def fin():
topo.standalone.restart()
try:
filtered_roles = FilteredRoles(topo.standalone, DEFAULT_SUFFIX)
for i in filtered_roles.list():
i.delete()
except:
pass
topo.standalone.config.set('nsslapd-ignore-virtual-attrs', 'on')
def test_usandsconf_dbgen_filtered_role(topology_st, set_log_file_and_ldif):
"""Test ldifgen (formerly dbgen) tool to create a filtered role
:id: cb3c8ea8-4234-40e2-8810-fb6a25973921
:setup: Standalone instance
:steps:
1. Create DS instance
2. Run ldifgen to generate ldif with filtered role
3. Import generated ldif to database
4. Check it was properly imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
LDAP_RESULT = 'adding new entry "cn=My_Filtered_Role,ou=filtered roles,dc=example,dc=com"'
standalone = topology_st.standalone
args = FakeArgs()
args.NAME = 'My_Filtered_Role'
args.parent = 'ou=filtered roles,dc=example,dc=com'
args.create_parent = True
args.type = 'filtered'
args.filter = '"objectclass=posixAccount"'
args.role_dn = None
args.ldif_file = ldif_file
content_list = [
'Generating LDIF with the following options:',
'NAME={}'.format(args.NAME), 'parent={}'.format(args.parent),
'create-parent={}'.format(args.create_parent),
'type={}'.format(args.type), 'filter={}'.format(args.filter),
'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
'Successfully created LDIF file: {}'.format(args.ldif_file)
]
log.info('Run ldifgen to create filtered role ldif')
dbgen_create_role(standalone, log, args)
log.info('Check if file exists')
assert os.path.exists(ldif_file)
check_value_in_log_and_reset(content_list)
# Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
run_ldapmodify_from_file(standalone, ldif_file, LDAP_RESULT)
log.info('Check that filtered role is imported')
roles = FilteredRoles(standalone, DEFAULT_SUFFIX)
assert roles.exists(args.NAME)
new_role = roles.get(args.NAME)
assert new_role.present('nsRoleFilter', args.filter)
def fin():
topo.standalone.restart()
try:
filtered_roles = FilteredRoles(topo.standalone, DEFAULT_SUFFIX)
for i in filtered_roles.list():
i.delete()
except:
pass
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs is back to ON"
)
topo.standalone.restart()
assert topo.standalone.config.get_attr_val_utf8(
'nsslapd-ignore-virtual-attrs') == "on"
def fin():
s.restart()
c.restart()
try:
filtered_roles = FilteredRoles(s, DEFAULT_SUFFIX)
for i in filtered_roles.list():
i.delete()
except:
pass
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs is back to ON over consumer"
)
s.restart()
c.restart()
assert c.config.get_attr_val_utf8(
'nsslapd-ignore-virtual-attrs') == "on"
def test_vattr_on_filtered_role_with_replication(topo, request):
"""Test nsslapd-ignore-virtual-attrs configuration attribute
The attribute is ON by default. If a filtered role is
added it is moved to OFF in replication scenario
:id: 7b29be88-c8ca-409b-bbb7-ce3962f73f91
:customerscenario: True
:setup: Supplier Consumer
:steps:
1. Check the attribute nsslapd-ignore-virtual-attrs is present in cn=config over consumer
2. Check the default value of attribute nsslapd-ignore-virtual-attrs should be ON over consumer
3. Create a filtered role in supplier
4. Check the value of nsslapd-ignore-virtual-attrs should be OFF over consumer
5. Check a message "roles_cache_trigger_update_role - Because of virtual attribute.." in error logs of consumer
6. Check after deleting role definition value of attribute nsslapd-ignore-virtual-attrs is set back to ON over consumer
:expectedresults:
1. This should be successful
2. This should be successful
3. This should be successful
4. This should be successful
5. This should be successful
6. This should be successful
"""
s = topo.ms['supplier1']
c = topo.cs['consumer1']
log.info(
