def create_and_verify_groups(use_cli_api=True,
use_python_api=False,
nr_groups=5):
assert (use_cli_api != use_python_api)
print '********** Generate school data'
group_import = GroupImport(nr_groups=nr_groups)
import_file = ImportFile(use_cli_api, use_python_api)
print group_import
with utu.UCSTestSchool() as schoolenv:
schoolenv.create_ou(group_import.school,
name_edudc=schoolenv._ucr.get('hostname'))
print '********** Create groups'
import_file.run_import(group_import)
group_import.verify()
print '********** Modify groups'
group_import.modify()
import_file.run_import(group_import)
group_import.verify()
print '********** Delete groups'
group_import.delete()
import_file.run_import(group_import)
group_import.verify()
def assert_student_group(self, access):
group_dn = 'cn=schueler,cn=groups,%s' % utu.UCSTestSchool(
).get_ou_base_dn(self.school)
attrs = [
'children',
'entry',
]
self.assert_acl(group_dn, access, attrs)
target_dn = create_dc_slave_in_container(group_dn)
self.assert_acl(target_dn, access, attrs, access_allowance='DENIED')
group_dn = create_group_in_container(group_dn)
attrs = [
'sambaGroupType',
'cn',
'description',
'objectClass',
'memberUid',
'univentionObjectType',
'gidNumber',
'sambaSID',
'uniqueMember',
'univentionGroupType',
]
self.assert_acl(group_dn, access, attrs)
def assert_teacher_group(self, access):
"""Lehrer, Mitarbeiter und Mitglieder der lokalen Administratoren
duerfen Arbeitsgruppen anlegen und aendern
"""
group_dn = 'cn=lehrer,cn=groups,%s' % utu.UCSTestSchool(
).get_ou_base_dn(self.school)
attrs = [
'children',
'entry',
]
self.assert_acl(group_dn, access, attrs)
target_dn = create_dc_slave_in_container(group_dn)
self.assert_acl(target_dn, access, attrs, access_allowance='DENIED')
group_dn = create_group_in_container(group_dn)
# access to dn.regex="^cn=([^,]+),(cn=lehrer,|cn=schueler,|)cn=groups,ou=([^,]+),dc=najjar,dc=am$$"
# filter="(&(!(|(uidNumber=*)(objectClass=SambaSamAccount)))(objectClass=univentionGroup))"
attrs = [
'sambaGroupType',
'cn',
'description',
'objectClass',
'memberUid',
'univentionObjectType',
'gidNumber',
'sambaSID',
'uniqueMember',
'univentionGroupType',
]
self.assert_acl(group_dn, access, attrs)
def assert_room(self, room_dn, access):
"""Lehrer und ouadmins duerfen Raum-Gruppen anlegen und bearbeiten
"""
target_dn = 'cn=raeume,cn=groups,%s' % utu.UCSTestSchool(
).get_ou_base_dn(self.school)
attrs = [
'children',
'entry',
]
self.assert_acl(target_dn, access, attrs)
# access to dn.regex="^cn=([^,]+),cn=raeume,cn=groups,ou=([^,]+),dc=najjar,dc=am$$"
# filter="(&(!(|(uidNumber=*)(objectClass=SambaSamAccount)))(objectClass=univentionGroup))"
attrs = [
'entry',
'children',
'sambaGroupType',
'cn',
'objectClass',
'univentionObjectType',
'gidNumber',
'sambaSID',
'univentionGroupType',
]
self.assert_acl(room_dn, access, attrs)
target_dn = create_dc_slave_in_container(target_dn)
self.assert_acl(target_dn, access, attrs, access_allowance='DENIED')
def run(self):
try:
with univention.testing.ucr.UCSTestConfigRegistry() as ucr, \
univention.testing.udm.UCSTestUDM() as udm, \
utu.UCSTestSchool() as schoolenv:
self.ucr = ucr
self.udm = udm
if self.maildomain not in self.ucr.get('mail/hosteddomains', ''):
self.log.info("\n\n*** Creating mail domain %r...\n", self.maildomain)
udm.create_object(
'mail/domain',
position='cn=domain,cn=mail,{}'.format(self.ucr['ldap/base']),
name=self.maildomain
)
self.lo = schoolenv.open_ldap_connection(admin=True)
self.log.info('Creating OUs...')
for ou in [self.ou_A, self.ou_B, self.ou_C]:
if ou is not None:
ou.name, ou.dn = schoolenv.create_ou(ou_name=ou.name, name_edudc=self.ucr.get('hostname'))
self.log.info('Created OU %r (%r)...', ou.name, ou.dn)
self.log.info('Created OUs: %r.', [ou.name for ou in [self.ou_A, self.ou_B, self.ou_C] if ou is not None])
self.test()
self.log.info('Test was successful.\n\n')
finally:
self.cleanup()
def __init__(self,
school,
name=None,
dn=None,
description=None,
host_members=None):
self.school = school
self.name = name if name else uts.random_name()
self.dn = dn if dn else 'cn=%s-%s,cn=raeume,cn=groups,%s' % (
school, self.name, utu.UCSTestSchool().get_ou_base_dn(school))
self.description = description if description else uts.random_name()
self.host_members = host_members or []
def assert_ou(self, access):
"""Slave-Controller duerfen Eintraege Ihrer ou lesen und schreiben
(Passwortaenderungen etc.)
