From b07be1e62f8f002fbaf24475580d9c4a29cc605b Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Jul 30 2019 18:38:26 +0000 Subject: Issue 50521 - Add regressions in CI tests Description: Port accpol_test.py to DSLdapObject. The othertests are all related to a change with hiding unhashed passwords by default in the logs. relates: https://pagure.io/389-ds-base/issue/50521 Reviewed by: vashirov(Thanks!) --- diff --git a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py index bb45617..2867014 100644 --- a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py +++ b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py @@ -665,6 +665,7 @@ def test_access_log_truncated_search_message(topology_st): log.info('Delete the previous access logs for the next test') topo.deleteAccessLogs() +@pytest.mark.skipif(ds_is_older('1.4.1.6'), reason="Not implemented") @pytest.mark.bz1732053 @pytest.mark.ds50510 def test_etime_at_border_of_second(topology_st): @@ -709,7 +710,7 @@ def test_etime_at_border_of_second(topology_st): log.error('It remains invalid or weird etime: %s' % invalid_etime[i]) assert not invalid_etime - + if __name__ == '__main__': # Run isolated # -s for DEBUG mode diff --git a/dirsrvtests/tests/suites/password/pwd_log_test.py b/dirsrvtests/tests/suites/password/pwd_log_test.py index 1fabf2c..55ef415 100644 --- a/dirsrvtests/tests/suites/password/pwd_log_test.py +++ b/dirsrvtests/tests/suites/password/pwd_log_test.py @@ -12,7 +12,7 @@ import pytest from lib389.tasks import * from lib389.topologies import topology_st from lib389.idm.user import UserAccounts, TEST_USER_PROPERTIES -from lib389._constants import DN_CONFIG, DEFAULT_SUFFIX +from lib389._constants import DEFAULT_SUFFIX pytestmark = pytest.mark.tier1 @@ -53,6 +53,7 @@ def test_hide_unhashed_pwd(topology_st): # Allow the unhashed password to be written to audit log topology_st.standalone.config.set('nsslapd-auditlog-logging-hide-unhashed-pw', 'off') + topology_st.standalone.config.set('nsslapd-unhashed-pw-switch', 'on') # Set new password, and check the audit log user.reset_password('mypassword') diff --git a/dirsrvtests/tests/suites/password/pwp_history_test.py b/dirsrvtests/tests/suites/password/pwp_history_test.py index 20ccfc2..16e181d 100644 --- a/dirsrvtests/tests/suites/password/pwp_history_test.py +++ b/dirsrvtests/tests/suites/password/pwp_history_test.py @@ -8,12 +8,14 @@ # import pytest import time +import logging from lib389.tasks import * -from lib389.utils import * +from lib389.utils import ds_is_newer from lib389.topologies import topology_st from lib389.idm.user import UserAccounts, TEST_USER_PROPERTIES +from lib389.idm.directorymanager import DirectoryManager from lib389.idm.organizationalunit import OrganizationalUnits -from lib389._constants import DN_DM, DEFAULT_SUFFIX, PASSWORD +from lib389._constants import DEFAULT_SUFFIX pytestmark = pytest.mark.tier1 @@ -105,13 +107,16 @@ def test_basic(topology_st): # user.set('userpassword', 'password1') user.rebind('password1') + time.sleep(.5) user.set('userpassword', 'password2') user.rebind('password2') + time.sleep(.5) user.set('userpassword', 'password3') user.rebind('password3') + time.sleep(.5) user.set('userpassword', 'password4') user.rebind('password4') - time.sleep(1) + time.sleep(.5) # # Check that we only have 3 passwords stored in history @@ -131,7 +136,7 @@ def test_basic(topology_st): try: user.set('userpassword', 'password1') log.fatal('Incorrectly able to to set password to previous password1.') - log.error('password history: ' + str(user.get_attr_vals('passwordhistory'))) + log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory'))) assert False except ldap.CONSTRAINT_VIOLATION: log.info('Password change correctly rejected') @@ -141,7 +146,7 @@ def test_basic(topology_st): try: user.set('userpassword', 'password2') log.fatal('Incorrectly able to to set password to previous password2.') - log.error('password