| |
@@ -1,2485 +0,0 @@
|
| |
- # --- BEGIN COPYRIGHT BLOCK ---
|
| |
- # Copyright (C) 2016 Red Hat, Inc.
|
| |
- # All rights reserved.
|
| |
- #
|
| |
- # License: GPL (version 3 or any later version).
|
| |
- # See LICENSE for details.
|
| |
- # --- END COPYRIGHT BLOCK ---
|
| |
- #
|
| |
- '''
|
| |
- Created on Dec 09, 2014
|
| |
-
|
| |
- @author: mreynolds
|
| |
- '''
|
| |
- import logging
|
| |
- from lib389 import DirSrv
|
| |
- from lib389.tasks import *
|
| |
- from lib389.properties import *
|
| |
- from lib389._constants import (DEFAULT_SUFFIX, PLUGIN_ACCT_USABILITY, PLUGIN_ACCT_POLICY,
|
| |
- PLUGIN_ATTR_UNIQUENESS, PLUGIN_AUTOMEMBER, PLUGIN_DNA,
|
| |
- PLUGIN_LINKED_ATTRS, PLUGIN_MEMBER_OF, DN_CONFIG,
|
| |
- PLUGIN_MANAGED_ENTRY, PLUGIN_PASSTHRU, PLUGIN_REFER_INTEGRITY,
|
| |
- PLUGIN_RETRO_CHANGELOG, PLUGIN_ROOTDN_ACCESS, DN_DM, PASSWORD,
|
| |
- LOCALHOST, RETROCL_SUFFIX, args_instance)
|
| |
-
|
| |
- log = logging.getLogger(__name__)
|
| |
-
|
| |
- USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
|
| |
- USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
|
| |
- USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
|
| |
- BUSER1_DN = 'uid=user1,ou=branch1,' + DEFAULT_SUFFIX
|
| |
- BUSER2_DN = 'uid=user2,ou=branch2,' + DEFAULT_SUFFIX
|
| |
- BUSER3_DN = 'uid=user3,ou=branch2,' + DEFAULT_SUFFIX
|
| |
- BRANCH1_DN = 'ou=branch1,' + DEFAULT_SUFFIX
|
| |
- BRANCH2_DN = 'ou=branch2,' + DEFAULT_SUFFIX
|
| |
- GROUP_OU = 'ou=groups,' + DEFAULT_SUFFIX
|
| |
- PEOPLE_OU = 'ou=people,' + DEFAULT_SUFFIX
|
| |
- GROUP_DN = 'cn=group,' + DEFAULT_SUFFIX
|
| |
- CONFIG_AREA = 'nsslapd-pluginConfigArea'
|
| |
-
|
| |
- '''
|
| |
- Functional tests for each plugin
|
| |
-
|
| |
- Test:
|
| |
- plugin restarts (test when on and off)
|
| |
- plugin config validation
|
| |
- plugin dependencies
|
| |
- plugin functionality (including plugin tasks)
|
| |
- '''
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Plugin Dependency
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_dependency(inst, plugin):
|
| |
- """
|
| |
- Set the "account usabilty" plugin to depend on this plugin. This plugin
|
| |
- is generic, always enabled, and perfect for our testing
|
| |
- """
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s('cn=' + PLUGIN_ACCT_USABILITY + ',cn=plugins,cn=config',
|
| |
- [(ldap.MOD_REPLACE, 'nsslapd-plugin-depends-on-named', plugin)])
|
| |
-
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dependency: Failed to modify ' + PLUGIN_ACCT_USABILITY + ': error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s('cn=' + plugin + ',cn=plugins,cn=config',
|
| |
- [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'off')])
|
| |
-
|
| |
- except ldap.UNWILLING_TO_PERFORM:
|
| |
- # failed as expected
|
| |
- pass
|
| |
- else:
|
| |
- # Incorrectly succeeded
|
| |
- log.fatal('test_dependency: Plugin dependency check failed (%s)' % plugin)
|
| |
- assert False
|
| |
-
|
| |
- # Now undo the change
|
| |
- try:
|
| |
- inst.modify_s('cn=' + PLUGIN_ACCT_USABILITY + ',cn=plugins,cn=config',
|
| |
- [(ldap.MOD_DELETE, 'nsslapd-plugin-depends-on-named', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dependency: Failed to reset ' + plugin + ': error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Wait for task to complete
|
| |
- #
|
| |
- ################################################################################
|
| |
- def wait_for_task(conn, task_dn):
|
| |
- finished = False
|
| |
- exitcode = 0
|
| |
- count = 0
|
| |
- while count < 60:
|
| |
- try:
|
| |
- task_entry = conn.search_s(task_dn, ldap.SCOPE_BASE, 'objectclass=*')
|
| |
- if not task_entry:
|
| |
- log.fatal('wait_for_task: Search failed to find task: ' + task_dn)
|
| |
- assert False
|
| |
- if task_entry[0].hasAttr('nstaskexitcode'):
|
| |
- # task is done
|
| |
- exitcode = task_entry[0].nsTaskExitCode
|
| |
- finished = True
|
| |
- break
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('wait_for_task: Search failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- time.sleep(1)
|
| |
- count += 1
|
| |
- if not finished:
|
| |
- log.fatal('wait_for_task: Task (%s) did not complete!' % task_dn)
|
| |
- assert False
|
| |
-
|
| |
- return exitcode
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Account Policy Plugin (0)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_acctpolicy(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_ACCT_POLICY)
|
| |
- inst.plugins.enable(name=PLUGIN_ACCT_POLICY)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return True
|
| |
-
|
| |
- CONFIG_DN = 'cn=config,cn=Account Policy Plugin,cn=plugins,cn=config'
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_ACCT_POLICY + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add the config entry
|
| |
- try:
|
| |
- inst.add_s(Entry((CONFIG_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'cn': 'config',
|
| |
- 'alwaysrecordlogin': 'yes',
|
| |
- 'stateattrname': 'lastLoginTime'
|
| |
- })))
|
| |
- except ldap.ALREADY_EXISTS:
|
| |
- try:
|
| |
- inst.modify_s(CONFIG_DN,
|
| |
- [(ldap.MOD_REPLACE, 'alwaysrecordlogin', 'yes'),
|
| |
- (ldap.MOD_REPLACE, 'stateattrname', 'lastLoginTime')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to modify config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to add config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add an entry
|
| |
- time.sleep(1)
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '1',
|
| |
- 'cn': 'user 1',
|
| |
- 'uid': 'user1',
|
| |
- 'userpassword': 'password'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to add test user' + USER1_DN + ': error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # bind as user
|
| |
- try:
|
| |
- inst.simple_bind_s(USER1_DN, "password")
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to bind as user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Bind as Root DN
|
| |
- time.sleep(1)
|
| |
- try:
|
| |
- inst.simple_bind_s(DN_DM, PASSWORD)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to bind as rootDN: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check lastLoginTime of USER1
|
| |
- try:
|
| |
- entries = inst.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'lastLoginTime=*')
|
| |
- if not entries:
|
| |
- log.fatal('test_acctpolicy: Search failed to find an entry with lastLoginTime.')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Search failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change config - change the stateAttrName to a new attribute
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'stateattrname', 'testLastLoginTime')])
|
| |
-
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to modify config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- time.sleep(1)
|
| |
- # login as user
|
| |
- try:
|
| |
- inst.simple_bind_s(USER1_DN, "password")
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to bind(2nd) as user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- time.sleep(1)
|
| |
- # Bind as Root DN
|
| |
- try:
|
| |
- inst.simple_bind_s(DN_DM, PASSWORD)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to bind as rootDN: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check testLastLoginTime was added to USER1
|
| |
- try:
|
| |
- entries = inst.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(testLastLoginTime=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_acctpolicy: Search failed to find an entry with testLastLoginTime.')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Search failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_ACCT_POLICY)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_acctpolicy: Failed to delete test entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_acctpolicy: PASS\n')
|
| |
-
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Attribute Uniqueness Plugin (1)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_attruniq(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_ATTR_UNIQUENESS)
|
| |
- inst.plugins.enable(name=PLUGIN_ATTR_UNIQUENESS)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_ATTR_UNIQUENESS + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s('cn=' + PLUGIN_ATTR_UNIQUENESS + ',cn=plugins,cn=config',
|
| |
