def test_local_group_change(udm): group1 = udm.create_group(adGroupType=GROUP_TYPE_LOCAL)[0] group2 = udm.create_group(adGroupType=GROUP_TYPE_LOCAL)[0] group3 = udm.create_group(adGroupType=GROUP_TYPE_LOCAL)[0] utils.wait_for_connector_replication() utils.verify_ldap_object(group1, {'univentionGroupType': [GROUP_TYPE_LOCAL]}) utils.verify_ldap_object(group2, {'univentionGroupType': [GROUP_TYPE_LOCAL]}) utils.verify_ldap_object(group3, {'univentionGroupType': [GROUP_TYPE_LOCAL]}) with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object('groups/group', dn=group1, adGroupType=GROUP_TYPE_DOMAIN_LOCAL) with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object('groups/group', dn=group2, adGroupType=GROUP_TYPE_GLOBAL) with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object('groups/group', dn=group3, adGroupType=GROUP_TYPE_UNIVERSAL)
def test_change_password(self, options, udm, Client, random_string, Unauthorized, wait_for_replication): print 'test_change_password(%r)' % (options, ) password = random_string() new_password = random_string(5) + random_string(5).upper() + '@99' userdn, username = udm.create_user(options=options, password=password, pwdChangeNextLogin=1) if samba4_installed: utils.wait_for_connector_replication() client = Client() print 'check login with pwdChangeNextLogin=1' with pytest.raises(Unauthorized) as msg: client.umc_auth(username, password) client = Client() print 'change password from %r to %r' % (password, new_password) client.umc_auth(username, password, new_password=new_password) wait_for_replication() if samba4_installed: utils.wait_for_connector_replication() print 'check login with new password' client = Client() client.authenticate(username, new_password) print 'ensure login with old password does not work anymore' with pytest.raises(Unauthorized): client = Client() client.authenticate(username, password)
def _test_password_changing_failure_reason(new_password, reason, udm, Client, random_string, Unauthorized): password = random_string() userdn, username = udm.create_user(password=password, pwdChangeNextLogin=1) client = Client(language='en-US') if samba4_installed: utils.wait_for_connector_replication() print('change password from %r to %r' % (password, new_password)) with pytest.raises(Unauthorized) as msg: client.umc_auth(username, password, new_password=new_password) assert reason == msg.value.message, 'Expected error %r but got %r' % (reason, msg.value.message)
def _test_modlist(self, udm, props, attrs, **kwargs): if kwargs.get('create', True): user = udm.create_user(**props)[0] udm.verify_ldap_object(user, attrs, strict=False) udm.remove_object('users/user', dn=user) wait_for_connector_replication() if kwargs.get('modify', True): user = udm.create_user()[0] wait_for_connector_replication() user = udm.modify_object('users/user', dn=user, **props) udm.verify_ldap_object(user, attrs, strict=False)
def test_universal_group_change(udm): group1 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0] group2 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0] group3 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0] group4 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0] group5 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL, nestedGroup=group4)[0] group6 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL)[0] udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL, nestedGroup=group6)[0] group8 = udm.create_group(adGroupType=GROUP_TYPE_DOMAIN_LOCAL)[0] group9 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL, nestedGroup=group8)[0] group10 = udm.create_group(adGroupType=GROUP_TYPE_GLOBAL)[0] group11 = udm.create_group(adGroupType=GROUP_TYPE_UNIVERSAL, nestedGroup=group10)[0] utils.wait_for_connector_replication() utils.verify_ldap_object(group1, {'univentionGroupType': [GROUP_TYPE_UNIVERSAL]}) utils.verify_ldap_object(group2, {'univentionGroupType': [GROUP_TYPE_UNIVERSAL]}) utils.verify_ldap_object(group3, {'univentionGroupType': [GROUP_TYPE_UNIVERSAL]}) with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object('groups/group', dn=group1, adGroupType=GROUP_TYPE_LOCAL) udm.modify_object('groups/group', dn=group2, adGroupType=GROUP_TYPE_DOMAIN_LOCAL) udm.modify_object('groups/group', dn=group3, adGroupType=GROUP_TYPE_GLOBAL) with pytest.raises(udm_test.UCSTestUDM_ModifyUDMObjectFailed): udm.modify_object('groups/group', dn=group5, adGroupType=GROUP_TYPE_GLOBAL) print( 'E: Universal group has another universal group as member. Change to global group was possible which should not be.' ) udm.modify_object('groups/group', dn=group6, adGroupType=GROUP_TYPE_GLOBAL) udm.modify_object('groups/group', dn=group9, adGroupType=GROUP_TYPE_GLOBAL) udm.modify_object('groups/group', dn=group11, adGroupType=GROUP_TYPE_GLOBAL)
def test_move_user(self): user_mod = self.udm.get('users/user') dn = self.user_objects[0].dn obj = user_mod.get(dn) old_position = obj.position obj.position = self.ucr_test['ldap/base'] obj.save() with self.assertRaises(NoObject): assert user_mod.get(dn) obj.position = old_position obj.save() utils.wait_for_connector_replication() assert user_mod.get(dn) is not None
def _test_group_type(group_type, use_create_group_parameter, builtin_sid_expected, _udm): if use_create_group_parameter: group = _udm.create_group(adGroupType=group_type)[0] else: group = _udm.create_group()[0] utils.verify_ldap_object(group, {'univentionGroupType': [group_type]}) utils.wait_for_connector_replication() utils.verify_ldap_object(group, {'univentionGroupType': [group_type]}) sid = _get_samba_sid(group) if _sid_is_builtin(sid): assert group_type == '-2147483643', 'New generated group has builtin sid: %s' % sid else: assert group_type != '-2147483643', 'New generated builtin group has no builtin sid: %s' % sid
def test_password_changing_failure_reason(options, new_password, reason, udm, Client, random_string, Unauthorized, enabled_password_quality_checks): print 'test_password_changing_failure_reason(%r, %r, %r)' % ( options, new_password, reason) password = random_string() userdn, username = udm.create_user(options=options, password=password, pwdChangeNextLogin=1) client = Client() if samba4_installed: utils.wait_for_connector_replication() print 'change password from %r to %r' % (password, new_password) with pytest.raises(Unauthorized) as msg: client.umc_auth(username, password, new_password=new_password) assert reason == msg.value.message, 'Expected error %r but got %r' % ( reason, msg.value.message)
def test_disable_enable_preserves_password(self, udm, lo): user = udm.create_user(password='******')[0] wait_for_connector_replication() password = lo.getAttr(user, 'userPassword')[0] udm.modify_object('users/user', dn=user, disabled='1') wait_for_connector_replication() udm.verify_ldap_object(user, {'userPassword': [password.replace('{crypt}', '{crypt}!')]}) udm.modify_object('users/user', dn=user, disabled='0') wait_for_connector_replication() udm.verify_ldap_object(user, {'userPassword': [password]})