def test_posix_account(self, props):
ucfg = UsersConfig(
baseDN='ou=defaults,dc=my-domain,dc=com',
attrmap=odict((
('rdn', 'cn'),
('id', 'cn')
)),
scope=SUBTREE,
queryFilter='(objectClass=posixAccount)',
objectClasses=['account', 'posixAccount'],
defaults={}
)
users = Users(props, ucfg)
user = users.create('posixuser')
user()
self.assertEqual(sorted(user.context.attrs.items()), [
(u'cn', u'posixuser'),
(u'gidNumber', u'100'),
(u'homeDirectory', u'/home/posixuser'),
(u'objectClass', [u'account', u'posixAccount']),
(u'uid', u'posixuser'),
(u'uidNumber', u'100')
])
defaults.creation_defaults['posixAccount']['loginShell'] = posix.loginShell
ucfg = UsersConfig(
baseDN='ou=defaults,dc=my-domain,dc=com',
attrmap=odict((
('rdn', 'uid'),
('id', 'uid')
)),
scope=SUBTREE,
queryFilter='(objectClass=posixAccount)',
objectClasses=['account', 'posixAccount'],
defaults={}
)
users = Users(props, ucfg)
user = users.create('posixuser1')
user()
self.assertEqual(sorted(user.context.attrs.items()), [
(u'cn', u'posixuser1'),
(u'gidNumber', u'101'),
(u'homeDirectory', u'/home/posixuser1'),
(u'loginShell', u'/bin/false'),
(u'objectClass', [u'account', u'posixAccount']),
(u'uid', u'posixuser1'),
(u'uidNumber', u'101')
])
del defaults.creation_defaults['posixAccount']['loginShell']
def ldap_ucfg(self):
ugm_settings = general_settings(self).attrs
settings = self.attrs
attr_map = odict(settings.users_aliases_attrmap.items())
login_name = ugm_settings.users_login_name_attr
if login_name:
attr_map['login'] = login_name
if login_name not in attr_map:
attr_map[login_name] = login_name
else:
# XXX: Not sure whether login attr fallback is needed. Keep for now
# since this is the behavior as before introducing
# users_login_name_attr setting.
attr_map['login'] = attr_map['id']
for attr in ugm_settings.users_form_attrmap:
if attr in attr_map:
continue
attr_map[attr] = attr
if ugm_settings.users_exposed_attributes:
for attr in ugm_settings.users_exposed_attributes:
if attr in attr_map:
continue
attr_map[attr] = attr
expires_attr = None
expires_unit = EXPIRATION_DAYS
if ugm_settings.users_account_expiration == 'True':
expires_attr = ugm_settings.users_expires_attr
expires_unit = int(ugm_settings.users_expires_unit)
if expires_attr not in attr_map:
attr_map[expires_attr] = expires_attr
if ugm_settings.users_portrait == 'True':
image_attr = ugm_settings.users_portrait_attr
if image_attr not in attr_map:
attr_map[image_attr] = image_attr
return UsersConfig(baseDN=settings.users_dn,
attrmap=attr_map,
scope=int(settings.users_scope),
queryFilter=settings.users_query,
objectClasses=settings.users_object_classes,
defaults=factory_defaults.user,
expiresAttr=expires_attr,
expiresUnit=expires_unit)
props = LDAPProps(
uri=SLAPDURIS,
user=user,
password=pwd,
cache=False,
page_size=3,
)
# base users config
ucfg = UsersConfig(
baseDN='dc=my-domain,dc=com',
attrmap={
'id': 'sn',
'login': '******',
'telephoneNumber': 'telephoneNumber',
'rdn': 'ou',
'sn': 'sn',
},
scope=SUBTREE,
queryFilter='(&(objectClass=person)(!(objectClass=inetOrgPerson)))',
objectClasses=['person'])
# inetOrgPerson r/w attrs
inetOrgPerson_attrmap = {
'id': 'uid',
'login': '******',
'cn': 'cn',
'rdn': 'uid',
'sn': 'sn',
'mail': 'mail',
},
def test_samba_account(self, props):
ucfg = UsersConfig(
baseDN='ou=defaults,dc=my-domain,dc=com',
attrmap=odict((
('rdn', 'cn'),
('id', 'cn')
)),
scope=SUBTREE,
queryFilter='(objectClass=sambaSamAccount)',
objectClasses=['account', 'posixAccount', 'sambaSamAccount'],
defaults={
'uid': 'sambauser',
}
)
users = Users(props, ucfg)
user = users.create('sambauser')
user()
self.assertEqual(sorted(user.context.attrs.items()), [
