Exemple #1
def test_usandsconf_dbgen_nested_ldif(topology_st, set_log_file_and_ldif):
    """Test ldifgen (formerly dbgen) tool to create nested ldif

        :id: 9c281c28-4169-45e0-8c07-c5502d9a7581
        :setup: Standalone instance
             1. Create DS instance
             2. Run ldifgen to generate nested ldif
             3. Import generated ldif to database
             4. Check it was properly imported
             1. Success
             2. Success
             3. Success
             4. Success

    standalone = topology_st.standalone

    args = FakeArgs()
    args.suffix = DEFAULT_SUFFIX
    args.node_limit = "100"
    args.num_users = "600"
    args.ldif_file = ldif_file

    content_list = [
        'Generating LDIF with the following options:', 'suffix={}'.format(
            args.suffix), 'node-limit={}'.format(args.node_limit),
        'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
        'Successfully created nested LDIF file ({}) containing 6 nodes/subtrees'

    log.info('Run ldifgen to create nested ldif')
    dbgen_create_nested(standalone, log, args)

    log.info('Check if file exists')
    assert os.path.exists(ldif_file)


    log.info('Get number of accounts before import')
    accounts = Accounts(standalone, DEFAULT_SUFFIX)
    count_account = len(accounts.filter('(uid=*)'))
    count_ou = len(accounts.filter('(ou=*)'))

    # Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
    # ldapmodify will complain about already existing suffix which causes subprocess to return exit code != 0
    with pytest.raises(subprocess.CalledProcessError):
        run_ldapmodify_from_file(standalone, ldif_file)


    log.info('Check that accounts are imported')
    assert len(accounts.filter('(uid=*)')) > count_account
    assert len(accounts.filter('(ou=*)')) > count_ou
Exemple #2
def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):
    """With nsslapd-db-private-import-mem: on is faster import.

    :id: 3044331c-9c0e-11ea-ac9f-8c16451d917b
    :setup: Standalone Instance
        1. Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0
        2. Measure offline import time duration total_time1
        3. Now nsslapd-db-private-import-mem:off
        4. Measure offline import time duration total_time2
        5. total_time1 < total_time2
        6. Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1
        7. Measure offline import time duration total_time1
        8. Now nsslapd-db-private-import-mem:off
        9. Measure offline import time duration total_time2
        10. total_time1 < total_time2
    :expected results:
        1. Operation successful
        2. Operation successful
        3. Operation successful
        4. Operation successful
        5. Operation successful
        6. Operation successful
        7. Operation successful
        8. Operation successful
        9. Operation successful
        10. Operation successful
    # Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0
    config = LDBMConfig(topo.standalone)
    # Measure offline import time duration total_time1
    total_time1 = _import_offline(topo, 20)
    # Now nsslapd-db-private-import-mem:off
    config.replace('nsslapd-db-private-import-mem', 'off')
    accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
    for i in accounts.filter('(uid=*)'):
        UserAccount(topo.standalone, i.dn).delete()
    # Measure offline import time duration total_time2
    total_time2 = _import_offline(topo, 20)
    # total_time1 < total_time2
    assert total_time1 < total_time2
    # Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1
    config.replace_many(('nsslapd-db-private-import-mem', 'on'),
                        ('nsslapd-import-cache-autosize', '-1'))
    for i in accounts.filter('(uid=*)'):
        UserAccount(topo.standalone, i.dn).delete()
    # Measure offline import time duration total_time1
    total_time1 = _import_offline(topo, 20)
    # Now nsslapd-db-private-import-mem:off
    config.replace('nsslapd-db-private-import-mem', 'off')
    for i in accounts.filter('(uid=*)'):
        UserAccount(topo.standalone, i.dn).delete()
    # Measure offline import time duration total_time2
    total_time2 = _import_offline(topo, 20)
    # total_time1 < total_time2
    assert total_time1 < total_time2
Exemple #3
def test_usandsconf_dbgen_users(topology_st, set_log_file_and_ldif):
    """Test ldifgen (formerly dbgen) tool to create ldif with users

