389-ds-base

Clone
Source Code
GIT

#50522 Issue 50521 - Fix regressions in CI tests
Closed 3 years ago by spichugi. Opened 4 years ago by mreynolds.
mreynolds/389-ds-base 81gating  into  master

file modified
+2 -1 
@@ -665,6 +665,7 @@ 
 

      log.info('Delete the previous access logs for the next test')
 

      topo.deleteAccessLogs()
 

  

+ @pytest.mark.skipif(ds_is_older('1.4.1.6'), reason="Not implemented")
 

  @pytest.mark.bz1732053
 

  @pytest.mark.ds50510
 

  def test_etime_at_border_of_second(topology_st):
 
@@ -709,7 +710,7 @@ 
 

              log.error('It remains invalid or weird etime: %s' % invalid_etime[i])
 

      assert not invalid_etime
 

  

-     

+ 

  if __name__ == '__main__':
 

      # Run isolated
 

      # -s for DEBUG mode

file modified
+2 -1 
@@ -12,7 +12,7 @@ 
 

  from lib389.tasks import *
 

  from lib389.topologies import topology_st
 

  from lib389.idm.user import UserAccounts, TEST_USER_PROPERTIES
 

- from lib389._constants import DN_CONFIG, DEFAULT_SUFFIX
 

+ from lib389._constants import DEFAULT_SUFFIX
 

  

  pytestmark = pytest.mark.tier1
 

  
@@ -53,6 +53,7 @@ 
 

  

      # Allow the unhashed password to be written to audit log
 

      topology_st.standalone.config.set('nsslapd-auditlog-logging-hide-unhashed-pw', 'off')
 

+     topology_st.standalone.config.set('nsslapd-unhashed-pw-switch', 'on')
 

  

      # Set new password, and check the audit log
 

      user.reset_password('mypassword')

file modified
+24 -27 
@@ -8,12 +8,14 @@ 
 

  #
 

  import pytest
 

  import time
 

+ import logging
 

  from lib389.tasks import *
 

- from lib389.utils import *
 

+ from lib389.utils import ds_is_newer
 

  from lib389.topologies import topology_st
 

  from lib389.idm.user import UserAccounts, TEST_USER_PROPERTIES
 

+ from lib389.idm.directorymanager import DirectoryManager
 

  from lib389.idm.organizationalunit import OrganizationalUnits
 

- from lib389._constants import DN_DM, DEFAULT_SUFFIX, PASSWORD
 

+ from lib389._constants import DEFAULT_SUFFIX
 

  

  pytestmark = pytest.mark.tier1
 

  
@@ -105,13 +107,16 @@ 
 

      #
 

      user.set('userpassword', 'password1')
 

      user.rebind('password1')
 

+     time.sleep(.5)
 

      user.set('userpassword', 'password2')
 

      user.rebind('password2')
 

+     time.sleep(.5)
 

      user.set('userpassword', 'password3')
 

      user.rebind('password3')
 

+     time.sleep(.5)
 

      user.set('userpassword', 'password4')
 

      user.rebind('password4')
 

-     time.sleep(1)
 

+     time.sleep(.5)
 

  

      #
 

      # Check that we only have 3 passwords stored in history
 
@@ -131,7 +136,7 @@ 
 

      try:
 

          user.set('userpassword', 'password1')
 

          log.fatal('Incorrectly able to to set password to previous password1.')
 

-         log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

+         log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

          assert False
 

      except ldap.CONSTRAINT_VIOLATION:
 

          log.info('Password change correctly rejected')
 
@@ -141,7 +146,7 @@ 
 

      try:
 

          user.set('userpassword', 'password2')
 

          log.fatal('Incorrectly able to to set password to previous password2.')
 

-         log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

+         log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

          assert False
 

      except ldap.CONSTRAINT_VIOLATION:
 

          log.info('Password change correctly rejected')
 
@@ -151,7 +156,7 @@ 
 

      try:
 

          user.set('userpassword', 'password3')
 

          log.fatal('Incorrectly able to to set password to previous password3.')
 

