PR#50463: Issue 50462 - Fix CI tests - 389-ds-base

389-ds-base

#50463 Issue 50462 - Fix CI tests

Closed 3 years ago by spichugi. Opened 4 years ago by mreynolds.

mreynolds/389-ds-base citests into master

Mark Reynolds • 4 years ago

19d2029

dirsrvtests/tests/suites/replication/acceptance_test.py

file modified

		`@@ -472,6 +472,8 @@`
		`except ldap.LDAPError as e:`
		`m1.log.fatal('Failed to bind: ' + str(e))`
		`assert False`
		`+`
		`+`
		`def test_warining_for_invalid_replica(topo_m4):`
		`"""Testing logs to indicate the inconsistency when configuration is performed.`

dirsrvtests/tests/suites/replication/regression_nsslapd_plugin_binddn_tracking_test.py

file removed

-116

		`@@ -1,116 +0,0 @@`
		`- # --- BEGIN COPYRIGHT BLOCK ---`
		`- # Copyright (C) 2018 Red Hat, Inc.`
		`- # All rights reserved.`
		`- #`
		`- # License: GPL (version 3 or any later version).`
		`- # See LICENSE for details.`
		`- # --- END COPYRIGHT BLOCK ---`
		`- #`
		`- import logging`
		`- import pytest`
		`- from lib389.tasks import *`
		`- from lib389.topologies import topology_m2 as topo_m2`
		`- from lib389.utils import *`
		`- from lib389.replica import *`
		`- from lib389._constants import *`
		`- from lib389.idm.user import UserAccounts`
		`- from lib389.idm.domain import Domain`
		`-`
		`- pytestmark = pytest.mark.tier1`
		`-`
		`- log = logging.getLogger(__name__)`
		`-`
		`-`
		`- @pytest.mark.DS47950`
		`- def test_nsslapd_plugin_binddn_tracking(topo_m2):`
		`- """`
		`- Testing nsslapd-plugin-binddn-tracking does not cause issues around`
		`- access control and reconfiguring replication/repl agmt.`
		`- :id: f5ba7b64-fe04-11e8-a298-8c16451d917b`
		`- :setup: Replication with two masters.`
		`- :steps:`
		`- 1. Turn on bind dn tracking`
		`- 2. Add two users`
		`- 3. Add an aci`
		`- 4. Make modification as user`
		`- 5. Setup replica and create a repl agmt`
		`- 6. Modify replica`
		`- 7. Modify repl agmt`
		`- :expectedresults:`
		`- 1. Should Success.`
		`- 2. Should Success.`
		`- 3. Should Success.`
		`- 4. Should Success.`
		`- 5. Should Success.`
		`- 6. Should Success.`
		`- 7. Should Success.`
		`- """`
		`-`
		`- log.info("Testing Ticket 47950 - Testing nsslapd-plugin-binddn-tracking")`
		`-`
		`- #`
		`- # Turn on bind dn tracking`
		`- #`
		`- topo_m2.ms["master1"].config.replace("nsslapd-plugin-binddn-tracking", "on")`
		`- #`
		`- # Add two users`
		`- #`
		`- users = UserAccounts(topo_m2.ms["master1"], DEFAULT_SUFFIX)`
		`- test_user_1 = users.create_test_user(uid=1)`
		`- test_user_2 = users.create_test_user(uid=2)`
		`- test_user_1.set('userPassword', 'password')`
		`- test_user_2.set('userPassword', 'password')`
		`- #`
		`- # Add an aci`
		`- #`
		`- USER1_DN = users.list()[0].dn`
		`- USER2_DN = users.list()[1].dn`
		`- acival = (`
		`- '(targetattr ="cn")(version 3.0;acl "Test bind dn tracking"'`
		`- + ';allow (all) (userdn = "ldap:///%s");)' % USER1_DN`
		`- )`
		`- Domain(topo_m2.ms["master1"], DEFAULT_SUFFIX).add("aci", acival)`
		`-`
		`- #`
		`- # Make modification as user`
		`- #`
		`- assert topo_m2.ms["master1"].simple_bind_s(USER1_DN, "password")`
		`- test_user_2.replace("cn", "new value")`
		`- #`
		`- # Setup replica and create a repl agmt`
		`- #`
		`- repl = ReplicationManager(DEFAULT_SUFFIX)`
		`- assert topo_m2.ms["master1"].simple_bind_s(DN_DM, PASSWORD)`
		`- repl.test_replication(topo_m2.ms["master1"], topo_m2.ms["master2"], 30)`
		`- repl.test_replication(topo_m2.ms["master2"], topo_m2.ms["master1"], 30)`
		`- properties = {`
		`- "cn": "test_agreement",`
		`- "nsDS5ReplicaRoot": "dc=example,dc=com",`
		`- "nsDS5ReplicaHost": "localhost.localdomain",`
		`- "nsDS5ReplicaPort": "5555",`
		`- "nsDS5ReplicaBindDN": "uid=tester",`
		`- "nsds5ReplicaCredentials": "password",`
		`- "nsDS5ReplicaTransportInfo": "LDAP",`
		`- "nsDS5ReplicaBindMethod": "SIMPLE",`
		`- }`
		`- replicas = Replicas(topo_m2.ms["master1"])`
		`- replica = replicas.get(DEFAULT_SUFFIX)`
		`- agmts = Agreements(topo_m2.ms["master1"], basedn=replica.dn)`
		`- repl_agreement = agmts.create(properties=properties)`
		`- #`
		`- # modify replica`
		`- #`
		`- replica.replace("nsDS5ReplicaId", "7")`
		`- assert replica.present("nsDS5ReplicaId", "7")`
		`- #`
		`- # modify repl agmt`
		`- #`
		`- repl_agreement.replace('nsDS5ReplicaPort', "8888")`
		`- assert repl_agreement.present('nsDS5ReplicaPort', "8888")`
		`-`
		`-`
		`- if __name__ == "__main__":`
		`- # Run isolated`
		`- # -s for DEBUG mode`
		`- CURRENT_FILE = os.path.realpath(__file__)`
		`- pytest.main("-s %s" % CURRENT_FILE)`

dirsrvtests/tests/suites/replication/regression_test.py

file modified

+54 -4

		`@@ -14,13 +14,16 @@`
		`from lib389.topologies import topology_m2 as topo_m2, TopologyMain, topology_m3 as topo_m3, create_topology, _remove_ssca_db`
		`from lib389._constants import *`
		`from lib389.idm.organizationalunit import OrganizationalUnits`
		`- from lib389.agreement import Agreements`
		`from lib389.idm.user import UserAccount`
		`from lib389.idm.group import Groups, Group`
		`+ from lib389.idm.domain import Domain`
		`+ from lib389.idm.directorymanager import DirectoryManager`
		`from lib389.replica import Replicas, ReplicationManager`
		`+ from lib389.agreement import Agreements`
		`from lib389.changelog import Changelog5`
		`from lib389 import pid_from_file`

		`+`
		`pytestmark = pytest.mark.tier1`

		`NEW_SUFFIX_NAME = 'test_repl'`
		`@@ -489,9 +492,56 @@`
		`count = pattern_errorlog(errorlog_M2, regex, start_location=restart_location_M2)`
		`assert(count <= 1)`

