def exc_callback(self, keys, options, exc, call_func, *call_args,
**call_kwargs):
if isinstance(exc, errors.ObjectclassViolation):
if options['nonposix'] and 'gidnumber' in options:
raise errors.ObjectclassViolation(info=_(
'attribute "gidNumber" not allowed with --nonposix'))
raise exc
def test_set_nonexistent_attribute(self, user):
""" Try setting a nonexistent attribute """
command = user.make_command(
'config_mod', **dict(setattr=u'invalid_attr=false')
)
with raises_exact(errors.ObjectclassViolation(
info='attribute "invalid_attr" not allowed')):
command()
def test_update_krb_ticket_policy(self, user):
""" Try to update krbmaxticketlife """
attr = 'krbmaxticketlife'
user.ensure_exists()
command = user.make_update_command(updates=dict(setattr=(u'%s=88000' %
attr)))
with raises_exact(
errors.ObjectclassViolation(
info=u'attribute "%s" not allowed' % attr)):
command()
def test_set_virtual_attribute(self, user):
""" Try to assign an invalid virtual attribute """
attr = 'random'
user.ensure_exists()
command = user.make_update_command(updates=dict(setattr=(u'%s=xyz123' %
attr)))
with raises_exact(
errors.ObjectclassViolation(
info=u'attribute "%s" not allowed' % attr)):
command()
def test_create_nonposix_with_gid(self, group):
""" Try to create non-posix group with GID """
command = group.make_create_command(
**dict(nonposix=True, gidnumber=10011))
with raises_exact(
errors.ObjectclassViolation(
info=u'attribute "gidNumber" not allowed with --nonposix')
):
command()
def test_create_with_krb_ticket_policy(self):
""" Try to create user with krbmaxticketlife set """
testuser = UserTracker(
name=u'tuser1', givenname=u'Test',
sn=u'Tuser1', setattr=u'krbmaxticketlife=88000'
)
command = testuser.make_create_command()
with raises_exact(errors.ObjectclassViolation(
info=u'attribute "%s" not allowed' % 'krbmaxticketlife')):
command()
class test_krbtpolicy(Declarative):
cleanup_commands = [
('user_del', [user1], {}),
('krbtpolicy_reset', [], {}),
]
tests = [
dict(
desc='Reset global policy',
command=('krbtpolicy_reset', [], {}),
expected=dict(
value=None,
summary=None,
result=dict(
krbmaxticketlife=[u'86400'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Show global policy',
command=('krbtpolicy_show', [], {}),
expected=dict(
value=None,
summary=None,
result=dict(
dn=DN(('cn', api.env.domain), ('cn', 'kerberos'),
api.env.basedn),
krbmaxticketlife=[u'86400'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Update global policy',
command=('krbtpolicy_mod', [], dict(krbmaxticketlife=3600)),
expected=dict(
value=None,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Create %r' % user1,
command=('user_add', [user1], dict(givenname=u'Test',
sn=u'User1')),
expected=dict(
value=user1,
summary=u'Added user "%s"' % user1,
result=get_user_result(user1, u'Test', u'User1', 'add'),
),
),
dict(
desc='Update user ticket policy',
command=('krbtpolicy_mod', [user1], dict(krbmaxticketlife=3600)),
expected=dict(
value=user1,
summary=None,
result=dict(krbmaxticketlife=[u'3600'], ),
),
),
dict(
desc='Update user ticket policy for auth indicator pkinit',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxticketlife_pkinit=3800)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_pkinit=[u'3800'],
),
),
),
dict(
desc='Update user ticket policy for auth indicator otp',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxticketlife_otp=3700)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_pkinit=[u'3800'],
krbauthindmaxticketlife_otp=[u'3700'],
),
),
),
dict(
desc='Update user ticket policy for auth indicator radius',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxticketlife_radius=1)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_otp=[u'3700'],
krbauthindmaxticketlife_pkinit=[u'3800'],
krbauthindmaxticketlife_radius=[u'1'],
),
),
),
dict(
desc='Update user ticket policy for auth indicator hardened',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxticketlife_hardened=2147483647)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_otp=[u'3700'],
krbauthindmaxticketlife_pkinit=[u'3800'],
krbauthindmaxticketlife_radius=[u'1'],
krbauthindmaxticketlife_hardened=[u'2147483647'],
),
),
),
dict(
desc='Update maxrenew user ticket policy for '
