You are here

BasicTests.test in Lightweight Directory Access Protocol (LDAP) 8.2

Same filename and directory in other branches
  1. 7.2 ldap_authorization/tests/BasicTests.test

File

ldap_authorization/tests/BasicTests.test
View source
<?php

/**
 * @file
 * ldap_authentication simpletests
 *
 */
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
class LdapAuthorizationBasicTests extends LdapTestCase {
  public static function getInfo() {
    return array(
      'name' => 'LDAP Authorization Basic Tests',
      'description' => 'Test ldap authorization.',
      'group' => 'LDAP Authorization',
    );
  }
  function __construct($test_id = NULL) {
    parent::__construct($test_id);
  }
  public $module_name = 'ldap_authorization';
  protected $ldap_test_data;
  function setUp() {
    parent::setUp(array(
      'ldap_authentication',
      'ldap_authorization',
      'ldap_authorization_drupal_role',
      'ldap_test',
    ));

    // don't need any real servers, configured, just ldap_servers code base
    variable_set('ldap_simpletest', 2);
  }
  function tearDown() {
    parent::tearDown();
    variable_del('ldap_help_watchdog_detail');
    variable_del('ldap_simpletest');
  }

  /**
   * test install, api functions, and simple authorizations granted on logon
   */
  function testSimpleStuff() {

    // just to give warning if setup doesn't succeed.  may want to take these out at some point.
    $setup_success = module_exists('ldap_authentication') && module_exists('ldap_servers') && module_exists('ldap_authorization') && module_exists('ldap_authorization_drupal_role') && config('ldap_test.settings')
      ->get('simpletest') > 0;
    $this
      ->assertTrue($setup_success, ' ldap_authorizations setup successful', 'LDAP Authorization: Test Setup Success');
    $api_functions = array(
      'ldap_authorization_get_consumer_object' => array(
        1,
        1,
      ),
      'ldap_authorization_get_consumers' => array(
        3,
        0,
      ),
      'ldap_authorizations_user_authorizations' => array(
        4,
        1,
      ),
    );
    foreach ($api_functions as $api_function_name => $param_count) {
      $reflector = new ReflectionFunction($api_function_name);
      $this
        ->assertTrue(function_exists($api_function_name) && $param_count[1] == $reflector
        ->getNumberOfRequiredParameters() && $param_count[0] == $reflector
        ->getNumberOfParameters(), ' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', 'LDAP Server: API Functions');
    }

    // make sure ldap authorization doesn't break cron.
    $this
      ->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization enabled.'), 'LDAP Authorization: Cron Test');

    /**
     * this is geared toward testing logon functionality
     */
    $sid = 'activedirectory1';
    $testid = 'ExclusiveModeUserLogon3';
    $sids = array(
      $sid,
    );
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, $sids, 'provisionToDrupal', 'default', 'drupal_role_default');
    $hpotter_logon_edit = array(
      'name' => 'hpotter',
      'pass' => 'goodpwd',
    );
    $this
      ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP Authorization: Test Logon');
    $this
      ->assertTrue($this->testFunctions
      ->ldapUserIsAuthmapped('hpotter'), 'Ldap user properly authmapped.', 'LDAP Authorization: Test Logon');
    $hpotter = $this->testFunctions
      ->userByNameFlushingCache('hpotter');
    $roles = array_values($hpotter->roles);
    $desired_roles = array(
      'students',
      'authenticated user',
      'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu',
      'cn=honors students,ou=groups,dc=hogwarts,dc=edu',
    );
    $diff1 = array_diff($roles, $desired_roles);
    $diff2 = array_diff($desired_roles, $roles);
    $correct_roles = count($diff1) == 0 && count($diff2) == 0;
    $roles_display = join(', ', $roles);
    if (!$correct_roles) {
      debug('hpotter roles');
      debug($roles);
      debug('desired roles');
      debug($desired_roles);
    }
    $this
      ->assertTrue($correct_roles, t('hpotter granted correct roles on actual logon: %roles', array(
      '%roles' => $roles_display,
    )), 'LDAP Authorization: Test Logon for roles');
    $this
      ->drupalGet('user/logout');