"Check the attribute nsslapd-ignore-virtual-attrs is present in cn=config over consumer"
)
assert c.config.present('nsslapd-ignore-virtual-attrs')
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs should be ON over consumer"
)
assert c.config.get_attr_val_utf8('nsslapd-ignore-virtual-attrs') == "on"
log.info("Create a filtered role")
try:
Organization(s).create(properties={"o": "acivattr"},
basedn=DEFAULT_SUFFIX)
except:
pass
roles = FilteredRoles(s, DNBASE)
roles.create(properties={
'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'
})
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs should be OFF over consumer"
)
time.sleep(5)
assert c.config.present('nsslapd-ignore-virtual-attrs', 'off')
c.stop()
assert c.searchErrorsLog(
"roles_cache_trigger_update_role - Because of virtual attribute definition \(role\), nsslapd-ignore-virtual-attrs was set to \'off\'"
)
def fin():
s.restart()
c.restart()
try:
filtered_roles = FilteredRoles(s, DEFAULT_SUFFIX)
for i in filtered_roles.list():
i.delete()
except:
pass
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs is back to ON over consumer"
)
s.restart()
c.restart()
assert c.config.get_attr_val_utf8(
'nsslapd-ignore-virtual-attrs') == "on"
request.addfinalizer(fin)
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [
f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'
])
nestedroles = NestedRoles(topo.standalone, OU_ROLE)
for i in [('role2', [ROLE1, ROLE21]), ('role3', [ROLE2, ROLE31])]:
nestedroles.create(properties={'cn': i[0], 'nsRoleDN': i[1]})
managedroles = ManagedRoles(topo.standalone, OU_ROLE)
for i in ['ROLE1', 'ROLE21', 'ROLE31']:
managedroles.create(properties={'cn': i})
filterroles = FilteredRoles(topo.standalone, OU_ROLE)
filterroles.create(
properties={
'cn': 'filterRole',
'nsRoleFilter': 'sn=Dr Drake',
'description': 'filter role tester'
})
users = UserAccounts(topo.standalone, OU_ROLE, rdn=None)
for i in [('STEVE_ROLE', ROLE1, 'Has roles 1, 2 and 3.'),
('HARRY_ROLE', ROLE21, 'Has roles 21, 2 and 3.'),
('MARY_ROLE', ROLE31, 'Has roles 31 and 3.')]:
users.create(
properties={
'uid': i[0],
'cn': i[0],
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + i[0],
'userPassword': PW_DM,
'nsRoleDN': i[1],
'Description': i[2]
})
for i in [('JOE_ROLE', 'Has filterRole.'), ('NOROLEUSER', 'Has no roles.'),
('SCRACHENTRY', 'Entry to test rights on.'),
('all access', 'Everyone has acccess (incl anon).'),
('not rule access', 'Only accessible to mary.'),
('or rule access',
'Only to steve and harry but nbot mary or anon'),
('nested role tester', 'Only accessible to harry and steve.')]:
users.create(
properties={
'uid': i[0],
'cn': i[0],
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + i[0],
'userPassword': PW_DM,
'Description': i[1]
})
# Setting SN for user JOE
UserAccount(topo.standalone,
f'uid=JOE_ROLE,ou=roledntest,{DEFAULT_SUFFIX}').set(
'sn', 'Dr Drake')
def fin():
"""
It will delete the created users
"""
for i in users.list() + managedroles.list() + nestedroles.list():
i.delete()
request.addfinalizer(fin)
def _create_test_entries(topo):
# Changing schema
current_schema = Schema(topo.standalone)
current_schema.add(
'attributetypes',
"( 9.9.8.4 NAME 'emailclass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
"X-ORIGIN 'RFC 2256' )")
current_schema.add(
'objectclasses',
"( 9.9.8.2 NAME 'mailSchemeUser' DESC 'User Defined ObjectClass' "
"SUP 'top' MUST ( objectclass ) "
"MAY (aci $ emailclass) X-ORIGIN 'RFC 2256' )")
# Creating ous
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
for ou_ou in [
'Çéliné Ändrè',
'Ännheimè',
'Çlose Crèkä',
'Sàn Fråncêscô',
'Netscape Servers',
'COS',
]:
ous.create(properties={'ou': ou_ou})
