def test_usandsconf_dbgen_nested_ldif(topology_st, set_log_file_and_ldif):
"""Test ldifgen (formerly dbgen) tool to create nested ldif
:id: 9c281c28-4169-45e0-8c07-c5502d9a7581
:setup: Standalone instance
:steps:
1. Create DS instance
2. Run ldifgen to generate nested ldif
3. Import generated ldif to database
4. Check it was properly imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
standalone = topology_st.standalone
args = FakeArgs()
args.suffix = DEFAULT_SUFFIX
args.node_limit = "100"
args.num_users = "600"
args.ldif_file = ldif_file
content_list = [
'Generating LDIF with the following options:', 'suffix={}'.format(
args.suffix), 'node-limit={}'.format(args.node_limit),
'num-users={}'.format(args.num_users),
'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
'Successfully created nested LDIF file ({}) containing 6 nodes/subtrees'
.format(args.ldif_file)
]
log.info('Run ldifgen to create nested ldif')
dbgen_create_nested(standalone, log, args)
log.info('Check if file exists')
assert os.path.exists(ldif_file)
check_value_in_log_and_reset(content_list)
log.info('Get number of accounts before import')
accounts = Accounts(standalone, DEFAULT_SUFFIX)
count_account = len(accounts.filter('(uid=*)'))
count_ou = len(accounts.filter('(ou=*)'))
# Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
# ldapmodify will complain about already existing suffix which causes subprocess to return exit code != 0
with pytest.raises(subprocess.CalledProcessError):
run_ldapmodify_from_file(standalone, ldif_file)
standalone.restart()
log.info('Check that accounts are imported')
assert len(accounts.filter('(uid=*)')) > count_account
assert len(accounts.filter('(ou=*)')) > count_ou
def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):
"""With nsslapd-db-private-import-mem: on is faster import.
:id: 3044331c-9c0e-11ea-ac9f-8c16451d917b
:setup: Standalone Instance
:steps:
1. Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0
2. Measure offline import time duration total_time1
3. Now nsslapd-db-private-import-mem:off
4. Measure offline import time duration total_time2
5. total_time1 < total_time2
6. Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1
7. Measure offline import time duration total_time1
8. Now nsslapd-db-private-import-mem:off
9. Measure offline import time duration total_time2
10. total_time1 < total_time2
:expected results:
1. Operation successful
2. Operation successful
3. Operation successful
4. Operation successful
5. Operation successful
6. Operation successful
7. Operation successful
8. Operation successful
9. Operation successful
10. Operation successful
"""
# Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0
config = LDBMConfig(topo.standalone)
# Measure offline import time duration total_time1
total_time1 = _import_offline(topo, 20)
# Now nsslapd-db-private-import-mem:off
config.replace('nsslapd-db-private-import-mem', 'off')
accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
for i in accounts.filter('(uid=*)'):
UserAccount(topo.standalone, i.dn).delete()
# Measure offline import time duration total_time2
total_time2 = _import_offline(topo, 20)
# total_time1 < total_time2
assert total_time1 < total_time2
# Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1
config.replace_many(('nsslapd-db-private-import-mem', 'on'),
('nsslapd-import-cache-autosize', '-1'))
for i in accounts.filter('(uid=*)'):
UserAccount(topo.standalone, i.dn).delete()
# Measure offline import time duration total_time1
total_time1 = _import_offline(topo, 20)
# Now nsslapd-db-private-import-mem:off
config.replace('nsslapd-db-private-import-mem', 'off')
for i in accounts.filter('(uid=*)'):
UserAccount(topo.standalone, i.dn).delete()
# Measure offline import time duration total_time2
total_time2 = _import_offline(topo, 20)
# total_time1 < total_time2
assert total_time1 < total_time2
def test_usandsconf_dbgen_users(topology_st, set_log_file_and_ldif):
"""Test ldifgen (formerly dbgen) tool to create ldif with users
:id: 426b5b94-9923-454d-a736-7e71ca985e91
:setup: Standalone instance
:steps:
1. Create DS instance
