def starttest(*args): dn = "ou=test, dc=example, dc=com" newrdn = "ou=test2" dn2 = newrdn + ", dc=example, dc=com" server = args[0] print "starting starttest with " + str(server) while True: try: entry = Entry(dn) entry.setValues('objectclass', 'top', 'organizationalUnit') entry.setValues('ou', 'test') server.add_s(entry) time.sleep(0.100) except ldap.ALREADY_EXISTS: pass except ldap.LDAPError, e: print "Could not add test entry to server " + str(server), e raise try: server.rename_s(dn, newrdn) time.sleep(0.050) except ldap.ALREADY_EXISTS: # replicated from the other server pass except ldap.NO_SUCH_OBJECT: # deleted by the other server pass except ldap.LDAPError, e: print "Could not delete test entry from server " + str(server), e raise
def doadds(m1): print "Add %d entries to m1" % len(m1ents) for ii in m1ents: dn = "cn=%d,%s" % (ii, basedn) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'testuser') m1.add_s(ent)
def setup_mt(self, suffix, bename, parent=None): """Setup a suffix with the given backend-name. @param suffix @param bename @param parent - the parent suffix @param verbose - None This method does not create the matching entry in the tree, nor the given backend. Both should be created apart. Ex. setup_mt(suffix='o=addressbook1', bename='addressbook1') creates: - the mapping in "cn=mapping tree,cn=config" you have to create: - the backend - the ldap entry "o=addressbook1" *after* """ nsuffix = normalizeDN(suffix) #escapedn = escapeDNValue(nsuffix) if parent: nparent = normalizeDN(parent) else: nparent = "" filt = suffixfilt(suffix) # if suffix exists, return try: entry = self.conn.getEntry( DN_MAPPING_TREE, ldap.SCOPE_SUBTREE, filt) return entry except NoSuchEntryError: entry = None # fix me when we can actually used escaped DNs #dn = "cn=%s,cn=mapping tree,cn=config" % escapedn dn = ','.join(('cn="%s"' % nsuffix, DN_MAPPING_TREE)) entry = Entry(dn) entry.update({ 'objectclass': ['top', 'extensibleObject', 'nsMappingTree'], 'nsslapd-state': 'backend', # the value in the dn has to be DN escaped # internal code will add the quoted value - unquoted value is useful for searching 'cn': nsuffix, 'nsslapd-backend': bename }) #entry.setValues('cn', [escapedn, nsuffix]) # the value in the dn has to be DN escaped # the other value can be the unescaped value if parent: entry.setValues('nsslapd-parent-suffix', nparent) try: self.log.debug("Creating entry: %r" % entry) self.conn.add_s(entry) except ldap.LDAPError, e: raise ldap.LDAPError("Error adding suffix entry " + dn, e)
def domods(m1): ii = 0 dn = "cn=%d,%s" % (ii, basedn) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'testuser') m1.add_s(ent) print "Do %d mods to m1" % len(m1ents) for ii in m1ents: newval = "description" + str(ii) mod = [(ldap.MOD_REPLACE, 'description', newval)] m1.modify_s(dn, mod)
def makeADUserEnt(idnum): id = str(idnum) userid = 'testuser' + id cn = 'Test User' + id dn = 'cn=%s,%s' % (cn, active_user_subtree) ent = Entry(dn) ent.setValues('objectclass', aduserObjClasses) ent.setValues('cn', cn) ent.setValues('sn', 'User' + id) ent.setValues('userPrincipalName', '%s@%s' % (userid, realm)) ent.setValues('sAMAccountName', userid) return ent
def makeADUserEnt(): global idnum id = str(idnum) userid = 'testuser' + id cn = 'Test User' + id dn = 'cn=%s,%s,%s' % (cn, adusersubtree, suffix) ent = Entry(dn) ent.setValues('objectclass', aduserObjClasses) ent.setValues('cn', cn) ent.setValues('sn', 'User' + id) ent.setValues('userPrincipalName', '%s@%s' % (userid, realm)) ent.setValues('sAMAccountName', userid) idnum += 1 return ent
def makeDSUserEnt(): global idnum id = str(idnum) userid = 'testuser' + id dn = 'uid=%s,%s,%s' % (userid, usersubtree, suffix) ent = Entry(dn) ent.setValues('objectclass', userObjClasses) ent.setValues('cn', 'Test User' + id) ent.setValues('sn', 'User' + id) ent.setValues('ou', 'people') idnum += 1 return ent