    /**
     * test revoking of no longer deserved roles when revokeLdapProvisioned=1
     */
    $this->consumerAdminConf['drupal_role']->revokeLdapProvisioned = 1;
    $this->consumerAdminConf['drupal_role']
      ->save();

    // setup:  remove hpotter from honors members
    $test_data_pre_test = variable_get('ldap_test_server__' . $sid, NULL);
    $test_data = variable_get('ldap_test_server__' . $sid, NULL);
    $this
      ->removeUserFromGroup($test_data, 'cn=hpotter,ou=people,dc=hogwarts,dc=edu', 'cn=honors students,ou=groups,dc=hogwarts,dc=edu', "dc=hogwarts,dc=edu");
    variable_set('ldap_test_server__' . $sid, $test_data);
    $hpotter_dn = 'cn=hpotter,ou=people,dc=hogwarts,dc=edu';
    $this
      ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
    $hpotter = $this->testFunctions
      ->userByNameFlushingCache('hpotter');
    $roles = array_values($hpotter->roles);
    $this
      ->assertFalse(in_array('cn=honors students,ou=groups,dc=hogwarts,dc=edu', $roles), 'when revokeLdapProvisioned=1, removed role from user', 'LDAP Authorization: Test Logon');
    $this
      ->assertTrue(empty($hpotter->data['ldap_authorizations']['drupal_role']['cn=honors students,ou=groups,dc=hogwarts,dc=edu']), 'when revokeLdapProvisioned=1, removed user->data[ldap_authorizations][drupal_role][<role>]', 'LDAP Authorization: Test Logon');

    // return test data to original state
    variable_set('ldap_test_server__' . $sid, $test_data_pre_test);
    $this
      ->drupalGet('user/logout');

    /**
     * test regranting of removed roles (regrantLdapProvisioned = 0)
     */
    $hpotter = $this->testFunctions
      ->userByNameFlushingCache('hpotter');
    $roles = array_values($hpotter->roles);
    $this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 0;
    $this->consumerAdminConf['drupal_role']
      ->save();
    $this->testFunctions
      ->removeRoleFromUser($hpotter, "cn=gryffindor,ou=groups,dc=hogwarts,dc=edu");
    $this
      ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
    $hpotter = $this->testFunctions
      ->userByNameFlushingCache('hpotter');
    $roles = array_values($hpotter->roles);
    $this
      ->assertFalse(in_array("cn=gryffindor,ou=groups,dc=hogwarts,dc=edu", $roles), 'when regrantLdapProvisioned=0, did not regrant role on logon', 'LDAP Authorization: Test Logon');
    $this
      ->assertTrue(!empty($hpotter->data['ldap_authorizations']['drupal_role']['cn=gryffindor,ou=groups,dc=hogwarts,dc=edu']), 'when regrantLdapProvisioned=0, role is not regranted, but initial grant still remains in user->data[ldap_authorizations][drupal_role][<role>]', 'LDAP Authorization: Test Logon');
    $this
      ->drupalGet('user/logout');

    /**
     * test regranting of removed roles (regrantLdapProvisioned = 1)
     */
    $this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 1;
    $this->consumerAdminConf['drupal_role']
      ->save();
    $this
      ->drupalPost('user', $hpotter_logon_edit, t('Log in'));
    $hpotter = $this->testFunctions
      ->userByNameFlushingCache('hpotter');
    $roles = array_values($hpotter->roles);
    $this
      ->assertTrue(in_array("cn=gryffindor,ou=groups,dc=hogwarts,dc=edu", $roles), 'when regrantLdapProvisioned=0, did not regrant role on logon', 'LDAP Authorization: Test Logon');
    $this
      ->drupalGet('user/logout');
  }

  /**
   * authorization configuration flags tests clumped together
   */
  function testFlags() {
    $sid = 'activedirectory1';
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, array(
      $sid,
    ), 'provisionToDrupal', 'default', 'drupal_role_default');

