def default_test(): host = 'localhost' port = 10200 binddn = "cn=directory manager" bindpw = "password" suffix = 'dc=example,dc=com' basedn = DN_CONFIG scope = ldap.SCOPE_BASE filt = "(objectclass=*)" instance_name = ['m1', 'm2'] instance_config = { 'cfgdshost': host, 'cfgdsport': port, 'cfgdsuser': '******', 'cfgdspwd': 'admin', 'newrootpw': 'password', 'newhost': host, 'newport': port, 'newinstance': instance_name[0], 'newsuffix': suffix, 'setup_admin': True, } try: m1 = DSAdmin(host, port, binddn, bindpw) except: m1 = DSAdminTools.createInstance(instance_config, verbose=1) added_instances.append(instance_config['newinstance']) # filename = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot, m1.inst) # m1.importLDIF(filename, "dc=example,dc=com", None, True) # m1.exportLDIF('/tmp/ldif', "dc=example,dc=com", False, True) print m1.sroot, m1.inst, m1.errlog ent = m1.getEntry(basedn, scope, filt, None) if ent: print ent.passwordmaxage instance_config.update({ 'newinstance': instance_name[1], 'newport': port + 10, }) m1 = DSAdminTools.createInstance(instance_config, verbose=1) added_instances.append(instance_config['newinstance']) # m1.stop(True) # m1.start(True) cn = m1.setupBackend("dc=example2,dc=com") rc = m1.setupSuffix("dc=example2,dc=com", cn) entry = m1.getEntry(DN_CONFIG, ldap.SCOPE_SUBTREE, "(cn=" + cn + ")") print "new backend entry is:" print entry print entry.getValues('objectclass') print entry.OBJECTCLASS results = m1.search_s("cn=monitor", ldap.SCOPE_SUBTREE) print results results = m1.getBackendsForSuffix("dc=example,dc=com") print results print "done"
ent = makeADUserEnt(ii) try: ad.add_s(ent) except ldap.ALREADY_EXISTS: print "AD entry", ent.dn, "already exists" setWindowsPwd(ad, ent.dn) # need the password, but skip the accountcontrol stuff print "Wait for sync to happen . . ." time.sleep(syncinterval+1) adents = [] dsents = [] print "make sure all entries are in AD . . ." for ii in xrange(1,11): filt = "(samaccountname=testuser%d)" % ii ents = ad.search_s(adusersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt) if not ents or len(ents) == 0 or not ents[0]: raise "error: " + filt + " not found in AD" adents.append(ents[0]) print "make sure all entries are in DS . . ." for ii in xrange(1,11): filt = "(uid=testuser%d)" % ii ents = ds.search_s(usersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt, dsattrs) if not ents or len(ents) == 0 or not ents[0]: raise "error: " + filt + " not found in DS" dsents.append(ents[0]) for dsent, adent in zip(dsents, adents): if not entriesAreEqual(dsent, adent): print "entries are not equal", dsent.dn, adent.dn
srv1 = DSAdmin(host1, int(port1), dn1, pw1) srv2 = DSAdmin(host2, int(port2), dn2, pw2) agmts1to2 = srv1.findAgreementDNs() agmts2to1 = srv2.findAgreementDNs() suffixes = {} srv1.lastnumchanges = {} srv2.lastnumchanges = {} srv1.avgrate = {} srv2.avgrate = {} srv1.count = {} srv2.count = {} repls = {} for dn in agmts1to2: ents = srv1.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*', ['nsDS5ReplicaRoot']) ndn = DSAdmin.normalizeDN(dn) nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot) suffixes[nrr] = dn srv1.lastnumchanges[ndn] = 0 rdns = ldap.explode_dn(dn, 0) ndn = DSAdmin.normalizeDN(','.join(rdns[1:])) repls[ndn] = ndn for dn in agmts2to1: ents = srv2.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*', ['nsDS5ReplicaRoot']) ndn = DSAdmin.normalizeDN(dn) nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot) suffixes[nrr] = dn srv2.lastnumchanges[ndn] = 0 rdns = ldap.explode_dn(dn, 0)
time.sleep(5) print "repl status:", ds.getReplStatus(agmtdn) ds.startReplication(agmtdn) time.sleep(5) print "repl status:", ds.getReplStatus(agmtdn) groupids = ['testglobalsecpre', 'testglobaldistpre', 'testlocalsecpre', 'testlocaldistpre'] print "Group entries on AD:" for gid in groupids: filt = "(samaccountname=%s)" % gid ents = ad.search_s(suffix, scope, filt); print str(ents[0]) print "" print "Group entries on DS:" for gid in groupids: filt = "(cn=%s)" % gid ents = ds.search_s(suffix, scope, filt); print str(ents[0]) print "" print "Add a user to each group in AD" sys.stdin.readline() print "Wait for sync . . ." time.sleep(15) print "Group entries on AD:"
