def test_ruv_after_reindex(topo):
"""Test that the tombstone RUV entry is not corrupted after a reindex task
:id: 988c0fab-1905-4dc5-a45d-fbf195843a33
:setup: 2 suppliers
:steps:
1. Reindex database
2. Perform some updates
3. Check error log does not have "_entryrdn_insert_key" errors
:expectedresults:
1. Success
2. Success
3. Success
"""
inst = topo.ms['supplier1']
suffix = Domain(inst, "ou=people," + DEFAULT_SUFFIX)
backends = Backends(inst)
backend = backends.get(DEFAULT_BENAME)
# Reindex nsuniqueid
backend.reindex(attrs=['nsuniqueid'], wait=True)
# Do some updates
for idx in range(0, 5):
suffix.replace('description', str(idx))
# Check error log for RUV entryrdn errors. Stopping instance forces RUV
# to be written and quickly exposes the error
inst.stop()
assert not inst.searchErrorsLog("entryrdn_insert_key")
def assert_data_present(inst):
# Do we have the backend marker?
d = Domain(inst, DEFAULT_SUFFIX)
try:
desc = d.get_attr_val_utf8('description')
if desc == TEST_MARKER:
return
except:
# Just reset everything.
pass
# Reset the backends
bes = Backends(inst)
try:
be = bes.get(DEFAULT_SUFFIX)
be.delete()
except:
pass
be = bes.create(properties={
'nsslapd-suffix': DEFAULT_SUFFIX,
'cn': 'userRoot',
})
be.create_sample_entries('001004002')
# Load our data
# We can't use dbgen as that relies on local access :(
# Add 40,000 groups
groups = Groups(inst, DEFAULT_SUFFIX)
for i in range(1, GROUP_MAX):
rdn = 'group_{0:07d}'.format(i)
groups.create(properties={
'cn': rdn,
})
# Add 60,000 users
users = nsUserAccounts(inst, DEFAULT_SUFFIX)
for i in range(1, USER_MAX):
rdn = 'user_{0:07d}'.format(i)
users.create(
properties={
'uid': rdn,
'cn': rdn,
'displayName': rdn,
'uidNumber': '%s' % i,
'gidNumber': '%s' % i,
'homeDirectory': '/home/%s' % rdn,
'userPassword': rdn,
})
# Add the marker
d.replace('description', TEST_MARKER)
def test_expired_user_has_no_privledge(topo):
"""Specify a test case purpose or name here
:id: 3df86b45-9929-414b-9bf6-06c25301d207
:setup: Standalone Instance
:steps:
1. Set short password expiration time
2. Add user and wait for expiration time to run out
3. Set one aci that allows authenticated users full access
4. Bind as user (password should be expired)
5. Attempt modify
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
"""
# Configured password epxiration
topo.standalone.config.replace_many(('passwordexp', 'on'),
('passwordmaxage', '1'))
# Set aci
suffix = Domain(topo.standalone, DEFAULT_SUFFIX)
ACI_TEXT = '(targetattr="*")(version 3.0; acl "test aci"; allow (all) (userdn="ldap:///all");)'
suffix.replace('aci', ACI_TEXT)
# Add user
user = UserAccounts(topo.standalone, DEFAULT_SUFFIX,
rdn=None).create_test_user()
user.replace('userpassword', PASSWORD)
time.sleep(2)
# Bind as user with expired password. Need to use raw ldap calls because
# lib389 will close the connection when an error 49 is encountered.
ldap_object = ldap.initialize(topo.standalone.toLDAPURL())
with pytest.raises(ldap.INVALID_CREDENTIALS):
res_type, res_data, res_msgid, res_ctrls = ldap_object.simple_bind_s(
user.dn, PASSWORD)
# Try modify
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
modlist = [(ldap.MOD_REPLACE, 'description', b'Should not work!')]
ldap_object.modify_ext_s(DEFAULT_SUFFIX, modlist)
def run(self):
"""
Start adding users
"""
idx = 0
conn = DirectoryManager(self.inst).bind()
domain = Domain(conn, DEFAULT_SUFFIX)
while idx < MOD_COUNT:
try:
domain.replace('description', str(idx))
except:
if self.task == "import":
# Failures are expected during an import
pass
else:
# export, should not fail
log.fatal('Updates should not fail during an export')
assert False
idx += 1
def test_retrocl_trimming(topology_st):
"""Test retrocl trimming works
:id: 54c6747f-6772-43b7-8b03-09e13fa0c205
:setup: Standalone Instance
:steps:
1. Enable Retro changelog
2. Add a bunch of entries
3. Configure trimming
4. Verify trimming occurred
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
inst = topology_st.standalone
# Configure plugin
log.info('Configure retrocl plugin')
rcl = RetroChangelogPlugin(inst)
rcl.enable()
inst.restart()
# Do some updates
suffix = Domain(inst, DEFAULT_SUFFIX)
for idx in range(0, 10):
suffix.replace('description', str(idx))
# Setup trimming
rcl.replace('nsslapd-changelog-trim-interval', '2')
rcl.replace('nsslapd-changelogmaxage', '5s')
inst.config.set('nsslapd-errorlog-level', '65536') # plugin logging
inst.restart()
# Verify trimming occurs
time.sleep(5)
assert inst.searchErrorsLog("trim_changelog: removed ")
# Clean up
inst.config.set('nsslapd-errorlog-level', '0')
def setup_subtree_policy(topo):
"""Set up subtree password policy
"""
topo.standalone.config.set('nsslapd-pwpolicy-local', 'on')
log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
try:
subprocess.call(['%s/ns-newpwpolicy.pl' % topo.standalone.get_sbin_dir(),
'-D', DN_DM, '-w', PASSWORD,
'-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
'-S', DEFAULT_SUFFIX, '-Z', SERVERID_STANDALONE])
except subprocess.CalledProcessError as e:
log.error('Failed to create pw policy policy for {}: error {}'.format(
OU_PEOPLE, e.message['desc']))
raise e
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
domain.replace('pwdpolicysubentry', PW_POLICY_CONT_PEOPLE2)
time.sleep(1)
def setup_subtree_policy(topo):
"""Set up subtree password policy
"""
topo.standalone.config.set('nsslapd-pwpolicy-local', 'on')
log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
try:
subprocess.call(['%s/dsconf' % topo.standalone.get_sbin_dir(),
'slapd-standalone1',
'localpwp',
'addsubtree',
OU_PEOPLE])
except subprocess.CalledProcessError as e:
log.error('Failed to create pw policy policy for {}: error {}'.format(
OU_PEOPLE, e.message['desc']))
raise e
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
domain.replace('pwdpolicysubentry', PW_POLICY_CONT_PEOPLE)
time.sleep(1)
def do_mods(master, num):
"""Perform a num of mods on the default suffix
"""
domain = Domain(master, DEFAULT_SUFFIX)
for i in range(num):
domain.replace('description', 'change %s' % i)