ous_mail = OrganizationalUnits(topo.standalone, f'ou=COS,{DEFAULT_SUFFIX}')
ous_mail.create(properties={'ou': 'MailSchemeClasses'})
# Creating users
users_people = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
for user, org, l_l, telephone, facetele, rn_rn in [
[
'scarter', ['Accounting', 'People'], 'Sunnyvale',
'+1 408 555 4798', '+1 408 555 9751', '4612'
],
[
'tmorris', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 9187', '+1 408 555 8473', '4117'
],
[
'kvaughan', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 5625', ' +1 408 555 3372', '2871'
],
[
'abergin', ['Product Testing', 'People'], 'Cupertino',
'+1 408 555 8585', '+1 408 555 7472', '3472'
],
[
'dmiller', ['Accounting', 'People'], 'Sunnyvale',
'+1 408 555 9423', '+1 408 555 0111', '4135'
],
[
'gfarmer', ['Accounting', 'People'], 'Cupertino',
'+1 408 555 6201', '+1 408 555 8473', '1269'
],
[
'kwinters', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 9069', '+1 408 555 1992', '4178'
],
[
'trigden', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 9280', '+1 408 555 8473', '3584'
],
[
'cschmith', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 8011', '+1 408 555 4774', '0416'
],
[
'jwallace', ['Accounting', 'People'], 'Sunnyvale',
'+1 408 555 0319', '+1 408 555 8473', '1033'
],
[
'jwalker', ['Product Testing', 'People'], 'Cupertino',
'+1 408 555 1476', '+1 408 555 1992', '3915'
],
[
'tclow', ['Human Resources', 'People'], 'Santa Clara',
'+1 408 555 8825', '+1 408 555 1992', '4376'
],
[
'rdaugherty', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 1296', '+1 408 555 1992', '0194'
],
[
'jreuter', ['Product Testing', 'People'], 'Cupertino',
'+1 408 555 1122', '+1 408 555 8721', '2942'
],
[
'tmason', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 1596', '+1 408 555 9751', '1124'
],
[
'bhall', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 4798', '+1 408 555 9751', '4612'
],
[
'btalbot', ['Human Resources', 'People'], 'Cupertino',
'+1 408 555 6067', '+1 408 555 9751', '3532'
],
[
'mward', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '1707'
],
[
'bjablons', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 6067', '+1 408 555 9751', '0906'
],
[
'jmcFarla', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '2359'
],
[
'llabonte', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '2854'
],
[
'jcampaig', ['Product Development', 'People'], 'Cupertino',
'+1 408 555 6067', '+1 408 555 9751', '4385'
],
[
'bhal2', ['Accounting', 'People'], 'Sunnyvale', '+1 408 555 6067',
'+1 408 555 9751', '2758'
],
[
'alutz', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '1327'
],
[
'btalbo2', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '1205'
],
[
'achassin', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '0466'
],
[
'hmiller', ['Human Resources', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '4304'
],
[
'jcampai2', ['Human Resources', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '1377'
],
[
'lulrich', ['Accounting', 'People'], 'Sunnyvale',
'+1 408 555 6067', '+1 408 555 9751', '0985'
],
[
'mlangdon', ['Product Development', 'People'], 'Cupertino',
'+1 408 555 6067', '+1 408 555 9751', '4471'
],
[
'striplet', ['Human Resources', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '3083'
],
[
'gtriplet', ['Accounting', 'People'], 'Sunnyvale',
'+1 408 555 6067', '+1 408 555 9751', '4023'
],
[
'jfalena', ['Human Resources', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '1917'
],
[
'speterso', ['Human Resources', 'People'], 'Cupertino',
'+1 408 555 6067', '+1 408 555 9751', '3073'
],
[
'ejohnson', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '3737'
],
[
'prigden', ['Accounting', 'People'], 'Santa', '+1 408 555 6067',
'+1 408 555 9751', '1271'
