def test_modify_printer_and_check_cupsd(ucr, udm):
"""Create and modify shares/printer, check if cupsd still running"""
ucr.load()
name = uts.random_name()
printer_properties = {
'model': 'foomatic-rip/Alps-MD-5000-md5k.ppd',
'uri': 'file:/ tmp/%s' % name,
'spoolHost': '%s.%s' % (ucr['hostname'], ucr['domainname']),
'name': name,
}
printer = udm.create_object('shares/printer',
position='cn=printers,%s' % ucr['ldap/base'],
**printer_properties)
utils.verify_ldap_object(
printer, {
'univentionPrinterModel': [printer_properties['model']],
'univentionPrinterURI':
[printer_properties['uri'].replace(' ', '')],
'univentionPrinterSpoolHost': [printer_properties['spoolHost']]
})
udm.modify_object('shares/printer',
dn=printer,
ACLUsers=['cn=test,cn=users'],
ACLtype='allow')
time.sleep(3)
# check if cups is still running
subprocess.check_call(['lpstat', '-a'])
def get_school_ou_from_dn(dn, ucr=None):
if not ucr:
ucr = univention.config_registry.ConfigRegistry()
ucr.load()
oulist = [
x[3:] for x in univention.admin.uldap.explodeDn(dn)
if x.startswith('ou=')
]
if ucr.is_true('ucsschool/ldap/district/enable'):
return oulist[-2]
return oulist[-1]
def test_create_printer(ucr, udm):
"""Create shares/printer and verify LDAP object"""
ucr.load()
properties = {
'name': uts.random_name(),
'location': uts.random_string(),
'description': uts.random_name(),
'spoolHost': random_fqdn(ucr),
'uri': '%s %s' % (
random.choice(PRINTER_PROTOCOLS),
uts.random_ip(),
),
'model':
'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd',
'producer':
'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
'sambaName': uts.random_name(),
'ACLtype': random.choice(['allow all', 'allow', 'deny']),
'ACLUsers': 'uid=Administrator,cn=users,%s' % (ucr.get('ldap/base'), ),
'ACLGroups':
'cn=Printer Admins,cn=groups,%s' % (ucr.get('ldap/base'), ),
}
print('*** Create shares/printer object')
print_share_dn = udm.create_object('shares/printer',
position='cn=printers,%s' %
(ucr['ldap/base'], ),
**properties)
utils.verify_ldap_object(print_share_dn, {
'cn': [properties['name']],
'description': [properties['description']],
'univentionObjectType': ['shares/printer'],
'univentionPrinterACLGroups': [properties['ACLGroups']],
'univentionPrinterACLUsers': [properties['ACLUsers']],
'univentionPrinterACLtype': [properties['ACLtype']],
'univentionPrinterLocation': [properties['location']],
'univentionPrinterModel': [properties['model']],
'univentionPrinterSambaName': [properties['sambaName']],
'univentionPrinterSpoolHost': [properties['spoolHost']],
'univentionPrinterURI': [properties['uri'].replace(' ', '')],
},
delay=1)
print('*** Modify shares/printer object')
properties['sambaName'] = uts.random_name()
udm.modify_object('shares/printer',
dn=print_share_dn,
sambaName=properties['sambaName'])
utils.verify_ldap_object(
print_share_dn,
{'univentionPrinterSambaName': [properties['sambaName']]},
delay=1)
def get_ou_base(ou, district_enable):
ucr = univention.testing.ucr.UCSTestConfigRegistry()
ucr.load()
base_dn = ucr.get('ldap/base')
if district_enable:
ou_base = 'ou=%s,ou=%s,%s' % (ou, ou[0:2], base_dn)
else:
ou_base = 'ou=%s,%s' % (ou, base_dn)
return ou_base
def import_3_ou_in_a_row(use_cli_api=True, use_python_api=False):
"""
Creates 3 OUs in a row
"""
with univention.testing.ucr.UCSTestConfigRegistry(
) as ucr, univention.testing.udm.UCSTestUDM() as udm:
create_mail_domain(ucr, udm)
for singlemaster in [True, False]:
for district_enable in [False, True]:
cleanup_ou_list = []
try:
# reset DHCPD ldap search base which is also to be tested
univention.config_registry.handler_unset(
['dhcpd/ldap/base'])
ucr.load()
for i in xrange(1, 4):
ou_name = uts.random_name()
print '\n*** Creating OU #%d (ou_name=%s) ***\n' % (
i, ou_name)
cleanup_ou_list.append(ou_name)
create_and_verify_ou(
ucr,
ou=ou_name,
ou_displayname=ou_name,
dc=(uts.random_name()
if not singlemaster else None),
