Пример #1
0
def test_renaming_target_entry(topo, _add_user, aci_of_user):
    """Test for renaming target entry

    :id: 6be1d33a-7932-11e8-9115-8c16451d917b
    :setup: server
    :steps:
        1. Add test entry
        2. Create a test user entry
        3. Create a new ou entry with an aci
        4. Make sure uid=$MYUID has the access
        5. Rename ou=OU0 to ou=OU1
        6. Create another ou=OU2
        7. Move ou=OU1 under ou=OU2
        8. Make sure uid=$MYUID still has the access
    :expectedresults:
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed
        4. Operation should  succeed
        5. Operation should  succeed
        6. Operation should  succeed
        7. Operation should  succeed
        8. Operation should  succeed
    """
    properties = {
        'uid': 'TRAC340_MODRDN',
        'cn': 'TRAC340_MODRDN',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'TRAC340_MODRDN'
    }
    user = UserAccount(topo.standalone,
                       'cn=TRAC340_MODRDN,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)
    user.set("userPassword", "password")
    ou = OrganizationalUnit(topo.standalone,
                            'ou=OU0,{}'.format(DEFAULT_SUFFIX))
    ou.create(properties={'ou': 'OU0'})
    ou.set(
        'aci',
        '(targetattr="*")(version 3.0; acl "$MYUID";allow(read, search, compare) userdn = "ldap:///{}";)'
        .format(TRAC340_MODRDN))
    conn = UserAccount(topo.standalone, TRAC340_MODRDN).bind(PW_DM)
    assert OrganizationalUnits(conn, DEFAULT_SUFFIX).get('OU0')
    # Test for renaming target entry
    OrganizationalUnits(topo.standalone,
                        DEFAULT_SUFFIX).get('OU0').rename("ou=OU1")
    assert OrganizationalUnits(conn, DEFAULT_SUFFIX).get('OU1')
    ou = OrganizationalUnit(topo.standalone,
                            'ou=OU2,{}'.format(DEFAULT_SUFFIX))
    ou.create(properties={'ou': 'OU2'})
    # Test for renaming target entry
    OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX).get('OU1').rename(
        "ou=OU1", newsuperior=OU2_OU_MODRDN)
    assert OrganizationalUnits(conn, DEFAULT_SUFFIX).get('OU1')
Пример #2
0
 def create(self):
     properties = {
         'uid': 'FRED',
         'cn': 'FRED',
         'sn': 'user',
         'uidNumber': '1000',
         'gidNumber': '2000',
         'homeDirectory': '/home/' + 'FRED'
     }
     user = UserAccount(self.topo.standalone,
                        "cn=FRED, ou=Accounting,{}".format(DEFAULT_SUFFIX))
     user.create(properties=properties)
     user.set("title", [self.title1, self.title2, self.title3])
Пример #3
0
def test_access_aci_list_contains_any_deny_rule(topo, _add_user, aci_of_user):
    """RHDS denies MODRDN access if ACI list contains any DENY rule
    Bug description: If you create a deny ACI for some or more attributes there is incorrect behaviour
    as you cannot rename the entry anymore

