thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-07 08:03:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
7db2652ab3
ClickHouse/tests/testflows/ldap/authentication/requirements/requirements.py

1781 lines
66 KiB
Python
Raw Normal View History

Adding LDAP functional tests.
2020-06-29 12:55:27 +00:00
# These requirements were auto generated
# from software requirements specification (SRS)
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
# document by TestFlows v1.6.201216.1172002.
Adding LDAP functional tests.
2020-06-29 12:55:27 +00:00
# Do not edit by hand but re-generate instead
# using 'tfs requirements generate' command.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
from testflows.core import Specification
Adding LDAP functional tests.
2020-06-29 12:55:27 +00:00
from testflows.core import Requirement
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
Heading = Specification.Heading
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication = Requirement(
name='RQ.SRS-007.LDAP.Authentication',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support user authentication via an [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.1.1')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_MultipleServers = Requirement(
name='RQ.SRS-007.LDAP.Authentication.MultipleServers',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying multiple [LDAP] servers that can be used to authenticate\n'
'users.\n'
'\n'
),
link=None,
level=3,
num='4.1.2')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Protocol_PlainText = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Protocol.PlainText',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support user authentication using plain text `ldap://` non secure protocol.\n'
'\n'
),
link=None,
level=3,
num='4.1.3')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Protocol_TLS = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Protocol.TLS',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support user authentication using `SSL/TLS` `ldaps://` secure protocol.\n'
'\n'
),
link=None,
level=3,
num='4.1.4')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Protocol_StartTLS = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Protocol.StartTLS',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support user authentication using legacy `StartTLS` protocol which is a\n'
'plain text `ldap://` protocol that is upgraded to [TLS].\n'
'\n'
),
link=None,
level=3,
num='4.1.5')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_TLS_Certificate_Validation = Requirement(
name='RQ.SRS-007.LDAP.Authentication.TLS.Certificate.Validation',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support certificate validation used for [TLS] connections.\n'
'\n'
),
link=None,
level=3,
num='4.1.6')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_TLS_Certificate_SelfSigned = Requirement(
name='RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SelfSigned',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support self-signed certificates for [TLS] connections.\n'
'\n'
),
link=None,
level=3,
num='4.1.7')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_TLS_Certificate_SpecificCertificationAuthority = Requirement(
name='RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SpecificCertificationAuthority',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support certificates signed by specific Certification Authority for [TLS] connections.\n'
'\n'
),
link=None,
level=3,
num='4.1.8')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Server_Configuration_Invalid = Requirement(
name='RQ.SRS-007.LDAP.Server.Configuration.Invalid',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit user login if [LDAP] server configuration is not valid.\n'
'\n'
),
link=None,
level=3,
num='4.1.9')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_User_Configuration_Invalid = Requirement(
name='RQ.SRS-007.LDAP.User.Configuration.Invalid',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit user login if user configuration is not valid.\n'
'\n'
),
link=None,
level=3,
num='4.1.10')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Mechanism_Anonymous = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Mechanism.Anonymous',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit authentication using [Anonymous Authentication Mechanism of Simple Bind]\n'
'authentication mechanism.\n'
'\n'
),
link=None,
level=3,
num='4.1.11')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Mechanism_Unauthenticated = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Mechanism.Unauthenticated',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit authentication using [Unauthenticated Authentication Mechanism of Simple Bind]\n'
'authentication mechanism.\n'
'\n'
),
link=None,
level=3,
num='4.1.12')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Mechanism_NamePassword = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Mechanism.NamePassword',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL allow authentication using only [Name/Password Authentication Mechanism of Simple Bind]\n'
'authentication mechanism.\n'
'\n'
),
link=None,
level=3,
num='4.1.13')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Valid = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Valid',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL only allow user authentication using [LDAP] server if and only if\n'
'user name and password match [LDAP] server records for the user.\n'
'\n'
),
link=None,
level=3,
num='4.1.14')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Invalid = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Invalid',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit authentication if either user name or password\n'
'do not match [LDAP] server records for the user.\n'
'\n'
),
link=None,
level=3,
num='4.1.15')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Invalid_DeletedUser = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Invalid.DeletedUser',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit authentication if the user\n'
'has been deleted from the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.1.16')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_UsernameChanged = Requirement(
name='RQ.SRS-007.LDAP.Authentication.UsernameChanged',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit authentication if the username is changed\n'
'on the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.1.17')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_PasswordChanged = Requirement(
name='RQ.SRS-007.LDAP.Authentication.PasswordChanged',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit authentication if the password\n'
'for the user is changed on the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.1.18')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_LDAPServerRestart = Requirement(
name='RQ.SRS-007.LDAP.Authentication.LDAPServerRestart',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support authenticating users after [LDAP] server is restarted.\n'
'\n'
),
link=None,
level=3,
num='4.1.19')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_ClickHouseServerRestart = Requirement(
name='RQ.SRS-007.LDAP.Authentication.ClickHouseServerRestart',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support authenticating users after server is restarted.\n'
'\n'
),
link=None,
level=3,
num='4.1.20')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Parallel = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Parallel',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support parallel authentication of users using [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.1.21')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Parallel_ValidAndInvalid = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Parallel.ValidAndInvalid',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support authentication of valid users and\n'