history: ' + str(user.get_attr_vals('passwordhistory'))) + log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory'))) assert False except ldap.CONSTRAINT_VIOLATION: log.info('Password change correctly rejected') @@ -151,7 +156,7 @@ def test_basic(topology_st): try: user.set('userpassword', 'password3') log.fatal('Incorrectly able to to set password to previous password3.') - log.error('password history: ' + str(user.get_attr_vals('passwordhistory'))) + log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory'))) assert False except ldap.CONSTRAINT_VIOLATION: log.info('Password change correctly rejected') @@ -162,11 +167,9 @@ def test_basic(topology_st): # # Reset password by Directory Manager(admin reset) # - try: - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) - except ldap.LDAPError as e: - log.fatal('Failed to bind as rootDN: ' + str(e)) - assert False + dm = DirectoryManager(topology_st.standalone) + dm.rebind() + time.sleep(.5) user.set('userpassword', 'password-reset') time.sleep(1) @@ -175,7 +178,7 @@ def test_basic(topology_st): user.rebind('password-reset') user.set('userpassword', 'password4') log.fatal('Incorrectly able to to set password to previous password4.') - log.error('password history: ' + str(user.get_attr_vals('passwordhistory'))) + log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory'))) assert False except ldap.CONSTRAINT_VIOLATION: log.info('Password change correctly rejected') @@ -187,26 +190,24 @@ def test_basic(topology_st): # # Test passwordInHistory to 0 # - try: - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) - except ldap.LDAPError as e: - log.fatal('Failed to bind as rootDN: ' + str(e)) - assert False - + dm = DirectoryManager(topology_st.standalone) + dm.rebind() try: topology_st.standalone.config.replace('passwordInHistory', '0') log.info('Configured passwordInHistory to 0.') except ldap.LDAPError as e: log.fatal('Failed to configure password policy (passwordInHistory to 0): ' + str(e)) assert False + time.sleep(1) # Verify the older passwords in the entry (passwordhistory) are ignored user.rebind('password-reset') user.set('userpassword', 'password4') + time.sleep(.5) try: user.set('userpassword', 'password4') log.fatal('Incorrectly able to to set password to current password4.') - log.error('password history: ' + str(user.get_attr_vals('passwordhistory'))) + log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory'))) assert False except ldap.CONSTRAINT_VIOLATION: log.info('Password change correctly rejected') @@ -221,12 +222,8 @@ def test_basic(topology_st): # Set the history count back to a positive value and make sure things still work # as expected # - try: - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) - except ldap.LDAPError as e: - log.fatal('Failed to bind as rootDN: ' + str(e)) - assert False - + dm = DirectoryManager(topology_st.standalone) + dm.rebind() try: topology_st.standalone.config.replace('passwordInHistory', '2') log.info('Configured passwordInHistory to 2.') @@ -239,7 +236,7 @@ def test_basic(topology_st): user.rebind('password5') user.set('userpassword', 'password5') log.fatal('Incorrectly able to to set password to current password5.') - log.error('password history: ' + str(user.get_attr_vals('passwordhistory'))) + log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory'))) assert False except ldap.CONSTRAINT_VIOLATION: log.info('Password change correctly rejected') @@ -252,7 +249,7 @@ def test_basic(topology_st): user.set('userpassword', 'password1') except ldap.LDAPError as e: log.fatal('Failed to attempt to change password: ' + str(e)) - log.error('password history: ' + str(user.get_attr_vals('passwordhistory'))) + log.fatal('password history: ' + str(user.get_attr_vals('passwordhistory'))) assert False # Done diff --git a/dirsrvtests/tests/suites/plugins/accpol_test.py b/dirsrvtests/tests/suites/plugins/accpol_test.py index ac63739..73e2e54 