def regex_edit(inst, basedn, log, args):
log = log.getChild('regex_edit')
definitions = AutoMembershipDefinitions(inst)
definition = definitions.get(args.DEFNAME)
regexes = AutoMembershipRegexRules(inst, definition.dn)
regex = regexes.get(args.REGEXNAME)
generic_object_edit(regex, log, args, arg_to_attr_regex)
def regex_del(inst, basedn, log, args):
log = log.getChild('regex_del')
definitions = AutoMembershipDefinitions(inst)
definition = definitions.get(args.DEFNAME)
regexes = AutoMembershipRegexRules(inst, definition.dn)
regex = regexes.get(args.REGEXNAME)
regex.delete()
log.info("Successfully deleted the %s regex", args.REGEXNAME)
def definition_del(inst, basedn, log, args):
# First delete regexes, then the defintion
log = log.getChild('definition_del')
definitions = AutoMembershipDefinitions(inst)
definition = definitions.get(args.DEFNAME)
regexes = AutoMembershipRegexRules(inst, definition.dn)
for regex in regexes.list():
regex.delete()
definition.delete()
log.info("Successfully deleted the %s definition", args.DEFNAME)
def regex_show(inst, basedn, log, args):
log = log.getChild('regex_show')
definitions = AutoMembershipDefinitions(inst)
definition = definitions.get(args.DEFNAME)
regexes = AutoMembershipRegexRules(inst, definition.dn)
regex = regexes.get(args.REGEXNAME)
if not regex.exists():
raise ldap.NO_SUCH_OBJECT("Entry %s doesn't exists" % args.REGEXNAME)
if args and args.json:
o_str = regex.get_all_attrs_json()
log.info(o_str)
else:
log.info(regex.display())
def regex_list(inst, basedn, log, args):
definitions = AutoMembershipDefinitions(inst)
definition = definitions.get(args.DEFNAME)
regexes = AutoMembershipRegexRules(inst, definition.dn)
result = []
result_json = []
for regex in regexes.list():
if args.json:
result_json.append(json.loads(regex.get_all_attrs_json()))
else:
result.append(regex.rdn)
if args.json:
log.info(json.dumps({"type": "list", "items": result_json}, indent=4))
else:
if len(result) > 0:
for i in result:
log.info(i)
else:
log.info("No Automember regexes were found")
def _create_entries(topo_m4):
"""
Will act as module .Will set up required user/entries for the test cases.
"""
for instance in [
topo_m4.ms['supplier1'], topo_m4.ms['supplier2'],
topo_m4.ms['supplier3'], topo_m4.ms['supplier4']
]:
assert instance.status()
for org in ['autouserGroups', 'Employees', 'TaskEmployees']:
OrganizationalUnits(topo_m4.ms['supplier1'],
DEFAULT_SUFFIX).create(properties={'ou': org})
Backends(topo_m4.ms['supplier1']).create(
properties={
'cn': 'SubAutoMembers',
'nsslapd-suffix': SUBSUFFIX,
'nsslapd-CACHE_SIZE': CACHE_SIZE,
'nsslapd-CACHEMEM_SIZE': CACHEMEM_SIZE
})
Domain(topo_m4.ms['supplier1'], SUBSUFFIX).create(
properties={
'dc':
SUBSUFFIX.split('=')[1].split(',')[0],
'aci': [
f'(targetattr="userPassword")(version 3.0;aci "Replication Manager Access";'
f'allow (write,compare) userdn="ldap:///{REPMANDN},cn=config";)',
f'(target ="ldap:///{SUBSUFFIX}")(targetattr !="cn||sn||uid")(version 3.0;'
f'acl "Group Permission";allow (write)(groupdn = "ldap:///cn=GroupMgr,{SUBSUFFIX}");)',
f'(target ="ldap:///{SUBSUFFIX}")(targetattr !="userPassword")(version 3.0;'
f'acl "Anonym-read access"; allow (read,search,compare) (userdn="ldap:///anyone");)'
]
})
for suff, grp in [
(DEFAULT_SUFFIX, 'SubDef1'), (DEFAULT_SUFFIX, 'SubDef2'),
(DEFAULT_SUFFIX, 'SubDef3'), (DEFAULT_SUFFIX, 'SubDef4'),
(DEFAULT_SUFFIX, 'SubDef5'), (DEFAULT_SUFFIX, 'Employees'),
(DEFAULT_SUFFIX, 'NewEmployees'), (DEFAULT_SUFFIX, 'testuserGroups'),
(SUBSUFFIX, 'subsuffGroups'), (SUBSUFFIX, 'Employees'),
(DEFAULT_SUFFIX, 'autoMembersPlugin'),
(DEFAULT_SUFFIX, 'replsubGroups'),
("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Managers'),
("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Contractors'),
("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Interns'),
("cn=replsubGroups,{}".format(DEFAULT_SUFFIX), 'Visitors'),