    /**
     * LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed
     */
    $user = $this
      ->drupalCreateUser(array());
    $hpotter = $this->testFunctions
      ->drupalLdapUpdateUser(array(
      'name' => 'hpotter',
      'mail' => 'hpotter@hogwarts.edu',
    ), TRUE, $user);
    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query');

    // just see if the correct ones are derived.
    $roles1 = $new_authorizations['drupal_role'];

    // $consumer_conf_admin = ldap_authorization_get_consumer_admin_object('drupal_role', FALSE);
    $this->consumerAdminConf['drupal_role']->status = 0;
    $this->consumerAdminConf['drupal_role']
      ->save();
    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'drupal_role');

    // just see if the correct ones are derived.
    $roles2 = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array();
    $correct_roles = count($roles1) > 0 && count($roles2) == 0;

    // not worried about which roles here, just that some are granted
    $this
      ->assertTrue($correct_roles, 'disable consumer configuration disallows authorizations.', 'LDAP_authorz.Flags.status.0');
    if (!$correct_roles) {
      debug('LDAP_authorz.Flags.enable.0 roles with enabled');
      debug($roles1);
      debug('LDAP_authorz.Flags.enable.0 roles with disabled');
      debug($roles2);
    }

    /**
     * LDAP_authorz.onlyLdapAuthenticated=1: create normal user and
     * apply authorization query.  should return no roles
     */
    $this->consumerAdminConf['drupal_role']->onlyApplyToLdapAuthenticated = 1;
    $this->consumerAdminConf['drupal_role']->status = 1;
    $this->consumerAdminConf['drupal_role']
      ->save();
    $user = $this
      ->drupalCreateUser(array());
    $hgrainger = $this->testFunctions
      ->drupalLdapUpdateUser(array(
      'name' => 'hgrainger',
      'mail' => 'hgrainger@hogwarts.edu',
    ), TRUE, $user);

    // remove authmap in case it exists so test will work
    db_delete('authmap')
      ->condition('uid', $user->uid)
      ->condition('module', 'ldap_user')
      ->execute();
    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query');

    // just see if the correct ones are derived.
    $roles = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array();
    $success = count($roles) == 0;
    $this
      ->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', 'LDAP_authorz.onlyLdapAuthenticated.1');
    if (!$success) {
      debug('LDAP_authorz.onlyLdapAuthenticated.1');
      debug($roles);
      debug($this->testFunctions
        ->ldapUserIsAuthmapped('hgrainger'));
      debug($new_authorizations);
      debug($notifications);
    }

    /**
     * LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled
     */
    $this->consumerAdminConf['drupal_role']->synchOnLogon = 0;
    $this->consumerAdminConf['drupal_role']
      ->save();
    $edit = array(
      'name' => 'hgrainger',
      'pass' => 'goodpwd',
    );
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP_authorz.Flags.synchOnLogon.0');
    $this
      ->assertTrue($this->testFunctions
      ->ldapUserIsAuthmapped('hgrainger'), 'Ldap user properly authmapped.', 'LDAP_authorz.Flags.synchOnLogon.0');
    $hgrainger = user_load_by_name('hgrainger');
    $this
      ->drupalGet('user/logout');
    $this->consumerAdminConf['drupal_role']->synchOnLogon = 1;
    $this->consumerAdminConf['drupal_role']
      ->save();
    $edit = array(
      'name' => 'hgrainger',
      'pass' => 'goodpwd',
    );
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP_authorz.Flags.synchOnLogon=1');
    $hgrainger = user_load_by_name('hgrainger');
    $this
      ->drupalGet('user/logout');

    // create a couple roles for next 2 tests
    $troublemaker = new stdClass();
    $troublemaker->name = 'troublemaker';
    user_role_save($troublemaker);
    $troublemaker = user_role_load_by_name('troublemaker');
    $superadmin = new stdClass();
    $superadmin->name = 'superadmin';
    user_role_save($superadmin);
    $superadmin = user_role_load_by_name('superadmin');

