def test_modify_printer_and_check_cupsd(ucr, udm): """Create and modify shares/printer, check if cupsd still running""" ucr.load() name = uts.random_name() printer_properties = { 'model': 'foomatic-rip/Alps-MD-5000-md5k.ppd', 'uri': 'file:/ tmp/%s' % name, 'spoolHost': '%s.%s' % (ucr['hostname'], ucr['domainname']), 'name': name, } printer = udm.create_object('shares/printer', position='cn=printers,%s' % ucr['ldap/base'], **printer_properties) utils.verify_ldap_object( printer, { 'univentionPrinterModel': [printer_properties['model']], 'univentionPrinterURI': [printer_properties['uri'].replace(' ', '')], 'univentionPrinterSpoolHost': [printer_properties['spoolHost']] }) udm.modify_object('shares/printer', dn=printer, ACLUsers=['cn=test,cn=users'], ACLtype='allow') time.sleep(3) # check if cups is still running subprocess.check_call(['lpstat', '-a'])
def get_school_ou_from_dn(dn, ucr=None): if not ucr: ucr = univention.config_registry.ConfigRegistry() ucr.load() oulist = [ x[3:] for x in univention.admin.uldap.explodeDn(dn) if x.startswith('ou=') ] if ucr.is_true('ucsschool/ldap/district/enable'): return oulist[-2] return oulist[-1]
def test_create_printer(ucr, udm): """Create shares/printer and verify LDAP object""" ucr.load() properties = { 'name': uts.random_name(), 'location': uts.random_string(), 'description': uts.random_name(), 'spoolHost': random_fqdn(ucr), 'uri': '%s %s' % ( random.choice(PRINTER_PROTOCOLS), uts.random_ip(), ), 'model': 'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd', 'producer': 'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ), 'sambaName': uts.random_name(), 'ACLtype': random.choice(['allow all', 'allow', 'deny']), 'ACLUsers': 'uid=Administrator,cn=users,%s' % (ucr.get('ldap/base'), ), 'ACLGroups': 'cn=Printer Admins,cn=groups,%s' % (ucr.get('ldap/base'), ), } print('*** Create shares/printer object') print_share_dn = udm.create_object('shares/printer', position='cn=printers,%s' % (ucr['ldap/base'], ), **properties) utils.verify_ldap_object(print_share_dn, { 'cn': [properties['name']], 'description': [properties['description']], 'univentionObjectType': ['shares/printer'], 'univentionPrinterACLGroups': [properties['ACLGroups']], 'univentionPrinterACLUsers': [properties['ACLUsers']], 'univentionPrinterACLtype': [properties['ACLtype']], 'univentionPrinterLocation': [properties['location']], 'univentionPrinterModel': [properties['model']], 'univentionPrinterSambaName': [properties['sambaName']], 'univentionPrinterSpoolHost': [properties['spoolHost']], 'univentionPrinterURI': [properties['uri'].replace(' ', '')], }, delay=1) print('*** Modify shares/printer object') properties['sambaName'] = uts.random_name() udm.modify_object('shares/printer', dn=print_share_dn, sambaName=properties['sambaName']) utils.verify_ldap_object( print_share_dn, {'univentionPrinterSambaName': [properties['sambaName']]}, delay=1)
def get_ou_base(ou, district_enable): ucr = univention.testing.ucr.UCSTestConfigRegistry() ucr.load() base_dn = ucr.get('ldap/base') if district_enable: ou_base = 'ou=%s,ou=%s,%s' % (ou, ou[0:2], base_dn) else: ou_base = 'ou=%s,%s' % (ou, base_dn) return ou_base
def import_3_ou_in_a_row(use_cli_api=True, use_python_api=False): """ Creates 3 OUs in a row """ with univention.testing.ucr.UCSTestConfigRegistry( ) as ucr, univention.testing.udm.UCSTestUDM() as udm: create_mail_domain(ucr, udm) for singlemaster in [True, False]: for district_enable in [False, True]: cleanup_ou_list = [] try: # reset DHCPD ldap search base which is also to be tested univention.config_registry.handler_unset( ['dhcpd/ldap/base']) ucr.load() for i in xrange(1, 4): ou_name = uts.random_name() print '\n*** Creating OU #%d (ou_name=%s) ***\n' % ( i, ou_name) cleanup_ou_list.append(ou_name) create_and_verify_ou( ucr, ou=ou_name, ou_displayname=ou_name, dc=(uts.random_name() if not singlemaster else None), dc_administrative=None, sharefileserver=None, singlemaster=singlemaster, noneducational_create_objects=False, district_enable=district_enable, default_dcs=None, dhcp_dns_clearou=True, unset_dhcpd_base=False, do_cleanup=False, use_cli_api=use_cli_api, use_python_api=use_python_api, ) finally: for ou_name in cleanup_ou_list: remove_ou(ou_name)