'auth indicator hardened',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxrenewableage_hardened=2147483647)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_otp=[u'3700'],
krbauthindmaxticketlife_pkinit=[u'3800'],
krbauthindmaxticketlife_radius=[u'1'],
krbauthindmaxticketlife_hardened=[u'2147483647'],
krbauthindmaxrenewableage_hardened=[u'2147483647'],
),
),
),
dict(
desc='Update maxrenew user ticket policy for '
'auth indicator otp',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxrenewableage_otp=3700)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_otp=[u'3700'],
krbauthindmaxticketlife_pkinit=[u'3800'],
krbauthindmaxticketlife_radius=[u'1'],
krbauthindmaxticketlife_hardened=[u'2147483647'],
krbauthindmaxrenewableage_hardened=[u'2147483647'],
krbauthindmaxrenewableage_otp=[u'3700'],
),
),
),
dict(
desc='Update maxrenew user ticket policy for '
'auth indicator radius',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxrenewableage_radius=1)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_otp=[u'3700'],
krbauthindmaxticketlife_pkinit=[u'3800'],
krbauthindmaxticketlife_radius=[u'1'],
krbauthindmaxticketlife_hardened=[u'2147483647'],
krbauthindmaxrenewableage_hardened=[u'2147483647'],
krbauthindmaxrenewableage_otp=[u'3700'],
krbauthindmaxrenewableage_radius=[u'1'],
),
),
),
dict(
desc='Update maxrenew user ticket policy for '
'auth indicator pkinit',
command=('krbtpolicy_mod', [user1],
dict(krbauthindmaxrenewableage_pkinit=3800)),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbauthindmaxticketlife_otp=[u'3700'],
krbauthindmaxticketlife_pkinit=[u'3800'],
krbauthindmaxticketlife_radius=[u'1'],
krbauthindmaxticketlife_hardened=[u'2147483647'],
krbauthindmaxrenewableage_hardened=[u'2147483647'],
krbauthindmaxrenewableage_otp=[u'3700'],
krbauthindmaxrenewableage_radius=[u'1'],
krbauthindmaxrenewableage_pkinit=[u'3800'],
),
),
),
dict(
desc='Try updating other user attribute',
command=('krbtpolicy_mod', [user1],
dict(setattr=u'givenname=Pete')),
expected=errors.ObjectclassViolation(
info='attribute "givenname" not allowed'),
),
]
for (value, error) in invalid_values:
for (param, param_name) in parameters:
tests.append(
create_dict(desc='Try updating invalid {0} with {1}'.format(
param_name, value),
param=param,
param_name=param_name,
value=value,
error=error))
class test_krbtpolicy(Declarative):
cleanup_commands = [
('user_del', [user1], {}),
('krbtpolicy_reset', [], {}),
]
tests = [
dict(
desc='Reset global policy',
command=('krbtpolicy_reset', [], {}),
expected=dict(
value=None,
summary=None,
result=dict(
krbmaxticketlife=[u'86400'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Show global policy',
command=('krbtpolicy_show', [], {}),
expected=dict(
value=None,
summary=None,
result=dict(
dn=DN(('cn', api.env.domain), ('cn', 'kerberos'),
api.env.basedn),
krbmaxticketlife=[u'86400'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Update global policy',
command=('krbtpolicy_mod', [], dict(krbmaxticketlife=3600)),
expected=dict(
value=None,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Create %r' % user1,
command=('user_add', [user1], dict(givenname=u'Test',
sn=u'User1')),
expected=dict(
value=user1,
summary=u'Added user "%s"' % user1,
result=get_user_result(user1, u'Test', u'User1', 'add'),
),
),
dict(
desc='Update user ticket policy',
command=('krbtpolicy_mod', [user1], dict(krbmaxticketlife=3600)),
expected=dict(
value=user1,
summary=None,
result=dict(krbmaxticketlife=[u'3600'], ),
),
),
dict(
desc='Try updating other user attribute',
command=('krbtpolicy_mod', [user1],
dict(setattr=u'givenname=Pete')),
expected=errors.ObjectclassViolation(
info='attribute "givenname" not allowed'),
),
]
class test_krbtpolicy(Declarative):
cleanup_commands = [
('user_del', [user1], {}),
('krbtpolicy_reset', [], {}),
]
tests = [
dict(
desc='Reset global policy',
command=(
'krbtpolicy_reset', [], {}
),
expected=dict(
value=u'',
summary=None,
result=dict(
krbmaxticketlife=[u'86400'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Show global policy',
command=(
'krbtpolicy_show', [], {}
),
expected=dict(
value=u'',
summary=None,
result=dict(
dn=DN(('cn',api.env.domain),('cn','kerberos'),
api.env.basedn),