2. Run ldifgen to generate ldif with users
3. Import generated ldif to database
4. Check it was properly imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
standalone = topology_st.standalone
args = FakeArgs()
args.suffix = DEFAULT_SUFFIX
args.parent = 'ou=people,dc=example,dc=com'
args.number = "1000"
args.rdn_cn = False
args.generic = True
args.start_idx = "50"
args.localize = False
args.ldif_file = ldif_file
content_list = [
'Generating LDIF with the following options:',
'suffix={}'.format(args.suffix), 'parent={}'.format(args.parent),
'number={}'.format(args.number), 'rdn-cn={}'.format(args.rdn_cn),
'generic={}'.format(args.generic), 'start-idx={}'.format(
args.start_idx), 'localize={}'.format(args.localize),
'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
'Successfully created LDIF file: {}'.format(args.ldif_file)
]
log.info('Run ldifgen to create users ldif')
dbgen_create_users(standalone, log, args)
log.info('Check if file exists')
assert os.path.exists(ldif_file)
check_value_in_log_and_reset(content_list)
log.info('Get number of accounts before import')
accounts = Accounts(standalone, DEFAULT_SUFFIX)
count_account = len(accounts.filter('(uid=*)'))
run_offline_import(standalone, ldif_file)
log.info('Check that accounts are imported')
assert len(accounts.filter('(uid=*)')) > count_account
def test_healthcheck_notes_unknown_attribute(topology_st, setup_ldif):
"""Check if HealthCheck returns DSLOGNOTES0002 code
:id: 71ccd1d7-3c71-416b-9d2a-27f9f6633101
:setup: Standalone instance
:steps:
1. Create DS instance
2. Set nsslapd-accesslog-logbuffering to off
3. Import users from created ldif file
4. Use HealthCheck without --json option
5. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Success
4. Healthcheck reports DSLOGNOTES0002
5. Healthcheck reports DSLOGNOTES0002
"""
RET_CODE = 'DSLOGNOTES0002'
standalone = topology_st.standalone
log.info('Delete the previous access logs')
topology_st.standalone.deleteAccessLogs()
log.info('Set nsslapd-accesslog-logbuffering to off')
standalone.config.set("nsslapd-accesslog-logbuffering", "off")
log.info('Stopping the server and running offline import...')
standalone.stop()
assert standalone.ldif2db(bename=DEFAULT_BENAME,
suffixes=[DEFAULT_SUFFIX],
encrypt=None,
excludeSuffixes=None,
import_file=import_ldif)
standalone.start()
log.info('Use filters to reproduce "notes=F" in access log')
accounts = Accounts(standalone, DEFAULT_SUFFIX)
accounts.filter('(unknown=test)')
log.info('Check that access log contains "notes=F"')
assert standalone.ds_access_log.match(r'.*notes=F.*')
run_healthcheck_and_flush_log(topology_st,
standalone,
RET_CODE,
json=False)
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
def finofaci():
accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
for i in accounts.filter('(uid=*)'):
UserAccount(topo.standalone, i.dn).delete()
ldif_dir = topo.standalone.get_ldif_dir()
import_ldif = ldif_dir + '/basic_import.ldif'
if os.path.exists(import_ldif):
os.remove(import_ldif)
def test_only_allow_some_targetattr(topo, clean, aci_of_user):
"""Misc Test 5 only allow some targetattr (1/2)
:id: 9d27f048-7db8-11e8-a71c-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
for i in range(1, 3):
user = uas.create_test_user(uid=i, gid=i)
user.replace_many(('cn', 'Anuj1'), ('mail', '*****@*****.**'))
Domain(topo.standalone, DEFAULT_SUFFIX).\
replace("aci", '(target="ldap:///{}")(targetattr="mail||objectClass")'
'(version 3.0; acl "Test";allow (read,search,compare) '
'(userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX))
conn = Anonymous(topo.standalone).bind()
accounts = Accounts(conn, DEFAULT_SUFFIX)
# aci will allow only mail targetattr
assert len(accounts.filter('(mail=*)')) == 2
# aci will allow only mail targetattr
assert not accounts.filter('(cn=*)', scope=1)
# with root no , blockage
assert len(
Accounts(topo.standalone, DEFAULT_SUFFIX).filter('(uid=*)',
scope=1)) == 2
for i in uas.list():
i.delete()
def test_all_together_positive(topo, _create_test_entries, filter_test, condition, filter_out):
"""Test filter with positive results.
