def test_normal_modification(self, mock_spawn, mock_send_problem_report):
mock_spawn.return_value.before = b'\n'
modify_ldap_entry_with_keytab(
'uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU', {
'a': ['b', 'c'],
'calnetUid': 1234
}, '/nonexist', 'create/admin')
mock_spawn.assert_called_with(
'kinit -t /nonexist create/admin ldapmodify',
timeout=10,
)
mock_spawn.return_value.expect.assert_has_calls([
mock.call('SASL data security layer installed.'),
mock.call(
'entry "uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU"'),
])
mock_spawn.return_value.sendline.assert_has_calls((
mock.call(
encode('dn',
'uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU')),
mock.call('changetype: modify'),
mock.call('replace: a'),
mock.call(encode('a', 'b')),
mock.call(encode('a', 'c')),
mock.call('-'),
mock.call('replace: calnetUid'),
mock.call(encode('calnetUid', '1234')),
),
any_order=True)
assert mock_spawn.return_value.sendeof.called
assert not mock_send_problem_report.called
def test_normal_modification(self, mock_spawn, mock_send_problem_report):
mock_spawn.return_value.before = b"\n"
modify_ldap_entry_with_keytab(
"uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU",
{"a": ["b", "c"], "calnetUid": 1234},
"/nonexist",
"create/admin",
)
mock_spawn.assert_called_with("kinit -t /nonexist create/admin ldapmodify", timeout=10)
mock_spawn.return_value.expect.assert_has_calls(
[
mock.call("SASL data security layer installed."),
mock.call('entry "uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU"'),
]
)
mock_spawn.return_value.sendline.assert_has_calls(
(
mock.call(encode("dn", "uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU")),
mock.call("changetype: modify"),
mock.call("replace: a"),
mock.call(encode("a", "b")),
mock.call(encode("a", "c")),
mock.call("-"),
mock.call("replace: calnetUid"),
mock.call(encode("calnetUid", "1234")),
),
any_order=True,
)
assert mock_spawn.return_value.sendeof.called
assert not mock_send_problem_report.called
def test_modify_nonexistent(self, mock_spawn, mock_send_problem_report):
mock_spawn.return_value.before = b'\nNo such object (32)\n'
with pytest.raises(ValueError):
modify_ldap_entry_with_keytab(
'uid=unknown,ou=People,dc=OCF,dc=Berkeley,dc=EDU', {
'a': ['b', 'c'],
'd': ['e']
}, '/nonexist', 'create/admin')
assert not mock_send_problem_report.called
def test_modify_nonexistent(self, mock_spawn, mock_send_problem_report):
mock_spawn.return_value.before = b"\nNo such object (32)\n"
with pytest.raises(ValueError):
modify_ldap_entry_with_keytab(
"uid=unknown,ou=People,dc=OCF,dc=Berkeley,dc=EDU",
{"a": ["b", "c"], "d": ["e"]},
"/nonexist",
"create/admin",
)
assert not mock_send_problem_report.called
def modify_ldap_attributes(username, attributes, keytab, principal):
"""Adds or modifies arbitrary attributes of a user's LDAP record subject to
minor validation beyond the LDAP schema.
At the moment, the only attribute that benefits from extra validation is
the 'loginShell' attribute.
"""
for value in attributes.get('loginShell', ()):
if not misc.validators.valid_login_shell(value):
raise ValueError("Invalid login shell '{}'".format(value))
ldap_ocf.modify_ldap_entry_with_keytab(
utils.dn_for_username(username),
attributes,
keytab,
principal,
)
def modify_ldap_attributes(username, attributes, keytab, principal):
"""Adds or modifies arbitrary attributes of a user's LDAP record subject to
minor validation beyond the LDAP schema.
At the moment, the only attribute that benefits from extra validation is
the 'loginShell' attribute.
"""
for value in attributes.get('loginShell', ()):
if not misc.validators.valid_login_shell(value):
raise ValueError("Invalid login shell '{}'".format(value))
ldap_ocf.modify_ldap_entry_with_keytab(
utils.dn_for_username(username),
attributes,
keytab,
principal,
)