def enableAttrEncryption(srv,attrname,alg,dbname="userRoot"): # Add an entry for this attribute dn = "cn=%s,cn=encrypted attributes,cn=%s,cn=ldbm database,cn=plugins,cn=config" % (attrname, dbname) ent = Entry(dn) ent.setValue('objectclass', 'nsAttributeEncryption') ent.setValue('nsEncryptionAlgorithm', alg) srv.add_s(ent)
def handle(self,dn,entry): if not dn: dn = '' newentry = Entry((dn, entry)) if newentry.hasValueCase('objectclass', 'inetorgperson'): ocvals = newentry.getValues('objectclass') ocvals.append('inetUser') newentry.setValue('objectclass', ocvals) try: self.conn.add_s(newentry) except ldap.LDAPError, e: if not self.cont: raise e print "Error: could not add entry %s: error %s" % (dn, str(e))
def handle(self, dn, entry): if not dn: dn = '' newentry = Entry((dn, entry)) if newentry.hasValueCase('objectclass', 'inetorgperson'): ocvals = newentry.getValues('objectclass') ocvals.append('inetUser') newentry.setValue('objectclass', ocvals) try: self.conn.add_s(newentry) except ldap.LDAPError, e: if not self.cont: raise e print "Error: could not add entry %s: error %s" % (dn, str(e))
def handle(self,dn,entry): """ Append single record to dictionary of all records. """ if not dn: dn = '' newentry = Entry((dn, entry)) objclasses = newentry.getValues('objectclass') if 'inetOrgPerson' in objclasses: print "adding posixAccount to ", dn objclasses.append('posixAccount') objclasses.append('myintobjclass') newentry.setValue('objectclass', objclasses) newentry.setValue('uidNumber', str(self.uidNumber)) newentry.setValue('gidNumber', str(self.uidNumber)) newentry.setValue('homeDirectory', '/home/foo') newentry.setValue('myintattr', str(self.uidNumber)) self.uidNumber = self.uidNumber + 1 print>>self.output_file, str(newentry)
'no_admin': True }) # add schema srv.addAttr("( NAME 'testUserAccountControl' DESC 'Attribute Bitwise filteri-Multi-Valued' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )") srv.addAttr("( NAME 'testUserStatus' DESC 'State of User account active/disabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )") srv.addAttr("( 2.16.840.1.113730.3.1.999999.3 NAME 'attrcaseExactMatch' DESC 'for testing matching rules' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'matching rule tests' 'user defined' ) )") srv.addObjClass("( NAME 'testperson' SUP top AUXILIARY MUST ( attrcaseExactMatch $ testUserAccountControl $ testUserStatus ) X-ORIGIN 'BitWise' )") strval = 'ThIs Is A tEsT' vals = (0, (511,), (512,), (513,), (514,), (1023,)) for ii in xrange(1, len(vals)): dn = "cn=btestuser%d, %s" % (ii, basedn) ent = Entry(dn) ent.setValue('objectclass', 'top', 'person', 'testperson') ent.setValue('sn', 'User') ent.setValue('testUserAccountControl', [str(xx) for xx in vals[ii]]) ent.setValue('testUserStatus', 'bogus') ent.setValue('attrcaseExactMatch', strval + str(ii)) srv.add_s(ent) print "search for", strval, 1 ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, "(attrcaseExactMatch=%s1)" % strval) for ent in ents: print "found entry %s val %s" % (ent.dn, ent.attrcaseExactMatch) print 'search for "(testUserAccountControl:1.2.840.113556.1.4.803:=514)"' ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, "(testUserAccountControl:1.2.840.113556.1.4.803:=514)") for ent in ents: print "found entry %s val %s" % (ent.dn, ent.testUserAccountControl) print 'search for "(testUserAccountControl:1.2.840.113556.1.4.804:=2)"'
"( NAME 'testUserStatus' DESC 'State of User account active/disabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )" ) srv.addAttr( "( 2.16.840.1.113730.3.1.999999.3 NAME 'attrcaseExactMatch' DESC 'for testing matching rules' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ( 'matching rule tests' 'user defined' ) )" ) srv.addObjClass( "( NAME 'testperson' SUP top AUXILIARY MUST ( attrcaseExactMatch $ testUserAccountControl $ testUserStatus ) X-ORIGIN 'BitWise' )" ) strval = 'ThIs Is A tEsT' vals = (0, (511, ), (512, ), (513, ), (514, ), (1023, )) for ii in xrange(1, len(vals)): dn = "cn=btestuser%d, %s" % (ii, basedn) ent = Entry(dn) ent.setValue('objectclass', 'top', 'person', 'testperson') ent.setValue('sn', 'User') ent.setValue('testUserAccountControl', [str(xx) for xx in vals[ii]]) ent.setValue('testUserStatus', 'bogus') ent.setValue('attrcaseExactMatch', strval + str(ii)) srv.add_s(ent) print "search for", strval, 1 ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, "(attrcaseExactMatch=%s1)" % strval) for ent in ents: print "found entry %s val %s" % (ent.dn, ent.attrcaseExactMatch) print 'search for "(testUserAccountControl:1.2.840.113556.1.4.803:=514)"' ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, "(testUserAccountControl:1.2.840.113556.1.4.803:=514)") for ent in ents:
# Add an entry for this attribute dn = "cn=%s,cn=encrypted attributes,cn=%s,cn=ldbm database,cn=plugins,cn=config" % (attrname, dbname) ent = Entry(dn) ent.setValue('objectclass', 'nsAttributeEncryption') ent.setValue('nsEncryptionAlgorithm', alg) srv.add_s(ent) def disableAttrEncryption(srv,attrname,dbname="userRoot"): dn = "dn: cn=%s,cn=encrypted attributes,cn=%s,cn=ldbm database,cn=plugins,cn=config" % (attrname, dbname) srv.delete_s(dn) print "Enable attribute encryption for telephoneNumber" enableAttrEncryption(srv,'telephoneNumber','3DES') print "add user" userdn = "uid=attrcryptuser,ou=people," + basedn ent = Entry(userdn) ent.setValue('objectclass', 'inetOrgPerson') ent.setValue('cn', 'Attrcrypt User'); ent.setValue('sn', 'User') ent.setValue('givenname', 'Attrcrypt') ent.setValue('telephoneNumber', '1234567890') srv.add_s(ent) print "export encrypted data" cmd = '%s/lib/dirsrv/slapd-%s/db2ldif -n userRoot -a /tmp/encrypted.ldif' % (os.environ['PREFIX'], newinst) os.system(cmd) print "export unencrypted data" cmd = '%s/lib/dirsrv/slapd-%s/db2ldif -n userRoot -E -a /tmp/unencrypted.ldif' % (os.environ['PREFIX'], newinst) os.system(cmd)