    :id: 62cbbb8a-7932-11e8-96a7-8c16451d917b
    :setup: server
    :steps:
        1. Add test entry
        2. Adding a new ou ou=People to $BASEDN
        3. Adding a user NEWENTRY9_MODRDN to ou=People,$BASEDN
        4. Adding an allow rule for NEWENTRY9_MODRDN and for others an aci deny rule
    :expectedresults:
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed
        4. Operation should  succeed
    """
    properties = {
        'uid': 'NEWENTRY9_MODRDN',
        'cn': 'NEWENTRY9_MODRDN_People',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'NEWENTRY9_MODRDN'
    }
    user = UserAccount(
        topo.standalone,
        'cn=NEWENTRY9_MODRDN,ou=People,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)
    user.set("userPassword", "password")
    user.set("telephoneNumber", "989898191")
    user.set("mail", "*****@*****.**")
    user.set("givenName", "givenName")
    user.set("uid", "NEWENTRY9_MODRDN")
    OrganizationalUnits(
        topo.standalone, DEFAULT_SUFFIX
    ).get('People').add("aci", [
        '(targetattr = "*") '
        '(version 3.0;acl "admin";allow (all)(userdn = "ldap:///{}");)'.format(
            NEWENTRY9_MODRDN),
        '(targetattr = "mail") (version 3.0;acl "deny_mail";deny (write)(userdn = "ldap:///anyone");)',
        '(targetattr = "uid") (version 3.0;acl "allow uid";allow (write)(userdn = "ldap:///{}");)'
        .format(NEWENTRY9_MODRDN)
    ])
    UserAccount(topo.standalone,
                NEWENTRY9_MODRDN).replace("userpassword", "Anuj")
    useraccount = UserAccount(topo.standalone, NEWENTRY9_MODRDN)
    useraccount.rename("uid=newrdnchnged")
    assert 'uid=newrdnchnged,ou=People,dc=example,dc=com' == useraccount.dn
Пример #4
0
def test_allow_owner_to_modify_entry(topo, aci_of_user, cleanup_tree):
    """
    Modify Test 14 allow userdnattr = owner to modify entry
    :id:aa302090-7abf-11e8-811a-8c16451d917b
    :setup: server
    :steps:
        1. Add test entry
        2. Add ACI
        3. User should follow ACI role
    :expectedresults:
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed
    """
    grp = UniqueGroup(topo.standalone, 'cn=intranet,' + DEFAULT_SUFFIX)
    grp.create(properties={'cn': 'intranet', 'ou': 'groups'})
    grp.set('owner', USER_WITH_ACI_DELADD)

    ACI_BODY = '(target ="ldap:///cn=intranet, {}") (targetattr ="*")(targetfilter ="(objectclass=groupOfUniqueNames)") (version 3.0;acl "$tet_thistest";allow(read, write, delete, search, compare, add) (userdnattr = "owner");)'.format(
        DEFAULT_SUFFIX)
    Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

    for i in ['Product Development', 'Accounting']:
        ou = OrganizationalUnit(topo.standalone,
                                "ou={},{}".format(i, DEFAULT_SUFFIX))
        ou.create(properties={'ou': i})
    for i in [
            'Jeff Vedder,ou=Product Development', 'Sam Carter,ou=Accounting'
    ]:
        properties = {
            'uid': i,
            'cn': i,
            'sn': 'user',
            'uidNumber': '1000',
            'gidNumber': '2000',
            'homeDirectory': '/home/' + i,
            'userPassword': PW_DM
        }
        user = UserAccount(topo.standalone,
                           "cn={},{}".format(i, DEFAULT_SUFFIX))
        user.create(properties=properties)

    conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
    # allow userdnattr = owner to modify entry
    ua = UserAccount(conn, 'cn=intranet,dc=example,dc=com')
    ua.set('uniquemember', "cn=Andy Walker, ou=Accounting,dc=example,dc=com")
    assert ua.get_attr_val('uniquemember')
Пример #5
0
def test_password_repl_error(topo_m4, create_entry):
    """Check that error about userpassword replication is properly logged

    :id: d4f12dc0-cd2c-4b92-9b8d-d764a60f0698
    :feature: Multi master replication
    :setup: Four masters replication setup, a test entry
    :steps: 1. Change userpassword on master 1
            2. Restart the servers to flush the logs
            3. Check the error log for an replication error
    :expectedresults: We don't have a replication error in the error log
    """

    m1 = topo_m4.ms["master1"]
    m2 = topo_m4.ms["master2"]
    TEST_ENTRY_NEW_PASS = '******'.format(TEST_ENTRY_NAME)

    log.info('Clean the error log')
    m2.deleteErrorLogs()

    log.info('Set replication loglevel')
    m2.config.loglevel((ErrorLog.REPLICA, ))

