#50375 Issue 49761 - Fix CI test suite issues
Closed 3 years ago by spichugi. Opened 4 years ago by vashirov.
vashirov/389-ds-base fix-tests-on-rhel8  into  master

@@ -140,6 +140,7 @@ 

      assert group.is_member(user.dn)

      user.delete()

  

+ @pytest.mark.skipif(ds_is_older("1.4.1.2"), reason="Not implemented")

  def test_delete_default_group(automember_fixture, topo):

      """If memberof is enable and a user became member of default group

      because of automember rule then delete the default group should succeeds
@@ -178,6 +179,7 @@ 

          user_1.delete()

          topo.standalone.setLogLevel(0)

  

+ @pytest.mark.skipif(ds_is_older("1.4.1.2"), reason="Not implemented")

  def test_delete_target_group(automember_fixture, topo):

      """If memberof is enabld and a user became member of target group

      because of automember rule then delete the target group should succeeds

@@ -367,16 +367,18 @@ 

              assert attr_m1 in result

              assert attr_m2 in result

              assert attr_m1_only in result

-             assert attr_first not in result

-             assert attr_second not in result

+             if ds_is_newer("1.4.1.2"):

+                 assert attr_first not in result

+                 assert attr_second not in result

              # Ignore some attributes and check the output

              tool_cmd.extend(['-i', '{},{}'.format('description', 'telephonenumber')])

              result = subprocess.check_output(tool_cmd, encoding='utf-8').lower()

              assert attr_m1 not in result

              assert attr_m2 not in result

              assert attr_m1_only not in result

-             assert attr_first not in result

-             assert attr_second not in result

+             if ds_is_newer("1.4.1.2"):

+                 assert attr_first not in result

+                 assert attr_second not in result

  

      finally:

          topo_tls_ldapi.resume_all_replicas()

@@ -242,7 +242,7 @@ 

      ############################################################################

      check_replicas(topology_m2)

  

- 

+ @pytest.mark.tier2

  def test_stress(topology_m2):

      """Test plugins while under a big load. Perform the test 5 times

  

@@ -10,8 +10,6 @@ 

  from lib389.properties import TASK_WAIT

  from lib389.utils import time, ldap, os, logging

  from lib389.topologies import topology_st as topo

- from lib389._constants import BACKEND_NAME, BACKEND_SUFFIX

- 

  from lib389.dbgen import dbgen

  

  pytestmark = pytest.mark.tier1
@@ -52,8 +50,8 @@ 

      log.info('Adding suffix:{} and backend: {}...'.format(TEST_DEFAULT_SUFFIX,

                                                            TEST_DEFAULT_NAME))

      backends = Backends(topo.standalone)

-     backends.create(properties={BACKEND_SUFFIX: TEST_DEFAULT_SUFFIX,

-                                 BACKEND_NAME: TEST_DEFAULT_NAME})

+     backends.create(properties={'nsslapd-suffix': TEST_DEFAULT_SUFFIX,

+                                 'name': TEST_DEFAULT_NAME})

  

      log.info('Create LDIF file and import it...')

      ldif_dir = topo.standalone.get_ldif_dir()
@@ -91,7 +89,8 @@ 

  

      log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX1, TEST_BACKEND1))

      backends = Backends(topo.standalone)

-     backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX1, BACKEND_NAME: TEST_BACKEND1})

+     backend = backends.create(properties={'nsslapd-suffix': TEST_SUFFIX1,

+                                           'name': TEST_BACKEND1})

  

      log.info('Create LDIF file and import it')

      ldif_dir = topo.standalone.get_ldif_dir()
@@ -108,7 +107,8 @@ 

      backend.delete()

  

      log.info('Adding the same database-{} after deleting it'.format(TEST_BACKEND1))

-     backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX1, BACKEND_NAME: TEST_BACKEND1})

+     backends.create(properties={'nsslapd-suffix': TEST_SUFFIX1,

+                                 'name': TEST_BACKEND1})

  

  

  def test_del_suffix_backend(topo):
@@ -127,7 +127,8 @@ 

  

      log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX2, TEST_BACKEND2))

      backends = Backends(topo.standalone)