- [(ldap.MOD_REPLACE, 'uniqueness-attribute-name', 'uid')])
|
| |
-
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_attruniq: Failed to configure plugin for "uid": error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add an entry
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '1',
|
| |
- 'cn': 'user 1',
|
| |
- 'uid': 'user1',
|
| |
- 'mail': 'user1@example.com',
|
| |
- 'mailAlternateAddress': 'user1@alt.example.com',
|
| |
- 'userpassword': 'password'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_attruniq: Failed to add test user' + USER1_DN + ': error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add an entry with a duplicate "uid"
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '2',
|
| |
- 'cn': 'user 2',
|
| |
- 'uid': 'user2',
|
| |
- 'uid': 'user1',
|
| |
- 'userpassword': 'password'})))
|
| |
-
|
| |
- except ldap.CONSTRAINT_VIOLATION:
|
| |
- pass
|
| |
- else:
|
| |
- log.fatal('test_attruniq: Adding of 2nd entry(uid) incorrectly succeeded')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change config to use "mail" instead of "uid"
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s('cn=' + PLUGIN_ATTR_UNIQUENESS + ',cn=plugins,cn=config',
|
| |
- [(ldap.MOD_REPLACE, 'uniqueness-attribute-name', 'mail')])
|
| |
-
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_attruniq: Failed to configure plugin for "mail": error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin - Add an entry, that has a duplicate "mail" value
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '2',
|
| |
- 'cn': 'user 2',
|
| |
- 'uid': 'user2',
|
| |
- 'mail': 'user1@example.com',
|
| |
- 'userpassword': 'password'})))
|
| |
- except ldap.CONSTRAINT_VIOLATION:
|
| |
- pass
|
| |
- else:
|
| |
- log.fatal('test_attruniq: Adding of 2nd entry(mail) incorrectly succeeded')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Reconfigure plugin for mail and mailAlternateAddress
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s('cn=' + PLUGIN_ATTR_UNIQUENESS + ',cn=plugins,cn=config',
|
| |
- [(ldap.MOD_REPLACE, 'uniqueness-attribute-name', 'mail'),
|
| |
- (ldap.MOD_ADD, 'uniqueness-attribute-name',
|
| |
- 'mailAlternateAddress')])
|
| |
-
|
| |
- except ldap.LDAPError as e:
|
| |
- log.error(
|
| |
- 'test_attruniq: Failed to reconfigure plugin for "mail mailAlternateAddress": error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin - Add an entry, that has a duplicate "mail" value
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '2',
|
| |
- 'cn': 'user 2',
|
| |
- 'uid': 'user2',
|
| |
- 'mail': 'user1@example.com',
|
| |
- 'userpassword': 'password'})))
|
| |
- except ldap.CONSTRAINT_VIOLATION:
|
| |
- pass
|
| |
- else:
|
| |
- log.error('test_attruniq: Adding of 3rd entry(mail) incorrectly succeeded')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin - Add an entry, that has a duplicate "mailAlternateAddress" value
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '2',
|
| |
- 'cn': 'user 2',
|
| |
- 'uid': 'user2',
|
| |
- 'mailAlternateAddress': 'user1@alt.example.com',
|
| |
- 'userpassword': 'password'})))
|
| |
- except ldap.CONSTRAINT_VIOLATION:
|
| |
- pass
|
| |
- else:
|
| |
- log.error('test_attruniq: Adding of 4th entry(mailAlternateAddress) incorrectly succeeded')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin - Add an entry, that has a duplicate "mail" value conflicting mailAlternateAddress
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '2',
|
| |
- 'cn': 'user 2',
|
| |
- 'uid': 'user2',
|
| |
- 'mail': 'user1@alt.example.com',
|
| |
- 'userpassword': 'password'})))
|
| |
- except ldap.CONSTRAINT_VIOLATION:
|
| |
- pass
|
| |
- else:
|
| |
- log.error('test_attruniq: Adding of 5th entry(mailAlternateAddress) incorrectly succeeded')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin - Add an entry, that has a duplicate "mailAlternateAddress" conflicting mail
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
|
| |
- 'sn': '2',
|
| |
- 'cn': 'user 2',
|
| |
- 'uid': 'user2',
|
| |
- 'mailAlternateAddress': 'user1@example.com',
|
| |
- 'userpassword': 'password'})))
|
| |
- except ldap.CONSTRAINT_VIOLATION:
|
| |
- pass
|
| |
- else:
|
| |
- log.error('test_attruniq: Adding of 6th entry(mail) incorrectly succeeded')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_ATTR_UNIQUENESS)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_attruniq: Failed to delete test entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_attruniq: PASS\n')
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Auto Membership Plugin (2)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_automember(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_AUTOMEMBER)
|
| |
- inst.plugins.enable(name=PLUGIN_AUTOMEMBER)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- CONFIG_DN = 'cn=config,cn=' + PLUGIN_AUTOMEMBER + ',cn=plugins,cn=config'
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_AUTOMEMBER + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add the automember group
|
| |
- try:
|
| |
- inst.add_s(Entry((GROUP_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'cn': 'group'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to add group: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add ou=branch1
|
| |
- try:
|
| |
- inst.add_s(Entry((BRANCH1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'ou': 'branch1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to add branch1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add ou=branch2
|
| |
- try:
|
| |
- inst.add_s(Entry((BRANCH2_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'ou': 'branch2'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to add branch2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add the automember config entry
|
| |
- try:
|
| |
- inst.add_s(Entry((CONFIG_DN, {
|
| |
- 'objectclass': 'top autoMemberDefinition'.split(),
|
| |
- 'cn': 'config',
|
| |
- 'autoMemberScope': 'ou=branch1,' + DEFAULT_SUFFIX,
|
| |
- 'autoMemberFilter': 'objectclass=top',
|
| |
- 'autoMemberDefaultGroup': 'cn=group,' + DEFAULT_SUFFIX,
|
| |
- 'autoMemberGroupingAttr': 'member:dn'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to add config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test the plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add a user that should get added to the group
|
| |
- try:
|
| |
- inst.add_s(Entry((BUSER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to add user: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check the group
|
| |
- try:
|
| |
- entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
|
| |
- '(member=' + BUSER1_DN + ')')
|
| |
- if not entries:
|
| |
- log.fatal('test_automember: Search failed to find member user1')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Search failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change config
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(CONFIG_DN,
|
| |
- [(ldap.MOD_REPLACE, 'autoMemberGroupingAttr', 'uniquemember:dn'),
|
| |
- (ldap.MOD_REPLACE, 'autoMemberScope', 'ou=branch2,' + DEFAULT_SUFFIX)])
|
| |
-
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to modify config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add a user that should get added to the group
|
| |
- try:
|
| |
- inst.add_s(Entry((BUSER2_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user2'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to user to branch2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check the group
|
| |
- try:
|
| |
- entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
|
| |
- '(uniquemember=' + BUSER2_DN + ')')
|
| |
- if not entries:
|
| |
- log.fatal('test_automember: Search failed to find uniquemember user2')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Search failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test Task
|
| |
- ############################################################################
|
| |
-
|
| |
- # Disable plugin
|
| |
- inst.plugins.disable(name=PLUGIN_AUTOMEMBER)
|
| |
-
|
| |
- # Add an entry that should be picked up by automember - verify it is not(yet)
|
| |
- try:
|
| |
- inst.add_s(Entry((BUSER3_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user3'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to user3 to branch2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check the group - uniquemember should not exist