100644 --- a/dirsrvtests/tests/suites/plugins/accpol_test.py +++ b/dirsrvtests/tests/suites/plugins/accpol_test.py @@ -11,8 +11,9 @@ import subprocess from lib389.tasks import * from lib389.utils import * from lib389.topologies import topology_st -from lib389.idm.user import UserAccounts - +from lib389.idm.user import (UserAccount, UserAccounts) +from lib389.plugins import (AccountPolicyPlugin, AccountPolicyConfig) +from lib389.cos import (CosTemplate, CosPointerDefinition) from lib389._constants import (PLUGIN_ACCT_POLICY, DN_PLUGIN, DN_DM, PASSWORD, DEFAULT_SUFFIX, DN_CONFIG, SERVERID_STANDALONE) @@ -32,16 +33,19 @@ def accpol_global(topology_st, request): """Configure Global account policy plugin and restart the server""" log.info('Configuring Global account policy plugin, pwpolicy attributes and restarting the server') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) + plugin = AccountPolicyPlugin(topology_st.standalone) try: - topology_st.standalone.plugins.enable(name=PLUGIN_ACCT_POLICY) - topology_st.standalone.modify_s(ACCPOL_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', ensure_bytes(ACCP_CONF))]) - topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'alwaysrecordlogin', b'yes')]) - topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'stateattrname', b'lastLoginTime')]) - topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'altstateattrname', b'createTimestamp')]) - topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'specattrname', b'acctPolicySubentry')]) - topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'limitattrname', b'accountInactivityLimit')]) - topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_REPLACE, 'accountInactivityLimit', b'12')]) + if DEBUGGING: + topology_st.standalone.config.set('nsslapd-auditlog-logging-enabled', 'on') + plugin.enable() + plugin.set('nsslapd-pluginarg0', ACCP_CONF) + accp = AccountPolicyConfig(topology_st.standalone, dn=ACCP_CONF) + accp.set('alwaysrecordlogin', 'yes') + accp.set('stateattrname', 'lastLoginTime') + accp.set('altstateattrname', 'createTimestamp') + accp.set('specattrname', 'acctPolicySubentry') + accp.set('limitattrname', 'accountInactivityLimit') + accp.set('accountInactivityLimit', '12') topology_st.standalone.config.set('passwordexp', 'on') topology_st.standalone.config.set('passwordmaxage', '400') topology_st.standalone.config.set('passwordwarning', '1') @@ -56,9 +60,9 @@ def accpol_global(topology_st, request): def fin(): log.info('Disabling Global accpolicy plugin and removing pwpolicy attrs') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) try: - topology_st.standalone.plugins.disable(name=PLUGIN_ACCT_POLICY) + plugin = AccountPolicyPlugin(topology_st.standalone) + plugin.disable() topology_st.standalone.config.set('passwordexp', 'off') topology_st.standalone.config.set('passwordlockout', 'off') except ldap.LDAPError as e: @@ -74,20 +78,19 @@ def accpol_local(topology_st, accpol_global, request): """Configure Local account policy plugin for ou=people subtree and restart the server""" log.info('Adding Local account policy plugin configuration entries') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) try: - topology_st.standalone.modify_s(ACCP_CONF, [(ldap.MOD_DELETE, 'accountInactivityLimit', None)]) topology_st.standalone.config.set('passwordmaxage', '400') - topology_st.standalone.add_s(Entry((LOCL_CONF, { - 'objectclass': ['top', 'ldapsubentry', 'extensibleObject', 'accountpolicy'], - 'accountInactivityLimit': '10'}))) - topology_st.standalone.add_s(Entry((TEMPL_COS, { - 'objectclass': ['top', 'ldapsubentry', 'extensibleObject', 'cosTemplate'], - 'acctPolicySubentry': LOCL_CONF}))) - topology_st.standalone.add_s(Entry((DEFIN_COS, { - 'objectclass': ['top', 'ldapsubentry', 'cosSuperDefinition', 'cosPointerDefinition'], + accp = AccountPolicyConfig(topology_st.standalone, dn=ACCP_CONF) + accp.remove_all('accountInactivityLimit') + locl_conf = AccountPolicyConfig(topology_st.standalone, dn=LOCL_CONF) + locl_conf.create(properties={'cn': 'AccountPolicy1', 'accountInactivityLimit': '10'}) + cos_template = CosTemplate(topology_st.standalone, dn=TEMPL_COS) + cos_template.create(properties={'cn': 'TempltCoS', 'acctPolicySubentry': LOCL_CONF}) + cos_def = CosPointerDefinition(topology_st.standalone, dn=DEFIN_COS) + cos_def.create(properties={ + 'cn': 'DefnCoS', 'cosTemplateDn': TEMPL_COS, - 'cosAttribute': 'acctPolicySubentry default operational-default'}))) + 'cosAttribute': 'acctPolicySubentry default operational-default'}) except ldap.LDAPError as e: log.error('Failed to configure Local account policy plugin') log.error('Failed to add entry {}, {}, {}:'.format(LOCL_CONF, TEMPL_COS, DEFIN_COS)) @@ -96,12 +99,11 @@ def accpol_local(topology_st, accpol_global, request): def fin(): log.info('Disabling Local accpolicy plugin and removing pwpolicy attrs') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) try: topology_st.standalone.plugins.disable(name=PLUGIN_ACCT_POLICY) - topology_st.standalone.delete_s(LOCL_CONF) - topology_st.standalone.delete_s(TEMPL_COS) - topology_st.standalone.delete_s(DEFIN_COS) + for entry_dn in [LOCL_CONF, TEMPL_COS, DEFIN_COS]: + entry = UserAccount(topology_st.standalone, dn=entry_dn) + entry.delete() except ldap.LDAPError as e: log.error('Failed to disable Local accpolicy plugin, {}'.format(e.message['desc'])) assert False @@ -117,12 +119,13 @@ def pwacc_lock(topology_st, suffix, subtree, userid, nousrs): while (nousrs > 0): usrrdn = '{}{}'.format(userid, nousrs) userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix) + user = UserAccount(topology_st.standalone, dn=userdn) for i in range(3): with pytest.raises(ldap.INVALID_CREDENTIALS): - topology_st.standalone.simple_bind_s(userdn, INVL_PASW) + user.bind(INVL_PASW) log.error('No invalid credentials error for User {}'.format(userdn)) with pytest.raises(ldap.CONSTRAINT_VIOLATION): - topology_st.standalone.simple_bind_s(userdn, USER_PASW) + user.bind(USER_PASW) log.error('User {} is not locked, expected error 19'.format(userdn)) nousrs = nousrs - 1 time.sleep(1) @@ -134,18 +137,18 @@ def userpw_reset(topology_st, suffix, subtree, userid, nousrs, bindusr, bindpw, while (nousrs > 0): usrrdn = '{}{}'.format(userid, nousrs) userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix) + user = UserAccount(topology_st.standalone, dn=userdn) log.info('Reset user password for user-{}'.format(userdn)) if (bindusr == "DirMgr"): - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) try: - topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, 'userPassword', ensure_bytes(newpasw))]) + user.replace('userPassword', newpasw) except ldap.LDAPError as e: log.error('Unable to reset userPassword for user-{}'.format(userdn)) raise e elif (bindusr == "RegUsr"): - topology_st.standalone.simple_bind_s(userdn, bindpw) + user_conn = user.bind(bindpw) try: - topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, 'userPassword', ensure_bytes(newpasw))]) + user_conn.replace('userPassword', newpasw) except ldap.LDAPError as e: log.error('Unable to reset userPassword for user-{}'.format(userdn)) raise e @@ -184,9 +187,9 @@ def modify_attr(topology_st, base_dn, attr_name, attr_val): """Modify attribute value for a given DN""" log.info('Modify attribute value for a given DN') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) try: - topology_st.standalone.modify_s(base_dn, [(ldap.MOD_REPLACE, attr_name, ensure_bytes(attr_val))]) + entry = UserAccount(topology_st.standalone, dn=base_dn) + entry.replace(attr_name, attr_val) except ldap.LDAPError as e: log.error('Failed to replace lastLoginTime attribute for user-{} {}'.format(userdn, e.message['desc'])) assert False @@ -197,12 +200,12 @@ def check_attr(topology_st, suffix, subtree, userid, nousrs, attr_name): """Check ModifyTimeStamp attribute present