-         log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

+         log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

          assert False
 

      except ldap.CONSTRAINT_VIOLATION:
 

          log.info('Password change correctly rejected')
 
@@ -162,11 +167,9 @@ 
 

      #
 

      # Reset password by Directory Manager(admin reset)
 

      #
 

-     try:
 

-         topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

-     except ldap.LDAPError as e:
 

-         log.fatal('Failed to bind as rootDN: ' + str(e))
 

-         assert False
 

+     dm = DirectoryManager(topology_st.standalone)
 

+     dm.rebind()
 

+     time.sleep(.5)
 

      user.set('userpassword', 'password-reset')
 

      time.sleep(1)
 

  
@@ -175,7 +178,7 @@ 
 

          user.rebind('password-reset')
 

          user.set('userpassword', 'password4')
 

          log.fatal('Incorrectly able to to set password to previous password4.')
 

-         log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

+         log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

          assert False
 

      except ldap.CONSTRAINT_VIOLATION:
 

          log.info('Password change correctly rejected')
 
@@ -187,26 +190,24 @@ 
 

          #
 

          # Test passwordInHistory to 0
 

          #
 

-         try:
 

-             topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

-         except ldap.LDAPError as e:
 

-             log.fatal('Failed to bind as rootDN: ' + str(e))
 

-             assert False
 

- 

+         dm = DirectoryManager(topology_st.standalone)
 

+         dm.rebind()
 

          try:
 

              topology_st.standalone.config.replace('passwordInHistory', '0')
 

              log.info('Configured passwordInHistory to 0.')
 

          except ldap.LDAPError as e:
 

              log.fatal('Failed to configure password policy (passwordInHistory to 0): ' + str(e))
 

              assert False
 

+         time.sleep(1)
 

  

          # Verify the older passwords in the entry (passwordhistory) are ignored
 

          user.rebind('password-reset')
 

          user.set('userpassword', 'password4')
 

+         time.sleep(.5)
 

          try:
 

              user.set('userpassword', 'password4')
 

              log.fatal('Incorrectly able to to set password to current password4.')
 

-             log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

+             log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

              assert False
 

          except ldap.CONSTRAINT_VIOLATION:
 

              log.info('Password change correctly rejected')
 
@@ -221,12 +222,8 @@ 
 

      # Set the history count back to a positive value and make sure things still work
 

      # as expected
 

      #
 

-     try:
 

-         topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

-     except ldap.LDAPError as e:
 

-         log.fatal('Failed to bind as rootDN: ' + str(e))
 

-         assert False
 

- 

+     dm = DirectoryManager(topology_st.standalone)
 

+     dm.rebind()
 

      try:
 

          topology_st.standalone.config.replace('passwordInHistory', '2')
 

          log.info('Configured passwordInHistory to 2.')
 
@@ -239,7 +236,7 @@ 
 

          user.rebind('password5')
 

          user.set('userpassword', 'password5')
 

          log.fatal('Incorrectly able to to set password to current password5.')
 

-         log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

+         log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

          assert False
 

      except ldap.CONSTRAINT_VIOLATION:
 

          log.info('Password change correctly rejected')
 
@@ -252,7 +249,7 @@ 
 

          user.set('userpassword', 'password1')
 

      except ldap.LDAPError as e:
 

          log.fatal('Failed to attempt to change password: ' + str(e))
 

-         log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

+         log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory')))
 

          assert False
 

  

      # Done

file modified
+59 -57 
@@ -11,8 +11,9 @@ 
 

  from lib389.tasks import *
 

  from lib389.utils import *
 

  from lib389.topologies import topology_st
 

- from lib389.idm.user import UserAccounts
 

- 

+ from lib389.idm.user import (UserAccount, UserAccounts)
 

+ from lib389.plugins import (AccountPolicyPlugin, AccountPolicyConfig)
 

+ from lib389.cos import (CosTemplate, CosPointerDefinition)
 

  from lib389._constants import (PLUGIN_ACCT_POLICY, DN_PLUGIN, DN_DM, PASSWORD, DEFAULT_SUFFIX,
 

                                 DN_CONFIG, SERVERID_STANDALONE)
 

  
@@ -32,16 +33,19 @@ 
 

      """Configure Global account policy plugin and restart the server"""
 

  

      log.info('Configuring Global account policy plugin, pwpolicy attributes and restarting the server')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

