Beispiel #1
0
def test_create_printer(ucr, udm):
    """Create shares/printer and verify LDAP object"""
    ucr.load()

    properties = {
        'name': uts.random_name(),
        'location': uts.random_string(),
        'description': uts.random_name(),
        'spoolHost': random_fqdn(ucr),
        'uri': '%s %s' % (
            random.choice(PRINTER_PROTOCOLS),
            uts.random_ip(),
        ),
        'model':
        'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd',
        'producer':
        'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
        'sambaName': uts.random_name(),
        'ACLtype': random.choice(['allow all', 'allow', 'deny']),
        'ACLUsers': 'uid=Administrator,cn=users,%s' % (ucr.get('ldap/base'), ),
        'ACLGroups':
        'cn=Printer Admins,cn=groups,%s' % (ucr.get('ldap/base'), ),
    }

    print('*** Create shares/printer object')
    print_share_dn = udm.create_object('shares/printer',
                                       position='cn=printers,%s' %
                                       (ucr['ldap/base'], ),
                                       **properties)

    utils.verify_ldap_object(print_share_dn, {
        'cn': [properties['name']],
        'description': [properties['description']],
        'univentionObjectType': ['shares/printer'],
        'univentionPrinterACLGroups': [properties['ACLGroups']],
        'univentionPrinterACLUsers': [properties['ACLUsers']],
        'univentionPrinterACLtype': [properties['ACLtype']],
        'univentionPrinterLocation': [properties['location']],
        'univentionPrinterModel': [properties['model']],
        'univentionPrinterSambaName': [properties['sambaName']],
        'univentionPrinterSpoolHost': [properties['spoolHost']],
        'univentionPrinterURI': [properties['uri'].replace(' ', '')],
    },
                             delay=1)

    print('*** Modify shares/printer object')
    properties['sambaName'] = uts.random_name()
    udm.modify_object('shares/printer',
                      dn=print_share_dn,
                      sambaName=properties['sambaName'])
    utils.verify_ldap_object(
        print_share_dn,
        {'univentionPrinterSambaName': [properties['sambaName']]},
        delay=1)
Beispiel #2
0
def get_ou_base(ou, district_enable):
    ucr = univention.testing.ucr.UCSTestConfigRegistry()
    ucr.load()

    base_dn = ucr.get('ldap/base')

    if district_enable:
        ou_base = 'ou=%s,ou=%s,%s' % (ou, ou[0:2], base_dn)
    else:
        ou_base = 'ou=%s,%s' % (ou, base_dn)

    return ou_base
Beispiel #3
0
def create_mail_domain(ucr, udm):
    if not ucr.get('mail/hosteddomains'):
        try:
            maildomain = ucr["mail/hosteddomains"].split()[0]
        except (AttributeError, IndexError):
            maildomain = ucr["domainname"]

        print("\n\n*** Creating mail domain %r...\n", maildomain)

        udm.create_object('mail/domain',
                          position='cn=domain,cn=mail,{}'.format(
                              ucr['ldap/base']),
                          name=maildomain)
Beispiel #4
0
def test_create_printer_for_every_printer_URI(ucr, udm):
    """create printer for every printer URI"""
    # bugs: [36267, 38812, 40591]
    account = utils.UCSTestDomainAdminCredentials()
    position = ucr.get('ldap/hostdn').split(',', 1)[1]
    for uri in get_uirs():
        printer_name = uts.random_name()
        udm.create_object(modulename='shares/printer',
                          name=printer_name,
                          position='%s' % position,
                          binddn=account.binddn,
                          bindpwd=account.bindpw,
                          set={
                              'spoolHost': '%(hostname)s.%(domainname)s' % ucr,
                              'model': 'None',
                              'uri': '%s:// /tmp/%s' % (uri, printer_name)
                          })
        if not printer_enabled(printer_name):
            print('Wait for 30 seconds and try again')
            time.sleep(30)
            assert printer_enabled(
                printer_name
            ), 'Printer (%s) is created but not enabled' % printer_name
Beispiel #5
0
def verify_dc(ou, dc_name, dc_type, base_dn=None, must_exist=True):
    ''' Arguments:
	dc_name: name of the domaincontroller (cn)
	dc_type: type of the domaincontroller ('educational' or 'administrative')
	'''
    assert (dc_type in (TYPE_DC_ADMINISTRATIVE, TYPE_DC_EDUCATIONAL))

    ucr = univention.testing.ucr.UCSTestConfigRegistry()
    ucr.load()
    if not base_dn:
        base_dn = ucr.get('ldap/base')
    ou_base = get_ou_base(ou,
                          ucr.is_true('ucsschool/ldap/district/enable', False))
    dc_dn = 'cn=%s,cn=dc,cn=server,cn=computers,%s' % (dc_name, ou_base)