def verify_dc(ou, dc_name, dc_type, base_dn=None, must_exist=True): ''' Arguments: dc_name: name of the domaincontroller (cn) dc_type: type of the domaincontroller ('educational' or 'administrative') ''' assert (dc_type in (TYPE_DC_ADMINISTRATIVE, TYPE_DC_EDUCATIONAL)) ucr = univention.testing.ucr.UCSTestConfigRegistry() ucr.load() if not base_dn: base_dn = ucr.get('ldap/base') ou_base = get_ou_base(ou, ucr.is_true('ucsschool/ldap/district/enable', False)) dc_dn = 'cn=%s,cn=dc,cn=server,cn=computers,%s' % (dc_name, ou_base) # define list of (un-)desired group memberships ==> [(IS_MEMBER, GROUP_DN), ...] group_dn_list = [] if dc_type == TYPE_DC_ADMINISTRATIVE: group_dn_list += [ (True, 'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou.lower(), base_dn)), (True, 'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )), (False, 'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn), (False, 'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn)), (False, 'cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (ou.lower(), base_dn)), (False, 'cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )), (False, 'cn=Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % base_dn), (False, 'cn=OU%s-Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn)), ] else: group_dn_list += [ (True, 'cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (ou.lower(), base_dn)), (True, 'cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )), (False, 'cn=Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % base_dn), (False, 'cn=OU%s-Member-Edukativnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn)), ] if ucr.is_true('ucsschool/ldap/noneducational/create/objects', must_exist): group_dn_list += [ (False, 'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou.lower(), base_dn)), (False, 'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (base_dn, )), (False, 'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn), (False, 'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn)), ] utils.verify_ldap_object(dc_dn, should_exist=must_exist) for (expected_membership, grpdn) in group_dn_list: try: if must_exist: utils.verify_ldap_object( grpdn, expected_attr={'uniqueMember': [dc_dn]}, strict=False, should_exist=True) if not expected_membership: raise DCisMemberOfGroup('%s DC %r is member of group %r' % (dc_type, dc_dn, grpdn)) except utils.LDAPObjectValueMissing: if expected_membership: raise
def verify_ou(ou, dc, ucr, sharefileserver, dc_administrative, must_exist): print '*** Verifying OU (%s) ... ' % ou ucr.load() dc_name = ucr.get('hostname') old_dhcpd_ldap_base = ucr.get('dhcpd/ldap/base') lo = univention.uldap.getMachineConnection() base_dn = ucr.get('ldap/base') cn_pupils = ucr.get('ucsschool/ldap/default/container/pupils', 'schueler') cn_teachers = ucr.get('ucsschool/ldap/default/container/teachers', 'lehrer') cn_teachers_staff = ucr.get( 'ucsschool/ldap/default/container/teachers-and-staff', 'lehrer und mitarbeiter') cn_admins = ucr.get('ucsschool/ldap/default/container/admins', 'admins') cn_staff = ucr.get('ucsschool/ldap/default/container/staff', 'mitarbeiter') singlemaster = ucr.is_true('ucsschool/singlemaster') noneducational_create_objects = ucr.is_true( 'ucsschool/ldap/noneducational/create/objects') district_enable = ucr.is_true('ucsschool/ldap/district/enable') # default_dcs = ucr.get('ucsschool/ldap/default/dcs') dhcp_dns_clearou = ucr.is_true( 'ucsschool/import/generate/policy/dhcp/dns/clearou') ou_base = get_ou_base(ou, district_enable) # does dc exist? if singlemaster: dc_dn = ucr.get('ldap/hostdn') dc_name = ucr.get('hostname') elif dc: dc_dn = 'cn=%s,cn=dc,cn=server,cn=computers,%s' % (dc, ou_base) dc_name = dc else: dc_dn = 'cn=dc%s-01,cn=dc,cn=server,cn=computers,%s' % (ou, ou_base) dc_name = 'dc%s-01' % ou sharefileserver_dn = dc_dn if sharefileserver: result = lo.search( filter='(&(objectClass=univentionDomainController)(cn=%s))' % sharefileserver, base=base_dn, attr=['cn']) if result: sharefileserver_dn = result[0][0] utils.verify_ldap_object(ou_base, expected_attr={ 'ou': [ou], 'ucsschoolClassShareFileServer': [sharefileserver_dn], 'ucsschoolHomeShareFileServer': [sharefileserver_dn] }, should_exist=must_exist) utils.verify_ldap_object('cn=printers,%s' % ou_base, expected_attr={'cn': ['printers']}, should_exist=must_exist) utils.verify_ldap_object('cn=users,%s' % ou_base, expected_attr={'cn': ['users']}, should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_pupils, ou_base), expected_attr={'cn': [cn_pupils]}, should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_teachers, ou_base), expected_attr={'cn': [cn_teachers]}, should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_admins, ou_base), expected_attr={'cn': [cn_admins]}, should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_admins, ou_base), expected_attr={'cn': [cn_admins]}, should_exist=must_exist) utils.verify_ldap_object('cn=computers,%s' % ou_base, expected_attr={'cn': ['computers']}, should_exist=must_exist) utils.verify_ldap_object('cn=server,cn=computers,%s' % ou_base, expected_attr={'cn': ['server']}, should_exist=must_exist) utils.verify_ldap_object('cn=dc,cn=server,cn=computers,%s' % ou_base, expected_attr={'cn': ['dc']}, should_exist=must_exist) utils.verify_ldap_object('cn=networks,%s' % ou_base, expected_attr={'cn': ['networks']}, should_exist=must_exist) utils.verify_ldap_object('cn=groups,%s' % ou_base, expected_attr={'cn': ['groups']}, should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_pupils, ou_base), expected_attr={'cn': [cn_pupils]}, should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_teachers, ou_base), expected_attr={'cn': [cn_teachers]}, should_exist=must_exist) utils.verify_ldap_object('cn=klassen,cn=%s,cn=groups,%s' % (cn_pupils, ou_base), expected_attr={'cn': ['klassen']}, should_exist=must_exist) utils.verify_ldap_object('cn=raeume,cn=groups,%s' % ou_base, expected_attr={'cn': ['raeume']}, should_exist=must_exist) utils.verify_ldap_object('cn=dhcp,%s' % ou_base, expected_attr={'cn': ['dhcp']}, should_exist=must_exist) utils.verify_ldap_object('cn=policies,%s' % ou_base, expected_attr={'cn': ['policies']}, should_exist=must_exist) utils.verify_ldap_object('cn=shares,%s' % ou_base, expected_attr={'cn': ['shares']}, should_exist=must_exist) utils.verify_ldap_object('cn=klassen,cn=shares,%s' % ou_base, expected_attr={'cn': ['klassen']}, should_exist=must_exist) utils.verify_ldap_object('cn=dc,cn=server,cn=computers,%s' % ou_base, expected_attr={'cn': ['dc']}, should_exist=must_exist) if noneducational_create_objects: utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_staff, ou_base), should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_teachers_staff, ou_base), should_exist=must_exist) utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_staff, ou_base), should_exist=must_exist) else: utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_staff, ou_base), should_exist=False) utils.verify_ldap_object('cn=%s,cn=users,%s' % (cn_teachers_staff, ou_base), should_exist=False) utils.verify_ldap_object('cn=%s,cn=groups,%s' % (cn_staff, ou_base), should_exist=False) if