Ejemplo n.º 1
0
def test_get_singlevalue(topo, entry_dn):
    """Check that we can get an attribute value under different suffixes"""

    dse_ldif = DSEldif(topo.standalone)

    log.info("Get 'cn' attr from {}".format(entry_dn))
    attr_values = dse_ldif.get(entry_dn, "cn")
    assert attr_values == ["config"]

    log.info("Get 'nonexistent' attr from {}".format(entry_dn))
    attr_values = dse_ldif.get(entry_dn, "nonexistent")
    assert not attr_values
Ejemplo n.º 2
0
def get_ldapurl_from_serverid(instance):
    """ Take an instance name, and get the host/port/protocol from dse.ldif
    and return a LDAP URL to use in the CLI tools (dsconf)

    :param instance: The server ID of a server instance
    :return tuple of LDAPURL and certificate directory (for LDAPS)
    """
    try:
        dse_ldif = DSEldif(None, instance)
    except:
        return (None, None)

    port = dse_ldif.get("cn=config", "nsslapd-port", single=True)
    secureport = dse_ldif.get("cn=config", "nsslapd-secureport", single=True)
    host = dse_ldif.get("cn=config", "nsslapd-localhost", single=True)
    sec = dse_ldif.get("cn=config", "nsslapd-security", single=True)
    ldapi_listen = dse_ldif.get("cn=config", "nsslapd-ldapilisten", single=True)
    ldapi_autobind = dse_ldif.get("cn=config", "nsslapd-ldapiautobind", single=True)
    ldapi_socket = dse_ldif.get("cn=config", "nsslapd-ldapifilepath", single=True)
    certdir = dse_ldif.get("cn=config", "nsslapd-certdir", single=True)

    if ldapi_listen is not None and ldapi_listen.lower() == "on" and \
       ldapi_autobind is not None and ldapi_autobind.lower() == "on" and \
       ldapi_socket is not None:
        # Use LDAPI
        socket = ldapi_socket.replace("/", "%2f")  # Escape the path
        return ("ldapi://" + socket, None)
    elif sec is not None and sec.lower() == "on" and secureport is not None:
        # Use LDAPS
        return ("ldaps://{}:{}".format(host, secureport), certdir)
    else:
        # Use LDAP
        return ("ldap://{}:{}".format(host, port), None)
Ejemplo n.º 3
0
def test_add(topo, fake_attr_value):
    """Check that we can add an attribute to a given suffix"""

    dse_ldif = DSEldif(topo.standalone)
    fake_attr = "fakeAttr"

    log.info("Add {} to {}".format(fake_attr, DN_CONFIG))
    dse_ldif.add(DN_CONFIG, fake_attr, fake_attr_value)
    attr_values = dse_ldif.get(DN_CONFIG, fake_attr)
    assert attr_values == [fake_attr_value]

    log.info("Clean up")
    dse_ldif.delete(DN_CONFIG, fake_attr)
    assert not dse_ldif.get(DN_CONFIG, fake_attr)
Ejemplo n.º 4
0
def test_replace(topo):
    """Check that we can replace an attribute to a given suffix"""

    dse_ldif = DSEldif(topo.standalone)
    port_attr = "nsslapd-port"
    port_value = "390"

    log.info("Get default value of {}".format(port_attr))
    default_value = dse_ldif.get(DN_CONFIG, port_attr)[0]

    log.info("Replace {} with {}".format(port_attr, port_value))
    dse_ldif.replace(DN_CONFIG, port_attr, port_value)
    attr_values = dse_ldif.get(DN_CONFIG, port_attr)
    assert attr_values == [port_value]

    log.info("Restore default value")
    dse_ldif.replace(DN_CONFIG, port_attr, default_value)
Ejemplo n.º 5
0
def test_cl_encryption_setup_process(topo):
    """Take an already working replication deployment, and setup changelog
    encryption

    :id: 1a1b7d29-69f5-4f0e-91c4-e7f66140ff17
    :setup: Master Instance, Consumer Instance
    :steps:
        1. Enable TLS for the server
        2. Export changelog
        3. Enable changelog encryption
        4. Import changelog
        5. Verify replication is still working
    :expectedresults:
        1. Success
        2. Success
        3. Success
        4. Success
        5. Success
    """

    supplier = topo.ms['master1']
    consumer = topo.cs['consumer1']

    # Enable TLS
    log.info('Enable TLS ...')
    supplier.enable_tls()
    consumer.enable_tls()

    # Export changelog
    log.info('Export changelog ...')
    replicas = Replicas(supplier)
    replica = replicas.get(DEFAULT_SUFFIX)
    replica.begin_task_cl2ldif()
    replica.task_finished()