time.sleep(5) print "repl status:", ds.getReplStatus(agmtdn) idnum = 6 ent = makeDSUserEnt() uid = ent.uid print "Now adding", uid, "to DS . . ." ds.add_s(ent) time.sleep(1) ents = ds.search_s(suffix, scope, "(uid=%s)" % uid, attrs) ent = ents[0] print "Added entry to DS, adding telephonenumber . . ." mod = [(ldap.MOD_ADD, 'telephoneNumber', telnum1)] ds.modify_s(ent.dn, mod) time.sleep(1) print "Making entry a sync-able entry . . ." mod = [(ldap.MOD_DELETE, 'telephoneNumber', telnum1), (ldap.MOD_ADD, 'telephoneNumber', telnum2), (ldap.MOD_ADD, 'description', 'test bug206966'), (ldap.MOD_ADD, 'objectclass', 'ntUser'), (ldap.MOD_ADD, 'ntUserDomainId', uid), (ldap.MOD_ADD, 'ntUserCreateNewAccount', 'true')] ds.modify_s(ent.dn, mod) time.sleep(1) print "Now compare the entries . . ." ents = ds.search_s(suffix, scope, "(uid=%s)" % uid) print "DS Entry: ", str(ents[0]) ents = ad.search_s(suffix, scope, "(samaccountname=%s)" % uid) print "AD Entry: ", str(ents[0])
print "repl status:", ds.getReplStatus(agmtdn) idnum = 6 ent = makeDSUserEnt() uid = ent.uid print "Now adding", uid, "to DS . . ." ds.add_s(ent) time.sleep(1) ents = ds.search_s(suffix, scope, "(uid=%s)" % uid, attrs) ent = ents[0] print "Added entry to DS, adding telephonenumber . . ." mod = [(ldap.MOD_ADD, 'telephoneNumber', telnum1)] ds.modify_s(ent.dn, mod) time.sleep(1) print "Making entry a sync-able entry . . ." mod = [(ldap.MOD_DELETE, 'telephoneNumber', telnum1), (ldap.MOD_ADD, 'telephoneNumber', telnum2), (ldap.MOD_ADD, 'description', 'test bug206966'), (ldap.MOD_ADD, 'objectclass', 'ntUser'), (ldap.MOD_ADD, 'ntUserDomainId', uid), (ldap.MOD_ADD, 'ntUserCreateNewAccount', 'true') ] ds.modify_s(ent.dn, mod) time.sleep(1) print "Now compare the entries . . ." ents = ds.search_s(suffix, scope, "(uid=%s)" % uid) print "DS Entry: ", str(ents[0]) ents = ad.search_s(suffix, scope, "(samaccountname=%s)" % uid) print "AD Entry: ", str(ents[0])
'no_admin': True }) #del os.environ['USE_DBX'] initfile = '' if os.environ.has_key('SERVER_ROOT'): initfile = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot,m1.inst) else: initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get('PREFIX', '/usr') m1.importLDIF(initfile, '', "userRoot", True) #m1.setLogLevel(65535) print "Add the filtered group entry with bogus filter" dn = "cn=TestDynamicGroup,dc=example,dc=com" ent = Entry(dn) ent.setValues('description', "Dynamic test group") ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls') ent.setValues('memberurl', 'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)') #ent.cn = 'TestDynamicGroup' m1.add_s(ent) print "Add the bogus aci for that group" addmod = [(ldap.MOD_REPLACE, 'aci', '(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)')] m1.modify_s("dc=example,dc=com", addmod) #m1.setLogLevel(0) print "Do a search binding as a member of the group" conn = DSAdmin(host1, port1, "uid=scarter,ou=people,dc=example,dc=com", "sprain") entries = conn.search_s("uid=scarter,ou=people,dc=example,dc=com", ldap.SCOPE_BASE, "objectclass=*");
print "Add user", ent.dn ds.add_s(ent) dn2 = ent.dn dn = "cn=testgroup," + usersubtree + "," + suffix ent = Entry(dn) ent.setValues('objectclass', ['top', 'groupOfUniqueNames', 'ntgroup']) ent.setValues('uniquemember', [dn1, dn2]) ent.setValues('ntUserDomainId', 'testgroup') ent.setValues('ntGroupCreateNewGroup', 'true') print "Add group", ent.dn ds.add_s(ent) print "modify", dn2 mod = [(ldap.MOD_ADD, 'description', 'a description')] ds.modify_s(dn2, mod) print "Wait for the magic to happen . . ." time.sleep(5) print "repl status:", ds.getReplStatus(agmtdn) print "AD testuser6 entry:" ents = ad.search_s(suffix, scope, "(samaccountname=testuser6)") print ents[0] print "AD testuser7 entry:" ents = ad.search_s(suffix, scope, "(samaccountname=testuser7)") print ents[0] print "AD testgroup entry:" ents = ad.search_s(suffix, scope, "(samaccountname=testgroup)") print ents[0]