-     backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX2, BACKEND_NAME: TEST_BACKEND2})

+     backend = backends.create(properties={'nsslapd-suffix': TEST_SUFFIX2,

+                                            'name': TEST_BACKEND2})

  

      log.info('Create LDIF file and import it')

      ldif_dir = topo.standalone.get_ldif_dir()
@@ -141,7 +142,8 @@ 

      backend.delete()

  

      log.info('Adding the same database-{} after deleting it'.format(TEST_BACKEND2))

-     backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX2, BACKEND_NAME: TEST_BACKEND2})

+     backends.create(properties={'nsslapd-suffix': TEST_SUFFIX2,

+                                 'name': TEST_BACKEND2})

      log.info('Checking if server can be restarted after re-adding the same database')

      topo.standalone.restart()

      assert not topo.standalone.detectDisorderlyShutdown()

@@ -183,35 +183,36 @@ 

          log.fatal('Failed to attempt to change password: ' + str(e))

          assert False

  

-     #

-     # Test passwordInHistory to 0

-     #

-     try:

-         topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

-     except ldap.LDAPError as e:

-         log.fatal('Failed to bind as rootDN: ' + str(e))

-         assert False

+     if ds_is_newer("1.4.1.2"):

+         #

+         # Test passwordInHistory to 0

+         #

+         try:

+             topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

+         except ldap.LDAPError as e:

+             log.fatal('Failed to bind as rootDN: ' + str(e))

+             assert False

  

-     try:

-         topology_st.standalone.config.replace('passwordInHistory', '0')

-         log.info('Configured passwordInHistory to 0.')

-     except ldap.LDAPError as e:

-         log.fatal('Failed to configure password policy (passwordInHistory to 0): ' + str(e))

-         assert False

+         try:

+             topology_st.standalone.config.replace('passwordInHistory', '0')

+             log.info('Configured passwordInHistory to 0.')

+         except ldap.LDAPError as e:

+             log.fatal('Failed to configure password policy (passwordInHistory to 0): ' + str(e))

+             assert False

  

-     # Verify the older passwords in the entry (passwordhistory) are ignored

-     user.rebind('password-reset')

-     user.set('userpassword', 'password4')

-     try:

+         # Verify the older passwords in the entry (passwordhistory) are ignored

+         user.rebind('password-reset')

          user.set('userpassword', 'password4')

-         log.fatal('Incorrectly able to to set password to current password4.')

-         log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))

-         assert False

-     except ldap.CONSTRAINT_VIOLATION:

-         log.info('Password change correctly rejected')

-     except ldap.LDAPError as e:

-         log.fatal('Failed to attempt to change password: ' + str(e))

-         assert False

+         try:

+             user.set('userpassword', 'password4')

+             log.fatal('Incorrectly able to to set password to current password4.')

+             log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))

+             assert False

+         except ldap.CONSTRAINT_VIOLATION:

+             log.info('Password change correctly rejected')

+         except ldap.LDAPError as e:

+             log.fatal('Failed to attempt to change password: ' + str(e))

+             assert False

  

      # Need to make one successful update so history list is reset

      user.set('userpassword', 'password5')

@@ -465,8 +465,7 @@ 

      # If args is None then we run the test suite as pytest standalone and it's not dynamic

      if args is None:

          inst.restart()

- 

-     task = plugin.fixup(branch2.dn, 'objectclass=top')

+     task = plugin.fixup(branch2.dn, _filter='objectclass=top')

      task.wait()

  

      # Verify the fixup task worked
@@ -774,7 +773,7 @@ 

          inst.restart()

  

      # Add the task again

-     task = plugin.fixup(DEFAULT_SUFFIX, 'objectclass=top')

+     task = plugin.fixup(la_config.dn)

      task.wait()

  

      # Check if user2 now has a manager attribute now

@@ -60,7 +60,7 @@ 

  

      log.info("Creating DNA shared config entry...")

      shared_configs = DNAPluginSharedConfigs(inst, ou_ranges.dn)

-     shared_configs.create(properties={'dnaHostName': str(inst.host),

+     shared_configs.create(properties={'dnaHostname': str(inst.host),

                                        'dnaPortNum': str(inst.port),

                                        'dnaRemainingValues': '9501'})

