def test_group_sync_from_udm_to_ad_with_rename(group_class, sync_mode): with connector_setup(sync_mode), UCSTestUDM() as udm: udm_group = group_class() (udm_group_dn, ad_group_dn) = create_udm_group(udm, AD, udm_group, adconnector.wait_for_sync) print("\nRename UDM group\n") old_udm_dn = udm_group_dn # part of the workaround for bug #41694 udm_group_dn = udm.modify_object('groups/group', dn=udm_group_dn, **udm_group.to_unicode( udm_group.rename)) # XXX after a modify, the old DN is _wrongly_ returned: see bug #41694 if old_udm_dn == udm_group_dn: udm_group_dn = ldap.dn.dn2str( [[("CN", udm_group.to_unicode(udm_group.rename).get("name"), ldap.AVA_STRING)]] + ldap.dn.str2dn(udm_group_dn)[1:]) if old_udm_dn in udm._cleanup.get('groups/group', []): udm._cleanup.setdefault('groups/group', []).append(udm_group_dn) udm._cleanup['groups/group'].remove(old_udm_dn) # XXX end of workaround for bug #41694 adconnector.wait_for_sync() AD.verify_object(ad_group_dn, None) ad_group_dn = ldap.dn.dn2str( [[("CN", udm_group.to_unicode(udm_group.rename).get("name"), ldap.AVA_STRING)], [("CN", "groups", ldap.AVA_STRING)]] + ldap.dn.str2dn(AD.adldapbase)) AD.verify_object(ad_group_dn, tcommon.map_udm_group_to_con(udm_group.rename)) delete_udm_group(udm, AD, udm_group_dn, ad_group_dn, adconnector.wait_for_sync)
def test_group_sync_from_udm_to_ad_with_move(group_class, sync_mode): with connector_setup(sync_mode), UCSTestUDM() as udm: udm_group = group_class() (udm_group_dn, ad_group_dn) = create_udm_group(udm, AD, udm_group, adconnector.wait_for_sync) print("\nMove UDM group\n") udm_container_dn = udm.create_object('container/cn', name=udm_group.container) udm_group_dn = udm.move_object('groups/group', dn=udm_group_dn, position=udm_container_dn) adconnector.wait_for_sync() AD.verify_object(ad_group_dn, None) ad_group_dn = ldap.dn.dn2str( [[("CN", udm_group.to_unicode(udm_group.group).get("name"), ldap.AVA_STRING)], [("CN", udm_group.container, ldap.AVA_STRING)]] + ldap.dn.str2dn(AD.adldapbase)) AD.verify_object(ad_group_dn, tcommon.map_udm_group_to_con(udm_group.group)) delete_udm_group(udm, AD, udm_group_dn, ad_group_dn, adconnector.wait_for_sync)
def test_group_sync_from_udm_to_ad_with_nested_group(group_class, nested_class, sync_mode): with connector_setup(sync_mode), UCSTestUDM() as udm: udm_group = group_class() nested_group = nested_class() (udm_group_dn, ad_group_dn) = create_udm_group(udm, AD, udm_group, adconnector.wait_for_sync) print("\nModifying UDM group\n") (nested_group_dn, ad_nested_group_dn) = create_udm_group(udm, AD, nested_group, adconnector.wait_for_sync) udm.modify_object('groups/group', dn=udm_group_dn, nestedGroup=[nested_group_dn]) adconnector.wait_for_sync() ad_group = tcommon.map_udm_group_to_con(udm_group.group) ad_group.update({"member": [ad_nested_group_dn]}) AD.verify_object(ad_group_dn, ad_group) delete_udm_group(udm, AD, nested_group_dn, ad_nested_group_dn, adconnector.wait_for_sync) delete_udm_group(udm, AD, udm_group_dn, ad_group_dn, adconnector.wait_for_sync)
def test_group_sync_from_ad_to_udm_with_move(group_class, sync_mode): with connector_setup(sync_mode): udm_group = group_class() (ad_group, ad_group_dn, udm_group_dn) = create_con_group(AD, udm_group, adconnector.wait_for_sync) print("\nMove AD group {!r} to {!r}\n".format(ad_group_dn, udm_group.container)) container_dn = AD.container_create(udm_group.container) ad_group_dn = AD.rename_or_move_user_or_group(ad_group_dn, position=container_dn) AD.set_attributes(ad_group_dn, **tcommon.map_udm_group_to_con(udm_group.group)) adconnector.wait_for_sync() tcommon.verify_udm_object("groups/group", udm_group_dn, None) udm_group_dn = ldap.dn.dn2str( [[("CN", udm_group.to_unicode(udm_group.group).get("name"), ldap.AVA_STRING)], [("CN", udm_group.container, ldap.AVA_STRING)]] + ldap.dn.str2dn(tcommon.configRegistry['ldap/base'])) tcommon.verify_udm_object("groups/group", udm_group_dn, udm_group.group) delete_con_group(AD, ad_group_dn, udm_group_dn, adconnector.wait_for_sync)