noneducational_create_objects: utils.verify_ldap_object( 'cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn, should_exist=True) utils.verify_ldap_object( 'cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % base_dn, should_exist=True) utils.verify_ldap_object( 'cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=True) utils.verify_ldap_object( 'cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=True) # This will fail because we don't cleanup these groups in cleanup_ou # else: # utils.verify_ldap_object("cn=DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s" % base_dn, should_exist=False) # utils.verify_ldap_object("cn=Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s" % base_dn, should_exist=False) # utils.verify_ldap_object('cn=OU%s-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=False) # utils.verify_ldap_object('cn=OU%s-Member-Verwaltungsnetz,cn=ucsschool,cn=groups,%s' % (ou, base_dn), should_exist=False) if not singlemaster: verify_dc(ou, dc_name, TYPE_DC_EDUCATIONAL, base_dn, must_exist) if dc_administrative: verify_dc(ou, dc_administrative, TYPE_DC_ADMINISTRATIVE, base_dn, must_exist) grp_prefix_pupils = ucr.get('ucsschool/ldap/default/groupprefix/pupils', 'schueler-') grp_prefix_teachers = ucr.get( 'ucsschool/ldap/default/groupprefix/teachers', 'lehrer-') grp_prefix_admins = ucr.get('ucsschool/ldap/default/groupprefix/admins', 'admins-') grp_prefix_staff = ucr.get('ucsschool/ldap/default/groupprefix/staff', 'mitarbeiter-') grp_policy_pupils = ucr.get( 'ucsschool/ldap/default/policy/umc/pupils', 'cn=ucsschool-umc-pupils-default,cn=UMC,cn=policies,%s' % base_dn) grp_policy_teachers = ucr.get( 'ucsschool/ldap/default/policy/umc/teachers', 'cn=ucsschool-umc-teachers-default,cn=UMC,cn=policies,%s' % base_dn) grp_policy_admins = ucr.get( 'ucsschool/ldap/default/policy/umc/admins', 'cn=ucsschool-umc-admins-default,cn=UMC,cn=policies,%s' % base_dn) grp_policy_staff = ucr.get( 'ucsschool/ldap/default/policy/umc/staff', 'cn=ucsschool-umc-staff-default,cn=UMC,cn=policies,%s' % base_dn) utils.verify_ldap_object( "cn=%s%s,cn=ouadmins,cn=groups,%s" % (grp_prefix_admins, ou, base_dn), expected_attr={'univentionPolicyReference': [grp_policy_admins]}, should_exist=True) utils.verify_ldap_object( "cn=%s%s,cn=groups,%s" % (grp_prefix_pupils, ou, ou_base), expected_attr={'univentionPolicyReference': [grp_policy_pupils]}, should_exist=must_exist) utils.verify_ldap_object( "cn=%s%s,cn=groups,%s" % (grp_prefix_teachers, ou, ou_base), expected_attr={'univentionPolicyReference': [grp_policy_teachers]}, should_exist=must_exist) if noneducational_create_objects: utils.verify_ldap_object( "cn=%s%s,cn=groups,%s" % (grp_prefix_staff, ou, ou_base), expected_attr={'univentionPolicyReference': [grp_policy_staff]}, should_exist=must_exist) dcmaster_module = univention.admin.modules.get( "computers/domaincontroller_master") dcbackup_module = univention.admin.modules.get( "computers/domaincontroller_backup") dcslave_module = univention.admin.modules.get( "computers/domaincontroller_slave") masterobjs = univention.admin.modules.lookup( dcmaster_module, None, lo, scope='sub', superordinate=None, base=base_dn, filter=univention.admin.filter.expression('cn', dc_name)) backupobjs = univention.admin.modules.lookup( dcbackup_module, None, lo, scope='sub', superordinate=None, base=base_dn, filter=univention.admin.filter.expression('cn', dc_name)) slaveobjs = univention.admin.modules.lookup( dcslave_module, None, lo, scope='sub', superordinate=None, base=base_dn, filter=univention.admin.filter.expression('cn', dc_name)) # check group membership # slave should be member # master and backup should not be member dcgroups = [ "cn=OU%s-DC-Edukativnetz,cn=ucsschool,cn=groups,%s" % (ou, base_dn), "cn=DC-Edukativnetz,cn=ucsschool,cn=groups,%s" % (base_dn) ] if