    # define list of (un-)desired group memberships ==> [(IS_MEMBER, GROUP_DN), ...]
    group_dn_list = []
    if dc_type == TYPE_DC_ADMINISTRATIVE:
        group_dn_list += [
            (True, 'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
             (ou.lower(), base_dn)),
            (True,
             'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )),
            (False,
             'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn),
            (False,
             'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
             (ou, base_dn)),
            (False, 'cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s' %
             (ou.lower(), base_dn)),
            (False,
             'cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )),
            (False,
             'cn=Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % base_dn),
            (False, 'cn=OU%s-Member-Edukativnetz,cn=ucsschool,cn=groups,%s' %
             (ou, base_dn)),
        ]
    else:
        group_dn_list += [
            (True, 'cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s' %
             (ou.lower(), base_dn)),
            (True,
             'cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )),
            (False,
             'cn=Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % base_dn),
            (False, 'cn=OU%s-Member-Edukativnetz,cn=ucsschool,cn=groups,%s' %
             (ou, base_dn)),
        ]
        if ucr.is_true('ucsschool/ldap/noneducational/create/objects',
                       must_exist):
            group_dn_list += [
                (False,
                 'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
                 (ou.lower(), base_dn)),
                (False, 'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
                 (base_dn, )),
                (False, 'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
                 base_dn),
                (False,
                 'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
                 (ou, base_dn)),
            ]

    utils.verify_ldap_object(dc_dn, should_exist=must_exist)

    for (expected_membership, grpdn) in group_dn_list:
        try:
            if must_exist:
                utils.verify_ldap_object(
                    grpdn,
                    expected_attr={'uniqueMember': [dc_dn]},
                    strict=False,
                    should_exist=True)

                if not expected_membership:
                    raise DCisMemberOfGroup('%s DC %r is member of group %r' %
                                            (dc_type, dc_dn, grpdn))
        except utils.LDAPObjectValueMissing:
            if expected_membership:
                raise
Beispiel #6
0
def verify_ou(ou, dc, ucr, sharefileserver, dc_administrative, must_exist):
    print '*** Verifying OU (%s) ... ' % ou
    ucr.load()

    dc_name = ucr.get('hostname')
    old_dhcpd_ldap_base = ucr.get('dhcpd/ldap/base')
    lo = univention.uldap.getMachineConnection()
    base_dn = ucr.get('ldap/base')

    cn_pupils = ucr.get('ucsschool/ldap/default/container/pupils', 'schueler')
    cn_teachers = ucr.get('ucsschool/ldap/default/container/teachers',
                          'lehrer')
    cn_teachers_staff = ucr.get(
        'ucsschool/ldap/default/container/teachers-and-staff',
        'lehrer und mitarbeiter')
    cn_admins = ucr.get('ucsschool/ldap/default/container/admins', 'admins')
    cn_staff = ucr.get('ucsschool/ldap/default/container/staff', 'mitarbeiter')

    singlemaster = ucr.is_true('ucsschool/singlemaster')
    noneducational_create_objects = ucr.is_true(
        'ucsschool/ldap/noneducational/create/objects')
    district_enable = ucr.is_true('ucsschool/ldap/district/enable')
    # default_dcs = ucr.get('ucsschool/ldap/default/dcs')
    dhcp_dns_clearou = ucr.is_true(
        'ucsschool/import/generate/policy/dhcp/dns/clearou')
    ou_base = get_ou_base(ou, district_enable)

