def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""
log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()
log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = EncryptedAttrs(topo.standalone, basedn='cn=encrypted attributes,{}'.format(backend.dn))
log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
telephone_encrypt = encrypt_attrs.create(properties={'cn': 'telephoneNumber', 'nsEncryptionAlgorithm': '3DES'})
log.info("Add a test user with encrypted attributes")
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
test_user = users.create(properties=TEST_USER_PROPERTIES)
test_user.replace('employeeNumber', '1000')
test_user.replace('telephoneNumber', '1234567890')
def fin():
log.info("Remove attribute encryption for various attributes")
emp_num_encrypt.delete()
telephone_encrypt.delete()
request.addfinalizer(fin)
return test_user
def test_get_valid(topology_st, backend):
"""Test basic get method functionality
:id: d3e5ebf2-5598-41cd-b1fa-ac18d3057f80
:setup: Standalone instance
:steps:
1. Get the backend with suffix
2. Get the backend with backend name
3. Get the backend with backend DN
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
"""
backends = Backends(topology_st.standalone)
log.info("Try to get a backend with backend suffix")
d1 = backends.get(NEW_SUFFIX_1_RDN)
topology_st.standalone.log.info("Suffix (%d): backend %s" % (1, d1.dn))
assert d1 is not None
log.info("Try to get a backend with backend name")
d2 = backends.get(BACKEND_NAME_1)
topology_st.standalone.log.info("Backend (%d): backend (%s)" % (1, d2.dn))
assert d2 is not None
log.info("Try to get a backend with backend DN")
d3 = backends.get(dn=backend.dn)
topology_st.standalone.log.info("DN (%d): backend %s" % (1, d3.dn))
assert d3 is not None
def test_ndn_cache_enabled(topo):
"""Test nsslapd-ignore-virtual-attrs configuration attribute
:id: 2caa3ec0-cd05-458e-9e21-3b73cf4697ff
:setup: Standalone instance
:steps:
1. Check the attribute nsslapd-ndn-cache-enabled is present in cn=config
2. Check the attribute nsslapd-ndn-cache-enabled has the default value set as ON
3. Check the attribute nsslapd-ndn-cache-max-size is present in cn=config
4. Check the backend monitor output for Normalized DN cache statistics while nsslapd-ndn-cache-enabled is OFF
5. Set nsslapd-ndn-cache-enabled ON and check the backend monitor output for Normalized DN cache statistics
6. Set invalid value for nsslapd-ndn-cache-enabled
7. Set invalid value for nsslapd-ndn-cache-max-size
:expectedresults:
1. This should be successful
2. This should be successful
3. This should be successful
4. Backend monitor output should not have NDN cache statistics
5. Backend monitor output should have NDN cache statistics
6. This should fail
7. This should fail
"""
log.info("Check the attribute nsslapd-ndn-cache-enabled is present in cn=config")
assert topo.standalone.config.present('nsslapd-ndn-cache-enabled')
log.info("Check the attribute nsslapd-ndn-cache-enabled has the default value set as ON")
assert topo.standalone.config.get_attr_val_utf8('nsslapd-ndn-cache-enabled') == 'on'
log.info("Check the attribute nsslapd-ndn-cache-max-size is present in cn=config")
assert topo.standalone.config.present('nsslapd-ndn-cache-max-size')
backends = Backends(topo.standalone)
backend = backends.get(DEFAULT_BENAME)
log.info("Ticket#49593 : NDN cache stats should be under the global stats - Implemented in 1.4")
log.info("Fetch the monitor value according to the ds version")
if ds_is_older('1.4'):
monitor = backend.get_monitor()
else:
monitor = MonitorLDBM(topo.standalone)
log.info("Check the backend monitor output for Normalized DN cache statistics, "
"while nsslapd-ndn-cache-enabled is off")
topo.standalone.config.set('nsslapd-ndn-cache-enabled', 'off')
topo.standalone.restart()
