define const NodeAdmins* for mocked tests in helpers_test, reference …

…[WebServer].AuthenticationMethod in changelog

core/sessions/ldapauth/helpers_test.go

@@ -33,6 +33,14 @@ func NewTestLDAPAuthenticator(
 	return &ldapAuth, nil
 }
 
+// Default server group name mappings for test config and mocked ldap search results
+const (
+	NodeAdminsGroupCN   = "NodeAdmins"
+	NodeEditorsGroupCN  = "NodeEditors"
+	NodeRunnersGroupCN  = "NodeRunners"
+	NodeReadOnlyGroupCN = "NodeReadOnly"
+)
+
 // Implement a setter function within the _test file so that the ldapauth_test module can set the unexported field with a mock
 func (l *ldapAuthenticator) SetLDAPClient(newClient LDAPClient) {
 	l.ldapClient = newClient
@@ -95,19 +103,19 @@ func (t *TestConfig) ActiveAttributeAllowedValue() string {
 }
 
 func (t *TestConfig) AdminUserGroupCN() string {
-	return "NodeAdmins"
+	return NodeAdminsGroupCN
 }
 
 func (t *TestConfig) EditUserGroupCN() string {
-	return "NodeEditors"
+	return NodeEditorsGroupCN
 }
 
 func (t *TestConfig) RunUserGroupCN() string {
-	return "NodeRunners"
+	return NodeRunnersGroupCN
 }
 
 func (t *TestConfig) ReadUserGroupCN() string {
-	return "NodeReadOnly"
+	return NodeReadOnlyGroupCN
 }
 
 func (t *TestConfig) UserApiTokenEnabled() bool {

core/sessions/ldapauth/ldap_test.go

@@ -268,7 +268,7 @@ func TestORM_ListUsers_Full(t *testing.T) {
 	mockLdapConnProvider.On("Search", mock.AnythingOfType("*ldap.SearchRequest")).Return(&ldap.SearchResult{
 		Entries: []*ldap.Entry{
 			{
-				DN: "cn=NodeAdmins,ou=Groups,dc=example,dc=com",
+				DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeAdminsGroupCN),
 				Attributes: []*ldap.EntryAttribute{
 					{
 						Name: ldapauth.UniqueMemberAttribute,
@@ -285,7 +285,7 @@ func TestORM_ListUsers_Full(t *testing.T) {
 	mockLdapConnProvider.On("Search", mock.AnythingOfType("*ldap.SearchRequest")).Return(&ldap.SearchResult{
 		Entries: []*ldap.Entry{
 			{
-				DN: "cn=NodeEditors,ou=Groups,dc=example,dc=com",
+				DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeEditorsGroupCN),
 				Attributes: []*ldap.EntryAttribute{
 					{
 						Name: ldapauth.UniqueMemberAttribute,
@@ -527,11 +527,11 @@ func TestORM_MapSearchGroups(t *testing.T) {
 			"user in admin group only",
 			[]*ldap.Entry{
 				{
-					DN: "cn=NodeAdmins,ou=Users,dc=example,dc=com",
+					DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeAdminsGroupCN),
 					Attributes: []*ldap.EntryAttribute{
 						{
 							Name:   "cn",
-							Values: []string{"NodeAdmins"},
+							Values: []string{ldapauth.NodeAdminsGroupCN},
 						},
 					},
 				},
@@ -543,11 +543,11 @@ func TestORM_MapSearchGroups(t *testing.T) {
 			"user in edit group",
 			[]*ldap.Entry{
 				{
-					DN: "cn=NodeEditors,ou=Users,dc=example,dc=com",
+					DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeEditorsGroupCN),
 					Attributes: []*ldap.EntryAttribute{
 						{
 							Name:   "cn",
-							Values: []string{"NodeEditors"},
+							Values: []string{ldapauth.NodeEditorsGroupCN},
 						},
 					},
 				},
@@ -559,11 +559,11 @@ func TestORM_MapSearchGroups(t *testing.T) {
 			"user in run group",
 			[]*ldap.Entry{
 				{
-					DN: "cn=NodeRunners,ou=Users,dc=example,dc=com",
+					DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeRunnersGroupCN),
 					Attributes: []*ldap.EntryAttribute{
 						{
 							Name:   "cn",
-							Values: []string{"NodeRunners"},
+							Values: []string{ldapauth.NodeRunnersGroupCN},
 						},
 					},
 				},
@@ -575,11 +575,11 @@ func TestORM_MapSearchGroups(t *testing.T) {
 			"user in view role",
 			[]*ldap.Entry{
 				{
-					DN: "cn=NodeReadOnly,ou=Users,dc=example,dc=com",
+					DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeReadOnlyGroupCN),
 					Attributes: []*ldap.EntryAttribute{
 						{
 							Name:   "cn",
-							Values: []string{"NodeReadOnly"},
+							Values: []string{ldapauth.NodeReadOnlyGroupCN},
 						},
 					},
 				},
@@ -597,20 +597,20 @@ func TestORM_MapSearchGroups(t *testing.T) {
 			"user in run and view",
 			[]*ldap.Entry{
 				{
-					DN: "cn=NodeRunners,ou=Users,dc=example,dc=com",
+					DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeRunnersGroupCN),
 					Attributes: []*ldap.EntryAttribute{
 						{
 							Name:   "cn",
-							Values: []string{"NodeRunners"},
+							Values: []string{ldapauth.NodeRunnersGroupCN},
 						},
 					},
 				},
 				{
-					DN: "cn=NodeReadOnly,ou=Users,dc=example,dc=com",
+					DN: fmt.Sprintf("cn=%s,ou=Groups,dc=example,dc=com", ldapauth.NodeReadOnlyGroupCN),
 					Attributes: []*ldap.EntryAttribute{
 						{
 							Name:   "cn",
-							Values: []string{"NodeReadOnly"},
+							Values: []string{ldapauth.NodeReadOnlyGroupCN},
 						},
 					},
 				},

docs/CHANGELOG.md

@@ -11,7 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Added a new, optional WebServer authentication option that supports LDAP as a user identity provider. This enables user login access and user roles to be managed and provisioned via a centralized remote server that supports the LDAP protocol, which can be helpful when running multiple nodes. See the documentation for more information and config setup instructions. 
+- Added a new, optional WebServer authentication option that supports LDAP as a user identity provider. This enables user login access and user roles to be managed and provisioned via a centralized remote server that supports the LDAP protocol, which can be helpful when running multiple nodes. See the documentation for more information and config setup instructions. There is a new `[WebServer].AuthenticationMethod` config option, when set to `ldap` requires the new `[WebServer.LDAP]` config section to be defined, see the reference `docs/core.toml`.
+
 
 ### Changed