|
| |
- try:
|
| |
- entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
|
| |
- '(uniquemember=' + BUSER3_DN + ')')
|
| |
- if entries:
|
| |
- log.fatal('test_automember: user3 was incorrectly added to the group')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Search failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Enable plugin
|
| |
- inst.plugins.enable(name=PLUGIN_AUTOMEMBER)
|
| |
-
|
| |
- TASK_DN = 'cn=task-' + str(int(time.time())) + ',cn=automember rebuild membership,cn=tasks,cn=config'
|
| |
- # Add the task
|
| |
- try:
|
| |
- inst.add_s(Entry((TASK_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'basedn': 'ou=branch2,' + DEFAULT_SUFFIX,
|
| |
- 'filter': 'objectclass=top'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to add task: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- wait_for_task(inst, TASK_DN)
|
| |
-
|
| |
- # Verify the fixup task worked
|
| |
- try:
|
| |
- entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
|
| |
- '(uniquemember=' + BUSER3_DN + ')')
|
| |
- if not entries:
|
| |
- log.fatal('test_automember: user3 was not added to the group')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Search failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_AUTOMEMBER)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(BUSER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to delete test entry1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(BUSER2_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to delete test entry2: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(BUSER3_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to delete test entry3: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(BRANCH1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to delete branch1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(BRANCH2_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to delete test branch2: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(GROUP_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to delete test group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(CONFIG_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_automember: Failed to delete plugin config entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_automember: PASS\n')
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test DNA Plugin (3)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_dna(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_DNA)
|
| |
- inst.plugins.enable(name=PLUGIN_DNA)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- CONFIG_DN = 'cn=config,cn=' + PLUGIN_DNA + ',cn=plugins,cn=config'
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_DNA + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((CONFIG_DN, {
|
| |
- 'objectclass': 'top dnaPluginConfig'.split(),
|
| |
- 'cn': 'config',
|
| |
- 'dnatype': 'uidNumber',
|
| |
- 'dnafilter': '(objectclass=top)',
|
| |
- 'dnascope': DEFAULT_SUFFIX,
|
| |
- 'dnaMagicRegen': '-1',
|
| |
- 'dnaMaxValue': '50000',
|
| |
- 'dnaNextValue': '1'
|
| |
- })))
|
| |
- except ldap.ALREADY_EXISTS:
|
| |
- try:
|
| |
- inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'dnaNextValue', '1'),
|
| |
- (ldap.MOD_REPLACE, 'dnaMagicRegen', '-1')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Failed to set the DNA plugin: error ' + e.message['desc'])
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Failed to add config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Failed to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if the entry now has the new uidNumber assignment - uidNumber=1
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=1)')
|
| |
- if not entries:
|
| |
- log.fatal('test_dna: user1 was not updated - (looking for uidNumber: 1)')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Test the magic regen value
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'uidNumber', '-1')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Failed to set the magic reg value: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if the entry now has the new uidNumber assignment - uidNumber=2
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=2)')
|
| |
- if not entries:
|
| |
- log.fatal('test_dna: user1 was not updated (looking for uidNumber: 2)')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ################################################################################
|
| |
- # Change the config
|
| |
- ################################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'dnaMagicRegen', '-2')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Failed to set the magic reg value to -2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ################################################################################
|
| |
- # Test plugin
|
| |
- ################################################################################
|
| |
-
|
| |
- # Test the magic regen value
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'uidNumber', '-2')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Failed to set the magic reg value: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if the entry now has the new uidNumber assignment - uidNumber=3
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=3)')
|
| |
- if not entries:
|
| |
- log.fatal('test_dna: user1 was not updated (looking for uidNumber: 3)')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_AUTOMEMBER)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_dna: Failed to delete test entry1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- inst.plugins.disable(name=PLUGIN_DNA)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_dna: PASS\n')
|
| |
-
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Linked Attrs Plugin (4)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_linkedattrs(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_LINKED_ATTRS)
|
| |
- inst.plugins.enable(name=PLUGIN_LINKED_ATTRS)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- CONFIG_DN = 'cn=config,cn=' + PLUGIN_LINKED_ATTRS + ',cn=plugins,cn=config'
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_LINKED_ATTRS + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add test entries
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user2'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add the linked attrs config entry
|
| |
- try:
|
| |
- inst.add_s(Entry((CONFIG_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'cn': 'config',
|
| |
- 'linkType': 'directReport',
|
| |
- 'managedType': 'manager'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to add config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Set "directReport" should add "manager" to the other entry
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'directReport', USER2_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to add "directReport" to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if manager was added to the other entry
|
| |
- try:
|
| |
- entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_linkedattrs: user2 missing "manager" attribute')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove "directReport" should remove "manager" to the other entry
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_DELETE, 'directReport', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to delete directReport: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if manager was removed
|
| |
- try:
|
| |
- entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_linkedattrs: user2 "manager" attribute not removed')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the config - using linkType "indirectReport" now
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'linkType', 'indirectReport')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.error('test_linkedattrs: Failed to set linkTypee: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Make sure the old linkType(directManager) is not working
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'directReport', USER2_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to add "directReport" to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if manager was added to the other entry, better not be...