  

@@ -10,8 +10,7 @@ 

  from lib389.tasks import *

  from lib389.utils import *

  from lib389.topologies import topology_st

- 

- from lib389._constants import DEFAULT_SUFFIX, PLUGIN_WHOAMI

+ from lib389.plugins import WhoamiPlugin

  

  pytestmark = pytest.mark.tier1

  
@@ -20,6 +19,7 @@ 

  

  

  @pytest.mark.ds47384

+ @pytest.mark.ds47601

  def test_pluginpath_validation(topology_st):

      """Test pluginpath validation: relative and absolute paths

      With the inclusion of ticket 47601 - we do allow plugin paths
@@ -44,15 +44,12 @@ 

           5. This should fail

      """

  

-     if os.geteuid() != 0:

-         log.warning('This script must be run as root')

-         return

- 

-     os.system('setenforce 0')

- 

-     PLUGIN_DN = 'cn=%s,cn=plugins,cn=config' % PLUGIN_WHOAMI

-     tmp_dir = topology_st.standalone.get_tmp_dir()

-     plugin_dir = topology_st.standalone.get_plugin_dir()

+     inst = topology_st.standalone

+     whoami = WhoamiPlugin(inst)

+     # /tmp nowadays comes with noexec bit set on some systems

+     # so instead let's write somewhere where dirsrv user has access

+     tmp_dir = inst.get_bak_dir()

+     plugin_dir = inst.get_plugin_dir()

  

      # Copy the library to our tmp directory

      try:
@@ -61,34 +58,37 @@ 

          log.fatal('Failed to copy %s/libwhoami-plugin.so to the tmp directory %s, error: %s' % (

          plugin_dir, tmp_dir, e.strerror))

          assert False

-     try:

-         shutil.copy('%s/libwhoami-plugin.la' % plugin_dir, tmp_dir)

-     except IOError as e:

-         log.warning('Failed to copy ' + plugin_dir +

-                  '/libwhoami-plugin.la to the tmp directory, error: '

-                  + e.strerror)

  

      #

      # Test adding valid plugin paths

      #

      # Try using the absolute path to the current library

-     topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,

-                                                  'nsslapd-pluginPath', ensure_bytes('%s/libwhoami-plugin' % plugin_dir))])

+     whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % plugin_dir)

  

      # Try using new remote location

-     topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,

-                                                  'nsslapd-pluginPath', ensure_bytes('%s/libwhoami-plugin' % tmp_dir))])

+     # If SELinux is enabled, plugin can't be loaded as it's not labeled properly

+     if selinux_present:

+         import selinux

+         if selinux.is_selinux_enabled():

+             with pytest.raises(ldap.UNWILLING_TO_PERFORM):

+                 whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % tmp_dir)

+             # Label it with lib_t, so it can be executed

+             # We can't use selinux.setfilecon() here, because py.test needs to have mac_admin capability

+             # Instead we can call chcon directly:

+             subprocess.check_call(['/usr/bin/chcon', '-t', 'lib_t', '%s/libwhoami-plugin.so' % tmp_dir])

+     # And try to change the path again

+         whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % tmp_dir)

+     else:

+         whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % tmp_dir)

  

      # Set plugin path back to the default

-     topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,

-                                                  'nsslapd-pluginPath', b'libwhoami-plugin')])

+     whoami.replace('nsslapd-pluginPath', 'libwhoami-plugin')

  

      #

      # Test invalid path (no library present)

      #

      with pytest.raises(ldap.UNWILLING_TO_PERFORM):

-         topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,

-                                                      'nsslapd-pluginPath', b'/bin/libwhoami-plugin')])

+         whoami.replace('nsslapd-pluginPath', '/bin/libwhoami-plugin')

          # No exception?! This is an error

          log.error('Invalid plugin path was incorrectly accepted by the server!')

  
@@ -96,8 +96,7 @@ 

      # Test invalid relative path (no library present)

      #

      with pytest.raises(ldap.UNWILLING_TO_PERFORM):

-         topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,

-                                                      'nsslapd-pluginPath', b'../libwhoami-plugin')])

+         whoami.replace('nsslapd-pluginPath', '../libwhoami-plugin')

          # No exception?! This is an error

          log.error('Invalid plugin path was incorrectly accepted by the server!')