+     plugin = AccountPolicyPlugin(topology_st.standalone)
 

      try:
 

-         topology_st.standalone.plugins.enable(name=PLUGIN_ACCT_POLICY)
 

-         topology_st.standalone.modify_s(ACCPOL_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', ensure_bytes(ACCP_CONF))])
 

-         topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'alwaysrecordlogin', b'yes')])
 

-         topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'stateattrname', b'lastLoginTime')])
 

-         topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'altstateattrname', b'createTimestamp')])
 

-         topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'specattrname', b'acctPolicySubentry')])
 

-         topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'limitattrname', b'accountInactivityLimit')])
 

-         topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'accountInactivityLimit', b'12')])
 

+         if DEBUGGING:
 

+             topology_st.standalone.config.set('nsslapd-auditlog-logging-enabled', 'on')
 

+         plugin.enable()
 

+         plugin.set('nsslapd-pluginarg0', ACCP_CONF)
 

+         accp = AccountPolicyConfig(topology_st.standalone, dn=ACCP_CONF)
 

+         accp.set('alwaysrecordlogin', 'yes')
 

+         accp.set('stateattrname', 'lastLoginTime')
 

+         accp.set('altstateattrname', 'createTimestamp')
 

+         accp.set('specattrname', 'acctPolicySubentry')
 

+         accp.set('limitattrname', 'accountInactivityLimit')
 

+         accp.set('accountInactivityLimit', '12')
 

          topology_st.standalone.config.set('passwordexp', 'on')
 

          topology_st.standalone.config.set('passwordmaxage', '400')
 

          topology_st.standalone.config.set('passwordwarning', '1')
 
@@ -56,9 +60,9 @@ 
 

  

      def fin():
 

          log.info('Disabling Global accpolicy plugin and removing pwpolicy attrs')
 

-         topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

          try:
 

-             topology_st.standalone.plugins.disable(name=PLUGIN_ACCT_POLICY)
 

+             plugin = AccountPolicyPlugin(topology_st.standalone)
 

+             plugin.disable()
 

              topology_st.standalone.config.set('passwordexp', 'off')
 

              topology_st.standalone.config.set('passwordlockout', 'off')
 

          except ldap.LDAPError as e:
 
@@ -74,20 +78,19 @@ 
 

      """Configure Local account policy plugin for ou=people subtree and restart the server"""
 

  

      log.info('Adding Local account policy plugin configuration entries')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      try:
 

-         topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_DELETE, 'accountInactivityLimit', None)])
 

          topology_st.standalone.config.set('passwordmaxage', '400')
 

-         topology_st.standalone.add_s(Entry((LOCL_CONF, {
 

-             'objectclass': ['top', 'ldapsubentry', 'extensibleObject', 'accountpolicy'],
 

-             'accountInactivityLimit': '10'})))
 

-         topology_st.standalone.add_s(Entry((TEMPL_COS, {
 

-             'objectclass': ['top', 'ldapsubentry', 'extensibleObject', 'cosTemplate'],
 

-             'acctPolicySubentry': LOCL_CONF})))
 

-         topology_st.standalone.add_s(Entry((DEFIN_COS, {
 

-             'objectclass': ['top', 'ldapsubentry', 'cosSuperDefinition', 'cosPointerDefinition'],
 

+         accp = AccountPolicyConfig(topology_st.standalone, dn=ACCP_CONF)
 

+         accp.remove_all('accountInactivityLimit')
 

+         locl_conf = AccountPolicyConfig(topology_st.standalone, dn=LOCL_CONF)
 

+         locl_conf.create(properties={'cn': 'AccountPolicy1', 'accountInactivityLimit': '10'})
 

+         cos_template = CosTemplate(topology_st.standalone, dn=TEMPL_COS)
 

+         cos_template.create(properties={'cn': 'TempltCoS', 'acctPolicySubentry': LOCL_CONF})
 

+         cos_def = CosPointerDefinition(topology_st.standalone,  dn=DEFIN_COS)
 

+         cos_def.create(properties={
 

+             'cn': 'DefnCoS',
 

              'cosTemplateDn': TEMPL_COS,
 

-             'cosAttribute': 'acctPolicySubentry default operational-default'})))
 