    # does dc exist?
    if singlemaster:
        dc_dn = ucr.get('ldap/hostdn')
        dc_name = ucr.get('hostname')
    elif dc:
        dc_dn = 'cn=%s,cn=dc,cn=server,cn=computers,%s' % (dc, ou_base)
        dc_name = dc
    else:
        dc_dn = 'cn=dc%s-01,cn=dc,cn=server,cn=computers,%s' % (ou, ou_base)
        dc_name = 'dc%s-01' % ou

    sharefileserver_dn = dc_dn
    if sharefileserver:
        result = lo.search(
            filter='(&(objectClass=univentionDomainController)(cn=%s))' %
            sharefileserver,
            base=base_dn,
            attr=['cn'])
        if result:
            sharefileserver_dn = result[0][0]

    utils.verify_ldap_object(ou_base,
                             expected_attr={
                                 'ou': [ou],
                                 'ucsschoolClassShareFileServer':
                                 [sharefileserver_dn],
                                 'ucsschoolHomeShareFileServer':
                                 [sharefileserver_dn]
                             },
                             should_exist=must_exist)

    utils.verify_ldap_object('cn=printers,%s' % ou_base,
                             expected_attr={'cn': ['printers']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=users,%s' % ou_base,
                             expected_attr={'cn': ['users']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_pupils, ou_base),
                             expected_attr={'cn': [cn_pupils]},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_teachers, ou_base),
                             expected_attr={'cn': [cn_teachers]},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_admins, ou_base),
                             expected_attr={'cn': [cn_admins]},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_admins, ou_base),
                             expected_attr={'cn': [cn_admins]},
                             should_exist=must_exist)

    utils.verify_ldap_object('cn=computers,%s' % ou_base,
                             expected_attr={'cn': ['computers']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=server,cn=computers,%s' % ou_base,
                             expected_attr={'cn': ['server']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=dc,cn=server,cn=computers,%s' % ou_base,
                             expected_attr={'cn': ['dc']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=networks,%s' % ou_base,
                             expected_attr={'cn': ['networks']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=groups,%s' % ou_base,
                             expected_attr={'cn': ['groups']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_pupils, ou_base),
                             expected_attr={'cn': [cn_pupils]},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_teachers, ou_base),
                             expected_attr={'cn': [cn_teachers]},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=klassen,cn=%s,cn=groups,%s' %
                             (cn_pupils, ou_base),
                             expected_attr={'cn': ['klassen']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=raeume,cn=groups,%s' % ou_base,
                             expected_attr={'cn': ['raeume']},
                             should_exist=must_exist)

    utils.verify_ldap_object('cn=dhcp,%s' % ou_base,
                             expected_attr={'cn': ['dhcp']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=policies,%s' % ou_base,
                             expected_attr={'cn': ['policies']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=shares,%s' % ou_base,
                             expected_attr={'cn': ['shares']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=klassen,cn=shares,%s' % ou_base,
                             expected_attr={'cn': ['klassen']},
                             should_exist=must_exist)
    utils.verify_ldap_object('cn=dc,cn=server,cn=computers,%s' % ou_base,
                             expected_attr={'cn': ['dc']},
                             should_exist=must_exist)

    if noneducational_create_objects:
        utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_staff, ou_base),
                                 should_exist=must_exist)
        utils.verify_ldap_object('cn=%s,cn=users,%s' %
                                 (cn_teachers_staff, ou_base),
                                 should_exist=must_exist)
        utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_staff, ou_base),
                                 should_exist=must_exist)
    else:
        utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_staff, ou_base),
                                 should_exist=False)
        utils.verify_ldap_object('cn=%s,cn=users,%s' %
                                 (cn_teachers_staff, ou_base),
                                 should_exist=False)
        utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_staff, ou_base),
                                 should_exist=False)

    if noneducational_create_objects:
        utils.verify_ldap_object(
            'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn,
            should_exist=True)
        utils.verify_ldap_object(
            'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn,
            should_exist=True)
        utils.verify_ldap_object(
            'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
            (ou, base_dn),
            should_exist=True)
        utils.verify_ldap_object(
            'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
            (ou, base_dn),
            should_exist=True)
    # This will fail because we don't cleanup these groups in cleanup_ou
    # else:
    #	utils.verify_ldap_object("cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s" % base_dn, should_exist=False)
    #	utils.verify_ldap_object("cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s" % base_dn, should_exist=False)
    #	utils.verify_ldap_object('cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=False)
    #	utils.verify_ldap_object('cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=False)

    if not singlemaster:
        verify_dc(ou, dc_name, TYPE_DC_EDUCATIONAL, base_dn, must_exist)

    if dc_administrative:
        verify_dc(ou, dc_administrative, TYPE_DC_ADMINISTRATIVE, base_dn,
                  must_exist)

