def automember_fixture(topo, request): # Create group groups = [] group_obj = Groups(topo.standalone, DEFAULT_SUFFIX) groups.append(group_obj.create(properties={'cn': 'testgroup'})) groups.append(group_obj.create(properties={'cn': 'testgroup2'})) groups.append(group_obj.create(properties={'cn': 'testgroup3'})) # Create test user user_accts = UserAccounts(topo.standalone, DEFAULT_SUFFIX) user = user_accts.create_test_user() # Create automember definitions and regex rules automember_prop = { 'cn': 'testgroup_definition', 'autoMemberScope': DEFAULT_SUFFIX, 'autoMemberFilter': 'objectclass=posixaccount', 'autoMemberDefaultGroup': groups[0].dn, 'autoMemberGroupingAttr': 'member:dn', } automembers = AutoMembershipDefinitions(topo.standalone) auto_def = automembers.create(properties=automember_prop) auto_def.add_regex_rule("regex1", groups[1].dn, include_regex=['cn=mark.*']) auto_def.add_regex_rule("regex2", groups[2].dn, include_regex=['cn=simon.*']) # Enable plugin automemberplugin = AutoMembershipPlugin(topo.standalone) automemberplugin.enable() topo.standalone.restart() return (user, groups)
def create_definition(inst, basedn, log, args): """ Create automember definition. :param name: An instance :type name: lib389.DirSrv :param groupattr: autoMemberGroupingAttr value :type groupattr: str :param defaultgroup: autoMemberDefaultGroup value :type defaultgroup: str :param scope: autoMemberScope value :type scope: str :param filter: autoMemberFilter value :type filter: str """ automember_prop = { 'cn': args.name, 'autoMemberScope': args.scope, 'autoMemberFilter': args.filter, 'autoMemberDefaultGroup': args.defaultgroup, 'autoMemberGroupingAttr': args.groupattr, } plugin = AutoMembershipPlugin(inst) plugin.enable() automembers = AutoMembershipDefinitions(inst) try: automember = automembers.create(properties=automember_prop) log.info("Automember definition created successfully!") except Exception as e: log.info("Failed to create Automember definition: {}".format(str(e))) raise e
def _enable_plugins(inst, group_dn): # Enable automember amp = AutoMembershipPlugin(inst) amp.enable() # Create the automember definition automembers = AutoMembershipDefinitions(inst) automember = automembers.create( properties={ 'cn': 'testgroup_definition', 'autoMemberScope': DEFAULT_SUFFIX, 'autoMemberFilter': 'objectclass=nsAccount', 'autoMemberDefaultGroup': group_dn, 'autoMemberGroupingAttr': 'member:dn', }) # Enable MemberOf mop = MemberOfPlugin(inst) mop.enable() # Enable referint rip = ReferentialIntegrityPlugin(inst) # We only need to enable the plugin, the default configuration is sane and # correctly coveres member as an enforced attribute. rip.enable() # Restart to make sure it's enabled and good to go. inst.restart()
def topology(request): topology = default_topology(request) plugin = AutoMembershipPlugin(topology.standalone) if not plugin.exists(): plugin.create() # we need to restart the server after enabling the plugin plugin.enable() topology.standalone.restart() topology.logcap.flush() return topology
def enable_plugins(topology_st): topo = topology_st.standalone log.info("Enable automember plugin") plugin = AutoMembershipPlugin(topo) plugin.enable() log.info('Enable Referential Integrity plugin') plugin = ReferentialIntegrityPlugin(topo) plugin.enable() log.info('Set nsslapd-plugin-logging to on') topo.config.set(PLUGIN_LOGGING, 'ON') log.info('Restart the server') topo.restart()
def test_invalid_regex(topo): """Test invalid regex is properly reportedin the error log :id: a6d89f84-ec76-4871-be96-411d051800b1 :setup: Standalone Instance :steps: 1. Setup automember 2. Add invalid regex 3. Error log reports useful message :expectedresults: 1. Success 2. Success 3. Success """ REGEX_DN = "cn=regex1,cn=testregex,cn=auto membership plugin,cn=plugins,cn=config" REGEX_VALUE = "cn=*invalid*" REGEX_ESC_VALUE = "cn=\\*invalid\\*" GROUP_DN = "cn=demo_group,ou=groups," + DEFAULT_SUFFIX AutoMembershipPlugin( topo.standalone).remove_all("nsslapd-pluginConfigArea") automemberplugin = AutoMembershipPlugin(topo.standalone) automember_prop = { 'cn': 'testRegex', 'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX, 'autoMemberFilter': 'objectclass=*', 'autoMemberDefaultGroup': GROUP_DN, 'autoMemberGroupingAttr': 'member:dn', } automember_defs = AutoMembershipDefinitions( topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config") automember_def = automember_defs.create(properties=automember_prop) automember_def.add_regex_rule("regex1", GROUP_DN, include_regex=[REGEX_VALUE]) automemberplugin.enable() topo.standalone.restart() # Check errors log for invalid message ERR_STR1 = "automember_parse_regex_rule - Unable to parse regex rule" ERR_STR2 = f"Skipping invalid inclusive regex rule in rule entry \"{REGEX_DN}\" \\(rule = \"{REGEX_ESC_VALUE}\"\\)" assert topo.standalone.searchErrorsLog(ERR_STR1) assert topo.standalone.searchErrorsLog(ERR_STR2)