    log.info('Modifying entry {} - change userpassword on master 2'.format(
        TEST_ENTRY_DN))
    test_user_m1 = UserAccount(topo_m4.ms["master1"], TEST_ENTRY_DN)
    test_user_m2 = UserAccount(topo_m4.ms["master2"], TEST_ENTRY_DN)
    test_user_m3 = UserAccount(topo_m4.ms["master3"], TEST_ENTRY_DN)
    test_user_m4 = UserAccount(topo_m4.ms["master4"], TEST_ENTRY_DN)

    test_user_m1.set('userpassword', TEST_ENTRY_NEW_PASS)

    log.info('Restart the servers to flush the logs')
    for num in range(1, 5):
        topo_m4.ms["master{}".format(num)].restart(timeout=10)

    m1_conn = test_user_m1.bind(TEST_ENTRY_NEW_PASS)
    m2_conn = test_user_m2.bind(TEST_ENTRY_NEW_PASS)
    m3_conn = test_user_m3.bind(TEST_ENTRY_NEW_PASS)
    m4_conn = test_user_m4.bind(TEST_ENTRY_NEW_PASS)

    log.info('Check the error log for the error with {}'.format(TEST_ENTRY_DN))
    assert not m2.ds_error_log.match(
        '.*can.t add a change for uid={}.*'.format(TEST_ENTRY_NAME))
Пример #6
0
def test_write_access_to_naming_atributes_two(topo, _add_user, aci_of_user,
                                              request):
    """Test for write access to naming atributes (2)

    :id: 5a2077d2-7932-11e8-9e7b-8c16451d917b
    :setup: server
    :steps:
        1. Add test entry
        2. Add ACI
        3. User should follow ACI role
        4. Now try to modrdn it to cn, won't work if request deleteoldrdn.
    :expectedresults:
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed
        4. Operation should  not succeed
    """
    Domain(topo.standalone, DEFAULT_SUFFIX).add(
        "aci",
        '(target ="ldap:///{}")(targetattr != "uid")(version 3.0;acl "{}";allow (write) (userdn = "ldap:///anyone");)'
        .format(DEFAULT_SUFFIX, request.node.name))
    properties = {
        'uid': 'Sam Carter1',
        'cn': 'Sam Carter1',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'SamCarter1'
    }
    user = UserAccount(
        topo.standalone,
        'cn=Sam Carter1,ou=Accounting,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)
    user.set("userPassword", "password")
    conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
    # Test for write access to naming atributes
    useraccount = UserAccount(conn, SAM_DAMMY_MODRDN)
    with pytest.raises(ldap.INSUFFICIENT_ACCESS):
        useraccount.rename("uid=Jeffbo Vedder")
    UserAccount(topo.standalone, SAM_DAMMY_MODRDN).delete()
Пример #7
0
def test_cannot_add_an_entry_with_attribute_values_we_are_not_allowed_add(
    topo, _add_user, aci_of_user
):
    """
    Testing the targattrfilters keyword that allows access control based on the value of the
    attributes being added (or deleted))
    "Valueacl Test $tet_thistest Test not allowed add an entry"
    :id:0d0effee-7aaa-11e8-b673-8c16451d917b
    :setup: server
    :steps:
        1. Add test entry
        2. Add ACI
        3. User should follow ACI role
    :expectedresults:
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed
    """
    ACI_BODY = '(targattrfilters = "add=title:(|(title=engineer)(title=cool dude)(title=scum)) ' \
               '&& secretary:(secretary=cn=Meylan, {}), del=title:(|(title=engineer)(title=cool dude)' \
               '(title=scum))")(version 3.0; aci "$tet_thistest"; allow (add) userdn = "ldap:///{}";)'.format(
            DEFAULT_SUFFIX, DEFAULT_SUFFIX)
    Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)
    properties = {
        'uid': 'FRED',
        'cn': 'FRED',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'FRED'
    }
    user = UserAccount(topo.standalone, 'cn=FRED,ou=Accounting,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)
    user.set('title', ['anuj', 'kumar', 'borah'])
    conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
    # aci will not allow adding objectclass
    user = UserAccount(conn, USER_WITH_ACI_DELADD)
    with pytest.raises(ldap.INSUFFICIENT_ACCESS):
        user.add("objectclass", "person")
Пример #8
0
def test_ticket_49463(topo):
    """Specify a test case purpose or name here