		`- if DEBUGGING:`
		`- # Add debugging steps(if any)...`
		`- pass`
		`+`
		`+ def test_plugin_bind_dn_tracking_and_replication(topo_m2):`
		`+ """Testing nsslapd-plugin-binddn-tracking does not cause issues around`
		`+ access control and reconfiguring replication/repl agmt.`
		`+`
		`+ :id: dd689d03-69b8-4bf9-a06e-2acd19d5e2c9`
		`+ :setup: 2 master topology`
		`+ :steps:`
		`+ 1. Turn on plugin binddn tracking`
		`+ 2. Add some users`
		`+ 3. Make an update as a user`
		`+ 4. Make an update to the replica config`
		`+ 5. Make an update to the repliocation agreement`
		`+ :expectedresults:`
		`+ 1. Success`
		`+ 2. Success`
		`+ 3. Success`
		`+ 4. Success`
		`+ 5. Success`
		`+ """`
		`+`
		`+ m1 = topo_m2.ms["master1"]`
		`+`
		`+ # Turn on bind dn tracking`
		`+ m1.config.set('nsslapd-plugin-binddn-tracking', 'on')`
		`+`
		`+ # Add two users`
		`+ users = UserAccounts(m1, DEFAULT_SUFFIX)`
		`+ user1 = users.create_test_user(uid=1011)`
		`+ user1.set('userpassword', PASSWORD)`
		`+ user2 = users.create_test_user(uid=1012)`
		`+`
		`+ # Add an aci`
		`+ acival = '(targetattr ="cn")(version 3.0;acl "Test bind dn tracking"' + \`
		`+ ';allow (all) (userdn = "ldap:///{}");)'.format(user1.dn)`
		`+ Domain(m1, DEFAULT_SUFFIX).add('aci', acival)`
		`+`
		`+ # Bind as user and make an update`
		`+ user1.rebind(PASSWORD)`
		`+ user2.set('cn', 'new value')`
		`+ dm = DirectoryManager(m1)`
		`+ dm.rebind()`
		`+`
		`+ # modify replica`
		`+ replica = Replicas(m1).get(DEFAULT_SUFFIX)`
		`+ replica.set(REPL_PROTOCOL_TIMEOUT, "30")`
		`+`
		`+ # modify repl agmt`
		`+ agmt = replica.get_agreements().list()[0]`
		`+ agmt.set(REPL_PROTOCOL_TIMEOUT, "20")`


		`def test_cleanallruv_repl(topo_m3):`

dirsrvtests/tests/suites/replication/tombstone_fixup_test.py

file added

+129

		`@@ -0,0 +1,129 @@`
		`+ # --- BEGIN COPYRIGHT BLOCK ---`
		`+ # Copyright (C) 2017 Red Hat, Inc.`
		`+ # All rights reserved.`
		`+ #`
		`+ # License: GPL (version 3 or any later version).`
		`+ # See LICENSE for details.`
		`+ # --- END COPYRIGHT BLOCK ---`
		`+ #`
		`+ import pytest`
		`+ from lib389.tasks import *`
		`+ from lib389.utils import *`
		`+ from lib389.topologies import topology_m1`
		`+ from lib389.tombstone import Tombstones`
		`+ from lib389.idm.user import UserAccounts, TEST_USER_PROPERTIES`
		`+ from lib389.replica import ReplicationManager`
		`+ from lib389._constants import (defaultProperties, DEFAULT_SUFFIX, ReplicaRole,`
		`+ REPLICAID_MASTER_1, REPLICA_PRECISE_PURGING, REPLICA_PURGE_DELAY,`
		`+ REPLICA_PURGE_INTERVAL)`
		`+`
		`+ pytestmark = pytest.mark.tier2`
		`+`
		`+`
		`+ def test_precise_tombstone_purging(topology_m1):`
		`+ """ Test precise tombstone purging`
		`+`
		`+ :id: adb86f50-ae76-4ed6-82b4-3cdc30ccab79`
		`+ :setup: master1 instance`
		`+ :steps:`
		`+ 1. Create and Delete entry to create a tombstone`
		`+ 2. export ldif, edit, and import ldif`
		`+ 3. Check tombstones do not contain nsTombstoneCSN`
		`+ 4. Run fixup task, and verify tombstones now have nsTombstone CSN`
		`+ 5. Configure tombstone purging`
		`+ 6. Verify tombstones are purged`
		`+ :expectedresults:`
		`+ 1. Success`
		`+ 2. Success`
		`+ 3. Success`
		`+ 4. Success`
		`+ 5. Success`
		`+ 6. Success`
		`+ """`
		`+`
		`+ m1 = topology_m1.ms['master1']`
		`+ m1_tasks = Tasks(m1)`
		`+`
		`+ # Create tombstone entry`
		`+ users = UserAccounts(m1, DEFAULT_SUFFIX)`
		`+ user = users.create_test_user(uid=1001)`
		`+ user.delete()`
		`+`
		`+ # Verify tombstone was created`
		`+ tombstones = Tombstones(m1, DEFAULT_SUFFIX)`
		`+ assert len(tombstones.list()) == 1`
		`+`
		`+ # Export db, strip nsTombstoneCSN, and import it`
		`+ ldif_file = "{}/export.ldif".format(m1.get_ldif_dir())`
		`+ args = {EXPORT_REPL_INFO: True,`
		`+ TASK_WAIT: True}`
		`+ m1_tasks.exportLDIF(DEFAULT_SUFFIX, None, ldif_file, args)`
		`+ time.sleep(.5)`
		`+`
		`+ # Strip LDIF of nsTombstoneCSN, getthe LDIF lines, the n create new ldif`
		`+ ldif = open(ldif_file, "r")`
		`+ lines = ldif.readlines()`
		`+ ldif.close()`
		`+ time.sleep(.5)`
		`+`
		`+ ldif = open(ldif_file, "w")`
		`+ for line in lines:`
		`+ if not line.lower().startswith('nstombstonecsn'):`
		`+ ldif.write(line)`
		`+ ldif.close()`
		`+ time.sleep(.5)`
		`+`
		`+ # import the new ldif file`
		`+ log.info('Import replication LDIF file...')`
		`+ args = {TASK_WAIT: True}`
		`+ m1_tasks.importLDIF(DEFAULT_SUFFIX, None, ldif_file, args)`
		`+ time.sleep(.5)`
		`+`
		`+ # Search for the tombstone again`
		`+ tombstones = Tombstones(m1, DEFAULT_SUFFIX)`
		`+ assert len(tombstones.list()) == 1`
		`+`
		`+ #`
		`+ # Part 3 - test fixup task using the strip option.`
		`+ #`
		`+ args = {TASK_WAIT: True,`
		`+ TASK_TOMB_STRIP: True}`
		`+ m1_tasks.fixupTombstones(DEFAULT_BENAME, args)`
		`+ time.sleep(.5)`
		`+`
		`+ # Search for tombstones with nsTombstoneCSN - better not find any`
		`+ for ts in tombstones.list():`
		`+ assert not ts.present("nsTombstoneCSN")`
		`+`
		`+ # Now run the fixup task`
		`+ args = {TASK_WAIT: True}`
		`+ m1_tasks.fixupTombstones(DEFAULT_BENAME, args)`
		`+ time.sleep(.5)`
		`+`
		`+ # Search for tombstones with nsTombstoneCSN - better find some`
		`+ tombstones = Tombstones(m1, DEFAULT_SUFFIX)`
		`+ assert len(tombstones.list()) == 1`
		`+`
		`+ #`
		`+ # Part 4 - Test tombstone purging`
		`+ #`
		`+ args = {REPLICA_PRECISE_PURGING: b'on',`
		`+ REPLICA_PURGE_DELAY: b'5',`
		`+ REPLICA_PURGE_INTERVAL: b'5'}`
		`+ m1.replica.setProperties(DEFAULT_SUFFIX, None, None, args)`
		`+`
		`+ # Wait for the interval to pass`
		`+ log.info('Wait for tombstone purge interval to pass...')`
		`+ time.sleep(6)`
		`+`
		`+ # Add an entry to trigger replication`
		`+ users.create_test_user(uid=1002)`
		`+`
		`+ # Wait for the interval to pass again`
		`+ log.info('Wait for tombstone purge interval to pass again...')`
		`+ time.sleep(6)`
		`+`
		`+ # search for tombstones, there should be none`
		`+ tombstones = Tombstones(m1, DEFAULT_SUFFIX)`
		`+ assert len(tombstones.list()) == 0`
		`+`

dirsrvtests/tests/suites/replication/tombstone_test.py

file modified

+2 -1

		`@@ -10,12 +10,12 @@`
		`from lib389.tasks import *`
		`from lib389.utils import *`
		`from lib389.topologies import topology_m1`
		`-`
		`from lib389.tombstone import Tombstones`
		`from lib389.idm.user import UserAccounts, TEST_USER_PROPERTIES`