'prohibit authentication of invalid users using [LDAP] server\n'
'in parallel without having invalid attempts affecting valid authentications.\n'
'\n'
),
link=None,
level=3,
num='4.1.22')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_UnreachableServer = Requirement(
name='RQ.SRS-007.LDAP.UnreachableServer',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL return an error and prohibit user login if [LDAP] server is unreachable.\n'
'\n'
),
link=None,
level=3,
num='4.2.1')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_Name = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.Name',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL not support empty string as a server name.\n'
'\n'
),
link=None,
level=3,
num='4.2.2')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_Host = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.Host',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<host>` parameter to specify [LDAP]\n'
'server hostname or IP, this parameter SHALL be mandatory and SHALL not be empty.\n'
'\n'
),
link=None,
level=3,
num='4.2.3')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_Port = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.Port',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<port>` parameter to specify [LDAP] server port.\n'
'\n'
),
link=None,
level=3,
num='4.2.4')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_Port_Default = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.Port.Default',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL use default port number `636` if `enable_tls` is set to `yes` or `389` otherwise.\n'
'\n'
),
link=None,
level=3,
num='4.2.5')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_AuthDN_Prefix = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Prefix',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<auth_dn_prefix>` parameter to specify the prefix\n'
'of value used to construct the DN to bound to during authentication via [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.6')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_AuthDN_Suffix = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Suffix',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<auth_dn_suffix>` parameter to specify the suffix\n'
'of value used to construct the DN to bound to during authentication via [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.7')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_AuthDN_Value = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Value',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL construct DN as `auth_dn_prefix + escape(user_name) + auth_dn_suffix` string.\n'
'\n'
"> This implies that auth_dn_suffix should usually have comma ',' as its first non-space character.\n"
'\n'
),
link=None,
level=3,
num='4.2.8')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<enable_tls>` parameter to trigger the use of secure connection to the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.9')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_Default = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Default',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL use `yes` value as the default for `<enable_tls>` parameter\n'
'to enable SSL/TLS `ldaps://` protocol.\n'
'\n'
),
link=None,
level=3,
num='4.2.10')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_No = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.No',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `no` as the value of `<enable_tls>` parameter to enable\n'
'plain text `ldap://` protocol.\n'
'\n'
),
link=None,
level=3,
num='4.2.11')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_Yes = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Yes',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `yes` as the value of `<enable_tls>` parameter to enable\n'
'SSL/TLS `ldaps://` protocol.\n'
'\n'
),
link=None,
level=3,
num='4.2.12')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_StartTLS = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.StartTLS',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `starttls` as the value of `<enable_tls>` parameter to enable\n'
'legacy `StartTLS` protocol that used plain text `ldap://` protocol, upgraded to [TLS].\n'
'\n'
),
link=None,
level=3,
num='4.2.13')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSMinimumProtocolVersion = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<tls_minimum_protocol_version>` parameter to specify\n'
'the minimum protocol version of SSL/TLS.\n'
'\n'
),
link=None,
level=3,
num='4.2.14')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSMinimumProtocolVersion_Values = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Values',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `ssl2`, `ssl3`, `tls1.0`, `tls1.1`, and `tls1.2`\n'
'as a value of the `<tls_minimum_protocol_version>` parameter.\n'
'\n'
),
link=None,
level=3,
num='4.2.15')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSMinimumProtocolVersion_Default = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Default',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL set `tls1.2` as the default value of the `<tls_minimum_protocol_version>` parameter.\n'
'\n'
),
link=None,
level=3,
num='4.2.16')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<tls_require_cert>` parameter to specify [TLS] peer\n'
'certificate verification behavior.\n'
'\n'
),
link=None,
level=3,
num='4.2.17')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Default = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Default',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL use `demand` value as the default for the `<tls_require_cert>` parameter.\n'
'\n'
),
link=None,
level=3,
num='4.2.18')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Demand = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Demand',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `demand` as the value of `<tls_require_cert>` parameter to\n'
'enable requesting of client certificate. If no certificate is provided, or a bad certificate is\n'
'provided, the session SHALL be immediately terminated.\n'
'\n'
),
link=None,
level=3,
num='4.2.19')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Allow = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Allow',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `allow` as the value of `<tls_require_cert>` parameter to\n'
'enable requesting of client certificate. If no\n'
'certificate is provided, the session SHALL proceed normally.\n'
'If a bad certificate is provided, it SHALL be ignored and the session SHALL proceed normally.\n'
'\n'
),
link=None,
level=3,
num='4.2.20')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Try = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Try',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `try` as the value of `<tls_require_cert>` parameter to\n'
'enable requesting of client certificate. If no certificate is provided, the session\n'
'SHALL proceed normally. If a bad certificate is provided, the session SHALL be\n'
'immediately terminated.\n'
'\n'
),
link=None,
level=3,
num='4.2.21')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Never = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Never',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying `never` as the value of `<tls_require_cert>` parameter to\n'
'disable requesting of client certificate.\n'
'\n'
),
link=None,
level=3,