:id: 51924a38-9baa-11e8-b22a-8c16451d917b
:parametrized: yes
:setup: Standalone Server
:steps:
1. Create Filter rules.
2. Try to pass filter rules as per the condition .
:expected results:
1. It should pass
2. It should pass
"""
account = Accounts(topo.standalone, DEFAULT_SUFFIX)
assert account.filter(filter_test)[0].get_attrs_vals_utf8(condition)[filter_out]
def test_only_allow_some_targetattr_two(topo, clean, aci_of_user, request):
"""Misc Test 6 only allow some targetattr (2/2)"
:id: a188239c-7db8-11e8-903e-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
for i in range(5):
user = uas.create_test_user(uid=i, gid=i)
user.replace_many(('mail', '*****@*****.**'), ('cn', 'Anuj'),
('userPassword', PW_DM))
user1 = uas.create_test_user()
user1.replace_many(('mail', '*****@*****.**'),
('userPassword', PW_DM))
Domain(topo.standalone, DEFAULT_SUFFIX).\
replace("aci", '(target="ldap:///{}") (targetattr="mail||objectClass")'
'(targetfilter="cn=Anuj") (version 3.0; acl "{}"; '
'allow (compare,read,search) '
'(userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX, request.node.name))
conn = UserAccount(topo.standalone, user.dn).bind(PW_DM)
# aci will allow only mail targetattr but only for cn=Anuj
account = Accounts(conn, DEFAULT_SUFFIX)
assert len(account.filter('(mail=*)')) == 5
assert not account.filter('(cn=*)')
for i in account.filter('(mail=*)'):
assert i.get_attr_val_utf8('mail') == '*****@*****.**'
conn = Anonymous(topo.standalone).bind()
# aci will allow only mail targetattr but only for cn=Anuj
account = Accounts(conn, DEFAULT_SUFFIX)
assert len(account.filter('(mail=*)')) == 5
assert not account.filter('(cn=*)')
for i in account.filter('(mail=*)'):
assert i.get_attr_val_utf8('mail') == '*****@*****.**'
# with root no blockage
assert len(Accounts(topo.standalone,
DEFAULT_SUFFIX).filter('(mail=*)')) == 6
for i in uas.list():
i.delete()
def _entryuuid_import_and_search(topology):
# 1
ldif_dir = topology.standalone.get_ldif_dir()
target_ldif = os.path.join(ldif_dir,
'localhost-userRoot-2020_03_30_13_14_47.ldif')
import_ldif = os.path.join(DATADIR1,
'localhost-userRoot-2020_03_30_13_14_47.ldif')
shutil.copyfile(import_ldif, target_ldif)
os.chmod(target_ldif, 0o777)
be = Backends(topology.standalone).get('userRoot')
task = be.import_ldif([target_ldif])
task.wait()
assert (task.is_complete() and task.get_exit_code() == 0)
accounts = Accounts(topology.standalone, DEFAULT_SUFFIX)
# 2 - positive eq test
r2 = accounts.filter("(entryUUID=%s)" % IMPORT_UUID_A)
assert (len(r2) == 1)
r3 = accounts.filter("(entryuuid=%s)" % IMPORT_UUID_B)
assert (len(r3) == 1)
# 3 - negative eq test
r4 = accounts.filter("(entryuuid=%s)" % UUID_MAX)
assert (len(r4) == 0)
# 4 - le search
r5 = accounts.filter("(entryuuid<=%s)" % UUID_BETWEEN)
assert (len(r5) == 1)
# 5 - ge search
r6 = accounts.filter("(entryuuid>=%s)" % UUID_BETWEEN)
assert (len(r6) == 1)
# 6 - le 0 search
r7 = accounts.filter("(entryuuid<=%s)" % UUID_MIN)
assert (len(r7) == 0)
# 7 - ge f search
r8 = accounts.filter("(entryuuid>=%s)" % UUID_MAX)
assert (len(r8) == 0)
# 8 - export db
task = be.export_ldif()
task.wait()
assert (task.is_complete() and task.get_exit_code() == 0)
def _search_for_user(topo, no_n0):
"""
Will make sure that users are imported
"""
accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
assert len(accounts.filter('(uid=*)')) == no_n0
def _check_users_before_test(topo, no_no):
"""
Will check no user before test.
