コード例 #1
0
def test_ruv_after_reindex(topo):
    """Test that the tombstone RUV entry is not corrupted after a reindex task

    :id: 988c0fab-1905-4dc5-a45d-fbf195843a33
    :setup: 2 suppliers
    :steps:
        1. Reindex database
        2. Perform some updates
        3. Check error log does not have "_entryrdn_insert_key" errors
    :expectedresults:
        1. Success
        2. Success
        3. Success
    """

    inst = topo.ms['supplier1']
    suffix = Domain(inst, "ou=people," + DEFAULT_SUFFIX)
    backends = Backends(inst)
    backend = backends.get(DEFAULT_BENAME)

    # Reindex nsuniqueid
    backend.reindex(attrs=['nsuniqueid'], wait=True)

    # Do some updates
    for idx in range(0, 5):
        suffix.replace('description', str(idx))

    # Check error log for RUV entryrdn errors.  Stopping instance forces RUV
    # to be written and quickly exposes the error
    inst.stop()
    assert not inst.searchErrorsLog("entryrdn_insert_key")
コード例 #2
0
def assert_data_present(inst):
    # Do we have the backend marker?
    d = Domain(inst, DEFAULT_SUFFIX)
    try:
        desc = d.get_attr_val_utf8('description')
        if desc == TEST_MARKER:
            return
    except:
        # Just reset everything.
        pass
    # Reset the backends
    bes = Backends(inst)
    try:
        be = bes.get(DEFAULT_SUFFIX)
        be.delete()
    except:
        pass

    be = bes.create(properties={
        'nsslapd-suffix': DEFAULT_SUFFIX,
        'cn': 'userRoot',
    })
    be.create_sample_entries('001004002')

    # Load our data
    # We can't use dbgen as that relies on local access :(

    # Add 40,000 groups
    groups = Groups(inst, DEFAULT_SUFFIX)
    for i in range(1, GROUP_MAX):
        rdn = 'group_{0:07d}'.format(i)
        groups.create(properties={
            'cn': rdn,
        })

    # Add 60,000 users
    users = nsUserAccounts(inst, DEFAULT_SUFFIX)
    for i in range(1, USER_MAX):
        rdn = 'user_{0:07d}'.format(i)
        users.create(
            properties={
                'uid': rdn,
                'cn': rdn,
                'displayName': rdn,
                'uidNumber': '%s' % i,
                'gidNumber': '%s' % i,
                'homeDirectory': '/home/%s' % rdn,
                'userPassword': rdn,
            })

    # Add the marker
    d.replace('description', TEST_MARKER)
コード例 #3
0
def test_expired_user_has_no_privledge(topo):
    """Specify a test case purpose or name here

    :id: 3df86b45-9929-414b-9bf6-06c25301d207
    :setup: Standalone Instance
    :steps:
        1. Set short password expiration time
        2. Add user and wait for expiration time to run out
        3. Set one aci that allows authenticated users full access
        4. Bind as user (password should be expired)
        5. Attempt modify
    :expectedresults:
        1. Success
        2. Success
        3. Success
        4. Success
        5. Success
    """

    # Configured password epxiration
    topo.standalone.config.replace_many(('passwordexp', 'on'),
                                        ('passwordmaxage', '1'))

    # Set aci
    suffix = Domain(topo.standalone, DEFAULT_SUFFIX)
    ACI_TEXT = '(targetattr="*")(version 3.0; acl "test aci"; allow (all) (userdn="ldap:///all");)'
    suffix.replace('aci', ACI_TEXT)

    # Add user
    user = UserAccounts(topo.standalone, DEFAULT_SUFFIX,
                        rdn=None).create_test_user()
    user.replace('userpassword', PASSWORD)
    time.sleep(2)

    # Bind as user with expired password.  Need to use raw ldap calls because
    # lib389 will close the connection when an error 49 is encountered.
    ldap_object = ldap.initialize(topo.standalone.toLDAPURL())
    with pytest.raises(ldap.INVALID_CREDENTIALS):
        res_type, res_data, res_msgid, res_ctrls = ldap_object.simple_bind_s(
            user.dn, PASSWORD)