		`pytestmark = pytest.mark.tier1`

		`+`
		`def test_purge_success(topology_m1):`
		`"""Verify that tombstones are created successfully`

		`@@ -54,6 +54,7 @@`

		`assert len(users.list()) == 1`
		`user_revived = users.get('testuser')`
		`+`

		`if __name__ == '__main__':`
		`# Run isolated`

dirsrvtests/tests/suites/resource_limits/fdlimits_test.py

file modified

+16 -6

		`@@ -2,9 +2,11 @@`
		`import pytest`
		`import os`
		`import ldap`
		`+ import resource`
		`from lib389._constants import *`
		`from lib389.topologies import topology_st`
		`- from lib389.utils import ds_is_older`
		`+ from lib389.utils import ds_is_older, ensure_str`
		`+ from subprocess import check_output`

		`pytestmark = pytest.mark.tier1`

		`@@ -12,9 +14,11 @@`
		`log = logging.getLogger(__name__)`

		`FD_ATTR = "nsslapd-maxdescriptors"`
		`- SYSTEMD_VAL = "16384"`
		`+ GLOBAL_LIMIT = resource.getrlimit(resource.RLIMIT_NOFILE)[1]`
		`+ SYSTEMD_LIMIT = ensure_str(check_output("systemctl show --value -p LimitNOFILE dirsrv@standalone1".split(" ")).strip())`
		`CUSTOM_VAL = "9000"`
		`- TOO_HIGH_VAL = "65536"`
		`+ TOO_HIGH_VAL = str(GLOBAL_LIMIT * 2)`
		`+ TOO_HIGH_VAL2 = str(int(SYSTEMD_LIMIT) * 2)`
		`TOO_LOW_VAL = "0"`

		`@pytest.mark.skipif(ds_is_older("1.4.1.2"), reason="Not implemented")`
		`@@ -26,7 +30,7 @@`
		`:steps:`
		`1. Check default limit`
		`2. Change default limit`
		`- 3. Check invalid/too high limit is rejected`
		`+ 3. Check invalid/too high limits are rejected`
		`4. Check invalid/too low limit is rejected`
		`:expectedresults:`
		`1. Success`
		`@@ -37,19 +41,25 @@`

		`# Check systemd default`
		`max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)`
		`- assert max_fd == SYSTEMD_VAL`
		`+ assert max_fd == SYSTEMD_LIMIT`

		`# Check custom value is applied`
		`topology_st.standalone.config.set(FD_ATTR, CUSTOM_VAL)`
		`max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)`
		`assert max_fd == CUSTOM_VAL`

		`- # Attempt to use val that is too high`
		`+ # # Attempt to use value that is higher than the global system limit`
		`with pytest.raises(ldap.UNWILLING_TO_PERFORM):`
		`topology_st.standalone.config.set(FD_ATTR, TOO_HIGH_VAL)`
		`max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)`
		`assert max_fd == CUSTOM_VAL`

		`+ # Attempt to use value that is higher than the value defined in the systemd service`
		`+ with pytest.raises(ldap.UNWILLING_TO_PERFORM):`
		`+ topology_st.standalone.config.set(FD_ATTR, TOO_HIGH_VAL2)`
		`+ max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)`
		`+ assert max_fd == CUSTOM_VAL`
		`+`
		`# Attempt to use val that is too low`
		`with pytest.raises(ldap.OPERATIONS_ERROR):`
		`topology_st.standalone.config.set(FD_ATTR, TOO_LOW_VAL)`