dc_administrative=None,
sharefileserver=None,
singlemaster=singlemaster,
noneducational_create_objects=False,
district_enable=district_enable,
default_dcs=None,
dhcp_dns_clearou=True,
unset_dhcpd_base=False,
do_cleanup=False,
use_cli_api=use_cli_api,
use_python_api=use_python_api,
)
finally:
for ou_name in cleanup_ou_list:
remove_ou(ou_name)
def verify_dc(ou, dc_name, dc_type, base_dn=None, must_exist=True):
''' Arguments:
dc_name: name of the domaincontroller (cn)
dc_type: type of the domaincontroller ('educational' or 'administrative')
'''
assert (dc_type in (TYPE_DC_ADMINISTRATIVE, TYPE_DC_EDUCATIONAL))
ucr = univention.testing.ucr.UCSTestConfigRegistry()
ucr.load()
if not base_dn:
base_dn = ucr.get('ldap/base')
ou_base = get_ou_base(ou,
ucr.is_true('ucsschool/ldap/district/enable', False))
dc_dn = 'cn=%s,cn=dc,cn=server,cn=computers,%s' % (dc_name, ou_base)
# define list of (un-)desired group memberships ==> [(IS_MEMBER, GROUP_DN), ...]
group_dn_list = []
if dc_type == TYPE_DC_ADMINISTRATIVE:
group_dn_list += [
(True, 'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
(ou.lower(), base_dn)),
(True,
'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )),
(False,
'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn),
(False,
'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
(ou, base_dn)),
(False, 'cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s' %
(ou.lower(), base_dn)),
(False,
'cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )),
(False,
'cn=Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % base_dn),
(False, 'cn=OU%s-Member-Edukativnetz,cn=ucsschool,cn=groups,%s' %
(ou, base_dn)),
]
else:
group_dn_list += [
(True, 'cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s' %
(ou.lower(), base_dn)),
(True,
'cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )),
(False,
'cn=Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % base_dn),
(False, 'cn=OU%s-Member-Edukativnetz,cn=ucsschool,cn=groups,%s' %
(ou, base_dn)),
]
if ucr.is_true('ucsschool/ldap/noneducational/create/objects',
must_exist):
group_dn_list += [
(False,
'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
(ou.lower(), base_dn)),
(False, 'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
(base_dn, )),
(False, 'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
base_dn),
(False,
'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
(ou, base_dn)),
]
utils.verify_ldap_object(dc_dn, should_exist=must_exist)
for (expected_membership, grpdn) in group_dn_list:
try:
if must_exist:
utils.verify_ldap_object(
grpdn,
expected_attr={'uniqueMember': [dc_dn]},
strict=False,
should_exist=True)
if not expected_membership:
raise DCisMemberOfGroup('%s DC %r is member of group %r' %
(dc_type, dc_dn, grpdn))
except utils.LDAPObjectValueMissing:
if expected_membership:
raise
def verify_ou(ou, dc, ucr, sharefileserver, dc_administrative, must_exist):
print '*** Verifying OU (%s) ... ' % ou
ucr.load()
dc_name = ucr.get('hostname')
old_dhcpd_ldap_base = ucr.get('dhcpd/ldap/base')
lo = univention.uldap.getMachineConnection()
base_dn = ucr.get('ldap/base')
cn_pupils = ucr.get('ucsschool/ldap/default/container/pupils', 'schueler')
cn_teachers = ucr.get('ucsschool/ldap/default/container/teachers',
'lehrer')
cn_teachers_staff = ucr.get(
'ucsschool/ldap/default/container/teachers-and-staff',
'lehrer und mitarbeiter')
cn_admins = ucr.get('ucsschool/ldap/default/container/admins', 'admins')
cn_staff = ucr.get('ucsschool/ldap/default/container/staff', 'mitarbeiter')
singlemaster = ucr.is_true('ucsschool/singlemaster')
noneducational_create_objects = ucr.is_true(
'ucsschool/ldap/noneducational/create/objects')
district_enable = ucr.is_true('ucsschool/ldap/district/enable')
# default_dcs = ucr.get('ucsschool/ldap/default/dcs')
dhcp_dns_clearou = ucr.is_true(
'ucsschool/import/generate/policy/dhcp/dns/clearou')
ou_base = get_ou_base(ou, district_enable)
