def test_usandsconf_dbgen_nested_ldif(topology_st, set_log_file_and_ldif): """Test ldifgen (formerly dbgen) tool to create nested ldif :id: 9c281c28-4169-45e0-8c07-c5502d9a7581 :setup: Standalone instance :steps: 1. Create DS instance 2. Run ldifgen to generate nested ldif 3. Import generated ldif to database 4. Check it was properly imported :expectedresults: 1. Success 2. Success 3. Success 4. Success """ standalone = topology_st.standalone args = FakeArgs() args.suffix = DEFAULT_SUFFIX args.node_limit = "100" args.num_users = "600" args.ldif_file = ldif_file content_list = [ 'Generating LDIF with the following options:', 'suffix={}'.format( args.suffix), 'node-limit={}'.format(args.node_limit), 'num-users={}'.format(args.num_users), 'ldif-file={}'.format(args.ldif_file), 'Writing LDIF', 'Successfully created nested LDIF file ({}) containing 6 nodes/subtrees' .format(args.ldif_file) ] log.info('Run ldifgen to create nested ldif') dbgen_create_nested(standalone, log, args) log.info('Check if file exists') assert os.path.exists(ldif_file) check_value_in_log_and_reset(content_list) log.info('Get number of accounts before import') accounts = Accounts(standalone, DEFAULT_SUFFIX) count_account = len(accounts.filter('(uid=*)')) count_ou = len(accounts.filter('(ou=*)')) # Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db # ldapmodify will complain about already existing suffix which causes subprocess to return exit code != 0 with pytest.raises(subprocess.CalledProcessError): run_ldapmodify_from_file(standalone, ldif_file) standalone.restart() log.info('Check that accounts are imported') assert len(accounts.filter('(uid=*)')) > count_account assert len(accounts.filter('(ou=*)')) > count_ou
def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean): """With nsslapd-db-private-import-mem: on is faster import. :id: 3044331c-9c0e-11ea-ac9f-8c16451d917b :setup: Standalone Instance :steps: 1. Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0 2. Measure offline import time duration total_time1 3. Now nsslapd-db-private-import-mem:off 4. Measure offline import time duration total_time2 5. total_time1 < total_time2 6. Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1 7. Measure offline import time duration total_time1 8. Now nsslapd-db-private-import-mem:off 9. Measure offline import time duration total_time2 10. total_time1 < total_time2 :expected results: 1. Operation successful 2. Operation successful 3. Operation successful 4. Operation successful 5. Operation successful 6. Operation successful 7. Operation successful 8. Operation successful 9. Operation successful 10. Operation successful """ # Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0 config = LDBMConfig(topo.standalone) # Measure offline import time duration total_time1 total_time1 = _import_offline(topo, 20) # Now nsslapd-db-private-import-mem:off config.replace('nsslapd-db-private-import-mem', 'off') accounts = Accounts(topo.standalone, DEFAULT_SUFFIX) for i in accounts.filter('(uid=*)'): UserAccount(topo.standalone, i.dn).delete() # Measure offline import time duration total_time2 total_time2 = _import_offline(topo, 20) # total_time1 < total_time2 assert total_time1 < total_time2 # Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1 config.replace_many(('nsslapd-db-private-import-mem', 'on'), ('nsslapd-import-cache-autosize', '-1')) for i in accounts.filter('(uid=*)'): UserAccount(topo.standalone, i.dn).delete() # Measure offline import time duration total_time1 total_time1 = _import_offline(topo, 20) # Now nsslapd-db-private-import-mem:off config.replace('nsslapd-db-private-import-mem', 'off') for i in accounts.filter('(uid=*)'): UserAccount(topo.standalone, i.dn).delete() # Measure offline import time duration total_time2 total_time2 = _import_offline(topo, 20) # total_time1 < total_time2 assert total_time1 < total_time2
