def do_setup(topology_st, request):
"""Create a user and make sure ou=pople exists
"""
sys.stdout = io.StringIO()
users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
users.ensure_state(properties=TEST_USER_PROPERTIES)
ou = OrganizationalUnits(topology_st.standalone, DEFAULT_SUFFIX)
ou.ensure_state(properties={'ou': 'people'})
def test_entry(topo_m2, request):
"""Add test entry using UserAccounts"""
log.info('Adding a test entry user')
users = UserAccounts(topo_m2.ms["master1"], DEFAULT_SUFFIX)
tuser = users.ensure_state(properties=TEST_USER_PROPERTIES)
return tuser
def test_betxn_modrdn_memberof_cache_corruption(topology_st):
"""Test modrdn operations and memberOf be txn post op failures
:id: 70d0b96e-b693-4bf7-bbf5-102a66ac5994
:setup: Standalone instance
:steps: 1. Enable and configure memberOf plugin
2. Set memberofgroupattr="member" and memberofAutoAddOC="nsContainer"
3. Create group and user outside of memberOf plugin scope
4. Do modrdn to move group into scope
5. Do modrdn to move group into scope (again)
:expectedresults:
1. memberOf plugin plugin should be ON
2. Set memberofgroupattr="member" and memberofAutoAddOC="nsContainer" should PASS
3. Creating group and user should PASS
4. Modrdn should fail with objectclass violation
5. Second modrdn should also fail with objectclass violation
"""
peoplebase = 'ou=people,%s' % DEFAULT_SUFFIX
memberof = MemberOfPlugin(topology_st.standalone)
memberof.enable()
memberof.set_autoaddoc('nsContainer') # Bad OC
memberof.set('memberOfEntryScope', peoplebase)
memberof.set('memberOfAllBackends', 'on')
topology_st.standalone.restart()
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={
'cn': 'group',
})
# Create user and add it to group
users = UserAccounts(topology_st.standalone, basedn=DEFAULT_SUFFIX)
user = users.ensure_state(properties=TEST_USER_PROPERTIES)
if not ds_is_older('1.3.7'):
user.remove('objectClass', 'nsMemberOf')
group.add_member(user.dn)
# Attempt modrdn that should fail, but the original entry should stay in the cache
with pytest.raises(ldap.OBJECT_CLASS_VIOLATION):
group.rename('cn=group_to_people', newsuperior=peoplebase)
# Should fail, but not with NO_SUCH_OBJECT as the original entry should still be in the cache
with pytest.raises(ldap.OBJECT_CLASS_VIOLATION):
group.rename('cn=group_to_people', newsuperior=peoplebase)
# Done
log.info('test_betxn_modrdn_memberof: PASSED')
def test_repl_agmt_bootstrap_credentials(topo):
"""Test that the agreement bootstrap credentials works if the default
credentials fail for some reason.
:id: 38c8095c-d958-415a-b602-74854b7882b3
:setup: 2 Master Instances
:steps:
1. Change the bind dn group member passwords
2. Verify replication is not working
3. Create a new repl manager on master 2 for bootstrapping
4. Add bootstrap credentials to agmt on master 1
5. Verify replication is now working with bootstrap creds
6. Trigger new repl session and default credentials are used first
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
"""
# Gather all of our objects for the test
m1 = topo.ms["master1"]
m2 = topo.ms["master2"]
master1_replica = Replicas(m1).get(DEFAULT_SUFFIX)
master2_replica = Replicas(m2).get(DEFAULT_SUFFIX)
master2_users = UserAccounts(m2, DEFAULT_SUFFIX)
m1_agmt = master1_replica.get_agreements().list()[0]
num_of_original_users = len(master2_users.list())
# Change the member's passwords which should break replication
bind_group = Group(m2, dn=BIND_GROUP_DN)
members = bind_group.list_members()
for member_dn in members:
member = UserAccount(m2, dn=member_dn)
member.replace('userPassword', 'not_right')
time.sleep(3)
m1_agmt.pause()
m1_agmt.resume()
# Verify replication is not working, a new user should not be replicated
users = UserAccounts(m1, DEFAULT_SUFFIX)
test_user = users.ensure_state(properties=TEST_USER_PROPERTIES)
time.sleep(3)
assert len(master2_users.list()) == num_of_original_users
# Create a repl manager on replica
repl_mgr = BootstrapReplicationManager(m2, dn=BOOTSTRAP_MGR_DN)
mgr_properties = {
'uid': 'replication manager',
'cn': 'replication manager',
'userPassword': BOOTSTRAP_MGR_PWD,
}
repl_mgr.create(properties=mgr_properties)
# Update master 2 config
master2_replica.remove_all('nsDS5ReplicaBindDNGroup')
master2_replica.remove_all('nsDS5ReplicaBindDnGroupCheckInterval')
master2_replica.replace('nsDS5ReplicaBindDN', BOOTSTRAP_MGR_DN)
# Add bootstrap credentials to master1 agmt, and restart agmt
m1_agmt.replace('nsds5ReplicaBootstrapTransportInfo', 'LDAP')
m1_agmt.replace('nsds5ReplicaBootstrapBindMethod', 'SIMPLE')
m1_agmt.replace('nsds5ReplicaBootstrapCredentials', BOOTSTRAP_MGR_PWD)
m1_agmt.replace('nsds5ReplicaBootstrapBindDN', BOOTSTRAP_MGR_DN)
m1_agmt.pause()
m1_agmt.resume()
# Verify replication is working. The user should have been replicated
time.sleep(3)
