def test_local_group_change(udm):
group1 = udm.create_group(adGroupType=GROUP_TYPE_LOCAL)[0]
group2 = udm.create_group(adGroupType=GROUP_TYPE_LOCAL)[0]
group3 = udm.create_group(adGroupType=GROUP_TYPE_LOCAL)[0]
utils.wait_for_connector_replication()
utils.verify_ldap_object(group1,
{'univentionGroupType': [GROUP_TYPE_LOCAL]})
utils.verify_ldap_object(group2,
{'univentionGroupType': [GROUP_TYPE_LOCAL]})
utils.verify_ldap_object(group3,
{'univentionGroupType': [GROUP_TYPE_LOCAL]})
with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed):
udm.modify_object('groups/group',
dn=group1,
adGroupType=GROUP_TYPE_DOMAIN_LOCAL)
with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed):
udm.modify_object('groups/group',
dn=group2,
adGroupType=GROUP_TYPE_GLOBAL)
with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed):
udm.modify_object('groups/group',
dn=group3,
adGroupType=GROUP_TYPE_UNIVERSAL)
def test_change_password(self, options, udm, Client, random_string,
Unauthorized, wait_for_replication):
print 'test_change_password(%r)' % (options, )
password = random_string()
new_password = random_string(5) + random_string(5).upper() + '@99'
userdn, username = udm.create_user(options=options,
password=password,
pwdChangeNextLogin=1)
if samba4_installed:
utils.wait_for_connector_replication()
client = Client()
print 'check login with pwdChangeNextLogin=1'
with pytest.raises(Unauthorized) as msg:
client.umc_auth(username, password)
client = Client()
print 'change password from %r to %r' % (password, new_password)
client.umc_auth(username, password, new_password=new_password)
wait_for_replication()
if samba4_installed:
utils.wait_for_connector_replication()
print 'check login with new password'
client = Client()
client.authenticate(username, new_password)
print 'ensure login with old password does not work anymore'
with pytest.raises(Unauthorized):
client = Client()
client.authenticate(username, password)
def _test_password_changing_failure_reason(new_password, reason, udm, Client, random_string, Unauthorized):
password = random_string()
userdn, username = udm.create_user(password=password, pwdChangeNextLogin=1)
client = Client(language='en-US')
if samba4_installed:
utils.wait_for_connector_replication()
print('change password from %r to %r' % (password, new_password))
with pytest.raises(Unauthorized) as msg:
client.umc_auth(username, password, new_password=new_password)
assert reason == msg.value.message, 'Expected error %r but got %r' % (reason, msg.value.message)
def _test_modlist(self, udm, props, attrs, **kwargs):
if kwargs.get('create', True):
user = udm.create_user(**props)[0]
udm.verify_ldap_object(user, attrs, strict=False)
udm.remove_object('users/user', dn=user)
wait_for_connector_replication()
if kwargs.get('modify', True):
user = udm.create_user()[0]
wait_for_connector_replication()
user = udm.modify_object('users/user', dn=user, **props)
udm.verify_ldap_object(user, attrs, strict=False)
def test_universal_group_change(udm):
group1 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0]
group2 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0]
group3 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0]
group4 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0]
group5 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL,
nestedGroup=group4)[0]
group6 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0]
udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL, nestedGroup=group6)[0]
group8 = udm.create_group(adGroupType=GROUP_TYPE_DOMAIN_LOCAL)[0]
group9 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL,
nestedGroup=group8)[0]
group10 = udm.create_group(adGroupType=GROUP_TYPE_GLOBAL)[0]
group11 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL,
nestedGroup=group10)[0]
utils.wait_for_connector_replication()
utils.verify_ldap_object(group1,
{'univentionGroupType': [GROUP_TYPE_UNIVERSAL]})
utils.verify_ldap_object(group2,
{'univentionGroupType': [GROUP_TYPE_UNIVERSAL]})
utils.verify_ldap_object(group3,
{'univentionGroupType': [GROUP_TYPE_UNIVERSAL]})
with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed):
udm.modify_object('groups/group',
dn=group1,
adGroupType=GROUP_TYPE_LOCAL)
udm.modify_object('groups/group',
dn=group2,
adGroupType=GROUP_TYPE_DOMAIN_LOCAL)
udm.modify_object('groups/group', dn=group3, adGroupType=GROUP_TYPE_GLOBAL)
with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed):
udm.modify_object('groups/group',
dn=group5,
adGroupType=GROUP_TYPE_GLOBAL)
print(
'E: Universal group has another universal group as member. Change to global group was possible which should not be.'
)
udm.modify_object('groups/group', dn=group6, adGroupType=GROUP_TYPE_GLOBAL)
udm.modify_object('groups/group', dn=group9, adGroupType=GROUP_TYPE_GLOBAL)
udm.modify_object('groups/group',
dn=group11,
adGroupType=GROUP_TYPE_GLOBAL)
def test_move_user(self):
user_mod = self.udm.get('users/user')
dn = self.user_objects[0].dn
obj = user_mod.get(dn)
old_position = obj.position
obj.position = self.ucr_test['ldap/base']
obj.save()
with self.assertRaises(NoObject):
assert user_mod.get(dn)
obj.position = old_position
obj.save()
utils.wait_for_connector_replication()
assert user_mod.get(dn) is not None
def _test_group_type(group_type, use_create_group_parameter,
builtin_sid_expected, _udm):
if use_create_group_parameter:
group = _udm.create_group(adGroupType=group_type)[0]
else:
group = _udm.create_group()[0]
utils.verify_ldap_object(group, {'univentionGroupType': [group_type]})
utils.wait_for_connector_replication()
utils.verify_ldap_object(group, {'univentionGroupType': [group_type]})
sid = _get_samba_sid(group)
if _sid_is_builtin(sid):
assert group_type == '-2147483643', 'New generated group has builtin sid: %s' % sid
else:
assert group_type != '-2147483643', 'New generated builtin group has no builtin sid: %s' % sid
def test_password_changing_failure_reason(options, new_password, reason, udm,
Client, random_string, Unauthorized,
enabled_password_quality_checks):
print 'test_password_changing_failure_reason(%r, %r, %r)' % (
options, new_password, reason)
password = random_string()
userdn, username = udm.create_user(options=options,
password=password,
pwdChangeNextLogin=1)
client = Client()
if samba4_installed:
utils.wait_for_connector_replication()
print 'change password from %r to %r' % (password, new_password)
with pytest.raises(Unauthorized) as msg:
client.umc_auth(username, password, new_password=new_password)
assert reason == msg.value.message, 'Expected error %r but got %r' % (
reason, msg.value.message)
def test_disable_enable_preserves_password(self, udm, lo):
user = udm.create_user(password='******')[0]
wait_for_connector_replication()
password = lo.getAttr(user, 'userPassword')[0]
udm.modify_object('users/user', dn=user, disabled='1')
wait_for_connector_replication()
udm.verify_ldap_object(user, {'userPassword': [password.replace('{crypt}', '{crypt}!')]})
udm.modify_object('users/user', dn=user, disabled='0')
wait_for_connector_replication()
udm.verify_ldap_object(user, {'userPassword': [password]})