krbmaxticketlife=[u'86400'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Update global policy',
command=(
'krbtpolicy_mod', [], dict(krbmaxticketlife=3600)
),
expected=dict(
value=u'',
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
krbmaxrenewableage=[u'604800'],
),
),
),
dict(
desc='Create %r' % user1,
command=(
'user_add', [user1], dict(givenname=u'Test', sn=u'User1')
),
expected=dict(
value=user1,
summary=u'Added user "%s"' % user1,
result=dict(
gecos=[u'Test User1'],
givenname=[u'Test'],
homedirectory=[u'/home/tuser1'],
krbprincipalname=[u'tuser1@' + api.env.realm],
loginshell=[u'/bin/sh'],
objectclass=objectclasses.user,
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'%s@%s' % (user1, api.env.domain)],
displayname=[u'Test User1'],
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm),
('cn','kerberos'),api.env.basedn)],
mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'),
api.env.basedn)],
memberof_group=[u'ipausers'],
has_keytab=False,
has_password=False,
dn=DN(('uid',user1),('cn','users'),('cn','accounts'), api.env.basedn)
),
),
),
dict(
desc='Update user ticket policy',
command=(
'krbtpolicy_mod', [user1], dict(krbmaxticketlife=3600)
),
expected=dict(
value=user1,
summary=None,
result=dict(
krbmaxticketlife=[u'3600'],
),
),
),
dict(
desc='Try updating other user attribute',
command=(
'krbtpolicy_mod', [user1], dict(setattr=u'givenname=Pete')
),
expected=errors.ObjectclassViolation(info='attribute "givenname" not allowed'),
),
]
class test_attr(Declarative):
cleanup_commands = [
('user_del', [user1], {}),
]
tests = [
dict(
desc='Try to add user %r with single-value attribute set via '
'option and --addattr' % user1,
command=('user_add', [user1],
dict(givenname=u'Test', sn=u'User1',
addattr=u'sn=User2')),
expected=errors.OnlyOneValueAllowed(attr='sn'),
),
dict(
desc='Create %r' % user1,
command=('user_add', [user1],
dict(givenname=u'Test', sn=u'User1', setattr=None)),
expected=dict(
value=user1,
summary=u'Added user "tuser1"',
result=dict(
gecos=[u'Test User1'],
givenname=[u'Test'],
homedirectory=[u'/home/tuser1'],
krbprincipalname=[u'tuser1@' + api.env.realm],
loginshell=[u'/bin/sh'],
objectclass=objectclasses.user,
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'%s@%s' % (user1, api.env.domain)],
displayname=[u'Test User1'],
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
krbpwdpolicyreference=[
DN(('cn', 'global_policy'), ('cn', api.env.realm),
('cn', 'kerberos'), api.env.basedn)
],
mepmanagedentry=[
DN(('cn', user1), ('cn', 'groups'), ('cn', 'accounts'),
api.env.basedn)
],
memberof_group=[u'ipausers'],
dn=DN(('uid', 'tuser1'), ('cn', 'users'),
('cn', 'accounts'), api.env.basedn),
has_keytab=False,
has_password=False,
),
),
),
dict(
desc='Change givenname, add mail %r' % user1,
command=('user_mod', [user1],
dict(setattr=(u'givenname=Finkle',
u'[email protected]'))),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**'],
memberof_group=[u'ipausers'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add another mail %r' % user1,
command=('user_mod', [user1],
dict(addattr=u'[email protected]')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add two phone numbers at once %r' % user1,
command=('user_mod', [user1],
dict(setattr=u'telephoneNumber=410-555-1212',
addattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'410-555-1212', u'301-555-1212'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Go from two phone numbers to one %r' % user1,
command=('user_mod', [user1],
dict(setattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'301-555-1212'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add two more phone numbers %r' % user1,
command=('user_mod', [user1],
dict(addattr=(u'telephoneNumber=703-555-1212',
u'telephoneNumber=202-888-9833'))),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[
u'301-555-1212', u'202-888-9833', u'703-555-1212'
],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Delete one phone number for %r' % user1,
command=('user_mod', [user1],
dict(delattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'202-888-9833', u'703-555-1212'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(desc='Try deleting the number again for %r' % user1,
command=('user_mod', [user1],
dict(delattr=u'telephoneNumber=301-555-1212')),