  

@@ -627,7 +627,7 @@ 

      M1 = topo_with_sigkill.ms["master1"]

      M2 = topo_with_sigkill.ms["master2"]

      M1.stop()

-     ldif_file = '/tmp/master1.ldif'

+     ldif_file = '%s/master1.ldif' % M1.get_ldif_dir()

      M1.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX],

                 excludeSuffixes=None, repl_data=True,

                 outputfile=ldif_file, encrypt=False)

@@ -4,6 +4,7 @@ 

  import ldap

  from lib389._constants import *

  from lib389.topologies import topology_st

+ from lib389.utils import ds_is_older

  

  pytestmark = pytest.mark.tier1

  
@@ -16,7 +17,7 @@ 

  TOO_HIGH_VAL = "65536"

  TOO_LOW_VAL = "0"

  

- 

+ @pytest.mark.skipif(ds_is_older("1.4.1.2"), reason="Not implemented")

  def test_fd_limits(topology_st):

      """Test the default limits, and custom limits

  

@@ -14,6 +14,7 @@ 

  from lib389.utils import *

  from lib389.topologies import topology_m2

  from lib389._constants import *

+ from lib389.replica import ReplicationManager

  

  pytestmark = [pytest.mark.tier1,

                pytest.mark.skipif(ds_is_older('1.3.5'), reason="Not implemented")]
@@ -43,25 +44,6 @@ 

                                   'sn': 'user%d' % (ii)})))

  

  

- def enable_ssl(server, ldapsport, mycert):

-     log.info("\n######################### Enabling SSL LDAPSPORT %s ######################\n" % ldapsport)

-     server.simple_bind_s(DN_DM, PASSWORD)

-     server.encryption.apply_mods([(ldap.MOD_REPLACE, 'nsSSL3', 'off'),

-                                   (ldap.MOD_REPLACE, 'nsTLS1', 'on'),

-                                   (ldap.MOD_REPLACE, 'nsSSLClientAuth', 'allowed'),

-                                   (ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all')])

- 

-     server.config.apply_mods([(ldap.MOD_REPLACE, 'nsslapd-security', 'on'),

-                               (ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', 'off'),

-                               (ldap.MOD_REPLACE, 'nsslapd-secureport', ldapsport)])

- 

-     server.rsa.ensure_state(properties={'objectclass': "top nsEncryptionModule".split(),

-                                         'cn': 'RSA',

-                                         'nsSSLPersonalitySSL': mycert,

-                                         'nsSSLToken': 'internal (software)',

-                                         'nsSSLActivation': 'on'})

- 

- 

  def check_pems(confdir, mycacert, myservercert, myserverkey, notexist):

      log.info("\n######################### Check PEM files (%s, %s, %s)%s in %s ######################\n"

               % (mycacert, myservercert, myserverkey, notexist, confdir))
@@ -107,253 +89,6 @@ 

              log.info('%s is correctly not generated.' % serverkey)

  

  

- def doAndPrintIt(cmdline):

-     proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

-     log.info("      OUT:")

-     while True:

-         l = ensure_str(proc.stdout.readline())

-         if l == "":

-             break

-         log.info("      %s" % l)

-     log.info("      ERR:")

-     while True:

-         l = ensure_str(proc.stderr.readline())

-         if l == "" or l == "\n":

-             break

-         log.info("      <%s>" % l)

-         assert False

- 

- 

- def create_keys_certs(topology_m2):

-     log.info("\n######################### Creating SSL Keys and Certs ######################\n")

- 

-     for inst in topology_m2:

-         log.info("##### Ensure that nsslapd-extract-pemfiles is 'off' on {}".format(inst.serverid))

-         inst.config.set('nsslapd-extract-pemfiles', 'off')

-         log.info("##### restart {}".format(inst.serverid))

-         inst.restart()

- 

-     global m1confdir

-     m1confdir = topology_m2.ms["master1"].confdir

-     global m2confdir

-     m2confdir = topology_m2.ms["master2"].confdir

- 

-     log.info("##### shutdown master1")