# does dc exist?
if singlemaster:
dc_dn = ucr.get('ldap/hostdn')
dc_name = ucr.get('hostname')
elif dc:
dc_dn = 'cn=%s,cn=dc,cn=server,cn=computers,%s' % (dc, ou_base)
dc_name = dc
else:
dc_dn = 'cn=dc%s-01,cn=dc,cn=server,cn=computers,%s' % (ou, ou_base)
dc_name = 'dc%s-01' % ou
sharefileserver_dn = dc_dn
if sharefileserver:
result = lo.search(
filter='(&(objectClass=univentionDomainController)(cn=%s))' %
sharefileserver,
base=base_dn,
attr=['cn'])
if result:
sharefileserver_dn = result[0][0]
utils.verify_ldap_object(ou_base,
expected_attr={
'ou': [ou],
'ucsschoolClassShareFileServer':
[sharefileserver_dn],
'ucsschoolHomeShareFileServer':
[sharefileserver_dn]
},
should_exist=must_exist)
utils.verify_ldap_object('cn=printers,%s' % ou_base,
expected_attr={'cn': ['printers']},
should_exist=must_exist)
utils.verify_ldap_object('cn=users,%s' % ou_base,
expected_attr={'cn': ['users']},
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_pupils, ou_base),
expected_attr={'cn': [cn_pupils]},
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_teachers, ou_base),
expected_attr={'cn': [cn_teachers]},
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_admins, ou_base),
expected_attr={'cn': [cn_admins]},
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_admins, ou_base),
expected_attr={'cn': [cn_admins]},
should_exist=must_exist)
utils.verify_ldap_object('cn=computers,%s' % ou_base,
expected_attr={'cn': ['computers']},
should_exist=must_exist)
utils.verify_ldap_object('cn=server,cn=computers,%s' % ou_base,
expected_attr={'cn': ['server']},
should_exist=must_exist)
utils.verify_ldap_object('cn=dc,cn=server,cn=computers,%s' % ou_base,
expected_attr={'cn': ['dc']},
should_exist=must_exist)
utils.verify_ldap_object('cn=networks,%s' % ou_base,
expected_attr={'cn': ['networks']},
should_exist=must_exist)
utils.verify_ldap_object('cn=groups,%s' % ou_base,
expected_attr={'cn': ['groups']},
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_pupils, ou_base),
expected_attr={'cn': [cn_pupils]},
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_teachers, ou_base),
expected_attr={'cn': [cn_teachers]},
should_exist=must_exist)
utils.verify_ldap_object('cn=klassen,cn=%s,cn=groups,%s' %
(cn_pupils, ou_base),
expected_attr={'cn': ['klassen']},
should_exist=must_exist)
utils.verify_ldap_object('cn=raeume,cn=groups,%s' % ou_base,
expected_attr={'cn': ['raeume']},
should_exist=must_exist)
utils.verify_ldap_object('cn=dhcp,%s' % ou_base,
expected_attr={'cn': ['dhcp']},
should_exist=must_exist)
utils.verify_ldap_object('cn=policies,%s' % ou_base,
expected_attr={'cn': ['policies']},
should_exist=must_exist)
utils.verify_ldap_object('cn=shares,%s' % ou_base,
expected_attr={'cn': ['shares']},
should_exist=must_exist)
utils.verify_ldap_object('cn=klassen,cn=shares,%s' % ou_base,
expected_attr={'cn': ['klassen']},
should_exist=must_exist)
utils.verify_ldap_object('cn=dc,cn=server,cn=computers,%s' % ou_base,
expected_attr={'cn': ['dc']},
should_exist=must_exist)
if noneducational_create_objects:
utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_staff, ou_base),
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=users,%s' %
(cn_teachers_staff, ou_base),
should_exist=must_exist)
utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_staff, ou_base),
should_exist=must_exist)
else:
utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_staff, ou_base),
should_exist=False)
utils.verify_ldap_object('cn=%s,cn=users,%s' %
(cn_teachers_staff, ou_base),
should_exist=False)
utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_staff, ou_base),
should_exist=False)
if noneducational_create_objects:
utils.verify_ldap_object(
'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn,
should_exist=True)
utils.verify_ldap_object(
'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn,
should_exist=True)
utils.verify_ldap_object(
'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
(ou, base_dn),
should_exist=True)
utils.verify_ldap_object(
'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' %
(ou, base_dn),