Lehrer und Memberserver duerfen sie lesen, ou-eigene bekommen
Standard-ACLs, ou-fremde Server/user duerfen nichts
"""
attrs = [
'entry',
'children',
'ou',
'displayName',
'univentionObjectType',
'ucsschoolHomeShareFileServer',
'ucsschoolClassShareFileServer',
'univentionPolicyReference',
'objectClass',
]
target_dn = utu.UCSTestSchool().get_ou_base_dn(self.school)
self.assert_acl(target_dn, access, attrs)
def assert_member_server(self, access):
"""Mitglieder der lokalen Administratoren duerfen den DC-Slave und Memberserver
joinen (benoetigt Passwortaenderung)
"""
base_dn = self.ucr.get('ldap/base')
attrs = [
'krb5KeyVersionNumber',
'krb5KDCFlags',
'krb5Key',
'krb5PasswordEnd',
'sambaAcctFlags',
'sambaPwdLastSet',
'sambaLMPassword',
'sambaNTPassword',
'shadowLastChange',
'shadowMax',
'userPassword',
'pwhistory',
'sambaPwdCanChange',
'sambaPwdMustChange',
'sambaPasswordHistory',
]
singlemaster = self.ucr.is_true('ucsschool/singlemaster')
lo = getMachineConnection()
if not singlemaster:
slave_found = lo.search(
filter=
"(|(univentionObjectType=computers/domaincontroller_slave)(univentionObjectType=computers/memberserver))",
base=utu.UCSTestSchool().get_ou_base_dn(self.school))
if slave_found:
slave_dn = slave_found[0][0]
self.assert_acl(slave_dn, access, attrs)
attrs = ['sOARecord']
zoneName = lo.search(base='cn=dns,%s' % base_dn,
scope='base+one',
attr=['uid'])
for (target_dn, d) in zoneName:
if 'zoneName' in target_dn:
self.assert_acl(target_dn, access, attrs)
break
def create_and_verify_networks(use_cli_api=True, use_python_api=False, nr_networks=5):
assert(use_cli_api != use_python_api)
print '********** Generate school data'
network_import = NetworkImport(nr_networks=nr_networks)
import_file = ImportFile(use_cli_api, use_python_api)
print network_import
with utu.UCSTestSchool() as schoolenv:
schoolenv.create_ou(network_import.school, name_edudc=schoolenv._ucr.get('hostname'))
print '********** Create networks'
import_file.run_import(str(network_import))
network_import.verify()
print '********** Create routers'
network_import.set_mode_to_router()
import_file.set_mode_to_router()
network_import.modify()
import_file.run_import(str(network_import))
network_import.verify()
def assert_dhcp(self, client, access, modify_only_attrs=False):
"""
Check access to DHCP host objects.
By default, all attributes are checked. If modify_only_attrs is True,
only attributes that are required to modify the DHCP host object are
checked.
"""
client_dhcp_dn = 'cn=%s,cn=%s,cn=dhcp,%s' % (
client, self.school, utu.UCSTestSchool().get_ou_base_dn(
self.school))
attrs = [
'entry',
'children',
'dhcpOption',
]
if not modify_only_attrs:
attrs += [
'objectClass',
'univentionObjectType',
'cn',
]
self.assert_acl(client_dhcp_dn, access, attrs)
def create_and_verify_computers(use_cli_api=True,
use_python_api=False,
nr_windows=20,
nr_memberserver=10,
nr_macos=5,
nr_ipmanagedclient=3):
assert (use_cli_api != use_python_api)
print '********** Generate school data'
computer_import = ComputerImport(nr_windows=nr_windows,
nr_memberserver=nr_memberserver,
nr_macos=nr_macos,
nr_ipmanagedclient=nr_ipmanagedclient)
import_file = ImportFile(use_cli_api, use_python_api)
print computer_import
with utu.UCSTestSchool() as schoolenv:
schoolenv.create_ou(computer_import.school,
name_edudc=schoolenv._ucr.get('hostname'))
print '********** Create computers'
import_file.run_import(computer_import)
computer_import.verify()
def assign(self, school, groupName, groupType, default=False):
"""Assign internet rule via UMCP\n
:param school: name of the ou
:type school: str
:param groupName: name of the group or class
:type groupName: str
:param groupType: 'workgroup' or 'class'
:type groupType: str
:param default: if the group is assigned to default values
:type default: bool
"""
self.ucr.load()
groupdn = ''
schoolenv = utu.UCSTestSchool()
school_basedn = schoolenv.get_ou_base_dn(school)
if groupType == 'workgroup':
ucsschool = UCSTestSchool()
groupdn = ucsschool.get_workinggroup_dn(school, groupName)
elif groupType == 'class':
groupdn = 'cn=%s-%s,cn=klassen,cn=schueler,cn=groups,%s' % (
school, groupName, school_basedn)
if default:
name = '$default$'
else:
name = self.name
param = [{'group': groupdn, 'rule': name}]
print 'Assigning rule %s to %s: %s' % (self.name, groupType, groupName)
print 'param = %r' % (param, )
result = self.client.umc_command('internetrules/groups/assign',
param).result
if not result:
utils.fail('Unable to assign internet rule to workgroup (%r)' %
(param, ))
else:
return (groupName, self.name)
def create_and_verify_printers(use_cli_api=True, use_python_api=False, nr_printers=5):
assert(use_cli_api != use_python_api)
print '********** Generate school data'
printer_import = PrinterImport(nr_printers=nr_printers)
import_file = ImportFile(use_cli_api, use_python_api)
print printer_import
with utu.UCSTestSchool() as schoolenv:
schoolenv.create_ou(printer_import.school, name_edudc=schoolenv._ucr.get('hostname'))
print '********** Create printers'
import_file.run_import(str(printer_import))
printer_import.verify()
print '********** Modify printers'
printer_import.modify()
import_file.run_import(str(printer_import))
printer_import.verify()
print '********** Delete printers'
printer_import.delete()
import_file.run_import(str(printer_import))
printer_import.verify()
def dn(self):
return 'cn=%s,cn=computers,%s' % (
self.name, utu.UCSTestSchool().get_ou_base_dn(self.school))