-     topology_m2.ms["master1"].stop()

- 

-     log.info("##### Creating a password file")

-     pwdfile = '%s/pwdfile.txt' % (m1confdir)

-     os.system('rm -f %s' % pwdfile)

-     opasswd = os.popen("(ps -ef ; w ) | sha1sum | awk '{print $1}'", "r")

-     passwd = opasswd.readline()

-     pwdfd = open(pwdfile, "w")

-     pwdfd.write(passwd)

-     pwdfd.close()

- 

-     log.info("##### create the pin file")

-     m1pinfile = '%s/pin.txt' % (m1confdir)

-     m2pinfile = '%s/pin.txt' % (m2confdir)

-     os.system('rm -f %s' % m1pinfile)

-     os.system('rm -f %s' % m2pinfile)

-     pintxt = 'Internal (Software) Token:%s' % passwd

-     pinfd = open(m1pinfile, "w")

-     pinfd.write(pintxt)

-     pinfd.close()

-     os.system('chmod 400 %s' % m1pinfile)

- 

-     log.info("##### Creating a noise file")

-     noisefile = '%s/noise.txt' % (m1confdir)

-     noise = os.popen("(w ; ps -ef ; date ) | sha1sum | awk '{print $1}'", "r")

-     noisewdfd = open(noisefile, "w")

-     noisewdfd.write(noise.readline())

-     noisewdfd.close()

-     time.sleep(1)

- 

-     cmdline = ['certutil', '-N', '-d', m1confdir, '-f', pwdfile]

-     log.info("##### Create key3.db and cert8.db database (master1): %s" % cmdline)

-     doAndPrintIt(cmdline)

- 

-     cmdline = ['certutil', '-G', '-d', m1confdir, '-z', noisefile, '-f', pwdfile]

-     log.info("##### Creating encryption key for CA (master1): %s" % cmdline)

-     # os.system('certutil -G -d %s -z %s -f %s' % (m1confdir, noisefile, pwdfile))

-     doAndPrintIt(cmdline)

- 

-     time.sleep(2)

- 

-     log.info("##### Creating self-signed CA certificate (master1) -- nickname %s" % CACERT)

-     os.system(

-         '( echo y ; echo ; echo y ) | certutil -S -n "%s" -s "%s" -x -t "CT,," -m 1000 -v 120 -d %s -z %s -f %s -2' % (

-         CACERT, ISSUER, m1confdir, noisefile, pwdfile))

- 

-     global M1SUBJECT

-     cmdline = ['certutil', '-S', '-n', M1SERVERCERT, '-s', M1SUBJECT, '-c', CACERT, '-t', ',,', '-m', '1001', '-v',

-                '120', '-d', m1confdir, '-z', noisefile, '-f', pwdfile]

-     log.info("##### Creating Server certificate -- nickname %s: %s" % (M1SERVERCERT, cmdline))

-     doAndPrintIt(cmdline)

- 

-     time.sleep(2)

- 

-     global M2SUBJECT

-     cmdline = ['certutil', '-S', '-n', M2SERVERCERT, '-s', M2SUBJECT, '-c', CACERT, '-t', ',,', '-m', '1002', '-v',

-                '120', '-d', m1confdir, '-z', noisefile, '-f', pwdfile]

-     log.info("##### Creating Server certificate -- nickname %s: %s" % (M2SERVERCERT, cmdline))

-     doAndPrintIt(cmdline)

- 

-     time.sleep(2)

- 

-     log.info("##### start master1")

-     topology_m2.ms["master1"].start()

- 

-     log.info("##### enable SSL in master1 with all ciphers")

-     enable_ssl(topology_m2.ms["master1"], M1LDAPSPORT, M1SERVERCERT)

- 

-     cmdline = ['certutil', '-L', '-d', m1confdir]

-     log.info("##### Check the cert db: %s" % cmdline)

-     doAndPrintIt(cmdline)

- 

-     log.info("##### restart master1")

-     topology_m2.ms["master1"].restart()

- 

-     log.info("##### Check PEM files of master1 (before setting nsslapd-extract-pemfiles")

-     check_pems(m1confdir, CACERT, M1SERVERCERT, M1SERVERCERT + '-Key', " not")

