def enableAttrEncryption(srv,attrname,alg,dbname="userRoot"):
# Add an entry for this attribute
dn = "cn=%s,cn=encrypted attributes,cn=%s,cn=ldbm database,cn=plugins,cn=config" % (attrname, dbname)
ent = Entry(dn)
ent.setValue('objectclass', 'nsAttributeEncryption')
ent.setValue('nsEncryptionAlgorithm', alg)
srv.add_s(ent)
def handle(self,dn,entry):
if not dn:
dn = ''
newentry = Entry((dn, entry))
if newentry.hasValueCase('objectclass', 'inetorgperson'):
ocvals = newentry.getValues('objectclass')
ocvals.append('inetUser')
newentry.setValue('objectclass', ocvals)
try: self.conn.add_s(newentry)
except ldap.LDAPError, e:
if not self.cont: raise e
print "Error: could not add entry %s: error %s" % (dn, str(e))
def handle(self, dn, entry):
if not dn:
dn = ''
newentry = Entry((dn, entry))
if newentry.hasValueCase('objectclass', 'inetorgperson'):
ocvals = newentry.getValues('objectclass')
ocvals.append('inetUser')
newentry.setValue('objectclass', ocvals)
try:
self.conn.add_s(newentry)
except ldap.LDAPError, e:
if not self.cont: raise e
print "Error: could not add entry %s: error %s" % (dn, str(e))
def handle(self,dn,entry):
"""
Append single record to dictionary of all records.
"""
if not dn:
dn = ''
newentry = Entry((dn, entry))
objclasses = newentry.getValues('objectclass')
if 'inetOrgPerson' in objclasses:
print "adding posixAccount to ", dn
objclasses.append('posixAccount')
objclasses.append('myintobjclass')
newentry.setValue('objectclass', objclasses)
newentry.setValue('uidNumber', str(self.uidNumber))
newentry.setValue('gidNumber', str(self.uidNumber))
newentry.setValue('homeDirectory', '/home/foo')
newentry.setValue('myintattr', str(self.uidNumber))
self.uidNumber = self.uidNumber + 1
print>>self.output_file, str(newentry)
'no_admin': True
})
# add schema
srv.addAttr("( NAME 'testUserAccountControl' DESC 'Attribute Bitwise filteri-Multi-Valued' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )")
srv.addAttr("( NAME 'testUserStatus' DESC 'State of User account active/disabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )")
srv.addAttr("( 2.16.840.1.113730.3.1.999999.3 NAME 'attrcaseExactMatch' DESC 'for testing matching rules' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'matching rule tests' 'user defined' ) )")
srv.addObjClass("( NAME 'testperson' SUP top AUXILIARY MUST ( attrcaseExactMatch $ testUserAccountControl $ testUserStatus ) X-ORIGIN 'BitWise' )")
strval = 'ThIs Is A tEsT'
vals = (0, (511,), (512,), (513,), (514,), (1023,))
for ii in xrange(1, len(vals)):
dn = "cn=btestuser%d, %s" % (ii, basedn)
ent = Entry(dn)
ent.setValue('objectclass', 'top', 'person', 'testperson')
ent.setValue('sn', 'User')
ent.setValue('testUserAccountControl', [str(xx) for xx in vals[ii]])
ent.setValue('testUserStatus', 'bogus')
ent.setValue('attrcaseExactMatch', strval + str(ii))
srv.add_s(ent)
print "search for", strval, 1
ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, "(attrcaseExactMatch=%s1)" % strval)
for ent in ents:
print "found entry %s val %s" % (ent.dn, ent.attrcaseExactMatch)
print 'search for "(testUserAccountControl:1.2.840.113556.1.4.803:=514)"'
ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, "(testUserAccountControl:1.2.840.113556.1.4.803:=514)")
for ent in ents:
print "found entry %s val %s" % (ent.dn, ent.testUserAccountControl)
print 'search for "(testUserAccountControl:1.2.840.113556.1.4.804:=2)"'
"( NAME 'testUserStatus' DESC 'State of User account active/disabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )"
)
srv.addAttr(
"( 2.16.840.1.113730.3.1.999999.3 NAME 'attrcaseExactMatch' DESC 'for testing matching rules' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'matching rule tests' 'user defined' ) )"
)
srv.addObjClass(
"( NAME 'testperson' SUP top AUXILIARY MUST ( attrcaseExactMatch $ testUserAccountControl $ testUserStatus ) X-ORIGIN 'BitWise' )"
)
strval = 'ThIs Is A tEsT'
vals = (0, (511, ), (512, ), (513, ), (514, ), (1023, ))
for ii in xrange(1, len(vals)):
dn = "cn=btestuser%d, %s" % (ii, basedn)
ent = Entry(dn)
ent.setValue('objectclass', 'top', 'person', 'testperson')
ent.setValue('sn', 'User')
ent.setValue('testUserAccountControl', [str(xx) for xx in vals[ii]])
ent.setValue('testUserStatus', 'bogus')
ent.setValue('attrcaseExactMatch', strval + str(ii))
srv.add_s(ent)
print "search for", strval, 1
ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE,
"(attrcaseExactMatch=%s1)" % strval)
for ent in ents:
print "found entry %s val %s" % (ent.dn, ent.attrcaseExactMatch)
print 'search for "(testUserAccountControl:1.2.840.113556.1.4.803:=514)"'
ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE,
"(testUserAccountControl:1.2.840.113556.1.4.803:=514)")
for ent in ents:
# Add an entry for this attribute
dn = "cn=%s,cn=encrypted attributes,cn=%s,cn=ldbm database,cn=plugins,cn=config" % (attrname, dbname)
ent = Entry(dn)
ent.setValue('objectclass', 'nsAttributeEncryption')
ent.setValue('nsEncryptionAlgorithm', alg)
srv.add_s(ent)
def disableAttrEncryption(srv,attrname,dbname="userRoot"):
dn = "dn: cn=%s,cn=encrypted attributes,cn=%s,cn=ldbm database,cn=plugins,cn=config" % (attrname, dbname)
srv.delete_s(dn)
print "Enable attribute encryption for telephoneNumber"
enableAttrEncryption(srv,'telephoneNumber','3DES')
print "add user"
userdn = "uid=attrcryptuser,ou=people," + basedn
ent = Entry(userdn)
ent.setValue('objectclass', 'inetOrgPerson')
ent.setValue('cn', 'Attrcrypt User');
ent.setValue('sn', 'User')
ent.setValue('givenname', 'Attrcrypt')
ent.setValue('telephoneNumber', '1234567890')
srv.add_s(ent)
print "export encrypted data"
cmd = '%s/lib/dirsrv/slapd-%s/db2ldif -n userRoot -a /tmp/encrypted.ldif' % (os.environ['PREFIX'], newinst)
os.system(cmd)
print "export unencrypted data"
cmd = '%s/lib/dirsrv/slapd-%s/db2ldif -n userRoot -E -a /tmp/unencrypted.ldif' % (os.environ['PREFIX'], newinst)
os.system(cmd)
