def run(self):
"""Start adding users"""
dm = DirectoryManager(self.inst)
conn = dm.bind()
users = UserAccounts(conn, DEFAULT_SUFFIX)
u_range = list(range(self.num_users))
random.shuffle(u_range)
for idx in u_range:
try:
users.create(
properties={
'uid': 'testuser%s' % idx,
'cn': 'testuser%s' % idx,
'sn': 'user%s' % idx,
'uidNumber': '%s' % (1000 + idx),
'gidNumber': '%s' % (1000 + idx),
'homeDirectory': '/home/testuser%s' % idx
})
# One of the masters was probably put into read only mode - just break out
except ldap.UNWILLING_TO_PERFORM:
break
except ldap.ALREADY_EXISTS:
pass
conn.close()
def test_ldbm_modification_audit_log(topology_st):
"""When updating LDBM config attributes, those attributes/values are not listed
in the audit log
:id: 5bf75c47-a283-430e-a65c-3c5fd8dbadb8
:setup: Standalone Instance
:steps:
1. Bind as DM
2. Enable audit log
3. Update a set of config attrs in LDBM config
4. Restart the server
5. Check that config attrs are listed in the audit log
:expectedresults:
1. Operation successful
2. Operation successful
3. Operation successful
4. Operation successful
5. Audit log should contain modification of attrs"
"""
VALUE = '10001'
d_manager = DirectoryManager(topology_st.standalone)
conn = d_manager.bind()
config_ldbm = LDBMConfig(conn)
log.info("Enable audit logging")
conn.config.enable_log('audit')
attrs = [
'nsslapd-lookthroughlimit', 'nsslapd-pagedidlistscanlimit',
'nsslapd-idlistscanlimit', 'nsslapd-db-locks'
]
for attr in attrs:
log.info("Set attribute %s to value %s" % (attr, VALUE))
config_ldbm.set(attr, VALUE)
log.info('Restart the server to flush the logs')
conn.restart()
for attr in attrs:
log.info("Check if attribute %s is replaced in the audit log" % attr)
assert conn.searchAuditLog('replace: %s' % attr)
assert conn.searchAuditLog('%s: %s' % (attr, VALUE))
def test_rootdn_access_specific_time(topology_st,
rootdn_setup,
rootdn_cleanup,
timeout=5):
"""Test binding inside and outside of a specific time
:id: a0ef30e5-538b-46fa-9762-01a4435a15e8
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Get the current time, and bump it ahead twohours
2. Bind as Root DN
3. Set config to allow the entire day
4. Bind as Root DN
5. Cleanup
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""
log.info('Running test_rootdn_access_specific_time...')
dm = DirectoryManager(topology_st.standalone)
# Get the current time, and bump it ahead twohours
current_hour = time.strftime("%H")
if int(current_hour) > 12:
open_time = '0200'
close_time = '0400'
else:
open_time = '1600'
close_time = '1800'
assert plugin.replace_many(('rootdn-open-time', open_time),
('rootdn-close-time', close_time))
attr_updated = 0
for i in range(0, timeout):
if (plugin.get_attr_val_utf8('rootdn-open-time') == open_time) and (
plugin.get_attr_val_utf8('rootdn-close-time') == close_time):
attr_updated = 1
break
else:
time.sleep(.5)
if not attr_updated:
raise Exception(
"rootdn-open-time and rootdn-close-time were not updated")
# Bind as Root DN - should fail
for i in range(0, timeout):
try:
dm.bind()
except ldap.UNWILLING_TO_PERFORM:
break
else:
time.sleep(.5)
# Set config to allow the entire day
open_time = '0000'
close_time = '2359'
assert plugin.replace_many(('rootdn-open-time', open_time),
('rootdn-close-time', close_time))
attr_updated = 0
for i in range(0, timeout):
if (plugin.get_attr_val_utf8('rootdn-open-time') == open_time) and (
plugin.get_attr_val_utf8('rootdn-close-time') == close_time):
attr_updated = 1
break
else:
time.sleep(.5)
if not attr_updated:
raise Exception(
"rootdn-open-time and rootdn-close-time were not updated")
# Bind as Root DN - should succeed
for i in range(0, timeout):
try:
dm.bind()
break
except:
time.sleep(.5)
# Cleanup - undo the changes we made so the next test has a clean slate
assert plugin.apply_mods([(ldap.MOD_DELETE, 'rootdn-open-time'),
(ldap.MOD_DELETE, 'rootdn-close-time')])
def test_rootdn_access_day_of_week(topology_st,
rootdn_setup,
rootdn_cleanup,
timeout=5):
"""Test the days of week feature
:id: a0ef30e5-538b-46fa-9762-01a4435a15e1
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set the deny days
2. Bind as Root DN
3. Set the allow days
4. Bind as Root DN
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
"""
log.info('Running test_rootdn_access_day_of_week...')
dm = DirectoryManager(topology_st.standalone)
days = ('Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat')
day = int(time.strftime("%w", time.gmtime()))
if day == 6:
# Handle the roll over from Saturday into Sunday
deny_days = days[1] + ', ' + days[2]
allow_days = days[6] + ',' + days[0]
elif day > 3:
deny_days = days[0] + ', ' + days[1]
allow_days = days[day] + ',' + days[day - 1]
else:
deny_days = days[4] + ',' + days[5]
allow_days = days[day] + ',' + days[day + 1]
log.info('Today: ' + days[day])
log.info('Allowed days: ' + allow_days)
log.info('Deny days: ' + deny_days)
# Set the deny days
plugin.set_days_allowed(deny_days)
attr_updated = 0
for i in range(0, timeout):
if (str(plugin.get_days_allowed()) == deny_days):
attr_updated = 1
break
else:
time.sleep(.5)
if not attr_updated:
raise Exception("rootdn-days-allowed was not updated")
# Bind as Root DN - should fail
for i in range(0, timeout):
try:
dm.bind()
except ldap.UNWILLING_TO_PERFORM:
break
else:
time.sleep(.5)
# Set the allow days
plugin.set_days_allowed(allow_days)
attr_updated = 0
for i in range(0, timeout):
if (str(plugin.get_days_allowed()) == allow_days):
attr_updated = 1
break
else:
time.sleep(.5)
if not attr_updated:
raise Exception("rootdn-days-allowed was not updated")
# Bind as Root DN - should succeed
for i in range(0, timeout):
try:
dm.bind()
break
except:
time.sleep(.5)