def test_sin_non_present_rdn(topology_st):
"""Test that with an rdn not present in attributes, create succeeds in some cases.
:id: a5d9cb24-8907-4622-ac85-90407a66e00a
:setup: standalone instance
:steps: 1. Create with an rdn not in properties
:expectedresults: 1. Create success
"""
# Test that creating something with an rdn not present in the properties works
# NOTE: I think that this is 389-ds making this work, NOT lib389.
gp1 = Group(topology_st.standalone)
gp1.create(rdn='cn=test_sin_non_present_rdn',
basedn=f'ou=groups,{DEFAULT_SUFFIX}',
properties={
'cn': ['other_test_sin_non_present_rdn'],
})
assert gp1.dn.lower(
) == f'cn=test_sin_non_present_rdn,ou=groups,{DEFAULT_SUFFIX}'.lower()
gp1.delete()
# Now, test where there is no cn. lib389 is blocking this today, but
# 50259 will change this.
gp2 = Group(topology_st.standalone)
gp2.create(rdn='cn=test_sin_non_present_rdn',
basedn=f'ou=groups,{DEFAULT_SUFFIX}',
properties={})
assert gp2.dn.lower(
) == f'cn=test_sin_non_present_rdn,ou=groups,{DEFAULT_SUFFIX}'.lower()
gp2.delete()
def test_sin_explicit_dn(topology_st):
"""Test explicit dn with create
:id: 2d812225-243b-4f87-85ad-d403a4ae0267
:setup: standalone instance
:steps: 1. Create with explicit dn
:expectedresults: 1. Create success
"""
expect_dn = f'cn=test_sin_explicit_dn,ou=groups,{DEFAULT_SUFFIX}'
gp = Group(topology_st.standalone, dn=expect_dn)
gp.create(properties={
'cn': ['test_sin_explicit_dn'],
})
assert gp.dn.lower() == expect_dn.lower()
gp.delete()
def test_sin_derive_single_dn(topology_st):
"""Derive the dn from a single cn
:id: d7597016-214c-4fbd-8b48-71eb16ea9ede
:setup: standalone instance
:steps: 1. Create with a single cn (no dn, no rdn)
:expectedresults: 1. Create success
"""
gp = Group(topology_st.standalone)
gp.create(basedn=f'ou=groups,{DEFAULT_SUFFIX}',
properties={
'cn': ['test_sin_explicit_dn'],
})
assert gp.dn.lower(
) == f'cn=test_sin_explicit_dn,ou=groups,{DEFAULT_SUFFIX}'.lower()
gp.delete()
def test_sin_derive_mult_dn(topology_st):
"""Derive the dn from multiple cn
:id: 0a1a7132-a08f-4b56-ae52-30c8ca59cfaf
:setup: standalone instance
:steps: 1. Create with multiple cn
:expectedresults: 1. Create success
"""
gp = Group(topology_st.standalone)
gp.create(basedn=f'ou=groups,{DEFAULT_SUFFIX}',
properties={
'cn':
['test_sin_derive_mult_dn', 'other_test_sin_derive_mult_dn'],
})
assert gp.dn.lower(
) == f'cn=test_sin_derive_mult_dn,ou=groups,{DEFAULT_SUFFIX}'.lower()
gp.delete()
def test_sin_explicit_rdn(topology_st):
"""Test explicit rdn with create.
:id: a2c14e50-8086-4edb-9088-3f4a8e875c3a
:setup: standalone instance
:steps: 1. Create with explicit rdn
:expectedresults: 1. Create success
"""
gp = Group(topology_st.standalone)
gp.create(rdn='cn=test_sin_explicit_rdn',
basedn=f'ou=groups,{DEFAULT_SUFFIX}',
properties={
'cn': ['test_sin_explicit_rdn'],
})
assert gp.dn.lower(
) == f'cn=test_sin_explicit_rdn,ou=groups,{DEFAULT_SUFFIX}'.lower()
gp.delete()
def test_dn_syntax_spaces_delete(topo, props, rawdn):
"""Test that an entry with a space as the first character in the DN can be
deleted without error. We also want to make sure the indexes are properly
updated by repeatedly adding and deleting the entry, and that the entry cache
is properly maintained.
:id: b993f37c-c2b0-4312-992c-a9048ff98965
:parametrized: yes
:setup: Standalone Instance
:steps:
1. Create a group with a DN that has a space as the first/last
character.