dirsrvtests/tests/tickets/ticket47819_test.py

file removed

-244

		`@@ -1,244 +0,0 @@`
		`- # --- BEGIN COPYRIGHT BLOCK ---`
		`- # Copyright (C) 2016 Red Hat, Inc.`
		`- # All rights reserved.`
		`- #`
		`- # License: GPL (version 3 or any later version).`
		`- # See LICENSE for details.`
		`- # --- END COPYRIGHT BLOCK ---`
		`- #`
		`- import logging`
		`-`
		`- import pytest`
		`- from lib389.tasks import *`
		`- from lib389.topologies import topology_st`
		`- from lib389.replica import ReplicationManager`
		`-`
		`- from lib389._constants import (defaultProperties, DEFAULT_SUFFIX, ReplicaRole,`
		`- REPLICAID_MASTER_1, REPLICA_PRECISE_PURGING, REPLICA_PURGE_DELAY,`
		`- REPLICA_PURGE_INTERVAL)`
		`-`
		`- pytestmark = pytest.mark.tier2`
		`-`
		`- log = logging.getLogger(__name__)`
		`-`
		`-`
		`- def test_ticket47819(topology_st):`
		`- """`
		`- from lib389.utils import *`
		`-`
		`- # Skip on older versions`
		`- pytestmark = pytest.mark.skipif(ds_is_older('1.3.4'), reason="Not implemented")`
		`- Testing precise tombstone purging:`
		`- [1] Make sure "nsTombstoneCSN" is added to new tombstones`
		`- [2] Make sure an import of a replication ldif adds "nsTombstoneCSN"`
		`- to old tombstones`
		`- [4] Test fixup task`
		`- [3] Make sure tombstone purging works`
		`- """`
		`-`
		`- log.info('Testing Ticket 47819 - Test precise tombstone purging')`
		`-`
		`- #`
		`- # Setup Replication`
		`- #`
		`- master = topology_st.standalone`
		`- repl = ReplicationManager(DEFAULT_SUFFIX)`
		`- repl.create_first_master(master)`
		`- repl.ensure_agreement(master, master)`
		`-`
		`- #`
		`- # Part 1 create a tombstone entry and make sure nsTombstoneCSN is added`
		`- #`
		`- log.info('Part 1: Add and then delete an entry to create a tombstone...')`
		`-`
		`- try:`
		`- topology_st.standalone.add_s(Entry(('cn=entry1,dc=example,dc=com', {`
		`- 'objectclass': 'top person'.split(),`
		`- 'sn': 'user',`
		`- 'cn': 'entry1'})))`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to add entry: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- try:`
		`- topology_st.standalone.delete_s('cn=entry1,dc=example,dc=com')`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to delete entry: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- log.info('Search for tombstone entries...')`
		`- try:`
		`- entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,`
		`- '(&(nsTombstoneCSN=*)(objectclass=nsTombstone))')`
		`- if not entries:`
		`- log.fatal('Search failed to the new tombstone(nsTombstoneCSN is probably missing).')`
		`- assert False`
		`- except ldap.LDAPError as e:`
		`- log.fatal('Search failed: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- log.info('Part 1 - passed')`
		`-`
		`- #`
		`- # Part 2 - import ldif with tombstones missing 'nsTombstoneCSN'`
		`- #`
		`- # First, export the replication ldif, edit the file(remove nstombstonecsn),`
		`- # and reimport it.`
		`- #`
		`- log.info('Part 2: Exporting replication ldif...')`
		`-`
		`- # Get the the full path and name for our LDIF we will be exporting`
		`- ldif_file = "/tmp/export.ldif"`
		`-`
		`- args = {EXPORT_REPL_INFO: True,`
		`- TASK_WAIT: True}`
		`- exportTask = Tasks(topology_st.standalone)`
		`- try:`
		`- exportTask.exportLDIF(DEFAULT_SUFFIX, None, ldif_file, args)`
		`- except ValueError:`
		`- assert False`
		`- time.sleep(1)`
		`-`
		`- # open the ldif file, get the lines, then rewrite the file`
		`- ldif = open(ldif_file, "r")`
		`- lines = ldif.readlines()`
		`- ldif.close()`
		`- time.sleep(1)`
		`-`
		`- ldif = open(ldif_file, "w")`
		`- for line in lines:`
		`- if not line.lower().startswith('nstombstonecsn'):`
		`- ldif.write(line)`
		`- ldif.close()`
		`- time.sleep(1)`
		`-`
		`- # import the new ldif file`
		`- log.info('Import replication LDIF file...')`
		`- importTask = Tasks(topology_st.standalone)`
		`- args = {TASK_WAIT: True}`
		`- try:`
		`- importTask.importLDIF(DEFAULT_SUFFIX, None, ldif_file, args)`
		`- os.remove(ldif_file)`
		`- except ValueError:`
		`- os.remove(ldif_file)`
		`- assert False`
		`- time.sleep(1)`
		`-`
		`- # Search for the tombstone again`
		`- log.info('Search for tombstone entries...')`
		`- try:`
		`- entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,`
		`- '(&(nsTombstoneCSN=*)(objectclass=nsTombstone))')`
		`- if not entries:`
		`- log.fatal('Search failed to fine the new tombstone(nsTombstoneCSN is probably missing).')`
		`- assert False`
		`- except ldap.LDAPError as e:`
		`- log.fatal('Search failed: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- log.info('Part 2 - passed')`
		`-`
		`- #`
		`- # Part 3 - test fixup task`
		`- #`
		`- log.info('Part 3: test the fixup task')`
		`-`
		`- # Run fixup task using the strip option. This removes nsTombstoneCSN`
		`- # so we can test if the fixup task works.`
		`- args = {TASK_WAIT: True,`
		`- TASK_TOMB_STRIP: True}`
		`- fixupTombTask = Tasks(topology_st.standalone)`
		`- try:`
		`- fixupTombTask.fixupTombstones(DEFAULT_BENAME, args)`
		`- except:`
		`- assert False`
		`- time.sleep(1)`
		`-`
		`- # Search for tombstones with nsTombstoneCSN - better not find any`
		`- log.info('Search for tombstone entries...')`
		`- try:`
		`- entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,`
		`- '(&(nsTombstoneCSN=*)(objectclass=nsTombstone))')`
		`- if entries:`
		`- log.fatal('Search found tombstones with nsTombstoneCSN')`
		`- assert False`
		`- except ldap.LDAPError as e:`
		`- log.fatal('Search failed: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- # Now run the fixup task`
		`- args = {TASK_WAIT: True}`
		`- fixupTombTask = Tasks(topology_st.standalone)`
		`- try:`
		`- fixupTombTask.fixupTombstones(DEFAULT_BENAME, args)`
		`- except:`
		`- assert False`
		`- time.sleep(1)`
		`-`
		`- # Search for tombstones with nsTombstoneCSN - better find some`
		`- log.info('Search for tombstone entries...')`
		`- try:`
		`- entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,`
		`- '(&(nsTombstoneCSN=*)(objectclass=nsTombstone))')`
		`- if not entries:`
		`- log.fatal('Search did not find any fixed-up tombstones')`
		`- assert False`
		`- except ldap.LDAPError as e:`
		`- log.fatal('Search failed: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- log.info('Part 3 - passed')`
		`-`
		`- #`
		`- # Part 4 - Test tombstone purging`
		`- #`
		`- log.info('Part 4: test tombstone purging...')`
		`-`
		`- args = {REPLICA_PRECISE_PURGING: b'on',`
		`- REPLICA_PURGE_DELAY: b'5',`
		`- REPLICA_PURGE_INTERVAL: b'5'}`
		`- try:`
		`- topology_st.standalone.replica.setProperties(DEFAULT_SUFFIX, None, None, args)`
		`- except:`
		`- log.fatal('Failed to configure replica')`
		`- assert False`
		`-`
		`- # Wait for the interval to pass`
		`- log.info('Wait for tombstone purge interval to pass...')`
		`- time.sleep(10)`
		`-`
		`- # Add an entry to trigger replication`
		`- log.info('Perform an update to help trigger tombstone purging...')`
		`- try:`
		`- topology_st.standalone.add_s(Entry(('cn=test_entry,dc=example,dc=com', {`
		`- 'objectclass': 'top person'.split(),`
		`- 'sn': 'user',`
		`- 'cn': 'entry1'})))`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to add entry: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- # Wait for the interval to pass again`
		`- log.info('Wait for tombstone purge interval to pass again...')`
		`- time.sleep(10)`
		`-`
		`- # search for tombstones, there should be none`
		`- log.info('Search for tombstone entries...')`
		`- try:`
		`- entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,`
		`- '(&(nsTombstoneCSN=*)(objectclass=nsTombstone))')`
		`- if entries:`
		`- log.fatal('Search unexpectedly found tombstones')`
		`- assert False`
		`- except ldap.LDAPError as e:`
		`- log.fatal('Search failed: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- log.info('Part 4 - passed')`
		`-`
		`-`
		`- if __name__ == '__main__':`
		`- # Run isolated`
		`- # -s for DEBUG mode`
		`- CURRENT_FILE = os.path.realpath(__file__)`
		`- pytest.main("-s %s" % CURRENT_FILE)`