must_exist: if masterobjs: is_master_or_backup = True dcobject = masterobjs[0] elif backupobjs: is_master_or_backup = True dcobject = backupobjs[0] elif slaveobjs: is_master_or_backup = False dcobject = slaveobjs[0] else: raise DCNotFound() dcobject.open() groups = [] membership = False for group in dcobject.get('groups'): groups.append(group.lower()) for dcgroup in dcgroups: if dcgroup.lower() in groups: membership = True if is_master_or_backup and membership: raise DCMembership() elif not is_master_or_backup and not membership: raise DCMembership() ucr.load() if not singlemaster: # in multiserver setups all dhcp settings have to be checked dhcp_dn = "cn=dhcp,%s" % (ou_base) else: # in singleserver setup only the first OU sets dhcpd/ldap/base and all following OUs # should leave the UCR variable untouched. dhcpd_ldap_base = ucr.get('dhcpd/ldap/base') if not dhcpd_ldap_base or 'ou=' not in dhcpd_ldap_base: raise DhcpdLDAPBase('dhcpd/ldap/base=%r contains no "ou="' % (dhcpd_ldap_base, )) # use the UCR value and check if the DHCP service exists dhcp_dn = dhcpd_ldap_base # dhcp print 'LDAP base of dhcpd = %r' % dhcp_dn dhcp_service_dn = "cn=%s,%s" % (get_school_ou_from_dn(dhcp_dn, ucr), dhcp_dn) dhcp_server_dn = "cn=%s,%s" % (dc_name, dhcp_service_dn) if must_exist: utils.verify_ldap_object(dhcp_service_dn, expected_attr={ 'dhcpOption': [ 'wpad "http://%s.%s/proxy.pac"' % (dc_name, ucr.get('domainname')) ] }, should_exist=True) utils.verify_ldap_object(dhcp_server_dn, should_exist=True) dhcp_dns_clearou_dn = 'cn=dhcp-dns-clear,cn=policies,%s' % ou_base if dhcp_dns_clearou: utils.verify_ldap_object(dhcp_dns_clearou_dn, expected_attr={ 'emptyAttributes': ['univentionDhcpDomainNameServers'] }, should_exist=must_exist) try: utils.verify_ldap_object(ou_base, expected_attr={ 'univentionPolicyReference': [dhcp_dns_clearou_dn] }, should_exist=must_exist) except utils.LDAPObjectUnexpectedValue: # ignore other policies pass else: utils.verify_ldap_object(dhcp_dns_clearou_dn, should_exist=False)
def create_and_verify_ou(ucr, ou, dc, sharefileserver, dc_administrative=None, ou_displayname=None, singlemaster=False, noneducational_create_objects=False, district_enable=False, default_dcs=None, dhcp_dns_clearou=False, do_cleanup=True, unset_dhcpd_base=True, use_cli_api=True, use_python_api=False): assert (use_cli_api != use_python_api) print '******************************************************' print '**** create_and_verify_ou test run' print '**** ou=%s' % ou print '**** ou_displayname=%r' % ou_displayname print '**** dc=%s' % dc print '**** dc_administrative=%s' % dc_administrative print '**** sharefileserver=%s' % sharefileserver print '**** singlemaster=%s' % singlemaster print '**** noneducational_create_objects=%s' % noneducational_create_objects print '**** district_enable=%s' % district_enable print '**** default_dcs=%s' % default_dcs print '**** dhcp_dns_clearou=%s' % dhcp_dns_clearou print '******************************************************' ucr.load() lo = univention.uldap.getMachineConnection() # set UCR univention.config_registry.handler_set([ 'ucsschool/singlemaster=%s' % ('true' if singlemaster else 'false'), 'ucsschool/ldap/noneducational/create/objects=%s' % ('true' if noneducational_create_objects else 'false'), 'ucsschool/ldap/district/enable=%s' % ('true' if district_enable else 'false'), 'ucsschool/ldap/default/dcs=%s' % default_dcs, 'ucsschool/import/generate/policy/dhcp/dns/clearou=%s' % ('true' if dhcp_dns_clearou else 'false'), ]) if unset_dhcpd_base: univention.config_registry.handler_unset(['dhcpd/ldap/base']) ucr.load() base_dn = ucr.get('ldap/base') ou_base = get_ou_base(ou, district_enable) # create hooks (pre_hook, pre_hook_successful) = import_ou_create_pre_hook(ou, ou_base, dc, singlemaster) (post_hook, post_hook_successful) = import_ou_create_post_hook( ou, ou_base, dc, singlemaster) move_dc_after_create_ou = False # does dc exist? if singlemaster: dc_name = ucr.get('hostname') elif dc: result = lo.search( filter='(&(objectClass=univentionDomainController)(cn=%s))' % dc, base=base_dn, attr=['cn']) if result: move_dc_after_create_ou = True dc_name = dc else: dc_name = 'dc%s-01' % ou if use_cli_api: create_ou_cli(ou, dc, dc_administrative, sharefileserver, ou_displayname) if use_python_api: create_ou_python_api(ou, dc, dc_administrative, sharefileserver, ou_displayname) if move_dc_after_create_ou: move_domaincontroller_to_ou_cli(dc_name, ou) # cleanup hooks os.remove(pre_hook) os.remove(post_hook) if os.path.exists(pre_hook_successful): os.unlink(pre_hook_successful) else: raise PreHookFailed() if os.path.exists(post_hook_successful): os.unlink(post_hook_successful) else: raise PostHookFailed() verify_ou(ou, dc, ucr, sharefileserver, dc_administrative, must_exist=True) if do_cleanup: remove_ou(ou)
""" Normalize a given dn. This removes some escaping of special chars in the DNs. Note: The CON-LDAP returns DNs with escaping chars, OpenLDAP does not. >>> normalize_dn("cn=peter\#,cn=groups") 'cn=peter#,cn=groups' """ return ldap.dn.dn2str(ldap.dn.str2dn(dn)) if __name__ == '__main__': import doctest print(doctest.testmod()) ucr = univention.testing.ucr.UCSTestConfigRegistry() ucr.load() with UCSTestUDM() as udm: # create user dnUser, _username = udm.create_user() # stop CLI daemon udm.stop_cli_server() # create group _dnGroup, _groupname = udm.create_group() # modify user from above udm.modify_object('users/user', dn=dnUser, description='Foo Bar') # test with malformed arguments
def test_force_printername(ucr, udm, ucr_value): """Check state of "force printername" during UDM printer modify""" ucr_var = "samba/force_printername" ucr.load() previous_value = ucr.get(ucr_var) if ucr_value is None: univention.config_registry.handler_unset([ucr_var]) else: keyval = "%s=%s" % (ucr_var, ucr_value) univention.config_registry.handler_set([keyval]) if ucr_value != previous_value: subprocess.call( ["systemctl", "restart", "univention-directory-listener"], close_fds=True) ucr.load() expected_value = ucr.is_true( ucr_var, True) # This is the behavior of cups-printers.py printer_name = uts.random_name() printer_properties = { 'model': 'foomatic-ppds/Apple/Apple-12_640ps-Postscript.ppd.gz', 'uri': 'parallel /dev/lp0', 'spoolHost': '%s.%s' % (ucr['hostname'], ucr['domainname']), 'name': printer_name } printer = udm.create_object('shares/printer', position='cn=printers,%s' % ucr['ldap/base'], **printer_properties) utils.verify_ldap_object( printer, { 'univentionPrinterModel': [printer_properties['model']], 'univentionPrinterURI': [printer_properties['uri'].replace(' ', '')], 'univentionPrinterSpoolHost': [printer_properties['spoolHost']] }) utils.wait_for_replication() old_filename = '/etc/samba/printers.conf.d/%s' % printer_name samba_force_printername = _testparm_is_true(old_filename, printer_name, 'force printername') assert samba_force_printername == expected_value, "samba option \"force printername\" not set to %s" % ( expected_value, ) print("Ok, samba option \"force printername\" set to %s" % (expected_value, )) # Check behavior during UDM modification rename_share_and_check(udm, printer, expected_value) # And check again after inverting the UCR setting: if not expected_value: # This simulates the update case keyval = "%s=%s" % (ucr_var, "yes") univention.config_registry.handler_set([keyval]) else: keyval = "%s=%s" % (ucr_var, "no") univention.config_registry.handler_set([keyval]) subprocess.call(["systemctl", "restart", "univention-directory-listener"], close_fds=True) rename_share_and_check(udm, printer, expected_value) # restart listener with original UCR values: subprocess.call(["systemctl", "restart", "univention-directory-listener"], close_fds=True)