def test_group_sync_from_udm_to_ad(group_class, sync_mode): with connector_setup(sync_mode), UCSTestUDM() as udm: udm_group = group_class() (udm_group_dn, ad_group_dn) = create_udm_group(udm, AD, udm_group, adconnector.wait_for_sync) delete_udm_group(udm, AD, udm_group_dn, ad_group_dn, adconnector.wait_for_sync)
def test_group_sync_from_ad_to_udm(group_class, sync_mode): with connector_setup(sync_mode): udm_group = group_class() (ad_group, ad_group_dn, udm_group_dn) = create_con_group(AD, udm_group, adconnector.wait_for_sync) delete_con_group(AD, ad_group_dn, udm_group_dn, adconnector.wait_for_sync)
def test_attribute_sync_from_udm_to_ad(attribute, sync_mode): (ucs_attribute, con_attribute, con_other_attribute) = attribute udm_user = NormalUser(selection=("username", "lastname", ucs_attribute)) primary_value = udm_user.basic.get(ucs_attribute) all_values = (primary_value, random_number(), random_number()) secondary_values = all_values[1:] with connector_setup(sync_mode), UCSTestUDM() as udm: # A single `phone` number must be synced to `telephoneNumber` in AD. (udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync) # Additional `phone` values must be synced to `otherTelephone`, # `telephoneNumber` must keep its value. print("\nModifying UDM user: {}={}\n".format(ucs_attribute, all_values)) udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: all_values}) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, {con_attribute: primary_value, con_other_attribute: secondary_values}) tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: all_values}) # If we delete the first `phone` value via UDM, we want to duplicate # the first value of `otherTelephone` into `telephoneNumber`. (new_primary, next_primary) = secondary_values print("\nModifying UDM user: {}={}\n".format(ucs_attribute, secondary_values)) udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: secondary_values}) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, {con_attribute: new_primary, con_other_attribute: secondary_values}) tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: secondary_values}) # If we delete a `phone` value via UDM that is duplicated in AD, we want # it to be deleted from `telephoneNumber` and `otherTelephone`. print("\nModifying UDM user: {}={}\n".format(ucs_attribute, next_primary)) udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: next_primary}) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, {con_attribute: next_primary, con_other_attribute: next_primary}) tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: next_primary}) # Setting a completely new `phone` value via UDM, this must be synced # to `telephoneNumber` and `otherTelephone` must be empty. new_phone_who_dis = random_number() print("\nModifying UDM user: {}={}\n".format(ucs_attribute, new_phone_who_dis)) udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: new_phone_who_dis}) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, {con_attribute: new_phone_who_dis, con_other_attribute: []}) tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: new_phone_who_dis}) # No `phone` value via UDM, must result in an empty `telephoneNumber` # and `otherTelephone`. print("\nModifying UDM user: {}={}\n".format(ucs_attribute, [])) udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: ''}) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, {con_attribute: [], con_other_attribute: []}) tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: []}) delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_udm_to_ad(user_class, sync_mode): with connector_setup(sync_mode), UCSTestUDM() as udm: udm_user = user_class() (udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync) print("\nModifying UDM user\n") udm.modify_object('users/user', dn=udm_user_dn, **udm_user.user) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, tcommon.map_udm_user_to_con(udm_user.user)) delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_ad_to_udm(user_class, sync_mode): with connector_setup(sync_mode): udm_user = user_class() (basic_ad_user, ad_user_dn, udm_user_dn) = create_con_user(AD, udm_user, adconnector.wait_for_sync) print("\nModifying AD user\n") AD.set_attributes(ad_user_dn, **tcommon.map_udm_user_to_con(udm_user.user)) adconnector.wait_for_sync() tcommon.verify_udm_object("users/user", udm_user_dn, udm_user.user) delete_con_user(AD, ad_user_dn, udm_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_udm_to_ad_with_rename(user_class, sync_mode): with connector_setup(sync_mode), UCSTestUDM() as udm: udm_user = user_class() (udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync) print("\nRename UDM user\n") udm_user_dn = udm.modify_object('users/user', dn=udm_user_dn, **udm_user.rename) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, None) ad_user_dn = ldap.dn.dn2str([ [("CN", udm_user.rename.get("username"), ldap.AVA_STRING)], [("CN", "users", ldap.AVA_STRING)]] + ldap.dn.str2dn(AD.adldapbase)) AD.verify_object(ad_user_dn, tcommon.map_udm_user_to_con(udm_user.rename)) delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_group_sync_from_ad_to_udm_with_nested_group(group_class, nested_class, sync_mode): with connector_setup(sync_mode): udm_group = group_class() nested_group = nested_class() (ad_group, ad_group_dn, udm_group_dn) = create_con_group(AD, udm_group, adconnector.wait_for_sync) print("\nModifying AD group\n") (nested_ad_user, nested_ad_user_dn, nested_udm_user_dn) = create_con_group(AD, nested_group, adconnector.wait_for_sync) AD.set_attributes(ad_group_dn, member=[nested_ad_user_dn]) adconnector.wait_for_sync() udm_attributes = {"nestedGroup": [nested_udm_user_dn]} udm_attributes.update(udm_group.group) tcommon.verify_udm_object("groups/group", udm_group_dn, udm_attributes) delete_con_group(AD, nested_ad_user_dn, nested_udm_user_dn, adconnector.wait_for_sync) delete_con_group(AD, ad_group_dn, udm_group_dn, adconnector.wait_for_sync)
def test_user_sync_from_udm_to_ad_with_move(user_class, sync_mode): with connector_setup(sync_mode), UCSTestUDM() as udm: udm_user = user_class() (udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync) print("\nMove UDM user\n") udm_container_dn = udm.create_object('container/cn', name=udm_user.container) udm_user_dn = udm.move_object('users/user', dn=udm_user_dn, position=udm_container_dn) adconnector.wait_for_sync() AD.verify_object(ad_user_dn, None) ad_user_dn = ldap.dn.dn2str([ [("CN", udm_user.basic.get("username"), ldap.AVA_STRING)], [("CN", udm_user.container, ldap.AVA_STRING)]] + ldap.dn.str2dn(AD.adldapbase)) AD.verify_object(ad_user_dn, tcommon.map_udm_user_to_con(udm_user.basic)) delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_ad_to_udm_with_move(user_class, sync_mode): with connector_setup(sync_mode): udm_user = user_class() (basic_ad_user, ad_user_dn, udm_user_dn) = create_con_user(AD, udm_user, adconnector.wait_for_sync) print("\nMove AD user {!r} to {!r}\n".format(ad_user_dn, udm_user.container)) container_dn = AD.container_create(udm_user.container) ad_user_dn = AD.rename_or_move_user_or_group(ad_user_dn, position=container_dn) AD.set_attributes(ad_user_dn, **tcommon.map_udm_user_to_con(udm_user.basic)) adconnector.wait_for_sync() tcommon.verify_udm_object("users/user", udm_user_dn, None) udm_user_dn = ldap.dn.dn2str([ [("uid", udm_user.basic.get("username"), ldap.AVA_STRING)], [("CN", udm_user.container, ldap.AVA_STRING)]] + ldap.dn.str2dn(tcommon.configRegistry['ldap/base'])) tcommon.verify_udm_object("users/user", udm_user_dn, udm_user.basic) delete_con_user(AD, ad_user_dn, udm_user_dn, adconnector.wait_for_sync)
def test_attribute_sync_from_ad_to_udm(attribute, sync_mode): (ucs_attribute, con_attribute, con_other_attribute) = attribute udm_user = NormalUser(selection=("username", "lastname", ucs_attribute)) primary_value = udm_user.basic.get(ucs_attribute) all_values = (primary_value, random_number(), random_number()) secondary_values = all_values[1:] with connector_setup(sync_mode): # A single `telephoneNumber` must be synced to `phone` in UDM. (basic_ad_user, ad_user_dn, udm_user_dn) = create_con_user(AD, udm_user, adconnector.wait_for_sync) # Additional values in `otherTelephone` must be appended to `phone`. print("\nModifying AD user: {}={}, {}={}\n".format( con_attribute, primary_value, con_other_attribute, secondary_values)) AD.set_attributes( ad_user_dn, **{ con_attribute: primary_value, con_other_attribute: secondary_values }) adconnector.wait_for_sync() tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: all_values}) AD.verify_object(ad_user_dn, { con_attribute: primary_value, con_other_attribute: secondary_values }) if sync_mode == "sync": # otherwise the connector can't write into AD # If we delete the value of `telephoneNumber` from AD, we expect to get # the first value of `otherTelephone` duplicated into # `telephoneNumber`. (new_primary, _) = secondary_values print("\nModifying AD user: {}={}\n".format(con_attribute, [])) AD.set_attributes(ad_user_dn, **{con_attribute: []}) adconnector.wait_for_sync() tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: secondary_values}) AD.verify_object(ad_user_dn, { con_attribute: new_primary, con_other_attribute: secondary_values }) # Deleting the duplicate from `otherTelephone` must retain the value of # `telephoneNumber` and `phone` in UDM. print("\nModifying AD user: {}={}\n".format( con_other_attribute, [])) AD.set_attributes(ad_user_dn, **{con_other_attribute: []}) adconnector.wait_for_sync() tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: new_primary}) AD.verify_object(ad_user_dn, { con_attribute: new_primary, con_other_attribute: [] }) # Setting a new `telephoneNumber` and no `otherTelephone` in AD must # result in a single new value in `phone`. new_phone_who_dis = random_number() print("\nModifying AD user: {}={}\n".format(con_attribute, new_phone_who_dis)) AD.set_attributes( ad_user_dn, **{ con_attribute: new_phone_who_dis, con_other_attribute: [] }) adconnector.wait_for_sync() tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: new_phone_who_dis}) AD.verify_object(ad_user_dn, { con_attribute: new_phone_who_dis, con_other_attribute: [] }) # Setting no `telephoneNumber` and no `otherTelephone` in AD must # result in no value in `phone`. print("\nModifying AD user: {}={}\n".format(con_attribute, [])) AD.set_attributes(ad_user_dn, **{ con_attribute: [], con_other_attribute: [] }) adconnector.wait_for_sync() tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: []}) AD.verify_object(ad_user_dn, { con_attribute: [], con_other_attribute: [] }) delete_con_user(AD, ad_user_dn, udm_user_dn, adconnector.wait_for_sync)