expected=errors.AttrValueNotFound(attr=u'telephonenumber',
value=u'301-555-1212')),
dict(
desc='Add and delete one phone number for %r' % user1,
command=('user_mod', [user1],
dict(addattr=u'telephoneNumber=301-555-1212',
delattr=u'telephoneNumber=202-888-9833')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'301-555-1212', u'703-555-1212'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add and delete the same phone number for %r' % user1,
command=('user_mod', [user1],
dict(addattr=(u'telephoneNumber=301-555-1212',
u'telephoneNumber=202-888-9833'),
delattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[
u'703-555-1212', u'301-555-1212', u'202-888-9833'
],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Set and delete a phone number for %r' % user1,
command=('user_mod', [user1],
dict(setattr=(u'telephoneNumber=301-555-1212',
u'telephoneNumber=202-888-9833'),
delattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'202-888-9833'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Try setting givenname to None with setattr in %r' % user1,
command=('user_mod', [user1], dict(setattr=(u'givenname='))),
expected=errors.RequirementError(name='givenname'),
),
dict(
desc='Try setting givenname to None with option in %r' % user1,
command=('user_mod', [user1], dict(givenname=None)),
expected=errors.RequirementError(name='first'),
),
dict(
desc='Make sure setting givenname works with option in %r' % user1,
command=('user_mod', [user1], dict(givenname=u'Fred')),
expected=dict(
result=dict(
givenname=[u'Fred'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'202-888-9833'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Make sure setting givenname works with setattr in %r' %
user1,
command=('user_mod', [user1], dict(setattr=u'givenname=Finkle')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'202-888-9833'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Lock %r using setattr' % user1,
command=('user_mod', [user1], dict(setattr=u'nsaccountlock=TrUe')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'202-888-9833'],
nsaccountlock=True,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Unlock %r using addattr&delattr' % user1,
command=('user_mod', [user1],
dict(addattr=u'nsaccountlock=FaLsE',
delattr=u'nsaccountlock=TRUE')),
expected=dict(
result=dict(
givenname=[u'Finkle'],
homedirectory=[u'/home/tuser1'],
loginshell=[u'/bin/sh'],
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'*****@*****.**', u'*****@*****.**'],
memberof_group=[u'ipausers'],
telephonenumber=[u'202-888-9833'],
nsaccountlock=False,
has_keytab=False,
has_password=False,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Try adding a new group search fields config entry',
command=('config_mod', [],
dict(addattr=u'ipagroupsearchfields=newattr')),
expected=errors.OnlyOneValueAllowed(attr='ipagroupsearchfields'),
),
dict(
desc='Try adding a new cert subject base config entry',
command=('config_mod', [],
dict(addattr=u'ipacertificatesubjectbase=0=DOMAIN.COM')),
expected=errors.ValidationError(
name='ipacertificatesubjectbase',
error='attribute is not configurable'),
),
dict(
desc='Try deleting a required config entry',
command=('config_mod', [],
dict(delattr=u'ipasearchrecordslimit=100')),
expected=errors.RequirementError(name='ipasearchrecordslimit'),
),
dict(
desc='Try setting nonexistent attribute',
command=('config_mod', [], dict(setattr=u'invalid_attr=false')),
expected=errors.ObjectclassViolation(
info='attribute "invalid_attr" not allowed'),
),
dict(
desc='Try setting out-of-range krbpwdmaxfailure',
command=('pwpolicy_mod', [], dict(setattr=u'krbpwdmaxfailure=-1')),
expected=errors.ValidationError(name='krbpwdmaxfailure',
error='must be at least 0'),
),
dict(
desc='Try setting out-of-range maxfail',
command=('pwpolicy_mod', [], dict(krbpwdmaxfailure=u'-1')),
expected=errors.ValidationError(name='maxfail',
error='must be at least 0'),
),
dict(
desc='Try setting non-numeric krbpwdmaxfailure',
command=('pwpolicy_mod', [],
dict(setattr=u'krbpwdmaxfailure=abc')),
expected=errors.ConversionError(name='krbpwdmaxfailure',
error='must be an integer'),
),
dict(
desc='Try setting non-numeric maxfail',
command=('pwpolicy_mod', [], dict(krbpwdmaxfailure=u'abc')),