should_exist=True)
# This will fail because we don't cleanup these groups in cleanup_ou
# else:
# utils.verify_ldap_object("cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s" % base_dn, should_exist=False)
# utils.verify_ldap_object("cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s" % base_dn, should_exist=False)
# utils.verify_ldap_object('cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=False)
# utils.verify_ldap_object('cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=False)
if not singlemaster:
verify_dc(ou, dc_name, TYPE_DC_EDUCATIONAL, base_dn, must_exist)
if dc_administrative:
verify_dc(ou, dc_administrative, TYPE_DC_ADMINISTRATIVE, base_dn,
must_exist)
grp_prefix_pupils = ucr.get('ucsschool/ldap/default/groupprefix/pupils',
'schueler-')
grp_prefix_teachers = ucr.get(
'ucsschool/ldap/default/groupprefix/teachers', 'lehrer-')
grp_prefix_admins = ucr.get('ucsschool/ldap/default/groupprefix/admins',
'admins-')
grp_prefix_staff = ucr.get('ucsschool/ldap/default/groupprefix/staff',
'mitarbeiter-')
grp_policy_pupils = ucr.get(
'ucsschool/ldap/default/policy/umc/pupils',
'cn=ucsschool-umc-pupils-default,cn=UMC,cn=policies,%s' % base_dn)
grp_policy_teachers = ucr.get(
'ucsschool/ldap/default/policy/umc/teachers',
'cn=ucsschool-umc-teachers-default,cn=UMC,cn=policies,%s' % base_dn)
grp_policy_admins = ucr.get(
'ucsschool/ldap/default/policy/umc/admins',
'cn=ucsschool-umc-admins-default,cn=UMC,cn=policies,%s' % base_dn)
grp_policy_staff = ucr.get(
'ucsschool/ldap/default/policy/umc/staff',
'cn=ucsschool-umc-staff-default,cn=UMC,cn=policies,%s' % base_dn)
utils.verify_ldap_object(
"cn=%s%s,cn=ouadmins,cn=groups,%s" % (grp_prefix_admins, ou, base_dn),
expected_attr={'univentionPolicyReference': [grp_policy_admins]},
should_exist=True)
utils.verify_ldap_object(
"cn=%s%s,cn=groups,%s" % (grp_prefix_pupils, ou, ou_base),
expected_attr={'univentionPolicyReference': [grp_policy_pupils]},
should_exist=must_exist)
utils.verify_ldap_object(
"cn=%s%s,cn=groups,%s" % (grp_prefix_teachers, ou, ou_base),
expected_attr={'univentionPolicyReference': [grp_policy_teachers]},
should_exist=must_exist)
if noneducational_create_objects:
utils.verify_ldap_object(
"cn=%s%s,cn=groups,%s" % (grp_prefix_staff, ou, ou_base),
expected_attr={'univentionPolicyReference': [grp_policy_staff]},
should_exist=must_exist)
dcmaster_module = univention.admin.modules.get(
"computers/domaincontroller_master")
dcbackup_module = univention.admin.modules.get(
"computers/domaincontroller_backup")
dcslave_module = univention.admin.modules.get(
"computers/domaincontroller_slave")
masterobjs = univention.admin.modules.lookup(
dcmaster_module,
None,
lo,
scope='sub',
superordinate=None,
base=base_dn,
filter=univention.admin.filter.expression('cn', dc_name))
backupobjs = univention.admin.modules.lookup(
dcbackup_module,
None,
lo,
scope='sub',
superordinate=None,
base=base_dn,
filter=univention.admin.filter.expression('cn', dc_name))
slaveobjs = univention.admin.modules.lookup(
dcslave_module,
None,
lo,
scope='sub',
superordinate=None,
base=base_dn,
filter=univention.admin.filter.expression('cn', dc_name))
# check group membership
# slave should be member
# master and backup should not be member
dcgroups = [
"cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s" % (ou, base_dn),
"cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s" % (base_dn)
]
if must_exist:
if masterobjs:
is_master_or_backup = True
dcobject = masterobjs[0]
elif backupobjs:
is_master_or_backup = True
dcobject = backupobjs[0]
elif slaveobjs:
is_master_or_backup = False
dcobject = slaveobjs[0]
else:
raise DCNotFound()
dcobject.open()
groups = []
membership = False
for group in dcobject.get('groups'):
groups.append(group.lower())
for dcgroup in dcgroups:
if dcgroup.lower() in groups:
membership = True
if is_master_or_backup and membership:
raise DCMembership()
elif not is_master_or_backup and not membership:
raise DCMembership()
ucr.load()
if not singlemaster:
# in multiserver setups all dhcp settings have to be checked
dhcp_dn = "cn=dhcp,%s" % (ou_base)
else:
# in singleserver setup only the first OU sets dhcpd/ldap/base and all following OUs
# should leave the UCR variable untouched.
dhcpd_ldap_base = ucr.get('dhcpd/ldap/base')
if not dhcpd_ldap_base or 'ou=' not in dhcpd_ldap_base:
raise DhcpdLDAPBase('dhcpd/ldap/base=%r contains no "ou="' %
(dhcpd_ldap_base, ))
# use the UCR value and check if the DHCP service exists
dhcp_dn = dhcpd_ldap_base
# dhcp
print 'LDAP base of dhcpd = %r' % dhcp_dn
dhcp_service_dn = "cn=%s,%s" % (get_school_ou_from_dn(dhcp_dn,
ucr), dhcp_dn)
dhcp_server_dn = "cn=%s,%s" % (dc_name, dhcp_service_dn)
if must_exist:
utils.verify_ldap_object(dhcp_service_dn,
expected_attr={
'dhcpOption': [
'wpad "http://%s.%s/proxy.pac"' %
(dc_name, ucr.get('domainname'))
]
},
should_exist=True)
utils.verify_ldap_object(dhcp_server_dn, should_exist=True)
dhcp_dns_clearou_dn = 'cn=dhcp-dns-clear,cn=policies,%s' % ou_base
if dhcp_dns_clearou:
utils.verify_ldap_object(dhcp_dns_clearou_dn,
expected_attr={
'emptyAttributes':
['univentionDhcpDomainNameServers']
},
should_exist=must_exist)
try:
utils.verify_ldap_object(ou_base,
expected_attr={
'univentionPolicyReference':
[dhcp_dns_clearou_dn]
},
should_exist=must_exist)
except utils.LDAPObjectUnexpectedValue:
# ignore other policies
pass
else:
utils.verify_ldap_object(dhcp_dns_clearou_dn, should_exist=False)
def create_and_verify_ou(ucr,
ou,
dc,
sharefileserver,
dc_administrative=None,
ou_displayname=None,
singlemaster=False,
noneducational_create_objects=False,
district_enable=False,
default_dcs=None,
dhcp_dns_clearou=False,
do_cleanup=True,
unset_dhcpd_base=True,
use_cli_api=True,
use_python_api=False):
assert (use_cli_api != use_python_api)
print '******************************************************'
print '**** create_and_verify_ou test run'
print '**** ou=%s' % ou
print '**** ou_displayname=%r' % ou_displayname
print '**** dc=%s' % dc
print '**** dc_administrative=%s' % dc_administrative
print '**** sharefileserver=%s' % sharefileserver
print '**** singlemaster=%s' % singlemaster
print '**** noneducational_create_objects=%s' % noneducational_create_objects
print '**** district_enable=%s' % district_enable
print '**** default_dcs=%s' % default_dcs
print '**** dhcp_dns_clearou=%s' % dhcp_dns_clearou
print '******************************************************'
ucr.load()
lo = univention.uldap.getMachineConnection()
# set UCR
univention.config_registry.handler_set([
'ucsschool/singlemaster=%s' % ('true' if singlemaster else 'false'),
'ucsschool/ldap/noneducational/create/objects=%s' %
('true' if noneducational_create_objects else 'false'),
'ucsschool/ldap/district/enable=%s' %
('true' if district_enable else 'false'),
'ucsschool/ldap/default/dcs=%s' % default_dcs,
'ucsschool/import/generate/policy/dhcp/dns/clearou=%s' %
('true' if dhcp_dns_clearou else 'false'),
])
if unset_dhcpd_base:
univention.config_registry.handler_unset(['dhcpd/ldap/base'])
ucr.load()
base_dn = ucr.get('ldap/base')
ou_base = get_ou_base(ou, district_enable)
# create hooks
(pre_hook,
pre_hook_successful) = import_ou_create_pre_hook(ou, ou_base, dc,
singlemaster)
(post_hook, post_hook_successful) = import_ou_create_post_hook(
ou, ou_base, dc, singlemaster)
