def regex_edit(inst, basedn, log, args): log = log.getChild('regex_edit') definitions = AutoMembershipDefinitions(inst) definition = definitions.get(args.DEFNAME) regexes = AutoMembershipRegexRules(inst, definition.dn) regex = regexes.get(args.REGEXNAME) generic_object_edit(regex, log, args, arg_to_attr_regex)
def regex_del(inst, basedn, log, args): log = log.getChild('regex_del') definitions = AutoMembershipDefinitions(inst) definition = definitions.get(args.DEFNAME) regexes = AutoMembershipRegexRules(inst, definition.dn) regex = regexes.get(args.REGEXNAME) regex.delete() log.info("Successfully deleted the %s regex", args.REGEXNAME)
def definition_del(inst, basedn, log, args): # First delete regexes, then the defintion log = log.getChild('definition_del') definitions = AutoMembershipDefinitions(inst) definition = definitions.get(args.DEFNAME) regexes = AutoMembershipRegexRules(inst, definition.dn) for regex in regexes.list(): regex.delete() definition.delete() log.info("Successfully deleted the %s definition", args.DEFNAME)
def regex_show(inst, basedn, log, args): log = log.getChild('regex_show') definitions = AutoMembershipDefinitions(inst) definition = definitions.get(args.DEFNAME) regexes = AutoMembershipRegexRules(inst, definition.dn) regex = regexes.get(args.REGEXNAME) if not regex.exists(): raise ldap.NO_SUCH_OBJECT("Entry %s doesn't exists" % args.REGEXNAME) if args and args.json: o_str = regex.get_all_attrs_json() log.info(o_str) else: log.info(regex.display())
def regex_list(inst, basedn, log, args): definitions = AutoMembershipDefinitions(inst) definition = definitions.get(args.DEFNAME) regexes = AutoMembershipRegexRules(inst, definition.dn) result = [] result_json = [] for regex in regexes.list(): if args.json: result_json.append(json.loads(regex.get_all_attrs_json())) else: result.append(regex.rdn) if args.json: log.info(json.dumps({"type": "list", "items": result_json}, indent=4)) else: if len(result) > 0: for i in result: log.info(i) else: log.info("No Automember regexes were found")
def _create_entries(topo_m4): """ Will act as module .Will set up required user/entries for the test cases. """ for instance in [ topo_m4.ms['supplier1'], topo_m4.ms['supplier2'], topo_m4.ms['supplier3'], topo_m4.ms['supplier4'] ]: assert instance.status() for org in ['autouserGroups', 'Employees', 'TaskEmployees']: OrganizationalUnits(topo_m4.ms['supplier1'], DEFAULT_SUFFIX).create(properties={'ou': org}) Backends(topo_m4.ms['supplier1']).create( properties={ 'cn': 'SubAutoMembers', 'nsslapd-suffix': SUBSUFFIX, 'nsslapd-CACHE_SIZE': CACHE_SIZE, 'nsslapd-CACHEMEM_SIZE': CACHEMEM_SIZE }) Domain(topo_m4.ms['supplier1'], SUBSUFFIX).create( properties={ 'dc': SUBSUFFIX.split('=')[1].split(',')[0], 'aci': [ f'(targetattr="userPassword")(version 3.0;aci "Replication Manager Access";' f'allow (write,compare) userdn="ldap:///{REPMANDN},cn=config";)', f'(target ="ldap:///{SUBSUFFIX}")(targetattr !="cn||sn||uid")(version 3.0;' f'acl "Group Permission";allow (write)(groupdn = "ldap:///cn=GroupMgr,{SUBSUFFIX}");)', f'(target ="ldap:///{SUBSUFFIX}")(targetattr !="userPassword")(version 3.0;' f'acl "Anonym-read access"; allow (read,search,compare) (userdn="ldap:///anyone");)' ] }) for suff, grp in [ (DEFAULT_SUFFIX, 'SubDef1'), (DEFAULT_SUFFIX, 'SubDef2'), (DEFAULT_SUFFIX, 'SubDef3'), (DEFAULT_SUFFIX, 'SubDef4'), (DEFAULT_SUFFIX, 'SubDef5'), (DEFAULT_SUFFIX, 'Employees'), (DEFAULT_SUFFIX, 'NewEmployees'), (DEFAULT_SUFFIX, 'testuserGroups'), (SUBSUFFIX, 'subsuffGroups'), (SUBSUFFIX, 'Employees'), (DEFAULT_SUFFIX, 'autoMembersPlugin'), (DEFAULT_SUFFIX, 