    :id: 426b5b94-9923-454d-a736-7e71ca985e91
    :setup: Standalone instance
         1. Create DS instance
         2. Run ldifgen to generate ldif with users
         3. Import generated ldif to database
         4. Check it was properly imported
         1. Success
         2. Success
         3. Success
         4. Success

    standalone = topology_st.standalone

    args = FakeArgs()
    args.suffix = DEFAULT_SUFFIX
    args.parent = 'ou=people,dc=example,dc=com'
    args.number = "1000"
    args.rdn_cn = False
    args.generic = True
    args.start_idx = "50"
    args.localize = False
    args.ldif_file = ldif_file

    content_list = [
        'Generating LDIF with the following options:',
        'suffix={}'.format(args.suffix), 'parent={}'.format(args.parent),
        'number={}'.format(args.number), 'rdn-cn={}'.format(args.rdn_cn),
        'generic={}'.format(args.generic), 'start-idx={}'.format(
            args.start_idx), 'localize={}'.format(args.localize),
        'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
        'Successfully created LDIF file: {}'.format(args.ldif_file)

    log.info('Run ldifgen to create users ldif')
    dbgen_create_users(standalone, log, args)

    log.info('Check if file exists')
    assert os.path.exists(ldif_file)


    log.info('Get number of accounts before import')
    accounts = Accounts(standalone, DEFAULT_SUFFIX)
    count_account = len(accounts.filter('(uid=*)'))

    run_offline_import(standalone, ldif_file)

    log.info('Check that accounts are imported')
    assert len(accounts.filter('(uid=*)')) > count_account
def test_healthcheck_notes_unknown_attribute(topology_st, setup_ldif):
    """Check if HealthCheck returns DSLOGNOTES0002 code

    :id: 71ccd1d7-3c71-416b-9d2a-27f9f6633101
    :setup: Standalone instance
        1. Create DS instance
        2. Set nsslapd-accesslog-logbuffering to off
        3. Import users from created ldif file
        4. Use HealthCheck without --json option
        5. Use HealthCheck with --json option
        1. Success
        2. Success
        3. Success
        4. Healthcheck reports DSLOGNOTES0002
        5. Healthcheck reports DSLOGNOTES0002


    standalone = topology_st.standalone

    log.info('Delete the previous access logs')

    log.info('Set nsslapd-accesslog-logbuffering to off')
    standalone.config.set("nsslapd-accesslog-logbuffering", "off")

    log.info('Stopping the server and running offline import...')
    assert standalone.ldif2db(bename=DEFAULT_BENAME,

    log.info('Use filters to reproduce "notes=F" in access log')
    accounts = Accounts(standalone, DEFAULT_SUFFIX)

    log.info('Check that access log contains "notes=F"')
    assert standalone.ds_access_log.match(r'.*notes=F.*')

    run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
Exemple #5
    def finofaci():
        accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
        for i in accounts.filter('(uid=*)'):
            UserAccount(topo.standalone, i.dn).delete()

        ldif_dir = topo.standalone.get_ldif_dir()
        import_ldif = ldif_dir + '/basic_import.ldif'
        if os.path.exists(import_ldif):
Exemple #6
def test_only_allow_some_targetattr(topo, clean, aci_of_user):
    """Misc Test 5 only allow some targetattr (1/2)

    :id: 9d27f048-7db8-11e8-a71c-8c16451d917b
    :setup: Standalone Instance
        1. Add test entry
        2. Add ACI
        3. User should follow ACI role
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed

    uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
    for i in range(1, 3):
        user = uas.create_test_user(uid=i, gid=i)
        user.replace_many(('cn', 'Anuj1'), ('mail', '*****@*****.**'))

    Domain(topo.standalone, DEFAULT_SUFFIX).\
        replace("aci", '(target="ldap:///{}")(targetattr="mail||objectClass")'
                       '(version 3.0; acl "Test";allow (read,search,compare) '
                       '(userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX))

    conn = Anonymous(topo.standalone).bind()
    accounts = Accounts(conn, DEFAULT_SUFFIX)

    # aci will allow only mail targetattr
    assert len(accounts.filter('(mail=*)')) == 2
    # aci will allow only mail targetattr
    assert not accounts.filter('(cn=*)', scope=1)
    # with root no , blockage
    assert len(
        Accounts(topo.standalone, DEFAULT_SUFFIX).filter('(uid=*)',
                                                         scope=1)) == 2

    for i in uas.list():
Exemple #7
def test_all_together_positive(topo, _create_test_entries, filter_test, condition, filter_out):
    """Test filter with positive results.