def addouent(ds, dn): pdns = [dn] while len(pdns) > 0: dn = pdns.pop() ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ds.add_s(ent) print "added entry", ent.dn except ldap.ALREADY_EXISTS: continue except ldap.NO_SUCH_OBJECT: pdns.append(dn) rdns = ldap.explode_dn(dn) pdn = ','.join(rdns[1:]) pdns.append(pdn) except Exception, e: print "Could not add entry", ent.dn, str(e) raise e
def addouent(ds,dn): pdns = [dn] while len(pdns) > 0: dn = pdns.pop() ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ds.add_s(ent) print "added entry", ent.dn except ldap.ALREADY_EXISTS: continue except ldap.NO_SUCH_OBJECT: pdns.append(dn) rdns = ldap.explode_dn(dn) pdn = ','.join(rdns[1:]) pdns.append(pdn) except Exception, e: print "Could not add entry", ent.dn, str(e) raise e
def newEntry(entrycnt, mmx): userid = "user%d %s" % (entrycnt, mmx) dn = "uid=%s,ou=people,%s" % (userid, basedn) ent = Entry(dn) ent.setValues("objectclass", "inetOrgPerson") ent.setValues("cn", "Test " + userid) ent.setValues("sn", userid) msgid = mmx.add(ent) return (ent, msgid)
m1.startReplication(agmtm1tom2) print "repl status after starting" print m1.getReplStatus(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) agmtm1toc1 = m1.setupAgreement(c1, m1replargs) time.sleep(2) m1.startReplication(agmtm1toc1) print "repl status after starting" print m1.getReplStatus(agmtm1toc1) agmtm2toc1 = m2.setupAgreement(c1, m2replargs) print "add entry on m1 . . ." dn = 'uid=testuser,dc=example,dc=com' ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', "1") ent.setValues('sn', 'testuser') m1.add_s(ent) time.sleep(2) print "search for entry on m2 . . ." ents = m2.search_s(dn, ldap.SCOPE_BASE) if not ents: time.sleep(2) ents = m2.search_s(dn, ldap.SCOPE_BASE) if not ents: print "entry not found on m2" sys.exit(1) else: print "entry found on m2" print "search for entry on c1 . . ."
m2replargs = m1replargs createargs['newhost'] = host2 createargs['newport'] = port2 createargs['newinst'] = 'm2' #os.environ['USE_GDB'] = "1" print "create and setup m2" m2 = DSAdmin.createInstance(createargs) #del os.environ['USE_GDB'] os.unlink(cfgfd.name) print "add entries to each suffix" for suf in suflist: ent = Entry(suf) ent.setValues('objectclass', ['top', 'extensibleObject']) m1.add_s(ent) print "setup replication" replargs = m1replargs for srv,ii in ((m1, 1),(m2, 2)): for be,suf in zip(belist,suflist): replargs['suffix'] = suf replargs['bename'] = be replargs['id'] = ii srv.replicaSetupAll(replargs) m1agmts = [] m2agmts = [] print "create agreements and init consumers" for srv,oth,agmts in ((m1, m2, m1agmts),(m2, m1, m2agmts)): for be,suf in zip(belist,suflist):
srvs.append(m4) print "create all of the agreements and init the masters" for mmx in srvs: for mmy in srvs: if mmx == mmy: continue agmtdn = mmx.setupAgreement(mmy, replargs[mmx]) if mmx == m1: mmx.startReplication(agmtdn) print mmx.getReplStatus(agmtdn) print "test to make sure replication is working" for (ii, mmx) in enumerate(srvs): dn = "cn=user%d,ou=people,%s" % (ii, basedn) ent = Entry(dn) ent.setValues("objectclass", "extensibleObject") mmx.add_s(ent) time.sleep(2) for mmy in srvs: while True: try: ents = mmy.search_s(dn, ldap.SCOPE_BASE) except ldap.NO_SUCH_OBJECT: ents = [] if len(ents) < 1: print "waiting for", dn, "on", str(mmy) time.sleep(1) elif ents[0]: print "found", dn, "on", str(mmy) break mmx.delete_s(dn) time.sleep(2) for mmy in srvs:
agmtm1tom2 = m1.setupAgreement(m2, m1replargs) time.sleep(5) #m1.setLogLevel(1,8192) #m2.setLogLevel(1,8192) m1.startReplication_async(agmtm1tom2) print "waiting for init to finish" time.sleep(5) m1.waitForReplInit(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) print "Add a bunch of entries to queue up the changelog . . ." for ii in xrange(0, 100): cn = "test user%d" % ii dn = "cn=%s,ou=people,%s" % (cn, basedn) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('cn', cn) ent.setValues('sn', 'user' + str(ii)) m1.add_s(ent) time.sleep(1) print "Check replication status - note number of changes sent, in progress . . ." print m1.getReplStatus(agmtm1tom2) #print "Pause replication . . ." #m1.stopReplication(agmtm1tom2) #time.sleep(1) #print "Check replication status - note number of changes sent, in progress . . ." #print m1.getReplStatus(agmtm1tom2)