    # Enable changelog encryption
    log.info('Enable changelog encryption ...')
    dse_ldif = DSEldif(supplier)
    supplier.stop()
    if ds_supports_new_changelog():
        changelog = 'cn=changelog,{}'.format(DN_USERROOT_LDBM)
    else:
        changelog = DN_CHANGELOG
    dse_ldif.replace(changelog, 'nsslapd-encryptionalgorithm', 'AES')
    if dse_ldif.get(changelog, 'nsSymmetricKey'):
        dse_ldif.delete(changelog, 'nsSymmetricKey')
    supplier.start()

    # Import changelog
    log.info('Import changelog ...')
    replica.begin_task_ldif2cl()
    replica.task_finished()

    # Verify replication is still working
    log.info('Test replication is still working ...')
    assert replica.test_replication([consumer])
Ejemplo n.º 6
0
def test_get_multivalue(topo):
    """Check that we can get attribute values"""

    dse_ldif = DSEldif(topo.standalone)

    log.info("Get objectClass from {}".format(DN_CONFIG))
    attr_values = dse_ldif.get(DN_CONFIG, "objectClass")
    assert len(attr_values) == 3
    assert "top" in attr_values
    assert "extensibleObject" in attr_values
    assert "nsslapdConfig" in attr_values
Ejemplo n.º 7
0
def _enable_changelog_encryption(inst, encrypt_algorithm):
    """Configure changelog encryption for master"""

    dse_ldif = DSEldif(inst)
    log.info('Configuring changelog encryption:{} for: {}'.format(
        inst.serverid, encrypt_algorithm))
    inst.stop()
    dse_ldif.replace(DN_CHANGELOG, 'nsslapd-encryptionalgorithm',
                     encrypt_algorithm)
    if dse_ldif.get(DN_CHANGELOG, 'nsSymmetricKey'):
        dse_ldif.delete(DN_CHANGELOG, 'nsSymmetricKey')
    inst.start()
Ejemplo n.º 8
0
def test_delete_singlevalue(topo):
    """Check that we can delete an attribute from a given suffix"""

    dse_ldif = DSEldif(topo.standalone)
    fake_attr = "fakeAttr"
    fake_attr_values = ["fake1", "fake2", "fake3"]

    log.info("Add multivalued {} to {}".format(fake_attr, DN_CONFIG))
    for value in fake_attr_values:
        dse_ldif.add(DN_CONFIG, fake_attr, value)

    log.info("Delete {}".format(fake_attr_values[0]))
    dse_ldif.delete(DN_CONFIG, fake_attr, fake_attr_values[0])
    attr_values = dse_ldif.get(DN_CONFIG, fake_attr)
    assert len(attr_values) == 2
    assert fake_attr_values[0] not in attr_values
    assert fake_attr_values[1] in attr_values
    assert fake_attr_values[2] in attr_values

    log.info("Clean up")
    dse_ldif.delete(DN_CONFIG, fake_attr)
    assert not dse_ldif.get(DN_CONFIG, fake_attr)
Ejemplo n.º 9
0
def test_delete_multivalue(topo):
    """Check that we can delete attributes from a given suffix"""

    dse_ldif = DSEldif(topo.standalone)
    fake_attr = "fakeAttr"
    fake_attr_values = ["fake1", "fake2", "fake3"]

    log.info("Add multivalued {} to {}".format(fake_attr, DN_CONFIG))
    for value in fake_attr_values:
        dse_ldif.add(DN_CONFIG, fake_attr, value)

    log.info("Delete all values of {}".format(fake_attr))
    dse_ldif.delete(DN_CONFIG, fake_attr)
    assert not dse_ldif.get(DN_CONFIG, fake_attr)
Ejemplo n.º 10
0
def _enable_changelog_encryption(inst, encrypt_algorithm):
    """Configure changelog encryption for supplier"""

    dse_ldif = DSEldif(inst)
    log.info('Configuring changelog encryption:{} for: {}'.format(inst.serverid, encrypt_algorithm))
    inst.stop()
    if ds_supports_new_changelog():
        changelog = 'cn=changelog,{}'.format(DN_USERROOT_LDBM)
    else:
        changelog = DN_CHANGELOG

    dse_ldif.replace(changelog, 'nsslapd-encryptionalgorithm', encrypt_algorithm)
    if dse_ldif.get(changelog, 'nsSymmetricKey'):
        dse_ldif.delete(changelog, 'nsSymmetricKey')
    inst.start()