num='4.2.22')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSCertFile = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSCertFile',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<tls_cert_file>` to specify the path to certificate file used by\n'
'[ClickHouse] to establish connection with the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.23')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSKeyFile = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSKeyFile',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<tls_key_file>` to specify the path to key file for the certificate\n'
'specified by the `<tls_cert_file>` parameter.\n'
'\n'
),
link=None,
level=3,
num='4.2.24')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSCACertDir = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSCACertDir',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<tls_ca_cert_dir>` parameter to specify to a path to\n'
'the directory containing [CA] certificates used to verify certificates provided by the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.25')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSCACertFile = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSCACertFile',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `<tls_ca_cert_file>` parameter to specify a path to a specific\n'
'[CA] certificate file used to verify certificates provided by the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.26')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_TLSCipherSuite = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.TLSCipherSuite',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `tls_cipher_suite` parameter to specify allowed cipher suites.\n'
'The value SHALL use the same format as the `ciphersuites` in the [OpenSSL Ciphers].\n'
'\n'
'For example,\n'
'\n'
'```xml\n'
'<tls_cipher_suite>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384</tls_cipher_suite>\n'
'```\n'
'\n'
'The available suites SHALL depend on the [OpenSSL] library version and variant used to build\n'
'[ClickHouse] and therefore might change.\n'
'\n'
),
link=None,
level=3,
num='4.2.27')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_Server_Syntax = Requirement(
name='RQ.SRS-007.LDAP.Configuration.Server.Syntax',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support the following example syntax to create an entry for an [LDAP] server inside the `config.xml`\n'
'configuration file or of any configuration file inside the `config.d` directory.\n'
'\n'
'```xml\n'
'<yandex>\n'
' <my_ldap_server>\n'
' <host>localhost</host>\n'
' <port>636</port>\n'
' <auth_dn_prefix>cn=</auth_dn_prefix>\n'
' <auth_dn_suffix>, ou=users, dc=example, dc=com</auth_dn_suffix>\n'
' <enable_tls>yes</enable_tls>\n'
' <tls_minimum_protocol_version>tls1.2</tls_minimum_protocol_version>\n'
' <tls_require_cert>demand</tls_require_cert>\n'
' <tls_cert_file>/path/to/tls_cert_file</tls_cert_file>\n'
' <tls_key_file>/path/to/tls_key_file</tls_key_file>\n'
' <tls_ca_cert_file>/path/to/tls_ca_cert_file</tls_ca_cert_file>\n'
' <tls_ca_cert_dir>/path/to/tls_ca_cert_dir</tls_ca_cert_dir>\n'
' <tls_cipher_suite>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384</tls_cipher_suite>\n'
' </my_ldap_server>\n'
'</yandex>\n'
'```\n'
'\n'
),
link=None,
level=3,
num='4.2.28')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_RBAC = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.RBAC',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support creating users identified using an [LDAP] server using\n'
'the following RBAC command\n'
'\n'
'```sql\n'
"CREATE USER name IDENTIFIED WITH ldap_server BY 'server_name'\n"
'```\n'
'\n'
),
link=None,
level=3,
num='4.2.29')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_Syntax = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.Syntax',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support the following example syntax to create a user that is authenticated using\n'
'an [LDAP] server inside the `users.xml` file or any configuration file inside the `users.d` directory.\n'
'\n'
'```xml\n'
'<yandex>\n'
' <users>\n'
' <user_name>\n'
' <ldap>\n'
' <server>my_ldap_server</server>\n'
' </ldap>\n'
' </user_name>\n'
' </users>\n'
'</yandex>\n'
'```\n'
'\n'
),
link=None,
level=3,
num='4.2.30')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_Name_Empty = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.Name.Empty',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL not support empty string as a user name.\n'
'\n'
),
link=None,
level=3,
num='4.2.31')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_BothPasswordAndLDAP = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.BothPasswordAndLDAP',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL throw an error if `<ldap>` is specified for the user and at the same\n'
'time user configuration contains any of the `<password*>` entries.\n'
'\n'
),
link=None,
level=3,
num='4.2.32')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_LDAP_InvalidServerName_NotDefined = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.NotDefined',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL throw an error during any authentication attempt\n'
'if the name of the [LDAP] server used inside the `<ldap>` entry\n'
'is not defined in the `<ldap_servers>` section.\n'
'\n'
),
link=None,
level=3,
num='4.2.33')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_LDAP_InvalidServerName_Empty = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.Empty',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL throw an error during any authentication attempt\n'
'if the name of the [LDAP] server used inside the `<ldap>` entry\n'
'is empty.\n'
'\n'
),
link=None,
level=3,
num='4.2.34')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_OnlyOneServer = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.OnlyOneServer',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support specifying only one [LDAP] server for a given user.\n'
'\n'
),
link=None,
level=3,
num='4.2.35')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_Name_Long = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.Name.Long',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support long user names of at least 256 bytes\n'
'to specify users that can be authenticated using an [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.36')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Configuration_User_Name_UTF8 = Requirement(
name='RQ.SRS-007.LDAP.Configuration.User.Name.UTF8',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support user names that contain [UTF-8] characters.\n'
'\n'
),
link=None,
level=3,
num='4.2.37')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Username_Empty = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Username.Empty',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL not support authenticating users with empty username.\n'
'\n'
),
link=None,
level=3,
num='4.2.38')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Username_Long = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Username.Long',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support authenticating users with a long username of at least 256 bytes.\n'
'\n'
),
link=None,
level=3,
num='4.2.39')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Username_UTF8 = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Username.UTF8',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support authentication users with a username that contains [UTF-8] characters.\n'
'\n'
),
link=None,
level=3,
num='4.2.40')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Password_Empty = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Password.Empty',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL not support authenticating users with empty passwords\n'