] for attr in indexattrs: m1.addIndex(basedn, attr, ['pres', 'eq', 'sub']) m2.addIndex(basedn, attr, ['pres', 'eq', 'sub']) binattr = "userCertificate;binary" binval = ''.join([chr(ii % 256) for ii in xrange(0, 65536)]) basedn2 = "dc=example2,dc=com" print "adding another suffix", basedn2 m1.addSuffix(basedn2) m2.addSuffix(basedn2) print "add several entries to", basedn2 ent = Entry(basedn2) ent.setValues('objectclass', 'extensibleObject') m1.add_s(ent) m2.add_s(ent) nusers = 100 print "add", nusers, "users to", basedn2 for ii in xrange(0, nusers): uid = "user%03d" % ii dn = "uid=%s,%s" % (uid, basedn2) ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('sn', 'User%03d' % ii) ent.setValues('cn', 'Test User%03d' % ii) ent.setValues(binattr, binval) m1.add_s(ent) m2.add_s(ent)
def agreement_add(self, consumer, suffix=None, binddn=None, bindpw=None, cn_format=r'meTo_$host:$port', description_format=r'me to $host:$port', timeout=120, auto_init=False, bindmethod='simple', starttls=False, schedule=ALWAYS, args=None): """Create (and return) a replication agreement from self to consumer. - self is the supplier, @param consumer: one of the following (consumer can be a master) * a DSAdmin object if chaining * an object with attributes: host, port, sslport, __str__ @param suffix - eg. 'dc=babel,dc=it' @param binddn - @param bindpw - @param cn_format - string.Template to format the agreement name @param timeout - replica timeout in seconds @param auto_init - start replication immediately @param bindmethod- 'simple' @param starttls - True or False @param schedule - when to schedule the replication. default: ALWAYS @param args - further args dict. Allowed keys: 'fractional', 'stripattrs', 'winsync' @raise NosuchEntryError - if a replica doesn't exist for that suffix @raise ALREADY_EXISTS @raise UNWILLING_TO_PERFORM if the database was previously in read-only state. To create new agreements you need to *restart* the directory server NOTE: this method doesn't cache connection entries TODO: test winsync TODO: test chain """ import string assert binddn and bindpw and suffix args = args or {} othhost, othport, othsslport = ( consumer.host, consumer.port, consumer.sslport) othport = othsslport or othport nsuffix = normalizeDN(suffix) # adding agreement to previously created replica replica_entries = self.list(suffix) if not replica_entries: raise NoSuchEntryError( "Error: no replica set up for suffix " + suffix) replica = replica_entries[0] # define agreement entry cn = string.Template(cn_format).substitute({'host': othhost, 'port': othport}) dn_agreement = ','.join(["cn=%s" % cn, replica.dn]) # This is probably unnecessary because # we can just raise ALREADY_EXISTS try: entry = self.conn.getEntry(dn_agreement, ldap.SCOPE_BASE) self.log.warn("Agreement exists: %r" % dn_agreement) raise ldap.ALREADY_EXISTS except ldap.NO_SUCH_OBJECT: entry = None # In a separate function in this scope? entry = Entry(dn_agreement) entry.update({ 'objectclass': ["top", "nsds5replicationagreement"], 'cn': cn, 'nsds5replicahost': consumer.host, 'nsds5replicatimeout': str(timeout), 'nsds5replicabinddn': binddn, 'nsds5replicacredentials': bindpw, 'nsds5replicabindmethod': bindmethod, 'nsds5replicaroot': nsuffix, 'description': string.Template(description_format).substitute({'host': othhost, 'port': othport}) }) if schedule: if not re.match(r'\d{4}-\d{4} [0-6]{1,7}', schedule): # TODO put the regexp in a separate variable raise ValueError("Bad schedule format %r" % schedule) entry.update({'nsds5replicaupdateschedule': schedule}) if