def automember_fixture(topo, request):
# Create group
groups = []
group_obj = Groups(topo.standalone, DEFAULT_SUFFIX)
groups.append(group_obj.create(properties={'cn': 'testgroup'}))
groups.append(group_obj.create(properties={'cn': 'testgroup2'}))
groups.append(group_obj.create(properties={'cn': 'testgroup3'}))
# Create test user
user_accts = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
user = user_accts.create_test_user()
# Create automember definitions and regex rules
automember_prop = {
'cn': 'testgroup_definition',
'autoMemberScope': DEFAULT_SUFFIX,
'autoMemberFilter': 'objectclass=posixaccount',
'autoMemberDefaultGroup': groups[0].dn,
'autoMemberGroupingAttr': 'member:dn',
}
automembers = AutoMembershipDefinitions(topo.standalone)
auto_def = automembers.create(properties=automember_prop)
auto_def.add_regex_rule("regex1", groups[1].dn, include_regex=['cn=mark.*'])
auto_def.add_regex_rule("regex2", groups[2].dn, include_regex=['cn=simon.*'])
# Enable plugin
automemberplugin = AutoMembershipPlugin(topo.standalone)
automemberplugin.enable()
topo.standalone.restart()
return (user, groups)
def create_definition(inst, basedn, log, args):
"""
Create automember definition.
:param name: An instance
:type name: lib389.DirSrv
:param groupattr: autoMemberGroupingAttr value
:type groupattr: str
:param defaultgroup: autoMemberDefaultGroup value
:type defaultgroup: str
:param scope: autoMemberScope value
:type scope: str
:param filter: autoMemberFilter value
:type filter: str
"""
automember_prop = {
'cn': args.name,
'autoMemberScope': args.scope,
'autoMemberFilter': args.filter,
'autoMemberDefaultGroup': args.defaultgroup,
'autoMemberGroupingAttr': args.groupattr,
}
plugin = AutoMembershipPlugin(inst)
plugin.enable()
automembers = AutoMembershipDefinitions(inst)
try:
automember = automembers.create(properties=automember_prop)
log.info("Automember definition created successfully!")
except Exception as e:
log.info("Failed to create Automember definition: {}".format(str(e)))
raise e
def _enable_plugins(inst, group_dn):
# Enable automember
amp = AutoMembershipPlugin(inst)
amp.enable()
# Create the automember definition
automembers = AutoMembershipDefinitions(inst)
automember = automembers.create(
properties={
'cn': 'testgroup_definition',
'autoMemberScope': DEFAULT_SUFFIX,
'autoMemberFilter': 'objectclass=nsAccount',
'autoMemberDefaultGroup': group_dn,
'autoMemberGroupingAttr': 'member:dn',
})
# Enable MemberOf
mop = MemberOfPlugin(inst)
mop.enable()
# Enable referint
rip = ReferentialIntegrityPlugin(inst)
# We only need to enable the plugin, the default configuration is sane and
# correctly coveres member as an enforced attribute.
rip.enable()
# Restart to make sure it's enabled and good to go.
inst.restart()
def topology(request):
topology = default_topology(request)
plugin = AutoMembershipPlugin(topology.standalone)
if not plugin.exists():
plugin.create()
# we need to restart the server after enabling the plugin
plugin.enable()
topology.standalone.restart()
topology.logcap.flush()
return topology
def enable_plugins(topology_st):
topo = topology_st.standalone
log.info("Enable automember plugin")
plugin = AutoMembershipPlugin(topo)
plugin.enable()
log.info('Enable Referential Integrity plugin')
plugin = ReferentialIntegrityPlugin(topo)
plugin.enable()
log.info('Set nsslapd-plugin-logging to on')
topo.config.set(PLUGIN_LOGGING, 'ON')
log.info('Restart the server')
topo.restart()
def test_invalid_regex(topo):
"""Test invalid regex is properly reportedin the error log
:id: a6d89f84-ec76-4871-be96-411d051800b1
:setup: Standalone Instance
:steps:
1. Setup automember
2. Add invalid regex
3. Error log reports useful message
:expectedresults:
1. Success
2. Success
3. Success
"""
REGEX_DN = "cn=regex1,cn=testregex,cn=auto membership plugin,cn=plugins,cn=config"
REGEX_VALUE = "cn=*invalid*"
REGEX_ESC_VALUE = "cn=\\*invalid\\*"
GROUP_DN = "cn=demo_group,ou=groups," + DEFAULT_SUFFIX
AutoMembershipPlugin(
topo.standalone).remove_all("nsslapd-pluginConfigArea")
automemberplugin = AutoMembershipPlugin(topo.standalone)
automember_prop = {
'cn': 'testRegex',
'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX,
'autoMemberFilter': 'objectclass=*',
'autoMemberDefaultGroup': GROUP_DN,
'autoMemberGroupingAttr': 'member:dn',
}
automember_defs = AutoMembershipDefinitions(
topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config")
automember_def = automember_defs.create(properties=automember_prop)
automember_def.add_regex_rule("regex1",
GROUP_DN,
include_regex=[REGEX_VALUE])
automemberplugin.enable()
topo.standalone.restart()
# Check errors log for invalid message
ERR_STR1 = "automember_parse_regex_rule - Unable to parse regex rule"
ERR_STR2 = f"Skipping invalid inclusive regex rule in rule entry \"{REGEX_DN}\" \\(rule = \"{REGEX_ESC_VALUE}\"\\)"
assert topo.standalone.searchErrorsLog(ERR_STR1)
assert topo.standalone.searchErrorsLog(ERR_STR2)
def automember_fixture(topo, request):
# Create group
group_obj = Groups(topo.standalone, DEFAULT_SUFFIX)
automem_group = group_obj.create(properties={'cn': 'testgroup'})
# Create users
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
NUM_USERS = 1000
for num in range(NUM_USERS):
num_ran = int(round(num))
USER_NAME = 'test%05d' % num_ran
users.create(
properties={
'uid': USER_NAME,
'sn': USER_NAME,
'cn': USER_NAME,
'uidNumber': '%s' % num_ran,
'gidNumber': '%s' % num_ran,
'homeDirectory': '/home/%s' % USER_NAME,
'mail': '*****@*****.**' % USER_NAME,
'userpassword': '******' % num_ran,
})
# Create automember definitions and regex rules
automember_prop = {
'cn': 'testgroup_definition',
'autoMemberScope': DEFAULT_SUFFIX,
'autoMemberFilter': 'objectclass=posixaccount',
'autoMemberDefaultGroup': automem_group.dn,
'autoMemberGroupingAttr': 'member:dn',
}
automembers = AutoMembershipDefinitions(topo.standalone)
auto_def = automembers.create(properties=automember_prop)
auto_def.add_regex_rule("regex1",
automem_group.dn,
include_regex=['uid=.*'])
# Enable plugin
automemberplugin = AutoMembershipPlugin(topo.standalone)
automemberplugin.enable()
topo.standalone.restart()
def automember_fixture(topo, request):
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={'cn': 'testgroup'})
automemberplugin = AutoMembershipPlugin(topo.standalone)
automemberplugin.enable()
topo.standalone.restart()
automember_prop = {
'cn': 'testgroup_definition',
'autoMemberScope': 'ou=People,' + DEFAULT_SUFFIX,
'autoMemberFilter': 'objectclass=*',
'autoMemberDefaultGroup': group.dn,
'autoMemberGroupingAttr': 'member:dn',
}
automembers = AutoMembershipDefinitions(topo.standalone, "cn=Auto Membership Plugin,cn=plugins,cn=config")
automember = automembers.create(properties=automember_prop)
return (group, automembers, automember)
def test_mods(automember_fixture, topo):
"""Modify the user so that it is added to the various automember groups
:id: 28a2b070-7f16-4905-8831-c80fa6441693
:setup: Standalone Instance
:steps:
1. Update user that should add it to group[0]
2. Update user that should add it to group[1]
3. Update user that should add it to group[2]
4. Update user that should add it to group[0]
5. Test rebuild task correctly moves user to group[1]
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
"""
(user, groups) = automember_fixture
# Update user which should go into group[0]
user.replace('cn', 'whatever')
groups[0].is_member(user.dn)
if groups[1].is_member(user.dn):
assert False
if groups[2].is_member(user.dn):
assert False
# Update user0 which should go into group[1]
user.replace('cn', 'mark')
groups[1].is_member(user.dn)
if groups[0].is_member(user.dn):
assert False
if groups[2].is_member(user.dn):
assert False
# Update user which should go into group[2]
user.replace('cn', 'simon')
groups[2].is_member(user.dn)
if groups[0].is_member(user.dn):
assert False
if groups[1].is_member(user.dn):
assert False
# Update user which should go back into group[0] (full circle)
user.replace('cn', 'whatever')
groups[0].is_member(user.dn)
if groups[1].is_member(user.dn):
assert False
if groups[2].is_member(user.dn):
assert False
#
# Test rebuild task. First disable plugin
#
automemberplugin = AutoMembershipPlugin(topo.standalone)
automemberplugin.disable()
topo.standalone.restart()
# Make change that would move the entry from group[0] to group[1]
user.replace('cn', 'mark')
# Enable plugin
automemberplugin.enable()
topo.standalone.restart()
# Run rebuild task
task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount")
task.wait()
# Test membership
groups[1].is_member(user.dn)
if groups[0].is_member(user.dn):
assert False
if groups[2].is_member(user.dn):
assert False
# Success
log.info("Test PASSED")