expected=errors.ConversionError(name='maxfail',
error='must be an integer'),
),
dict(
desc='Try deleting bogus attribute',
command=('config_mod', [], dict(delattr=u'bogusattribute=xyz')),
expected=errors.ValidationError(
name='bogusattribute',
error='No such attribute on this entry'),
),
dict(
desc='Try deleting empty attribute',
command=('config_mod', [],
dict(delattr=u'ipaCustomFields=See Also,seealso,false')),
expected=errors.ValidationError(
name='ipacustomfields',
error='No such attribute on this entry'),
),
dict(
desc='Set and delete one value, plus try deleting a missing one',
command=('config_mod', [],
dict(delattr=[
u'ipaCustomFields=See Also,seealso,false',
u'ipaCustomFields=Country,c,false'
],
addattr=u'ipaCustomFields=See Also,seealso,false')),
expected=errors.AttrValueNotFound(attr='ipacustomfields',
value='Country,c,false'),
),
dict(
desc='Try to delete an operational attribute with --delattr',
command=('config_mod', [],
dict(delattr=u'creatorsName=cn=directory manager')),
expected=errors.DatabaseError(
desc='Server is unwilling to perform', info=''),
),
]
class test_attr(Declarative):
cleanup_commands = [
('user_del', [user1], {}),
]
tests = [
dict(
desc='Try to add user %r with single-value attribute set via '
'option and --addattr' % user1,
command=('user_add', [user1],
dict(givenname=u'Test', sn=u'User1',
addattr=u'sn=User2')),
expected=errors.OnlyOneValueAllowed(attr='sn'),
),
dict(
desc='Create %r' % user1,
command=('user_add', [user1],
dict(givenname=u'Test', sn=u'User1', setattr=None)),
expected=dict(
value=user1,
summary=u'Added user "tuser1"',
result=get_user_result(user1, u'Test', u'User1', 'add'),
),
),
dict(
desc='Change givenname, add mail %r' % user1,
command=('user_mod', [user1],
dict(setattr=(u'givenname=Finkle',
u'[email protected]'))),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add another mail %r' % user1,
command=('user_mod', [user1],
dict(addattr=u'[email protected]')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add two phone numbers at once %r' % user1,
command=('user_mod', [user1],
dict(setattr=u'telephoneNumber=410-555-1212',
addattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'410-555-1212', u'301-555-1212'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Go from two phone numbers to one %r' % user1,
command=('user_mod', [user1],
dict(setattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'301-555-1212'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add two more phone numbers %r' % user1,
command=('user_mod', [user1],
dict(addattr=(u'telephoneNumber=703-555-1212',
u'telephoneNumber=202-888-9833'))),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[
u'301-555-1212', u'703-555-1212', u'202-888-9833'
],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Delete one phone number for %r' % user1,
command=('user_mod', [user1],
dict(delattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'703-555-1212', u'202-888-9833'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(desc='Try deleting the number again for %r' % user1,
command=('user_mod', [user1],
dict(delattr=u'telephoneNumber=301-555-1212')),
expected=errors.AttrValueNotFound(attr=u'telephonenumber',
value=u'301-555-1212')),
dict(
desc='Add and delete one phone number for %r' % user1,
command=('user_mod', [user1],
dict(addattr=u'telephoneNumber=301-555-1212',
delattr=u'telephoneNumber=202-888-9833')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'703-555-1212', u'301-555-1212'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Add and delete the same phone number for %r' % user1,
command=('user_mod', [user1],
dict(addattr=(u'telephoneNumber=301-555-1212',
u'telephoneNumber=202-888-9833'),
delattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[
u'703-555-1212', u'301-555-1212', u'202-888-9833'
],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Set and delete a phone number for %r' % user1,
command=('user_mod', [user1],
dict(setattr=(u'telephoneNumber=301-555-1212',
u'telephoneNumber=202-888-9833'),
delattr=u'telephoneNumber=301-555-1212')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'202-888-9833'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Try setting givenname to None with setattr in %r' % user1,