dirsrvtests/tests/tickets/ticket47838_test.py

file removed

-787

		`@@ -1,787 +0,0 @@`
		`- # --- BEGIN COPYRIGHT BLOCK ---`
mhonek commented 4 years ago Please, mention in the commit message why removing this module (AFAIR there has been a discussion in some ticket or PR, but I don't remember which).
		`- # Copyright (C) 2016 Red Hat, Inc.`
		`- # All rights reserved.`
		`- #`
		`- # License: GPL (version 3 or any later version).`
		`- # See LICENSE for details.`
		`- # --- END COPYRIGHT BLOCK ---`
		`- #`
		`- import logging`
		`- import time`
		`-`
		`- import socket`
		`- import ldap`
		`- import pytest`
		`- from lib389 import Entry`
		`- from lib389._constants import *`
		`- from lib389.topologies import topology_st`
		`- from lib389.nss_ssl import NssSsl`
		`-`
		`- log = logging.getLogger(__name__)`
		`-`
		`- CONFIG_DN = 'cn=config'`
		`- from lib389.utils import *`
		`-`
		`- # Skip on older versions`
		`- pytestmark = [pytest.mark.tier2,`
		`- pytest.mark.skipif(ds_is_older('1.3.3'), reason="Not implemented")]`
		`- ENCRYPTION_DN = 'cn=encryption,%s' % CONFIG_DN`
		`- MY_SECURE_PORT = '63601'`
		`- RSA = 'RSA'`
		`- RSA_DN = 'cn=%s,%s' % (RSA, ENCRYPTION_DN)`
		`- SERVERCERT = 'Server-Cert'`
		`- plus_all_ecount = 0`
		`- plus_all_dcount = 0`
		`- plus_all_ecount_noweak = 0`
		`- plus_all_dcount_noweak = 0`
		`-`
		`- # Cipher counts tend to change with each new verson of NSS`
		`- nss_version = ''`
		`- NSS320 = '3.20.0'`
		`- NSS321 = '3.21.0' # RHEL6`
		`- NSS323 = '3.23.0' # F22`
		`- NSS325 = '3.25.0' # F23/F24`
		`- NSS327 = '3.27.0' # F25`
		`- NSS330 = '3.30.0' # F27`
		`-`
		`-`
		`- def _header(topology_st, label):`
		`- topology_st.standalone.log.info("\n\n###############################################")`
		`- topology_st.standalone.log.info("#######")`
		`- topology_st.standalone.log.info("####### %s" % label)`
		`- topology_st.standalone.log.info("#######")`
		`- topology_st.standalone.log.info("###############################################")`
		`-`
		`-`
		`- def test_47838_init(topology_st):`
		`- """`
		`- Generate self signed cert and import it to the DS cert db.`
		`- Enable SSL`
		`- """`
		`- _header(topology_st, 'Testing Ticket 47838 - harden the list of ciphers available by default')`
		`- onss_version = os.popen("rpm -q nss \| awk -F'-' '{print $2}'", "r")`
		`- global nss_version`
		`- nss_version = onss_version.readline()`
		`- nss_ssl = NssSsl(dbpath=topology_st.standalone.get_cert_dir())`
		`- nss_ssl.reinit()`
		`- nss_ssl.create_rsa_ca()`
		`- nss_ssl.create_rsa_key_and_cert()`
		`-`
		`- log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'),`
		`- (ldap.MOD_REPLACE, 'nsTLS1', b'on'),`
		`- (ldap.MOD_REPLACE, 'nsSSLClientAuth', b'allowed'),`
		`- (ldap.MOD_REPLACE, 'allowWeakCipher', b'on'),`
		`- (ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all')])`
		`-`
		`- topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', b'on'),`
		`- (ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', b'off'),`
		`- (ldap.MOD_REPLACE, 'nsslapd-secureport', ensure_bytes(MY_SECURE_PORT))])`
		`-`
		`- topology_st.standalone.add_s(Entry((RSA_DN, {'objectclass': "top nsEncryptionModule".split(),`
		`- 'cn': RSA,`
		`- 'nsSSLPersonalitySSL': SERVERCERT,`
		`- 'nsSSLToken': 'internal (software)',`
		`- 'nsSSLActivation': 'on'})))`
		`-`
		`-`
		`- def comp_nsSSLEnableCipherCount(topology_st, ecount):`
		`- """`
		`- Check nsSSLEnabledCipher count with ecount`
		`- """`
		`- log.info("Checking nsSSLEnabledCiphers...")`
		`- msgid = topology_st.standalone.search_ext(ENCRYPTION_DN, ldap.SCOPE_BASE, 'cn=*', ['nsSSLEnabledCiphers'])`
		`- enabledciphercnt = 0`
		`- rtype, rdata, rmsgid = topology_st.standalone.result2(msgid)`
		`- topology_st.standalone.log.info("%d results" % len(rdata))`
		`-`
		`- topology_st.standalone.log.info("Results:")`
		`- for dn, attrs in rdata:`
		`- topology_st.standalone.log.info("dn: %s" % dn)`
		`- if 'nsSSLEnabledCiphers' in attrs:`
		`- enabledciphercnt = len(attrs['nsSSLEnabledCiphers'])`
		`- topology_st.standalone.log.info("enabledCipherCount: %d" % enabledciphercnt)`
		`- assert ecount == enabledciphercnt`
		`-`
		`-`
		`- def test_47838_run_0(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: +all`
		`- All ciphers are enabled except null.`
		`- Note: allowWeakCipher: on`
		`- """`
		`- _header(topology_st, 'Test Case 1 - Check the ciphers availability for "+all"; allowWeakCipher: on')`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])`
		`- time.sleep(5)`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.restart(timeout=120)`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- if nss_version >= NSS320:`
		`- assert ecount >= 53`
		`- assert dcount <= 17`
		`- else:`
		`- assert ecount >= 60`
		`- assert dcount <= 7`
		`-`
		`- global plus_all_ecount`
		`- global plus_all_dcount`
		`- plus_all_ecount = ecount`
		`- plus_all_dcount = dcount`
		`- weak = os.popen('egrep "SSL info:" %s \| egrep "WEAK CIPHER" \| wc -l' % topology_st.standalone.errlog)`
		`- wcount = int(weak.readline().rstrip())`
		`- log.info("Weak ciphers: %d" % wcount)`
		`- assert wcount <= 29`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_1(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: +all`
		`- All ciphers are enabled except null.`
		`- Note: default allowWeakCipher (i.e., off) for +all`
		`- """`
		`- _header(topology_st, 'Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])`
		`- time.sleep(1)`
		`- # Make sure allowWeakCipher is not set.`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'allowWeakCipher', None)])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_0' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- global plus_all_ecount_noweak`
		`- global plus_all_dcount_noweak`
		`- plus_all_ecount_noweak = ecount`
		`- plus_all_dcount_noweak = dcount`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- assert ecount >= 31`
		`- assert dcount <= 36`
		`- weak = os.popen('egrep "SSL info:" %s \| egrep "WEAK CIPHER" \| wc -l' % topology_st.standalone.errlog)`
		`- wcount = int(weak.readline().rstrip())`
		`- log.info("Weak ciphers: %d" % wcount)`
		`- assert wcount <= 29`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_2(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha`
		`- rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.`
		`- default allowWeakCipher`
		`- """`
		`- _header(topology_st,`
		`- 'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN,`
		`- [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+rsa_aes_128_sha,+rsa_aes_256_sha')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_1' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- global plus_all_ecount`
		`- global plus_all_dcount`
		`- assert ecount == 2`
		`- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_3(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: -all`
		`- All ciphers are disabled.`
		`- default allowWeakCipher`
		`- """`
		`- _header(topology_st, 'Test Case 4 - Check the ciphers availability for "-all"')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'-all')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_2' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- global plus_all_ecount`
		`- assert ecount == 0`
		`-`
		`- disabledmsg = os.popen('egrep "Disabling SSL" %s' % topology_st.standalone.errlog)`
		`- log.info("Disabling SSL message?: %s" % disabledmsg.readline())`
		`- assert disabledmsg != ''`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_4(topology_st):`
		`- """`
		`- Check no nsSSL3Ciphers`
		`- Default ciphers are enabled.`
		`- default allowWeakCipher`
		`- """`
		`- _header(topology_st, 'Test Case 5 - Check no nsSSL3Ciphers (default setting) with default allowWeakCipher')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', b'-all')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_3' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- global plus_all_ecount`
		`- global plus_all_dcount`
		`- if nss_version >= NSS330:`
		`- assert ecount == 28`
		`- elif nss_version >= NSS323:`
		`- assert ecount == 29`
		`- else:`
		`- assert ecount == 20`
		`- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)`
		`- weak = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep \": enabled\" \| egrep "WEAK CIPHER" \| wc -l' % topology_st.standalone.errlog)`
		`- wcount = int(weak.readline().rstrip())`
		`- log.info("Weak ciphers in the default setting: %d" % wcount)`
		`- assert wcount == 0`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_5(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: default`
		`- Default ciphers are enabled.`
		`- default allowWeakCipher`
		`- """`
		`- _header(topology_st, 'Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_4' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- global plus_all_ecount`
		`- global plus_all_dcount`
		`- if nss_version >= NSS330:`
		`- assert ecount == 28`
		`- elif nss_version >= NSS323:`
		`- assert ecount == 29`
		`- else:`
		`- assert ecount == 23`
		`- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)`
		`- weak = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep \": enabled\" \| egrep "WEAK CIPHER" \| wc -l' % topology_st.standalone.errlog)`
		`- wcount = int(weak.readline().rstrip())`
		`- log.info("Weak ciphers in the default setting: %d" % wcount)`
		`- assert wcount == 0`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_6(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: +all,-rsa_rc4_128_md5`
		`- All ciphers are disabled.`
		`- default allowWeakCipher`
		`- """`
		`- _header(topology_st,`
		`- 'Test Case 7 - Check nsSSL3Ciphers: +all,-tls_dhe_rsa_aes_128_gcm_sha with default allowWeakCipher')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN,`
		`- [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all,-tls_dhe_rsa_aes_128_gcm_sha')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_5' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- global plus_all_ecount_noweak`
		`- global plus_all_dcount_noweak`
		`- log.info("ALL Ecount: %d" % plus_all_ecount_noweak)`
		`- log.info("ALL Dcount: %d" % plus_all_dcount_noweak)`
		`- assert ecount == (plus_all_ecount_noweak - 1)`
		`- assert dcount == (plus_all_dcount_noweak + 1)`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_7(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: -all,+rsa_rc4_128_md5`
		`- All ciphers are disabled.`
		`- default allowWeakCipher`
		`- """`
		`- _header(topology_st, 'Test Case 8 - Check nsSSL3Ciphers: -all,+rsa_rc4_128_md5 with default allowWeakCipher')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'-all,+rsa_rc4_128_md5')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_6' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- global plus_all_ecount`
		`- global plus_all_dcount`
		`- assert ecount == 1`