for user""" log.info('Check ModifyTimeStamp attribute present for user') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) while (nousrs > 0): usrrdn = '{}{}'.format(userid, nousrs) userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix) + user = UserAccount(topology_st.standalone, dn=userdn) try: - topology_st.standalone.search_s(userdn, ldap.SCOPE_BASE, attr_name) + user.get_attr_val(attr_name) except ldap.LDAPError as e: log.error('ModifyTimeStamp attribute is not present for user-{} {}'.format(userdn, e.message['desc'])) assert False @@ -214,12 +217,12 @@ def add_time_attr(topology_st, suffix, subtree, userid, nousrs, attr_name): new_attr_val = time.strftime("%Y%m%d%H%M%S", time.gmtime()) + 'Z' log.info('Enable account by replacing lastLoginTime/createTimeStamp/ModifyTimeStamp attribute') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) while (nousrs > 0): usrrdn = '{}{}'.format(userid, nousrs) userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix) + user = UserAccount(topology_st.standalone, dn=userdn) try: - topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, attr_name, ensure_bytes(new_attr_val))]) + user.replace(attr_name, new_attr_val) except ldap.LDAPError as e: log.error('Failed to add/replace {} attribute to-{}, for user-{}'.format(attr_name, new_attr_val, userdn)) raise e @@ -232,12 +235,12 @@ def modusr_attr(topology_st, suffix, subtree, userid, nousrs, attr_name, attr_va """Enable account by replacing cn attribute value, value of modifyTimeStamp changed""" log.info('Enable account by replacing cn attribute value, value of modifyTimeStamp changed') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) while (nousrs > 0): usrrdn = '{}{}'.format(userid, nousrs) userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix) + user = UserAccount(topology_st.standalone, dn=userdn) try: - topology_st.standalone.modify_s(userdn, [(ldap.MOD_REPLACE, attr_name, ensure_bytes(attr_value))]) + user.replace(attr_name, attr_value) except ldap.LDAPError as e: log.error('Failed to add/replace {} attribute to-{}, for user-{}'.format(attr_name, attr_value, userdn)) raise e @@ -249,12 +252,12 @@ def del_time_attr(topology_st, suffix, subtree, userid, nousrs, attr_name): """Delete lastLoginTime/createTimeStamp/ModifyTimeStamp attribute from user account""" log.info('Delete lastLoginTime/createTimeStamp/ModifyTimeStamp attribute from user account') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) while (nousrs > 0): usrrdn = '{}{}'.format(userid, nousrs) userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix) + user = UserAccount(topology_st.standalone, dn=userdn) try: - topology_st.standalone.modify_s(userdn, [(ldap.MOD_DELETE, attr_name, None)]) + user.remove_all(attr_name) except ldap.LDAPError as e: log.error('Failed to delete {} attribute for user-{}'.format(attr_name, userdn)) raise e @@ -285,7 +288,6 @@ def del_users(topology_st, suffix, subtree, userid, nousrs): """Delete users from default test instance with given suffix, subtree, userid and nousrs""" log.info('del_users: Pass all of these as parameters suffix, subtree, userid and nousrs') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) users = UserAccounts(topology_st.standalone, suffix, rdn=subtree) while (nousrs > 0): usrrdn = '{}{}'.format(userid, nousrs) @@ -300,19 +302,20 @@ def account_status(topology_st, suffix, subtree, userid, nousrs, ulimit, tochck) while (nousrs > ulimit): usrrdn = '{}{}'.format(userid, nousrs) userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix) + user = UserAccount(topology_st.standalone, dn=userdn) if (tochck == "Enabled"): try: - topology_st.standalone.simple_bind_s(userdn, USER_PASW) + user.bind(USER_PASW) except ldap.LDAPError as e: log.error('User {} failed to login, expected 0'.format(userdn)) raise e elif (tochck == "Expired"): with pytest.raises(ldap.INVALID_CREDENTIALS): - topology_st.standalone.simple_bind_s(userdn, USER_PASW) + user.bind(USER_PASW) log.error('User {} password not expired , expected error 49'.format(userdn)) elif (tochck == "Disabled"): with pytest.raises(ldap.CONSTRAINT_VIOLATION): - topology_st.standalone.simple_bind_s(userdn, USER_PASW) + user.bind(USER_PASW) log.error('User {} is not inactivated, expected error 19'.format(userdn)) nousrs = nousrs - 1 time.sleep(1) @@ -344,13 +347,16 @@ def test_glact_inact(topology_st, accpol_global): nousrs = 3 log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs') add_users(topology_st, suffix, subtree, userid, nousrs, 0) + log.info('Sleep for 10 secs to check if account is not inactivated, expected value 0') time.sleep(10) log.info('Account should not be inactivated since AccountInactivityLimit not exceeded') account_status(topology_st, suffix, subtree, userid, 3, 2, "Enabled") + log.info('Sleep for 3 more secs to check if account is inactivated') time.sleep(3) account_status(topology_st, suffix, subtree, userid, 2, 0, "Disabled") + log.info('Sleep +10 secs to check if account {}3 is inactivated'.format(userid)) time.sleep(10) account_status(topology_st, suffix, subtree, userid, 3, 2, "Disabled") @@ -894,7 +900,6 @@ def test_glnact_pwexp(topology_st, accpol_global): subtree = "ou=groups" userid = "pwexpusr" nousrs = 1 - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) try: topology_st.standalone.config.set('passwordmaxage', '9') except ldap.LDAPError as e: @@ -938,7 +943,6 @@ def test_glnact_pwexp(topology_st, accpol_global): account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled") # Reset maxage - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) try: topology_st.standalone.config.set('passwordmaxage', '400') except ldap.LDAPError as e: @@ -1025,10 +1029,9 @@ def test_locinact_modrdn(topology_st, accpol_local): time.sleep(11) account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled") log.info('Moving users from ou=groups to ou=people subtree') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) + user = UserAccount(topology_st.standalone, dn='uid=nolockusr1,ou=groups,dc=example,dc=com') try: - topology_st.standalone.rename_s('uid=nolockusr1,ou=groups,dc=example,dc=com', 'uid=nolockusr1', - 'ou=people,dc=example,dc=com') + user.rename('uid=nolockusr1', newsuperior='ou=people,dc=example,dc=com') except ldap.LDAPError as e: log.error('Failed to move user uid=nolockusr1 from ou=groups to ou=people') raise e @@ -1071,12 +1074,11 @@ def test_locact_modrdn(topology_st, accpol_local): time.sleep(11) account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled") log.info('Moving users from ou=people to ou=groups subtree') - topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) + user = UserAccount(topology_st.standalone, dn='uid=lockusr1,ou=people,dc=example,dc=com') try: - topology_st.standalone.rename_s('uid=lockusr1,ou=people,dc=example,dc=com', 'uid=lockusr1', - 'ou=groups,dc=example,dc=com') + user.rename('uid=lockusr1', newsuperior='ou=groups,dc=example,dc=com') except ldap.LDAPError as e: - log.error('Failed to move user uid=lockusr1 from ou=groups to ou=people') + log.error('Failed to move user uid=lockusr1 from ou=people to ou=groups') raise e log.info('Sleep for +2 secs and check users from both ou=people and ou=groups subtree') time.sleep(2) diff --git a/dirsrvtests/tests/suites/replication/encryption_cl5_test.py b/dirsrvtests/tests/suites/replication/encryption_cl5_test.py index 804da71..529b129 100644 --- a/dirsrvtests/tests/suites/replication/encryption_cl5_test.py +++ b/dirsrvtests/tests/suites/replication/encryption_cl5_test.py @@ -104,6 +104,8 @@ def test_algorithm_unhashed(topology_with_tls, encryption): m1 = topology_with_tls.ms['master1'] m2 = topology_with_tls.ms['master2'] + m1.config.set('nsslapd-unhashed-pw-switch', 'on') + m2.config.set('nsslapd-unhashed-pw-switch', 'on') test_passw = 'm2Test199' _enable_changelog_encryption(m1, encryption)