|
| |
- try:
|
| |
- entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_linkedattrs: user2 had "manager" added unexpectedly')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Search for user2 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Now, set the new linkType "indirectReport", which should add "manager" to the other entry
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'indirectReport', USER2_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to add "indirectReport" to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if manager was added to the other entry, better not be
|
| |
- try:
|
| |
- entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_linkedattrs: user2 missing "manager"')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Search for user2 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove "indirectReport" should remove "manager" to the other entry
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_DELETE, 'indirectReport', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to delete directReport: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # See if manager was removed
|
| |
- try:
|
| |
- entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_linkedattrs: user2 "manager" attribute not removed')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test Fixup Task
|
| |
- ############################################################################
|
| |
-
|
| |
- # Disable plugin and make some updates that would of triggered the plugin
|
| |
- inst.plugins.disable(name=PLUGIN_LINKED_ATTRS)
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'indirectReport', USER2_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to add "indirectReport" to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # The entry should not have a manager attribute
|
| |
- try:
|
| |
- entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_linkedattrs: user2 incorrectly has a "manager" attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Enable the plugin and rerun the task entry
|
| |
- inst.plugins.enable(name=PLUGIN_LINKED_ATTRS)
|
| |
-
|
| |
- # Add the task again
|
| |
- TASK_DN = 'cn=task-' + str(int(time.time())) + ',cn=fixup linked attributes,cn=tasks,cn=config'
|
| |
- try:
|
| |
- inst.add_s(Entry(('cn=task-' + str(int(time.time())) + ',cn=fixup linked attributes,cn=tasks,cn=config', {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'basedn': DEFAULT_SUFFIX,
|
| |
- 'filter': 'objectclass=top'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to add task: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- wait_for_task(inst, TASK_DN)
|
| |
-
|
| |
- # Check if user2 now has a manager attribute now
|
| |
- try:
|
| |
- entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_linkedattrs: task failed: user2 missing "manager" attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_LINKED_ATTRS)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to delete test entry1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER2_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to delete test entry2: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(CONFIG_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_linkedattrs: Failed to delete plugin config entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_linkedattrs: PASS\n')
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test MemberOf Plugin (5)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_memberof(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_MEMBER_OF)
|
| |
- inst.plugins.enable(name=PLUGIN_MEMBER_OF)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config'
|
| |
- SHARED_CONFIG_DN = 'cn=memberOf Config,' + DEFAULT_SUFFIX
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_MEMBER_OF + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to update config(member): error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add our test entries
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((GROUP_DN, {
|
| |
- 'objectclass': 'top groupOfNames groupOfUniqueNames extensibleObject'.split(),
|
| |
- 'cn': 'group',
|
| |
- 'member': USER1_DN
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add group: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((SHARED_CONFIG_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'memberofgroupattr': 'member',
|
| |
- 'memberofattr': 'memberof'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to shared config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check if the user now has a "memberOf" attribute
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_memberof: user1 missing memberOf')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove "member" should remove "memberOf" from the entry
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_DELETE, 'member', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete member: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check that "memberOf" was removed
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_memberof: user1 incorrectly has memberOf attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the config
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'uniquemember')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to update config(uniquemember): error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_REPLACE, 'uniquemember', USER1_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add uniquemember: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check if the user now has a "memberOf" attribute
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_memberof: user1 missing memberOf')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove "uniquemember" should remove "memberOf" from the entry
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_DELETE, 'uniquemember', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete member: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check that "memberOf" was removed
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_memberof: user1 incorrectly has memberOf attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Set the shared config entry and test the plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # The shared config entry uses "member" - the above test uses "uniquemember"
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, CONFIG_AREA, SHARED_CONFIG_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to set plugin area: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Delete the test entries then readd them to start with a clean slate
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete test entry1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(GROUP_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete test group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((GROUP_DN, {
|
| |
- 'objectclass': 'top groupOfNames groupOfUniqueNames extensibleObject'.split(),
|
| |
- 'cn': 'group',
|
| |
- 'member': USER1_DN
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add group: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Test the shared config
|
| |
- # Check if the user now has a "memberOf" attribute
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_memberof: user1 missing memberOf')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove "member" should remove "memberOf" from the entry
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_DELETE, 'member', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete member: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check that "memberOf" was removed
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_memberof: user1 incorrectly has memberOf attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the shared config entry to use 'uniquemember' and test the plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(SHARED_CONFIG_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'uniquemember')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to set shared plugin entry(uniquemember): error '
|
| |
- + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_REPLACE, 'uniquemember', USER1_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add uniquemember: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check if the user now has a "memberOf" attribute