    /**
     * LDAP_authorz.Flags.revokeLdapProvisioned: test flag for
     *   removing manually granted roles
     *
     *   $this->revokeLdapProvisioned == 1 : Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.
     *
     *   grant roles via ldap and some not vai ldap manually,
     *   then alter ldap so they are no longer valid,
     *   then logon again and make sure the ldap provided roles are revoked and the drupal ones are not revoked
     *
     */
    $this->consumerAdminConf['drupal_role']->onlyApplyToLdapAuthenticated = 0;
    $this->consumerAdminConf['drupal_role']->revokeLdapProvisioned = 1;
    $this->consumerAdminConf['drupal_role']->createConsumers = 1;
    $this->consumerAdminConf['drupal_role']
      ->save();

    // set correct roles manually
    $hpotter = user_load_by_name('hpotter');
    user_delete($hpotter->uid);
    $user = $this
      ->drupalCreateUser(array());
    $hpotter = $this->testFunctions
      ->drupalLdapUpdateUser(array(
      'name' => 'hpotter',
      'mail' => 'hpotter@hogwarts.edu',
    ), TRUE, $user);
    $edit = array(
      'name' => 'hpotter',
      'pass' => 'goodpwd',
    );
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $this
      ->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP_authorz.Flags.revokeLdapProvisioned=1');
    $hpotter = user_load_by_name('hpotter');

    // add an underserved, ldap granted drupal role superadmin
    // and an undeserved, non ldap granted role troublemaker
    $hpotter = user_load($hpotter->uid, TRUE);
    $roles = $hpotter->roles;
    $roles[$troublemaker->rid] = $troublemaker->name;
    $roles[$superadmin->rid] = $superadmin->name;
    $data = array(
      'roles' => $roles,
      'data' => array(
        'ldap_authorizations' => array(
          'drupal_role' => array(
            $superadmin->name => array(
              'date_granted' => 1304216778,
            ),
          ),
        ),
      ),
    );
    $hpotter = user_save($hpotter, $data);

    // apply correct authorizations.  should remove the administrator role but not the manually created 'troublemaker' role
    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'drupal_role', 'logon');
    $hpotter = user_load($hpotter->uid, TRUE);
    $this
      ->assertTrue(!isset($new_authorizations['drupal_role'][$superadmin->rid]), ' revoke superadmin ldap granted roles when no longer deserved.', 'LDAP_authorz.Flags.revokeLdapProvisioned=1');

    /**
     * LDAP_authorz.Flags.regrantLdapProvisioned
     * $this->regrantLdapProvisioned == 1 :
     *   Re grant !consumer_namePlural previously granted
     *   by LDAP Authorization but removed manually.
     *
     * - manually remove ldap granted role
     * - logon
     * - check if regranted
     */
    $this
      ->drupalGet('user/logout');
    $this->consumerAdminConf['drupal_role']->regrantLdapProvisioned = 1;
    $this->consumerAdminConf['drupal_role']
      ->save();
    $hpotter = user_load($hpotter->uid, TRUE);
    $roles = $hpotter->roles;
    unset($roles[$superadmin->rid]);
    user_save($hpotter, array(
      'roles' => $roles,
    ));
    $hpotter = user_load($hpotter->uid, TRUE);
    list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'drupal_role', 'logon');
    $hpotter = user_load($hpotter->uid, TRUE);
    $success = !in_array('administrator', array_values($hpotter->roles));
    $this
      ->assertTrue($success, 'regrant Ldap Provisioned roles that were manually revoked', 'LDAP_authorz.Flags.regrantLdapProvisioned=1');
    if (!$success) {
      debug('LDAP_authorz.Flags.regrantLdapProvisioned=1');
      debug('hpotter roles');
      debug($hpotter->roles);
      debug('new_authorizations');
      debug($new_authorizations);
    }

    /**
     * LDAP_authorz.Flags.createConsumers=1
     */

    //add new mapping to and enable create consumers
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, array(
      $sid,
    ), 'provisionToDrupal', 'default', 'drupal_role_default');
    $this
      ->drupalGet('user/logout');
    $new_role = 'oompa-loompas';
    $this->consumerAdminConf['drupal_role']->createConsumers = 1;
    $this->consumerAdminConf['drupal_role']->mappings[] = array(
      'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu',
      'user_entered' => $new_role,
      'normalized' => $new_role,
      'simplified' => $new_role,
      'valid' => TRUE,
      'error_message' => '',
    );
    $this->consumerAdminConf['drupal_role']
      ->save();

