def test_dsrc_saslmech():
write_inf("""
[localhost]
uri = ldaps://localhost:636
saslmech = INVALID_MECH
""")
# Parse it and assert the content
with pytest.raises(Exception):
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
write_inf("""
[localhost]
uri = ldaps://localhost:636
saslmech = EXTERNAL
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i['saslmech'] == 'EXTERNAL')
write_inf("""
[localhost]
uri = ldaps://localhost:636
saslmech = PLAIN
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i['saslmech'] == 'PLAIN')
def health_check_run(inst, log, args):
"""Connect to the local server using LDAPI, and perform various health checks
"""
if args.list_errors:
_list_errors(log)
return
# update the args for connect_instance()
args.basedn = None
args.binddn = None
args.bindpw = None
args.starttls = None
args.pwdfile = None
args.prompt = False
dsrc_inst = dsrc_to_ldap(DSRC_HOME, args.instance, log.getChild('dsrc'))
dsrc_inst = dsrc_arg_concat(args, dsrc_inst)
try:
inst = connect_instance(dsrc_inst=dsrc_inst,
verbose=args.verbose,
args=args)
except Exception as e:
raise ValueError('Failed to connect to Directory Server instance: ' +
str(e))
checks = args.check or dict(_list_targets(inst)).keys()
if args.list_checks or args.dry_run:
_print_checks(inst, log, checks)
return
_run(inst, log, args, _list_checks(inst, checks))
disconnect_instance(inst)
def test_dsrc_single_section():
# Write out inf.
write_inf("""
[localhost]
""")
# Parse it and assert the content
with pytest.raises(configparser.NoOptionError):
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
write_inf("""
[localhost]
uri = ldaps://localhost:636
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i == {
'uri': 'ldaps://localhost:636',
'basedn': None,
'binddn': None,
'saslmech': None,
'tls_cacertdir': None,
'tls_cert': None,
'tls_key': None,
'tls_reqcert': ldap.OPT_X_TLS_HARD,
'starttls': False
})
write_inf("""
[localhost]
uri = ldaps://localhost:636
basedn = dc=example,dc=com
binddn = cn=Directory Manager
starttls = true
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i == {
'uri': 'ldaps://localhost:636',
'basedn': 'dc=example,dc=com',
'binddn': 'cn=Directory Manager',
'saslmech': None,
'tls_cacertdir': None,
'tls_cert': None,
'tls_key': None,
'tls_reqcert': ldap.OPT_X_TLS_HARD,
'starttls': True
})
def test_dsrc_two_section():
write_inf("""
[localhost]
uri = ldaps://localhost:636
[localhost2]
uri = ldaps://localhost:6362
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i == {
'uri': 'ldaps://localhost:636',
'basedn': None,
'binddn': None,
'saslmech': None,
'tls_cacertdir': None,
'tls_cert': None,
'tls_key': None,
'tls_reqcert': ldap.OPT_X_TLS_HARD,
'starttls': False
})
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost2', log)
assert (i == {
'uri': 'ldaps://localhost:6362',
'basedn': None,
'binddn': None,
'saslmech': None,
'tls_cacertdir': None,
'tls_cert': None,
'tls_key': None,
'tls_reqcert': ldap.OPT_X_TLS_HARD,
'starttls': False
})
# Section doesn't exist
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost3', log)
assert (i is None)
def test_dsrc_reqcert():
write_inf("""
[localhost]
uri = ldaps://localhost:636
tls_reqcert = invalid
""")
# Parse it and assert the content
with pytest.raises(Exception):
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
write_inf("""
[localhost]
uri = ldaps://localhost:636
tls_reqcert = hard
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i['tls_reqcert'] == ldap.OPT_X_TLS_HARD)
write_inf("""
[localhost]
uri = ldaps://localhost:636
tls_reqcert = allow
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i['tls_reqcert'] == ldap.OPT_X_TLS_ALLOW)
write_inf("""
[localhost]
uri = ldaps://localhost:636
tls_reqcert = never
""")
# Parse it and assert the content
i = dsrc_to_ldap('/tmp/dsrc_test.inf', 'localhost', log)
assert (i['tls_reqcert'] == ldap.OPT_X_TLS_NEVER)