try: ad.add_s(ent) except ldap.ALREADY_EXISTS: print "AD entry", ent.dn, "already exists" setWindowsPwd(ad, ent.dn) # need the password, but skip the accountcontrol stuff print "Wait for sync to happen . . ." time.sleep(syncinterval + 1) adents = [] dsents = [] print "make sure all entries are in AD . . ." for ii in xrange(1, 11): filt = "(samaccountname=testuser%d)" % ii ents = ad.search_s(adusersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt) if not ents or len(ents) == 0 or not ents[0]: raise "error: " + filt + " not found in AD" adents.append(ents[0]) print "make sure all entries are in DS . . ." for ii in xrange(1, 11): filt = "(uid=testuser%d)" % ii ents = ds.search_s(usersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt, dsattrs) if not ents or len(ents) == 0 or not ents[0]: raise "error: " + filt + " not found in DS" dsents.append(ents[0]) for dsent, adent in zip(dsents, adents): if not entriesAreEqual(dsent, adent):
ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection']) for ent in ents: print ent print "start search request . . ." scope = ldap.SCOPE_SUBTREE; filter = '(|(objectclass=*)(objectclass=nsTombstone))' serverctrls = [TestCtrl()] ents = m1.search_s(basedn, scope, filter) print "search returned %d entries" % len(ents) print "send abandon with controls . . ." m1.abandon_ext(999, serverctrls) print "send abandon without controls . . ." msgid2 = m1.abandon_ext(999) print "send unbind with controls . . ." # for some reason, unbind_ext_s is not passing # controls passed in - so have to set_option m1.set_option(ldap.OPT_SERVER_CONTROLS, serverctrls) m1.unbind_ext_s(serverctrls) print "try a search after the unbind . . ." try: ents = m1.search_s(basedn, scope, filter) except ldap.LDAPError, e: print "caught exception", e print "open new connection . . ." m1 = DSAdmin(host1, port1, binddn, bindpw) print "show active connections . . ." ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection']) for ent in ents: print ent
initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get( 'PREFIX', '/usr') m1.importLDIF(initfile, '', "userRoot", True) #m1.setLogLevel(65535) print "Add the filtered group entry with bogus filter" dn = "cn=TestDynamicGroup,dc=example,dc=com" ent = Entry(dn) ent.setValues('description', "Dynamic test group") ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls') ent.setValues( 'memberurl', 'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)') #ent.cn = 'TestDynamicGroup' m1.add_s(ent) print "Add the bogus aci for that group" addmod = [( ldap.MOD_REPLACE, 'aci', '(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)' )] m1.modify_s("dc=example,dc=com", addmod) #m1.setLogLevel(0) print "Do a search binding as a member of the group" conn = DSAdmin(host1, port1, "uid=scarter,ou=people,dc=example,dc=com", "sprain") entries = conn.search_s("uid=scarter,ou=people,dc=example,dc=com", ldap.SCOPE_BASE, "objectclass=*")
srv1 = DSAdmin(host1, int(port1), dn1, pw1) srv2 = DSAdmin(host2, int(port2), dn2, pw2) agmts1to2 = srv1.findAgreementDNs() agmts2to1 = srv2.findAgreementDNs() suffixes = {} srv1.lastnumchanges = {} srv2.lastnumchanges = {} srv1.avgrate = {} srv2.avgrate = {} srv1.count = {} srv2.count = {} repls = {} for dn in agmts1to2: ents = srv1.search_s(dn, ldap.SCOPE_BASE, "objectclass=*", ["nsDS5ReplicaRoot"]) ndn = DSAdmin.normalizeDN(dn) nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot) suffixes[nrr] = dn srv1.lastnumchanges[ndn] = 0 rdns = ldap.explode_dn(dn, 0) ndn = DSAdmin.normalizeDN(",".join(rdns[1:])) repls[ndn] = ndn for dn in agmts2to1: ents = srv2.search_s(dn, ldap.SCOPE_BASE, "objectclass=*", ["nsDS5ReplicaRoot"]) ndn = DSAdmin.normalizeDN(dn) nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot) suffixes[nrr] = dn srv2.lastnumchanges[ndn] = 0 rdns = ldap.explode_dn(dn, 0) ndn = DSAdmin.normalizeDN(",".join(rdns[1:]))
def genpwd(pwd, salt): sha = hashlib.sha1(pwd) sha.update(salt) return '{SSHA}' + base64.b64encode(sha.digest() + salt) pwd = 'averylongpassword' for ii in xrange(0, 100): dn = 'cn=user%d,ou=people,%s' % (ii, basedn) try: srv.delete_s(dn) except ldap.NO_SUCH_OBJECT: pass ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'User' + str(ii)) if ii > 0: salt = 'a' * ii pwdstr = genpwd(pwd, salt) else: pwdstr = pwd ent.setValues('userPassword', pwdstr) srv.add_s(ent) for ii in xrange(0, 100): dn = 'cn=user%d,ou=people,%s' % (ii, basedn) srv.simple_bind_s(dn, pwd) ents = srv.search_s("", ldap.SCOPE_BASE, '(objectclass=*)', ['vendorVersion']) print dn, 'successfully read', ents[0].vendorVersion