move_dc_after_create_ou = False
# does dc exist?
if singlemaster:
dc_name = ucr.get('hostname')
elif dc:
result = lo.search(
filter='(&(objectClass=univentionDomainController)(cn=%s))' % dc,
base=base_dn,
attr=['cn'])
if result:
move_dc_after_create_ou = True
dc_name = dc
else:
dc_name = 'dc%s-01' % ou
if use_cli_api:
create_ou_cli(ou, dc, dc_administrative, sharefileserver,
ou_displayname)
if use_python_api:
create_ou_python_api(ou, dc, dc_administrative, sharefileserver,
ou_displayname)
if move_dc_after_create_ou:
move_domaincontroller_to_ou_cli(dc_name, ou)
# cleanup hooks
os.remove(pre_hook)
os.remove(post_hook)
if os.path.exists(pre_hook_successful):
os.unlink(pre_hook_successful)
else:
raise PreHookFailed()
if os.path.exists(post_hook_successful):
os.unlink(post_hook_successful)
else:
raise PostHookFailed()
verify_ou(ou, dc, ucr, sharefileserver, dc_administrative, must_exist=True)
if do_cleanup:
remove_ou(ou)
"""
Normalize a given dn. This removes some escaping of special chars in the
DNs. Note: The CON-LDAP returns DNs with escaping chars, OpenLDAP does not.
>>> normalize_dn("cn=peter\#,cn=groups")
'cn=peter#,cn=groups'
"""
return ldap.dn.dn2str(ldap.dn.str2dn(dn))
if __name__ == '__main__':
import doctest
print(doctest.testmod())
ucr = univention.testing.ucr.UCSTestConfigRegistry()
ucr.load()
with UCSTestUDM() as udm:
# create user
dnUser, _username = udm.create_user()
# stop CLI daemon
udm.stop_cli_server()
# create group
_dnGroup, _groupname = udm.create_group()
# modify user from above
udm.modify_object('users/user', dn=dnUser, description='Foo Bar')
# test with malformed arguments
def test_force_printername(ucr, udm, ucr_value):
"""Check state of "force printername" during UDM printer modify"""
ucr_var = "samba/force_printername"
ucr.load()
previous_value = ucr.get(ucr_var)
if ucr_value is None:
univention.config_registry.handler_unset([ucr_var])
else:
keyval = "%s=%s" % (ucr_var, ucr_value)
univention.config_registry.handler_set([keyval])
if ucr_value != previous_value:
subprocess.call(
["systemctl", "restart", "univention-directory-listener"],
close_fds=True)
ucr.load()
expected_value = ucr.is_true(
ucr_var, True) # This is the behavior of cups-printers.py
printer_name = uts.random_name()
printer_properties = {
'model': 'foomatic-ppds/Apple/Apple-12_640ps-Postscript.ppd.gz',
'uri': 'parallel /dev/lp0',
'spoolHost': '%s.%s' % (ucr['hostname'], ucr['domainname']),
'name': printer_name
}
printer = udm.create_object('shares/printer',
position='cn=printers,%s' % ucr['ldap/base'],
**printer_properties)
utils.verify_ldap_object(
printer, {
'univentionPrinterModel': [printer_properties['model']],
'univentionPrinterURI':
[printer_properties['uri'].replace(' ', '')],
'univentionPrinterSpoolHost': [printer_properties['spoolHost']]
})
utils.wait_for_replication()
old_filename = '/etc/samba/printers.conf.d/%s' % printer_name
samba_force_printername = _testparm_is_true(old_filename, printer_name,
'force printername')
assert samba_force_printername == expected_value, "samba option \"force printername\" not set to %s" % (
expected_value, )
print("Ok, samba option \"force printername\" set to %s" %
(expected_value, ))
# Check behavior during UDM modification
rename_share_and_check(udm, printer, expected_value)
# And check again after inverting the UCR setting:
if not expected_value:
# This simulates the update case
keyval = "%s=%s" % (ucr_var, "yes")
univention.config_registry.handler_set([keyval])
else:
keyval = "%s=%s" % (ucr_var, "no")
univention.config_registry.handler_set([keyval])
subprocess.call(["systemctl", "restart", "univention-directory-listener"],
close_fds=True)
rename_share_and_check(udm, printer, expected_value)
# restart listener with original UCR values:
subprocess.call(["systemctl", "restart", "univention-directory-listener"],
