#50461 Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
Closed 3 years ago by spichugi. Opened 4 years ago by vashirov.
vashirov/389-ds-base acl-ipv6-test  into  master

@@ -430,30 +430,33 @@ 

      with pytest.raises(ldap.INSUFFICIENT_ACCESS):

          org.replace("seeAlso", "cn=1")

  

- 

- def test_user_can_access_the_data_when_connecting_from_any_machine_2(topo, add_user, aci_of_user):

+ @pytest.mark.ds50378

+ @pytest.mark.bz1710848

+ @pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"])

+ def test_user_can_access_from_ipv4_or_ipv6_address(topo, add_user, aci_of_user, ip_addr):

      """

-     User can access the data when connecting from any machine as per the ACI.

+     User can modify the data when accessing the server from the allowed IPv4 and IPv6 addresses

  

      :id:461e761e-7ac5-11e8-9ae4-8c16451d917b

      :setup: Standalone Server

      :steps:

-         1. Add test entry

-         2. Add ACI

-         3. User should follow ACI role

+         1. Add ACI that has both IPv4 and IPv6

+         2. Connect from one of the IPs allowed in ACI

+         3. Modify an attribute

      :expectedresults:

-         1. Entry should be added

-         2. Operation should  succeed

-         3. Operation should  succeed

+         1. ACI should be added

+         2. Conection should be successful

+         3. Operation should be successful

      """

-     # Add ACI

+     # Add ACI that contains both IPv4 and IPv6

      Domain(topo.standalone, DEFAULT_SUFFIX).\

-         add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*)'

+         add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*) '

                     f'(version 3.0; aci "IP aci"; allow(all) '

-                    f'userdn = "ldap:///{FULLIP_KEY}" and ip = "*" ;)')

+                    f'userdn = "ldap:///{FULLIP_KEY}" and (ip = "127.0.0.1" or ip = "::1");)')

  

      # Create a new connection for this test.

-     conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM)

+     conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM, uri=f'ldap://{ip_addr}:{topo.standalone.port}')

+ 

      # Perform Operation

      OrganizationalUnit(conn, IP_OU_KEY).replace("seeAlso", "cn=1")

  

Description:

Add a new test case for #50378 instead of the older one that was testing
an unsupported corner case (ip=*).

Relates: https://pagure.io/389-ds-base/issue/50378

Reviewed by: ???

rebased onto 5e285f6

4 years ago

Pull-Request has been merged by vashirov

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3519

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

3 years ago
Metadata