def test_deleting_twice(topo_m2): """Deleting entry twice crashed a server :id: 94045560-a64c-11ea-93d6-8c16451d917b :setup: MMR with 2 masters :steps: 1. Adding entry 2. Deleting the same entry from s1 3. Deleting the same entry from s2 after some seconds :expected results: 1. Should succeeds 2. Should succeeds 3. Should succeeds """ m1 = topo_m2.ms["master1"] m2 = topo_m2.ms["master2"] # Adding entry user1 = UserAccounts(m1, DEFAULT_SUFFIX, rdn=None).create_test_user(uid=1, gid=1) repl_manager = ReplicationManager(DEFAULT_SUFFIX) repl_manager.wait_for_replication(m1, m2, timeout=100) user2 = UserAccount(m2, f'uid=test_user_1,{DEFAULT_SUFFIX}') assert user2.status() # Deleting the same entry from s1 user1.delete() repl_manager.wait_for_replication(m1, m2, timeout=100) # Deleting the same entry from s2 after some seconds with pytest.raises(ldap.NO_SUCH_OBJECT): user2.delete() assert m1.status() assert m2.status()
def test_segfaults(topo_m2, _delete_after): """ns-slapd segfaults while trying to delete a tombstone entry :id: 9f8f7388-a64c-11ea-b5f7-8c16451d917b :setup: MMR with 2 masters :steps: 1. Add new user 2. Delete user - should leave tombstone entry 3. Search for tombstone entry 4. Try to delete tombstone entry 5. Check if server is still alive :expected results: 1. Should succeeds 2. Should succeeds 3. Should succeeds 4. Should succeeds 5. Should succeeds """ m1 = topo_m2.ms["master1"] # Add user user = UserAccounts(m1, DEFAULT_SUFFIX, rdn=None).create_test_user(uid=10, gid=1) # Delete user - should leave tombstone entry user.delete() tombstones = Tombstones(m1, DEFAULT_SUFFIX) # Search for tombstone entry fil = tombstones.filter("(&(objectClass=nstombstone)(uid=test_user_10))") assert fil # Try to delete tombstone entry for user in fil: user.delete() # Check if server is still alive assert m1.status()
def _create_and_delete_tombstone(topo_m2, id): m1 = topo_m2.ms["master1"] # Add new user user1 = UserAccounts(m1, DEFAULT_SUFFIX, rdn=None).create_test_user(uid=id, gid=id) # Delete user - should leave tombstone entry user1.delete() tombstones = Tombstones(m1, DEFAULT_SUFFIX) # Search for tombstone entry fil = tombstones.filter( "(&(objectClass=nstombstone)(uid=test_user_{}*))".format(id))[0] assert fil fil.rename("uid=engineer") assert m1
def test_check_two_scheme(topo): """Check password scheme SHA and CRYPT :id: 2b677f1e-33a6-11ea-a371-8c16451d917b :setup: Standalone :steps: 1. Change password scheme and create user with password. 2. check password scheme is set . 3. Delete user :expected results: 1. Pass 2. Pass 3. Pass """ for schema, value in [("nsslapd-rootpwstoragescheme", "SHA"), ("passwordStorageScheme", "CRYPT")]: Config(topo.standalone).replace(schema, value) topo.standalone.restart() user = UserAccounts(topo.standalone, DEFAULT_SUFFIX).create_test_user() user.set('userpassword', 'ItsMeAnuj') assert '{' + f'{"CRYPT".lower()}' + '}' \ in UserAccount(topo.standalone, user.dn).get_attr_val_utf8('userpassword').lower() user.delete()
def test_expiration_date(topo, _fix_password): """Test check the expiration date is still in the future :id: 3691739a-5a20-11ea-8712-8c16451d917b :setup: Standalone :steps: 1. Password expiration 2. Add a user with a password expiration date 3. Modify their password 4. Check the expiration date is still in the future 5. Modify the password expiration date 6. Check the expiration date is still in the future 7. Change policy so that user can change passwords 8. Deleting user 9. Adding user 10. Set password history ON 11. Modify password Once 12. Try to change the password with same one :expected results: 1. Success 2. Success 3. Success 4. Success 5. Success 6. Success 7. Success 8. Success 9. Success 10. Success 11. Success 12. Fail """ # Add a user with a password expiration date