+             'cosAttribute': 'acctPolicySubentry default operational-default'})
 

      except ldap.LDAPError as e:
 

          log.error('Failed to configure Local account policy plugin')
 

          log.error('Failed to add entry {}, {}, {}:'.format(LOCL_CONF, TEMPL_COS, DEFIN_COS))
 
@@ -96,12 +99,11 @@ 
 

  

      def fin():
 

          log.info('Disabling Local accpolicy plugin and removing pwpolicy attrs')
 

-         topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

          try:
 

              topology_st.standalone.plugins.disable(name=PLUGIN_ACCT_POLICY)
 

-             topology_st.standalone.delete_s(LOCL_CONF)
 

-             topology_st.standalone.delete_s(TEMPL_COS)
 

-             topology_st.standalone.delete_s(DEFIN_COS)
 

+             for entry_dn in [LOCL_CONF, TEMPL_COS, DEFIN_COS]:
 

+                 entry = UserAccount(topology_st.standalone, dn=entry_dn)
 

+                 entry.delete()
 

          except ldap.LDAPError as e:
 

              log.error('Failed to disable Local accpolicy plugin, {}'.format(e.message['desc']))
 

              assert False
 
@@ -117,12 +119,13 @@ 
 

      while (nousrs > 0):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 

          userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
 

+         user = UserAccount(topology_st.standalone,  dn=userdn)
 

          for i in range(3):
 

              with pytest.raises(ldap.INVALID_CREDENTIALS):
 

-                 topology_st.standalone.simple_bind_s(userdn, INVL_PASW)
 

+                 user.bind(INVL_PASW)
 

                  log.error('No invalid credentials error for User {}'.format(userdn))
 

          with pytest.raises(ldap.CONSTRAINT_VIOLATION):
 

-             topology_st.standalone.simple_bind_s(userdn, USER_PASW)
 

+             user.bind(USER_PASW)
 

              log.error('User {} is not locked, expected error 19'.format(userdn))
 

          nousrs = nousrs - 1
 

          time.sleep(1)
 
@@ -134,18 +137,18 @@ 
 

      while (nousrs > 0):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 

          userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
 

+         user = UserAccount(topology_st.standalone,  dn=userdn)
 

          log.info('Reset user password for user-{}'.format(userdn))
 

          if (bindusr == "DirMgr"):
 

-             topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

              try:
 

-                 topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, 'userPassword', ensure_bytes(newpasw))])
 

+                 user.replace('userPassword', newpasw)
 

              except ldap.LDAPError as e:
 

                  log.error('Unable to reset userPassword for user-{}'.format(userdn))
 

                  raise e
 

          elif (bindusr == "RegUsr"):
 

-             topology_st.standalone.simple_bind_s(userdn, bindpw)
 

+             user_conn = user.bind(bindpw)
 

              try:
 

-                 topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, 'userPassword', ensure_bytes(newpasw))])
 

+                 user_conn.replace('userPassword', newpasw)
 

              except ldap.LDAPError as e:
 

                  log.error('Unable to reset userPassword for user-{}'.format(userdn))
 

                  raise e
 
@@ -184,9 +187,9 @@ 
 

      """Modify attribute value for a given DN"""
 

  

      log.info('Modify attribute value for a given DN')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      try:
 

-         topology_st.standalone.modify_s(base_dn, [(ldap.MOD_REPLACE, attr_name, ensure_bytes(attr_val))])
 

+         entry = UserAccount(topology_st.standalone, dn=base_dn)
 

+         entry.replace(attr_name, attr_val)
 

      except ldap.LDAPError as e:
 

          log.error('Failed to replace lastLoginTime attribute for user-{} {}'.format(userdn, e.message['desc']))
 

          assert False
 
@@ -197,12 +200,12 @@ 
 

      """Check ModifyTimeStamp attribute present for user"""
 

  

      log.info('Check ModifyTimeStamp attribute present for user')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      while (nousrs > 0):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 

          userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
 

+         user = UserAccount(topology_st.standalone, dn=userdn)
 

          try:
 

-             topology_st.standalone.search_s(userdn, ldap.SCOPE_BASE, attr_name)
 