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_memberof: user1 missing memberOf')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove "uniquemember" should remove "memberOf" from the entry
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_DELETE, 'uniquemember', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete member: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check that "memberOf" was removed
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_memberof: user1 incorrectly has memberOf attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Remove shared config from plugin, and retest
|
| |
- ############################################################################
|
| |
-
|
| |
- # First change the plugin to use member before we move the shared config that uses uniquemember
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to update config(uniquemember): error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove shared config from plugin
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_DELETE, CONFIG_AREA, None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add uniquemember: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_REPLACE, 'member', USER1_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add uniquemember: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check if the user now has a "memberOf" attribute
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_memberof: user1 missing memberOf')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove "uniquemember" should remove "memberOf" from the entry
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_DELETE, 'member', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete member: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check that "memberOf" was removed
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_memberof: user1 incorrectly has memberOf attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test Fixup Task
|
| |
- ############################################################################
|
| |
-
|
| |
- inst.plugins.disable(name=PLUGIN_MEMBER_OF)
|
| |
-
|
| |
- # First change the plugin to use uniquemember
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'uniquemember')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to update config(uniquemember): error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add uniquemember, should not update USER1
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_REPLACE, 'uniquemember', USER1_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add uniquemember: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check for "memberOf"
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if entries:
|
| |
- log.fatal('test_memberof: user1 incorrect has memberOf attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Enable memberof plugin
|
| |
- inst.plugins.enable(name=PLUGIN_MEMBER_OF)
|
| |
-
|
| |
- #############################################################
|
| |
- # Test memberOf fixup arg validation: Test the DN and filter
|
| |
- #############################################################
|
| |
-
|
| |
- #
|
| |
- # Test bad/nonexistant DN
|
| |
- #
|
| |
- TASK_DN = 'cn=task-' + str(int(time.time())) + ',' + DN_MBO_TASK
|
| |
- try:
|
| |
- inst.add_s(Entry((TASK_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'basedn': DEFAULT_SUFFIX + "bad",
|
| |
- 'filter': 'objectclass=top'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add task(bad dn): error ' +
|
| |
- e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- exitcode = wait_for_task(inst, TASK_DN)
|
| |
- if exitcode == "0":
|
| |
- # We should an error
|
| |
- log.fatal('test_memberof: Task with invalid DN still reported success')
|
| |
- assert False
|
| |
-
|
| |
- #
|
| |
- # Test invalid DN syntax
|
| |
- #
|
| |
- TASK_DN = 'cn=task-' + str(int(time.time())) + ',' + DN_MBO_TASK
|
| |
- try:
|
| |
- inst.add_s(Entry((TASK_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'basedn': "bad",
|
| |
- 'filter': 'objectclass=top'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add task(invalid dn syntax): ' +
|
| |
- e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- exitcode = wait_for_task(inst, TASK_DN)
|
| |
- if exitcode == "0":
|
| |
- # We should an error
|
| |
- log.fatal('test_memberof: Task with invalid DN syntax still reported' +
|
| |
- ' success')
|
| |
- assert False
|
| |
-
|
| |
- #
|
| |
- # Test bad filter (missing closing parenthesis)
|
| |
- #
|
| |
- TASK_DN = 'cn=task-' + str(int(time.time())) + ',' + DN_MBO_TASK
|
| |
- try:
|
| |
- inst.add_s(Entry((TASK_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'basedn': DEFAULT_SUFFIX,
|
| |
- 'filter': '(objectclass=top'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add task(bad filter: error ' +
|
| |
- e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- exitcode = wait_for_task(inst, TASK_DN)
|
| |
- if exitcode == "0":
|
| |
- # We should an error
|
| |
- log.fatal('test_memberof: Task with invalid filter still reported ' +
|
| |
- 'success')
|
| |
- assert False
|
| |
-
|
| |
- ####################################################
|
| |
- # Test fixup works
|
| |
- ####################################################
|
| |
-
|
| |
- #
|
| |
- # Run the task and validate that it worked
|
| |
- #
|
| |
- TASK_DN = 'cn=task-' + str(int(time.time())) + ',' + DN_MBO_TASK
|
| |
- try:
|
| |
- inst.add_s(Entry((TASK_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'basedn': DEFAULT_SUFFIX,
|
| |
- 'filter': 'objectclass=top'})))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to add task: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- wait_for_task(inst, TASK_DN)
|
| |
-
|
| |
- # Check for "memberOf"
|
| |
- try:
|
| |
- entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
|
| |
- if not entries:
|
| |
- log.fatal('test_memberof: user1 missing memberOf attr')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_MEMBER_OF)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete test entry1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(GROUP_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete test group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(SHARED_CONFIG_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_memberof: Failed to delete shared config entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_memberof: PASS\n')
|
| |
-
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Managed Entry Plugin (6)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_mep(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_MANAGED_ENTRY)
|
| |
- inst.plugins.enable(name=PLUGIN_MANAGED_ENTRY)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- USER_DN = 'uid=user1,ou=people,' + DEFAULT_SUFFIX
|
| |
- MEP_USER_DN = 'cn=user1,ou=groups,' + DEFAULT_SUFFIX
|
| |
- USER_DN2 = 'uid=user 1,ou=people,' + DEFAULT_SUFFIX
|
| |
- MEP_USER_DN2 = 'uid=user 1,ou=groups,' + DEFAULT_SUFFIX
|
| |
- CONFIG_DN = 'cn=config,cn=' + PLUGIN_MANAGED_ENTRY + ',cn=plugins,cn=config'
|
| |
- TEMPLATE_DN = 'cn=MEP Template,' + DEFAULT_SUFFIX
|
| |
- TEMPLATE_DN2 = 'cn=MEP Template2,' + DEFAULT_SUFFIX
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_MANAGED_ENTRY + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add our org units
|
| |
- try:
|
| |
- inst.add_s(Entry((PEOPLE_OU, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'ou': 'people'})))
|
| |
- except ldap.ALREADY_EXISTS:
|
| |
- pass
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to add people org unit: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((GROUP_OU, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'ou': 'people'})))
|
| |
- except ldap.ALREADY_EXISTS:
|
| |
- pass
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to add people org unit: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add the template entry
|
| |
- try:
|
| |
- inst.add_s(Entry((TEMPLATE_DN, {
|
| |
- 'objectclass': 'top mepTemplateEntry extensibleObject'.split(),
|
| |
- 'cn': 'MEP Template',
|
| |
- 'mepRDNAttr': 'cn',
|
| |
- 'mepStaticAttr': 'objectclass: posixGroup|objectclass: extensibleObject'.split('|'),