],
[
'bwalker', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 6067', '+1 408 555 9751', '3529'
],
[
'kjensen', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 4798', '+1 408 555 9751', '1944'
],
[
'mlott', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 4798', '+1 408 555 9751', '0498'
],
[
'cwallace', ['Product Development', 'People'], 'Cupertino',
'+1 408 555 4798', '+1 408 555 9751', '0349'
],
[
'falbers', ['Accounting', 'People'], 'Sunnyvale',
'+1 408 555 4798', '+1 408 555 9751', '1439'
],
[
'calexand', ['Product Development', 'People'], 'Sunnyvale',
'+1 408 555 4798', '+1 408 555 9751', '2884'
],
[
'phunt', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 4798', '+1 408 555 9751', '1183'
],
[
'awhite', ['Product Testing', 'People'], 'Sunnyvale',
'+1 408 555 4798', '+1 408 555 9751', '0142'
],
[
'sfarmer', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 4798', '+1 408 555 9751', '0019'
],
[
'jrentz', ['Human Resources', 'People'], 'Santa Clara',
'+1 408 555 4798', '+1 408 555 9751', '3025'
],
[
'ahall', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 4798', '+1 408 555 9751', '3050'
],
[
'lstockto', ['Product Testing', 'People'], 'Santa Clara',
'+1 408 555 0518', '+1 408 555 4774', '0169'
],
[
'ttully', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 2274', '+1 408 555 0111', '3924'
],
[
'polfield', ['Human Resources', 'People'], 'Santa Clara',
'+1 408 555 4798', '+1 408 555 9751', '1376'
],
[
'scarte2', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 4798', '+1 408 555 9751', '2013'
],
[
'tkelly', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 4295', '+1 408 555 1992', '3107'
],
[
'mmcinnis', ['Product Development', 'People'], 'Santa Clara',
'+1 408 555 9655', '+1 408 555 8721', '4818'
],
[
'brigden', ['Human Resources', 'People'], 'Sunnyvale',
'+1 408 555 9655', '+1 408 555 8721', '1643'
],
[
'mtyler', ['Human Resources', 'People'], 'Cupertino',
'+1 408 555 9655', '+1 408 555 8721', '2701'
],
[
'rjense2', ['Product Testing', 'People'], 'Sunnyvale',
'+1 408 555 9655', '+1 408 555 8721', '1984'
],
[
'rhunt', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 9655', '+1 408 555 8721', '0718'
],
[
'ptyler', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 9655', '+1 408 555 8721', '0327'
],
[
'gtyler', ['Accounting', 'People'], 'Santa Clara',
'+1 408 555 9655', '+1 408 555 8721', '0312'
]
]:
english_named_user(users_people, user, org, l_l, telephone, facetele,
rn_rn)
# Creating Users
users_annahame = UserAccounts(topo.standalone,
f'ou=Ännheimè,{DEFAULT_SUFFIX}',
rdn=None)
users_sanfran = UserAccounts(topo.standalone,
f'ou=Sàn Fråncêscô,{DEFAULT_SUFFIX}',
rdn=None)
users_andre = UserAccounts(topo.standalone,
f'ou=Çéliné Ändrè,{DEFAULT_SUFFIX}',
rdn=None)
users_close = UserAccounts(topo.standalone,
f'ou=Çlose Crèkä,{DEFAULT_SUFFIX}',
rdn=None)
for people, user, cn_cn, ou_ou, des, tele, facetele, be_be, lang in [
[
users_annahame, 'user0', 'Babette Ryndérs', 'Ännheimè',
'This is Babette Ryndérs description', '+1 415 788-4115',
'+1 804 849-2367', 'es', 'Babette Ryndérs'
],
[
users_sanfran, 'user1', 'mÿrty DeCoùrsin', 'Sàn Fråncêscô',
'This is mÿrty DeCoùrsins description', '+1 408 689-8883',
'+1 804 849-2367', 'ie', 'mÿrty DeCoùrsin'
],
[
users_sanfran, 'user3', 'Kéñnon Fùndérbùrg', 'Sàn Fråncêscô',
"This is Kéñnon Fùndérbùrg's description", '+1 408 689-8883',
'+1 804 849-2367', 'it', 'Kéñnon Fùndérbùrg'
],
[
users_sanfran, 'user5', 'Dàsya Cozàrt', 'Sàn Fråncêscô',
"This is Dàsya Cozàrt's description", '+1 408 689-8883',
'+1 804 849-2367', 'be', 'Dàsya Cozàrt'
],
[
users_andre, 'user2', "Rôw O'Connér", 'Çéliné Ändrè',
"This is Rôw O'Connér's description", '+1 408 689-8883',