+             user.get_attr_val(attr_name)
 

          except ldap.LDAPError as e:
 

              log.error('ModifyTimeStamp attribute is not present for user-{} {}'.format(userdn, e.message['desc']))
 

              assert False
 
@@ -214,12 +217,12 @@ 
 

  

      new_attr_val = time.strftime("%Y%m%d%H%M%S", time.gmtime()) + 'Z'
 

      log.info('Enable account by replacing lastLoginTime/createTimeStamp/ModifyTimeStamp attribute')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      while (nousrs > 0):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 

          userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
 

+         user = UserAccount(topology_st.standalone, dn=userdn)
 

          try:
 

-             topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, attr_name, ensure_bytes(new_attr_val))])
 

+             user.replace(attr_name, new_attr_val)
 

          except ldap.LDAPError as e:
 

              log.error('Failed to add/replace {} attribute to-{}, for user-{}'.format(attr_name, new_attr_val, userdn))
 

              raise e
 
@@ -232,12 +235,12 @@ 
 

      """Enable account by replacing cn attribute value, value of modifyTimeStamp changed"""
 

  

      log.info('Enable account by replacing cn attribute value, value of modifyTimeStamp changed')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      while (nousrs > 0):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 

          userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
 

+         user = UserAccount(topology_st.standalone, dn=userdn)
 

          try:
 

-             topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, attr_name, ensure_bytes(attr_value))])
 

+             user.replace(attr_name, attr_value)
 

          except ldap.LDAPError as e:
 

              log.error('Failed to add/replace {} attribute to-{}, for user-{}'.format(attr_name, attr_value, userdn))
 

              raise e
 
@@ -249,12 +252,12 @@ 
 

      """Delete lastLoginTime/createTimeStamp/ModifyTimeStamp attribute from user account"""
 

  

      log.info('Delete lastLoginTime/createTimeStamp/ModifyTimeStamp attribute from user account')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      while (nousrs > 0):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 

          userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
 

+         user = UserAccount(topology_st.standalone, dn=userdn)
 

          try:
 

-             topology_st.standalone.modify_s(userdn, [(ldap.MOD_DELETE, attr_name, None)])
 

+             user.remove_all(attr_name)
 

          except ldap.LDAPError as e:
 

              log.error('Failed to delete {} attribute for user-{}'.format(attr_name, userdn))
 

              raise e
 
@@ -285,7 +288,6 @@ 
 

      """Delete users from default test instance with given suffix, subtree, userid and nousrs"""
 

  

      log.info('del_users: Pass all of these as parameters suffix, subtree, userid and nousrs')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      users = UserAccounts(topology_st.standalone, suffix, rdn=subtree)
 

      while (nousrs > 0):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 
@@ -300,19 +302,20 @@ 
 

      while (nousrs > ulimit):
 

          usrrdn = '{}{}'.format(userid, nousrs)
 

          userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
 

+         user = UserAccount(topology_st.standalone,  dn=userdn)
 

          if (tochck == "Enabled"):
 

              try:
 

-                 topology_st.standalone.simple_bind_s(userdn, USER_PASW)
 

+                 user.bind(USER_PASW)
 

              except ldap.LDAPError as e:
 

                  log.error('User {} failed to login, expected 0'.format(userdn))
 

                  raise e
 

          elif (tochck == "Expired"):
 

              with pytest.raises(ldap.INVALID_CREDENTIALS):
 

-                 topology_st.standalone.simple_bind_s(userdn, USER_PASW)
 

+                 user.bind(USER_PASW)
 

                  log.error('User {} password not expired , expected error 49'.format(userdn))
 

          elif (tochck == "Disabled"):
 

              with pytest.raises(ldap.CONSTRAINT_VIOLATION):
 

-                 topology_st.standalone.simple_bind_s(userdn, USER_PASW)
 

+                 user.bind(USER_PASW)
 

                  log.error('User {} is not inactivated, expected error 19'.format(userdn))
 

          nousrs = nousrs - 1
 

          time.sleep(1)
 
@@ -344,13 +347,16 @@ 
 

      nousrs = 3
 

      log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
 

      add_users(topology_st, suffix, subtree, userid, nousrs, 0)
 