|
| |
- 'mepMappedAttr': 'cn: $cn|uid: $cn|gidNumber: $uidNumber'.split('|')
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to add template entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add the config entry
|
| |
- try:
|
| |
- inst.add_s(Entry((CONFIG_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'cn': 'config',
|
| |
- 'originScope': PEOPLE_OU,
|
| |
- 'originFilter': 'objectclass=posixAccount',
|
| |
- 'managedBase': GROUP_OU,
|
| |
- 'managedTemplate': TEMPLATE_DN
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to add config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add an entry that meets the MEP scope
|
| |
- try:
|
| |
- inst.add_s(Entry((USER_DN, {
|
| |
- 'objectclass': 'top posixAccount extensibleObject'.split(),
|
| |
- 'uid': 'user1',
|
| |
- 'cn': 'user1',
|
| |
- 'uidNumber': '1',
|
| |
- 'gidNumber': '1',
|
| |
- 'homeDirectory': '/home/user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check if a managed group entry was created
|
| |
- try:
|
| |
- inst.search_s(MEP_USER_DN, ldap.SCOPE_BASE, '(objectclass=top)')
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Unable to find MEP entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the config
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add a new template entry
|
| |
- try:
|
| |
- inst.add_s(Entry((TEMPLATE_DN2, {
|
| |
- 'objectclass': 'top mepTemplateEntry extensibleObject'.split(),
|
| |
- 'cn': 'MEP Template2',
|
| |
- 'mepRDNAttr': 'uid',
|
| |
- 'mepStaticAttr': 'objectclass: posixGroup|objectclass: extensibleObject'.split('|'),
|
| |
- 'mepMappedAttr': 'cn: $uid|uid: $cn|gidNumber: $gidNumber'.split('|')
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to add template entry2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Set the new template dn
|
| |
- try:
|
| |
- inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'managedTemplate', TEMPLATE_DN2)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to set mep plugin config: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add an entry that meets the MEP scope
|
| |
- try:
|
| |
- inst.add_s(Entry((USER_DN2, {
|
| |
- 'objectclass': 'top posixAccount extensibleObject'.split(),
|
| |
- 'uid': 'user 1',
|
| |
- 'cn': 'user 1',
|
| |
- 'uidNumber': '1',
|
| |
- 'gidNumber': '1',
|
| |
- 'homeDirectory': '/home/user2'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to user2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check if a managed group entry was created
|
| |
- try:
|
| |
- inst.search_s(MEP_USER_DN2, ldap.SCOPE_BASE, '(objectclass=top)')
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Unable to find MEP entry2: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_MANAGED_ENTRY)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to delete test user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER_DN2)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to delete test user 2: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(TEMPLATE_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to delete template1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- inst.plugins.disable(name=PLUGIN_MANAGED_ENTRY)
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(TEMPLATE_DN2)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to delete template2: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(CONFIG_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_mep: Failed to delete config: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_mep: PASS\n')
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Passthru Plugin (7)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_passthru(inst, args=None):
|
| |
- # Passthru is a bit picky about the state of the entry - we can't just restart it
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- # stop the plugin
|
| |
- inst.plugins.disable(name=PLUGIN_PASSTHRU)
|
| |
-
|
| |
- PLUGIN_DN = 'cn=' + PLUGIN_PASSTHRU + ',cn=plugins,cn=config'
|
| |
- PASSTHRU_DN = 'uid=admin,dc=pass,dc=thru'
|
| |
- PASSTHRU_DN2 = 'uid=admin2,dc=pass2,dc=thru'
|
| |
- PASS_SUFFIX1 = 'dc=pass,dc=thru'
|
| |
- PASS_SUFFIX2 = 'dc=pass2,dc=thru'
|
| |
- PASS_BE2 = 'PASS2'
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_PASSTHRU + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Add a new "remote" instance, and a user for auth
|
| |
- ############################################################################
|
| |
-
|
| |
- # Create second instance
|
| |
- passthru_inst = DirSrv(verbose=False)
|
| |
-
|
| |
- # Args for the instance
|
| |
- args_instance[SER_HOST] = LOCALHOST
|
| |
- args_instance[SER_PORT] = 33333
|
| |
- args_instance[SER_SERVERID_PROP] = 'passthru'
|
| |
- args_instance[SER_CREATION_SUFFIX] = PASS_SUFFIX1
|
| |
- args_passthru_inst = args_instance.copy()
|
| |
- passthru_inst.allocate(args_passthru_inst)
|
| |
- if passthru_inst.exists():
|
| |
- passthru_inst.delete()
|
| |
- passthru_inst.create()
|
| |
- passthru_inst.open()
|
| |
-
|
| |
- # Create a second backend
|
| |
- passthru_inst.backends.create(None, properties={
|
| |
- BACKEND_NAME: PASS_BE2,
|
| |
- 'suffix': PASS_SUFFIX2,
|
| |
- })
|
| |
-
|
| |
- # Create the top of the tree
|
| |
- try:
|
| |
- passthru_inst.add_s(Entry((PASS_SUFFIX2, {
|
| |
- 'objectclass': 'top domain'.split(),
|
| |
- 'dc': 'pass2'})))
|
| |
- except ldap.ALREADY_EXISTS:
|
| |
- pass
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: Failed to create suffix entry: error ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- # Add user to suffix1
|
| |
- try:
|
| |
- passthru_inst.add_s(Entry((PASSTHRU_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'admin',
|
| |
- 'userpassword': 'password'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: Failed to admin1: error ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- # Add user to suffix 2
|
| |
- try:
|
| |
- passthru_inst.add_s(Entry((PASSTHRU_DN2, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'admin2',
|
| |
- 'userpassword': 'password'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: Failed to admin2 : error ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure and start plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on'),
|
| |
- (ldap.MOD_REPLACE, 'nsslapd-pluginarg0', 'ldap://127.0.0.1:33333/dc=pass,dc=thru')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: Failed to set mep plugin config: error ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # login as user
|
| |
- try:
|
| |
- inst.simple_bind_s(PASSTHRU_DN, "password")
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: pass through bind failed: ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the config
|
| |
- ############################################################################
|
| |
-
|
| |
- # login as root DN
|
| |
- try:
|
| |
- inst.simple_bind_s(DN_DM, PASSWORD)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: pass through bind failed: ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', 'ldap://127.0.0.1:33333/dc=pass2,dc=thru')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: Failed to set mep plugin config: error ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # login as user
|
| |
- try:
|
| |
- inst.simple_bind_s(PASSTHRU_DN2, "password")
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: pass through bind failed: ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- # login as root DN
|
| |
- try:
|
| |
- inst.simple_bind_s(DN_DM, PASSWORD)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_passthru: pass through bind failed: ' + e.message['desc'])
|
| |
- passthru_inst.delete()
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_PASSTHRU)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- # remove the passthru instance
|
| |
- passthru_inst.delete()
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_passthru: PASS\n')
|
| |
-
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Referential Integrity Plugin (8)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_referint(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_REFER_INTEGRITY)
|
| |
- inst.plugins.enable(name=PLUGIN_REFER_INTEGRITY)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_REFER_INTEGRITY + '...')
