def add_index(self, attr_name, types, matching_rules=None, reindex=False):
""" Add an index.
:param attr_name - name of the attribute to index
:param types - a List of index types(eq, pres, sub, approx)
:param matching_rules - a List of matching rules for the index
:param reindex - If set to True then index the attribute after creating it.
"""
new_index = Index(self._instance)
props = {
'cn': attr_name,
'nsSystemIndex': 'False',
'nsIndexType': types,
}
if matching_rules is not None:
mrs = []
for mr in matching_rules:
mrs.append(mr)
# Only add if there are actually rules present in the list.
if len(mrs) > 0:
props['nsMatchingRule'] = mrs
new_index.create(properties=props, basedn="cn=index," + self._dn)
if reindex:
self.reindex(attr_name)
def test_invalid_configuration(topo):
""""Error handling for invalid configuration
Starting...test cases for bug1011539
Index config error handling does not exist - you can add any old thing
:id: 377950f6-9f06-11e8-831b-8c16451d917b
:setup: Standalone instance
:steps:
1. Try change nsIndexIDListScanLimit
:expected results:
1. This should pass
"""
for i in [
'4000', 'limit=0 flags=bogus', 'limit=0 limit=1',
'limit=0 type=eq type=eq', 'limit=0 type=sub type=eq',
'limit=0 flags=AND flags=AND',
'limit=0 type=eq values=foo values=foo',
'limit=0 type=eq values=foo,foo', 'limit',
'limit=0 type=pres values=bogus',
'limit=0 type=eq,sub values=bogus', 'limit=', 'limit=1 type=',
'limit=1 flags=', 'limit=1 type=eq values=', 'limit=-2', 'type=eq',
'limit=0 type=bogus'
]:
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
Index(topo.standalone,
GIVEN_NAME).replace('nsIndexIDListScanLimit', i)
def test_healthcheck_RI_plugin_missing_indexes(topology_st):
"""Check if HealthCheck returns DSRILE0002 code
:id: 05c55e37-bb3e-48d1-bbe8-29c980f94f10
:setup: Standalone instance
:steps:
1. Create DS instance
2. Configure the instance with Integrity Plugin
3. Change the index type of the member attribute index to ‘approx’
4. Use HealthCheck without --json option
5. Use HealthCheck with --json option
6. Set the index type of the member attribute index to ‘eq’
7. Use HealthCheck without --json option
8. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Success
4. Healthcheck reports DSRILE0002 code and related details
5. Healthcheck reports DSRILE0002 code and related details
6. Success
7. Healthcheck reports no issue found
8. Healthcheck reports no issue found
"""
RET_CODE = 'DSRILE0002'
MEMBER_DN = 'cn=member,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config'
standalone = topology_st.standalone
log.info('Enable RI plugin')
plugin = ReferentialIntegrityPlugin(standalone)
plugin.disable()
plugin.enable()
log.info('Change the index type of the member attribute index to approx')
index = Index(topology_st.standalone, MEMBER_DN)
index.replace('nsIndexType', 'approx')
run_healthcheck_and_flush_log(topology_st,
standalone,
json=False,
searched_code=RET_CODE)
run_healthcheck_and_flush_log(topology_st,
standalone,
json=True,
searched_code=RET_CODE)
log.info('Set the index type of the member attribute index back to eq')
index.replace('nsIndexType', 'eq')
run_healthcheck_and_flush_log(topology_st,
standalone,
json=False,
searched_code=CMD_OUTPUT)
run_healthcheck_and_flush_log(topology_st,
standalone,
json=True,
searched_code=JSON_OUTPUT)
def test_idlistscanlimit(topo):
"""Test various combinations of filters and idlistscanlimit