'+1 804 849-2367', 'it', "Rôw O'Connér"
],
[
users_andre, 'user4', 'Theadora Ebérle', 'Çéliné Ändrè',
"This is Kéñnon Fùndérbùrg's description", '+1 408 689-8883',
'+1 804 849-2367', 'de', 'Theadora Ebérle'
],
[
users_andre, 'user6', 'mÿrv Callânân', 'Çéliné Ändrè',
"This is mÿrv Callânân's description", '+1 408 689-8883',
'+1 804 849-2367', 'fr', 'mÿrv Callânân'
],
[
users_close, 'user7', 'Ñäthan Ovâns', 'Çlose Crèkä',
"This is Ñäthan Ovâns's description", '+1 408 689-8883',
'+1 804 849-2367', 'be', 'Ñäthan Ovâns'
]
]:
non_english_user(people, user, cn_cn, ou_ou, des, tele, facetele,
be_be, lang)
# Creating User Entry
for user, address, pin in [
['Secretary1', '123 Castro St., Mountain View, CA', '99999'],
['Secretary2', '234 Ellis St., Mountain View, CA', '88888'],
['Secretary3', '345 California Av., Mountain View, CA', '77777'],
['Secretary4', '456 Villa St., Mountain View, CA', '66666'],
['Secretary5', '567 University Av., Mountain View, CA', '55555']
]:
user_with_postal_code(users_people, user, address, pin)
# Adding properties to mtyler
mtyler = UserAccount(topo.standalone,
'uid=mtyler, ou=people, dc=example, dc=com')
for value1, value2 in [
('objectclass', ['mailSchemeUser', 'mailRecipient']),
('emailclass', 'vpemail'), ('mailquota', '600'),
('multiLineDescription',
'fromentry This is the special \2a attribute value')
]:
mtyler.add(value1, value2)
# Adding properties to rjense2
rjense2 = UserAccount(topo.standalone,
'uid=rjense2, ou=people, dc=example, dc=com')
for value1, value2 in [('objectclass', ['mailRecipient',
'mailSchemeUser']),
('emailclass', 'vpemail')]:
rjense2.add(value1, value2)
# Creating managed role
ManagedRoles(topo.standalone, DEFAULT_SUFFIX).create(
properties={
'description': 'This is the new managed role configuration',
'cn': 'new managed role'
})
# Creating filter role
filters = FilteredRoles(topo.standalone, DEFAULT_SUFFIX)
filters.create(
properties={
'nsRoleFilter': '(uid=*wal*)',
'description': 'this is the new filtered role',
'cn': 'new filtered role'
})
filters.create(
properties={
'nsRoleFilter': '(&(postalCode=77777)(uid=*er*))',
'description': 'This is the new vddr filter role config',
'cn': 'new vaddr filtered role'
})
filters.create(
properties={
'nsRoleFilter': '(&(postalCode=66666)(l=Cupertino))',
'description': 'This is the new vddr filter role config',
'cn': 'another vaddr role'
})
def test_filterrole(topo):
"""Test Filter Role
:id: 8ada4064-786b-11e8-8634-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. Search nsconsole role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
Organization(topo.standalone).create(properties={"o": "acivattr"},
basedn=DEFAULT_SUFFIX)
properties = {
'ou': 'eng',
}
ou_ou = OrganizationalUnit(topo.standalone,
"ou=eng,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou_ou.create(properties=properties)
properties = {'ou': 'sales'}
ou_ou = OrganizationalUnit(topo.standalone,
"ou=sales,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou_ou.create(properties=properties)
roles = FilteredRoles(topo.standalone, DNBASE)
roles.create(properties={
'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'
})
roles.create(properties={
'cn': 'FILTERROLESALESROLE',
'nsRoleFilter': 'cn=sales*'
})
properties = {
'uid': 'salesuser1',
'cn': 'salesuser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesuser1',
'userPassword': PW_DM
}
user = UserAccount(
topo.standalone,
'cn=salesuser1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'salesmanager1',
'cn': 'salesmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesmanager1',
'userPassword': PW_DM,
}
user = UserAccount(
topo.standalone,
'cn=salesmanager1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1',
