def test_group_sync_from_udm_to_ad_with_rename(group_class, sync_mode):
with connector_setup(sync_mode), UCSTestUDM() as udm:
udm_group = group_class()
(udm_group_dn,
ad_group_dn) = create_udm_group(udm, AD, udm_group,
adconnector.wait_for_sync)
print("\nRename UDM group\n")
old_udm_dn = udm_group_dn # part of the workaround for bug #41694
udm_group_dn = udm.modify_object('groups/group',
dn=udm_group_dn,
**udm_group.to_unicode(
udm_group.rename))
# XXX after a modify, the old DN is _wrongly_ returned: see bug #41694
if old_udm_dn == udm_group_dn:
udm_group_dn = ldap.dn.dn2str(
[[("CN", udm_group.to_unicode(udm_group.rename).get("name"),
ldap.AVA_STRING)]] + ldap.dn.str2dn(udm_group_dn)[1:])
if old_udm_dn in udm._cleanup.get('groups/group', []):
udm._cleanup.setdefault('groups/group',
[]).append(udm_group_dn)
udm._cleanup['groups/group'].remove(old_udm_dn)
# XXX end of workaround for bug #41694
adconnector.wait_for_sync()
AD.verify_object(ad_group_dn, None)
ad_group_dn = ldap.dn.dn2str(
[[("CN", udm_group.to_unicode(udm_group.rename).get("name"),
ldap.AVA_STRING)], [("CN", "groups", ldap.AVA_STRING)]] +
ldap.dn.str2dn(AD.adldapbase))
AD.verify_object(ad_group_dn,
tcommon.map_udm_group_to_con(udm_group.rename))
delete_udm_group(udm, AD, udm_group_dn, ad_group_dn,
adconnector.wait_for_sync)
def test_group_sync_from_udm_to_ad_with_move(group_class, sync_mode):
with connector_setup(sync_mode), UCSTestUDM() as udm:
udm_group = group_class()
(udm_group_dn,
ad_group_dn) = create_udm_group(udm, AD, udm_group,
adconnector.wait_for_sync)
print("\nMove UDM group\n")
udm_container_dn = udm.create_object('container/cn',
name=udm_group.container)
udm_group_dn = udm.move_object('groups/group',
dn=udm_group_dn,
position=udm_container_dn)
adconnector.wait_for_sync()
AD.verify_object(ad_group_dn, None)
ad_group_dn = ldap.dn.dn2str(
[[("CN", udm_group.to_unicode(udm_group.group).get("name"),
ldap.AVA_STRING)], [("CN", udm_group.container,
ldap.AVA_STRING)]] +
ldap.dn.str2dn(AD.adldapbase))
AD.verify_object(ad_group_dn,
tcommon.map_udm_group_to_con(udm_group.group))
delete_udm_group(udm, AD, udm_group_dn, ad_group_dn,
adconnector.wait_for_sync)
def test_group_sync_from_udm_to_ad_with_nested_group(group_class, nested_class,
sync_mode):
with connector_setup(sync_mode), UCSTestUDM() as udm:
udm_group = group_class()
nested_group = nested_class()
(udm_group_dn,
ad_group_dn) = create_udm_group(udm, AD, udm_group,
adconnector.wait_for_sync)
print("\nModifying UDM group\n")
(nested_group_dn,
ad_nested_group_dn) = create_udm_group(udm, AD, nested_group,
adconnector.wait_for_sync)
udm.modify_object('groups/group',
dn=udm_group_dn,
nestedGroup=[nested_group_dn])
adconnector.wait_for_sync()
ad_group = tcommon.map_udm_group_to_con(udm_group.group)
ad_group.update({"member": [ad_nested_group_dn]})
AD.verify_object(ad_group_dn, ad_group)
delete_udm_group(udm, AD, nested_group_dn, ad_nested_group_dn,
adconnector.wait_for_sync)
delete_udm_group(udm, AD, udm_group_dn, ad_group_dn,
adconnector.wait_for_sync)
def test_group_sync_from_ad_to_udm_with_move(group_class, sync_mode):
with connector_setup(sync_mode):
udm_group = group_class()
(ad_group, ad_group_dn,
udm_group_dn) = create_con_group(AD, udm_group,
adconnector.wait_for_sync)
print("\nMove AD group {!r} to {!r}\n".format(ad_group_dn,
udm_group.container))
container_dn = AD.container_create(udm_group.container)
ad_group_dn = AD.rename_or_move_user_or_group(ad_group_dn,
position=container_dn)
AD.set_attributes(ad_group_dn,
**tcommon.map_udm_group_to_con(udm_group.group))
adconnector.wait_for_sync()