def test_usandsconf_dbgen_users(topology_st, set_log_file_and_ldif): """Test ldifgen (formerly dbgen) tool to create ldif with users :id: 426b5b94-9923-454d-a736-7e71ca985e91 :setup: Standalone instance :steps: 1. Create DS instance 2. Run ldifgen to generate ldif with users 3. Import generated ldif to database 4. Check it was properly imported :expectedresults: 1. Success 2. Success 3. Success 4. Success """ standalone = topology_st.standalone args = FakeArgs() args.suffix = DEFAULT_SUFFIX args.parent = 'ou=people,dc=example,dc=com' args.number = "1000" args.rdn_cn = False args.generic = True args.start_idx = "50" args.localize = False args.ldif_file = ldif_file content_list = [ 'Generating LDIF with the following options:', 'suffix={}'.format(args.suffix), 'parent={}'.format(args.parent), 'number={}'.format(args.number), 'rdn-cn={}'.format(args.rdn_cn), 'generic={}'.format(args.generic), 'start-idx={}'.format( args.start_idx), 'localize={}'.format(args.localize), 'ldif-file={}'.format(args.ldif_file), 'Writing LDIF', 'Successfully created LDIF file: {}'.format(args.ldif_file) ] log.info('Run ldifgen to create users ldif') dbgen_create_users(standalone, log, args) log.info('Check if file exists') assert os.path.exists(ldif_file) check_value_in_log_and_reset(content_list) log.info('Get number of accounts before import') accounts = Accounts(standalone, DEFAULT_SUFFIX) count_account = len(accounts.filter('(uid=*)')) run_offline_import(standalone, ldif_file) log.info('Check that accounts are imported') assert len(accounts.filter('(uid=*)')) > count_account
def test_healthcheck_notes_unknown_attribute(topology_st, setup_ldif): """Check if HealthCheck returns DSLOGNOTES0002 code :id: 71ccd1d7-3c71-416b-9d2a-27f9f6633101 :setup: Standalone instance :steps: 1. Create DS instance 2. Set nsslapd-accesslog-logbuffering to off 3. Import users from created ldif file 4. Use HealthCheck without --json option 5. Use HealthCheck with --json option :expectedresults: 1. Success 2. Success 3. Success 4. Healthcheck reports DSLOGNOTES0002 5. Healthcheck reports DSLOGNOTES0002 """ RET_CODE = 'DSLOGNOTES0002' standalone = topology_st.standalone log.info('Delete the previous access logs') topology_st.standalone.deleteAccessLogs() log.info('Set nsslapd-accesslog-logbuffering to off') standalone.config.set("nsslapd-accesslog-logbuffering", "off") log.info('Stopping the server and running offline import...') standalone.stop() assert standalone.ldif2db(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX], encrypt=None, excludeSuffixes=None, import_file=import_ldif) standalone.start() log.info('Use filters to reproduce "notes=F" in access log') accounts = Accounts(standalone, DEFAULT_SUFFIX) accounts.filter('(unknown=test)') log.info('Check that access log contains "notes=F"') assert standalone.ds_access_log.match(r'.*notes=F.*') run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=False) run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
def finofaci(): accounts = Accounts(topo.standalone, DEFAULT_SUFFIX) for i in accounts.filter('(uid=*)'): UserAccount(topo.standalone, i.dn).delete() ldif_dir = topo.standalone.get_ldif_dir() import_ldif = ldif_dir + '/basic_import.ldif' if os.path.exists(import_ldif): os.remove(import_ldif)
def test_only_allow_some_targetattr(topo, clean, aci_of_user): """Misc Test 5 only allow some targetattr (1/2) :id: 9d27f048-7db8-11e8-a71c-8c16451d917b :setup: Standalone Instance :steps: 1. Add test entry 2. Add ACI 3. User should follow ACI role :expectedresults: 1. Entry should be added 2. Operation should succeed 3. Operation should succeed """ uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None) for i in range(1, 3): user = uas.create_test_user(uid=i, gid=i) user.replace_many(('cn', 'Anuj1'), ('mail', '*****@*****.**')) Domain(topo.standalone, DEFAULT_SUFFIX).\ replace("aci", '(target="ldap:///{}")(targetattr="mail||objectClass")' '(version 3.0; acl "Test";allow (read,search,compare) ' '(userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX)) conn = Anonymous(topo.standalone).bind() accounts = Accounts(conn, DEFAULT_SUFFIX) # aci will allow only mail targetattr assert len(accounts.filter('(mail=*)')) == 2 # aci will allow only mail targetattr assert not accounts.filter('(cn=*)', scope=1) # with root no , blockage assert len( Accounts(topo.standalone, DEFAULT_SUFFIX).filter('(uid=*)', scope=1)) == 2 for i in uas.list(): i.delete()