		`- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_8(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: default + allowWeakCipher: off`
		`- Strong Default ciphers are enabled.`
		`- """`
		`- _header(topology_st, 'Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off)')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default'),`
		`- (ldap.MOD_REPLACE, 'allowWeakCipher', b'off')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_7' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- global plus_all_ecount`
		`- global plus_all_dcount`
		`- if nss_version >= NSS330:`
		`- assert ecount == 28`
		`- elif nss_version >= NSS323:`
		`- assert ecount == 29`
		`- else:`
		`- assert ecount == 23`
		`- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)`
		`- weak = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep \": enabled\" \| egrep "WEAK CIPHER" \| wc -l' % topology_st.standalone.errlog)`
		`- wcount = int(weak.readline().rstrip())`
		`- log.info("Weak ciphers in the default setting: %d" % wcount)`
		`- assert wcount == 0`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_9(topology_st):`
		`- """`
		`- Check no nsSSL3Ciphers`
		`- Default ciphers are enabled.`
		`- allowWeakCipher: on`
		`- nsslapd-errorlog-level: 0`
		`- """`
		`- _header(topology_st,`
		`- 'Test Case 10 - Check no nsSSL3Ciphers (default setting) with no errorlog-level & allowWeakCipher on')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', None),`
		`- (ldap.MOD_REPLACE, 'allowWeakCipher', b'on')])`
		`- topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_8' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- if nss_version >= NSS330:`
		`- assert ecount == 33`
		`- elif nss_version >= NSS327:`
		`- assert ecount == 34`
		`- elif nss_version >= NSS323:`
		`- assert ecount == 36`
		`- else:`
		`- assert ecount == 30`
		`- assert dcount == 0`
		`- weak = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep \": enabled\" \| egrep "WEAK CIPHER" \| wc -l' % topology_st.standalone.errlog)`
		`- wcount = int(weak.readline().rstrip())`
		`- log.info("Weak ciphers in the default setting: %d" % wcount)`
		`- if nss_version >= NSS327:`
		`- assert wcount == 5`
		`- elif nss_version >= NSS320:`
		`- assert wcount == 7`
		`- else:`
		`- assert wcount == 11`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_10(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: -TLS_RSA_WITH_NULL_MD5,+TLS_RSA_WITH_RC4_128_MD5,`
		`- +TLS_RSA_EXPORT_WITH_RC4_40_MD5,+TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,`
		`- +TLS_DHE_RSA_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_DES_CBC_SHA,`
		`- +TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,`
		`- +TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,`
		`- -SSL_CK_RC4_128_WITH_MD5,-SSL_CK_RC4_128_EXPORT40_WITH_MD5,`
		`- -SSL_CK_RC2_128_CBC_WITH_MD5,-SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,`
		`- -SSL_CK_DES_64_CBC_WITH_MD5,-SSL_CK_DES_192_EDE3_CBC_WITH_MD5`
		`- allowWeakCipher: on`
		`- nsslapd-errorlog-level: 0`
		`- """`
		`- _header(topology_st,`
		`- 'Test Case 11 - Check nsSSL3Ciphers: long list using the NSS Cipher Suite name with allowWeakCipher on')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers',`
		- b'-TLS_RSA_WITH_NULL_MD5,+TLS_RSA_WITH_RC4_128_MD5,+TLS_RSA_EXPORT_WITH_RC4_40_MD5,+TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,+TLS_DHE_RSA_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_DES_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,-SSL_CK_RC4_128_WITH_MD5,-SSL_CK_RC4_128_EXPORT40_WITH_MD5,-SSL_CK_RC2_128_CBC_WITH_MD5,-SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL_CK_DES_64_CBC_WITH_MD5,-SSL_CK_DES_192_EDE3_CBC_WITH_MD5')])
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_9' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- enabled = os.popen('egrep "SSL info:" %s \| egrep \": enabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- disabled = os.popen('egrep "SSL info:" %s \| egrep \": disabled\" \| wc -l' % topology_st.standalone.errlog)`
		`- ecount = int(enabled.readline().rstrip())`
		`- dcount = int(disabled.readline().rstrip())`
		`-`
		`- log.info("Enabled ciphers: %d" % ecount)`
		`- log.info("Disabled ciphers: %d" % dcount)`
		`- global plus_all_ecount`
		`- global plus_all_dcount`
		`- if nss_version >= NSS330:`
		`- assert ecount == 3`
		`- else:`
		`- assert ecount == 9`
		`- assert dcount == 0`
		`- weak = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep \": enabled\" \| egrep "WEAK CIPHER" \| wc -l' % topology_st.standalone.errlog)`
		`- wcount = int(weak.readline().rstrip())`
		`- log.info("Weak ciphers in the default setting: %d" % wcount)`
		`-`
		`- topology_st.standalone.log.info("ticket47838 was successfully verified.")`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, ecount)`
		`-`
		`-`
		`- def test_47838_run_11(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: +fortezza`
		`- SSL_GetImplementedCiphers does not return this as a secuire cipher suite`
		`- """`
		`- _header(topology_st, 'Test Case 12 - Check nsSSL3Ciphers: +fortezza, which is not supported')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+fortezza')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_10' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- errmsg = os.popen('egrep "SSL info:" %s \| egrep "is not available in NSS"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected error message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected error message was not found")`
		`- assert False`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, 0)`
		`-`
		`-`
		`- def test_47928_run_0(topology_st):`
		`- """`
		`- No SSL version config parameters.`
		`- Check SSL3 (TLS1.0) is off.`
		`- """`
		`- _header(topology_st, 'Test Case 13 - No SSL version config parameters')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- # add them once and remove them`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'),`
		`- (ldap.MOD_REPLACE, 'nsTLS1', b'on'),`
		`- (ldap.MOD_REPLACE, 'sslVersionMin', b'TLS1.1'),`
		`- (ldap.MOD_REPLACE, 'sslVersionMax', b'TLS1.2')])`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3', None),`
		`- (ldap.MOD_DELETE, 'nsTLS1', None),`
		`- (ldap.MOD_DELETE, 'sslVersionMin', None),`
		`- (ldap.MOD_DELETE, 'sslVersionMax', None)])`
		`- topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])`
		`- time.sleep(5)`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_11' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- errmsg = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep "Default SSL Version settings; Configuring the version range as min: TLS1.1"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`-`
		`- def test_47928_run_1(topology_st):`
		`- """`
		`- No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax`
		`- Check sslVersionMax is ignored.`
		`- """`
		`- _header(topology_st, 'Test Case 14 - No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', b'TLS1.2'),`
		`- (ldap.MOD_REPLACE, 'sslVersionMax', b'TLS1.1')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_12' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- errmsg = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep "The min value of NSS version range"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`- errmsg = os.popen(`
		`- 'egrep "SSL Initialization" %s \| egrep "Configured SSL version range: min: TLS1.2, max: TLS1"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`-`
		`- def test_47928_run_2(topology_st):`
		`- """`
		`- nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2`
		`- Conflict between nsSSL3 and range; nsSSL3 is disabled`
		`- """`
		`- _header(topology_st, 'Test Case 15 - nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', b'TLS1.1'),`
		`- (ldap.MOD_REPLACE, 'sslVersionMax', b'TLS1.2'),`
		`- (ldap.MOD_REPLACE, 'nsSSL3', b'on')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_13' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- errmsg = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep "Found unsecure configuration: nsSSL3: on"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`- errmsg = os.popen('egrep "SSL info:" %s \| egrep "Respect the supported range."' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`- errmsg = os.popen(`
		`- 'egrep "SSL Initialization" %s \| egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`-`
		`- def test_47928_run_3(topology_st):`
		`- """`
		`- nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2`
		`- Conflict between nsSSL3/nsTLS1 and range; nsSSL3 is disabled; nsTLS1 is enabled.`
		`- """`
		`- _header(topology_st, 'Test Case 16 - nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', b'TLS1.1'),`
		`- (ldap.MOD_REPLACE, 'sslVersionMax', b'TLS1.2'),`
		`- (ldap.MOD_REPLACE, 'nsSSL3', b'on'),`
		`- (ldap.MOD_REPLACE, 'nsTLS1', b'off')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_14' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- errmsg = os.popen(`
		`- 'egrep "SSL info:" %s \| egrep "Found unsecure configuration: nsSSL3: on"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`- errmsg = os.popen('egrep "SSL info:" %s \| egrep "Respect the configured range."' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`- errmsg = os.popen(`
		`- 'egrep "SSL Initialization" %s \| egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected message was not found")`
		`- assert False`
		`-`
		`-`
		`- def test_47838_run_last(topology_st):`
		`- """`
		`- Check nsSSL3Ciphers: all <== invalid value`
		`- All ciphers are disabled.`
		`- """`
		`- _header(topology_st, 'Test Case 17 - Check nsSSL3Ciphers: all, which is invalid')`
		`-`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])`
		`- topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'all')])`
		`-`
		`- log.info("\n######################### Restarting the server ######################\n")`
		`- topology_st.standalone.stop(timeout=10)`
		`- os.system('mv %s %s.47838_15' % (topology_st.standalone.errlog, topology_st.standalone.errlog))`
		`- os.system('touch %s' % (topology_st.standalone.errlog))`
		`- time.sleep(1)`
		`- topology_st.standalone.start(timeout=120)`
		`-`
		`- errmsg = os.popen('egrep "SSL info:" %s \| egrep "invalid ciphers"' % topology_st.standalone.errlog)`
		`- if errmsg != "":`
		`- log.info("Expected error message:")`
		`- log.info("%s" % errmsg.readline())`
		`- else:`
		`- log.info("Expected error message was not found")`
		`- assert False`
		`-`
		`- comp_nsSSLEnableCipherCount(topology_st, 0)`
		`-`
		`- topology_st.standalone.log.info("ticket47838, 47880, 47908, 47928 were successfully verified.")`
		`-`
		`-`
		`- if __name__ == '__main__':`
		`- # Run isolated`
		`- # -s for DEBUG mode`
		`- CURRENT_FILE = os.path.realpath(__file__)`
		`- pytest.main("-s %s" % CURRENT_FILE)`