starttls: entry.setValues('nsds5replicatransportinfo', 'TLS') entry.setValues('nsds5replicaport', str(othport)) elif othsslport: entry.setValues('nsds5replicatransportinfo', 'SSL') entry.setValues('nsds5replicaport', str(othsslport)) else: entry.setValues('nsds5replicatransportinfo', 'LDAP') entry.setValues('nsds5replicaport', str(othport)) if auto_init: entry.setValues('nsds5BeginReplicaRefresh', 'start') # further arguments if 'fractional' in args: entry.setValues('nsDS5ReplicatedAttributeList', args['fractional']) if 'stripattrs' in args: entry.setValues('nsds5ReplicaStripAttrs', args['stripattrs']) if 'winsync' in args: # state it clearly! self.conn.setupWinSyncAgmt(args, entry) try: self.log.debug("Adding replica agreement: [%s]" % entry) self.conn.add_s(entry) except: # FIXME check please! raise entry = self.conn.waitForEntry(dn_agreement) if entry: # More verbose but shows what's going on if 'chain' in args: chain_args = { 'suffix': suffix, 'binddn': binddn, 'bindpw': bindpw } # Work on `self` aka producer if replica.nsds5replicatype == MASTER_TYPE: self.setupChainingFarm(**chain_args) # Work on `consumer` # TODO - is it really required? if replica.nsds5replicatype == LEAF_TYPE: chain_args.update({ 'isIntermediate': 0, 'urls': self.conn.toLDAPURL(), 'args': args['chainargs'] }) consumer.setupConsumerChainOnUpdate(**chain_args) elif replica.nsds5replicatype == HUB_TYPE: chain_args.update({ 'isIntermediate': 1, 'urls': self.conn.toLDAPURL(), 'args': args['chainargs'] }) consumer.setupConsumerChainOnUpdate(**chain_args) return dn_agreement
srv.addAttr("( NAME 'ipaUserDN' DESC 'ipaUserDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )") srv.addObjClass("( NAME 'ipaPosixName' SUP top AUXILIARY MUST posixName MAY ipaUserDN )") # # enable attr uniqueness for posixName # dn = "cn=attribute uniqueness,cn=plugins,cn=config" # mod = [(ldap.MOD_REPLACE, 'pluginarg0', ['posixName']), # (ldap.MOD_REPLACE, 'nsslapd-pluginarg1', [accountdn])] # srv.modify_s(dn, mod) # # stop start for plugin changes to take effect # srv.stop() # srv.start() # add containers ent = Entry(accountdn) ent.setValues('objectclass', 'nsContainer') srv.add_s(ent) userdn = "cn=users," + accountdn ent = Entry(userdn) ent.setValues('objectclass', 'nsContainer') srv.add_s(ent) groupdn = "cn=groups," + accountdn ent = Entry(groupdn) ent.setValues('objectclass', 'nsContainer') srv.add_s(ent) # add CoS dn = "cn=generatePosixName," + groupdn ent = Entry(dn)
agmtm1tom2 = m1.setupAgreement(m2, m1replargs) time.sleep(5) #m1.setLogLevel(1,8192) #m2.setLogLevel(1,8192) m1.startReplication_async(agmtm1tom2) print "waiting for init to finish" time.sleep(5) m1.waitForReplInit(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) print "Add a bunch of entries to queue up the changelog . . ." for ii in xrange(0,100): cn = "test user%d" % ii dn = "cn=%s,ou=people,%s" % (cn, basedn) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('cn', cn) ent.setValues('sn', 'user' + str(ii)) m1.add_s(ent) time.sleep(1) print "Check replication status - note number of changes sent, in progress . . ." print m1.getReplStatus(agmtm1tom2) #print "Pause replication . . ." #m1.stopReplication(agmtm1tom2) #time.sleep(1) #print "Check replication status - note number of changes sent, in progress . . ." #print m1.getReplStatus(agmtm1tom2)
indexattrs = ['description', 'title', 'facsimileTelephoneNumber', 'street', 'postOfficeBox', 'roomNumber', 'postalCode', 'audio', 'departmentNumber', 'employeeNumber', 'homePhone', 'homePostalAddress', 'manager', 'secretary' ] for attr in indexattrs: m1.addIndex(basedn, attr, ['pres', 'eq', 'sub']) m2.addIndex(basedn, attr, ['pres', 'eq', 'sub']) binattr = "userCertificate;binary" binval = ''.join([chr(ii % 256) for ii in xrange(0, 65536)]) basedn2 = "dc=example2,dc=com" print "adding another suffix", basedn2 m1.addSuffix(basedn2) m2.addSuffix(basedn2) print "add several entries to", basedn2 ent = Entry(basedn2) ent.setValues('objectclass', 'extensibleObject') m1.add_s(ent) m2.add_s(ent) nusers = 100 print "add", nusers, "users to", basedn2 for ii in xrange(0, nusers): uid = "user%03d" % ii dn = "uid=%s,%s" % (uid, basedn2) ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('sn', 'User%03d' % ii) ent.setValues('cn', 'Test User%03d' % ii) ent.setValues(binattr, binval) m1.add_s(ent) m2.add_s(ent)