def test_create_printergroup(ucr, udm): """Create shares/printergroup and verify LDAP object""" ucr.load() spoolHost = random_fqdn(ucr) printer_properties1 = { 'name': uts.random_name(), 'spoolHost': spoolHost, 'uri': '%s %s' % ( random.choice(PRINTER_PROTOCOLS), uts.random_ip(), ), 'model': 'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd', 'producer': 'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ), } print('*** Create shares/printer object') udm.create_object('shares/printer', position='cn=printers,%s' % (ucr['ldap/base'], ), **printer_properties1) printer_properties2 = { 'name': uts.random_name(), 'spoolHost': spoolHost, 'uri': '%s %s' % ( random.choice(PRINTER_PROTOCOLS), uts.random_ip(), ), 'model': 'foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd', 'producer': 'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ), } print('*** Create shares/printer object') udm.create_object('shares/printer', position='cn=printers,%s' % (ucr['ldap/base'], ), **printer_properties2) printergroup_properties = { 'name': uts.random_name(), 'spoolHost': spoolHost, 'groupMember': [printer_properties1['name'], printer_properties2['name']], 'sambaName': uts.random_name(), } print('*** Create shares/printergroup object') printergroup_share_dn = udm.create_object('shares/printergroup', position='cn=printers,%s' % (ucr['ldap/base'], ), **printergroup_properties) utils.verify_ldap_object(printergroup_share_dn, { 'cn': [printergroup_properties['name']], 'univentionObjectType': ['shares/printergroup'], 'univentionPrinterSambaName': [printergroup_properties['sambaName']], 'univentionPrinterSpoolHost': [printergroup_properties['spoolHost']], 'univentionPrinterGroupMember': printergroup_properties['groupMember'], }, delay=1) print('*** Modify shares/printergroup object') printergroup_properties['sambaName'] = uts.random_name() udm.modify_object('shares/printergroup', dn=printergroup_share_dn, sambaName=printergroup_properties['sambaName']) utils.verify_ldap_object( printergroup_share_dn, {'univentionPrinterSambaName': [printergroup_properties['sambaName']]}, delay=1)
def test_create_printer_and_check_printing_works(ucr, udm): """Create shares/printer and check if print access works""" ucr.load() admin_dn = ucr.get( 'tests/domainadmin/account', 'uid=Administrator,cn=users,%s' % (ucr.get('ldap/base'), )) admin_name = ldap.dn.str2dn(admin_dn)[0][0][1] password = ucr.get('tests/domainadmin/pwd', 'univention') spoolhost = '.'.join([ucr['hostname'], ucr['domainname']]) acltype = random.choice(['allow all', 'allow']) properties = { 'name': uts.random_name(), 'location': uts.random_string(), 'description': uts.random_name(), 'spoolHost': spoolhost, 'uri': '%s %s' % ( random.choice(PRINTER_PROTOCOLS), uts.random_ip(), ), 'model': 'hp-ppd/HP/HP_Business_Inkjet_2500C_Series.ppd', 'producer': 'cn=Generic,cn=cups,cn=univention,%s' % (ucr.get('ldap/base'), ), 'sambaName': uts.random_name(), 'ACLtype': acltype, 'ACLUsers': admin_dn, 'ACLGroups': 'cn=Printer Admins,cn=groups,%s' % (ucr.get('ldap/base'), ), } print('*** Create shares/printer object') print_share_dn = udm.create_object('shares/printer', position='cn=printers,%s' % (ucr['ldap/base'], ), **properties) utils.verify_ldap_object(print_share_dn, { 'cn': [properties['name']], 'description': [properties['description']], 'univentionObjectType': ['shares/printer'], 'univentionPrinterACLGroups': [properties['ACLGroups']], 'univentionPrinterACLUsers': [properties['ACLUsers']], 'univentionPrinterACLtype': [properties['ACLtype']], 'univentionPrinterLocation': [properties['location']], 'univentionPrinterModel': [properties['model']], 'univentionPrinterSambaName': [properties['sambaName']], 