+ 

      log.info('Sleep for 10 secs to check if account is not inactivated, expected value 0')
 

      time.sleep(10)
 

      log.info('Account should not be inactivated since AccountInactivityLimit not exceeded')
 

      account_status(topology_st, suffix, subtree, userid, 3, 2, "Enabled")
 

+ 

      log.info('Sleep for 3 more secs to check if account is inactivated')
 

      time.sleep(3)
 

      account_status(topology_st, suffix, subtree, userid, 2, 0, "Disabled")
 

+ 

      log.info('Sleep +10 secs to check if account {}3 is inactivated'.format(userid))
 

      time.sleep(10)
 

      account_status(topology_st, suffix, subtree, userid, 3, 2, "Disabled")
 
@@ -894,7 +900,6 @@ 
 

      subtree = "ou=groups"
 

      userid = "pwexpusr"
 

      nousrs = 1
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      try:
 

          topology_st.standalone.config.set('passwordmaxage', '9')
 

      except ldap.LDAPError as e:
 
@@ -938,7 +943,6 @@ 
 

      account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")
 

  

      # Reset maxage
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

      try:
 

          topology_st.standalone.config.set('passwordmaxage', '400')
 

      except ldap.LDAPError as e:
 
@@ -1025,10 +1029,9 @@ 
 

      time.sleep(11)
 

      account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")
 

      log.info('Moving users from ou=groups to ou=people subtree')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

+     user = UserAccount(topology_st.standalone, dn='uid=nolockusr1,ou=groups,dc=example,dc=com')
 

      try:
 

-         topology_st.standalone.rename_s('uid=nolockusr1,ou=groups,dc=example,dc=com', 'uid=nolockusr1',
 

-                                         'ou=people,dc=example,dc=com')
 

+         user.rename('uid=nolockusr1', newsuperior='ou=people,dc=example,dc=com')
 

      except ldap.LDAPError as e:
 

          log.error('Failed to move user uid=nolockusr1 from ou=groups to ou=people')
 

          raise e
 
@@ -1071,12 +1074,11 @@ 
 

      time.sleep(11)
 

      account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")
 

      log.info('Moving users from ou=people to ou=groups subtree')
 

-     topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
 

+     user = UserAccount(topology_st.standalone, dn='uid=lockusr1,ou=people,dc=example,dc=com')
 

      try:
 

-         topology_st.standalone.rename_s('uid=lockusr1,ou=people,dc=example,dc=com', 'uid=lockusr1',
 

-                                         'ou=groups,dc=example,dc=com')
 

+         user.rename('uid=lockusr1', newsuperior='ou=groups,dc=example,dc=com')
 

      except ldap.LDAPError as e:
 

-         log.error('Failed to move user uid=lockusr1 from ou=groups to ou=people')
 

+         log.error('Failed to move user uid=lockusr1 from ou=people to ou=groups')
 

          raise e
 

      log.info('Sleep for +2 secs and check users from both ou=people and ou=groups subtree')
 

      time.sleep(2)

file modified
+2 
@@ -104,6 +104,8 @@ 
 

  

      m1 = topology_with_tls.ms['master1']
 

      m2 = topology_with_tls.ms['master2']
 

+     m1.config.set('nsslapd-unhashed-pw-switch', 'on')
 

+     m2.config.set('nsslapd-unhashed-pw-switch', 'on')
 

      test_passw = 'm2Test199'
 

  

      _enable_changelog_encryption(m1, encryption)

Description:

Port accpol_test.py to DSLdapObject. The other tests are all related to a change with hiding unhashed passwords by default in the logs.

relates: https://pagure.io/389-ds-base/issue/50521

Without this sleep test fails for me.

The rest of the tests pass for me, ack.

rebased onto b07be1e
4 years ago

Pull-Request has been merged by mreynolds
4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3578

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 5
+2 -1
file changed
dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
+2 -1
file changed
dirsrvtests/tests/suites/password/pwd_log_test.py
+24 -27
file changed
dirsrvtests/tests/suites/password/pwp_history_test.py
+59 -57
file changed
dirsrvtests/tests/suites/plugins/accpol_test.py
+2 -0
file changed
dirsrvtests/tests/suites/replication/encryption_cl5_test.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.