def test_memberurl_needs_to_be_normalized(topo, clean, aci_of_user):
"""Non-regression test for BUG 326000: MemberURL needs to be normalized
:id: a5d172e6-7db8-11e8-aca7-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
ou_ou = OrganizationalUnit(topo.standalone,
"ou=PEOPLE,{}".format(DEFAULT_SUFFIX))
ou_ou.set(
'aci', '(targetattr= *)'
'(version 3.0; acl "tester"; allow(all) '
'groupdn = "ldap:///cn =DYNGROUP,ou=PEOPLE, {}";)'.format(
DEFAULT_SUFFIX))
groups = Groups(topo.standalone, DEFAULT_SUFFIX, rdn='ou=PEOPLE')
groups.create(
properties={
"cn":
"DYNGROUP",
"description":
"DYNGROUP",
'objectClass':
'groupOfURLS',
'memberURL':
"ldap:///ou=PEOPLE,{}??sub?"
"(uid=test_user_2)".format(DEFAULT_SUFFIX)
})
uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
for demo1 in [(1, "Entry to test rights on."), (2, "Member of DYNGROUP")]:
user = uas.create_test_user(uid=demo1[0], gid=demo1[0])
user.replace_many(('description', demo1[1]), ('userPassword', PW_DM))
##with normal aci
conn = UserAccount(topo.standalone, uas.list()[1].dn).bind(PW_DM)
harry = UserAccount(conn, uas.list()[1].dn)
harry.add('sn', 'FRED')
##with abnomal aci
dygrp = Group(topo.standalone, DYNGROUP)
dygrp.remove(
'memberurl',
"ldap:///ou=PEOPLE,{}??sub?(uid=test_user_2)".format(DEFAULT_SUFFIX))
dygrp.add(
'memberurl',
"ldap:///ou=PEOPLE,{}??sub?(uid=tesT_UsEr_2)".format(DEFAULT_SUFFIX))
harry.add('sn', 'Not FRED')
for i in uas.list():
i.delete()
def test_renaming_target_entry(topo, _add_user, aci_of_user):
"""Test for renaming target entry
:id: 6be1d33a-7932-11e8-9115-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Create a test user entry
3. Create a new ou entry with an aci
4. Make sure uid=$MYUID has the access
5. Rename ou=OU0 to ou=OU1
6. Create another ou=OU2
7. Move ou=OU1 under ou=OU2
8. Make sure uid=$MYUID still has the access
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
6. Operation should succeed
7. Operation should succeed
8. Operation should succeed
"""
properties = {
'uid': 'TRAC340_MODRDN',
'cn': 'TRAC340_MODRDN',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'TRAC340_MODRDN'
}
user = UserAccount(topo.standalone,
'cn=TRAC340_MODRDN,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
user.set("userPassword", "password")
ou = OrganizationalUnit(topo.standalone,
'ou=OU0,{}'.format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'OU0'})
ou.set(
'aci',
'(targetattr="*")(version 3.0; acl "$MYUID";allow(read, search, compare) userdn = "ldap:///{}";)'
.format(TRAC340_MODRDN))
conn = UserAccount(topo.standalone, TRAC340_MODRDN).bind(PW_DM)
assert OrganizationalUnits(conn, DEFAULT_SUFFIX).get('OU0')
# Test for renaming target entry
OrganizationalUnits(topo.standalone,
DEFAULT_SUFFIX).get('OU0').rename("ou=OU1")
assert OrganizationalUnits(conn, DEFAULT_SUFFIX).get('OU1')
ou = OrganizationalUnit(topo.standalone,
'ou=OU2,{}'.format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'OU2'})
# Test for renaming target entry
OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX).get('OU1').rename(
"ou=OU1", newsuperior=OU2_OU_MODRDN)