'univentionPrinterSpoolHost': [properties['spoolHost']], 'univentionPrinterURI': [properties['uri'].replace(' ', '')], }, delay=1) print('*** Modify shares/printer samba share name') properties['sambaName'] = uts.random_name() udm.modify_object('shares/printer', dn=print_share_dn, sambaName=properties['sambaName']) utils.verify_ldap_object( print_share_dn, {'univentionPrinterSambaName': [properties['sambaName']]}, delay=1) delay = 15 print('*** Wait %s seconds for listener postrun' % delay) time.sleep(delay) p = subprocess.Popen(['lpq', '-P', properties['name']], close_fds=True) p.wait() assert not p.returncode, "CUPS printer {} not created after {} seconds".format( properties['name'], delay) p = subprocess.Popen( ['su', admin_name, '-c', 'lpr -P %s /etc/hosts' % properties['name']], close_fds=True) p.wait() assert not p.returncode, "Printing to CUPS printer {} as {} failed".format( properties['name'], admin_name) s4_dc_installed = utils.package_installed("univention-samba4") s3_file_and_print_server_installed = utils.package_installed( "univention-samba") smb_server = s3_file_and_print_server_installed or s4_dc_installed if smb_server: delay = 1 time.sleep(delay) cmd = [ 'smbclient', '//localhost/%s' % properties['sambaName'], '-U', '%'.join([admin_name, password]), '-c', 'print /etc/hosts' ] print('\nRunning: %s' % ' '.join(cmd)) p = subprocess.Popen(cmd, close_fds=True) p.wait() if p.returncode: share_definition = '/etc/samba/printers.conf.d/%s' % properties[ 'sambaName'] with open(share_definition) as f: print('### Samba share file %s :' % share_definition) print(f.read()) print('### testpam for that smb.conf section:') p = subprocess.Popen( ['testparm', '-s', '--section-name', properties['sambaName']], close_fds=True) p.wait() assert False, 'Samba printer share {} not accessible'.format( properties['sambaName']) p = subprocess.Popen(['lprm', '-P', properties['name'], '-'], close_fds=True) p.wait()
def import_users_basics(use_cli_api=True, use_python_api=False): ucr = univention.testing.ucr.UCSTestConfigRegistry() ucr.load() udm = udm_test.UCSTestUDM() for singlemaster in [False, True]: for samba_home_server in [None, 'generate']: for profile_path_server in [None, 'generate']: for home_server_at_ou in [None, 'generate']: for windows_profile_server in [None, 'generate']: if samba_home_server == 'generate': samba_home_server = uts.random_name() if profile_path_server == 'generate': profile_path_server = uts.random_name() school_name = uts.random_name() if home_server_at_ou: home_server_at_ou = uts.random_name() create_home_server(udm, home_server_at_ou) create_ou_cli(school_name, sharefileserver=home_server_at_ou) else: create_ou_cli(school_name) try: if windows_profile_server: windows_profile_server = uts.random_name() create_windows_profile_server(udm=udm, ou=school_name, name=windows_profile_server) univention.config_registry.handler_set([ 'ucsschool/singlemaster=%s' % ('true' if singlemaster else 'false'), 'ucsschool/import/set/sambahome=%s' % samba_home_server, 'ucsschool/import/set/serverprofile/path=%s' % profile_path_server, ]) if not samba_home_server: univention.config_registry.handler_unset([ 'ucsschool/import/set/sambahome', ]) if not profile_path_server: univention.config_registry.handler_unset([ 'ucsschool/import/set/serverprofile/path', ]) print '' print '**** import_users_basics:' print '**** singlemaster: %s' % singlemaster print '**** samba_home_server: %s' % samba_home_server print '**** profile_path_server: %s' % profile_path_server print '**** home_server_at_ou: %s' % home_server_at_ou print '**** windows_profile_server: %s' % windows_profile_server print '' create_and_verify_users(use_cli_api, use_python_api, school_name, 3, 3, 3, 3) finally: remove_ou(school_name) utils.wait_for_replication()