Add test configuration for LDAP TLS server

Author: Isaiah Inuwa

src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml

@@ -28,6 +28,34 @@ and to test and view status
 
     docker exec -it slapd01 slapcat
 
+SLAPD OPENLDAP SERVER WITH TLS
+==============================
+
+The osixia/openldap container image automatically creates a TLS lisener with a self-signed certificate. This can be used to test TLS.
+
+Start the container, with TLS on port 1636, without client certificate verification:
+
+    docker run --publish 1389:389 --publish 1636:636 --name ldap --hostname ldap.local --detach --rm --env LDAP_TLS_VERIFY_CLIENT=never --env LDAP_ADMIN_PASSWORD=password osixia/openldap --loglevel debug
+
+Extract the CA certificate and write to a temporary file:
+
+    docker exec ldap cat /container/service/slapd/assets/certs/ca.crt > /tmp/ca.crt
+
+Set the LDAP client CA certificate path in `/etc/ldap/ldap.conf` so OpenLDAP trusts the self-signed certificate:
+
+    # /etc/ldap/ldap.conf
+    #...
+    TLS_CACERT /tmp/ca.crt
+
+Finally, map the `ldap.local` hostname manually set above to the loopback address:
+
+    # /etc/hosts
+    127.0.0.1 ldap.local
+
+To test and view the status:
+
+    ldapsearch -H ldaps://ldap.local:1636 -b dc=example,dc=org -x -D cn=admin,dc=example,dc=org -w password
+
 ACTIVE DIRECTORY
 ================
 
@@ -83,5 +111,14 @@ Note:
         <Password>%TESTPASSWORD%</Password>
         <AuthenticationTypes>ServerBind,None</AuthenticationTypes>
     </Connection>
+    <Connection Name="SLAPD OPENLDAP SERVER TLS">
+        <ServerName>ldap.local</ServerName>
+        <SearchDN>DC=example,DC=org</SearchDN>
+        <Port>1636</Port>
+        <User>cn=admin,dc=example,dc=org</User>
+        <Password>password</Password>
+        <AuthenticationTypes>ServerBind,None</AuthenticationTypes>
+        <UseTls>true</UseTls>
+    </Connection>
 
 </Configuration>

src/libraries/Common/tests/System/DirectoryServices/LdapConfiguration.cs

@@ -10,14 +10,15 @@ namespace System.DirectoryServices.Tests
 {
     internal class LdapConfiguration
     {
-        private LdapConfiguration(string serverName, string searchDn, string userName, string password, string port, AuthenticationTypes at)
+        private LdapConfiguration(string serverName, string searchDn, string userName, string password, string port, AuthenticationTypes at, bool useTls)
         {
             ServerName = serverName;
             SearchDn = searchDn;
             UserName = userName;
             Password = password;
             Port = port;
             AuthenticationTypes = at;
+            UseTls = useTls;
         }
 
         private static LdapConfiguration s_ldapConfiguration = GetConfiguration("LDAP.Configuration.xml");
@@ -30,6 +31,7 @@ private LdapConfiguration(string serverName, string searchDn, string userName, s
         internal string Port { get; set; }
         internal string SearchDn { get; set; }
         internal AuthenticationTypes AuthenticationTypes { get; set; }
+        internal bool UseTls { get; set; }
         internal string LdapPath => string.IsNullOrEmpty(Port) ? $"LDAP://{ServerName}/{SearchDn}" : $"LDAP://{ServerName}:{Port}/{SearchDn}";
         internal string RootDSEPath => string.IsNullOrEmpty(Port) ? $"LDAP://{ServerName}/rootDSE" : $"LDAP://{ServerName}:{Port}/rootDSE";
         internal string UserNameWithNoDomain
@@ -104,6 +106,7 @@ internal static LdapConfiguration GetConfiguration(string configFile)
                 string user = "";
                 string password = "";
                 AuthenticationTypes at = AuthenticationTypes.None;
+                bool useTls = false;
 
                 XElement child = connection.Element("ServerName");
                 if (child != null)
@@ -132,6 +135,12 @@ internal static LdapConfiguration GetConfiguration(string configFile)
                     password = val;
                 }
 
+                child = connection.Element("UseTls");
+                if (child != null)
+                {
+                    useTls = bool.Parse(child.Value);
+                }
+
                 child = connection.Element("AuthenticationTypes");
                 if (child != null)
                 {
@@ -161,7 +170,7 @@ internal static LdapConfiguration GetConfiguration(string configFile)
                             at |= AuthenticationTypes.Signing;
                     }
 
-                    ldapConfig = new LdapConfiguration(serverName, searchDn, user, password, port, at);
+                    ldapConfig = new LdapConfiguration(serverName, searchDn, user, password, port, at, useTls);
                 }
             }
             catch (Exception ex)

src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs

@@ -630,6 +630,7 @@ private LdapConnection GetConnection()
             // Set server protocol before bind; OpenLDAP servers default
             // to LDAP v2, which we do not support, and will return LDAP_PROTOCOL_ERROR
             connection.SessionOptions.ProtocolVersion = 3;
+            connection.SessionOptions.SecureSocketLayer = LdapConfiguration.Configuration.UseTls;
             connection.Bind();
 
             connection.Timeout = new TimeSpan(0, 3, 0);