def test_all_together_positive(topo, _create_test_entries, filter_test, condition, filter_out): """Test filter with positive results. :id: 51924a38-9baa-11e8-b22a-8c16451d917b :parametrized: yes :setup: Standalone Server :steps: 1. Create Filter rules. 2. Try to pass filter rules as per the condition . :expected results: 1. It should pass 2. It should pass """ account = Accounts(topo.standalone, DEFAULT_SUFFIX) assert account.filter(filter_test)[0].get_attrs_vals_utf8(condition)[filter_out]
def test_only_allow_some_targetattr_two(topo, clean, aci_of_user, request): """Misc Test 6 only allow some targetattr (2/2)" :id: a188239c-7db8-11e8-903e-8c16451d917b :setup: Standalone Instance :steps: 1. Add test entry 2. Add ACI 3. User should follow ACI role :expectedresults: 1. Entry should be added 2. Operation should succeed 3. Operation should succeed """ uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None) for i in range(5): user = uas.create_test_user(uid=i, gid=i) user.replace_many(('mail', '*****@*****.**'), ('cn', 'Anuj'), ('userPassword', PW_DM)) user1 = uas.create_test_user() user1.replace_many(('mail', '*****@*****.**'), ('userPassword', PW_DM)) Domain(topo.standalone, DEFAULT_SUFFIX).\ replace("aci", '(target="ldap:///{}") (targetattr="mail||objectClass")' '(targetfilter="cn=Anuj") (version 3.0; acl "{}"; ' 'allow (compare,read,search) ' '(userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX, request.node.name)) conn = UserAccount(topo.standalone, user.dn).bind(PW_DM) # aci will allow only mail targetattr but only for cn=Anuj account = Accounts(conn, DEFAULT_SUFFIX) assert len(account.filter('(mail=*)')) == 5 assert not account.filter('(cn=*)') for i in account.filter('(mail=*)'): assert i.get_attr_val_utf8('mail') == '*****@*****.**' conn = Anonymous(topo.standalone).bind() # aci will allow only mail targetattr but only for cn=Anuj account = Accounts(conn, DEFAULT_SUFFIX) assert len(account.filter('(mail=*)')) == 5 assert not account.filter('(cn=*)') for i in account.filter('(mail=*)'): assert i.get_attr_val_utf8('mail') == '*****@*****.**' # with root no blockage assert len(Accounts(topo.standalone, DEFAULT_SUFFIX).filter('(mail=*)')) == 6 for i in uas.list(): i.delete()
def _entryuuid_import_and_search(topology): # 1 ldif_dir = topology.standalone.get_ldif_dir() target_ldif = os.path.join(ldif_dir, 'localhost-userRoot-2020_03_30_13_14_47.ldif') import_ldif = os.path.join(DATADIR1, 'localhost-userRoot-2020_03_30_13_14_47.ldif') shutil.copyfile(import_ldif, target_ldif) os.chmod(target_ldif, 0o777) be = Backends(topology.standalone).get('userRoot') task = be.import_ldif([target_ldif]) task.wait() assert (task.is_complete() and task.get_exit_code() == 0) accounts = Accounts(topology.standalone, DEFAULT_SUFFIX) # 2 - positive eq test r2 = accounts.filter("(entryUUID=%s)" % IMPORT_UUID_A) assert (len(r2) == 1) r3 = accounts.filter("(entryuuid=%s)" % IMPORT_UUID_B) assert (len(r3) == 1) # 3 - negative eq test r4 = accounts.filter("(entryuuid=%s)" % UUID_MAX) assert (len(r4) == 0) # 4 - le search r5 = accounts.filter("(entryuuid<=%s)" % UUID_BETWEEN) assert (len(r5) == 1) # 5 - ge search r6 = accounts.filter("(entryuuid>=%s)" % UUID_BETWEEN) assert (len(r6) == 1) # 6 - le 0 search r7 = accounts.filter("(entryuuid<=%s)" % UUID_MIN) assert (len(r7) == 0) # 7 - ge f search r8 = accounts.filter("(entryuuid>=%s)" % UUID_MAX) assert (len(r8) == 0) # 8 - export db task = be.export_ldif() task.wait() assert (task.is_complete() and task.get_exit_code() == 0)
def _search_for_user(topo, no_n0): """ Will make sure that users are imported """ accounts = Accounts(topo.standalone, DEFAULT_SUFFIX) assert len(accounts.filter('(uid=*)')) == no_n0
def _check_users_before_test(topo, no_no): """ Will check no user before test. """ accounts = Accounts(topo.standalone, DEFAULT_SUFFIX) assert len(accounts.filter('(uid=*)')) < no_no