(u'cn', u'sambauser'),
(u'gidNumber', u'100'),
(u'homeDirectory', u'/home/sambauser'),
(u'objectClass', [u'account', u'posixAccount', u'sambaSamAccount']),
(u'sambaSID', u'S-1-5-21-1234567890-1234567890-1234567890-1202'),
(u'uid', u'sambauser'),
(u'uidNumber', u'100')
])
user.passwd(None, 'secret')
res = sorted(user.context.attrs.items())
self.assertEqual(res[:-1], [
(u'cn', u'sambauser'),
(u'gidNumber', u'100'),
(u'homeDirectory', u'/home/sambauser'),
(u'objectClass', [u'account', u'posixAccount', u'sambaSamAccount']),
(u'sambaLMPassword', u'552902031bede9efaad3b435b51404ee'),
(u'sambaNTPassword', u'878d8014606cda29677a44efa1353fc7'),
(u'sambaSID', u'S-1-5-21-1234567890-1234567890-1234567890-1202'),
(u'uid', u'sambauser'),
(u'uidNumber', u'100')
])
self.assertEqual(res[-1][0], 'userPassword')
self.assertTrue(res[-1][1].startswith('{SSHA}'))
samba_d = defaults.creation_defaults['sambaSamAccount']
samba_d['sambaDomainName'] = samba.sambaDomainName
samba_d['sambaPrimaryGroupSID'] = samba.sambaPrimaryGroupSID
samba_d['sambaAcctFlags'] = samba.sambaAcctFlags
ucfg = UsersConfig(
baseDN='ou=defaults,dc=my-domain,dc=com',
attrmap=odict((
('rdn', 'cn'),
('id', 'cn')
)),
scope=SUBTREE,
queryFilter='(objectClass=sambaSamAccount)',
objectClasses=['account', 'posixAccount', 'sambaSamAccount'],
defaults={
'uid': 'sambauser1',
}
)
users = Users(props, ucfg)
user = users.create('sambauser1')
user()
self.assertEqual(sorted(user.context.attrs.items()), [
(u'cn', u'sambauser1'),
(u'gidNumber', u'101'),
(u'homeDirectory', u'/home/sambauser1'),
(u'objectClass', [u'account', u'posixAccount', u'sambaSamAccount']),
(u'sambaAcctFlags', u'[U]'),
(u'sambaDomainName', u'CONE_UGM'),
(u'sambaPrimaryGroupSID', u'S-1-5-21-1234567890-1234567890-1234567890-123'),
(u'sambaSID', u'S-1-5-21-1234567890-1234567890-1234567890-1202'),
(u'uid', u'sambauser1'),
(u'uidNumber', u'101')
])
del samba_d['sambaDomainName']
del samba_d['sambaPrimaryGroupSID']
del samba_d['sambaAcctFlags']
def test_shadow_account(self, props):
ucfg = UsersConfig(
baseDN='ou=defaults,dc=my-domain,dc=com',
attrmap=odict((
('rdn', 'uid'),
('id', 'uid')
)),
scope=SUBTREE,
queryFilter='(objectClass=shadowAccount)',
objectClasses=['account', 'shadowAccount'],
defaults={}
)
users = Users(props, ucfg)
user = users.create('shadowuser')
user()
self.assertEqual(sorted(user.context.attrs.items()), [
(u'objectClass', [u'account', u'shadowAccount']),
(u'uid', u'shadowuser')
])
shadow_d = defaults.creation_defaults['shadowAccount']
shadow_d['shadowFlag'] = shadow.shadowFlag
shadow_d['shadowMin'] = shadow.shadowMin
shadow_d['shadowMax'] = shadow.shadowMax
shadow_d['shadowWarning'] = shadow.shadowWarning
shadow_d['shadowInactive'] = shadow.shadowInactive
shadow_d['shadowLastChange'] = shadow.shadowLastChange
shadow_d['shadowExpire'] = shadow.shadowExpire
ucfg = UsersConfig(
baseDN='ou=defaults,dc=my-domain,dc=com',
attrmap=odict((
('rdn', 'uid'),
('id', 'uid')
)),
scope=SUBTREE,
queryFilter='(objectClass=shadowAccount)',
objectClasses=['account', 'shadowAccount'],
defaults={}
)
users = Users(props, ucfg)
user = users.create('shadowuser2')
user()
self.assertEqual(sorted(user.context.attrs.items()), [
(u'objectClass', [u'account', u'shadowAccount']),
(u'shadowExpire', u'99999'),
(u'shadowFlag', u'0'),
(u'shadowInactive', u'0'),
(u'shadowLastChange', u'12011'),
(u'shadowMax', u'99999'),
(u'shadowMin', u'0'),
(u'shadowWarning', u'0'),
(u'uid', u'shadowuser2')
])
del shadow_d['shadowFlag']
del shadow_d['shadowMin']
del shadow_d['shadowMax']
del shadow_d['shadowWarning']
del shadow_d['shadowInactive']
del shadow_d['shadowLastChange']
del shadow_d['shadowExpire']