tcommon.verify_udm_object("groups/group", udm_group_dn, None)
udm_group_dn = ldap.dn.dn2str(
[[("CN", udm_group.to_unicode(udm_group.group).get("name"),
ldap.AVA_STRING)], [("CN", udm_group.container,
ldap.AVA_STRING)]] +
ldap.dn.str2dn(tcommon.configRegistry['ldap/base']))
tcommon.verify_udm_object("groups/group", udm_group_dn,
udm_group.group)
delete_con_group(AD, ad_group_dn, udm_group_dn,
adconnector.wait_for_sync)
def test_group_sync_from_udm_to_ad(group_class, sync_mode):
with connector_setup(sync_mode), UCSTestUDM() as udm:
udm_group = group_class()
(udm_group_dn,
ad_group_dn) = create_udm_group(udm, AD, udm_group,
adconnector.wait_for_sync)
delete_udm_group(udm, AD, udm_group_dn, ad_group_dn,
adconnector.wait_for_sync)
def test_group_sync_from_ad_to_udm(group_class, sync_mode):
with connector_setup(sync_mode):
udm_group = group_class()
(ad_group, ad_group_dn,
udm_group_dn) = create_con_group(AD, udm_group,
adconnector.wait_for_sync)
delete_con_group(AD, ad_group_dn, udm_group_dn,
adconnector.wait_for_sync)
def test_attribute_sync_from_udm_to_ad(attribute, sync_mode):
(ucs_attribute, con_attribute, con_other_attribute) = attribute
udm_user = NormalUser(selection=("username", "lastname", ucs_attribute))
primary_value = udm_user.basic.get(ucs_attribute)
all_values = (primary_value, random_number(), random_number())
secondary_values = all_values[1:]
with connector_setup(sync_mode), UCSTestUDM() as udm:
# A single `phone` number must be synced to `telephoneNumber` in AD.
(udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync)
# Additional `phone` values must be synced to `otherTelephone`,
# `telephoneNumber` must keep its value.
print("\nModifying UDM user: {}={}\n".format(ucs_attribute, all_values))
udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: all_values})
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn,
{con_attribute: primary_value, con_other_attribute: secondary_values})
tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: all_values})
# If we delete the first `phone` value via UDM, we want to duplicate
# the first value of `otherTelephone` into `telephoneNumber`.
(new_primary, next_primary) = secondary_values
print("\nModifying UDM user: {}={}\n".format(ucs_attribute, secondary_values))
udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: secondary_values})
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn,
{con_attribute: new_primary, con_other_attribute: secondary_values})
tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: secondary_values})
# If we delete a `phone` value via UDM that is duplicated in AD, we want
# it to be deleted from `telephoneNumber` and `otherTelephone`.
print("\nModifying UDM user: {}={}\n".format(ucs_attribute, next_primary))
udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: next_primary})
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn,
{con_attribute: next_primary, con_other_attribute: next_primary})
tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: next_primary})
# Setting a completely new `phone` value via UDM, this must be synced
# to `telephoneNumber` and `otherTelephone` must be empty.
new_phone_who_dis = random_number()
print("\nModifying UDM user: {}={}\n".format(ucs_attribute, new_phone_who_dis))
udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: new_phone_who_dis})
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn, {con_attribute: new_phone_who_dis, con_other_attribute: []})
tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: new_phone_who_dis})
