Add LDAP tests to CI #112108
Description
The LDAP tests do not run in CI since there is infrastructure required to set up an LDAP server as explained in the various "docker run" commands and Active Directory section in https://github.com/dotnet/runtime/blob/main/src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml.
This means every release we need to manually verify these tests.
Ideally, we add the following support:
- Support the OpenSsl (Linux and OsX) tests running by using the docker commands above and specify the environment variable so that the check for DirectoryServicesProtocolsTests.LdapConfigurationExists succeeds.
- Extend or add a new configuration based on "SLAPD OPENLDAP SERVER TLS" to enable the TLS handshake to test client and server certificate validation. See also LdapSessionOptions.VerifyServerCertificate is not supported in non-Windows and error message is not helpful. #60972 where
VerifyServerCertificate()doesn't work on Linux thus the need for an example + test. Currently, handshake is disabled in the XML instructions via "LDAP_TLS_VERIFY_CLIENT=never". High level steps include:- Use "LDAP_TLS_VERIFY_CLIENT=demand"
- Add support for adding the properly hashed client certificate to a directory and setting the
TrustedCertificatesDirectoryproperty to that directory. - Have the client trust the server certificate.
- Call
StartTransportLayerSecurity(null).
- Support the OpenSsl (ActiveDirectory - Windows) tests. This is more difficult than the Linux and may not be feasible.