| |
@@ -16,99 +16,101 @@
|
| |
|
| |
CONTAINER_1_OU = 'test_ou_1'
|
| |
CONTAINER_2_OU = 'test_ou_2'
|
| |
- CONTAINER_1 = 'ou=%s,dc=example,dc=com' % CONTAINER_1_OU
|
| |
- CONTAINER_2 = 'ou=%s,dc=example,dc=com' % CONTAINER_2_OU
|
| |
+ CONTAINER_1 = f'ou={CONTAINER_1_OU},dc=example,dc=com'
|
| |
+ CONTAINER_2 = f'ou={CONTAINER_2_OU},dc=example,dc=com'
|
| |
USER_CN = 'test_user'
|
| |
USER_PWD = 'Secret123'
|
| |
- USER = 'cn=%s,%s' % (USER_CN, CONTAINER_1)
|
| |
+ USER = f'cn={USER_CN},{CONTAINER_1}'
|
| |
|
| |
|
| |
@pytest.fixture(scope="module")
|
| |
def env_setup(topology_st):
|
| |
"""Adds two containers, one user and two ACI rules"""
|
| |
|
| |
- try:
|
| |
- log.info("Add a container: %s" % CONTAINER_1)
|
| |
- topology_st.standalone.add_s(Entry((CONTAINER_1,
|
| |
- {'objectclass': 'top',
|
| |
- 'objectclass': 'organizationalunit',
|
| |
- 'ou': CONTAINER_1_OU,
|
| |
- })))
|
| |
-
|
| |
- log.info("Add a container: %s" % CONTAINER_2)
|
| |
- topology_st.standalone.add_s(Entry((CONTAINER_2,
|
| |
- {'objectclass': 'top',
|
| |
- 'objectclass': 'organizationalunit',
|
| |
- 'ou': CONTAINER_2_OU,
|
| |
- })))
|
| |
-
|
| |
- log.info("Add a user: %s" % USER)
|
| |
- topology_st.standalone.add_s(Entry((USER,
|
| |
- {'objectclass': 'top person'.split(),
|
| |
- 'cn': USER_CN,
|
| |
- 'sn': USER_CN,
|
| |
- 'userpassword': USER_PWD
|
| |
- })))
|
| |
- except ldap.LDAPError as e:
|
| |
- log.error('Failed to add object to database: %s' % e.message['desc'])
|
| |
- assert False
|
| |
+ log.info("Add a container: %s" % CONTAINER_1)
|
| |
+ topology_st.standalone.add_s(Entry((CONTAINER_1,
|
| |
+ {'objectclass': 'top',
|
| |
+ 'objectclass': 'organizationalunit',
|
| |
+ 'ou': CONTAINER_1_OU,
|
| |
+ })))
|
| |
+
|
| |
+ log.info("Add a container: %s" % CONTAINER_2)
|
| |
+ topology_st.standalone.add_s(Entry((CONTAINER_2,
|
| |
+ {'objectclass': 'top',
|
| |
+ 'objectclass': 'organizationalunit',
|
| |
+ 'ou': CONTAINER_2_OU,
|
| |
+ })))
|
| |
+
|
| |
+ log.info("Add a user: %s" % USER)
|
| |
+ topology_st.standalone.add_s(Entry((USER,
|
| |
+ {'objectclass': 'top person'.split(),
|
| |
+ 'cn': USER_CN,
|
| |
+ 'sn': USER_CN,
|
| |
+ 'userpassword': USER_PWD
|
| |
+ })))
|
| |
|
| |
ACI_TARGET = '(targetattr="*")'
|
| |
ACI_ALLOW = '(version 3.0; acl "All rights for %s"; allow (all) ' % USER
|
| |
ACI_SUBJECT = 'userdn="ldap:///%s";)' % USER
|
| |
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
|
| |
- mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
|
| |
+ mod = [(ldap.MOD_ADD, 'aci', ensure_bytes(ACI_BODY))]
|
| |
|
| |
- try:
|
| |
- log.info("Add an ACI 'allow (all)' by %s to the %s" % (USER,
|
| |
- CONTAINER_1))
|
| |
- topology_st.standalone.modify_s(CONTAINER_1, mod)
|
| |
+ log.info("Add an ACI 'allow (all)' by %s to the %s" % (USER,
|
| |
+ CONTAINER_1))
|
| |
+ topology_st.standalone.modify_s(CONTAINER_1, mod)
|
| |
|
| |
- log.info("Add an ACI 'allow (all)' by %s to the %s" % (USER,
|
| |
- CONTAINER_2))
|
| |
- topology_st.standalone.modify_s(CONTAINER_2, mod)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('Failed to add ACI: error (%s)' % (e.message['desc']))
|
| |
- assert False
|
| |
+ log.info("Add an ACI 'allow (all)' by %s to the %s" % (USER,
|
| |
+ CONTAINER_2))
|
| |
+ topology_st.standalone.modify_s(CONTAINER_2, mod)