    grp_prefix_pupils = ucr.get('ucsschool/ldap/default/groupprefix/pupils',
                                'schueler-')
    grp_prefix_teachers = ucr.get(
        'ucsschool/ldap/default/groupprefix/teachers', 'lehrer-')
    grp_prefix_admins = ucr.get('ucsschool/ldap/default/groupprefix/admins',
                                'admins-')
    grp_prefix_staff = ucr.get('ucsschool/ldap/default/groupprefix/staff',
                               'mitarbeiter-')

    grp_policy_pupils = ucr.get(
        'ucsschool/ldap/default/policy/umc/pupils',
        'cn=ucsschool-umc-pupils-default,cn=UMC,cn=policies,%s' % base_dn)
    grp_policy_teachers = ucr.get(
        'ucsschool/ldap/default/policy/umc/teachers',
        'cn=ucsschool-umc-teachers-default,cn=UMC,cn=policies,%s' % base_dn)
    grp_policy_admins = ucr.get(
        'ucsschool/ldap/default/policy/umc/admins',
        'cn=ucsschool-umc-admins-default,cn=UMC,cn=policies,%s' % base_dn)
    grp_policy_staff = ucr.get(
        'ucsschool/ldap/default/policy/umc/staff',
        'cn=ucsschool-umc-staff-default,cn=UMC,cn=policies,%s' % base_dn)

    utils.verify_ldap_object(
        "cn=%s%s,cn=ouadmins,cn=groups,%s" % (grp_prefix_admins, ou, base_dn),
        expected_attr={'univentionPolicyReference': [grp_policy_admins]},
        should_exist=True)
    utils.verify_ldap_object(
        "cn=%s%s,cn=groups,%s" % (grp_prefix_pupils, ou, ou_base),
        expected_attr={'univentionPolicyReference': [grp_policy_pupils]},
        should_exist=must_exist)
    utils.verify_ldap_object(
        "cn=%s%s,cn=groups,%s" % (grp_prefix_teachers, ou, ou_base),
        expected_attr={'univentionPolicyReference': [grp_policy_teachers]},
        should_exist=must_exist)

    if noneducational_create_objects:
        utils.verify_ldap_object(
            "cn=%s%s,cn=groups,%s" % (grp_prefix_staff, ou, ou_base),
            expected_attr={'univentionPolicyReference': [grp_policy_staff]},
            should_exist=must_exist)

    dcmaster_module = univention.admin.modules.get(
        "computers/domaincontroller_master")
    dcbackup_module = univention.admin.modules.get(
        "computers/domaincontroller_backup")
    dcslave_module = univention.admin.modules.get(
        "computers/domaincontroller_slave")

    masterobjs = univention.admin.modules.lookup(
        dcmaster_module,
        None,
        lo,
        scope='sub',
        superordinate=None,
        base=base_dn,
        filter=univention.admin.filter.expression('cn', dc_name))
    backupobjs = univention.admin.modules.lookup(
        dcbackup_module,
        None,
        lo,
        scope='sub',
        superordinate=None,
        base=base_dn,
        filter=univention.admin.filter.expression('cn', dc_name))
    slaveobjs = univention.admin.modules.lookup(
        dcslave_module,
        None,
        lo,
        scope='sub',
        superordinate=None,
        base=base_dn,
        filter=univention.admin.filter.expression('cn', dc_name))

    # check group membership
    #  slave should be member
    #  master and backup should not be member
    dcgroups = [
        "cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s" % (ou, base_dn),
        "cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s" % (base_dn)
    ]

    if must_exist:
        if masterobjs:
            is_master_or_backup = True
            dcobject = masterobjs[0]
        elif backupobjs:
            is_master_or_backup = True
            dcobject = backupobjs[0]
        elif slaveobjs:
            is_master_or_backup = False
            dcobject = slaveobjs[0]
        else:
            raise DCNotFound()

        dcobject.open()
        groups = []
        membership = False
        for group in dcobject.get('groups'):
            groups.append(group.lower())
        for dcgroup in dcgroups:
            if dcgroup.lower() in groups:
                membership = True

        if is_master_or_backup and membership:
            raise DCMembership()
        elif not is_master_or_backup and not membership:
            raise DCMembership()

    ucr.load()
    if not singlemaster:
        # in multiserver setups all dhcp settings have to be checked
        dhcp_dn = "cn=dhcp,%s" % (ou_base)
    else:
        # in singleserver setup only the first OU sets dhcpd/ldap/base and all following OUs
        # should leave the UCR variable untouched.
        dhcpd_ldap_base = ucr.get('dhcpd/ldap/base')
        if not dhcpd_ldap_base or 'ou=' not in dhcpd_ldap_base:
            raise DhcpdLDAPBase('dhcpd/ldap/base=%r contains no "ou="' %
                                (dhcpd_ldap_base, ))