'userAccountControl': 512 + 65536}, {'description': 'normal, regular AD account disabled, do not expire password', 'userAccountControl': 512 + 2 + 65536} ] userids_disabled = {} if useds: print "Create sub-ou's on the AD side and add users . . ." ii = 0 dns = ['ou=people,' + suffix, 'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix, 'ou=12,ou=1,ou=people,' + suffix] for dn in dns: ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ad.add_s(ent) except ldap.ALREADY_EXISTS: pass print "Add users to", dn for jj in range(0,5): strii = str(ii) userdn = 'cn=Test User' + strii + ',' + dn ent = Entry(userdn) userid = 'userid' + strii ent.setValues('objectclass', ['person', 'adPerson']) ent.setValues('sn', 'User' + strii) ent.setValues('samAccountName', userid) ent.setValues('objectGUID', struct.pack('B', ii)) ent.setValues('name', 'Test User' + strii) # same as cn kk = ii % len(userAcctVals) for attr, val in userAcctVals[kk].iteritems():
# ntUser either by the winsync code, or when you want an # existing IPA user to be synced with AD userObjClasses = [ 'top', 'person', 'organizationalPerson', 'inetOrgPerson' ] if useds: print "Create sub-ou's on the AD side and add users . . ." ii = 0 dns = ['ou=people,' + suffix, 'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix, 'ou=12,ou=1,ou=people,' + suffix] for dn in dns: ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ad.add_s(ent) except ldap.ALREADY_EXISTS: pass print "Add users to", dn for jj in range(0,5): strii = str(ii) userdn = 'cn=Test User' + strii + ',' + dn ent = Entry(userdn) userid = 'userid' + strii ent.setValues('objectclass', ['person', 'adPerson']) ent.setValues('sn', 'User' + strii) ent.setValues('samAccountName', userid) ent.setValues('objectGUID', struct.pack('B', ii)) ent.setValues('name', 'Test User' + strii) # same as cn try: ad.add_s(ent) except ldap.ALREADY_EXISTS: pass
m1.startReplication_async(agmtm1tom2) print "waiting for init to finish" m1.waitForReplInit(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) sys.exit(0) basedn = "dc=example,dc=com" nents = 20000 myiter = xrange(0, nents) for ii in myiter: dn = "cn=%d, %s" % (ii, basedn) svr = (m1,m2)[ii % 2] ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'testuser') ent.setValues('description', 'added description') svr.add_s(ent) print "Added", dn print "Sleep for 20 seconds to let changes propagate . . ." time.sleep(20) print "Verify all entries are present in both servers . . ." for ii in myiter: dn = "cn=%d, %s" % (ii, basedn) ent = m1.getEntry(dn, ldap.SCOPE_BASE) if not ent: raise "Entry %s not found in %s" % (dn, m1) ent = m2.getEntry(dn, ldap.SCOPE_BASE) if not ent: raise "Entry %s not found in %s" % (dn, m2)
time.sleep(5) ent = m2.getEntry(userdn, ldap.SCOPE_BASE) if ent.description == "changed back": print "replication is still working" else: print "replication is not working any longer" sys.exit(1) nents = 1000 svrs = (m1, m2) nsvrs = len(svrs) print "Add %d entries alternately . . ." % nents for ii in range(0,nents): dn = "cn=%d, %s" % (ii, basedn) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'testuser') svr = svrs[ii % nsvrs] svr.add_s(ent) print "Added %s to %s" % (dn, svr) print "see if all entries are on both servers . . ." time.sleep(10) for ii in range(0,nents): dn = "cn=%d, %s" % (ii, basedn) try: ent = m1.getEntry(dn, ldap.SCOPE_BASE) ent = m2.getEntry(dn, ldap.SCOPE_BASE) except: print "Could not read entry", dn raise