'userPassword': PW_DM
}
user = UserAccount(
topo.standalone,
'cn=enguser1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'engmanager1',
'cn': 'engmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'engmanager1',
'userPassword': PW_DM
}
user = UserAccount(
topo.standalone,
'cn=engmanager1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
# user with cn=sales* will automatically memeber of nsfilterrole
# cn=filterrolesalesrole,o=acivattr,dc=example,dc=com
assert UserAccount(topo.standalone,
'cn=salesuser1,ou=sales,o=acivattr,dc=example,dc=com').\
get_attr_val_utf8('nsrole') == 'cn=filterrolesalesrole,o=acivattr,dc=example,dc=com'
# same goes to SALES_MANAGER
assert UserAccount(topo.standalone, SALES_MANAGER).get_attr_val_utf8(
'nsrole') == 'cn=filterrolesalesrole,o=acivattr,dc=example,dc=com'
# user with cn=eng* will automatically memeber of nsfilterrole
# cn=filterroleengrole,o=acivattr,dc=example,dc=com
assert UserAccount(topo.standalone, 'cn=enguser1,ou=eng,o=acivattr,dc=example,dc=com').\
get_attr_val_utf8('nsrole') == 'cn=filterroleengrole,o=acivattr,dc=example,dc=com'
# same goes to ENG_MANAGER
assert UserAccount(topo.standalone, ENG_MANAGER).get_attr_val_utf8(
'nsrole') == 'cn=filterroleengrole,o=acivattr,dc=example,dc=com'
for dn_dn in [
ENG_USER, SALES_UESER, ENG_MANAGER, SALES_MANAGER,
FILTERROLESALESROLE, FILTERROLEENGROLE, ENG_OU, SALES_OU, DNBASE
]:
UserAccount(topo.standalone, dn_dn).delete()
def _add_user(request, topo):
org = Organization(topo.standalone).create(properties={"o": "acivattr"}, basedn=DEFAULT_SUFFIX)
org.add('aci', '(targetattr="*")(targetfilter="(nsrole=*)")(version 3.0; aci "tester"; '
'allow(all) userdn="ldap:///cn=enguser1,ou=eng,o=acivattr,{}";)'.format(DEFAULT_SUFFIX))
ou = OrganizationalUnit(topo.standalone, "ou=eng,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'eng'})
ou = OrganizationalUnit(topo.standalone, "ou=sales,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'sales'})
roles = FilteredRoles(topo.standalone, DNBASE)
roles.create(properties={'cn':'FILTERROLEENGROLE', 'nsRoleFilter':'cn=eng*'})
roles.create(properties={'cn': 'FILTERROLESALESROLE', 'nsRoleFilter': 'cn=sales*'})
nsContainer(topo.standalone,
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(
properties={'cn': 'cosTemplates'})
properties = {'employeeType': 'EngType', 'cn':'"cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com'}
CosTemplate(topo.standalone,'cn="cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX)).\
create(properties=properties)
properties = {'employeeType': 'SalesType', 'cn': '"cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com'}
CosTemplate(topo.standalone,
'cn="cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,'
'o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(properties=properties)
properties = {
'cosTemplateDn': 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX),
'cosAttribute': 'employeeType', 'cosSpecifier': 'nsrole', 'cn': 'cosClassicGenerateEmployeeTypeUsingnsrole'}
CosClassicDefinition(topo.standalone,
'cn=cosClassicGenerateEmployeeTypeUsingnsrole,o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(
properties=properties)
properties = {
'uid': 'salesuser1',
'cn': 'salesuser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesuser1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=salesuser1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'salesmanager1',
'cn': 'salesmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesmanager1',
'userPassword': PW_DM,
}
user = UserAccount(topo.standalone, 'cn=salesmanager1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=enguser1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'engmanager1',