("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef1'),
("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef2'),
("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef3'),
("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef4'),
("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'SuffDef5'),
("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'Contractors'),
("ou=autouserGroups,{}".format(DEFAULT_SUFFIX), 'Managers'),
("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef1'),
("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef2'),
("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef3'),
("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef4'),
("CN=testuserGroups,{}".format(DEFAULT_SUFFIX), 'TestDef5')
]:
Groups(topo_m4.ms['supplier1'], suff,
rdn=None).create(properties={'cn': grp})
for suff, grp, gid in [
(SUBSUFFIX, 'SubDef1', '111'), (SUBSUFFIX, 'SubDef2', '222'),
(SUBSUFFIX, 'SubDef3', '333'), (SUBSUFFIX, 'SubDef4', '444'),
(SUBSUFFIX, 'SubDef5', '555'),
('cn=subsuffGroups,{}'.format(SUBSUFFIX), 'Managers', '666'),
('cn=subsuffGroups,{}'.format(SUBSUFFIX), 'Contractors', '999')
]:
PosixGroups(topo_m4.ms['supplier1'], suff,
rdn=None).create(properties={
'cn': grp,
'gidNumber': gid
})
for supplier in [
topo_m4.ms['supplier1'], topo_m4.ms['supplier2'],
topo_m4.ms['supplier3'], topo_m4.ms['supplier4']
]:
AutoMembershipPlugin(supplier).add(
"nsslapd-pluginConfigArea",
"cn=autoMembersPlugin,{}".format(DEFAULT_SUFFIX))
MemberOfPlugin(supplier).enable()
automembers = AutoMembershipDefinitions(
topo_m4.ms['supplier1'], f'cn=autoMembersPlugin,{DEFAULT_SUFFIX}')
automember1 = automembers.create(
properties={
'cn':
'replsubGroups',
'autoMemberScope':
f'ou=Employees,{DEFAULT_SUFFIX}',
'autoMemberFilter':
"objectclass=posixAccount",
'autoMemberDefaultGroup': [
f'cn=SubDef1,{DEFAULT_SUFFIX}', f'cn=SubDef2,{DEFAULT_SUFFIX}',
f'cn=SubDef3,{DEFAULT_SUFFIX}', f'cn=SubDef4,{DEFAULT_SUFFIX}',
f'cn=SubDef5,{DEFAULT_SUFFIX}'
],
'autoMemberGroupingAttr':
'member:dn'
})
automembers = AutoMembershipRegexRules(topo_m4.ms['supplier1'],
automember1.dn)
automembers.create(
properties={
'cn':
'Managers',
'description':
f'Group placement for Managers',
'autoMemberTargetGroup':
[f'cn=Managers,cn=replsubGroups,{DEFAULT_SUFFIX}'],
'autoMemberInclusiveRegex': [
'uidNumber=^5..5$', 'gidNumber=^[1-4]..3$',
'nsAdminGroupName=^Manager$|^Supervisor$'
],
"autoMemberExclusiveRegex": [
'uidNumber=^999$', 'gidNumber=^[6-8].0$',
'nsAdminGroupName=^Junior$'
],
})
automembers.create(
properties={
'cn':
'Contractors',
'description':
f'Group placement for Contractors',
'autoMemberTargetGroup':
[f'cn=Contractors,cn=replsubGroups,{DEFAULT_SUFFIX}'],
'autoMemberInclusiveRegex': [
'uidNumber=^8..5$', 'gidNumber=^[5-9]..3$',
'nsAdminGroupName=^Contract|^Temporary$'
],
"autoMemberExclusiveRegex": [
'uidNumber=^[1,3,8]99$', 'gidNumber=^[2-4]00$',
'nsAdminGroupName=^Employee$'
],
})
automembers.create(
properties={
'cn':
'Interns',
'description':
f'Group placement for Interns',
'autoMemberTargetGroup':
[f'cn=Interns,cn=replsubGroups,{DEFAULT_SUFFIX}'],
'autoMemberInclusiveRegex': [
'uidNumber=^1..6$', 'gidNumber=^[1-9]..3$',
'nsAdminGroupName=^Interns$|^Trainees$'
],
"autoMemberExclusiveRegex": [
'uidNumber=^[1-9]99$', 'gidNumber=^[1-9]00$',
'nsAdminGroupName=^Students$'
],
})
automembers.create(
properties={
'cn':
'Visitors',
'description':
f'Group placement for Visitors',
'autoMemberTargetGroup':
[f'cn=Visitors,cn=replsubGroups,{DEFAULT_SUFFIX}'],
'autoMemberInclusiveRegex': [
'uidNumber=^1..6$', 'gidNumber=^[1-5]6.3$',
'nsAdminGroupName=^Visitors$'
],
"autoMemberExclusiveRegex": [
'uidNumber=^[7-9]99$', 'gidNumber=^[7-9]00$',
'nsAdminGroupName=^Inter'
],
})
for instance in [
topo_m4.ms['supplier1'], topo_m4.ms['supplier2'],
topo_m4.ms['supplier3'], topo_m4.ms['supplier4']
]:
instance.restart()