'newsuffix': basedn, 'no_admin': True, 'ConfigFile': [cfgfd.name] }) os.unlink(cfgfd.name) initfile = '' if os.environ.has_key('SERVER_ROOT'): initfile = "%s/slapd-%s/ldif/Example.ldif" % (ds.sroot,ds.inst) else: initfilesrc = "%s/share/dirsrv/data/Example.ldif" % os.environ.get('PREFIX', '/usr') initfile = "%s/var/lib/dirsrv/slapd-%s/ldif/Example.ldif" % (os.environ.get('PREFIX', ''), 'ds') shutil.copy(initfilesrc, initfile) print "importing database" ds.importLDIF(initfile, '', "userRoot", False) print "get the list of all users" ents = ds.search_s(basedn, ldap.SCOPE_SUBTREE, "objectclass=inetorgperson") for ii in xrange(0, 5): groupdn = "cn=testgroup%d,ou=groups,%s" % (ii, basedn) print "add a bunch of users to the group", groupdn ent = Entry(groupdn) ent.setValues('objectclass', 'groupOfNames') ent.setValues('member', [ee.dn for ee in ents]) ds.add_s(ent) #print "delete some users" #for ent in ents: # print "deleting user", ent.dn # ds.delete_s(ent.dn)
os.environ['USE_GDB'] = "1" farm = DSAdmin.createInstance({ 'newrootpw': rootpw2, 'newhost': host2, 'newport': port2, 'newinst': 'farm', 'newsuffix': 'dc=notused', 'no_admin': True }) # add the suffix farm.addSuffix(suffix) # add the suffix entry dn = suffix ent = Entry(dn) ent.setValues('objectclass', 'domain') farm.add_s(ent) # setup chaining mux.setupChaining(farm, suffix, False) # add an administrative user on the mux admindn = 'uid=ttestuser,cn=config' adminpw = "adminpw" ent = Entry(admindn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain Admin User') ent.setValues('sn', 'Chain') ent.setValues('givenName', 'Admin User') ent.setValues('userPassword', "adminpw") mux.add_s(ent)
srvs.append(m4) print "create all of the agreements and init the masters" for mmx in srvs: for mmy in srvs: if mmx == mmy: continue agmtdn = mmx.setupAgreement(mmy, replargs[mmx]) if mmx == m1: mmx.startReplication(agmtdn) print mmx.getReplStatus(agmtdn) print "test to make sure replication is working" for (ii, mmx) in enumerate(srvs): dn = "cn=user%d,ou=people,%s" % (ii, basedn) ent = Entry(dn) ent.setValues("objectclass", "extensibleObject") mmx.add_s(ent) time.sleep(2) for mmy in srvs: while True: try: ents = mmy.search_s(dn, ldap.SCOPE_BASE) except ldap.NO_SUCH_OBJECT: ents = [] if len(ents) < 1: print "waiting for", dn, "on", str(mmy) time.sleep(1) elif ents[0]: print "found", dn, "on", str(mmy) break mmx.delete_s(dn)
def makeDSUserEnt(): global idnum id = str(idnum) userid = 'testuser' + id dn = 'uid=%s,%s,%s' % (userid, usersubtree, suffix) ent = Entry(dn) ent.setValues('objectclass', userObjClasses) ent.setValues('cn', 'Test User' + id) ent.setValues('sn', 'User' + id) ent.setValues('userPassword', 'Password' + id) if ipawinsync: ent.setValues('krbPrincipalName', '%s@%s' % (userid, realm)) ent.setValues('uidNumber', str(500+idnum)) ent.setValues('gidNumber', '1002') ent.setValues('homeDirectory', '/home/' + userid) if jj % 2: ent.setValues('description', 'User added disabled to DS') else: ent.setValues('description', 'User added enabled to DS') idnum += 1 return ent
m1.startReplication(agmtm1tom2) print "repl status after starting" print m1.getReplStatus(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) agmtm1toc1 = m1.setupAgreement(c1, m1replargs) time.sleep(2) m1.startReplication(agmtm1toc1) print "repl status after starting" print m1.getReplStatus(agmtm1toc1) agmtm2toc1 = m2.setupAgreement(c1, m2replargs) print "add entry on m1 . . ." dn = "uid=testuser,dc=example,dc=com" ent = Entry(dn) ent.setValues("objectclass", "inetOrgPerson") ent.setValues("cn", "1") ent.setValues("sn", "testuser") m1.add_s(ent) time.sleep(2) print "search for entry on m2 . . ." ents = m2.search_s(dn, ldap.SCOPE_BASE) if not ents: time.sleep(2) ents = m2.search_s(dn, ldap.SCOPE_BASE) if not ents: print "entry not found on m2" sys.exit(1) else: print "entry found on m2" print "search for entry on c1 . . ."