'even if an empty password is valid for the user and\n'
'is allowed by the [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.41')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Password_Long = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Password.Long',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support long password of at least 256 bytes\n'
'that can be used to authenticate users using an [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.42')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
RQ_SRS_007_LDAP_Authentication_Password_UTF8 = Requirement(
name='RQ.SRS-007.LDAP.Authentication.Password.UTF8',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support [UTF-8] characters in passwords\n'
'used to authenticate users using an [LDAP] server.\n'
'\n'
),
link=None,
level=3,
num='4.2.43')
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
SRS_007_ClickHouse_Authentication_of_Users_via_LDAP = Specification(
name='SRS-007 ClickHouse Authentication of Users via LDAP',
description=None,
author=None,
date=None,
status=None,
approved_by=None,
approved_date=None,
approved_version=None,
version=None,
group=None,
type=None,
link=None,
uid=None,
parent=None,
children=None,
headings=(
Heading(name='Revision History', level=1, num='1'),
Heading(name='Introduction', level=1, num='2'),
Heading(name='Terminology', level=1, num='3'),
Heading(name='Requirements', level=1, num='4'),
Heading(name='Generic', level=2, num='4.1'),
Heading(name='RQ.SRS-007.LDAP.Authentication', level=3, num='4.1.1'),
Heading(name='RQ.SRS-007.LDAP.Authentication.MultipleServers', level=3, num='4.1.2'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Protocol.PlainText', level=3, num='4.1.3'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Protocol.TLS', level=3, num='4.1.4'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Protocol.StartTLS', level=3, num='4.1.5'),
Heading(name='RQ.SRS-007.LDAP.Authentication.TLS.Certificate.Validation', level=3, num='4.1.6'),
Heading(name='RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SelfSigned', level=3, num='4.1.7'),
Heading(name='RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SpecificCertificationAuthority', level=3, num='4.1.8'),
Heading(name='RQ.SRS-007.LDAP.Server.Configuration.Invalid', level=3, num='4.1.9'),
Heading(name='RQ.SRS-007.LDAP.User.Configuration.Invalid', level=3, num='4.1.10'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Mechanism.Anonymous', level=3, num='4.1.11'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Mechanism.Unauthenticated', level=3, num='4.1.12'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Mechanism.NamePassword', level=3, num='4.1.13'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Valid', level=3, num='4.1.14'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Invalid', level=3, num='4.1.15'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Invalid.DeletedUser', level=3, num='4.1.16'),
Heading(name='RQ.SRS-007.LDAP.Authentication.UsernameChanged', level=3, num='4.1.17'),
Heading(name='RQ.SRS-007.LDAP.Authentication.PasswordChanged', level=3, num='4.1.18'),
Heading(name='RQ.SRS-007.LDAP.Authentication.LDAPServerRestart', level=3, num='4.1.19'),
Heading(name='RQ.SRS-007.LDAP.Authentication.ClickHouseServerRestart', level=3, num='4.1.20'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Parallel', level=3, num='4.1.21'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Parallel.ValidAndInvalid', level=3, num='4.1.22'),
Heading(name='Specific', level=2, num='4.2'),
Heading(name='RQ.SRS-007.LDAP.UnreachableServer', level=3, num='4.2.1'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.Name', level=3, num='4.2.2'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.Host', level=3, num='4.2.3'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.Port', level=3, num='4.2.4'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.Port.Default', level=3, num='4.2.5'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Prefix', level=3, num='4.2.6'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Suffix', level=3, num='4.2.7'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Value', level=3, num='4.2.8'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS', level=3, num='4.2.9'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Default', level=3, num='4.2.10'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.No', level=3, num='4.2.11'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Yes', level=3, num='4.2.12'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.StartTLS', level=3, num='4.2.13'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion', level=3, num='4.2.14'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Values', level=3, num='4.2.15'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Default', level=3, num='4.2.16'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert', level=3, num='4.2.17'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Default', level=3, num='4.2.18'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Demand', level=3, num='4.2.19'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Allow', level=3, num='4.2.20'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Try', level=3, num='4.2.21'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Never', level=3, num='4.2.22'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSCertFile', level=3, num='4.2.23'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSKeyFile', level=3, num='4.2.24'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSCACertDir', level=3, num='4.2.25'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSCACertFile', level=3, num='4.2.26'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.TLSCipherSuite', level=3, num='4.2.27'),
Heading(name='RQ.SRS-007.LDAP.Configuration.Server.Syntax', level=3, num='4.2.28'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.RBAC', level=3, num='4.2.29'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.Syntax', level=3, num='4.2.30'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.Name.Empty', level=3, num='4.2.31'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.BothPasswordAndLDAP', level=3, num='4.2.32'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.NotDefined', level=3, num='4.2.33'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.Empty', level=3, num='4.2.34'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.OnlyOneServer', level=3, num='4.2.35'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.Name.Long', level=3, num='4.2.36'),
Heading(name='RQ.SRS-007.LDAP.Configuration.User.Name.UTF8', level=3, num='4.2.37'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Username.Empty', level=3, num='4.2.38'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Username.Long', level=3, num='4.2.39'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Username.UTF8', level=3, num='4.2.40'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Password.Empty', level=3, num='4.2.41'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Password.Long', level=3, num='4.2.42'),
Heading(name='RQ.SRS-007.LDAP.Authentication.Password.UTF8', level=3, num='4.2.43'),
Heading(name='References', level=1, num='5'),
),
requirements=(
RQ_SRS_007_LDAP_Authentication,
RQ_SRS_007_LDAP_Authentication_MultipleServers,
RQ_SRS_007_LDAP_Authentication_Protocol_PlainText,
RQ_SRS_007_LDAP_Authentication_Protocol_TLS,
RQ_SRS_007_LDAP_Authentication_Protocol_StartTLS,
RQ_SRS_007_LDAP_Authentication_TLS_Certificate_Validation,
RQ_SRS_007_LDAP_Authentication_TLS_Certificate_SelfSigned,
RQ_SRS_007_LDAP_Authentication_TLS_Certificate_SpecificCertificationAuthority,
RQ_SRS_007_LDAP_Server_Configuration_Invalid,
RQ_SRS_007_LDAP_User_Configuration_Invalid,