user = UserAccounts(topo.standalone, DEFAULT_SUFFIX).create_test_user() user.replace_many(('userpassword', 'bind4now'), ('passwordExpirationTime', '20380119031404Z')) # Modify their password user.replace('userPassword', 'secreter') # Check the expiration date is still in the future assert user.get_attr_val_utf8( 'passwordExpirationTime') == '20380119031404Z' # Modify the password expiration date user.replace('passwordExpirationTime', '20380119031405Z') # Check the expiration date is still in the future assert user.get_attr_val_utf8( 'passwordExpirationTime') == '20380119031405Z' config = Config(topo.standalone) # Change policy so that user can change passwords config.replace('passwordchange', 'on') # Deleting user UserAccount(topo.standalone, f'uid=test_user_1000,ou=People,{DEFAULT_SUFFIX}').delete() # Adding user user = UserAccounts(topo.standalone, DEFAULT_SUFFIX).create_test_user() # Set password history ON config.replace('passwordhistory', 'on') # Modify password Once user.replace('userPassword', 'secreter') time.sleep(1) assert DEFAULT_PASSWORD_STORAGE_SCHEME in user.get_attr_val_utf8( 'userPassword') # Try to change the password with same one for _ in range(3): with pytest.raises(ldap.CONSTRAINT_VIOLATION): _change_password_with_own(topo, user.dn, 'secreter', 'secreter') user.delete()
def test_binddn_tracking(topo, _create_inital): """Test Managed Entries basic functionality :id: ea2ddfd4-aaec-11ea-8416-8c16451d917b :setup: Standalone Instance :steps: 1. Set nsslapd-plugin-binddn-tracking attribute under cn=config 2. Add user 3. Managed Entry Plugin runs against managed entries upon any update without validating 4. verify creation of User Private Group with its time stamp value 5. Modify the SN attribute which is not mapped with managed entry 6. run ModRDN operation and check the User Private group 7. Check the time stamp of UPG should be changed now 8. Check the creatorsname should be user dn and internalCreatorsname should be plugin name 9. Check if a managed group entry was created :expected results: 1. Success 2. Success 3. Success 4. Success 5. Success 6. Success 7. Success 8. Success 9. Success """ config = Config(topo.standalone) # set nsslapd-plugin-binddn-tracking attribute under cn=config config.replace('nsslapd-plugin-binddn-tracking', 'on') # Add user user = UserAccounts(topo.standalone, f'cn=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user() assert user.get_attr_val_utf8( 'mepManagedEntry') == f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}' entry = Account(topo.standalone, f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}') # Managed Entry Plugin runs against managed entries upon any update without validating # verify creation of User Private Group with its time stamp value stamp1 = entry.get_attr_val_utf8('modifyTimestamp') user.replace('sn', 'NewSN_modified') stamp2 = entry.get_attr_val_utf8('modifyTimestamp') # Modify the SN attribute which is not mapped with managed entry # Check the time stamp of UPG should not be changed assert stamp1 == stamp2 time.sleep(1) # run ModRDN operation and check the User Private group user.rename(new_rdn='uid=UserNewRDN', newsuperior='cn=Users,dc=example,dc=com') assert user.get_attr_val_utf8( 'mepManagedEntry') == f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}' entry = Account(topo.standalone, f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}') stamp3 = entry.get_attr_val_utf8('modifyTimestamp') # Check the time stamp of UPG should be changed now assert stamp2 != stamp3 time.sleep(1) user.replace('gidNumber', '1') stamp4 = entry.get_attr_val_utf8('modifyTimestamp') assert stamp4 != stamp3 # Check the creatorsname should be user dn and internalCreatorsname should be plugin name assert entry.get_attr_val_utf8('creatorsname') == 'cn=directory manager' assert entry.get_attr_val_utf8( 'internalCreatorsname') == 'cn=Managed Entries,cn=plugins,cn=config' assert entry.get_attr_val_utf8('modifiersname') == 'cn=directory manager' user.delete() config.replace('nsslapd-plugin-binddn-tracking', 'off')