    # Try modify
    with pytest.raises(ldap.INSUFFICIENT_ACCESS):
        modlist = [(ldap.MOD_REPLACE, 'description', b'Should not work!')]
        ldap_object.modify_ext_s(DEFAULT_SUFFIX, modlist)
コード例 #4
0
 def run(self):
     """
     Start adding users
     """
     idx = 0
     conn = DirectoryManager(self.inst).bind()
     domain = Domain(conn, DEFAULT_SUFFIX)
     while idx < MOD_COUNT:
         try:
             domain.replace('description', str(idx))
         except:
             if self.task == "import":
                 # Failures are expected during an import
                 pass
             else:
                 # export, should not fail
                 log.fatal('Updates should not fail during an export')
                 assert False
         idx += 1
コード例 #5
0
def test_retrocl_trimming(topology_st):
    """Test retrocl trimming works

    :id: 54c6747f-6772-43b7-8b03-09e13fa0c205
    :setup: Standalone Instance
    :steps:
        1. Enable Retro changelog
        2. Add a bunch of entries
        3. Configure trimming
        4. Verify trimming occurred
    :expectedresults:
        1. Success
        2. Success
        3. Success
        4. Success
    """

    inst = topology_st.standalone
    # Configure plugin
    log.info('Configure retrocl plugin')
    rcl = RetroChangelogPlugin(inst)
    rcl.enable()
    inst.restart()

    # Do some updates
    suffix = Domain(inst, DEFAULT_SUFFIX)
    for idx in range(0, 10):
        suffix.replace('description', str(idx))

    # Setup trimming
    rcl.replace('nsslapd-changelog-trim-interval', '2')
    rcl.replace('nsslapd-changelogmaxage', '5s')
    inst.config.set('nsslapd-errorlog-level', '65536')  # plugin logging
    inst.restart()

    # Verify trimming occurs
    time.sleep(5)
    assert inst.searchErrorsLog("trim_changelog: removed ")

    # Clean up
    inst.config.set('nsslapd-errorlog-level', '0')
コード例 #6
0
def setup_subtree_policy(topo):
    """Set up subtree password policy
    """

    topo.standalone.config.set('nsslapd-pwpolicy-local', 'on')

    log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
    try:
        subprocess.call(['%s/ns-newpwpolicy.pl' % topo.standalone.get_sbin_dir(),
                         '-D', DN_DM, '-w', PASSWORD,
                         '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
                         '-S', DEFAULT_SUFFIX, '-Z', SERVERID_STANDALONE])
    except subprocess.CalledProcessError as e:
        log.error('Failed to create pw policy policy for {}: error {}'.format(
            OU_PEOPLE, e.message['desc']))
        raise e

    domain = Domain(topo.standalone, DEFAULT_SUFFIX)
    domain.replace('pwdpolicysubentry', PW_POLICY_CONT_PEOPLE2)

    time.sleep(1)
コード例 #7
0
def setup_subtree_policy(topo):
    """Set up subtree password policy
    """

    topo.standalone.config.set('nsslapd-pwpolicy-local', 'on')

    log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
    try:
        subprocess.call(['%s/dsconf' % topo.standalone.get_sbin_dir(),
                         'slapd-standalone1',
                         'localpwp',
                         'addsubtree',
                         OU_PEOPLE])

    except subprocess.CalledProcessError as e:
        log.error('Failed to create pw policy policy for {}: error {}'.format(
            OU_PEOPLE, e.message['desc']))
        raise e

    domain = Domain(topo.standalone, DEFAULT_SUFFIX)
    domain.replace('pwdpolicysubentry', PW_POLICY_CONT_PEOPLE)

    time.sleep(1)
コード例 #8
0
def do_mods(master, num):
    """Perform a num of mods on the default suffix
    """
    domain = Domain(master, DEFAULT_SUFFIX)
    for i in range(num):
        domain.replace('description', 'change %s' % i)