2. Delete group
3. Add group
4. Modify group
5. Restart server and modify entry
6. Delete group
7. Add group back
8. Delete group using specific DN
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
"""
# Create group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties=props.copy())
# Delete group (verifies DN/RDN parsing works and cache is correct)
group.delete()
# Add group again (verifies entryrdn index was properly updated)
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties=props.copy())
# Modify the group (verifies dn/rdn parsing is correct)
group.replace('description', 'escaped space group')
# Restart the server. This will pull the entry from the database and
# convert it into a cache entry, which is different than how a client
# first adds an entry and is put into the cache before being written to
# disk.
topo.standalone.restart()
# Make sure we can modify the entry (verifies cache entry was created
# correctly)
group.replace('description', 'escaped space group after restart')
# Make sure it can still be deleted (verifies cache again).
group.delete()
# Add it back so we can delete it using a specific DN (sanity test to verify
# another DN/RDN parsing variation).
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties=props.copy())
group = Group(topo.standalone, dn=rawdn)
group.delete()
def test_ri_and_mep_cache_corruption(topology_st):
"""Test RI plugin aborts change after MEP plugin fails.
This is really testing the entry cache for corruption
:id: 70d0b96e-b693-4bf7-bbf5-102a66ac5995
:setup: Standalone instance
:steps: 1. Enable and configure mep and ri plugins
2. Add user and add it to a group
3. Disable MEP plugin and remove MEP group
4. Delete user
5. Check that user is still a member of the group
:expectedresults:
1. Success
2. Success
3. Success
4. It fails with NO_SUCH_OBJECT
5. Success
"""
# Start plugins
topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')
mep_plugin = ManagedEntriesPlugin(topology_st.standalone)
mep_plugin.enable()
ri_plugin = ReferentialIntegrityPlugin(topology_st.standalone)
ri_plugin.enable()
# Add our org units
ous = OrganizationalUnits(topology_st.standalone, DEFAULT_SUFFIX)
ou_people = ous.create(properties={'ou': 'managed_people'})
ou_groups = ous.create(properties={'ou': 'managed_groups'})
# Configure MEP
mep_templates = MEPTemplates(topology_st.standalone, DEFAULT_SUFFIX)
mep_template1 = mep_templates.create(
properties={
'cn':
'MEP template',
'mepRDNAttr':
'cn',
'mepStaticAttr':
'objectclass: posixGroup|objectclass: extensibleObject'.split('|'),
'mepMappedAttr':
'cn: $cn|uid: $cn|gidNumber: $uidNumber'.split('|')
})
mep_configs = MEPConfigs(topology_st.standalone)
mep_configs.create(
properties={
'cn': 'config',
'originScope': ou_people.dn,
'originFilter': 'objectclass=posixAccount',
'managedBase': ou_groups.dn,
'managedTemplate': mep_template1.dn
})
# Add an entry that meets the MEP scope
users = UserAccounts(topology_st.standalone,
DEFAULT_SUFFIX,
rdn='ou={}'.format(ou_people.rdn))
user = users.create(
properties={
'uid': 'test-user1',
'cn': 'test-user',
'sn': 'test-user',
'uidNumber': '10011',
'gidNumber': '20011',
'homeDirectory': '/home/test-user1'
})
# Add group
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)
user_group = groups.ensure_state(properties={
'cn': 'group',
'member': user.dn
})
# Check if a managed group entry was created
mep_group = Group(topology_st.standalone,
dn='cn={},{}'.format(user.rdn, ou_groups.dn))
if not mep_group.exists():
log.fatal("MEP group was not created for the user")
assert False
# Test MEP be txn pre op failure does not corrupt entry cache
# Should get the same exception for both rename attempts
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
mep_group.rename("cn=modrdn group")
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
mep_group.rename("cn=modrdn group")
# Mess with MEP so it fails
mep_plugin.disable()
mep_group.delete()
mep_plugin.enable()
# Add another group to verify entry cache is not corrupted
test_group = groups.create(properties={'cn': 'test_group'})
# Delete user, should fail in MEP be txn post op, and user should still be a member
with pytest.raises(ldap.NO_SUCH_OBJECT):
user.delete()
# Verify membership is intact
if not user_group.is_member(user.dn):
log.fatal(
"Member was incorrectly removed from the group!! Or so it seems")
# Restart server and test again in case this was a cache issue
topology_st.standalone.restart()
if user_group.is_member(user.dn):
log.info("The entry cache was corrupted")
assert False
assert False
# Verify test group is still found in entry cache by deleting it
test_group.delete()
# Success
log.info("Test PASSED")
