def topology_setup(topology_m2):
"""Configure the topology with purge parameters and enable audit logging
- configure replica purge delay and interval on supplier1 and supplier2
- enable audit log on supplier1 and supplier2
- restart supplier1 and supplier2
"""
m1 = topology_m2.ms["supplier1"]
m2 = topology_m2.ms["supplier2"]
replica1 = Replicas(m1).get(DEFAULT_SUFFIX)
replica2 = Replicas(m2).get(DEFAULT_SUFFIX)
replica1.set('nsDS5ReplicaPurgeDelay', '5')
replica2.set('nsDS5ReplicaPurgeDelay', '5')
assert replica1.present('nsDS5ReplicaPurgeDelay')
assert replica2.present('nsDS5ReplicaPurgeDelay')
replica1.display_attr('nsDS5ReplicaPurgeDelay')
replica2.display_attr('nsDS5ReplicaPurgeDelay')
replica1.set('nsDS5ReplicaTombstonePurgeInterval', '5')
replica2.set('nsDS5ReplicaTombstonePurgeInterval', '5')
assert replica1.present('nsDS5ReplicaTombstonePurgeInterval')
assert replica2.present('nsDS5ReplicaTombstonePurgeInterval')
replica1.display_attr('nsDS5ReplicaTombstonePurgeInterval')
replica2.display_attr('nsDS5ReplicaTombstonePurgeInterval')
m1.config.set('nsslapd-auditlog-logging-enabled', 'on')
m2.config.set('nsslapd-auditlog-logging-enabled', 'on')
m1.restart()
m2.restart()
def test_plugin_bind_dn_tracking_and_replication(topo_m2):
"""Testing nsslapd-plugin-binddn-tracking does not cause issues around
access control and reconfiguring replication/repl agmt.
:id: dd689d03-69b8-4bf9-a06e-2acd19d5e2c9
:setup: 2 supplier topology
:steps:
1. Turn on plugin binddn tracking
2. Add some users
3. Make an update as a user
4. Make an update to the replica config
5. Make an update to the repliocation agreement
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
"""
m1 = topo_m2.ms["supplier1"]
# Turn on bind dn tracking
m1.config.set('nsslapd-plugin-binddn-tracking', 'on')
# Add two users
users = UserAccounts(m1, DEFAULT_SUFFIX)
user1 = users.create_test_user(uid=1011)
user1.set('userpassword', PASSWORD)
user2 = users.create_test_user(uid=1012)
# Add an aci
acival = '(targetattr ="cn")(version 3.0;acl "Test bind dn tracking"' + \
';allow (all) (userdn = "ldap:///{}");)'.format(user1.dn)
Domain(m1, DEFAULT_SUFFIX).add('aci', acival)
# Bind as user and make an update
user1.rebind(PASSWORD)
user2.set('cn', 'new value')
dm = DirectoryManager(m1)
dm.rebind()
# modify replica
replica = Replicas(m1).get(DEFAULT_SUFFIX)
replica.set(REPL_PROTOCOL_TIMEOUT, "30")
# modify repl agmt
agmt = replica.get_agreements().list()[0]
agmt.set(REPL_PROTOCOL_TIMEOUT, "20")