- 

-     log.info("##### Set on to nsslapd-extract-pemfiles")

-     topology_m2.ms["master1"].config.set('nsslapd-extract-pemfiles', 'on')

- 

-     log.info("##### restart master1")

-     topology_m2.ms["master1"].restart()

- 

-     log.info("##### Check PEM files of master1 (after setting nsslapd-extract-pemfiles")

-     check_pems(m1confdir, CACERT, M1SERVERCERT, M1SERVERCERT + '-Key', "")

- 

-     global mytmp

-     mytmp = '/tmp'

-     m2pk12file = '%s/%s.pk12' % (mytmp, M2SERVERCERT)

-     cmd = 'pk12util -o %s -n "%s" -d %s -w %s -k %s' % (m2pk12file, M2SERVERCERT, m1confdir, pwdfile, pwdfile)

-     log.info("##### Extract PK12 file for master2: %s" % cmd)

-     os.system(cmd)

- 

-     log.info("##### Check PK12 files")

-     if os.path.isfile(m2pk12file):

-         log.info('%s is successfully extracted.' % m2pk12file)

-     else:

-         log.fatal('%s was not extracted.' % m2pk12file)

-         assert False

- 

-     log.info("##### stop master2")

-     topology_m2.ms["master2"].stop()

- 

-     log.info("##### Initialize Cert DB for master2")

-     cmdline = ['certutil', '-N', '-d', m2confdir, '-f', pwdfile]

-     log.info("##### Create key3.db and cert8.db database (master2): %s" % cmdline)

-     doAndPrintIt(cmdline)

- 

-     log.info("##### Import certs to master2")

-     log.info('Importing %s' % CACERT)

-     global cacert

-     os.system('certutil -A -n "%s" -t "CT,," -f %s -d %s -a -i %s' % (CACERT, pwdfile, m2confdir, cacert))

-     cmd = 'pk12util -i %s -n "%s" -d %s -w %s -k %s' % (m2pk12file, M2SERVERCERT, m2confdir, pwdfile, pwdfile)

-     log.info('##### Importing %s to master2: %s' % (M2SERVERCERT, cmd))

-     os.system(cmd)

-     log.info('copy %s to %s' % (m1pinfile, m2pinfile))

-     os.system('cp %s %s' % (m1pinfile, m2pinfile))

-     os.system('chmod 400 %s' % m2pinfile)

- 

-     log.info("##### start master2")

-     topology_m2.ms["master2"].start()

- 

-     log.info("##### enable SSL in master2 with all ciphers")

-     enable_ssl(topology_m2.ms["master2"], M2LDAPSPORT, M2SERVERCERT)

- 

-     log.info("##### restart master2")

-     topology_m2.ms["master2"].restart()

- 

-     log.info("##### Check PEM files of master2 (before setting nsslapd-extract-pemfiles")

-     check_pems(m2confdir, CACERT, M2SERVERCERT, M2SERVERCERT + '-Key', " not")

- 

-     log.info("##### Set on to nsslapd-extract-pemfiles")

-     topology_m2.ms["master2"].config.set('nsslapd-extract-pemfiles', 'on')

- 

-     log.info("##### restart master2")

-     topology_m2.ms["master2"].restart()

- 

-     log.info("##### Check PEM files of master2 (after setting nsslapd-extract-pemfiles")

-     check_pems(m2confdir, CACERT, M2SERVERCERT, M2SERVERCERT + '-Key', "")

- 

-     log.info("##### restart master1")

-     topology_m2.ms["master1"].restart()

- 

-     log.info("\n######################### Creating SSL Keys and Certs Done ######################\n")

- 

- 

- def config_tls_agreements(topology_m2):

-     log.info("######################### Configure SSL/TLS agreements ######################")

-     log.info("######################## master1 -- startTLS -> master2 #####################")

-     log.info("##################### master1 <- tls_clientAuth -- master2 ##################")

- 

-     log.info("##### Update the agreement of master1")

-     m1 = topology_m2.ms["master1"]

-     m1_m2_agmt = m1.agreement.list(suffix=DEFAULT_SUFFIX)[0].dn

- 

-     m1.agreement.setProperties(agmnt_dn=m1_m2_agmt, properties={RA_TRANSPORT_PROT: 'TLS'})