"""
accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
assert len(accounts.filter('(uid=*)')) < no_no
def test_usandsconf_dbgen_mod_ldif_mixed(topology_st, set_log_file_and_ldif):
"""Test ldifgen (formerly dbgen) tool to create mixed modification ldif
:id: 4a2e0901-2b48-452e-a4a0-507735132c81
:setup: Standalone instance
:steps:
1. Create DS instance
2. Run ldifgen to generate modification ldif
3. Import generated ldif to database
4. Check it was properly imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
standalone = topology_st.standalone
args = FakeArgs()
args.parent = DEFAULT_SUFFIX
args.create_users = True
args.delete_users = True
args.create_parent = False
args.num_users = "1000"
args.add_users = "100"
args.del_users = "999"
args.modrdn_users = "100"
args.mod_users = "10"
args.mod_attrs = ['cn', 'uid', 'sn']
args.randomize = False
args.ldif_file = ldif_file
content_list = [
'Generating LDIF with the following options:',
'create-users={}'.format(args.create_users), 'parent={}'.format(
args.parent), 'create-parent={}'.format(args.create_parent),
'delete-users={}'.format(args.delete_users), 'num-users={}'.format(
args.num_users), 'add-users={}'.format(args.add_users),
'del-users={}'.format(args.del_users), 'modrdn-users={}'.format(
args.modrdn_users), 'mod-users={}'.format(args.mod_users),
'mod-attrs={}'.format(args.mod_attrs),
'randomize={}'.format(args.randomize),
'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
'Successfully created LDIF file: {}'.format(args.ldif_file)
]
log.info('Run ldifgen to create modification ldif')
dbgen_create_mods(standalone, log, args)
log.info('Check if file exists')
assert os.path.exists(ldif_file)
check_value_in_log_and_reset(content_list)
log.info('Get number of accounts before import')
accounts = Accounts(standalone, DEFAULT_SUFFIX)
count_account = len(accounts.filter('(uid=*)'))
# Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
# ldapmodify will complain about a lot of changes done which causes subprocess to return exit code != 0
with pytest.raises(subprocess.CalledProcessError):
run_ldapmodify_from_file(standalone, ldif_file)
log.info('Check that some accounts are imported')
assert len(accounts.filter('(uid=*)')) > count_account
def test_usandsconf_dbgen_groups(topology_st, set_log_file_and_ldif):
"""Test ldifgen (formerly dbgen) tool to create ldif with group
:id: 97207413-9a93-4065-a5ec-63aa93801a31
:setup: Standalone instance
:steps:
1. Create DS instance
2. Run ldifgen to generate ldif with group
3. Import generated ldif to database
4. Check it was properly imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
LDAP_RESULT = 'adding new entry "cn=myGroup-1,ou=groups,dc=example,dc=com"'
standalone = topology_st.standalone
args = FakeArgs()
args.NAME = 'myGroup'
args.parent = 'ou=groups,dc=example,dc=com'
args.suffix = DEFAULT_SUFFIX
args.number = "1"
args.num_members = "1000"
args.create_members = True
args.member_attr = 'uniquemember'
args.member_parent = 'ou=people,dc=example,dc=com'
args.ldif_file = ldif_file
content_list = [
'Generating LDIF with the following options:',
'NAME={}'.format(args.NAME), 'number={}'.format(args.number),
'suffix={}'.format(args.suffix), 'num-members={}'.format(
args.num_members), 'create-members={}'.format(args.create_members),
'member-parent={}'.format(args.member_parent),
'member-attr={}'.format(args.member_attr),
'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
'Successfully created LDIF file: {}'.format(args.ldif_file)
]
log.info('Run ldifgen to create group ldif')
dbgen_create_groups(standalone, log, args)
log.info('Check if file exists')
assert os.path.exists(ldif_file)
check_value_in_log_and_reset(content_list)
log.info('Get number of accounts before import')
accounts = Accounts(standalone, DEFAULT_SUFFIX)
count_account = len(accounts.filter('(uid=*)'))
# Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
# ldapmodify will complain about already existing parent which causes subprocess to return exit code != 0
with pytest.raises(subprocess.CalledProcessError):
run_ldapmodify_from_file(standalone, ldif_file, LDAP_RESULT)
log.info('Check that accounts are imported')
assert len(accounts.filter('(uid=*)')) > count_account
log.info('Check that group is imported')
groups = Groups(standalone, DEFAULT_SUFFIX)
assert groups.exists(args.NAME + '-1')
new_group = groups.get(args.NAME + '-1')
new_group.present('uniquemember',
'uid=group_entry1-0152,ou=people,dc=example,dc=com')