assert len(master2_users.list()) > num_of_original_users
# Finally check if the default credentials are used on the next repl
# session. Clear out the logs, and disable log buffering. Then
# trigger a replication update/session.
m1_agmt.pause()
m2.stop()
m2.deleteLog(m2.accesslog) # Clear out the logs
m2.start()
m2.config.set('nsslapd-accesslog-logbuffering', 'off')
m1_agmt.resume()
test_user.delete()
time.sleep(3)
# We know if the default credentials are used it will fail (err=49)
results = m2.ds_access_log.match('.* err=49 .*')
assert len(results) > 0
def test_mail_attr_repl(topo_r):
"""Check that no crash happens during mail attribute replication
:id: 959edc84-05be-4bf9-a541-53afae482052
:setup: Replication setup with master and consumer instances,
test user on master
:steps:
1. Check that user was replicated to consumer
2. Back up mail database file
3. Remove mail attribute from the user entry
4. Restore mail database
5. Search for the entry with a substring 'mail=user*'
6. Search for the entry once again to make sure that server is alive
:expectedresults:
1. The user should be replicated to consumer
2. Operation should be successful
3. The mail attribute should be removed
4. Operation should be successful
5. Search should be successful
6. No crash should happen
"""
master = topo_r.ms["master1"]
consumer = topo_r.cs["consumer1"]
repl = ReplicationManager(DEFAULT_SUFFIX)
m_users = UserAccounts(topo_r.ms["master1"], DEFAULT_SUFFIX)
m_user = m_users.ensure_state(properties=TEST_USER_PROPERTIES)
m_user.ensure_present('mail', '*****@*****.**')
log.info("Check that replication is working")
repl.wait_for_replication(master, consumer)
c_users = UserAccounts(topo_r.cs["consumer1"], DEFAULT_SUFFIX)
c_user = c_users.get('testuser')
c_bes = Backends(consumer)
c_be = c_bes.get(DEFAULT_SUFFIX)
db_dir = c_be.get_attr_val_utf8('nsslapd-directory')
mail_db = list(filter(lambda fl: fl.startswith("mail"),
os.listdir(db_dir)))
assert mail_db, "mail.* wasn't found in {}"
mail_db_path = os.path.join(db_dir, mail_db[0])
backup_path = os.path.join(DEFAULT_BACKUPDIR, mail_db[0])
consumer.stop()
log.info("Back up {} to {}".format(mail_db_path, backup_path))
shutil.copyfile(mail_db_path, backup_path)
consumer.start()
log.info("Remove 'mail' attr from master")
m_user.remove_all('mail')
log.info("Wait for the replication to happen")
repl.wait_for_replication(master, consumer)
consumer.stop()
log.info("Restore {} to {}".format(backup_path, mail_db_path))
shutil.copyfile(backup_path, mail_db_path)
consumer.start()
log.info("Make a search for mail attribute in attempt to crash server")
c_user.get_attr_val("mail")
log.info("Make sure that server hasn't crashed")
repl.test_replication(master, consumer)
def test_enable_external_libs_debug_log(topology_st):
"""Check that OpenLDAP logs are successfully enabled and disabled
:id: b04646e3-9a5e-45ae-ad81-2882c1daf23e
:setup: Standalone instance
:steps: 1. Create a user to bind on
2. Set nsslapd-external-libs-debug-enabled to "on"
3. Clean the error log
4. Bind as the user to generate OpenLDAP output
5. Restart the servers to flush the logs
6. Check the error log for OpenLDAP debug log
7. Set nsslapd-external-libs-debug-enabled to "on"
8. Clean the error log
9. Bind as the user to generate OpenLDAP output
10. Restart the servers to flush the logs
11. Check the error log for OpenLDAP debug log
:expectedresults: 1. Success
2. Success
3. Success
4. Success
5. Success
6. Logs are present
7. Success
8. Success
9. Success
10. Success
11. No logs are present
"""
standalone = topology_st.standalone
log.info('Create a user to bind on')
users = UserAccounts(standalone, DEFAULT_SUFFIX)
user = users.ensure_state(
properties={
'uid': 'test_audit_log',
'cn': 'test',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '1000',
'homeDirectory': '/home/test',
'userPassword': PASSWORD
})
log.info('Set nsslapd-external-libs-debug-enabled to "on"')
standalone.config.set('nsslapd-external-libs-debug-enabled', 'on')
log.info('Clean the error log')
standalone.deleteErrorLogs()
log.info('Bind as the user to generate OpenLDAP output')
user.bind(PASSWORD)
log.info('Restart the servers to flush the logs')
standalone.restart()
log.info('Check the error log for OpenLDAP debug log')
assert standalone.ds_error_log.match('.*libldap/libber.*')
log.info('Set nsslapd-external-libs-debug-enabled to "off"')
standalone.config.set('nsslapd-external-libs-debug-enabled', 'off')
log.info('Clean the error log')
standalone.deleteErrorLogs()
log.info('Bind as the user to generate OpenLDAP output')
user.bind(PASSWORD)
log.info('Restart the servers to flush the logs')
standalone.restart()
log.info('Check the error log for OpenLDAP debug log')
assert not standalone.ds_error_log.match('.*libldap/libber.*')