RQ_SRS_007_LDAP_Authentication_Mechanism_Anonymous,
RQ_SRS_007_LDAP_Authentication_Mechanism_Unauthenticated,
RQ_SRS_007_LDAP_Authentication_Mechanism_NamePassword,
RQ_SRS_007_LDAP_Authentication_Valid,
RQ_SRS_007_LDAP_Authentication_Invalid,
RQ_SRS_007_LDAP_Authentication_Invalid_DeletedUser,
RQ_SRS_007_LDAP_Authentication_UsernameChanged,
RQ_SRS_007_LDAP_Authentication_PasswordChanged,
RQ_SRS_007_LDAP_Authentication_LDAPServerRestart,
RQ_SRS_007_LDAP_Authentication_ClickHouseServerRestart,
RQ_SRS_007_LDAP_Authentication_Parallel,
RQ_SRS_007_LDAP_Authentication_Parallel_ValidAndInvalid,
RQ_SRS_007_LDAP_UnreachableServer,
RQ_SRS_007_LDAP_Configuration_Server_Name,
RQ_SRS_007_LDAP_Configuration_Server_Host,
RQ_SRS_007_LDAP_Configuration_Server_Port,
RQ_SRS_007_LDAP_Configuration_Server_Port_Default,
RQ_SRS_007_LDAP_Configuration_Server_AuthDN_Prefix,
RQ_SRS_007_LDAP_Configuration_Server_AuthDN_Suffix,
RQ_SRS_007_LDAP_Configuration_Server_AuthDN_Value,
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS,
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_Default,
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_No,
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_Yes,
RQ_SRS_007_LDAP_Configuration_Server_EnableTLS_Options_StartTLS,
RQ_SRS_007_LDAP_Configuration_Server_TLSMinimumProtocolVersion,
RQ_SRS_007_LDAP_Configuration_Server_TLSMinimumProtocolVersion_Values,
RQ_SRS_007_LDAP_Configuration_Server_TLSMinimumProtocolVersion_Default,
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert,
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Default,
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Demand,
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Allow,
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Try,
RQ_SRS_007_LDAP_Configuration_Server_TLSRequireCert_Options_Never,
RQ_SRS_007_LDAP_Configuration_Server_TLSCertFile,
RQ_SRS_007_LDAP_Configuration_Server_TLSKeyFile,
RQ_SRS_007_LDAP_Configuration_Server_TLSCACertDir,
RQ_SRS_007_LDAP_Configuration_Server_TLSCACertFile,
RQ_SRS_007_LDAP_Configuration_Server_TLSCipherSuite,
RQ_SRS_007_LDAP_Configuration_Server_Syntax,
RQ_SRS_007_LDAP_Configuration_User_RBAC,
RQ_SRS_007_LDAP_Configuration_User_Syntax,
RQ_SRS_007_LDAP_Configuration_User_Name_Empty,
RQ_SRS_007_LDAP_Configuration_User_BothPasswordAndLDAP,
RQ_SRS_007_LDAP_Configuration_User_LDAP_InvalidServerName_NotDefined,
RQ_SRS_007_LDAP_Configuration_User_LDAP_InvalidServerName_Empty,
RQ_SRS_007_LDAP_Configuration_User_OnlyOneServer,
RQ_SRS_007_LDAP_Configuration_User_Name_Long,
RQ_SRS_007_LDAP_Configuration_User_Name_UTF8,
RQ_SRS_007_LDAP_Authentication_Username_Empty,
RQ_SRS_007_LDAP_Authentication_Username_Long,
RQ_SRS_007_LDAP_Authentication_Username_UTF8,
RQ_SRS_007_LDAP_Authentication_Password_Empty,
RQ_SRS_007_LDAP_Authentication_Password_Long,
RQ_SRS_007_LDAP_Authentication_Password_UTF8,
),
content='''
# SRS-007 ClickHouse Authentication of Users via LDAP
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
## Table of Contents
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
* 1 [Revision History](#revision-history)
* 2 [Introduction](#introduction)
* 3 [Terminology](#terminology)
* 4 [Requirements](#requirements)
* 4.1 [Generic](#generic)
* 4.1.1 [RQ.SRS-007.LDAP.Authentication](#rqsrs-007ldapauthentication)
* 4.1.2 [RQ.SRS-007.LDAP.Authentication.MultipleServers](#rqsrs-007ldapauthenticationmultipleservers)
* 4.1.3 [RQ.SRS-007.LDAP.Authentication.Protocol.PlainText](#rqsrs-007ldapauthenticationprotocolplaintext)
* 4.1.4 [RQ.SRS-007.LDAP.Authentication.Protocol.TLS](#rqsrs-007ldapauthenticationprotocoltls)
* 4.1.5 [RQ.SRS-007.LDAP.Authentication.Protocol.StartTLS](#rqsrs-007ldapauthenticationprotocolstarttls)
* 4.1.6 [RQ.SRS-007.LDAP.Authentication.TLS.Certificate.Validation](#rqsrs-007ldapauthenticationtlscertificatevalidation)
* 4.1.7 [RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SelfSigned](#rqsrs-007ldapauthenticationtlscertificateselfsigned)
* 4.1.8 [RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SpecificCertificationAuthority](#rqsrs-007ldapauthenticationtlscertificatespecificcertificationauthority)
* 4.1.9 [RQ.SRS-007.LDAP.Server.Configuration.Invalid](#rqsrs-007ldapserverconfigurationinvalid)
* 4.1.10 [RQ.SRS-007.LDAP.User.Configuration.Invalid](#rqsrs-007ldapuserconfigurationinvalid)
* 4.1.11 [RQ.SRS-007.LDAP.Authentication.Mechanism.Anonymous](#rqsrs-007ldapauthenticationmechanismanonymous)
* 4.1.12 [RQ.SRS-007.LDAP.Authentication.Mechanism.Unauthenticated](#rqsrs-007ldapauthenticationmechanismunauthenticated)
* 4.1.13 [RQ.SRS-007.LDAP.Authentication.Mechanism.NamePassword](#rqsrs-007ldapauthenticationmechanismnamepassword)
* 4.1.14 [RQ.SRS-007.LDAP.Authentication.Valid](#rqsrs-007ldapauthenticationvalid)
* 4.1.15 [RQ.SRS-007.LDAP.Authentication.Invalid](#rqsrs-007ldapauthenticationinvalid)
* 4.1.16 [RQ.SRS-007.LDAP.Authentication.Invalid.DeletedUser](#rqsrs-007ldapauthenticationinvaliddeleteduser)
* 4.1.17 [RQ.SRS-007.LDAP.Authentication.UsernameChanged](#rqsrs-007ldapauthenticationusernamechanged)
* 4.1.18 [RQ.SRS-007.LDAP.Authentication.PasswordChanged](#rqsrs-007ldapauthenticationpasswordchanged)
* 4.1.19 [RQ.SRS-007.LDAP.Authentication.LDAPServerRestart](#rqsrs-007ldapauthenticationldapserverrestart)
* 4.1.20 [RQ.SRS-007.LDAP.Authentication.ClickHouseServerRestart](#rqsrs-007ldapauthenticationclickhouseserverrestart)
* 4.1.21 [RQ.SRS-007.LDAP.Authentication.Parallel](#rqsrs-007ldapauthenticationparallel)
* 4.1.22 [RQ.SRS-007.LDAP.Authentication.Parallel.ValidAndInvalid](#rqsrs-007ldapauthenticationparallelvalidandinvalid)
* 4.2 [Specific](#specific)
* 4.2.1 [RQ.SRS-007.LDAP.UnreachableServer](#rqsrs-007ldapunreachableserver)
* 4.2.2 [RQ.SRS-007.LDAP.Configuration.Server.Name](#rqsrs-007ldapconfigurationservername)
* 4.2.3 [RQ.SRS-007.LDAP.Configuration.Server.Host](#rqsrs-007ldapconfigurationserverhost)
* 4.2.4 [RQ.SRS-007.LDAP.Configuration.Server.Port](#rqsrs-007ldapconfigurationserverport)
* 4.2.5 [RQ.SRS-007.LDAP.Configuration.Server.Port.Default](#rqsrs-007ldapconfigurationserverportdefault)
* 4.2.6 [RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Prefix](#rqsrs-007ldapconfigurationserverauthdnprefix)
* 4.2.7 [RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Suffix](#rqsrs-007ldapconfigurationserverauthdnsuffix)
* 4.2.8 [RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Value](#rqsrs-007ldapconfigurationserverauthdnvalue)
* 4.2.9 [RQ.SRS-007.LDAP.Configuration.Server.EnableTLS](#rqsrs-007ldapconfigurationserverenabletls)
* 4.2.10 [RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Default](#rqsrs-007ldapconfigurationserverenabletlsoptionsdefault)
* 4.2.11 [RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.No](#rqsrs-007ldapconfigurationserverenabletlsoptionsno)
* 4.2.12 [RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Yes](#rqsrs-007ldapconfigurationserverenabletlsoptionsyes)
* 4.2.13 [RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.StartTLS](#rqsrs-007ldapconfigurationserverenabletlsoptionsstarttls)
* 4.2.14 [RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion](#rqsrs-007ldapconfigurationservertlsminimumprotocolversion)
* 4.2.15 [RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Values](#rqsrs-007ldapconfigurationservertlsminimumprotocolversionvalues)
* 4.2.16 [RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Default](#rqsrs-007ldapconfigurationservertlsminimumprotocolversiondefault)
* 4.2.17 [RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert](#rqsrs-007ldapconfigurationservertlsrequirecert)
* 4.2.18 [RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Default](#rqsrs-007ldapconfigurationservertlsrequirecertoptionsdefault)