        # use the UCR value and check if the DHCP service exists
        dhcp_dn = dhcpd_ldap_base

    # dhcp
    print 'LDAP base of dhcpd = %r' % dhcp_dn
    dhcp_service_dn = "cn=%s,%s" % (get_school_ou_from_dn(dhcp_dn,
                                                          ucr), dhcp_dn)
    dhcp_server_dn = "cn=%s,%s" % (dc_name, dhcp_service_dn)
    if must_exist:
        utils.verify_ldap_object(dhcp_service_dn,
                                 expected_attr={
                                     'dhcpOption': [
                                         'wpad "http://%s.%s/proxy.pac"' %
                                         (dc_name, ucr.get('domainname'))
                                     ]
                                 },
                                 should_exist=True)
        utils.verify_ldap_object(dhcp_server_dn, should_exist=True)

    dhcp_dns_clearou_dn = 'cn=dhcp-dns-clear,cn=policies,%s' % ou_base
    if dhcp_dns_clearou:
        utils.verify_ldap_object(dhcp_dns_clearou_dn,
                                 expected_attr={
                                     'emptyAttributes':
                                     ['univentionDhcpDomainNameServers']
                                 },
                                 should_exist=must_exist)
        try:
            utils.verify_ldap_object(ou_base,
                                     expected_attr={
                                         'univentionPolicyReference':
                                         [dhcp_dns_clearou_dn]
                                     },
                                     should_exist=must_exist)
        except utils.LDAPObjectUnexpectedValue:
            # ignore other policies
            pass
    else:
        utils.verify_ldap_object(dhcp_dns_clearou_dn, should_exist=False)
Beispiel #7
0
def create_and_verify_ou(ucr,
                         ou,
                         dc,
                         sharefileserver,
                         dc_administrative=None,
                         ou_displayname=None,
                         singlemaster=False,
                         noneducational_create_objects=False,
                         district_enable=False,
                         default_dcs=None,
                         dhcp_dns_clearou=False,
                         do_cleanup=True,
                         unset_dhcpd_base=True,
                         use_cli_api=True,
                         use_python_api=False):

    assert (use_cli_api != use_python_api)

    print '******************************************************'
    print '**** create_and_verify_ou test run'
    print '****	ou=%s' % ou
    print '****	ou_displayname=%r' % ou_displayname
    print '****	dc=%s' % dc
    print '****	dc_administrative=%s' % dc_administrative
    print '****	sharefileserver=%s' % sharefileserver
    print '****	singlemaster=%s' % singlemaster
    print '****	noneducational_create_objects=%s' % noneducational_create_objects
    print '****	district_enable=%s' % district_enable
    print '****	default_dcs=%s' % default_dcs
    print '****	dhcp_dns_clearou=%s' % dhcp_dns_clearou
    print '******************************************************'

    ucr.load()

    lo = univention.uldap.getMachineConnection()

    # set UCR
    univention.config_registry.handler_set([
        'ucsschool/singlemaster=%s' % ('true' if singlemaster else 'false'),
        'ucsschool/ldap/noneducational/create/objects=%s' %
        ('true' if noneducational_create_objects else 'false'),
        'ucsschool/ldap/district/enable=%s' %
        ('true' if district_enable else 'false'),
        'ucsschool/ldap/default/dcs=%s' % default_dcs,
        'ucsschool/import/generate/policy/dhcp/dns/clearou=%s' %
        ('true' if dhcp_dns_clearou else 'false'),
    ])
    if unset_dhcpd_base:
        univention.config_registry.handler_unset(['dhcpd/ldap/base'])
    ucr.load()

    base_dn = ucr.get('ldap/base')
    ou_base = get_ou_base(ou, district_enable)