        :id: 51924a38-9baa-11e8-b22a-8c16451d917b
        :parametrized: yes
        :setup: Standalone Server
            1. Create Filter rules.
            2. Try to pass filter rules as per the condition .
        :expected results:
            1. It should pass
            2. It should pass
    account = Accounts(topo.standalone, DEFAULT_SUFFIX)
    assert account.filter(filter_test)[0].get_attrs_vals_utf8(condition)[filter_out]
Exemple #8
def test_only_allow_some_targetattr_two(topo, clean, aci_of_user, request):
    """Misc Test 6 only allow some targetattr (2/2)"

    :id: a188239c-7db8-11e8-903e-8c16451d917b
    :setup: Standalone Instance
        1. Add test entry
        2. Add ACI
        3. User should follow ACI role
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed
    uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
    for i in range(5):
        user = uas.create_test_user(uid=i, gid=i)
        user.replace_many(('mail', '*****@*****.**'), ('cn', 'Anuj'),
                          ('userPassword', PW_DM))

    user1 = uas.create_test_user()
    user1.replace_many(('mail', '*****@*****.**'),
                       ('userPassword', PW_DM))

    Domain(topo.standalone, DEFAULT_SUFFIX).\
        replace("aci", '(target="ldap:///{}") (targetattr="mail||objectClass")'
                       '(targetfilter="cn=Anuj") (version 3.0; acl "{}"; '
                       'allow (compare,read,search) '
                       '(userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX, request.node.name))

    conn = UserAccount(topo.standalone, user.dn).bind(PW_DM)
    # aci will allow only mail targetattr but only for cn=Anuj
    account = Accounts(conn, DEFAULT_SUFFIX)
    assert len(account.filter('(mail=*)')) == 5
    assert not account.filter('(cn=*)')

    for i in account.filter('(mail=*)'):
        assert i.get_attr_val_utf8('mail') == '*****@*****.**'

    conn = Anonymous(topo.standalone).bind()
    # aci will allow only mail targetattr but only for cn=Anuj
    account = Accounts(conn, DEFAULT_SUFFIX)
    assert len(account.filter('(mail=*)')) == 5
    assert not account.filter('(cn=*)')

    for i in account.filter('(mail=*)'):
        assert i.get_attr_val_utf8('mail') == '*****@*****.**'

    # with root no blockage
    assert len(Accounts(topo.standalone,
                        DEFAULT_SUFFIX).filter('(mail=*)')) == 6

    for i in uas.list():
Exemple #9
def _entryuuid_import_and_search(topology):
    # 1
    ldif_dir = topology.standalone.get_ldif_dir()
    target_ldif = os.path.join(ldif_dir,
    import_ldif = os.path.join(DATADIR1,
    shutil.copyfile(import_ldif, target_ldif)
    os.chmod(target_ldif, 0o777)

    be = Backends(topology.standalone).get('userRoot')
    task = be.import_ldif([target_ldif])
    assert (task.is_complete() and task.get_exit_code() == 0)

    accounts = Accounts(topology.standalone, DEFAULT_SUFFIX)
    # 2 - positive eq test
    r2 = accounts.filter("(entryUUID=%s)" % IMPORT_UUID_A)
    assert (len(r2) == 1)
    r3 = accounts.filter("(entryuuid=%s)" % IMPORT_UUID_B)
    assert (len(r3) == 1)
    # 3 - negative eq test
    r4 = accounts.filter("(entryuuid=%s)" % UUID_MAX)
    assert (len(r4) == 0)
    # 4 - le search
    r5 = accounts.filter("(entryuuid<=%s)" % UUID_BETWEEN)
    assert (len(r5) == 1)
    # 5 - ge search
    r6 = accounts.filter("(entryuuid>=%s)" % UUID_BETWEEN)
    assert (len(r6) == 1)
    # 6 - le 0 search
    r7 = accounts.filter("(entryuuid<=%s)" % UUID_MIN)
    assert (len(r7) == 0)
    # 7 - ge f search
    r8 = accounts.filter("(entryuuid>=%s)" % UUID_MAX)
    assert (len(r8) == 0)
    # 8 - export db
    task = be.export_ldif()
    assert (task.is_complete() and task.get_exit_code() == 0)
Exemple #10
def _search_for_user(topo, no_n0):
    Will make sure that users are imported
    accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
    assert len(accounts.filter('(uid=*)')) == no_n0
Exemple #11
def _check_users_before_test(topo, no_no):
    Will check no user before test.
    accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
    assert len(accounts.filter('(uid=*)')) < no_no
Exemple #12
def test_usandsconf_dbgen_mod_ldif_mixed(topology_st, set_log_file_and_ldif):
    """Test ldifgen (formerly dbgen) tool to create mixed modification ldif