assert OrganizationalUnits(conn, DEFAULT_SUFFIX).get('OU1')
def test_uniquemember_should_also_be_the_owner(topo, aci_of_user):
"""
Modify Test 10 groupdnattr = \"ldap:///$BASEDN?owner\" if owner is a group, group's
uniquemember should also be the owner
:id:9456b2d4-7abf-11e8-829d-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
for i in ['ACLGroupTest']:
ou = OrganizationalUnit(topo.standalone,
"ou={},{}".format(i, DEFAULT_SUFFIX))
ou.create(properties={'ou': i})
ou = OrganizationalUnit(topo.standalone,
"ou=ACLDevelopment,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'ACLDevelopment'})
ou.set(
'aci', '(targetattr="*")(version 3.0; acl "groupdnattr acl"; '
'allow (all)groupdnattr = "ldap:///{}?owner";)'.format(DEFAULT_SUFFIX))
grp = UniqueGroup(topo.standalone,
"uid=anuj,ou=ACLDevelopment, {}".format(DEFAULT_SUFFIX))
user_props = ({
'sn':
'Borah',
'cn':
'Anuj',
'objectclass': [
'top', 'person', 'organizationalPerson', 'inetOrgPerson',
'groupofUniquenames'
],
'userpassword':
PW_DM,
'givenname':
'Anuj',
'ou': ['ACLDevelopment', 'People'],
'roomnumber':
'123',
'uniquemember':
'cn=mandatory member'
})
grp.create(properties=user_props)
grp = UniqueGroup(
topo.standalone,
"uid=2ishani,ou=ACLDevelopment, {}".format(DEFAULT_SUFFIX))
user_props = ({
'sn':
'Borah',
'cn':
'2ishani',
'objectclass': [
'top', 'person', 'organizationalPerson', 'inetOrgPerson',
'groupofUniquenames'
],
'userpassword':
PW_DM,
'givenname':
'2ishani',
'ou': ['ACLDevelopment', 'People'],
'roomnumber':
'1234',
'uniquemember':
'cn=mandatory member',
"owner":
"cn=group4, ou=ACLGroupTest, {}".format(DEFAULT_SUFFIX)
})
grp.create(properties=user_props)
grp = UniqueGroup(topo.standalone,
'cn=group1,ou=ACLGroupTest,' + DEFAULT_SUFFIX)
grp.create(properties={'cn': 'group1', 'ou': 'groups'})
grp.set('uniquemember', [
"cn=group2, ou=ACLGroupTest, {}".format(DEFAULT_SUFFIX),
"cn=group3, ou=ACLGroupTest, {}".format(DEFAULT_SUFFIX)
])
grp = UniqueGroup(topo.standalone,
'cn=group3,ou=ACLGroupTest,' + DEFAULT_SUFFIX)
grp.create(properties={'cn': 'group3', 'ou': 'groups'})
grp.set('uniquemember',
["cn=group4, ou=ACLGroupTest, {}".format(DEFAULT_SUFFIX)])
grp = UniqueGroup(topo.standalone,
'cn=group4,ou=ACLGroupTest,' + DEFAULT_SUFFIX)
grp.create(properties={'cn': 'group4', 'ou': 'groups'})
grp.set('uniquemember',
["uid=anuj, ou=ACLDevelopment, {}".format(DEFAULT_SUFFIX)])
#uniquemember should also be the owner
conn = UserAccount(
topo.standalone,
"uid=anuj,ou=ACLDevelopment, {}".format(DEFAULT_SUFFIX)).bind(PW_DM)
ua = UserAccount(
conn, "uid=2ishani, ou=ACLDevelopment, {}".format(DEFAULT_SUFFIX))
ua.add('roomnumber', '9999')
assert ua.get_attr_val('roomnumber')
for DN in [
"cn=group4,ou=ACLGroupTest,{}".format(DEFAULT_SUFFIX),
"cn=group3,ou=ACLGroupTest,{}".format(DEFAULT_SUFFIX),
"cn=group1,ou=ACLGroupTest,{}".format(DEFAULT_SUFFIX),
"uid=2ishani,ou=ACLDevelopment,{}".format(DEFAULT_SUFFIX),
"uid=anuj,ou=ACLDevelopment,{}".format(DEFAULT_SUFFIX),
"ou=ACLDevelopment,{}".format(DEFAULT_SUFFIX),
"ou=ACLGroupTest, {}".format(DEFAULT_SUFFIX)
]:
UserAccount(topo.standalone, DN).delete()