* 4.2.19 [RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Demand](#rqsrs-007ldapconfigurationservertlsrequirecertoptionsdemand)
* 4.2.20 [RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Allow](#rqsrs-007ldapconfigurationservertlsrequirecertoptionsallow)
* 4.2.21 [RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Try](#rqsrs-007ldapconfigurationservertlsrequirecertoptionstry)
* 4.2.22 [RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Never](#rqsrs-007ldapconfigurationservertlsrequirecertoptionsnever)
* 4.2.23 [RQ.SRS-007.LDAP.Configuration.Server.TLSCertFile](#rqsrs-007ldapconfigurationservertlscertfile)
* 4.2.24 [RQ.SRS-007.LDAP.Configuration.Server.TLSKeyFile](#rqsrs-007ldapconfigurationservertlskeyfile)
* 4.2.25 [RQ.SRS-007.LDAP.Configuration.Server.TLSCACertDir](#rqsrs-007ldapconfigurationservertlscacertdir)
* 4.2.26 [RQ.SRS-007.LDAP.Configuration.Server.TLSCACertFile](#rqsrs-007ldapconfigurationservertlscacertfile)
* 4.2.27 [RQ.SRS-007.LDAP.Configuration.Server.TLSCipherSuite](#rqsrs-007ldapconfigurationservertlsciphersuite)
* 4.2.28 [RQ.SRS-007.LDAP.Configuration.Server.Syntax](#rqsrs-007ldapconfigurationserversyntax)
* 4.2.29 [RQ.SRS-007.LDAP.Configuration.User.RBAC](#rqsrs-007ldapconfigurationuserrbac)
* 4.2.30 [RQ.SRS-007.LDAP.Configuration.User.Syntax](#rqsrs-007ldapconfigurationusersyntax)
* 4.2.31 [RQ.SRS-007.LDAP.Configuration.User.Name.Empty](#rqsrs-007ldapconfigurationusernameempty)
* 4.2.32 [RQ.SRS-007.LDAP.Configuration.User.BothPasswordAndLDAP](#rqsrs-007ldapconfigurationuserbothpasswordandldap)
* 4.2.33 [RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.NotDefined](#rqsrs-007ldapconfigurationuserldapinvalidservernamenotdefined)
* 4.2.34 [RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.Empty](#rqsrs-007ldapconfigurationuserldapinvalidservernameempty)
* 4.2.35 [RQ.SRS-007.LDAP.Configuration.User.OnlyOneServer](#rqsrs-007ldapconfigurationuseronlyoneserver)
* 4.2.36 [RQ.SRS-007.LDAP.Configuration.User.Name.Long](#rqsrs-007ldapconfigurationusernamelong)
* 4.2.37 [RQ.SRS-007.LDAP.Configuration.User.Name.UTF8](#rqsrs-007ldapconfigurationusernameutf8)
* 4.2.38 [RQ.SRS-007.LDAP.Authentication.Username.Empty](#rqsrs-007ldapauthenticationusernameempty)
* 4.2.39 [RQ.SRS-007.LDAP.Authentication.Username.Long](#rqsrs-007ldapauthenticationusernamelong)
* 4.2.40 [RQ.SRS-007.LDAP.Authentication.Username.UTF8](#rqsrs-007ldapauthenticationusernameutf8)
* 4.2.41 [RQ.SRS-007.LDAP.Authentication.Password.Empty](#rqsrs-007ldapauthenticationpasswordempty)
* 4.2.42 [RQ.SRS-007.LDAP.Authentication.Password.Long](#rqsrs-007ldapauthenticationpasswordlong)
* 4.2.43 [RQ.SRS-007.LDAP.Authentication.Password.UTF8](#rqsrs-007ldapauthenticationpasswordutf8)
* 5 [References](#references)
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
## Revision History
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
This document is stored in an electronic form using [Git] source control management software
hosted in a [GitHub Repository].
All the updates are tracked using the [Git]'s [Revision History].
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
## Introduction
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] currently does not have any integration with [LDAP].
As the initial step in integrating with [LDAP] this software requirements specification covers
only the requirements to enable authentication of users using an [LDAP] server.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
## Terminology
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
* **CA** -
Certificate Authority ([CA])
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
* **LDAP** -
Lightweight Directory Access Protocol ([LDAP])
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
## Requirements
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
### Generic
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support user authentication via an [LDAP] server.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.MultipleServers
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support specifying multiple [LDAP] servers that can be used to authenticate
users.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Protocol.PlainText
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support user authentication using plain text `ldap://` non secure protocol.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Protocol.TLS
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support user authentication using `SSL/TLS` `ldaps://` secure protocol.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Protocol.StartTLS
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support user authentication using legacy `StartTLS` protocol which is a
plain text `ldap://` protocol that is upgraded to [TLS].
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.TLS.Certificate.Validation
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support certificate validation used for [TLS] connections.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SelfSigned
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support self-signed certificates for [TLS] connections.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.TLS.Certificate.SpecificCertificationAuthority
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support certificates signed by specific Certification Authority for [TLS] connections.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Server.Configuration.Invalid
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit user login if [LDAP] server configuration is not valid.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.User.Configuration.Invalid
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit user login if user configuration is not valid.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Mechanism.Anonymous
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit authentication using [Anonymous Authentication Mechanism of Simple Bind]
authentication mechanism.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Mechanism.Unauthenticated
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit authentication using [Unauthenticated Authentication Mechanism of Simple Bind]
authentication mechanism.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Mechanism.NamePassword
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL allow authentication using only [Name/Password Authentication Mechanism of Simple Bind]
authentication mechanism.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Valid
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL only allow user authentication using [LDAP] server if and only if
user name and password match [LDAP] server records for the user.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Invalid
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit authentication if either user name or password
do not match [LDAP] server records for the user.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.Invalid.DeletedUser
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit authentication if the user
has been deleted from the [LDAP] server.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.UsernameChanged
version: 1.0
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit authentication if the username is changed
on the [LDAP] server.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.PasswordChanged
version: 1.0
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL return an error and prohibit authentication if the password
for the user is changed on the [LDAP] server.
#### RQ.SRS-007.LDAP.Authentication.LDAPServerRestart
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
version: 1.0
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
[ClickHouse] SHALL support authenticating users after [LDAP] server is restarted.