- 

-     log.info("##### Add the cert to the repl manager on master1")

-     global mytmp

-     global m2confdir

-     m2servercert = '%s/%s.pem' % (m2confdir, M2SERVERCERT)

-     m2sc = open(m2servercert, "r")

-     m2servercertstr = ''

-     for l in m2sc.readlines():

-         if ((l == "") or l.startswith('This file is auto-generated') or

-                 l.startswith('Do not edit') or l.startswith('Issuer:') or

-                 l.startswith('Subject:') or l.startswith('-----')):

-             continue

-         m2servercertstr = "%s%s" % (m2servercertstr, l.rstrip())

-     m2sc.close()

- 

-     log.info('##### master2 Server Cert in base64 format: %s' % m2servercertstr)

- 

-     replmgr = defaultProperties[REPLICATION_BIND_DN]

-     rentry = m1.search_s(replmgr, ldap.SCOPE_BASE, 'objectclass=*')

-     log.info('##### Replication manager on master1: %s' % replmgr)

-     oc = 'ObjectClass'

-     log.info('      %s:' % oc)

-     if rentry:

-         for val in rentry[0].getValues(oc):

-             log.info('                 : %s' % val)

-     m1.modify_s(replmgr, [(ldap.MOD_ADD, oc, b'extensibleObject')])

- 

-     global M2SUBJECT

-     m1.modify_s(replmgr, [(ldap.MOD_ADD, 'userCertificate;binary', base64.b64decode(m2servercertstr)),

-                           (ldap.MOD_ADD, 'description', ensure_bytes(M2SUBJECT))])

- 

-     log.info("##### Modify the certmap.conf on master1")

-     m1certmap = '%s/certmap.conf' % (m1confdir)

-     os.system('chmod 660 %s' % m1certmap)

-     m1cm = open(m1certmap, "w")

-     m1cm.write('certmap Example %s\n' % ISSUER)

-     m1cm.write('Example:DNComps cn\n')

-     m1cm.write('Example:FilterComps\n')

-     m1cm.write('Example:verifycert  on\n')

-     m1cm.write('Example:CmapLdapAttr    description')

-     m1cm.close()

-     os.system('chmod 440 %s' % m1certmap)

- 

-     log.info("##### Update the agreement of master2")

-     m2 = topology_m2.ms["master2"]

-     m2_m1_agmt = m2.agreement.list(suffix=DEFAULT_SUFFIX)[0].dn

- 

-     m2.agreement.setProperties(agmnt_dn=m2_m1_agmt, properties={RA_TRANSPORT_PROT: 'TLS',

-                                                                 RA_METHOD: 'SSLCLIENTAUTH'})

- 

-     m1.stop()

-     m2.stop()

-     m1.start()

-     m2.start()

- 

-     log.info("\n######################### Configure SSL/TLS agreements Done ######################\n")

- 

- 

  def relocate_pem_files(topology_m2):

      log.info("######################### Relocate PEM files on master1 ######################")

      mycacert = 'MyCA'
@@ -364,9 +99,10 @@ 

                                                (ldap.MOD_REPLACE, 'ServerKeyExtractFile', myserverkey)])

      log.info("##### restart master1")

      topology_m2.ms["master1"].restart()

+     m1confdir = topology_m2.ms["master1"].confdir

      check_pems(m1confdir, mycacert, myservercert, myserverkey, "")

  

- 

+ @pytest.mark.ds47536

  def test_openldap_no_nss_crypto(topology_m2):

      """Check that we allow usage of OpenLDAP libraries

      that don't use NSS for crypto
@@ -397,39 +133,43 @@ 

  

      log.info("Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto")

  

-     create_keys_certs(topology_m2)

-     config_tls_agreements(topology_m2)

- 

-     add_entry(topology_m2.ms["master1"], 'master1', 'uid=m1user', 0, 5)

-     add_entry(topology_m2.ms["master2"], 'master2', 'uid=m2user', 0, 5)

+     m1 = topology_m2.ms["master1"]

+     m2 = topology_m2.ms["master2"]

+     [i.enable_tls() for i in topology_m2]

+     repl = ReplicationManager(DEFAULT_SUFFIX)

+     repl.test_replication(m1, m2)

  

-     time.sleep(5)

+     add_entry(m1, 'master1', 'uid=m1user', 0, 5)

+     add_entry(m2, 'master2', 'uid=m2user', 0, 5)

+     repl.wait_for_replication(m1, m2)

+     repl.wait_for_replication(m2, m1)

  

      log.info('##### Searching for entries on master1...')