filt = '(objectclass=*)' os.environ['USE_VALGRIND'] = "1" m1 = DSAdmin.createInstance({ 'newrootpw': rootpw1, 'newhost': host1, 'newport': port1, 'newinst': 'm1', 'newsuffix': suffix, 'verbose': False, 'no_admin': True }) dn = "ou=virtualviews," + suffix ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') print "Create view ou", dn m1.add_s(ent) mod = [(ldap.MOD_REPLACE, 'objectclass', ['top', 'organizationalUnit', 'nsView'])] print "add nsview to", dn m1.modify_s(dn, mod) dn = "ou=LPP,ou=VirtualViews," + suffix ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit', 'nsView') ent.setValues('nsViewFilter', "(ou=ou=lpp,ou=lab,ou=organisation," + suffix + ")") ent.setValues('description', 'Test LPP') print "Create view ou", dn
ents = srv.getBackendsForSuffix(base2) for ent in ents: srv.modify_s(ent.dn, mod) srv.stop(True) #os.environ["USE_GDB"] = "1" srv.start(True) msgid1 = srv.search(basedn, ldap.SCOPE_SUBTREE, "objectclass=*") taskdns = [] for (bename, fn) in zip(benames, initfiles): outfile = fn + ".out" cn = "export" + str(int(time.time())) + "-" + bename taskdn = "cn=%s,cn=export,cn=tasks,cn=config" % cn entry = Entry(taskdn) entry.setValues('objectclass', 'top', 'extensibleObject') entry.setValues('cn', cn) entry.setValues('nsFilename', outfile) entry.setValues('nsInstance', bename) srv.add_s(entry) taskdns.append(taskdn) msgid2 = srv.search(basedn, ldap.SCOPE_SUBTREE, "objectclass=*") attrlist = ['nsTaskLog', 'nsTaskStatus', 'nsTaskExitCode', 'nsTaskCurrentItem', 'nsTaskTotalItems'] for taskdn in taskdns: try: entry = srv.getEntry(taskdn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) print entry except ldap.NO_SUCH_OBJECT: print "no task for", taskdn
port2 = 389 rootdn1 = "cn=directory manager" rootpw1 = 'secret12' rootdn2 = "cn=directory manager" rootpw2 = 'secret12' mux = DSAdmin(host1, port1, rootdn1, rootpw1) farm = DSAdmin(host2, port2, rootdn2, rootpw2) suffix = 'dc=chaintest' # add the suffix farm.addSuffix(suffix) # add the suffix entry dn = suffix ent = Entry(dn) ent.setValues('objectclass', 'domain') farm.add_s(ent) # setup chaining mux.setupChaining(farm, suffix, False) # add ctuser on farm dn = 'uid=ctuser,' + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain Testuser') ent.setValues('sn', 'Testuser') ent.setValues('givenName', 'Chain') farm.add_s(ent)
#del os.environ['USE_DBX'] initfile = '' if os.environ.has_key('SERVER_ROOT'): initfile = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot, m1.inst) else: initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get( 'PREFIX', '/usr') m1.importLDIF(initfile, '', "userRoot", True) #m1.setLogLevel(65535) print "Add the filtered group entry with bogus filter" dn = "cn=TestDynamicGroup,dc=example,dc=com" ent = Entry(dn) ent.setValues('description', "Dynamic test group") ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls') ent.setValues( 'memberurl', 'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)') #ent.cn = 'TestDynamicGroup' m1.add_s(ent) print "Add the bogus aci for that group" addmod = [( ldap.MOD_REPLACE, 'aci', '(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)' )] m1.modify_s("dc=example,dc=com", addmod) #m1.setLogLevel(0)
initfile = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot,m1.inst) else: initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get('PREFIX', '/usr') m1.importLDIF(initfile, '', "userRoot", True) print "create agreements and init consumers . . ." agmtm1tom2 = m1.setupAgreement(m2, m1replargs) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) print "starting replication . . ." m1.startReplication(agmtm1tom2) print "Replication started" print "add a ou=Clovis entry" dn = "ou=Clovis,dc=example,dc=com" ent = Entry(dn) ent.setValues('objectclass', 'top', 'organizationalUnit', 'nsView') ent.setValues('nsviewfilter', '(l=Clovis)') m1.add_s(ent) m2.waitForEntry(ent) print "add a ou=Finance entry" dn = "ou=Finance,ou=Clovis,dc=example,dc=com" ent = Entry(dn) ent.setValues('objectclass', 'top', 'organizationalUnit', 'nsView') ent.setValues('nsviewfilter', '(departmentNumber=finance)') m1.add_s(ent) m2.waitForEntry(ent) print "Delete ou=Finance"
def makeDSUserEnt(idnum): id = str(idnum) userid = 'testuser' + id dn = 'uid=%s,%s,%s,%s' % (userid, active_user_cont, usersubtree, suffix) ent = Entry(dn) ent.setValues('objectclass', userObjClasses) ent.setValues('cn', 'Test User' + id) ent.setValues('sn', 'User' + id) ent.setValues('uid', userid) ent.setValues('userPassword', 'Password' + id) ent.setValues('ntUserDomainId', userid) ent.setValues('userPassword', 'Ornette1') if ipawinsync: ent.setValues('krbPrincipalName', '%s@%s' % (userid, realm)) ent.setValues('uidNumber', str(500+idnum)) ent.setValues('gidNumber', '1002') ent.setValues('homeDirectory', '/home/' + userid) if idnum % 2: ent.setValues('description', 'User added disabled to DS') ent.setValues('nsAccountLock', 'TRUE') else: ent.setValues('description', 'User added enabled to DS') else: ent.setValues('description', 'User added to DS') ent.setValues('ntUserCreateNewAccount', 'TRUE') ent.setValues('ntUserDeleteAccount', 'TRUE') return ent