'cn': 'engmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'engmanager1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=engmanager1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
def fin():
for DN in [ENG_USER,SALES_UESER,ENG_MANAGER,SALES_MANAGER,FILTERROLESALESROLE,FILTERROLEENGROLE,ENG_OU,SALES_OU,
'cn="cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com',
'cn="cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX), 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX),
'cn=cosClassicGenerateEmployeeTypeUsingnsrole,o=acivattr,{}'.format(DEFAULT_SUFFIX), DNBASE]:
UserAccount(topo.standalone, DN).delete()
request.addfinalizer(fin)
def test_vattr_on_filtered_role_restart(topo, request):
"""Test nsslapd-ignore-virtual-attrs configuration attribute
If it exists a filtered role definition at restart then
nsslapd-ignore-virtual-attrs should be set to 'off'
:id: 972183f7-d18f-40e0-94ab-580e7b7d78d0
:customerscenario: True
:setup: Standalone instance
:steps:
1. Check the attribute nsslapd-ignore-virtual-attrs is present in cn=config
2. Check the default value of attribute nsslapd-ignore-virtual-attrs should be ON
3. Create a filtered role
4. Check the value of nsslapd-ignore-virtual-attrs should be OFF
5. restart the instance
6. Check the presence of virtual attribute is detected
7. Check the value of nsslapd-ignore-virtual-attrs should be OFF
:expectedresults:
1. This should be successful
2. This should be successful
3. This should be successful
4. This should be successful
5. This should be successful
6. This should be successful
7. This should be successful
"""
log.info(
"Check the attribute nsslapd-ignore-virtual-attrs is present in cn=config"
)
assert topo.standalone.config.present('nsslapd-ignore-virtual-attrs')
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs should be ON"
)
assert topo.standalone.config.get_attr_val_utf8(
'nsslapd-ignore-virtual-attrs') == "on"
log.info("Create a filtered role")
try:
Organization(topo.standalone).create(properties={"o": "acivattr"},
basedn=DEFAULT_SUFFIX)
except:
pass
roles = FilteredRoles(topo.standalone, DNBASE)
roles.create(properties={
'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'
})
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs should be OFF"
)
assert topo.standalone.config.present('nsslapd-ignore-virtual-attrs',
'off')
log.info(
"Check the virtual attribute definition is found (after a required delay)"
)
topo.standalone.restart()
time.sleep(5)
assert topo.standalone.searchErrorsLog("Found a role/cos definition in")
assert topo.standalone.searchErrorsLog(
"roles_cache_trigger_update_role - Because of virtual attribute definition \(role\), nsslapd-ignore-virtual-attrs was set to \'off\'"
)
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs should be OFF"
)
assert topo.standalone.config.present('nsslapd-ignore-virtual-attrs',
'off')
def fin():
topo.standalone.restart()
try:
filtered_roles = FilteredRoles(topo.standalone, DEFAULT_SUFFIX)
for i in filtered_roles.list():
i.delete()
except:
pass
topo.standalone.config.set('nsslapd-ignore-virtual-attrs', 'on')
request.addfinalizer(fin)
def test_vattr_on_filtered_role(topo, request):
"""Test nsslapd-ignore-virtual-attrs configuration attribute
The attribute is ON by default. If a filtered role is
added it is moved to OFF
:id: 88b3ad3c-f39a-4eb7-a8c9-07c685f11908
:customerscenario: True
:setup: Standalone instance
:steps:
1. Check the attribute nsslapd-ignore-virtual-attrs is present in cn=config
2. Check the default value of attribute nsslapd-ignore-virtual-attrs should be ON
3. Create a filtered role
4. Check the value of nsslapd-ignore-virtual-attrs should be OFF