|
| |
|
| |
|
| |
- def test_ticket47553(topology_st, env_setup):
|
| |
+ @pytest.mark.ds47553
|
| |
+ def test_enhanced_aci_modrnd(topology_st, env_setup):
|
| |
"""Tests, that MODRDN operation is allowed,
|
| |
if user has ACI right '(all)' under superior entries,
|
| |
but doesn't have '(modrdn)'
|
| |
+
|
| |
+ :id: 492cf2a9-2efe-4e3b-955e-85eca61d66b9
|
| |
+ :setup: Standalone instance
|
| |
+ :steps:
|
| |
+ 1. Create two containers
|
| |
+ 2. Create a user within "ou=test_ou_1,dc=example,dc=com"
|
| |
+ 3. Add an aci with a rule "cn=test_user is allowed all" within these containers
|
| |
+ 4. Run MODRDN operation on the "cn=test_user" and set "newsuperior" to
|
| |
+ the "ou=test_ou_2,dc=example,dc=com"
|
| |
+ 5. Check there is no user under container one (ou=test_ou_1,dc=example,dc=com)
|
| |
+ 6. Check there is a user under container two (ou=test_ou_2,dc=example,dc=com)
|
| |
+
|
| |
+ :expectedresults:
|
| |
+ 1. Two containers should be created
|
| |
+ 2. User should be added successfully
|
| |
+ 3. This should pass
|
| |
+ 4. This should pass
|
| |
+ 5. User should not be found under container ou=test_ou_1,dc=example,dc=com
|
| |
+ 6. User should be found under container ou=test_ou_2,dc=example,dc=com
|
| |
"""
|
| |
|
| |
log.info("Bind as %s" % USER)
|
| |
- try:
|
| |
- topology_st.standalone.simple_bind_s(USER, USER_PWD)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.error('Bind failed for %s, error %s' % (USER, e.message['desc']))
|
| |
- assert False
|
| |
+
|
| |
+ topology_st.standalone.simple_bind_s(USER, USER_PWD)
|
| |
|
| |
log.info("User MODRDN operation from %s to %s" % (CONTAINER_1,
|
| |
CONTAINER_2))
|
| |
- try:
|
| |
- topology_st.standalone.rename_s(USER, "cn=%s" % USER_CN,
|
| |
- newsuperior=CONTAINER_2, delold=1)
|
| |
- except ldap.LDAPError as e:
|
| |
- log.error('MODRDN failed for %s, error %s' % (USER, e.message['desc']))
|
| |
- assert False
|
| |
-
|
| |
- try:
|
| |
- log.info("Check there is no user in %s" % CONTAINER_1)
|
| |
- entries = topology_st.standalone.search_s(CONTAINER_1,
|
| |
- ldap.SCOPE_ONELEVEL,
|
| |
- 'cn=%s' % USER_CN)
|
| |
- assert not entries
|
| |
-
|
| |
- log.info("Check there is our user in %s" % CONTAINER_2)
|
| |
- entries = topology_st.standalone.search_s(CONTAINER_2,
|
| |
- ldap.SCOPE_ONELEVEL,
|
| |
- 'cn=%s' % USER_CN)
|
| |
- assert entries
|
| |
- except ldap.LDAPError as e:
|
| |
- log.fatal('Search failed, error: ' + e.message['desc'])
|
| |
- assert False
|
| |
+
|
| |
+ topology_st.standalone.rename_s(USER, "cn=%s" % USER_CN,
|
| |
+ newsuperior=CONTAINER_2, delold=1)
|
| |
+
|
| |
+ log.info("Check there is no user in %s" % CONTAINER_1)
|
| |
+ entries = topology_st.standalone.search_s(CONTAINER_1,
|
| |
+ ldap.SCOPE_ONELEVEL,
|
| |
+ 'cn=%s' % USER_CN)
|
| |
+ assert not entries
|
| |
+
|
| |
+ log.info("Check there is our user in %s" % CONTAINER_2)
|
| |
+ entries = topology_st.standalone.search_s(CONTAINER_2,
|
| |
+ ldap.SCOPE_ONELEVEL,
|
| |
+ 'cn=%s' % USER_CN)
|
| |
+ assert entries
|
| |
|
| |
|
| |
if __name__ == '__main__':
|
| |
Description: Added py3 support by explicitly changing strings to bytes.
Ported tests from ticket to test suites, also added doc-strings.
https://pagure.io/389-ds-base/issue/49588
Reviewed by: ??