    # create hooks
    (pre_hook,
     pre_hook_successful) = import_ou_create_pre_hook(ou, ou_base, dc,
                                                      singlemaster)
    (post_hook, post_hook_successful) = import_ou_create_post_hook(
        ou, ou_base, dc, singlemaster)

    move_dc_after_create_ou = False

    # does dc exist?
    if singlemaster:
        dc_name = ucr.get('hostname')
    elif dc:
        result = lo.search(
            filter='(&(objectClass=univentionDomainController)(cn=%s))' % dc,
            base=base_dn,
            attr=['cn'])
        if result:
            move_dc_after_create_ou = True
        dc_name = dc
    else:
        dc_name = 'dc%s-01' % ou

    if use_cli_api:
        create_ou_cli(ou, dc, dc_administrative, sharefileserver,
                      ou_displayname)
    if use_python_api:
        create_ou_python_api(ou, dc, dc_administrative, sharefileserver,
                             ou_displayname)

    if move_dc_after_create_ou:
        move_domaincontroller_to_ou_cli(dc_name, ou)

    # cleanup hooks
    os.remove(pre_hook)
    os.remove(post_hook)

    if os.path.exists(pre_hook_successful):
        os.unlink(pre_hook_successful)
    else:
        raise PreHookFailed()

    if os.path.exists(post_hook_successful):
        os.unlink(post_hook_successful)
    else:
        raise PostHookFailed()

    verify_ou(ou, dc, ucr, sharefileserver, dc_administrative, must_exist=True)

    if do_cleanup:
        remove_ou(ou)
        # create user
        dnUser, _username = udm.create_user()

        # stop CLI daemon
        udm.stop_cli_server()

        # create group
        _dnGroup, _groupname = udm.create_group()

        # modify user from above
        udm.modify_object('users/user', dn=dnUser, description='Foo Bar')

        # test with malformed arguments
        try:
            _dnUser, _username = udm.create_user(username='')
        except UCSTestUDM_CreateUDMObjectFailed as ex:
            print(
                'Caught anticipated exception UCSTestUDM_CreateUDMObjectFailed - SUCCESS'
            )

        # try to modify object not created by create_udm_object()
        try:
            udm.modify_object('users/user',
                              dn='uid=Administrator,cn=users,%s' %
                              ucr.get('ldap/base'),
                              description='Foo Bar')
        except UCSTestUDM_CannotModifyExistingObject as ex:
            print(
                'Caught anticipated exception UCSTestUDM_CannotModifyExistingObject - SUCCESS'
            )
Beispiel #9
0
def test_force_printername(ucr, udm, ucr_value):
    """Check state of "force printername" during UDM printer modify"""

    ucr_var = "samba/force_printername"

    ucr.load()
    previous_value = ucr.get(ucr_var)

    if ucr_value is None:
        univention.config_registry.handler_unset([ucr_var])

    else:
        keyval = "%s=%s" % (ucr_var, ucr_value)
        univention.config_registry.handler_set([keyval])

    if ucr_value != previous_value:
        subprocess.call(
            ["systemctl", "restart", "univention-directory-listener"],
            close_fds=True)

    ucr.load()
    expected_value = ucr.is_true(
        ucr_var, True)  # This is the behavior of cups-printers.py

    printer_name = uts.random_name()

    printer_properties = {
        'model': 'foomatic-ppds/Apple/Apple-12_640ps-Postscript.ppd.gz',
        'uri': 'parallel /dev/lp0',
        'spoolHost': '%s.%s' % (ucr['hostname'], ucr['domainname']),
        'name': printer_name
    }

    printer = udm.create_object('shares/printer',
                                position='cn=printers,%s' % ucr['ldap/base'],
                                **printer_properties)
    utils.verify_ldap_object(
        printer, {
            'univentionPrinterModel': [printer_properties['model']],
            'univentionPrinterURI':
            [printer_properties['uri'].replace(' ', '')],
            'univentionPrinterSpoolHost': [printer_properties['spoolHost']]
        })
    utils.wait_for_replication()

    old_filename = '/etc/samba/printers.conf.d/%s' % printer_name
    samba_force_printername = _testparm_is_true(old_filename, printer_name,
                                                'force printername')
    assert samba_force_printername == expected_value, "samba option \"force printername\" not set to %s" % (
        expected_value, )
    print("Ok, samba option \"force printername\" set to %s" %
          (expected_value, ))