:id: 44f83e2c-9f06-11e8-bffe-8c16451d917b
:setup: Standalone instance
:steps:
1. Create entries
2. Try change nsslapd-errorlog-level
3. Test nsIndexIDListScanLimit values
4. Search created entries
5. restart instance
6. Search created entries
7. indexing works after restart
:expected results:
1. This should pass
2. This should pass
3. This should pass
4. This should pass
5. This should pass
6. This should pass
7. This should pass
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
for demo in [
'Product Development', 'Accounting', 'Human Resources', 'Payroll',
'Product Testing'
]:
ous.create(properties={'ou': demo})
users_accounts = UserAccounts(topo.standalone,
DEFAULT_SUFFIX,
rdn='ou=Accounting')
users_human = UserAccounts(topo.standalone,
DEFAULT_SUFFIX,
rdn='ou=Human Resources')
users_testing = UserAccounts(topo.standalone,
DEFAULT_SUFFIX,
rdn='ou=Product Testing')
users_development = UserAccounts(topo.standalone,
DEFAULT_SUFFIX,
rdn='ou=Product Development')
users_payroll = UserAccounts(topo.standalone,
DEFAULT_SUFFIX,
rdn='ou=Payroll')
users_people = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
for data in [(LIST_OF_USER_ACCOUNTING, users_accounts),
(LIST_OF_USER_HUMAN, users_human),
(LIST_OF_USER_TESTING, users_testing),
(LIST_OF_USER_DEVELOPMENT, users_development),
(LIST_OF_USER_PAYROLL, users_payroll),
(LIST_OF_USER_PEOPLE, users_people)]:
for demo1 in data[0]:
fn = demo1.split()[0]
sn = demo1.split()[1]
uid = ''.join([fn[:1], sn]).lower()
data[1].create(
properties={
'uid': uid,
'cn': demo1,
'sn': sn,
'uidNumber': str(1000),
'gidNumber': '2000',
'homeDirectory': f'/home/{uid}',
'givenname': fn,
'userpassword': PW_DM,
'mail': f'{uid}@test.com'
})
try:
# Change log levels
errorlog_value = topo.standalone.config.get_attr_val_utf8(
'nsslapd-errorlog-level')
topo.standalone.config.set('nsslapd-errorlog-level', '524288')
# Test nsIndexIDListScanLimit values
for i in [
'limit=1 type=eq values=Lutz,Hunter',
'limit=2 type=eq flags=AND values=Jensen,Rentz',
'limit=3 type=eq flags=AND', 'limit=4 type=eq',
'limit=5 flags=AND', 'limit=6',
'limit=1 type=sub values=*utz,*ter', 'limit=4 type=sub',
'limit=2 type=sub flags=AND values=*sen,*ntz',
'limit=3 type=sub flags=AND', 'limit=5 type=sub values=*sch*'
]:
Index(topo.standalone, CN_NAME).replace('nsIndexIDListScanLimit',
i)
for i in [
'limit=1 type=eq values=Andy,Andrew',
'limit=2 type=eq flags=AND values=Bjorn,David',
'limit=3 type=eq flags=AND', 'limit=4 type=eq',
'limit=5 flags=AND', 'limit=6'
]:
Index(topo.standalone,
GIVEN_NAME).replace('nsIndexIDListScanLimit', i)
Index(topo.standalone, UNIQMEMBER).\
replace('nsIndexIDListScanLimit',
'limit=0 type=eq values=uid=kvaughan\2Cou=People\2Cdc=example\2Cdc=com,'
'uid=rdaugherty\2Cou=People\2Cdc=example\2Cdc=com')
Index(topo.standalone, OBJECTCLASS).\
replace('nsIndexIDListScanLimit', 'limit=0 type=eq flags=AND values=inetOrgPerson')
# Search with filter
for i in [
'(sn=Lutz)', '(sn=*ter)',
'(&(sn=*sen)(objectclass=organizationalPerson))',
'(&(objectclass=organizationalPerson)(sn=*ntz))',
'(&(sn=Car*)(objectclass=organizationalPerson))', '(sn=sc*)',
'(sn=*sch*)', '(|(givenname=Andy)(givenname=Andrew))',
'(&(givenname=Bjorn)(objectclass=organizationalPerson))',
'(&(objectclass=organizationalPerson)(givenname=David))',
'(&(sn=*)(cn=*))', '(sn=Hunter)',