assert not monitor.present('normalizedDnCacheHits')
log.info("Check the backend monitor output for Normalized DN cache statistics, "
"while nsslapd-ndn-cache-enabled is on")
topo.standalone.config.set('nsslapd-ndn-cache-enabled', 'on')
topo.standalone.restart()
assert monitor.present('normalizedDnCacheHits')
log.info("Set invalid value for nsslapd-ndn-cache-enabled")
with pytest.raises(ldap.OPERATIONS_ERROR):
topo.standalone.config.set('nsslapd-ndn-cache-enabled', 'invalid_value')
log.info("Set invalid value for nsslapd-ndn-cache-max-size")
with pytest.raises(ldap.OPERATIONS_ERROR):
topo.standalone.config.set('nsslapd-ndn-cache-max-size', 'invalid_value')
def test_backend_index(topology_st):
backends = Backends(topology_st.standalone)
ur_backend = backends.get('userRoot')
ur_indexes = ur_backend.get_indexes()
index = ur_indexes.create(properties={
'cn': 'modifytimestamp',
'nsSystemIndex': 'false',
'nsIndexType': 'eq'
})
index_list = ur_indexes.list()
found = False
for i in index_list:
if i.dn.startswith('cn=modifytimestamp'):
found = True
assert found
index.delete()
index_list = ur_indexes.list()
found = False
for i in index_list:
if i.dn.startswith('cn=modifytimestamp'):
found = True
assert not found
def test_healthcheck_non_replicated_suffixes(topology_m2):
"""Check if backend lint function unexpectedly throws exception
:id: f922edf8-c527-4802-9f42-0b75bf97098a
:setup: 2 MMR topology
:steps:
1. Create a new suffix: cn=changelog
2. Call healthcheck (there should not be any exceptions raised)
:expectedresults:
1. Success
2. Success
"""
inst = topology_m2.ms['master1']
# Create second suffix
backends = Backends(inst)
backends.create(properties={'nsslapd-suffix': "cn=changelog",
'name': 'changelog'})
# Call healthcheck
args = FakeArgs()
args.instance = inst.serverid
args.verbose = inst.verbose
args.list_errors = False
args.list_checks = False
args.check = ['backends']
args.dry_run = False
args.json = False
health_check_run(inst, topology_m2.logcap.log, args)
def test_49290_range_unindexed_notes(topology_st):
"""
Ticket 49290 had a small collection of issues - the primary issue is
that range requests on an attribute that is unindexed was not reporting
notes=U. This asserts that:
* When unindexed, the attr shows notes=U
* when indexed, the attr does not
"""
# First, assert that modifyTimestamp does not have an index. If it does,
# delete it.
topology_st.standalone.config.set('nsslapd-accesslog-logbuffering', 'off')
backends = Backends(topology_st.standalone)
backend = backends.get(DEFAULT_BENAME)
indexes = backend.get_indexes()
for i in indexes.list():
i_cn = i.get_attr_val_utf8('cn')
if i_cn.lower() == 'modifytimestamp':
i.delete()
topology_st.standalone.restart()
# Now restart the server, and perform a modifyTimestamp range operation.
# in access, we should see notes=U (or notes=A)
results = topology_st.standalone.search_s(DEFAULT_SUFFIX,
ldap.SCOPE_SUBTREE,
'(modifyTimestamp>=0)', [
'nsUniqueId',
])
access_lines_unindexed = topology_st.standalone.ds_access_log.match(
'.*notes=U.*')
assert len(access_lines_unindexed) == 1
# Now add the modifyTimestamp index and run db2index. This will restart
# the server
indexes.create(properties={
'cn': 'modifytimestamp',
'nsSystemIndex': 'false',
'nsIndexType': 'eq',
})
topology_st.standalone.stop()
assert topology_st.standalone.db2index(DEFAULT_BENAME,
attrs=['modifytimestamp'])
topology_st.standalone.start()
# Now run the modifyTimestamp range query again. Assert that there is no
# notes=U/A in the log
results = topology_st.standalone.search_s(DEFAULT_SUFFIX,
ldap.SCOPE_SUBTREE,
'(modifyTimestamp>=0)', [
'nsUniqueId',
])
access_lines_indexed = topology_st.standalone.ds_access_log.match(
'.*notes=U.*')
# Remove the old lines too.
access_lines_final = set(access_lines_unindexed) - set(
access_lines_indexed)