def test_usandsconf_dbgen_mod_ldif_mixed(topology_st, set_log_file_and_ldif): """Test ldifgen (formerly dbgen) tool to create mixed modification ldif :id: 4a2e0901-2b48-452e-a4a0-507735132c81 :setup: Standalone instance :steps: 1. Create DS instance 2. Run ldifgen to generate modification ldif 3. Import generated ldif to database 4. Check it was properly imported :expectedresults: 1. Success 2. Success 3. Success 4. Success """ standalone = topology_st.standalone args = FakeArgs() args.parent = DEFAULT_SUFFIX args.create_users = True args.delete_users = True args.create_parent = False args.num_users = "1000" args.add_users = "100" args.del_users = "999" args.modrdn_users = "100" args.mod_users = "10" args.mod_attrs = ['cn', 'uid', 'sn'] args.randomize = False args.ldif_file = ldif_file content_list = [ 'Generating LDIF with the following options:', 'create-users={}'.format(args.create_users), 'parent={}'.format( args.parent), 'create-parent={}'.format(args.create_parent), 'delete-users={}'.format(args.delete_users), 'num-users={}'.format( args.num_users), 'add-users={}'.format(args.add_users), 'del-users={}'.format(args.del_users), 'modrdn-users={}'.format( args.modrdn_users), 'mod-users={}'.format(args.mod_users), 'mod-attrs={}'.format(args.mod_attrs), 'randomize={}'.format(args.randomize), 'ldif-file={}'.format(args.ldif_file), 'Writing LDIF', 'Successfully created LDIF file: {}'.format(args.ldif_file) ] log.info('Run ldifgen to create modification ldif') dbgen_create_mods(standalone, log, args) log.info('Check if file exists') assert os.path.exists(ldif_file) check_value_in_log_and_reset(content_list) log.info('Get number of accounts before import') accounts = Accounts(standalone, DEFAULT_SUFFIX) count_account = len(accounts.filter('(uid=*)')) # Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db # ldapmodify will complain about a lot of changes done which causes subprocess to return exit code != 0 with pytest.raises(subprocess.CalledProcessError): run_ldapmodify_from_file(standalone, ldif_file) log.info('Check that some accounts are imported') assert len(accounts.filter('(uid=*)')) > count_account
def test_usandsconf_dbgen_groups(topology_st, set_log_file_and_ldif): """Test ldifgen (formerly dbgen) tool to create ldif with group :id: 97207413-9a93-4065-a5ec-63aa93801a31 :setup: Standalone instance :steps: 1. Create DS instance 2. Run ldifgen to generate ldif with group 3. Import generated ldif to database 4. Check it was properly imported :expectedresults: 1. Success 2. Success 3. Success 4. Success """ LDAP_RESULT = 'adding new entry "cn=myGroup-1,ou=groups,dc=example,dc=com"' standalone = topology_st.standalone args = FakeArgs() args.NAME = 'myGroup' args.parent = 'ou=groups,dc=example,dc=com' args.suffix = DEFAULT_SUFFIX args.number = "1" args.num_members = "1000" args.create_members = True args.member_attr = 'uniquemember' args.member_parent = 'ou=people,dc=example,dc=com' args.ldif_file = ldif_file content_list = [ 'Generating LDIF with the following options:', 'NAME={}'.format(args.NAME), 'number={}'.format(args.number), 'suffix={}'.format(args.suffix), 'num-members={}'.format( args.num_members), 'create-members={}'.format(args.create_members), 'member-parent={}'.format(args.member_parent), 'member-attr={}'.format(args.member_attr), 'ldif-file={}'.format(args.ldif_file), 'Writing LDIF', 'Successfully created LDIF file: {}'.format(args.ldif_file) ] log.info('Run ldifgen to create group ldif') dbgen_create_groups(standalone, log, args) log.info('Check if file exists') assert os.path.exists(ldif_file) check_value_in_log_and_reset(content_list) log.info('Get number of accounts before import') accounts = Accounts(standalone, DEFAULT_SUFFIX) count_account = len(accounts.filter('(uid=*)')) # Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db # ldapmodify will complain about already existing parent which causes subprocess to return exit code != 0 with pytest.raises(subprocess.CalledProcessError): run_ldapmodify_from_file(standalone, ldif_file, LDAP_RESULT) log.info('Check that accounts are imported') assert len(accounts.filter('(uid=*)')) > count_account log.info('Check that group is imported') groups = Groups(standalone, DEFAULT_SUFFIX) assert groups.exists(args.NAME + '-1') new_group = groups.get(args.NAME + '-1') new_group.present('uniquemember', 'uid=group_entry1-0152,ou=people,dc=example,dc=com')