-     entries = topology_m2.ms["master1"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

+     entries = m1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

      assert 10 == len(entries)

  

      log.info('##### Searching for entries on master2...')

-     entries = topology_m2.ms["master2"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

+     entries = m2.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

      assert 10 == len(entries)

  

      relocate_pem_files(topology_m2)

  

-     add_entry(topology_m2.ms["master1"], 'master1', 'uid=m1user', 10, 5)

-     add_entry(topology_m2.ms["master2"], 'master2', 'uid=m2user', 10, 5)

+     add_entry(m1, 'master1', 'uid=m1user', 10, 5)

+     add_entry(m2, 'master2', 'uid=m2user', 10, 5)

  

-     time.sleep(10)

+     repl.wait_for_replication(m1, m2)

+     repl.wait_for_replication(m2, m1)

  

      log.info('##### Searching for entries on master1...')

-     entries = topology_m2.ms["master1"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

+     entries = m1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

      assert 20 == len(entries)

  

      log.info('##### Searching for entries on master2...')

-     entries = topology_m2.ms["master2"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

+     entries = m2.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')

      assert 20 == len(entries)

  

-     output_file = os.path.join(topology_m2.ms["master1"].get_ldif_dir(), "master1.ldif")

-     topology_m2.ms["master1"].tasks.exportLDIF(benamebase='userRoot', output_file=output_file, args={'wait': True})

+     output_file = os.path.join(m1.get_ldif_dir(), "master1.ldif")

+     m1.tasks.exportLDIF(benamebase='userRoot', output_file=output_file, args={'wait': True})

  

      log.info("Ticket 47536 - PASSED")

  

Description:
Fix various failures in plugins test suite.

Fixes https://pagure.io/389-ds-base/issue/49761

Reviewed by: ???

rebased onto 4e0a92db86efc3887efa5288e950ba8985022713

4 years ago

rebased onto 00306b92b3c9f6ea8949a09a151fdb53812affaf

4 years ago

1 new commit added

  • Fix import regression test
4 years ago

1 new commit added

  • Test with password history set to 0 only on 1.4.1.2+
4 years ago

1 new commit added

  • Run fdlimits test only 1.4.1.2+
4 years ago

The test fails here with ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'Invalid plugin path /var/lib/dirsrv/slapd-standalone1/bak/libwhoami-plugin.so - failed to open library'}.

1 new commit added

  • Take care of SELinux edge cases
4 years ago

rebased onto 00de25fee69ddee19eb67c873aeda84ec0f34e3d

4 years ago

Right, it fails because SELinux rightfully denies:

----
type=AVC msg=audit(15/05/19 16:36:58.928:420) : avc:  denied  { execute } for  pid=20581 comm=ns-slapd path=/var/lib/dirsrv/slapd-standalone1/bak/libwhoami-plugin.so dev="vda1" ino=401178 scontext=system_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:object_r:dirsrv_var_lib_t:s0 tclass=file permissive=0

We need to label .so file properly, so that SELinux will allow to exec it.
I've added a check for SELinux. If it's present and enabled, then:
1. expect it to fail with the default label
2. relabel and try again, this time it should succeed.

rebased onto 76e1ff1c92f4abe45c2060d28403fd774d95098a

4 years ago

rebased onto 750bc01b5860515b96e4723b24c966f6c2d3da9b

4 years ago

2 new commits added

  • Use default ldif directory instead of /tmp
  • Do some checks for dsreplcheck only on 1.4.1.2+
4 years ago

rebased onto b419f1d80e7c830592d58ccfbbeed3684f09b763

4 years ago

rebased onto a9e4ce0

4 years ago

Pull-Request has been merged by vashirov

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3434

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

3 years ago