# Make sure we have no unindexed notes in the log.
assert len(access_lines_final) == 0
def test_issue_a_warning_if_the_cache_size_is_smaller(topo, _import_clean):
"""Report during startup if nsslapd-cachememsize is too small
:id: 1aa8cbda-9c0e-11ea-9297-8c16451d917b
:setup: Standalone Instance
:steps:
1. Set nsslapd-cache-autosize to 0
2. Change cachememsize
3. Check that cachememsize is sufficiently small
4. Import some users to make id2entry.db big
5. Warning message should be there in error logs
:expected results:
1. Operation successful
2. Operation successful
3. Operation successful
4. Operation successful
5. Operation successful
"""
config = LDBMConfig(topo.standalone)
backend = Backends(topo.standalone).list()[0]
# Set nsslapd-cache-autosize to 0
config.replace('nsslapd-cache-autosize', '0')
# Change cachememsize
backend.replace('nsslapd-cachememsize', '1')
# Check that cachememsize is sufficiently small
assert int(backend.get_attr_val_utf8('nsslapd-cachememsize')) < 1500000
# Import some users to make id2entry.db big
_import_offline(topo, 20)
# warning message should look like
assert topo.standalone.searchErrorsLog(
'INFO - ldbm_instance_config_cachememsize_set - '
'force a minimal value 512000')
def test_ruv_after_reindex(topo):
"""Test that the tombstone RUV entry is not corrupted after a reindex task
:id: 988c0fab-1905-4dc5-a45d-fbf195843a33
:setup: 2 suppliers
:steps:
1. Reindex database
2. Perform some updates
3. Check error log does not have "_entryrdn_insert_key" errors
:expectedresults:
1. Success
2. Success
3. Success
"""
inst = topo.ms['supplier1']
suffix = Domain(inst, "ou=people," + DEFAULT_SUFFIX)
backends = Backends(inst)
backend = backends.get(DEFAULT_BENAME)
# Reindex nsuniqueid
backend.reindex(attrs=['nsuniqueid'], wait=True)
# Do some updates
for idx in range(0, 5):
suffix.replace('description', str(idx))
# Check error log for RUV entryrdn errors. Stopping instance forces RUV
# to be written and quickly exposes the error
inst.stop()
assert not inst.searchErrorsLog("entryrdn_insert_key")
def _create_schema(request, topo):
Schema(topo.standalone).\
add('attributetypes',
["( NAME 'testUserAccountControl' DESC 'Attribute Bitwise filteri-Multi-Valued'"
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
"( NAME 'testUserStatus' DESC 'State of User account active/disabled'"
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )"])
Schema(topo.standalone).\
add('objectClasses', "( NAME 'testperson' SUP top STRUCTURAL MUST "
"( sn $ cn $ testUserAccountControl $ "
"testUserStatus )MAY( userPassword $ telephoneNumber $ "
"seeAlso $ description ) X-ORIGIN 'BitWise' )")
# Creating Backend
backends = Backends(topo.standalone)
backend = backends.create(properties={
'nsslapd-suffix': SUFFIX,
'cn': 'AnujRoot'
})
# Creating suffix
suffix = Domain(topo.standalone, SUFFIX).create(properties={'dc': 'anuj'})
# Creating users
users = UserAccounts(topo.standalone, suffix.dn, rdn=None)
for user in [('btestuser1', ['514'], ['Disabled'], 100),
('btestuser2', ['65536'], ['PasswordNeverExpired'], 101),
('btestuser3', ['8388608'], ['PasswordExpired'], 102),
('btestuser4', ['256'], ['TempDuplicateAccount'], 103),
('btestuser5', ['16777216'], ['TrustedAuthDelegation'], 104),
('btestuser6', ['528'], ['AccountLocked'], 105),
('btestuser7', ['513'], ['AccountActive'], 106),
('btestuser11', ['655236'], ['TestStatus1'], 107),
('btestuser12', ['665522'], ['TestStatus2'], 108),
('btestuser13', ['266552'], ['TestStatus3'], 109),
('btestuser8', ['98536', '99512', '99528'],
['AccountActive', 'PasswordExxpired', 'AccountLocked'], 110),
('btestuser9', [
'87536',
'912',
], [
'AccountActive',
'PasswordNeverExpired',
], 111),
('btestuser10', ['89536', '97546', '96579'],
['TestVerify1', 'TestVerify2', 'TestVerify3'], 112)]:
CreateUsers(users, user[0], user[1], user[2], user[3]).user_create()
def fin():
"""
Deletes entries after the test.