    # Check behavior during UDM modification
    rename_share_and_check(udm, printer, expected_value)

    # And check again after inverting the UCR setting:
    if not expected_value:
        # This simulates the update case
        keyval = "%s=%s" % (ucr_var, "yes")
        univention.config_registry.handler_set([keyval])
    else:
        keyval = "%s=%s" % (ucr_var, "no")
        univention.config_registry.handler_set([keyval])

    subprocess.call(["systemctl", "restart", "univention-directory-listener"],
                    close_fds=True)

    rename_share_and_check(udm, printer, expected_value)

    # restart listener with original UCR values:
    subprocess.call(["systemctl", "restart", "univention-directory-listener"],
                    close_fds=True)
Beispiel #10
0
def random_fqdn(
        ucr):  # type: (univention.testing.ucr.UCSTestConfigRegistry) -> str
    return '%s.%s' % (uts.random_name(), ucr.get('domainname'))
Beispiel #11
0
def test_create_printergroup(ucr, udm):
    """Create shares/printergroup and verify LDAP object"""
    ucr.load()

    spoolHost = random_fqdn(ucr)

    printer_properties1 = {
        'name':
        uts.random_name(),
        'spoolHost':
        spoolHost,
        'uri':
        '%s %s' % (
            random.choice(PRINTER_PROTOCOLS),
            uts.random_ip(),
        ),
        'model':
        'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd',
        'producer':
        'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
    }

    print('*** Create shares/printer object')
    udm.create_object('shares/printer',
                      position='cn=printers,%s' % (ucr['ldap/base'], ),
                      **printer_properties1)

    printer_properties2 = {
        'name':
        uts.random_name(),
        'spoolHost':
        spoolHost,
        'uri':
        '%s %s' % (
            random.choice(PRINTER_PROTOCOLS),
            uts.random_ip(),
        ),
        'model':
        'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd',
        'producer':
        'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
    }

    print('*** Create shares/printer object')
    udm.create_object('shares/printer',
                      position='cn=printers,%s' % (ucr['ldap/base'], ),
                      **printer_properties2)

    printergroup_properties = {
        'name': uts.random_name(),
        'spoolHost': spoolHost,
        'groupMember':
        [printer_properties1['name'], printer_properties2['name']],
        'sambaName': uts.random_name(),
    }

    print('*** Create shares/printergroup object')
    printergroup_share_dn = udm.create_object('shares/printergroup',
                                              position='cn=printers,%s' %
                                              (ucr['ldap/base'], ),
                                              **printergroup_properties)

    utils.verify_ldap_object(printergroup_share_dn, {
        'cn': [printergroup_properties['name']],
        'univentionObjectType': ['shares/printergroup'],
        'univentionPrinterSambaName': [printergroup_properties['sambaName']],
        'univentionPrinterSpoolHost': [printergroup_properties['spoolHost']],
        'univentionPrinterGroupMember':
        printergroup_properties['groupMember'],
    },
                             delay=1)

    print('*** Modify shares/printergroup object')
    printergroup_properties['sambaName'] = uts.random_name()
    udm.modify_object('shares/printergroup',
                      dn=printergroup_share_dn,
                      sambaName=printergroup_properties['sambaName'])
    utils.verify_ldap_object(
        printergroup_share_dn,
        {'univentionPrinterSambaName': [printergroup_properties['sambaName']]},
        delay=1)
Beispiel #12
0
def test_create_printer_and_check_printing_works(ucr, udm):
    """Create shares/printer and check if print access works"""
    ucr.load()
    admin_dn = ucr.get(
        'tests/domainadmin/account',
        'uid=Administrator,cn=users,%s' % (ucr.get('ldap/base'), ))
    admin_name = ldap.dn.str2dn(admin_dn)[0][0][1]
    password = ucr.get('tests/domainadmin/pwd', 'univention')

    spoolhost = '.'.join([ucr['hostname'], ucr['domainname']])
    acltype = random.choice(['allow all', 'allow'])

    properties = {
        'name': uts.random_name(),
        'location': uts.random_string(),
        'description': uts.random_name(),
        'spoolHost': spoolhost,
        'uri': '%s %s' % (
            random.choice(PRINTER_PROTOCOLS),
            uts.random_ip(),
        ),
        'model': 'hp-ppd/HP/HP_Business_Inkjet_2500C_Series.ppd',
        'producer':
        'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
        'sambaName': uts.random_name(),
        'ACLtype': acltype,
        'ACLUsers': admin_dn,
        'ACLGroups':
        'cn=Printer Admins,cn=groups,%s' % (ucr.get('ldap/base'), ),
    }