dirsrvtests/tests/tickets/ticket47950_test.py

file removed

-160

		`@@ -1,160 +0,0 @@`
		`- # --- BEGIN COPYRIGHT BLOCK ---`
		`- # Copyright (C) 2016 Red Hat, Inc.`
		`- # All rights reserved.`
		`- #`
		`- # License: GPL (version 3 or any later version).`
		`- # See LICENSE for details.`
		`- # --- END COPYRIGHT BLOCK ---`
		`- #`
		`- import logging`
		`-`
		`- import pytest`
		`- from lib389.tasks import *`
		`- from lib389.topologies import topology_st`
		`-`
		`- from lib389._constants import (defaultProperties, DEFAULT_SUFFIX, ReplicaRole,`
		`- REPLICAID_MASTER_1, REPLICATION_BIND_DN, REPLICATION_BIND_PW,`
		`- REPLICATION_BIND_METHOD, REPLICATION_TRANSPORT, RA_NAME,`
		`- RA_BINDDN, RA_BINDPW, RA_METHOD, RA_TRANSPORT_PROT,`
		`- DN_DM, PASSWORD, REPLICA_ID, RA_CONSUMER_PORT)`
		`-`
		`- pytestmark = pytest.mark.tier2`
		`-`
		`- log = logging.getLogger(__name__)`
		`-`
		`- USER1_DN = "uid=user1,%s" % DEFAULT_SUFFIX`
		`- USER2_DN = "uid=user2,%s" % DEFAULT_SUFFIX`
		`-`
		`-`
		`- def test_ticket47950(topology_st):`
		`- """`
		`- Testing nsslapd-plugin-binddn-tracking does not cause issues around`
		`- access control and reconfiguring replication/repl agmt.`
		`- """`
		`-`
		`- log.info('Testing Ticket 47950 - Testing nsslapd-plugin-binddn-tracking')`
		`-`
		`- #`
		`- # Turn on bind dn tracking`
		`- #`
		`- try:`
		`- topology_st.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'nsslapd-plugin-binddn-tracking', 'on')])`
		`- log.info('nsslapd-plugin-binddn-tracking enabled.')`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to enable bind dn tracking: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- #`
		`- # Add two users`
		`- #`
		`- try:`
		`- topology_st.standalone.add_s(Entry((USER1_DN, {`
		`- 'objectclass': "top person inetuser".split(),`
		`- 'userpassword': "password",`
		`- 'sn': "1",`
		`- 'cn': "user 1"})))`
		`- log.info('Added test user %s' % USER1_DN)`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to add %s: %s' % (USER1_DN, e.message['desc']))`
		`- assert False`
		`-`
		`- try:`
		`- topology_st.standalone.add_s(Entry((USER2_DN, {`
		`- 'objectclass': "top person inetuser".split(),`
		`- 'sn': "2",`
		`- 'cn': "user 2"})))`
		`- log.info('Added test user %s' % USER2_DN)`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to add user1: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- #`
		`- # Add an aci`
		`- #`
		`- try:`
		`- acival = '(targetattr ="cn")(version 3.0;acl "Test bind dn tracking"' + \`
		`- ';allow (all) (userdn = "ldap:///%s");)' % USER1_DN`
		`-`
		`- topology_st.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', acival)])`
		`- log.info('Added aci')`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to add aci: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- #`
		`- # Make modification as user`
		`- #`
		`- try:`
		`- topology_st.standalone.simple_bind_s(USER1_DN, "password")`
		`- log.info('Bind as user %s successful' % USER1_DN)`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to bind as user1: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- try:`
		`- topology_st.standalone.modify_s(USER2_DN, [(ldap.MOD_REPLACE, 'cn', 'new value')])`
		`- log.info('%s successfully modified user %s' % (USER1_DN, USER2_DN))`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to update user2: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- #`
		`- # Setup replica and create a repl agmt`
		`- #`
		`- try:`
		`- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)`
		`- log.info('Bind as %s successful' % DN_DM)`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to bind as rootDN: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- try:`
		`- topology_st.standalone.replica.enableReplication(suffix=DEFAULT_SUFFIX, role=ReplicaRole.MASTER,`
		`- replicaId=REPLICAID_MASTER_1)`
		`- log.info('Successfully enabled replication.')`
		`- except ValueError:`
		`- log.error('Failed to enable replication')`
		`- assert False`
		`-`
		`- properties = {RA_NAME: r'test plugin internal bind dn',`
		`- RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],`
		`- RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],`
		`- RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],`
		`- RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}`
		`-`
		`- try:`
		`- repl_agreement = topology_st.standalone.agreement.create(suffix=DEFAULT_SUFFIX, host="127.0.0.1",`
		`- port="7777", properties=properties)`
		`- log.info('Successfully created replication agreement')`
		`- except InvalidArgumentError as e:`
		`- log.error('Failed to create replication agreement: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- #`
		`- # modify replica`
		`- #`
		`- try:`
		`- properties = {REPLICA_ID: "7"}`
		`- topology_st.standalone.replica.setProperties(DEFAULT_SUFFIX, None, None, properties)`
		`- log.info('Successfully modified replica')`
		`- except ldap.LDAPError as e:`
		`- log.error('Failed to update replica config: ' + e.message['desc'])`
		`- assert False`
		`-`
		`- #`
		`- # modify repl agmt`
		`- #`
		`- try:`
		`- properties = {RA_CONSUMER_PORT: "8888"}`
		`- topology_st.standalone.agreement.setProperties(None, repl_agreement, None, properties)`
		`- log.info('Successfully modified replication agreement')`
		`- except ValueError:`
		`- log.error('Failed to update replica agreement: ' + repl_agreement)`
		`- assert False`
		`-`
		`-`
		`- if __name__ == '__main__':`
		`- # Run isolated`
		`- # -s for DEBUG mode`
		`- CURRENT_FILE = os.path.realpath(__file__)`
		`- pytest.main("-s %s" % CURRENT_FILE)`

ldap/servers/slapd/libglobs.c

file modified

+1 -1

		`@@ -4291,7 +4291,7 @@`
		`{`
		`int32_t retVal = LDAP_SUCCESS;`
		`int64_t nValue = 0;`
		`- int64_t maxVal = 65535;`
		`+ int64_t maxVal = 524288;`
		`struct rlimit rlp;`
		`char *endp = NULL;`

src/lib389/lib389/idm/directorymanager.py

file modified

		`@@ -43,3 +43,9 @@`
		`"""`
		`return super(DirectoryManager, self).bind(password, args, *kwargs)`