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
Updating TestFlows test version to the latest 1.6.72 Re-generating all requirements.py
2020-12-17 23:02:07 +00:00
#### RQ.SRS-007.LDAP.Authentication.ClickHouseServerRestart
version: 1.0
[ClickHouse] SHALL support authenticating users after server is restarted.
#### RQ.SRS-007.LDAP.Authentication.Parallel
version: 1.0
[ClickHouse] SHALL support parallel authentication of users using [LDAP] server.
#### RQ.SRS-007.LDAP.Authentication.Parallel.ValidAndInvalid
version: 1.0
[ClickHouse] SHALL support authentication of valid users and
prohibit authentication of invalid users using [LDAP] server
in parallel without having invalid attempts affecting valid authentications.
### Specific
#### RQ.SRS-007.LDAP.UnreachableServer
version: 1.0
[ClickHouse] SHALL return an error and prohibit user login if [LDAP] server is unreachable.
#### RQ.SRS-007.LDAP.Configuration.Server.Name
version: 1.0
[ClickHouse] SHALL not support empty string as a server name.
#### RQ.SRS-007.LDAP.Configuration.Server.Host
version: 1.0
[ClickHouse] SHALL support `<host>` parameter to specify [LDAP]
server hostname or IP, this parameter SHALL be mandatory and SHALL not be empty.
#### RQ.SRS-007.LDAP.Configuration.Server.Port
version: 1.0
[ClickHouse] SHALL support `<port>` parameter to specify [LDAP] server port.
#### RQ.SRS-007.LDAP.Configuration.Server.Port.Default
version: 1.0
[ClickHouse] SHALL use default port number `636` if `enable_tls` is set to `yes` or `389` otherwise.
#### RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Prefix
version: 1.0
[ClickHouse] SHALL support `<auth_dn_prefix>` parameter to specify the prefix
of value used to construct the DN to bound to during authentication via [LDAP] server.
#### RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Suffix
version: 1.0
[ClickHouse] SHALL support `<auth_dn_suffix>` parameter to specify the suffix
of value used to construct the DN to bound to during authentication via [LDAP] server.
#### RQ.SRS-007.LDAP.Configuration.Server.AuthDN.Value
version: 1.0
[ClickHouse] SHALL construct DN as `auth_dn_prefix + escape(user_name) + auth_dn_suffix` string.
> This implies that auth_dn_suffix should usually have comma ',' as its first non-space character.
#### RQ.SRS-007.LDAP.Configuration.Server.EnableTLS
version: 1.0
[ClickHouse] SHALL support `<enable_tls>` parameter to trigger the use of secure connection to the [LDAP] server.
#### RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Default
version: 1.0
[ClickHouse] SHALL use `yes` value as the default for `<enable_tls>` parameter
to enable SSL/TLS `ldaps://` protocol.
#### RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.No
version: 1.0
[ClickHouse] SHALL support specifying `no` as the value of `<enable_tls>` parameter to enable
plain text `ldap://` protocol.
#### RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.Yes
version: 1.0
[ClickHouse] SHALL support specifying `yes` as the value of `<enable_tls>` parameter to enable
SSL/TLS `ldaps://` protocol.
#### RQ.SRS-007.LDAP.Configuration.Server.EnableTLS.Options.StartTLS
version: 1.0
[ClickHouse] SHALL support specifying `starttls` as the value of `<enable_tls>` parameter to enable
legacy `StartTLS` protocol that used plain text `ldap://` protocol, upgraded to [TLS].
#### RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion
version: 1.0
[ClickHouse] SHALL support `<tls_minimum_protocol_version>` parameter to specify
the minimum protocol version of SSL/TLS.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Values
version: 1.0
[ClickHouse] SHALL support specifying `ssl2`, `ssl3`, `tls1.0`, `tls1.1`, and `tls1.2`
as a value of the `<tls_minimum_protocol_version>` parameter.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSMinimumProtocolVersion.Default
version: 1.0
[ClickHouse] SHALL set `tls1.2` as the default value of the `<tls_minimum_protocol_version>` parameter.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert
version: 1.0
[ClickHouse] SHALL support `<tls_require_cert>` parameter to specify [TLS] peer
certificate verification behavior.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Default
version: 1.0
[ClickHouse] SHALL use `demand` value as the default for the `<tls_require_cert>` parameter.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Demand
version: 1.0
[ClickHouse] SHALL support specifying `demand` as the value of `<tls_require_cert>` parameter to
enable requesting of client certificate. If no certificate is provided, or a bad certificate is
provided, the session SHALL be immediately terminated.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Allow
version: 1.0
[ClickHouse] SHALL support specifying `allow` as the value of `<tls_require_cert>` parameter to
enable requesting of client certificate. If no
certificate is provided, the session SHALL proceed normally.
If a bad certificate is provided, it SHALL be ignored and the session SHALL proceed normally.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Try
version: 1.0
[ClickHouse] SHALL support specifying `try` as the value of `<tls_require_cert>` parameter to
enable requesting of client certificate. If no certificate is provided, the session
SHALL proceed normally. If a bad certificate is provided, the session SHALL be
immediately terminated.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSRequireCert.Options.Never
version: 1.0
[ClickHouse] SHALL support specifying `never` as the value of `<tls_require_cert>` parameter to
disable requesting of client certificate.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSCertFile
version: 1.0
[ClickHouse] SHALL support `<tls_cert_file>` to specify the path to certificate file used by
[ClickHouse] to establish connection with the [LDAP] server.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSKeyFile
version: 1.0
[ClickHouse] SHALL support `<tls_key_file>` to specify the path to key file for the certificate
specified by the `<tls_cert_file>` parameter.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSCACertDir
version: 1.0
[ClickHouse] SHALL support `<tls_ca_cert_dir>` parameter to specify to a path to
the directory containing [CA] certificates used to verify certificates provided by the [LDAP] server.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSCACertFile
version: 1.0
[ClickHouse] SHALL support `<tls_ca_cert_file>` parameter to specify a path to a specific
[CA] certificate file used to verify certificates provided by the [LDAP] server.
#### RQ.SRS-007.LDAP.Configuration.Server.TLSCipherSuite
version: 1.0
[ClickHouse] SHALL support `tls_cipher_suite` parameter to specify allowed cipher suites.