        :id: 4a2e0901-2b48-452e-a4a0-507735132c81
        :setup: Standalone instance
             1. Create DS instance
             2. Run ldifgen to generate modification ldif
             3. Import generated ldif to database
             4. Check it was properly imported
             1. Success
             2. Success
             3. Success
             4. Success

    standalone = topology_st.standalone

    args = FakeArgs()
    args.parent = DEFAULT_SUFFIX
    args.create_users = True
    args.delete_users = True
    args.create_parent = False
    args.num_users = "1000"
    args.add_users = "100"
    args.del_users = "999"
    args.modrdn_users = "100"
    args.mod_users = "10"
    args.mod_attrs = ['cn', 'uid', 'sn']
    args.randomize = False
    args.ldif_file = ldif_file

    content_list = [
        'Generating LDIF with the following options:',
        'create-users={}'.format(args.create_users), 'parent={}'.format(
            args.parent), 'create-parent={}'.format(args.create_parent),
        'delete-users={}'.format(args.delete_users), 'num-users={}'.format(
            args.num_users), 'add-users={}'.format(args.add_users),
        'del-users={}'.format(args.del_users), 'modrdn-users={}'.format(
            args.modrdn_users), 'mod-users={}'.format(args.mod_users),
        'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
        'Successfully created LDIF file: {}'.format(args.ldif_file)

    log.info('Run ldifgen to create modification ldif')
    dbgen_create_mods(standalone, log, args)

    log.info('Check if file exists')
    assert os.path.exists(ldif_file)


    log.info('Get number of accounts before import')
    accounts = Accounts(standalone, DEFAULT_SUFFIX)
    count_account = len(accounts.filter('(uid=*)'))

    # Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
    # ldapmodify will complain about a lot of changes done which causes subprocess to return exit code != 0
    with pytest.raises(subprocess.CalledProcessError):
        run_ldapmodify_from_file(standalone, ldif_file)

    log.info('Check that some accounts are imported')
    assert len(accounts.filter('(uid=*)')) > count_account
Exemple #13
def test_usandsconf_dbgen_groups(topology_st, set_log_file_and_ldif):
    """Test ldifgen (formerly dbgen) tool to create ldif with group

            :id: 97207413-9a93-4065-a5ec-63aa93801a31
            :setup: Standalone instance
                 1. Create DS instance
                 2. Run ldifgen to generate ldif with group
                 3. Import generated ldif to database
                 4. Check it was properly imported
                 1. Success
                 2. Success
                 3. Success
                 4. Success
    LDAP_RESULT = 'adding new entry "cn=myGroup-1,ou=groups,dc=example,dc=com"'

    standalone = topology_st.standalone

    args = FakeArgs()
    args.NAME = 'myGroup'
    args.parent = 'ou=groups,dc=example,dc=com'
    args.suffix = DEFAULT_SUFFIX
    args.number = "1"
    args.num_members = "1000"
    args.create_members = True
    args.member_attr = 'uniquemember'
    args.member_parent = 'ou=people,dc=example,dc=com'
    args.ldif_file = ldif_file

    content_list = [
        'Generating LDIF with the following options:',
        'NAME={}'.format(args.NAME), 'number={}'.format(args.number),
        'suffix={}'.format(args.suffix), 'num-members={}'.format(
            args.num_members), 'create-members={}'.format(args.create_members),
        'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
        'Successfully created LDIF file: {}'.format(args.ldif_file)

    log.info('Run ldifgen to create group ldif')
    dbgen_create_groups(standalone, log, args)

    log.info('Check if file exists')
    assert os.path.exists(ldif_file)


    log.info('Get number of accounts before import')
    accounts = Accounts(standalone, DEFAULT_SUFFIX)
    count_account = len(accounts.filter('(uid=*)'))

    # Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
    # ldapmodify will complain about already existing parent which causes subprocess to return exit code != 0
    with pytest.raises(subprocess.CalledProcessError):
        run_ldapmodify_from_file(standalone, ldif_file, LDAP_RESULT)

    log.info('Check that accounts are imported')
    assert len(accounts.filter('(uid=*)')) > count_account

    log.info('Check that group is imported')
    groups = Groups(standalone, DEFAULT_SUFFIX)
    assert groups.exists(args.NAME + '-1')
    new_group = groups.get(args.NAME + '-1')