def test_ruv_after_reindex(topo): """Test that the tombstone RUV entry is not corrupted after a reindex task :id: 988c0fab-1905-4dc5-a45d-fbf195843a33 :setup: 2 suppliers :steps: 1. Reindex database 2. Perform some updates 3. Check error log does not have "_entryrdn_insert_key" errors :expectedresults: 1. Success 2. Success 3. Success """ inst = topo.ms['supplier1'] suffix = Domain(inst, "ou=people," + DEFAULT_SUFFIX) backends = Backends(inst) backend = backends.get(DEFAULT_BENAME) # Reindex nsuniqueid backend.reindex(attrs=['nsuniqueid'], wait=True) # Do some updates for idx in range(0, 5): suffix.replace('description', str(idx)) # Check error log for RUV entryrdn errors. Stopping instance forces RUV # to be written and quickly exposes the error inst.stop() assert not inst.searchErrorsLog("entryrdn_insert_key")
def assert_data_present(inst): # Do we have the backend marker? d = Domain(inst, DEFAULT_SUFFIX) try: desc = d.get_attr_val_utf8('description') if desc == TEST_MARKER: return except: # Just reset everything. pass # Reset the backends bes = Backends(inst) try: be = bes.get(DEFAULT_SUFFIX) be.delete() except: pass be = bes.create(properties={ 'nsslapd-suffix': DEFAULT_SUFFIX, 'cn': 'userRoot', }) be.create_sample_entries('001004002') # Load our data # We can't use dbgen as that relies on local access :( # Add 40,000 groups groups = Groups(inst, DEFAULT_SUFFIX) for i in range(1, GROUP_MAX): rdn = 'group_{0:07d}'.format(i) groups.create(properties={ 'cn': rdn, }) # Add 60,000 users users = nsUserAccounts(inst, DEFAULT_SUFFIX) for i in range(1, USER_MAX): rdn = 'user_{0:07d}'.format(i) users.create( properties={ 'uid': rdn, 'cn': rdn, 'displayName': rdn, 'uidNumber': '%s' % i, 'gidNumber': '%s' % i, 'homeDirectory': '/home/%s' % rdn, 'userPassword': rdn, }) # Add the marker d.replace('description', TEST_MARKER)
def test_expired_user_has_no_privledge(topo): """Specify a test case purpose or name here :id: 3df86b45-9929-414b-9bf6-06c25301d207 :setup: Standalone Instance :steps: 1. Set short password expiration time 2. Add user and wait for expiration time to run out 3. Set one aci that allows authenticated users full access 4. Bind as user (password should be expired) 5. Attempt modify :expectedresults: 1. Success 2. Success 3. Success 4. Success 5. Success """ # Configured password epxiration topo.standalone.config.replace_many(('passwordexp', 'on'), ('passwordmaxage', '1')) # Set aci suffix = Domain(topo.standalone, DEFAULT_SUFFIX) ACI_TEXT = '(targetattr="*")(version 3.0; acl "test aci"; allow (all) (userdn="ldap:///all");)' suffix.replace('aci', ACI_TEXT) # Add user user = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None).create_test_user() user.replace('userpassword', PASSWORD) time.sleep(2) # Bind as user with expired password. Need to use raw ldap calls because # lib389 will close the connection when an error 49 is encountered. ldap_object = ldap.initialize(topo.standalone.toLDAPURL()) with pytest.raises(ldap.INVALID_CREDENTIALS): res_type, res_data, res_msgid, res_ctrls = ldap_object.simple_bind_s( user.dn, PASSWORD) # Try modify with pytest.raises(ldap.INSUFFICIENT_ACCESS): modlist = [(ldap.MOD_REPLACE, 'description', b'Should not work!')] ldap_object.modify_ext_s(DEFAULT_SUFFIX, modlist)
def run(self): """ Start adding users """ idx = 0 conn = DirectoryManager(self.inst).bind() domain = Domain(conn, DEFAULT_SUFFIX) while idx < MOD_COUNT: try: domain.replace('description', str(idx)) except: if self.task == "import": # Failures are expected during an import pass else: # export, should not fail log.fatal('Updates should not fail during an export') assert False idx += 1
def test_retrocl_trimming(topology_st): """Test retrocl trimming works :id: 54c6747f-6772-43b7-8b03-09e13fa0c205 :setup: Standalone Instance :steps: 1. Enable Retro changelog 2. Add a bunch of entries 3. Configure trimming 4. Verify trimming occurred :expectedresults: 1. Success 2. Success 3. Success 4. Success """ inst = topology_st.standalone # Configure plugin log.info('Configure retrocl plugin') rcl = RetroChangelogPlugin(inst) rcl.enable() inst.restart() # Do some updates suffix = Domain(inst, DEFAULT_SUFFIX) for idx in range(0, 10): suffix.replace('description', str(idx)) # Setup trimming rcl.replace('nsslapd-changelog-trim-interval', '2') rcl.replace('nsslapd-changelogmaxage', '5s') inst.config.set('nsslapd-errorlog-level', '65536') # plugin logging inst.restart() # Verify trimming occurs time.sleep(5) assert inst.searchErrorsLog("trim_changelog: removed ") # Clean up inst.config.set('nsslapd-errorlog-level', '0')
def setup_subtree_policy(topo): """Set up subtree password policy """ topo.standalone.config.set('nsslapd-pwpolicy-local', 'on') log.info('Create password policy for subtree {}'.format(OU_PEOPLE)) try: subprocess.call(['%s/ns-newpwpolicy.pl' % topo.standalone.get_sbin_dir(), '-D', DN_DM, '-w', PASSWORD, '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, '-S', DEFAULT_SUFFIX, '-Z', SERVERID_STANDALONE]) except subprocess.CalledProcessError as e: log.error('Failed to create pw policy policy for {}: error {}'.format( OU_PEOPLE, e.message['desc'])) raise e domain = Domain(topo.standalone, DEFAULT_SUFFIX) domain.replace('pwdpolicysubentry', PW_POLICY_CONT_PEOPLE2) time.sleep(1)
def setup_subtree_policy(topo): """Set up subtree password policy """ topo.standalone.config.set('nsslapd-pwpolicy-local', 'on') log.info('Create password policy for subtree {}'.format(OU_PEOPLE)) try: subprocess.call(['%s/dsconf' % topo.standalone.get_sbin_dir(), 'slapd-standalone1', 'localpwp', 'addsubtree', OU_PEOPLE]) except subprocess.CalledProcessError as e: log.error('Failed to create pw policy policy for {}: error {}'.format( OU_PEOPLE, e.message['desc'])) raise e domain = Domain(topo.standalone, DEFAULT_SUFFIX) domain.replace('pwdpolicysubentry', PW_POLICY_CONT_PEOPLE) time.sleep(1)
def do_mods(master, num): """Perform a num of mods on the default suffix """ domain = Domain(master, DEFAULT_SUFFIX) for i in range(num): domain.replace('description', 'change %s' % i)