The value SHALL use the same format as the `ciphersuites` in the [OpenSSL Ciphers].
For example,
```xml
<tls_cipher_suite>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384</tls_cipher_suite>
```
The available suites SHALL depend on the [OpenSSL] library version and variant used to build
[ClickHouse] and therefore might change.
#### RQ.SRS-007.LDAP.Configuration.Server.Syntax
version: 1.0
[ClickHouse] SHALL support the following example syntax to create an entry for an [LDAP] server inside the `config.xml`
configuration file or of any configuration file inside the `config.d` directory.
```xml
<yandex>
Updating TestFlows to 1.6.59 Updating AES encryption requirements.py to include Specification Updating AES regression.py to link Specification Fixing typos in LDAP authentication SRS
2020-10-27 22:50:59 +00:00
<my_ldap_server>
<host>localhost</host>
<port>636</port>
<auth_dn_prefix>cn=</auth_dn_prefix>
<auth_dn_suffix>, ou=users, dc=example, dc=com</auth_dn_suffix>
<enable_tls>yes</enable_tls>
<tls_minimum_protocol_version>tls1.2</tls_minimum_protocol_version>
<tls_require_cert>demand</tls_require_cert>
<tls_cert_file>/path/to/tls_cert_file</tls_cert_file>
<tls_key_file>/path/to/tls_key_file</tls_key_file>
<tls_ca_cert_file>/path/to/tls_ca_cert_file</tls_ca_cert_file>
<tls_ca_cert_dir>/path/to/tls_ca_cert_dir</tls_ca_cert_dir>
<tls_cipher_suite>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384</tls_cipher_suite>
</my_ldap_server>
</yandex>
```
#### RQ.SRS-007.LDAP.Configuration.User.RBAC
version: 1.0
[ClickHouse] SHALL support creating users identified using an [LDAP] server using
the following RBAC command
```sql
CREATE USER name IDENTIFIED WITH ldap_server BY 'server_name'
```
#### RQ.SRS-007.LDAP.Configuration.User.Syntax
version: 1.0
[ClickHouse] SHALL support the following example syntax to create a user that is authenticated using
an [LDAP] server inside the `users.xml` file or any configuration file inside the `users.d` directory.
```xml
<yandex>
<users>
<user_name>
<ldap>
<server>my_ldap_server</server>
</ldap>
</user_name>
</users>
</yandex>
```
#### RQ.SRS-007.LDAP.Configuration.User.Name.Empty
version: 1.0
[ClickHouse] SHALL not support empty string as a user name.
#### RQ.SRS-007.LDAP.Configuration.User.BothPasswordAndLDAP
version: 1.0
[ClickHouse] SHALL throw an error if `<ldap>` is specified for the user and at the same
time user configuration contains any of the `<password*>` entries.
#### RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.NotDefined
version: 1.0
[ClickHouse] SHALL throw an error during any authentication attempt
if the name of the [LDAP] server used inside the `<ldap>` entry
is not defined in the `<ldap_servers>` section.
#### RQ.SRS-007.LDAP.Configuration.User.LDAP.InvalidServerName.Empty
version: 1.0
[ClickHouse] SHALL throw an error during any authentication attempt
if the name of the [LDAP] server used inside the `<ldap>` entry
is empty.
#### RQ.SRS-007.LDAP.Configuration.User.OnlyOneServer
version: 1.0
[ClickHouse] SHALL support specifying only one [LDAP] server for a given user.
#### RQ.SRS-007.LDAP.Configuration.User.Name.Long
version: 1.0
[ClickHouse] SHALL support long user names of at least 256 bytes
to specify users that can be authenticated using an [LDAP] server.
#### RQ.SRS-007.LDAP.Configuration.User.Name.UTF8
version: 1.0
[ClickHouse] SHALL support user names that contain [UTF-8] characters.
#### RQ.SRS-007.LDAP.Authentication.Username.Empty
version: 1.0
[ClickHouse] SHALL not support authenticating users with empty username.
#### RQ.SRS-007.LDAP.Authentication.Username.Long
version: 1.0
[ClickHouse] SHALL support authenticating users with a long username of at least 256 bytes.
#### RQ.SRS-007.LDAP.Authentication.Username.UTF8
version: 1.0
[ClickHouse] SHALL support authentication users with a username that contains [UTF-8] characters.
#### RQ.SRS-007.LDAP.Authentication.Password.Empty
version: 1.0
[ClickHouse] SHALL not support authenticating users with empty passwords
even if an empty password is valid for the user and
is allowed by the [LDAP] server.
#### RQ.SRS-007.LDAP.Authentication.Password.Long
version: 1.0
[ClickHouse] SHALL support long password of at least 256 bytes
that can be used to authenticate users using an [LDAP] server.
#### RQ.SRS-007.LDAP.Authentication.Password.UTF8
version: 1.0
[ClickHouse] SHALL support [UTF-8] characters in passwords
used to authenticate users using an [LDAP] server.
## References
* **ClickHouse:** https://clickhouse.tech
[Anonymous Authentication Mechanism of Simple Bind]: https://ldapwiki.com/wiki/Simple%20Authentication#section-Simple+Authentication-AnonymousAuthenticationMechanismOfSimpleBind
[Unauthenticated Authentication Mechanism of Simple Bind]: https://ldapwiki.com/wiki/Simple%20Authentication#section-Simple+Authentication-UnauthenticatedAuthenticationMechanismOfSimpleBind
[Name/Password Authentication Mechanism of Simple Bind]: https://ldapwiki.com/wiki/Simple%20Authentication#section-Simple+Authentication-NamePasswordAuthenticationMechanismOfSimpleBind
[UTF-8]: https://en.wikipedia.org/wiki/UTF-8
[OpenSSL]: https://www.openssl.org/
[OpenSSL Ciphers]: https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html
[CA]: https://en.wikipedia.org/wiki/Certificate_authority
[TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security
[LDAP]: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
[ClickHouse]: https://clickhouse.tech
[GitHub]: https://github.com
[GitHub Repository]: https://github.com/ClickHouse/ClickHouse/blob/master/tests/testflows/ldap/authentication/requirements/requirements.md
[Revision History]: https://github.com/ClickHouse/ClickHouse/commits/master/tests/testflows/ldap/authentication/requirements/requirements.md
[Git]: https://git-scm.com/
''')
Reference in New Issue Copy Permalink