'(&(givenname=Richard)(objectclass=organizationalPerson))',
'(givenname=Morgan)', '(&(givenname=*)(cn=*))', '(givenname=*)'
]:
assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(f'{i}')
# Creating Groups and adding members
groups = UniqueGroups(topo.standalone, DEFAULT_SUFFIX)
accounting_managers = groups.ensure_state(
properties={'cn': 'Accounting Managers'})
hr_managers = groups.ensure_state(properties={'cn': 'HR Managers'})
accounting_managers.add('uniquemember', [
'uid=scarter, ou=People, dc=example,dc=com',
'uid=tmorris, ou=People, dc=example,dc=com',
'uid=kvaughan, ou=People, dc=example,dc=com',
'uid=rdaugherty, ou=People, dc=example,dc=com',
'uid=hmiller, ou=People, dc=example,dc=com'
])
hr_managers.add('uniquemember', [
'uid=kvaughan, ou=People, dc=example,dc=com',
'uid=cschmith, ou=People, dc=example,dc=com'
])
# Test Filters
for value in [
'(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)',
'(uniquemember=uid=rdaugherty,ou=People,dc=example,dc=com)',
'(uniquemember=uid=hmiller,ou=People,dc=example,dc=com)',
'(&(objectclass=inetorgperson)(uid=scarter))',
'(&(objectclass=organizationalperson)(uid=scarter))',
'(objectclass=inetorgperson)',
'(&(objectclass=organizationalPerson)(sn=Jensen))',
'(&(mail=*)(objectclass=organizationalPerson))', '(mail=*)',
'(&(sn=Rentz)(objectclass=organizationalPerson))',
'(&(sn=Ward)(sn=Ward))', '(sn=Jensen)', '(sn=*)', '(sn=*utz)',
'(&(sn=Hunter)(sn=Rentz))'
]:
if value == '(&(sn=Hunter)(sn=Rentz))':
assert not Accounts(topo.standalone,
DEFAULT_SUFFIX).filter(value)
elif value.find('uniquemember') == 1:
assert UniqueGroups(topo.standalone,
DEFAULT_SUFFIX).filter(value)
else:
assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(value)
# restart instance
topo.standalone.restart()
# see if indexing works after restart
for value in [
'(uniquemember=uid=kvaughan,ou=People,dc=example,dc=com)',
'(uniquemember=uid=rdaugherty,ou=People,dc=example,dc=com)',
'(uniquemember=uid=hmiller,ou=People,dc=example,dc=com)',
'(&(objectclass=inetorgperson)(uid=scarter))',
'(&(objectclass=organizationalperson)(uid=scarter))',
'(objectclass=inetorgperson)',
'(&(objectclass=organizationalPerson)(sn=Jensen))',
'(&(mail=*)(objectclass=organizationalPerson))', '(mail=*)',
'(&(sn=Rentz)(objectclass=organizationalPerson))',
'(&(sn=Ward)(sn=Ward))', '(sn=Jensen)', '(sn=*)', '(sn=*utz)'
]:
if value == '(&(sn=Hunter)(sn=Rentz))':
assert not Accounts(topo.standalone,
DEFAULT_SUFFIX).filter(value)
elif value.find('uniquemember') == 1:
assert UniqueGroups(topo.standalone,
DEFAULT_SUFFIX).filter(value)
else:
assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(value)
assert not Accounts(topo.standalone,
DEFAULT_SUFFIX).filter('(&(sn=Hunter)(sn=Rentz))')
for value in [
'(sn=Lutz)', '(sn=*ter)',
'(&(sn=*sen)(objectclass=organizationalPerson))',
'(&(objectclass=organizationalPerson)(sn=*ntz))',
'(&(sn=Car*)(objectclass=organizationalPerson))', '(sn=sc*)',
'(sn=*sch*)', '(|(givenname=Andy)(givenname=Andrew))',
'(&(givenname=Bjorn)(objectclass=organizationalPerson))',
'(&(objectclass=organizationalPerson)(givenname=David))',
'(&(sn=*)(cn=*))', '(sn=Hunter)',
'(&(givenname=Richard)(objectclass=organizationalPerson))',
'(givenname=Morgan)', '(&(givenname=*)(cn=*))', '(givenname=*)'
]:
assert Accounts(topo.standalone, DEFAULT_SUFFIX).filter(value)
finally:
topo.standalone.config.set('nsslapd-errorlog-level', errorlog_value)