}) #del os.environ['USE_GDB'] val1 = 'PRC (China)Limited company' val2 = 'PRC (China) Limited company' rdn1 = "ou=" + val1 rdn2 = "ou=" + val2 filt1 = '(ou=*\\28China\\29Limited*)' filt2 = '(ou=*\\28China\\29*)' filt3 = '(businessCategory=*\\29Limited*)' dn1 = rdn1 + "," + basedn dn2 = rdn2 + "," + basedn ent = Entry(dn1) ent.setValues('objectclass', 'extensibleObject') ent.setValues('businessCategory', val1) srv.add_s(ent) ent = Entry(dn2) ent.setValues('objectclass', 'extensibleObject') ent.setValues('businessCategory', val2) srv.add_s(ent) ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, filt1) print "filter", filt1, "returns the following" for ent in ents: print ent ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, filt2) print "filter", filt2, "returns the following"
agmtm2tom1 = m2.setupAgreement(m1, m2replargs) # the attribute value must be larger # than 1024 * 32 bytes in order to # trigger the clcache buffer resize size = 1024 * 32 + 1 val1 = "description1" + ("#" * size) val2 = "description1" + ("#" * size) nents = 2 print "Add %d entries alternately . . ." % nents svrs = (m1, m2) vals = (val1, val2) nsvrs = len(svrs) for ii in range(0, nents): dn = "cn=%d, %s" % (ii, suffix) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'testuser') ent.setValues('description', vals[ii % nsvrs]) svr = svrs[ii % nsvrs] svr.add_s(ent) print "Added %s to %s" % (dn, svr) print "see if all entries are on both servers . . ." time.sleep(5) for ii in range(0, nents): dn = "cn=%d, %s" % (ii, suffix) ent = m1.getEntry(dn, ldap.SCOPE_BASE) ent = m2.getEntry(dn, ldap.SCOPE_BASE)
'normal, regular AD account disabled, do not expire password', 'userAccountControl': 512 + 2 + 65536 }] userids_disabled = {} if useds: print "Create sub-ou's on the AD side and add users . . ." ii = 0 dns = [ 'ou=people,' + suffix, 'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix, 'ou=12,ou=1,ou=people,' + suffix ] for dn in dns: ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ad.add_s(ent) except ldap.ALREADY_EXISTS: pass print "Add users to", dn for jj in range(0, 5): strii = str(ii) userdn = 'cn=Test User' + strii + ',' + dn ent = Entry(userdn) userid = 'userid' + strii ent.setValues('objectclass', ['person', 'adPerson']) ent.setValues('sn', 'User' + strii) ent.setValues('samAccountName', userid) ent.setValues('objectGUID', struct.pack('B', ii)) ent.setValues('name', 'Test User' + strii) # same as cn
rootpw = "password" basedn = 'dc=example,dc=com' newinst = 'ds' os.environ['USE_VALGRIND'] = "1" srv = DSAdmin.createInstance({ 'newrootpw': rootpw, 'newhost': host1, 'newport': port1, 'newinst': newinst, 'newsuffix': basedn, 'no_admin': True }) print "turn on syntax checking and trivial words checking" attr = "passwordCheckSyntax" mod = [(ldap.MOD_REPLACE, attr, "on")] srv.modify_s("cn=config", mod) print "add a user with a password" dn = "uid=scarter,dc=example,dc=com" bindpw = "SPrain12" ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Sam Carter') ent.setValues('sn', 'Carter') ent.setValues('givenName', 'Sam') ent.setValues('userPassword', bindpw) srv.add_s(ent)
def test_update_complex(self): # compare two entries created with different methods nsuffix, replid, replicatype = "dc=example,dc=com", 5, dsadmin.REPLICA_RDWR_TYPE binddnlist, legacy = ['uid=pippo, cn=config'], 'off' dn = "dc=example,dc=com" entry = Entry(dn) entry.setValues( 'objectclass', "top", "nsds5replica", "extensibleobject") entry.setValues('cn', "replica") entry.setValues('nsds5replicaroot', nsuffix) entry.setValues('nsds5replicaid', str(replid)) entry.setValues('nsds5replicatype', str(replicatype)) entry.setValues('nsds5flags', "1") entry.setValues('nsds5replicabinddn', binddnlist) entry.setValues('nsds5replicalegacyconsumer', legacy) uentry = Entry(( dn, { 'objectclass': ["top", "nsds5replica", "extensibleobject"], 'cn': ["replica"], }) ) print uentry # Entry.update *replaces*, so be careful with multi-valued attrs uentry.update({ 'nsds5replicaroot': nsuffix, 'nsds5replicaid': str(replid), 'nsds5replicatype': str(replicatype), 'nsds5flags': '1', 'nsds5replicabinddn': binddnlist, 'nsds5replicalegacyconsumer': legacy }) uentry_s, entry_s = map(str, (uentry, entry)) assert uentry_s == entry_s, "Mismatching entries [%r] vs [%r]" % ( uentry, entry)