|
| |
- PLUGIN_DN = 'cn=' + PLUGIN_REFER_INTEGRITY + ',cn=plugins,cn=config'
|
| |
- SHARED_CONFIG_DN = 'cn=RI Config,' + DEFAULT_SUFFIX
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'referint-membership-attr', 'member')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to configure RI plugin: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add some users and a group
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user2'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add user2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((GROUP_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'cn': 'group',
|
| |
- 'member': USER1_DN,
|
| |
- 'uniquemember': USER2_DN
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add group: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Grab the referint log file from the plugin
|
| |
-
|
| |
- try:
|
| |
- entries = inst.search_s(PLUGIN_DN, ldap.SCOPE_BASE, '(objectclass=top)')
|
| |
- REFERINT_LOGFILE = entries[0].getValue('referint-logfile')
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Unable to search plugin entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add shared config entry
|
| |
- try:
|
| |
- inst.add_s(Entry((SHARED_CONFIG_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'referint-membership-attr': 'member',
|
| |
- 'referint-update-delay': '0',
|
| |
- 'referint-logfile': REFERINT_LOGFILE,
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to shared config entry: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Delete a user
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check for integrity
|
| |
- try:
|
| |
- entry = inst.search_s(GROUP_DN, ldap.SCOPE_BASE, '(member=' + USER1_DN + ')')
|
| |
- if entry:
|
| |
- log.fatal('test_referint: user1 was not removed from group')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Unable to search group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the config
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'referint-membership-attr', 'uniquemember')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to configure RI plugin: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Delete a user
|
| |
- try:
|
| |
- inst.delete_s(USER2_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check for integrity
|
| |
- try:
|
| |
- entry = inst.search_s(GROUP_DN, ldap.SCOPE_BASE, '(uniquemember=' + USER2_DN + ')')
|
| |
- if entry:
|
| |
- log.fatal('test_referint: user2 was not removed from group')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Unable to search group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Set the shared config entry and test the plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # The shared config entry uses "member" - the above test used "uniquemember"
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, CONFIG_AREA, SHARED_CONFIG_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to set plugin area: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Delete the group, and readd everything
|
| |
- try:
|
| |
- inst.delete_s(GROUP_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((USER2_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user2'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add user2: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.add_s(Entry((GROUP_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'cn': 'group',
|
| |
- 'member': USER1_DN,
|
| |
- 'uniquemember': USER2_DN
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add group: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Delete a user
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check for integrity
|
| |
- try:
|
| |
- entry = inst.search_s(GROUP_DN, ldap.SCOPE_BASE, '(member=' + USER1_DN + ')')
|
| |
- if entry:
|
| |
- log.fatal('test_referint: user1 was not removed from group')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Unable to search group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the shared config entry to use 'uniquemember' and test the plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(SHARED_CONFIG_DN, [(ldap.MOD_REPLACE, 'referint-membership-attr', 'uniquemember')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to set shared plugin entry(uniquemember): error '
|
| |
- + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Delete a user
|
| |
- try:
|
| |
- inst.delete_s(USER2_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check for integrity
|
| |
- try:
|
| |
- entry = inst.search_s(GROUP_DN, ldap.SCOPE_BASE, '(uniquemember=' + USER2_DN + ')')
|
| |
- if entry:
|
| |
- log.fatal('test_referint: user2 was not removed from group')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Unable to search group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Remove shared config from plugin, and retest
|
| |
- ############################################################################
|
| |
-
|
| |
- # First change the plugin to use member before we move the shared config that uses uniquemember
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'referint-membership-attr', 'member')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to update config(uniquemember): error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Remove shared config from plugin
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_DELETE, CONFIG_AREA, None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add uniquemember: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add test user
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Add user to group
|
| |
- try:
|
| |
- inst.modify_s(GROUP_DN, [(ldap.MOD_REPLACE, 'member', USER1_DN)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to add uniquemember: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Delete a user
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check for integrity
|
| |
- try:
|
| |
- entry = inst.search_s(GROUP_DN, ldap.SCOPE_BASE, '(member=' + USER1_DN + ')')
|
| |
- if entry:
|
| |
- log.fatal('test_referint: user1 was not removed from group')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Unable to search group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_REFER_INTEGRITY)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(GROUP_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(SHARED_CONFIG_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_referint: Failed to delete shared config entry: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_referint: PASS\n')
|
| |
-
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Retro Changelog Plugin (9)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_retrocl(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_RETRO_CHANGELOG)
|
| |
- inst.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_RETRO_CHANGELOG + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Gather the current change count (it's not 1 once we start the stabilty tests)
|
| |
- try:
|
| |
- entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_retrocl: Failed to get the count: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- entry_count = len(entry)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add a user
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_retrocl: Failed to add user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check we logged this in the retro cl
|
| |
- try:
|
| |
- entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
|
| |
- if not entry or len(entry) == entry_count:
|
| |
- log.fatal('test_retrocl: changelog not updated')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_retrocl: Unable to search group: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- entry_count += 1
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the config - disable plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- inst.plugins.disable(name=PLUGIN_RETRO_CHANGELOG)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_retrocl: Failed to delete user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Check we didn't logged this in the retro cl
|
| |
- try:
|
| |
- entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
|
| |
- if len(entry) != entry_count:
|
| |
- log.fatal('test_retrocl: changelog incorrectly updated - change count: '
|
| |
- + str(len(entry)) + ' - expected 1')
|
| |
- assert False
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_retrocl: Unable to search retro changelog: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- inst.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
|
| |
- test_dependency(inst, PLUGIN_RETRO_CHANGELOG)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup
|
| |
- ############################################################################
|
| |
-
|
| |
- # None
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_retrocl: PASS\n')
|
| |
-
|
| |
- return
|
| |
-
|
| |
-
|
| |
- ################################################################################
|
| |
- #
|
| |
- # Test Root DN Access Control Plugin (10)
|
| |
- #
|
| |
- ################################################################################
|
| |
- def test_rootdn(inst, args=None):
|
| |
- # stop the plugin, and start it
|
| |
- inst.plugins.disable(name=PLUGIN_ROOTDN_ACCESS)
|
| |
- inst.plugins.enable(name=PLUGIN_ROOTDN_ACCESS)
|
| |
-
|
| |
- if args == "restart":
|
| |
- return
|
| |
-
|
| |
- PLUGIN_DN = 'cn=' + PLUGIN_ROOTDN_ACCESS + ',cn=plugins,cn=config'
|
| |
-
|
| |
- log.info('Testing ' + PLUGIN_ROOTDN_ACCESS + '...')