    :id: 2a68e8be-387d-4ac7-9452-1439e8483c13
    :setup: Fill in set up configuration here
    :steps:
        1. Enable fractional replication
        2. Enable replication logging
        3. Check that replication is working fine
        4. Generate skipped updates to create keep alive entries
        5. Remove M3 from the topology
        6. issue cleanAllRuv FORCE that will run on M1 then propagated M2 and M4
        7. Check that Number DEL keep alive '3' is <= 1
        8. Check M1 is the originator of cleanAllRuv and M2/M4 the propagated ones
        9. Check replication M1,M2 and M4 can recover
        10. Remove M4 from the topology
        11. Issue cleanAllRuv not force  while M2 is stopped (that hangs the cleanAllRuv)
        12. Check that nsds5ReplicaCleanRUV is correctly encoded on M1 (last value: 1)
        13. Check that nsds5ReplicaCleanRUV encoding survives M1 restart
        14. Check that nsds5ReplicaCleanRUV encoding is valid on M2 (last value: 0)
        15. Check that (for M4 cleanAllRUV) M1 is Originator and M2 propagation
    :expectedresults:
        1. No report of failure when the RUV is updated
    """

    # Step 1 - Configure fractional (skip telephonenumber) replication
    M1 = topo.ms["master1"]
    M2 = topo.ms["master2"]
    M3 = topo.ms["master3"]
    M4 = topo.ms["master4"]
    repl = ReplicationManager(DEFAULT_SUFFIX)
    fractional_server_to_replica(M1, M2)
    fractional_server_to_replica(M1, M3)
    fractional_server_to_replica(M1, M4)

    fractional_server_to_replica(M2, M1)
    fractional_server_to_replica(M2, M3)
    fractional_server_to_replica(M2, M4)

    fractional_server_to_replica(M3, M1)
    fractional_server_to_replica(M3, M2)
    fractional_server_to_replica(M3, M4)

    fractional_server_to_replica(M4, M1)
    fractional_server_to_replica(M4, M2)
    fractional_server_to_replica(M4, M3)

    # Step 2 - enable internal op logging and replication debug
    for i in (M1, M2, M3, M4):
        i.config.loglevel(vals=[256 + 4], service='access')
        i.config.loglevel(vals=[LOG_REPLICA, LOG_DEFAULT], service='error')

    # Step 3 - Check that replication is working fine
    add_user(M1, 11, desc="add to M1")
    add_user(M2, 21, desc="add to M2")
    add_user(M3, 31, desc="add to M3")
    add_user(M4, 41, desc="add to M4")

    for i in (M1, M2, M3, M4):
        for j in (M1, M2, M3, M4):
            if i == j:
                continue
            repl.wait_for_replication(i, j)

    # Step 4 - Generate skipped updates to create keep alive entries
    for i in (M1, M2, M3, M4):
        cn = '%s_%d' % (USER_CN, 11)
        dn = 'uid=%s,ou=People,%s' % (cn, SUFFIX)
        users = UserAccount(i, dn)
        for j in range(110):
            users.set('telephoneNumber', str(j))

    # Step 5 - Remove M3 from the topology
    M3.stop()
    M1.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
    M2.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
    M4.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)

    # Step 6 - Then issue cleanAllRuv FORCE that will run on M1, M2 and M4
    M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='3',
                         force=True, args={TASK_WAIT: True})

    # Step 7 - Count the number of received DEL of the keep alive 3
    for i in (M1, M2, M4):
        i.restart()
    regex = re.compile(".*DEL dn=.cn=repl keep alive 3.*")
    for i in (M1, M2, M4):
        count = count_pattern_accesslog(M1, regex)
        log.debug("count on %s = %d" % (i, count))

        # check that DEL is replicated once (If DEL is kept in the fix)
        # check that DEL is is not replicated (If DEL is finally no long done in the fix)
        assert ((count == 1) or (count == 0))