# No `phone` value via UDM, must result in an empty `telephoneNumber`
# and `otherTelephone`.
print("\nModifying UDM user: {}={}\n".format(ucs_attribute, []))
udm.modify_object('users/user', dn=udm_user_dn, set={ucs_attribute: ''})
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn, {con_attribute: [], con_other_attribute: []})
tcommon.verify_udm_object("users/user", udm_user_dn, {ucs_attribute: []})
delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_udm_to_ad(user_class, sync_mode):
with connector_setup(sync_mode), UCSTestUDM() as udm:
udm_user = user_class()
(udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync)
print("\nModifying UDM user\n")
udm.modify_object('users/user', dn=udm_user_dn, **udm_user.user)
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn, tcommon.map_udm_user_to_con(udm_user.user))
delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_ad_to_udm(user_class, sync_mode):
with connector_setup(sync_mode):
udm_user = user_class()
(basic_ad_user, ad_user_dn, udm_user_dn) = create_con_user(AD, udm_user, adconnector.wait_for_sync)
print("\nModifying AD user\n")
AD.set_attributes(ad_user_dn, **tcommon.map_udm_user_to_con(udm_user.user))
adconnector.wait_for_sync()
tcommon.verify_udm_object("users/user", udm_user_dn, udm_user.user)
delete_con_user(AD, ad_user_dn, udm_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_udm_to_ad_with_rename(user_class, sync_mode):
with connector_setup(sync_mode), UCSTestUDM() as udm:
udm_user = user_class()
(udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync)
print("\nRename UDM user\n")
udm_user_dn = udm.modify_object('users/user', dn=udm_user_dn, **udm_user.rename)
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn, None)
ad_user_dn = ldap.dn.dn2str([
[("CN", udm_user.rename.get("username"), ldap.AVA_STRING)],
[("CN", "users", ldap.AVA_STRING)]] + ldap.dn.str2dn(AD.adldapbase))
AD.verify_object(ad_user_dn, tcommon.map_udm_user_to_con(udm_user.rename))
delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_group_sync_from_ad_to_udm_with_nested_group(group_class, nested_class, sync_mode):
with connector_setup(sync_mode):
udm_group = group_class()
nested_group = nested_class()
(ad_group, ad_group_dn, udm_group_dn) = create_con_group(AD, udm_group, adconnector.wait_for_sync)
print("\nModifying AD group\n")
(nested_ad_user, nested_ad_user_dn, nested_udm_user_dn) = create_con_group(AD, nested_group, adconnector.wait_for_sync)
AD.set_attributes(ad_group_dn, member=[nested_ad_user_dn])
adconnector.wait_for_sync()
udm_attributes = {"nestedGroup": [nested_udm_user_dn]}
udm_attributes.update(udm_group.group)
tcommon.verify_udm_object("groups/group", udm_group_dn, udm_attributes)
delete_con_group(AD, nested_ad_user_dn, nested_udm_user_dn, adconnector.wait_for_sync)
delete_con_group(AD, ad_group_dn, udm_group_dn, adconnector.wait_for_sync)
def test_user_sync_from_udm_to_ad_with_move(user_class, sync_mode):
with connector_setup(sync_mode), UCSTestUDM() as udm:
udm_user = user_class()
(udm_user_dn, ad_user_dn) = create_udm_user(udm, AD, udm_user, adconnector.wait_for_sync)
print("\nMove UDM user\n")
udm_container_dn = udm.create_object('container/cn', name=udm_user.container)
udm_user_dn = udm.move_object('users/user', dn=udm_user_dn,
position=udm_container_dn)
adconnector.wait_for_sync()
AD.verify_object(ad_user_dn, None)
ad_user_dn = ldap.dn.dn2str([
[("CN", udm_user.basic.get("username"), ldap.AVA_STRING)],
[("CN", udm_user.container, ldap.AVA_STRING)]] + ldap.dn.str2dn(AD.adldapbase))
AD.verify_object(ad_user_dn, tcommon.map_udm_user_to_con(udm_user.basic))
delete_udm_user(udm, AD, udm_user_dn, ad_user_dn, adconnector.wait_for_sync)
def test_user_sync_from_ad_to_udm_with_move(user_class, sync_mode):
with connector_setup(sync_mode):
udm_user = user_class()
(basic_ad_user, ad_user_dn, udm_user_dn) = create_con_user(AD, udm_user, adconnector.wait_for_sync)
print("\nMove AD user {!r} to {!r}\n".format(ad_user_dn, udm_user.container))
container_dn = AD.container_create(udm_user.container)
ad_user_dn = AD.rename_or_move_user_or_group(ad_user_dn, position=container_dn)
AD.set_attributes(ad_user_dn, **tcommon.map_udm_user_to_con(udm_user.basic))
adconnector.wait_for_sync()
tcommon.verify_udm_object("users/user", udm_user_dn, None)
udm_user_dn = ldap.dn.dn2str([
[("uid", udm_user.basic.get("username"), ldap.AVA_STRING)],
[("CN", udm_user.container, ldap.AVA_STRING)]] + ldap.dn.str2dn(tcommon.configRegistry['ldap/base']))
tcommon.verify_udm_object("users/user", udm_user_dn, udm_user.basic)
delete_con_user(AD, ad_user_dn, udm_user_dn, adconnector.wait_for_sync)
def test_attribute_sync_from_ad_to_udm(attribute, sync_mode):
(ucs_attribute, con_attribute, con_other_attribute) = attribute
udm_user = NormalUser(selection=("username", "lastname", ucs_attribute))
primary_value = udm_user.basic.get(ucs_attribute)
all_values = (primary_value, random_number(), random_number())
secondary_values = all_values[1:]
with connector_setup(sync_mode):