def automember_fixture(topo, request): # Create group group_obj = Groups(topo.standalone, DEFAULT_SUFFIX) automem_group = group_obj.create(properties={'cn': 'testgroup'}) # Create users users = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None) NUM_USERS = 1000 for num in range(NUM_USERS): num_ran = int(round(num)) USER_NAME = 'test%05d' % num_ran users.create( properties={ 'uid': USER_NAME, 'sn': USER_NAME, 'cn': USER_NAME, 'uidNumber': '%s' % num_ran, 'gidNumber': '%s' % num_ran, 'homeDirectory': '/home/%s' % USER_NAME, 'mail': '*****@*****.**' % USER_NAME, 'userpassword': '******' % num_ran, }) # Create automember definitions and regex rules automember_prop = { 'cn': 'testgroup_definition', 'autoMemberScope': DEFAULT_SUFFIX, 'autoMemberFilter': 'objectclass=posixaccount', 'autoMemberDefaultGroup': automem_group.dn, 'autoMemberGroupingAttr': 'member:dn', } automembers = AutoMembershipDefinitions(topo.standalone) auto_def = automembers.create(properties=automember_prop) auto_def.add_regex_rule("regex1", automem_group.dn, include_regex=['uid=.*']) # Enable plugin automemberplugin = AutoMembershipPlugin(topo.standalone) automemberplugin.enable() topo.standalone.restart()
def automember_fixture(topo, request): groups = Groups(topo.standalone, DEFAULT_SUFFIX) group = groups.create(properties={'cn': 'testgroup'}) automemberplugin = AutoMembershipPlugin(topo.standalone) automemberplugin.enable() topo.standalone.restart() automember_prop = { 'cn': 'testgroup_definition', 'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX, 'autoMemberFilter': 'objectclass=*', 'autoMemberDefaultGroup': group.dn, 'autoMemberGroupingAttr': 'member:dn', } automembers = AutoMembershipDefinitions(topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config") automember = automembers.create(properties=automember_prop) return (group, automembers, automember)
def test_mods(automember_fixture, topo): """Modify the user so that it is added to the various automember groups :id: 28a2b070-7f16-4905-8831-c80fa6441693 :setup: Standalone Instance :steps: 1. Update user that should add it to group[0] 2. Update user that should add it to group[1] 3. Update user that should add it to group[2] 4. Update user that should add it to group[0] 5. Test rebuild task correctly moves user to group[1] :expectedresults: 1. Success 2. Success 3. Success 4. Success 5. Success """ (user, groups) = automember_fixture # Update user which should go into group[0] user.replace('cn', 'whatever') groups[0].is_member(user.dn) if groups[1].is_member(user.dn): assert False if groups[2].is_member(user.dn): assert False # Update user0 which should go into group[1] user.replace('cn', 'mark') groups[1].is_member(user.dn) if groups[0].is_member(user.dn): assert False if groups[2].is_member(user.dn): assert False # Update user which should go into group[2] user.replace('cn', 'simon') groups[2].is_member(user.dn) if groups[0].is_member(user.dn): assert False if groups[1].is_member(user.dn): assert False # Update user which should go back into group[0] (full circle) user.replace('cn', 'whatever') groups[0].is_member(user.dn) if groups[1].is_member(user.dn): assert False if groups[2].is_member(user.dn): assert False # # Test rebuild task. First disable plugin # automemberplugin = AutoMembershipPlugin(topo.standalone) automemberplugin.disable() topo.standalone.restart() # Make change that would move the entry from group[0] to group[1] user.replace('cn', 'mark') # Enable plugin automemberplugin.enable() topo.standalone.restart() # Run rebuild task task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount") task.wait() # Test membership groups[1].is_member(user.dn) if groups[0].is_member(user.dn): assert False if groups[2].is_member(user.dn): assert False # Success log.info("Test PASSED")