    # Step 8 - Check that M1 is Originator of cleanAllRuv and M2, M4 propagation
    regex = re.compile(".*Original task deletes Keep alive entry .3.*")
    assert pattern_errorlog(M1, regex)

    regex = re.compile(".*Propagated task does not delete Keep alive entry .3.*")
    assert pattern_errorlog(M2, regex)
    assert pattern_errorlog(M4, regex)

    # Step 9 - Check replication M1,M2 and M4 can recover
    add_user(M1, 12, desc="add to M1")
    add_user(M2, 22, desc="add to M2")
    for i in (M1, M2, M4):
        for j in (M1, M2, M4):
            if i == j:
                continue
            repl.wait_for_replication(i, j)

    # Step 10 - Remove M4 from the topology
    M4.stop()
    M1.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)
    M2.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)

    # Step 11 - Issue cleanAllRuv not force  while M2 is stopped (that hangs the cleanAllRuv)
    M2.stop()
    M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='4',
                         force=False, args={TASK_WAIT: False})

    # Step 12
    # CleanAllRuv is hanging waiting for M2 to restart
    # Check that nsds5ReplicaCleanRUV is correctly encoded on M1
    replicas = Replicas(M1)
    replica = replicas.list()[0]
    time.sleep(0.5)
    replica.present('nsds5ReplicaCleanRUV')
    log.info("M1: nsds5ReplicaCleanRUV=%s" % replica.get_attr_val_utf8('nsds5replicacleanruv'))
    regex = re.compile("^4:.*:no:1$")
    assert regex.match(replica.get_attr_val_utf8('nsds5replicacleanruv'))

    # Step 13
    # Check that it encoding survives restart
    M1.restart()
    assert replica.present('nsds5ReplicaCleanRUV')
    assert regex.match(replica.get_attr_val_utf8('nsds5replicacleanruv'))

    # Step 14 - Check that nsds5ReplicaCleanRUV encoding is valid on M2
    M1.stop()
    M2.start()
    replicas = Replicas(M2)
    replica = replicas.list()[0]
    M1.start()
    time.sleep(0.5)
    if replica.present('nsds5ReplicaCleanRUV'):
        log.info("M2: nsds5ReplicaCleanRUV=%s" % replica.get_attr_val_utf8('nsds5replicacleanruv'))
        regex = re.compile("^4:.*:no:0$")
        assert regex.match(replica.get_attr_val_utf8('nsds5replicacleanruv'))

    # time to run cleanAllRuv
    for i in (M1, M2):
        for j in (M1, M2):
            if i == j:
                continue
            repl.wait_for_replication(i, j)

    # Step 15 - Check that M1 is Originator of cleanAllRuv and M2 propagation
    regex = re.compile(".*Original task deletes Keep alive entry .4.*")
    assert pattern_errorlog(M1, regex)

    regex = re.compile(".*Propagated task does not delete Keep alive entry .4.*")
    assert pattern_errorlog(M2, regex)
Пример #9
0
def _add_user(request, topo):
    for i in ["Product Development", 'Accounting', "Human Resources"]:
        ou = OrganizationalUnit(topo.standalone,
                                "ou={},{}".format(i, DEFAULT_SUFFIX))
        ou.create(properties={'ou': i})

    properties = {
        'uid': 'Jeff Vedder',
        'cn': 'Jeff Vedder',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'JeffVedder',
        'userPassword': '******'
    }
    user = UserAccount(topo.standalone,
                       'cn=Jeff Vedder,{}'.format(CONTAINER_1_DELADD))
    user.create(properties=properties)
    user.set('secretary', 'cn=Arpitoo Borah, o=Red Hat, c=As')
    user.set('mail', '*****@*****.**')

    properties = {
        'uid': 'Sam Carter',
        'cn': 'Sam Carter',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'SamCarter',
        'userPassword': '******'
    }
    user = UserAccount(topo.standalone,
                       'cn=Sam Carter,{}'.format(CONTAINER_2_DELADD))
    user.create(properties=properties)