    //  debug('mappings'); debug($this->consumerAdminConf['drupal_role']->mappings);
    $edit = array(
      'name' => 'hpotter',
      'pass' => 'goodpwd',
    );
    $this
      ->drupalPost('user', $edit, t('Log in'));
    $new_role_created = in_array($new_role, array_values(user_roles()));

    // debug("roles"); debug(user_roles());
    $roles_by_name = array_flip(user_roles());
    $hpotter = user_load_by_name('hpotter');
    $hpotter = user_load($hpotter->uid, TRUE);
    $role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]);
    $this
      ->assertTrue($new_role_created && $role_granted, 'create consumers (e.g. roles)', 'LDAP_authorz.Flags.createConsumers=1');
    if (!($new_role_created && $role_granted)) {
      debug('roles');
      debug(user_roles());
      debug('roles by name');
      debug($roles_by_name);
      debug('hpotter->roles');
      debug($hpotter->roles);
      debug("new role desired: {$new_role}");
      debug("{$new_role_created} AND {$role_granted}");
    }
  }
  public function testUIForms() {
    $ldap_simpletest_initial = config('ldap_test.settings')
      ->get('simpletest');
    variable_del('ldap_simpletest');

    // need to be out of fake server mode to test ui.
    $sid = 'activedirectory1';
    $this
      ->prepTestData(LDAP_TEST_LDAP_NAME, array(
      $sid,
    ), 'provisionToDrupal', 'default');
    ldap_servers_module_load_include('php', 'ldap_servers', 'LdapServerAdmin.class');
    $ldap_server = new LdapServerAdmin($sid);
    $server_properties = $this->testFunctions->data['ldap_servers'][$sid]['properties'];
    foreach ($server_properties as $property => $value) {
      $ldap_server->{$property} = $value;
    }
    $ldap_server
      ->save('add');
    $consumer_form_data = array(
      'sid' => array(
        'activedirectory1',
        'activedirectory1',
      ),
      'status' => array(
        TRUE,
        TRUE,
      ),
      'only_ldap_authenticated' => array(
        FALSE,
        TRUE,
      ),
      'use_first_attr_as_groupid' => array(
        FALSE,
        TRUE,
      ),
      'mappings' => array(
        "a|b",
        "a|b",
      ),
      'use_filter' => array(
        FALSE,
        TRUE,
      ),
      'synchronization_modes[user_logon]' => array(
        TRUE,
        FALSE,
      ),
      'synchronization_actions[revoke_ldap_provisioned]' => array(
        TRUE,
        FALSE,
      ),
      'synchronization_actions[regrant_ldap_provisioned]' => array(
        FALSE,
        TRUE,
      ),
      'synchronization_actions[create_consumers]' => array(
        TRUE,
        FALSE,
      ),
    );
    $this->privileged_user = $this
      ->drupalCreateUser(array(
      'administer site configuration',
    ));
    $this
      ->drupalLogin($this->privileged_user);
    $ldap_server = ldap_servers_get_servers('activedirectory1', NULL, TRUE, TRUE);
    $this
      ->drupalGet('admin/config/people/ldap/servers/edit/activedirectory1');

    // this is just for debugging to show the server.
    $ldap_server_admin = new LdapServerAdmin($sid);
    if (!is_array($ldap_server_admin->basedn)) {
      $ldap_server_admin->basedn = @unserialize($ldap_server_admin->basedn);
      $ldap_server_admin
        ->save('update');
      $ldap_server_admin = new LdapServerAdmin($sid);
    }
    $this
      ->drupalGet('admin/config/people/ldap/servers/edit/activedirectory1');
    foreach (array(
      0,
    ) as $i) {
      foreach (array(
        'drupal_role',
      ) as $consumer_type) {
        foreach (array(
          1,
        ) as $ctools_enabled) {