"""
for user in users.list():
user.delete()
suffix.delete()
backend.delete()
request.addfinalizer(fin)
def test_healthcheck_virtual_attr_incorrectly_indexed(topology_st):
"""Check if HealthCheck returns DSVIRTLE0001 code
:id: 1055173b-21aa-4aaa-9e91-4dc6c5e0c01f
:setup: Standalone instance
:steps:
1. Create DS instance
2. Create a CoS definition entry
3. Create the matching CoS template entry, with postalcode as virtual attribute
4. Create an index for postalcode
5. Use HealthCheck without --json option
6. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Healthcheck reports DSVIRTLE0001 code and related details
6. Healthcheck reports DSVIRTLE0001 code and related details
"""
RET_CODE = 'DSVIRTLE0001'
standalone = topology_st.standalone
postal_index_properties = {
'cn': 'postalcode',
'nsSystemIndex': 'False',
'nsIndexType': ['eq', 'sub', 'pres'],
}
log.info(
'Add cosPointer, cosTemplate and test entry to default suffix, where virtual attribute is postal code'
)
cos_pointer_properties = {
'cn': 'cosPointer',
'description': 'cosPointer example',
'cosTemplateDn': 'cn=cosTemplateExample,ou=People,dc=example,dc=com',
'cosAttribute': 'postalcode',
}
cos_pointer_definitions = CosPointerDefinitions(standalone, DEFAULT_SUFFIX,
'ou=People')
cos_pointer_definitions.create(properties=cos_pointer_properties)
log.info('Create CoS template')
cos_template_properties = {'cn': 'cosTemplateExample', 'postalcode': '117'}
cos_templates = CosTemplates(standalone, DEFAULT_SUFFIX, 'ou=People')
cos_templates.create(properties=cos_template_properties)
log.info('Create an index for postalcode')
backends = Backends(topology_st.standalone)
ur_indexes = backends.get('userRoot').get_indexes()
ur_indexes.create(properties=postal_index_properties)
run_healthcheck_and_flush_log(topology_st,
standalone,
RET_CODE,
json=False)
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
def backend_monitor(inst, basedn, log, args):
bes = Backends(inst)
if args.backend:
be = bes.get(args.backend)
be_monitor = be.get_monitor()
_format_status(log, be_monitor, args.json)
else:
for be in bes.list():
be_monitor = be.get_monitor()
_format_status(log, be_monitor, args.json)
def test_entryuuid_import_and_fixup_of_invalid_values(topology):
""" Test that when we import a database with an invalid entryuuid
that it is accepted *and* that subsequently we can fix the invalid
entryuuid during a fixup.
:id: ec8ef3a7-3cd2-4cbd-b6f1-2449fa17be75
:setup: Standalone instance
:steps:
1. Import the db from the ldif
2. Check the entryuuid is invalid
3. Run the fixup
4. Check the entryuuid is now valid (regenerated)
:expectedresults:
1. Success
2. The entryuuid is invalid
3. Success
4. The entryuuid is valid
"""
# 1. Import the db
ldif_dir = topology.standalone.get_ldif_dir()
target_ldif = os.path.join(ldif_dir, 'localhost-userRoot-invalid.ldif')
import_ldif = os.path.join(DATADIR1, 'localhost-userRoot-invalid.ldif')
shutil.copyfile(import_ldif, target_ldif)
os.chmod(target_ldif, 0o777)
be = Backends(topology.standalone).get('userRoot')
task = be.import_ldif([target_ldif])
task.wait()
assert (task.is_complete() and task.get_exit_code() == 0)
# 2. Check the entryuuid is invalid
account = nsUserAccounts(topology.standalone,
DEFAULT_SUFFIX).get("demo_user")
euuid = account.get_attr_val_utf8('entryUUID')
assert (euuid == "INVALID_UUID")
# 3. Run the fixup
topology.standalone.config.loglevel(vals=(ErrorLog.DEFAULT,
ErrorLog.PLUGIN))
plug = EntryUUIDPlugin(topology.standalone)
task = plug.fixup(DEFAULT_SUFFIX)
task.wait()
assert (task.is_complete() and task.get_exit_code() == 0)
topology.standalone.config.loglevel(vals=(ErrorLog.DEFAULT, ))
# 4. Check the entryuuid is valid
euuid = account.get_attr_val_utf8('entryUUID')
print(f"❄️ account entryUUID -> {euuid}")
assert (euuid != "INVALID_UUID")
# Raises an error if invalid
uuid.UUID(euuid)
def new_suffixes(topo):
"""Create new suffix, backend and mapping tree"""
for num in range(1, 4):
backends = Backends(topo.ins["standalone{}".format(num)])
backends.create(properties={
BACKEND_SUFFIX: NEW_SUFFIX,
BACKEND_NAME: NEW_BACKEND
})
domain = Domain(topo.ins["standalone{}".format(num)], NEW_SUFFIX)
domain.create(properties={'dc': 'test', 'description': NEW_SUFFIX})
def apply(self, inst):
be = Backends(inst).get(self.suffix)
indexes = be.get_indexes()
try:
# If it exists, return. Could be the case as we created the
# BE and the default indexes applied now.
indexes.get(self.attr)
return
except ldap.NO_SUCH_OBJECT:
pass
be.add_index(self.attr, self.type)
def assert_data_present(inst):
# Do we have the backend marker?
d = Domain(inst, DEFAULT_SUFFIX)
try:
desc = d.get_attr_val_utf8('description')
if desc == TEST_MARKER:
return
except:
# Just reset everything.
pass
# Reset the backends
bes = Backends(inst)
try:
be = bes.get(DEFAULT_SUFFIX)
be.delete()
except:
pass
be = bes.create(properties={
'nsslapd-suffix': DEFAULT_SUFFIX,
'cn': 'userRoot',
})
be.create_sample_entries('001004002')
# Load our data
# We can't use dbgen as that relies on local access :(
# Add 40,000 groups
groups = Groups(inst, DEFAULT_SUFFIX)
for i in range(1, GROUP_MAX):
rdn = 'group_{0:07d}'.format(i)
groups.create(properties={
'cn': rdn,
})
# Add 60,000 users
users = nsUserAccounts(inst, DEFAULT_SUFFIX)
for i in range(1, USER_MAX):
rdn = 'user_{0:07d}'.format(i)
users.create(
properties={
'uid': rdn,
'cn': rdn,
'displayName': rdn,
'uidNumber': '%s' % i,
'gidNumber': '%s' % i,
'homeDirectory': '/home/%s' % rdn,
'userPassword': rdn,
})
# Add the marker
d.replace('description', TEST_MARKER)
def topology(topology_st):
if get_default_db_lib() == "mdb":
handler = LMDB_LDBMConfig(topology_st.standalone)
# Need at least 1500 dbis for 50 suffixes
maxdbi = 5000
log.info(f'Set lmdb map max dbi to {maxdbi}.')
handler.replace('nsslapd-mdb-max-dbs', str(maxdbi))
topology_st.standalone.restart()
bes = Backends(topology_st.standalone)
bes.delete_all_dangerous()
mts = MappingTrees(topology_st.standalone)
assert len(mts.list()) == 0
return topology_st
def test_healthcheck_unable_to_query_backend(topology_st):
"""Check if HealthCheck returns DSBLE0002 code
:id: 716b1ff1-94bd-4780-98b8-96ff8ef21e30
:setup: Standalone instance
:steps:
1. Create DS instance
2. Create a new root suffix and database
3. Disable new suffix
4. Use HealthCheck without --json option
5. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Success
4. HealthCheck should return code DSBLE0002
5. HealthCheck should return code DSBLE0002
"""
RET_CODE = 'DSBLE0002'
NEW_SUFFIX = 'dc=test,dc=com'
NEW_BACKEND = 'userData'
standalone = topology_st.standalone
log.info('Create new suffix')
backends = Backends(standalone)
backends.create(properties={
'cn': NEW_BACKEND,
'nsslapd-suffix': NEW_SUFFIX,
})
log.info('Disable the newly created suffix')
mts = MappingTrees(standalone)
mt_new = mts.get(NEW_SUFFIX)
mt_new.replace('nsslapd-state', 'disabled')
run_healthcheck_and_flush_log(topology_st,
standalone,
RET_CODE,
json=False)
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
log.info('Enable the suffix again and check if nothing is broken')
mt_new.replace('nsslapd-state', 'backend')
run_healthcheck_and_flush_log(topology_st,
standalone,
RET_CODE,
json=False)
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
def test_readonly_on_threshold(topo, setup, reset_logs):
"""Verify that nsslapd-disk-monitoring-readonly-on-threshold switches the server to read-only mode
:id: 06814c19-ef3c-4800-93c9-c7c6e76fcbb9
:customerscenario: True
:setup: Standalone
:steps:
1. Verify that the backend is in read-only mode
2. Go back above the threshold
3. Verify that the backend is in read-write mode
:expectedresults:
1. Should Success
2. Should Success
3. Should Success
"""
file_path = '{}/foo'.format(topo.standalone.ds_paths.log_dir)
backends = Backends(topo.standalone)
backend_name = backends.list()[0].rdn
# Verify that verbose logging was set to default level
topo.standalone.deleteErrorLogs()
assert topo.standalone.config.set('nsslapd-disk-monitoring', 'on')
assert topo.standalone.config.set(
'nsslapd-disk-monitoring-readonly-on-threshold', 'on')