    properties = {
        'uid': 'Kirsten Vaughan',
        'cn': 'Kirsten Vaughan',
        'sn': 'Kirsten Vaughan',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'KirstenVaughan',
        'userPassword': '******'
    }
    user = UserAccount(
        topo.standalone,
        'cn=Kirsten Vaughan, ou=Human Resources,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)

    properties = {
        'uid': 'HARRY',
        'cn': 'HARRY',
        'sn': 'HARRY',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'HARRY',
        'userPassword': '******'
    }
    user = UserAccount(topo.standalone,
                       'cn=HARRY, ou=Accounting,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)

    def fin():
        for DN in [
                USER_DELADD, USER_WITH_ACI_DELADD, FRED, HARRY, KIRSTENVAUGHAN,
                HUMAN_OU_GLOBAL, CONTAINER_2_DELADD, CONTAINER_1_DELADD
        ]:
            ua = UserAccount(topo.standalone, DN)
            try:
                ua.delete()
            except:
                pass

    request.addfinalizer(fin)
Пример #10
0
def test_targattrfilters_keyword(topo):
    """
    Testing the targattrfilters keyword that allows access control based on the value
    of the attributes being added (or deleted))
    "Bug #979515 - ACLs inoperative in some search scenarios [rhel-6.5]"
    "Bug #979516 is a clone for DS8.2 on RHEL5.9"
    "Bug #979514 is a clone for RHEL6.4 zStream errata"
    :id:23f9e9d0-7aaa-11e8-b16b-8c16451d917b
    :setup: server
    :steps:
        1. Add test entry
        2. Add ACI
        3. User should follow ACI role
    :expectedresults:
        1. Entry should be added
        2. Operation should  succeed
        3. Operation should  succeed
    """
    domain = Domain(topo.standalone, DEFAULT_SUFFIX)
    domain.set('aci', None)
    ou = OrganizationalUnit(topo.standalone, 'ou=bug979515,{}'.format(DEFAULT_SUFFIX))
    ou.create(properties={'ou': 'bug979515'})
    Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", '(target="ldap:///ou=bug979515,{}") '
                '(targetattr= "uid") ( version 3.0; acl "read other subscriber"; allow (compare, read, search) '
                'userdn="ldap:///uid=*,ou=bug979515,{}" ; )'.format(DEFAULT_SUFFIX, DEFAULT_SUFFIX))
    properties = {
        'uid': 'acientryusr1',
        'cn': 'acientryusr1',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'acientryusr1'
    }
    user = UserAccount(topo.standalone, 'cn=acientryusr1,ou=bug979515,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)
    user.set('telephoneNumber', '99972566596')
    user.set('mail', '*****@*****.**')
    user.set("userPassword", "password")

    properties = {
        'uid': 'newaciphoneusr1',
        'cn': 'newaciphoneusr1',
        'sn': 'user',
        'uidNumber': '1000',
        'gidNumber': '2000',
        'homeDirectory': '/home/' + 'newaciphoneusr1'
    }
    user = UserAccount(topo.standalone, 'cn=newaciphoneusr1,ou=bug979515,{}'.format(DEFAULT_SUFFIX))
    user.create(properties=properties)
    user.set('telephoneNumber', '99972566596')
    user.set('mail', '*****@*****.**')
    conn = UserAccount(topo.standalone, "cn=acientryusr1,ou=bug979515,{}".format(DEFAULT_SUFFIX)).bind(PW_DM)
    #  Testing the targattrfilters keyword that allows access control based on the value of the attributes being added (or deleted))
    user = UserAccount(conn, "cn=acientryusr1,ou=bug979515,{}".format(DEFAULT_SUFFIX))
    with pytest.raises(IndexError):
        user.get_attr_vals('mail')
        user.get_attr_vals('telephoneNumber')
        user.get_attr_vals('cn')
    user = UserAccount(topo.standalone, "cn=acientryusr1,ou=bug979515,{}".format(DEFAULT_SUFFIX))
    user.get_attr_vals('mail')
    user.get_attr_vals('telephoneNumber')
    user.get_attr_vals('cn')