From a6bb2fa4997dd7894dbf75d1c3fd1deaebd3e05c Mon Sep 17 00:00:00 2001 From: Sudhir Menon Date: Mar 07 2025 06:48:02 +0000 Subject: ipatests: Test to check that the configured value for "nsslapd-ignore-time-skew" remains on even after a "force-sync" is done Related: https://pagure.io/freeipa/issue/9635 Signed-off-by: Sudhir Menon Reviewed-By: Florence Blanc-Renaud Reviewed-By: Rob Crittenden --- diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index ef0727e..3673f7f 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -2132,3 +2132,69 @@ class TestHostnameValidator(IntegrationTest): assert result.returncode == 1 assert 'hostname cannot be the same as the domain name' \ in result.stderr_text + + +class TestNsslapdIgnoreTimeSkew(IntegrationTest): + """ + Test to check nsslapd-ignore-time-skew is not disabled. + """ + num_replicas = 1 + topology = 'line' + + @pytest.fixture + def update_time_skew(self): + """ + Fixture enables nsslapd-ignore-time-skew + parameter and reverts it back + """ + ldap = self.replicas[0].ldap_connect() + dn = DN( + ("cn", "config"), + ) + entry = ldap.get_entry(dn) + entry.single_value["nsslapd-ignore-time-skew"] = 'on' + ldap.update_entry(entry) + + yield + + entry = ldap.get_entry(dn) + entry.single_value["nsslapd-ignore-time-skew"] = 'off' + ldap.update_entry(entry) + + def test_check_nsslapd_ignore_time_skew(self): + """ + This testcase checks that the ignore time skew parameter + is set to on during the directory server replica + installation (replication of the suffix) and during + the CA replica (replication of o=ipaca). + It also checks that the time skew is reverted during + pki_tomcat setup stage. + """ + DIRSRV_LOG = ( + "ignore time skew for initial replication" + ) + PKI_TOMCAT_LOG = ( + "revert time skew after initial replication" + ) + install_msg = self.replicas[0].get_file_contents( + paths.IPAREPLICA_INSTALL_LOG, encoding="utf-8" + ) + dirsrv_msg = re.findall(DIRSRV_LOG, install_msg) + assert len(dirsrv_msg) == 2 + assert PKI_TOMCAT_LOG in install_msg + + def test_forcesync_does_not_overwrite_ignore_time_skew( + self, update_time_skew): + """ + This testcase checks that calling ipa-replica-manage + force-sync does not overwrite the value of ignore + time skew + """ + result = self.replicas[0].run_command( + ["ipa-replica-manage", "force-sync", + "--from", self.master.hostname, + "--no-lookup", "-v"]) + assert result.returncode == 0 + conn = self.replicas[0].ldap_connect() + ldap_entry = conn.get_entry(DN("cn=config")) + assert ldap_entry.single_value['nsslapd-ignore-time-skew'] == "on"