topo.standalone.restart()
try:
subprocess.call([
'dd', 'if=/dev/zero', f'of={file_path}', 'bs=1M',
f'count={HALF_THR_FILL_SIZE}'
])
_witherrorlog(
topo, f"Putting the backend '{backend_name}' to read-only mode",
11)
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
try:
user = users.create_test_user()
user.delete()
except ldap.UNWILLING_TO_PERFORM as e:
if 'database is read-only' not in str(e):
raise
os.remove(file_path)
_witherrorlog(
topo,
f"Putting the backend '{backend_name}' back to read-write mode",
11)
user = users.create_test_user()
assert user.exists()
user.delete()
finally:
if os.path.exists(file_path):
os.remove(file_path)
def test_get_invalid(topology_st, backend):
"""Test the invalid situations while using get method
:id: c5028350-1381-4d6d-82b8-4959a9b82964
:setup: Standalone instance
:steps:
1. Get the backend with invalid suffix
2. Get the backend with invalid backend name
3. Get the backend with invalid backend DN
:expectedresults:
1. No such object error should be raised
2. No such object error should be raised
3. No such object error should be raised
"""
backends = Backends(topology_st.standalone)
log.info("Try to get the backend with invalid backend suffix")
with pytest.raises(ldap.NO_SUCH_OBJECT):
backends.get(NEW_SUFFIX_2_RDN)
log.info("Try to get the backend with invalid backend name")
with pytest.raises(ldap.NO_SUCH_OBJECT):
backends.get(DUMMY_BACKEND)
log.info("Try to get the backend with invalid backend DN")
with pytest.raises(ldap.NO_SUCH_OBJECT):
backends.get(dn=DUMMY_BACKEND_DN)
def backend(topology_st, request):
"""Create and remove a backend"""
log.info('Create a backend')
backends = Backends(topology_st.standalone)
backend = backends.create(properties={'nsslapd-suffix': NEW_SUFFIX_1_RDN,
'cn': BACKEND_NAME_1})
def fin():
log.info("Just make it clean in the end")
if backend.exists():
backend.delete()
request.addfinalizer(fin)
return backend
def test_readonly_on_threshold_below_half_of_the_threshold(topo, setup, reset_logs):
"""Go below 1/2 of the threshold when readonly on threshold is enabled
:id: 10262663-b41f-420e-a2d0-9532dd54fa7c
:setup: Standalone
:steps:
:expectedresults:
1. Go straight below 1/2 of the threshold
2. Verify that the backend is in read-only mode
3. Go back above the threshold
4. Verify that the backend is in read-write mode
:expectedresults:
1. Should Success
2. Should Success
3. Should Success
4. Should Success
"""
file_path = '{}/foo'.format(topo.standalone.ds_paths.log_dir)
backends = Backends(topo.standalone)
backend_name = backends.list()[0].rdn
topo.standalone.deleteErrorLogs()
assert topo.standalone.config.set('nsslapd-disk-monitoring', 'on')
assert topo.standalone.config.set('nsslapd-disk-monitoring-readonly-on-threshold', 'on')
topo.standalone.restart()
try:
if float(THRESHOLD) > FULL_THR_FILL_SIZE:
FULL_THR_FILL_SIZE_new = FULL_THR_FILL_SIZE + round(float(THRESHOLD) - FULL_THR_FILL_SIZE) + 1
subprocess.call(['dd', 'if=/dev/zero', f'of={file_path}', 'bs=1M', f'count={FULL_THR_FILL_SIZE_new}'])
else:
subprocess.call(['dd', 'if=/dev/zero', f'of={file_path}', 'bs=1M', f'count={FULL_THR_FILL_SIZE}'])
_witherrorlog(topo, f"Putting the backend '{backend_name}' to read-only mode", 11)
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
try:
user = users.create_test_user()
user.delete()
except ldap.UNWILLING_TO_PERFORM as e:
if 'database is read-only' not in str(e):
raise
_witherrorlog(topo, 'is too far below the threshold', 51)
# Verify DS has recovered from shutdown
os.remove(file_path)
_witherrorlog(topo, f"Putting the backend '{backend_name}' back to read-write mode", 51)
user = users.create_test_user()
assert user.exists()
user.delete()
finally:
if os.path.exists(file_path):
os.remove(file_path)
def apply(self, inst):