          // may want to put this back in after ctools requirement is fixed
          $this->ldapTestId = "testUIForms.{$i}.{$consumer_type}.ctools.{$ctools_enabled}";
          if ($ctools_enabled) {
            module_enable(array(
              'ctools',
            ));
          }
          else {
            module_disable(array(
              'ctools',
            ));
          }
          $lcase_transformed = array();

          /** add server conf test **/
          $this
            ->drupalGet('admin/config/people/ldap/authorization/add/' . $consumer_type);
          $edit = array();
          foreach ($consumer_form_data as $input_name => $input_values) {
            $edit[$input_name] = $input_values[$i];
          }
          $this
            ->drupalPost('admin/config/people/ldap/authorization/add/' . $consumer_type, $edit, t('Add'));
          $field_to_prop_map = LdapAuthorizationConsumerConf::field_to_properties_map();
          $ldap_consumer = ldap_authorization_get_consumer_object($consumer_type);
          $this
            ->assertTrue(is_object($ldap_consumer), 'ldap consumer conf loaded after add-save', $this->ldapTestId . ' Add consumer configuration');

          // assert one ldap server exists in db table
          // assert load of server has correct properties for each input
          $mismatches = $this
            ->compareFormToProperties($ldap_consumer, $consumer_form_data, $i, $field_to_prop_map, $lcase_transformed);
          if (count($mismatches)) {
            debug('mismatches between ldap server properties and form submitted values');
            debug($mismatches);

            // debug($ldap_consumer);  // throw recursion
            debug($consumer_form_data);
          }
          $this
            ->assertTrue(count($mismatches) == 0, 'Add form for ldap consumer properties match values submitted.', $this->ldapTestId . ' Add consumer conf');

          /** update server conf test **/
          $this
            ->drupalGet('admin/config/people/ldap/authorization/edit/' . $consumer_type);
          $edit = array();
          foreach ($consumer_form_data as $input_name => $input_values) {
            if ($input_values[$i] !== NULL) {
              $edit[$input_name] = $input_values[$i];
            }
          }
          unset($edit['sid']);
          $this
            ->drupalPost('admin/config/people/ldap/authorization/edit/' . $consumer_type, $edit, t('Save'));
          $ldap_consumer = ldap_authorization_get_consumer_object($consumer_type);
          $this
            ->assertTrue(is_object($ldap_consumer), 'ldap consumer conf loaded after edit-save', $this->ldapTestId . ' update consumer configuration');
          $mismatches = $this
            ->compareFormToProperties($ldap_consumer, $consumer_form_data, $i, $field_to_prop_map, $lcase_transformed);
          if (count($mismatches)) {
            debug('mismatches between ldap server properties and form submitted values');
            debug($mismatches);

            // debug($ldap_consumer); // throw recursion
            debug($consumer_form_data);
          }
          $this
            ->assertTrue(count($mismatches) == 0, 'Update form for ldap server properties match values submitted.', $this->ldapTestId . '.Update consumer conf');

          /** delete server conf test **/
          $this
            ->drupalGet('admin/config/people/ldap/authorization/delete/' . $consumer_type);
          $this
            ->drupalPost('admin/config/people/ldap/authorization/delete/' . $consumer_type, array(), t('Delete'));
          ctools_include('export');
          ctools_export_load_object_reset('ldap_authorization');
          $consumer_conf = ldap_authorization_get_consumer_conf($consumer_type);

          //
          $pass = is_object($consumer_conf) && $consumer_conf->inDatabase === FALSE;
          $this
            ->assertTrue($pass, 'Delete form for consumer conf deleted conf.', $this->ldapTestId . '.Delete  consumer conf');
          if (!$pass) {
            debug('ldap consumer after delete. is_object=' . is_object($consumer_conf));
            debug('inDatabase?' . is_object($ldap_consumer) ? $consumer_conf->inDatabase : '?');
            debug("numericConsumerConfId" . $consumer_conf->numericConsumerConfId);
            debug("status" . $consumer_conf->status);
            debug("sid" . $consumer_conf->sid);
          }
        }
      }
    }
    variable_set('ldap_simpletest', $ldap_simpletest_initial);

    // return to fake server mode
  }

}

Classes