close_fds=True)
def test_create_printergroup(ucr, udm):
"""Create shares/printergroup and verify LDAP object"""
ucr.load()
spoolHost = random_fqdn(ucr)
printer_properties1 = {
'name':
uts.random_name(),
'spoolHost':
spoolHost,
'uri':
'%s %s' % (
random.choice(PRINTER_PROTOCOLS),
uts.random_ip(),
),
'model':
'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd',
'producer':
'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
}
print('*** Create shares/printer object')
udm.create_object('shares/printer',
position='cn=printers,%s' % (ucr['ldap/base'], ),
**printer_properties1)
printer_properties2 = {
'name':
uts.random_name(),
'spoolHost':
spoolHost,
'uri':
'%s %s' % (
random.choice(PRINTER_PROTOCOLS),
uts.random_ip(),
),
'model':
'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd',
'producer':
'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
}
print('*** Create shares/printer object')
udm.create_object('shares/printer',
position='cn=printers,%s' % (ucr['ldap/base'], ),
**printer_properties2)
printergroup_properties = {
'name': uts.random_name(),
'spoolHost': spoolHost,
'groupMember':
[printer_properties1['name'], printer_properties2['name']],
'sambaName': uts.random_name(),
}
print('*** Create shares/printergroup object')
printergroup_share_dn = udm.create_object('shares/printergroup',
position='cn=printers,%s' %
(ucr['ldap/base'], ),
**printergroup_properties)
utils.verify_ldap_object(printergroup_share_dn, {
'cn': [printergroup_properties['name']],
'univentionObjectType': ['shares/printergroup'],
'univentionPrinterSambaName': [printergroup_properties['sambaName']],
'univentionPrinterSpoolHost': [printergroup_properties['spoolHost']],
'univentionPrinterGroupMember':
printergroup_properties['groupMember'],
},
delay=1)
print('*** Modify shares/printergroup object')
printergroup_properties['sambaName'] = uts.random_name()
udm.modify_object('shares/printergroup',
dn=printergroup_share_dn,
sambaName=printergroup_properties['sambaName'])
utils.verify_ldap_object(
printergroup_share_dn,
{'univentionPrinterSambaName': [printergroup_properties['sambaName']]},
delay=1)
def test_create_printer_and_check_printing_works(ucr, udm):
"""Create shares/printer and check if print access works"""
ucr.load()
admin_dn = ucr.get(
'tests/domainadmin/account',
'uid=Administrator,cn=users,%s' % (ucr.get('ldap/base'), ))
admin_name = ldap.dn.str2dn(admin_dn)[0][0][1]
password = ucr.get('tests/domainadmin/pwd', 'univention')
spoolhost = '.'.join([ucr['hostname'], ucr['domainname']])
acltype = random.choice(['allow all', 'allow'])
properties = {
'name': uts.random_name(),
'location': uts.random_string(),
'description': uts.random_name(),
'spoolHost': spoolhost,
'uri': '%s %s' % (
random.choice(PRINTER_PROTOCOLS),
uts.random_ip(),
),
'model': 'hp-ppd/HP/HP_Business_Inkjet_2500C_Series.ppd',
'producer':
'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ),
'sambaName': uts.random_name(),
'ACLtype': acltype,
'ACLUsers': admin_dn,
'ACLGroups':
'cn=Printer Admins,cn=groups,%s' % (ucr.get('ldap/base'), ),
}
print('*** Create shares/printer object')
print_share_dn = udm.create_object('shares/printer',
position='cn=printers,%s' %
(ucr['ldap/base'], ),
**properties)
utils.verify_ldap_object(print_share_dn, {
'cn': [properties['name']],
'description': [properties['description']],
'univentionObjectType': ['shares/printer'],
'univentionPrinterACLGroups': [properties['ACLGroups']],
'univentionPrinterACLUsers': [properties['ACLUsers']],
'univentionPrinterACLtype': [properties['ACLtype']],
'univentionPrinterLocation': [properties['location']],
'univentionPrinterModel': [properties['model']],
'univentionPrinterSambaName': [properties['sambaName']],