# Create a unique op id.
op_id = str(uuid4())
op_path = os.path.join(inst.get_ldif_dir(), f'{op_id}.ldif')
with open(self.ldif_path, 'r') as f_import:
with open(op_path, 'w') as f_outport:
p = ImportTransformer(f_import, f_outport, self.exclude_attributes_set)
p.parse()
be = Backends(inst).get(self.suffix)
task = be.export_ldif()
task.wait()
task = be.import_ldif([op_path])
task.wait()
def _gen_db_plan(self):
# Create/Manage dbs
# Get the set of current dbs.
backends = Backends(self.inst)
for db in self.olconfig.databases:
# Get the suffix
suffix = db.suffix
try:
# Do we have a db with that suffix already?
be = backends.get(suffix)
self._gen_be_exist_plan(db, be)
except ldap.NO_SUCH_OBJECT:
self._gen_be_create_plan(db)
self._gen_plugin_plan(db)
def test_require_index(topo):
"""Test nsslapd-ignore-virtual-attrs configuration attribute
:id: fb6e31f2-acc2-4e75-a195-5c356faeb803
:setup: Standalone instance
:steps:
1. Set "nsslapd-require-index" to "on"
2. Test an unindexed search is rejected
:expectedresults:
1. Success
2. Success
"""
# Set the config
be_insts = Backends(topo.standalone).list()
for be in be_insts:
if be.get_attr_val_utf8_l('nsslapd-suffix') == DEFAULT_SUFFIX:
be.set('nsslapd-require-index', 'on')
db_cfg = DatabaseConfig(topo.standalone)
db_cfg.set([('nsslapd-idlistscanlimit', '100')])
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
for i in range(101):
users.create_test_user(uid=i)
# Issue unindexed search,a nd make sure it is rejected
raw_objects = DSLdapObjects(topo.standalone, basedn=DEFAULT_SUFFIX)
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
raw_objects.filter("(description=test*)")
def mep_template_list(inst, basedn, log, args):
log = log.getChild('mep_template_list')
if args.BASEDN is None:
# Gather all the templates from all the suffixes
templates = []
backends = Backends(inst).list()
for be in backends:
temps = MEPTemplates(inst, be.get_suffix()).list()
if len(temps) > 0:
templates += MEPTemplates(inst, be.get_suffix()).list()
else:
templates = MEPTemplates(inst, args.BASEDN).list()
result = []
result_json = []
for template in templates:
if args.json:
result_json.append(json.loads(template.get_all_attrs_json()))
else:
result.append(template.rdn)
if args.json:
log.info(json.dumps({"type": "list", "items": result_json}, indent=4))
else:
if len(result) > 0:
for i in result:
log.info(i)
else:
log.info("No Managed Entry template entries found")
def test_del_suffix_backend(topo):
"""Adding a database entry fails if the same database was deleted after an import
:id: ac702c35-74b6-434e-8e30-316433f3e91a
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add entries
2. Stop the server and do online import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Restart the server and check the status
:expectedresults: Adding database with the same name should be successful and the server should not hang
"""
log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX2,
TEST_BACKEND2))
backends = Backends(topo.standalone)
backend = backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX2,
'name': TEST_BACKEND2
})
log.info('Create LDIF file and import it')
ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(ldif_dir, 'suffix_del2.ldif')
dbgen(topo.standalone, 10, ldif_file, TEST_SUFFIX2)
topo.standalone.tasks.importLDIF(suffix=TEST_SUFFIX2,
input_file=ldif_file,
args={TASK_WAIT: True})
log.info('Deleting suffix-{}'.format(TEST_SUFFIX2))
backend.delete()
log.info(
'Adding the same database-{} after deleting it'.format(TEST_BACKEND2))
backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX2,
'name': TEST_BACKEND2
})
log.info(
'Checking if server can be restarted after re-adding the same database'
)
topo.standalone.restart()
assert not topo.standalone.detectDisorderlyShutdown()
def test_defaultnamingcontext_1(topo):
"""This test case should be part of function test_defaultnamingcontext
Please move it back after we have a fix for bug 1610234
"""
log.info("Remove the original suffix which is currently nsslapd-defaultnamingcontext"
"and check nsslapd-defaultnamingcontext become empty.")