def test_mentry01(topo, _create_inital): """Test Managed Entries basic functionality :id: 9b87493b-0493-46f9-8364-6099d0e5d806 :setup: Standalone Instance :steps: 1. Check the plug-in status 2. Add Template and definition entry 3. Add our org units 4. Add users with PosixAccount ObjectClass and verify creation of User Private Group 5. Disable the plug-in and check the status 6. Enable the plug-in and check the status the plug-in is disabled and creation of UPG should fail 7. Add users with PosixAccount ObjectClass and verify creation of User Private Group 8. Add users, run ModRDN operation and check the User Private group 9. Add users, run LDAPMODIFY to change the gidNumber and check the User Private group 10. Checking whether creation of User Private group fails for existing group entry 11. Checking whether adding of posixAccount objectClass to existing user creates UPG 12. Running ModRDN operation and checking the user private groups mepManagedBy attribute 13. Deleting mepManagedBy attribute and running ModRDN operation to check if it creates a new UPG 14. Change the RDN of template entry, DSA Unwilling to perform error expected 15. Change the RDN of cn=Users to cn=TestUsers and check UPG are deleted :expected results: 1. Success 2. Success 3. Success 4. Success 5. Success 6. Success 7. Success 8. Success 9. Success 10. Success 11. Success 12. Success 13. Success 14. Fail(Unwilling to perform ) 15. Success """ # Check the plug-in status mana = ManagedEntriesPlugin(topo.standalone) assert mana.status() # Add Template and definition entry org1 = OrganizationalUnits( topo.standalone, DEFAULT_SUFFIX).create(properties={'ou': 'Users'}) org2 = OrganizationalUnit(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}') meps = MEPTemplates(topo.standalone, DEFAULT_SUFFIX) mep_template1 = meps.create( properties={ 'cn': 'UPG Template1', 'mepRDNAttr': 'cn', 'mepStaticAttr': 'objectclass: posixGroup', 'mepMappedAttr': 'cn: $uid|gidNumber: $gidNumber|description: User private group for $uid' .split('|') }) conf_mep = MEPConfigs(topo.standalone) conf_mep.create( properties={ 'cn': 'UPG Definition2', 'originScope': org1.dn, 'originFilter': 'objectclass=posixaccount', 'managedBase': org2.dn, 'managedTemplate': mep_template1.dn }) # Add users with PosixAccount ObjectClass and verify creation of User Private Group user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user() assert user.get_attr_val_utf8( 'mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}' # Disable the plug-in and check the status mana.disable() user.delete() topo.standalone.restart() # Add users with PosixAccount ObjectClass when the plug-in is disabled and creation of UPG should fail user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user() assert not user.get_attr_val_utf8('mepManagedEntry') # Enable the plug-in and check the status mana.enable() user.delete() topo.standalone.restart() # Add users with PosixAccount ObjectClass and verify creation of User Private Group user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user() assert user.get_attr_val_utf8( 'mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}' # Add users, run ModRDN operation and check the User Private group # Add users, run LDAPMODIFY to change the gidNumber and check the User Private group user.rename(new_rdn='uid=UserNewRDN', newsuperior='ou=Users,dc=example,dc=com') assert user.get_attr_val_utf8( 'mepManagedEntry') == f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}' user.replace('gidNumber', '20209') entry = Account(topo.standalone, f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}') assert entry.get_attr_val_utf8('gidNumber') == '20209' user.replace_many(('sn', 'new_modified_sn'), ('gidNumber', '31309')) assert entry.get_attr_val_utf8('gidNumber') == '31309' user.delete() # Checking whether creation of User Private group fails for existing group entry Groups(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}', rdn=None).create(properties={'cn': 'MENTRY_14'}) user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user() with pytest.raises(ldap.NO_SUCH_OBJECT): entry.status() user.delete() # Checking whether adding of posixAccount objectClass to existing user creates UPG # Add Users without posixAccount objectClass users = WithObjectClass(topo.standalone, f'uid=test_test, ou=Users,{DEFAULT_SUFFIX}') user_properties1 = { 'uid': 'test_test', 'cn': 'test', 'sn': 'test', 'mail': '*****@*****.**', 'telephoneNumber': '123' } user = users.create(properties=user_properties1) assert not user.get_attr_val_utf8('mepManagedEntry') # Add posixAccount objectClass user.replace_many( ('objectclass', ['top', 'person', 'inetorgperson', 'posixAccount']), ('homeDirectory', '/home/ok'), ('uidNumber', '61603'), ('gidNumber', '61603')) assert not user.get_attr_val_utf8('mepManagedEntry') user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user() entry = Account(topo.standalone, 'cn=test_user_1000,ou=Groups,dc=example,dc=com') # Add inetuser objectClass user.replace_many(('objectclass', [ 'top', 'account', 'posixaccount', 'inetOrgPerson', 'organizationalPerson', 'nsMemberOf', 'nsAccount', 'person', 'mepOriginEntry', 'inetuser' ]), ('memberOf', entry.dn)) assert entry.status() user.delete() user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user() entry = Account(topo.standalone, 'cn=test_user_1000,ou=Groups,dc=example,dc=com') # Add groupofNames objectClass user.replace_many(('objectclass', [ 'top', 'account', 'posixaccount', 'inetOrgPerson', 'organizationalPerson', 'nsMemberOf', 'nsAccount', 'person', 'mepOriginEntry', 'groupofNames' ]), ('memberOf', user.dn)) assert entry.status() # Running ModRDN operation and checking the user private groups mepManagedBy # attribute was also reset because the modrdn on the origin will do a modrdn # on checkManagedEntry to match the new rdn value of the origin entry checkManagedEntry = UserAccounts(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}', rdn=None) check_entry = checkManagedEntry.create( properties={ 'objectclass': ['top', 'extensibleObject'], 'uid': 'CheckModRDN', 'uidNumber': '12', 'gidNumber': '12', 'homeDirectory': '/home', 'sn': 'tmp', 'cn': 'tmp', }) user.replace('mepManagedEntry', check_entry.dn) user.rename(new_rdn='uid=UserNewRDN', newsuperior='ou=Users,dc=example,dc=com') assert user.get_attr_val_utf8_l( 'mepManagedEntry' ) == f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}'.lower() # Deleting mepManagedBy attribute and running ModRDN operation to check if it creates a new UPG user.remove('mepManagedEntry', f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}') user.rename(new_rdn='uid=UserNewRDN1', newsuperior='ou=Users,dc=example,dc=com') assert user.get_attr_val_utf8( 'mepManagedEntry') == f'cn=UserNewRDN1,ou=Groups,{DEFAULT_SUFFIX}' # Change the RDN of template entry, DSA Unwilling to perform error expected mep = MEPTemplate(topo.standalone, f'cn=UPG Template,{DEFAULT_SUFFIX}') with pytest.raises(ldap.UNWILLING_TO_PERFORM): mep.rename(new_rdn='cn=UPG Template2', newsuperior='dc=example,dc=com') # Change the RDN of cn=Users to cn=TestUsers and check UPG are deleted before = user.get_attr_val_utf8('mepManagedEntry') user.rename(new_rdn='uid=Anuj', newsuperior='ou=Users,dc=example,dc=com') assert user.get_attr_val_utf8('mepManagedEntry') != before