
+			if got != tc.want {
+				t.Fatalf("unexpected upn domain from base dn: got=%q want=%q", got, tc.want)
+			}
+		})
+	}
+}
+
+func TestNormalizeBindUsername(t *testing.T) {
+	tests := []struct {
+		name        string
+		username    string
+		baseDN      string
+		wantUser    string
+		wantRewrite bool
+	}{
+		{
+			name:        "plain sam rewritten",
+			username:    "L075239",
+			baseDN:      "dc=corpau,dc=wbcau,dc=westpac,dc=com,dc=au",
+			wantUser:    "L075239@corpau.wbcau.westpac.com.au",
+			wantRewrite: true,
+		},
+		{
+			name:        "domain user rewritten",
+			username:    `CORPAU\L075239`,
+			baseDN:      "dc=corpau,dc=wbcau,dc=westpac,dc=com,dc=au",
+			wantUser:    "L075239@corpau.wbcau.westpac.com.au",
+			wantRewrite: true,
+		},
+		{
+			name:        "upn unchanged",
+			username:    "L075239@corpau.wbcau.westpac.com.au",
+			baseDN:      "dc=corpau,dc=wbcau,dc=westpac,dc=com,dc=au",
+			wantUser:    "L075239@corpau.wbcau.westpac.com.au",
+			wantRewrite: false,
+		},
+		{
+			name:        "dn unchanged",
+			username:    "CN=User,OU=Users,DC=corpau,DC=wbcau,DC=westpac,DC=com,DC=au",
+			baseDN:      "dc=corpau,dc=wbcau,dc=westpac,dc=com,dc=au",
+			wantUser:    "CN=User,OU=Users,DC=corpau,DC=wbcau,DC=westpac,DC=com,DC=au",
+			wantRewrite: false,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			gotUser, gotRewrite := normalizeBindUsername(tc.username, tc.baseDN)
+			if gotUser != tc.wantUser {
+				t.Fatalf("unexpected normalized bind username: got=%q want=%q", gotUser, tc.wantUser)
+			}
+			if gotRewrite != tc.wantRewrite {
+				t.Fatalf("unexpected rewrite flag: got=%v want=%v", gotRewrite, tc.wantRewrite)
+			}
+		})
+	}
+}