# A single `telephoneNumber` must be synced to `phone` in UDM.
(basic_ad_user, ad_user_dn,
udm_user_dn) = create_con_user(AD, udm_user,
adconnector.wait_for_sync)
# Additional values in `otherTelephone` must be appended to `phone`.
print("\nModifying AD user: {}={}, {}={}\n".format(
con_attribute, primary_value, con_other_attribute,
secondary_values))
AD.set_attributes(
ad_user_dn, **{
con_attribute: primary_value,
con_other_attribute: secondary_values
})
adconnector.wait_for_sync()
tcommon.verify_udm_object("users/user", udm_user_dn,
{ucs_attribute: all_values})
AD.verify_object(ad_user_dn, {
con_attribute: primary_value,
con_other_attribute: secondary_values
})
if sync_mode == "sync": # otherwise the connector can't write into AD
# If we delete the value of `telephoneNumber` from AD, we expect to get
# the first value of `otherTelephone` duplicated into
# `telephoneNumber`.
(new_primary, _) = secondary_values
print("\nModifying AD user: {}={}\n".format(con_attribute, []))
AD.set_attributes(ad_user_dn, **{con_attribute: []})
adconnector.wait_for_sync()
tcommon.verify_udm_object("users/user", udm_user_dn,
{ucs_attribute: secondary_values})
AD.verify_object(ad_user_dn, {
con_attribute: new_primary,
con_other_attribute: secondary_values
})
# Deleting the duplicate from `otherTelephone` must retain the value of
# `telephoneNumber` and `phone` in UDM.
print("\nModifying AD user: {}={}\n".format(
con_other_attribute, []))
AD.set_attributes(ad_user_dn, **{con_other_attribute: []})
adconnector.wait_for_sync()
tcommon.verify_udm_object("users/user", udm_user_dn,
{ucs_attribute: new_primary})
AD.verify_object(ad_user_dn, {
con_attribute: new_primary,
con_other_attribute: []
})
# Setting a new `telephoneNumber` and no `otherTelephone` in AD must
# result in a single new value in `phone`.
new_phone_who_dis = random_number()
print("\nModifying AD user: {}={}\n".format(con_attribute,
new_phone_who_dis))
AD.set_attributes(
ad_user_dn, **{
con_attribute: new_phone_who_dis,
con_other_attribute: []
})
adconnector.wait_for_sync()
tcommon.verify_udm_object("users/user", udm_user_dn,
{ucs_attribute: new_phone_who_dis})
AD.verify_object(ad_user_dn, {
con_attribute: new_phone_who_dis,
con_other_attribute: []
})
# Setting no `telephoneNumber` and no `otherTelephone` in AD must
# result in no value in `phone`.
print("\nModifying AD user: {}={}\n".format(con_attribute, []))
AD.set_attributes(ad_user_dn, **{
con_attribute: [],
con_other_attribute: []
})
adconnector.wait_for_sync()
tcommon.verify_udm_object("users/user", udm_user_dn,
{ucs_attribute: []})
AD.verify_object(ad_user_dn, {
con_attribute: [],
con_other_attribute: []
})
delete_con_user(AD, ad_user_dn, udm_user_dn, adconnector.wait_for_sync)
