def test_allow_selfwrite_access_to_anyone(topo, aci_of_user, cleanup_tree):
"""
Modify Test 8 Allow selfwrite access to anyone
:id:8b3becf0-7abf-11e8-ac34-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={
"cn": "group1",
"description": "testgroup"
})
ACI_BODY = '(target = ldap:///cn=group1,ou=Groups,{})(targetattr = "member")(version 3.0; acl "ACI NAME"; allow (selfwrite) (userdn = "ldap:///anyone") ;)'.format(
DEFAULT_SUFFIX)
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
ou = OrganizationalUnit(topo.standalone,
"ou=Product Development,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'Product Development'})
properties = {
'uid': 'Jeff Vedder',
'cn': 'Jeff Vedder',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'JeffVedder',
'userPassword': PW_DM
}
user = UserAccount(
topo.standalone,
"cn=Jeff Vedder,ou=Product Development,{}".format(DEFAULT_SUFFIX))
user.create(properties=properties)
conn = UserAccount(topo.standalone, USER_DELADD).bind(PW_DM)
# Allow selfwrite access to anyone
groups = Groups(conn, DEFAULT_SUFFIX)
groups.list()[0].add_member(USER_DELADD)
group.delete()
def fin():
"""
Deletes entries after the test.
"""
users1 = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
for dn_dn in users1.list():
dn_dn.delete()
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
for dn_dn in groups.list():
dn_dn.delete()
ou_ou = OrganizationalUnit(topo.standalone, f'ou=Accounting,{DEFAULT_SUFFIX}')
ou_ou.delete()
def test_invalid_dn_syntax_crash(topo):
"""Add an entry with an escaped space, restart the server, and try to delete
it. In this case the DN is not correctly parsed and causes cache revert to
to dereference a NULL pointer. So the delete can fail as long as the server
does not crash.
:id: 62d87272-dfb8-4627-9ca1-dbe33082caf8
:setup: Standalone Instance
:steps:
1. Add entry with leading escaped space in the RDN
2. Restart the server so the entry is rebuilt from the database
3. Delete the entry
4. The server should still be running
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
# Create group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={'cn': ' test'})
# Restart the server
topo.standalone.restart()
# Delete group
try:
group.delete()
except ldap.NO_SUCH_OBJECT:
# This is okay in this case as we are only concerned about a crash
pass
# Make sure server is still running
groups.list()
def test_memberof_groups(self, topology_m2, base_m2):
"""Check that conflict properly resolved for operations
with memberOf and groups
:id: 77f09b18-03d1-45da-940b-1ad2c2908eb3
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Enable memberOf plugin
2. Add 30 users to m1 and wait for replication to happen
3. Pause replication
4. Create a group on m1 and m2
5. Create a group on m1 and m2, delete from m1
6. Create a group on m1, delete from m1, and create on m2,
7. Create a group on m2 and m1, delete from m1
8. Create two different groups on m2
9. Resume replication
10. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
9. It should pass
10. It should pass
"""
pytest.xfail("Issue 49591 - work in progress")
M1 = topology_m2.ms["master1"]
M2 = topology_m2.ms["master2"]
test_users_m1 = UserAccounts(M1, base_m2.dn, rdn=None)
test_groups_m1 = Groups(M1, base_m2.dn, rdn=None)
test_groups_m2 = Groups(M2, base_m2.dn, rdn=None)
repl = ReplicationManager(SUFFIX)
for inst in topology_m2.ms.values():
memberof = MemberOfPlugin(inst)
memberof.enable()
agmt = Agreements(inst).list()[0]
agmt.replace_many(('nsDS5ReplicatedAttributeListTotal',
'(objectclass=*) $ EXCLUDE '),
('nsDS5ReplicatedAttributeList',
'(objectclass=*) $ EXCLUDE memberOf'))
inst.restart()
user_dns = []
for user_num in range(10):
user_trio = []
for num in range(0, 30, 10):
user = _create_user(test_users_m1, 1200 + user_num + num)
user_trio.append(user.dn)
user_dns.append(user_trio)
repl.test_replication(M1, M2)
topology_m2.pause_all_replicas()
log.info("Check a simple conflict")
group_num = 0
_create_group(test_groups_m1,
group_num,
user_dns[group_num],
sleep=True)
_create_group(test_groups_m2,
group_num,
user_dns[group_num],
sleep=True)
log.info("Check a add - del")
group_num += 1
_create_group(test_groups_m1,
group_num,
user_dns[group_num],
sleep=True)
_create_group(test_groups_m2,
group_num,
user_dns[group_num],
sleep=True)
_delete_group(test_groups_m1, group_num)
group_num += 1
_create_group(test_groups_m1, group_num, user_dns[group_num])
_delete_group(test_groups_m1, group_num, sleep=True)
_create_group(test_groups_m2, group_num, user_dns[group_num])
group_num += 1
_create_group(test_groups_m2,
group_num,
user_dns[group_num],
sleep=True)
_create_group(test_groups_m1, group_num, user_dns[group_num])
_delete_group(test_groups_m1, group_num, sleep=True)
group_num += 1
_create_group(test_groups_m2, group_num, user_dns[group_num])
group_num += 1
_create_group(test_groups_m2, group_num, user_dns[group_num])
topology_m2.resume_all_replicas()
repl.test_replication_topology(topology_m2)
group_dns_m1 = [group.dn for group in test_groups_m1.list()]
group_dns_m2 = [group.dn for group in test_groups_m2.list()]
assert set(group_dns_m1) == set(group_dns_m2)