		`+ def rebind(self, password=PW_DM):`
		`+ """Rebind on the same connection`
		`+ :param password: Directory Manager password`
		`+ :type password: str`
		`+ """`
		`+ self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')`

mreynolds commented 4 years ago

Description: Port some of the failing ticket tests to suites

https://pagure.io/389-ds-base/issue/50462

Reviewed by: ?

mhonek commented on line 5 of dirsrvtests/tests/suites/resource_limits/fdlimits_test.py 4 years ago

Please, explain in the commit why changing these two lines (with a reference, to 10bffac I guess).

mhonek commented on line 2 of dirsrvtests/tests/tickets/ticket47838_test.py 4 years ago

Please, mention in the commit message why removing this module (AFAIR there has been a discussion in some ticket or PR, but I don't remember which).

mreynolds commented 4 years ago

Please, explain in the commit why changing these two lines (with a reference, to 10bffac I guess).

The systemdd default increased, so we had to match it

mreynolds commented 4 years ago

Please, mention in the commit message why removing this module (AFAIR there has been a discussion in some ticket or PR, but I don't remember which).

Well originally I was going through the failing tests, and I found this ticket test, and ported it to suites. After porting it and removing the ticket test I found the suite test as well. But my approach added the test to an existing test. So I just kept what I had and got rid of the other suite test as it was more concise.

aadhikari commented 4 years ago

Please, mention in the commit message why removing this module (AFAIR there has been a discussion in some ticket or PR, but I don't remember which).

@mhonek did you mean this comment: https://pagure.io/389-ds-base/pull-request/50287#comment-87722 ?

@mreynolds I think I am already removing ticket47838_test.py in the above PR.

mreynolds commented 4 years ago

@mreynolds I think I am already removing ticket47838_test.py in the above PR.

That's fine, it should not mess up either of our PRs. They should both merge fine regardless who merges first.

mhonek commented 4 years ago

Please, explain in the commit why changing these two lines (with a reference, to 10bffac I guess).

The systemdd default increased, so we had to match it

AFAICT, the value increased because in the forementioned commit we removed the explicit LimitNOFILES=16k we had there before, hence the SystemD's default came to life (but this is somehow a subject to change, since Viktor managed to get a different "default" value of 1M instead of 512k, AFAIR). It would be good to mention this in the commit message so that it is better back-trackable.

Please, mention in the commit message why removing this module (AFAIR there has been a discussion in some ticket or PR, but I don't remember which).

@mhonek did you mean this comment: https://pagure.io/389-ds-base/pull-request/50287#comment-87722 ?

Correct, this one and a couple of the following. Thanks!

spichugi commented on line 6 of dirsrvtests/tests/suites/resource_limits/fdlimits_test.py 4 years ago

test_fd_limits fails for me with...

[vagrant@localhost 389-ds-base]$ rpm -q 389-ds-base
389-ds-base-1.4.1.4-20190624gitb5265bb00.fc29.x86_64

        # Check systemd default
        max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
>       assert max_fd == SYSTEMD_VAL
E       AssertionError: assert '4096' == '524288'
E         - 4096
E         + 524288

rebased onto bb2ef1ed36d9937987dadede6cb4a6b6cb8cd335

4 years ago

mreynolds commented 4 years ago

test_fd_limits fails for me with...
[vagrant@localhost 389-ds-base]$ rpm -q 389-ds-base
389-ds-base-1.4.1.4-20190624gitb5265bb00.fc29.x86_64
    # Check systemd default
    max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
  assert max_fd == SYSTEMD_VAL
E AssertionError: assert '4096' == '524288'
E - 4096
E + 524288

What platform as you testing on? These changes are only going to make F30/RHEL 8.1

Anyway I just removed the systemd default limit test....

mreynolds commented 4 years ago

Changes made, please review...

vashirov commented 4 years ago

For fd limits we can query the OS and systemd to get the limits. Something like this:
(sorry, I was not quick to enough to open a PR :) )

diff --git a/dirsrvtests/tests/suites/resource_limits/fdlimits_test.py b/dirsrvtests/tests/suites/resource_limits/fdlimits_test.py
index c8e45fed6..20bdb4b2d 100644
--- a/dirsrvtests/tests/suites/resource_limits/fdlimits_test.py
+++ b/dirsrvtests/tests/suites/resource_limits/fdlimits_test.py
@@ -2,9 +2,11 @@ import logging
 import pytest
 import os
 import ldap
+import resource
 from lib389._constants import *
 from lib389.topologies import topology_st
-from lib389.utils import ds_is_older
+from lib389.utils import ds_is_older, ensure_str
+from subprocess import check_output

 pytestmark = pytest.mark.tier1

@@ -12,9 +14,11 @@ logging.getLogger(__name__).setLevel(logging.INFO)
 log = logging.getLogger(__name__)

 FD_ATTR = "nsslapd-maxdescriptors"
-SYSTEMD_VAL = "16384"
+GLOBAL_LIMIT = resource.getrlimit(resource.RLIMIT_NOFILE)[1]
+SYSTEMD_LIMIT = ensure_str(check_output("systemctl show --value -p LimitNOFILE dirsrv@standalone1".split(" ")).strip())
 CUSTOM_VAL = "9000"
-TOO_HIGH_VAL = "65536"
+TOO_HIGH_VAL = str(GLOBAL_LIMIT * 2)
+TOO_HIGH_VAL2 = str(int(SYSTEMD_LIMIT) * 2)
 TOO_LOW_VAL = "0"

 @pytest.mark.skipif(ds_is_older("1.4.1.2"), reason="Not implemented")
@@ -37,19 +41,25 @@ def test_fd_limits(topology_st):

     # Check systemd default
     max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
-    assert max_fd == SYSTEMD_VAL
+    assert max_fd == SYSTEMD_LIMIT

     # Check custom value is applied
     topology_st.standalone.config.set(FD_ATTR, CUSTOM_VAL)
     max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
     assert max_fd == CUSTOM_VAL

-    # Attempt to use val that is too high
+    # Attempt to use value that is higher than the global system limit
     with pytest.raises(ldap.UNWILLING_TO_PERFORM):
         topology_st.standalone.config.set(FD_ATTR, TOO_HIGH_VAL)
     max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
     assert max_fd == CUSTOM_VAL

+    # Attempt to use value that is higher than the value defined in the systemd service
+    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
+        topology_st.standalone.config.set(FD_ATTR, TOO_HIGH_VAL2)
+    max_fd = topology_st.standalone.config.get_attr_val_utf8(FD_ATTR)
+    assert max_fd == CUSTOM_VAL
+
     # Attempt to use val that is too low
     with pytest.raises(ldap.OPERATIONS_ERROR):
         topology_st.standalone.config.set(FD_ATTR, TOO_LOW_VAL)

rebased onto 96aa9d36fe5028de8927ab972c385c0083935fb4

4 years ago

mreynolds commented 4 years ago

Thanks Viktor I added your changes. Please review...

vashirov commented 4 years ago

Please update the commit message to include 'Fixes' or 'Relates' keyword before the URL (see https://pagure.io/389-ds-base/pull-request/50444#comment-89063).

The rest looks good, thanks!

rebased onto 19d2029

4 years ago

Pull-Request has been merged by mreynolds

4 years ago

spichugi commented 3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3520

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.