|
| |
-
|
| |
- ############################################################################
|
| |
- # Configure plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Add an user and aci to open up cn=config
|
| |
- try:
|
| |
- inst.add_s(Entry((USER1_DN, {
|
| |
- 'objectclass': 'top extensibleObject'.split(),
|
| |
- 'uid': 'user1',
|
| |
- 'userpassword': 'password'
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_rootdn: Failed to add user1: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Set an aci so we can modify the plugin after ew deny the root dn
|
| |
- ACI = ('(target ="ldap:///cn=config")(targetattr = "*")(version 3.0;acl ' +
|
| |
- '"all access";allow (all)(userdn="ldap:///anyone");)')
|
| |
- try:
|
| |
- inst.modify_s(DN_CONFIG, [(ldap.MOD_ADD, 'aci', ACI)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_rootdn: Failed to add aci to config: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- # Set allowed IP to an unknown host - blocks root dn
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-ip', '10.10.10.10')])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_rootdn: Failed to set rootDN plugin config: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Bind as Root DN
|
| |
- failed = False
|
| |
- try:
|
| |
- inst.simple_bind_s(DN_DM, PASSWORD)
|
| |
- except ldap.LDAPError as e:
|
| |
- failed = True
|
| |
-
|
| |
- if not failed:
|
| |
- log.fatal('test_rootdn: Root DN was incorrectly able to bind')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Change the config
|
| |
- ############################################################################
|
| |
-
|
| |
- # Bind as the user who can make updates to the config
|
| |
- try:
|
| |
- inst.simple_bind_s(USER1_DN, 'password')
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_rootdn: failed to bind as user1')
|
| |
- assert False
|
| |
-
|
| |
- # First, test that invalid plugin changes are rejected
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-deny-ip', '12.12.ZZZ.12')])
|
| |
- log.fatal('test_rootdn: Incorrectly allowed to add invalid "rootdn-deny-ip: 12.12.ZZZ.12"')
|
| |
- assert False
|
| |
- except ldap.LDAPError:
|
| |
- pass
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-host', 'host._.com')])
|
| |
- log.fatal('test_rootdn: Incorrectly allowed to add invalid "rootdn-allow-host: host._.com"')
|
| |
- assert False
|
| |
- except ldap.LDAPError:
|
| |
- pass
|
| |
-
|
| |
- # Remove the restriction
|
| |
- try:
|
| |
- inst.modify_s(PLUGIN_DN, [(ldap.MOD_DELETE, 'rootdn-allow-ip', None)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_rootdn: Failed to set rootDN plugin config: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin
|
| |
- ############################################################################
|
| |
-
|
| |
- # Bind as Root DN
|
| |
- failed = False
|
| |
- try:
|
| |
- inst.simple_bind_s(DN_DM, PASSWORD)
|
| |
- except ldap.LDAPError as e:
|
| |
- failed = True
|
| |
-
|
| |
- if failed:
|
| |
- log.fatal('test_rootdn: Root DN was not able to bind')
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test plugin dependency
|
| |
- ############################################################################
|
| |
-
|
| |
- test_dependency(inst, PLUGIN_ROOTDN_ACCESS)
|
| |
-
|
| |
- ############################################################################
|
| |
- # Cleanup - remove ACI from cn=config and test user
|
| |
- ############################################################################
|
| |
-
|
| |
- try:
|
| |
- inst.modify_s(DN_CONFIG, [(ldap.MOD_DELETE, 'aci', ACI)])
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_rootdn: Failed to add aci to config: error ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- inst.delete_s(USER1_DN)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('test_rootdn: Failed to delete user1: ' + e.message['desc'])
|
| |
- assert False
|
| |
-
|
| |
- ############################################################################
|
| |
- # Test passed
|
| |
- ############################################################################
|
| |
-
|
| |
- log.info('test_rootdn: PASS\n')
|
| |
-
|
| |
- return
|
| |
-
|
| |
-
|
| |
- # Array of test functions
|
| |
- func_tests = [test_acctpolicy, test_attruniq, test_automember, test_dna,
|
| |
- test_linkedattrs, test_memberof, test_mep, test_passthru,
|
| |
- test_referint, test_retrocl, test_rootdn]
|
| |
-
|
| |
-
|
| |
- def test_all_plugins(inst, args=None):
|
| |
- for func in func_tests:
|
| |
- func(inst, args)
|
| |
-
|
| |
- return
|
| |
Description: Refactor plugins module and fix tests accordingly.
Add absent Task and Plugin objects. Add docstrings for every
fixed object.
https://pagure.io/389-ds-base/issue/49581
Reviewed by: ?