""" Please remove these declarations after moving the test
to function test_defaultnamingcontext
"""
backends = Backends(topo.standalone)
test_db2 = 'test2_db'
test_suffix2 = 'dc=test2,dc=com'
b2 = backends.create(properties={'cn': test_db2,
'nsslapd-suffix': test_suffix2})
b2.delete()
assert topo.standalone.config.get_attr_val_utf8('nsslapd-defaultnamingcontext') == ' '
def test_basic(topo, enable_user_attr_encryption):
"""Tests encrypted attributes with a test user entry
:id: d767d5c8-b934-4b14-9774-bd13480d81b3
:setup: Standalone instance
Enable AES encryption config on employeenumber
Enable 3DES encryption config on telephoneNumber
Add a test user with with encrypted attributes
:steps:
1. Restart the server
2. Check employeenumber encryption enabled
3. Check telephoneNumber encryption enabled
4. Check that encrypted attribute is present for user i.e. telephonenumber
:expectedresults:
1. This should be successful
2. This should be successful
3. This should be successful
4. This should be successful
"""
log.info("Restart the server")
topo.standalone.restart()
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()
log.info(
"Extracting values of cn from the list of objects in encrypt_attrs")
log.info("And appending the cn values in a list")
enc_attrs_cns = []
for enc_attr in encrypt_attrs:
enc_attrs_cns.append(enc_attr.rdn)
log.info("Check employeenumber encryption is enabled")
assert "employeeNumber" in enc_attrs_cns
log.info("Check telephoneNumber encryption is enabled")
assert "telephoneNumber" in enc_attrs_cns
log.info(
"Check that encrypted attribute is present for user i.e. telephonenumber"
)
assert enable_user_attr_encryption.present('telephoneNumber')
def get_basedn(self):
"""Get the suffix this entry belongs to
"""
from lib389.backend import Backends
backends = Backends(self._instance).list()
for backend in backends:
suffix = backend.get_suffix()
if self._dn.endswith(suffix):
return suffix
return ""
def test_del_suffix_import(topo):
"""Adding a database entry fails if the same database was deleted after an import
:id: 652421ef-738b-47ed-80ec-2ceece6b5d77
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add few entries
2. Stop the server and do offline import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Check if adding the same database name is a success
:expectedresults: Adding database with the same name should be successful
"""
log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX1,
TEST_BACKEND1))
backends = Backends(topo.standalone)
backend = backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX1,
'name': TEST_BACKEND1
})
log.info('Create LDIF file and import it')
ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(ldif_dir, 'suffix_del1.ldif')
dbgen(topo.standalone, 10, ldif_file, TEST_SUFFIX1)
log.info('Stopping the server and running offline import')
topo.standalone.stop()
assert topo.standalone.ldif2db(TEST_BACKEND1, TEST_SUFFIX1, None, None,
ldif_file)
topo.standalone.start()
log.info('Deleting suffix-{}'.format(TEST_SUFFIX2))
backend.delete()
log.info(
'Adding the same database-{} after deleting it'.format(TEST_BACKEND1))
backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX1,
'name': TEST_BACKEND1
})