    print('*** Create shares/printer object')
    print_share_dn = udm.create_object('shares/printer',
                                       position='cn=printers,%s' %
                                       (ucr['ldap/base'], ),
                                       **properties)

    utils.verify_ldap_object(print_share_dn, {
        'cn': [properties['name']],
        'description': [properties['description']],
        'univentionObjectType': ['shares/printer'],
        'univentionPrinterACLGroups': [properties['ACLGroups']],
        'univentionPrinterACLUsers': [properties['ACLUsers']],
        'univentionPrinterACLtype': [properties['ACLtype']],
        'univentionPrinterLocation': [properties['location']],
        'univentionPrinterModel': [properties['model']],
        'univentionPrinterSambaName': [properties['sambaName']],
        'univentionPrinterSpoolHost': [properties['spoolHost']],
        'univentionPrinterURI': [properties['uri'].replace(' ', '')],
    },
                             delay=1)

    print('*** Modify shares/printer samba share name')
    properties['sambaName'] = uts.random_name()
    udm.modify_object('shares/printer',
                      dn=print_share_dn,
                      sambaName=properties['sambaName'])
    utils.verify_ldap_object(
        print_share_dn,
        {'univentionPrinterSambaName': [properties['sambaName']]},
        delay=1)

    delay = 15
    print('*** Wait %s seconds for listener postrun' % delay)
    time.sleep(delay)
    p = subprocess.Popen(['lpq', '-P', properties['name']], close_fds=True)
    p.wait()
    assert not p.returncode, "CUPS printer {} not created after {} seconds".format(
        properties['name'], delay)

    p = subprocess.Popen(
        ['su', admin_name, '-c',
         'lpr -P %s /etc/hosts' % properties['name']],
        close_fds=True)
    p.wait()
    assert not p.returncode, "Printing to CUPS printer {} as {} failed".format(
        properties['name'], admin_name)

    s4_dc_installed = utils.package_installed("univention-samba4")
    s3_file_and_print_server_installed = utils.package_installed(
        "univention-samba")
    smb_server = s3_file_and_print_server_installed or s4_dc_installed
    if smb_server:
        delay = 1
        time.sleep(delay)
        cmd = [
            'smbclient',
            '//localhost/%s' % properties['sambaName'], '-U',
            '%'.join([admin_name, password]), '-c', 'print /etc/hosts'
        ]
        print('\nRunning: %s' % ' '.join(cmd))
        p = subprocess.Popen(cmd, close_fds=True)
        p.wait()
        if p.returncode:
            share_definition = '/etc/samba/printers.conf.d/%s' % properties[
                'sambaName']
            with open(share_definition) as f:
                print('### Samba share file %s :' % share_definition)
                print(f.read())
            print('### testpam for that smb.conf section:')
            p = subprocess.Popen(
                ['testparm', '-s', '--section-name', properties['sambaName']],
                close_fds=True)
            p.wait()
            assert False, 'Samba printer share {} not accessible'.format(
                properties['sambaName'])

    p = subprocess.Popen(['lprm', '-P', properties['name'], '-'],
                         close_fds=True)
    p.wait()
Beispiel #13
0
    import doctest
    print(doctest.testmod())

    ucr = univention.testing.ucr.UCSTestConfigRegistry()
    ucr.load()

    with UCSTestUDM() as udm:
        # create user
        dnUser, _username = udm.create_user()

        # stop CLI daemon
        udm.stop_cli_server()

        # create group
        _dnGroup, _groupname = udm.create_group()

        # modify user from above
        udm.modify_object('users/user', dn=dnUser, description='Foo Bar')

        # test with malformed arguments
        try:
            _dnUser, _username = udm.create_user(username='')
        except UCSTestUDM_CreateUDMObjectFailed as ex:
            print('Caught anticipated exception UCSTestUDM_CreateUDMObjectFailed - SUCCESS')

        # try to modify object not created by create_udm_object()
        try:
            udm.modify_object('users/user', dn='uid=Administrator,cn=users,%s' % ucr.get('ldap/base'), description='Foo Bar')
        except UCSTestUDM_CannotModifyExistingObject as ex:
            print('Caught anticipated exception UCSTestUDM_CannotModifyExistingObject - SUCCESS')