'replsubGroups'), ("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Managers'), ("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Contractors'), ("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Interns'), ("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Visitors'), ("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef1'), ("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef2'), ("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef3'), ("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef4'), ("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef5'), ("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'Contractors'), ("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'Managers'), ("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef1'), ("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef2'), ("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef3'), ("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef4'), ("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef5') ]: Groups(topo_m4.ms['supplier1'], suff, rdn=None).create(properties={'cn': grp}) for suff, grp, gid in [ (SUBSUFFIX, 'SubDef1', '111'), (SUBSUFFIX, 'SubDef2', '222'), (SUBSUFFIX, 'SubDef3', '333'), (SUBSUFFIX, 'SubDef4', '444'), (SUBSUFFIX, 'SubDef5', '555'), ('cn=subsuffGroups,{}'.format(SUBSUFFIX), 'Managers', '666'), ('cn=subsuffGroups,{}'.format(SUBSUFFIX), 'Contractors', '999') ]: PosixGroups(topo_m4.ms['supplier1'], suff, rdn=None).create(properties={ 'cn': grp, 'gidNumber': gid }) for supplier in [ topo_m4.ms['supplier1'], topo_m4.ms['supplier2'], topo_m4.ms['supplier3'], topo_m4.ms['supplier4'] ]: AutoMembershipPlugin(supplier).add( "nsslapd-pluginConfigArea", "cn=autoMembersPlugin,{}".format(DEFAULT_SUFFIX)) MemberOfPlugin(supplier).enable() automembers = AutoMembershipDefinitions( topo_m4.ms['supplier1'], f'cn=autoMembersPlugin,{DEFAULT_SUFFIX}') automember1 = automembers.create( properties={ 'cn': 'replsubGroups', 'autoMemberScope': f'ou=Employees,{DEFAULT_SUFFIX}', 'autoMemberFilter': "objectclass=posixAccount", 'autoMemberDefaultGroup': [ f'cn=SubDef1,{DEFAULT_SUFFIX}', f'cn=SubDef2,{DEFAULT_SUFFIX}', f'cn=SubDef3,{DEFAULT_SUFFIX}', f'cn=SubDef4,{DEFAULT_SUFFIX}', f'cn=SubDef5,{DEFAULT_SUFFIX}' ], 'autoMemberGroupingAttr': 'member:dn' }) automembers = AutoMembershipRegexRules(topo_m4.ms['supplier1'], automember1.dn) automembers.create( properties={ 'cn': 'Managers', 'description': f'Group placement for Managers', 'autoMemberTargetGroup': [f'cn=Managers,cn=replsubGroups,{DEFAULT_SUFFIX}'], 'autoMemberInclusiveRegex': [ 'uidNumber=^5..5$', 'gidNumber=^[1-4]..3$', 'nsAdminGroupName=^Manager$|^Supervisor$' ], "autoMemberExclusiveRegex": [ 'uidNumber=^999$', 'gidNumber=^[6-8].0$', 'nsAdminGroupName=^Junior$' ], }) automembers.create( properties={ 'cn': 'Contractors', 'description': f'Group placement for Contractors', 'autoMemberTargetGroup': [f'cn=Contractors,cn=replsubGroups,{DEFAULT_SUFFIX}'], 'autoMemberInclusiveRegex': [ 'uidNumber=^8..5$', 'gidNumber=^[5-9]..3$', 'nsAdminGroupName=^Contract|^Temporary$' ], "autoMemberExclusiveRegex": [ 'uidNumber=^[1,3,8]99$', 'gidNumber=^[2-4]00$', 'nsAdminGroupName=^Employee$' ], }) automembers.create( properties={ 'cn': 'Interns', 'description': f'Group placement for Interns', 'autoMemberTargetGroup': [f'cn=Interns,cn=replsubGroups,{DEFAULT_SUFFIX}'], 'autoMemberInclusiveRegex': [ 'uidNumber=^1..6$', 'gidNumber=^[1-9]..3$', 'nsAdminGroupName=^Interns$|^Trainees$' ], "autoMemberExclusiveRegex": [ 'uidNumber=^[1-9]99$', 'gidNumber=^[1-9]00$', 'nsAdminGroupName=^Students$' ], }) automembers.create( properties={ 'cn': 'Visitors', 'description': f'Group placement for Visitors', 'autoMemberTargetGroup': [f'cn=Visitors,cn=replsubGroups,{DEFAULT_SUFFIX}'], 'autoMemberInclusiveRegex': [ 'uidNumber=^1..6$', 'gidNumber=^[1-5]6.3$', 'nsAdminGroupName=^Visitors$' ], "autoMemberExclusiveRegex": [ 'uidNumber=^[7-9]99$', 'gidNumber=^[7-9]00$', 'nsAdminGroupName=^Inter' ], }) for instance in [ topo_m4.ms['supplier1'], topo_m4.ms['supplier2'], topo_m4.ms['supplier3'], topo_m4.ms['supplier4'] ]: instance.restart()