command=('user_mod', [user1], dict(setattr=(u'givenname='))),
expected=errors.RequirementError(name='givenname'),
),
dict(
desc='Try setting givenname to None with option in %r' % user1,
command=('user_mod', [user1], dict(givenname=None)),
expected=errors.RequirementError(name='first'),
),
dict(
desc='Make sure setting givenname works with option in %r' % user1,
command=('user_mod', [user1], dict(givenname=u'Fred')),
expected=dict(
result=get_user_result(
user1,
u'Fred',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'202-888-9833'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Make sure setting givenname works with setattr in %r' %
user1,
command=('user_mod', [user1], dict(setattr=u'givenname=Finkle')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'202-888-9833'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Try to "remove" empty location from %r' % user1,
command=('user_mod', [user1], dict(l=None)),
expected=errors.EmptyModlist(),
),
dict(
desc='Lock %r using setattr' % user1,
command=('user_mod', [user1], dict(setattr=u'nsaccountlock=TrUe')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'202-888-9833'],
nsaccountlock=True,
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Unlock %r using addattr&delattr' % user1,
command=('user_mod', [user1],
dict(addattr=u'nsaccountlock=FaLsE',
delattr=u'nsaccountlock=TRUE')),
expected=dict(
result=get_user_result(
user1,
u'Finkle',
u'User1',
'mod',
mail=[u'*****@*****.**', u'*****@*****.**'],
telephonenumber=[u'202-888-9833'],
),
summary=u'Modified user "tuser1"',
value=user1,
),
),
dict(
desc='Try adding a new group search fields config entry',
command=('config_mod', [],
dict(addattr=u'ipagroupsearchfields=newattr')),
expected=errors.OnlyOneValueAllowed(attr='ipagroupsearchfields'),
),
dict(
desc='Try adding a new cert subject base config entry',
command=('config_mod', [],
dict(addattr=u'ipacertificatesubjectbase=0=DOMAIN.COM')),
expected=errors.ValidationError(
name='ipacertificatesubjectbase',
error='attribute is not configurable'),
),
dict(
desc='Try deleting a required config entry',
command=('config_mod', [],
dict(delattr=u'ipasearchrecordslimit=100')),
expected=errors.RequirementError(name='ipasearchrecordslimit'),
),
dict(
desc='Try setting nonexistent attribute',
command=('config_mod', [], dict(setattr=u'invalid_attr=false')),
expected=errors.ObjectclassViolation(
info='attribute "invalid_attr" not allowed'),
),
dict(
desc='Try setting out-of-range krbpwdmaxfailure',
command=('pwpolicy_mod', [], dict(setattr=u'krbpwdmaxfailure=-1')),
expected=errors.ValidationError(name='krbpwdmaxfailure',
error='must be at least 0'),
),
dict(
desc='Try setting out-of-range maxfail',
command=('pwpolicy_mod', [], dict(krbpwdmaxfailure=u'-1')),
expected=errors.ValidationError(name='maxfail',
error='must be at least 0'),
),
dict(
desc='Try setting non-numeric krbpwdmaxfailure',
command=('pwpolicy_mod', [],
dict(setattr=u'krbpwdmaxfailure=abc')),
expected=errors.ConversionError(name='krbpwdmaxfailure',
error='must be an integer'),
),
dict(
desc='Try setting non-numeric maxfail',
command=('pwpolicy_mod', [], dict(krbpwdmaxfailure=u'abc')),
expected=errors.ConversionError(name='maxfail',
error='must be an integer'),
),
dict(
desc='Try deleting bogus attribute',
command=('config_mod', [], dict(delattr=u'bogusattribute=xyz')),
expected=errors.ValidationError(
name='bogusattribute',
error='No such attribute on this entry'),
),
dict(
desc='Try deleting empty attribute',
command=('config_mod', [],
dict(delattr=u'ipaCustomFields=See Also,seealso,false')),
expected=errors.ValidationError(
name='ipacustomfields',
error='No such attribute on this entry'),
),
dict(
desc='Set and delete one value, plus try deleting a missing one',
command=('config_mod', [],
dict(delattr=[
u'ipaCustomFields=See Also,seealso,false',
u'ipaCustomFields=Country,c,false'
],
addattr=u'ipaCustomFields=See Also,seealso,false')),
expected=errors.AttrValueNotFound(attr='ipacustomfields',
value='Country,c,false'),
),
dict(
desc='Try to delete an operational attribute with --delattr',
command=('config_mod', [],
dict(delattr=u'creatorsName=cn=directory manager')),
expected=errors.DatabaseError(
desc='Server is unwilling to perform', info=''),
),
]