5. Check a message "roles_cache_trigger_update_role - Because of virtual attribute.." in error logs
6. Check after deleting role definition value of attribute nsslapd-ignore-virtual-attrs is set back to ON
:expectedresults:
1. This should be successful
2. This should be successful
3. This should be successful
4. This should be successful
5. This should be successful
6. This should be successful
"""
log.info(
"Check the attribute nsslapd-ignore-virtual-attrs is present in cn=config"
)
assert topo.standalone.config.present('nsslapd-ignore-virtual-attrs')
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs should be ON"
)
assert topo.standalone.config.get_attr_val_utf8(
'nsslapd-ignore-virtual-attrs') == "on"
log.info("Create a filtered role")
try:
Organization(topo.standalone).create(properties={"o": "acivattr"},
basedn=DEFAULT_SUFFIX)
except:
pass
roles = FilteredRoles(topo.standalone, DNBASE)
roles.create(properties={
'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'
})
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs should be OFF"
)
assert topo.standalone.config.present('nsslapd-ignore-virtual-attrs',
'off')
topo.standalone.stop()
assert topo.standalone.searchErrorsLog(
"roles_cache_trigger_update_role - Because of virtual attribute definition \(role\), nsslapd-ignore-virtual-attrs was set to \'off\'"
)
def fin():
topo.standalone.restart()
try:
filtered_roles = FilteredRoles(topo.standalone, DEFAULT_SUFFIX)
for i in filtered_roles.list():
i.delete()
except:
pass
log.info(
"Check the default value of attribute nsslapd-ignore-virtual-attrs is back to ON"
)
topo.standalone.restart()
assert topo.standalone.config.get_attr_val_utf8(
'nsslapd-ignore-virtual-attrs') == "on"
request.addfinalizer(fin)
def test_positive(topo):
"""CoS positive tests
:id: a5a74235-597f-4fe8-8c38-826860927472
:setup: server
:steps:
1. Add filter role entry
2. Add ns container
3. Add cos template
4. Add CosClassic Definition
5. Cos entries should be added and searchable
6. employeeType attribute should be there in user entry as per the cos plugin property
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should success
5. Operation should success
6. Operation should success
"""
# Adding ns filter role
roles = FilteredRoles(topo.standalone, DEFAULT_SUFFIX)
roles.create(properties={'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'})
# adding ns container
nsContainer(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties={'cn': 'cosTemplates'})
# creating cos template
properties = {'employeeType': 'EngType',
'cn': '"cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,dc=example,dc=com'
}
CosTemplate(topo.standalone, 'cn="cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# creating CosClassicDefinition
properties = {'cosTemplateDn': 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX),
'cosAttribute': 'employeeType',
'cosSpecifier': 'nsrole',
'cn': 'cosClassicGenerateEmployeeTypeUsingnsrole'}
CosClassicDefinition(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsrole,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# Adding User entry
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1'
}
user = UserAccount(topo.standalone, 'cn=enguser1,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
# Asserting Cos should be added and searchable
cosdef = CosClassicDefinitions(topo.standalone, DEFAULT_SUFFIX).get('cosClassicGenerateEmployeeTypeUsingnsrole')
assert cosdef.dn == 'cn=cosClassicGenerateEmployeeTypeUsingnsrole,dc=example,dc=com'
assert cosdef.get_attr_val_utf8('cn') == 'cosClassicGenerateEmployeeTypeUsingnsrole'
# CoS definition entry's cosSpecifier attribute specifies the employeeType attribute
assert user.present('employeeType')