'univentionPrinterSpoolHost': [properties['spoolHost']],
'univentionPrinterURI': [properties['uri'].replace(' ', '')],
},
delay=1)
print('*** Modify shares/printer samba share name')
properties['sambaName'] = uts.random_name()
udm.modify_object('shares/printer',
dn=print_share_dn,
sambaName=properties['sambaName'])
utils.verify_ldap_object(
print_share_dn,
{'univentionPrinterSambaName': [properties['sambaName']]},
delay=1)
delay = 15
print('*** Wait %s seconds for listener postrun' % delay)
time.sleep(delay)
p = subprocess.Popen(['lpq', '-P', properties['name']], close_fds=True)
p.wait()
assert not p.returncode, "CUPS printer {} not created after {} seconds".format(
properties['name'], delay)
p = subprocess.Popen(
['su', admin_name, '-c',
'lpr -P %s /etc/hosts' % properties['name']],
close_fds=True)
p.wait()
assert not p.returncode, "Printing to CUPS printer {} as {} failed".format(
properties['name'], admin_name)
s4_dc_installed = utils.package_installed("univention-samba4")
s3_file_and_print_server_installed = utils.package_installed(
"univention-samba")
smb_server = s3_file_and_print_server_installed or s4_dc_installed
if smb_server:
delay = 1
time.sleep(delay)
cmd = [
'smbclient',
'//localhost/%s' % properties['sambaName'], '-U',
'%'.join([admin_name, password]), '-c', 'print /etc/hosts'
]
print('\nRunning: %s' % ' '.join(cmd))
p = subprocess.Popen(cmd, close_fds=True)
p.wait()
if p.returncode:
share_definition = '/etc/samba/printers.conf.d/%s' % properties[
'sambaName']
with open(share_definition) as f:
print('### Samba share file %s :' % share_definition)
print(f.read())
print('### testpam for that smb.conf section:')
p = subprocess.Popen(
['testparm', '-s', '--section-name', properties['sambaName']],
close_fds=True)
p.wait()
assert False, 'Samba printer share {} not accessible'.format(
properties['sambaName'])
p = subprocess.Popen(['lprm', '-P', properties['name'], '-'],
close_fds=True)
p.wait()
def import_users_basics(use_cli_api=True, use_python_api=False):
ucr = univention.testing.ucr.UCSTestConfigRegistry()
ucr.load()
udm = udm_test.UCSTestUDM()
for singlemaster in [False, True]:
for samba_home_server in [None, 'generate']:
for profile_path_server in [None, 'generate']:
for home_server_at_ou in [None, 'generate']:
for windows_profile_server in [None, 'generate']:
if samba_home_server == 'generate':
samba_home_server = uts.random_name()
if profile_path_server == 'generate':
profile_path_server = uts.random_name()
school_name = uts.random_name()
if home_server_at_ou:
home_server_at_ou = uts.random_name()
create_home_server(udm, home_server_at_ou)
create_ou_cli(school_name, sharefileserver=home_server_at_ou)
else:
create_ou_cli(school_name)
try:
if windows_profile_server:
windows_profile_server = uts.random_name()
create_windows_profile_server(udm=udm, ou=school_name, name=windows_profile_server)
univention.config_registry.handler_set([
'ucsschool/singlemaster=%s' % ('true' if singlemaster else 'false'),
'ucsschool/import/set/sambahome=%s' % samba_home_server,
'ucsschool/import/set/serverprofile/path=%s' % profile_path_server,
])
if not samba_home_server:
univention.config_registry.handler_unset([
'ucsschool/import/set/sambahome',
])
if not profile_path_server:
univention.config_registry.handler_unset([
'ucsschool/import/set/serverprofile/path',
])
print ''
print '**** import_users_basics:'
print '**** singlemaster: %s' % singlemaster
print '**** samba_home_server: %s' % samba_home_server
print '**** profile_path_server: %s' % profile_path_server
print '**** home_server_at_ou: %s' % home_server_at_ou
print '**** windows_profile_server: %s' % windows_profile_server
print ''
create_and_verify_users(use_cli_api, use_python_api, school_name, 3, 3, 3, 3)
finally:
remove_ou(school_name)
utils.wait_for_replication()
