示例#1
0
    'passwordInHistory': 5,
    'passwordCheckSyntax': 'on',
    'passwordGraceLimit': 3,
    'passwordLockoutDuration': 1800,
    'passwordResetFailureCount': 1800,
    'passwordMaxFailure': nattempts,
    'passwordLockout': 'on'
}
m1.setPwdPolicy(pwdpolicy)
m2.setPwdPolicy(pwdpolicy)
#m1.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on")
#m2.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on")

opattrs = [ 'passwordRetryCount', 'retryCountResetTime', 'accountUnlockTime', 'passwordExpirationTime', 'modifyTimestamp', 'modifiersName' ]
print "Do %d attempts to bind with incorrect password . . ." % nattempts
userconn = DSAdmin(host1, port1)
for xx in range(0, nattempts+1):
    try:
        userconn.simple_bind_s(userdn, "boguspassword")
    except ldap.INVALID_CREDENTIALS: print "password was not correct"
    except ldap.CONSTRAINT_VIOLATION: print "too many password attempts"
    print "m1 pwd attrs"
    print "%s" % m1.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)", opattrs)
    print "m2 pwd attrs"
    print "%s" % m2.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)", opattrs)
    mymod = [(ldap.MOD_REPLACE, "description", "changed %d" % xx)]
    m1.modify_s(userdn, mymod)
userconn.unbind()

print "sleep to let repl propagate . . ."
time.sleep(5)
示例#2
0
root2 = root1
rootpw1 = 'password'
rootpw2 = rootpw1
basedn = "dc=example,dc=com"

m1replargs = {
    'suffix': basedn,
    'bename': "userRoot",
    'binddn': "cn=replrepl,cn=config",
    'bindcn': "replrepl",
    'bindpw': "replrepl",
    'bindmethod': 'SASL/DIGEST-MD5',
    'log': False
}

m1 = DSAdmin(host1, port1, root1, rootpw1)
m1.replicaSetupAll(m1replargs)

m2replargs = m1replargs
m2 = DSAdmin(host2, port2, root2, rootpw2)
m2.replicaSetupAll(m2replargs)

print "create agreements and init consumers"
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
time.sleep(5)
m1.setLogLevel(1024)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
time.sleep(5)
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
示例#3
0
    initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get(
        'PREFIX', '/usr')

m1.importLDIF(initfile, '', "userRoot", True)

#m1.setLogLevel(65535)
print "Add the filtered group entry with bogus filter"
dn = "cn=TestDynamicGroup,dc=example,dc=com"
ent = Entry(dn)
ent.setValues('description', "Dynamic test group")
ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls')
ent.setValues(
    'memberurl',
    'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)')
#ent.cn = 'TestDynamicGroup'
m1.add_s(ent)

print "Add the bogus aci for that group"
addmod = [(
    ldap.MOD_REPLACE, 'aci',
    '(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)'
)]
m1.modify_s("dc=example,dc=com", addmod)
#m1.setLogLevel(0)

print "Do a search binding as a member of the group"
conn = DSAdmin(host1, port1, "uid=scarter,ou=people,dc=example,dc=com",
               "sprain")
entries = conn.search_s("uid=scarter,ou=people,dc=example,dc=com",
                        ldap.SCOPE_BASE, "objectclass=*")
示例#4
0
    print "Fake AD needs extra schema . . ."
    oidnum = 10000000
    ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'samAccountName' DESC 'AD uid attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )" % oidnum)
    oidnum = oidnum + 1
    ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'objectGUID' DESC 'AD uuid attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )" % oidnum)
    oidnum = oidnum + 1
    ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'userAccountControl' DESC 'AD user account control' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )" % oidnum)
    oidnum = oidnum + 1
    ad.addObjClass("( 2.16.840.1.113730.3.2.%d NAME 'adPerson' DESC 'AD person mixin' SUP top AUXILIARY MAY ( samAccountName $ objectGUID $ name $ userAccountControl ) )" % oidnum)
    oidnum = oidnum + 1
    ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'groupType' DESC 'AD group type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )" % oidnum)
    oidnum = oidnum + 1
    ad.addObjClass("( 2.16.840.1.113730.3.2.%d NAME 'group' DESC 'AD group' SUP top STRUCTURAL MAY ( samAccountName $ groupType $ objectGUID $ name $ member $ ou $ cn $ description ) )" % oidnum)
    oidnum = oidnum + 1
else:
    ad = DSAdmin(host2, port2, root2, rootpw2)

# the list of users we want to check to see if they were synced
userids = {}

# All IPA users must have these objectclasses - they should be
# the same as in the cn=ipaConfig ipaUserObjectClasses list
# ntUser either by the winsync code, or when you want an
# existing IPA user to be synced with AD
userObjClasses = [
    'top', 'person', 'organizationalPerson', 'inetOrgPerson'
]

if useds:
    print "Create sub-ou's on the AD side and add users . . ."
    ii = 0
示例#5
0
host2 = "vmf9x8664"
port1 = 389
port2 = port1
rootpw = "secret12"

m1replargs = {
	'suffix': "dc=example,dc=com",
	'bename': "userRoot",
	'binddn': "cn=replrepl,cn=config",
	'bindcn': "replrepl",
	'bindpw': "replrepl"
#    'log'   : False
}
m2replargs = m1replargs

m1 = DSAdmin(host1, port1, "cn=directory manager", rootpw)
m2 = DSAdmin(host2, port2, "cn=directory manager", rootpw)

m1.replicaSetupAll(m1replargs)
m2.replicaSetupAll(m2replargs)

print "create agreements and init consumers"
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)

sys.exit(0)

basedn = "dc=example,dc=com"
示例#6
0
ent = Entry(admindn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain Admin User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'Admin User')
ent.setValues('userPassword', "adminpw")
mux.add_s(ent)

# add an aci for this user on the farm
mod = [(
    ldap.MOD_ADD, 'aci',
    '(targetattr = "*") (version 3.0; acl "Administration User ACL";allow (all)(userdn = "ldap:///uid=ttestuser,cn=config");)'
)]
farm.modify_s(suffix, mod)

admin = DSAdmin(host1, port1, admindn, adminpw)

# add a new user using the admin account, first without user password
dn = "uid=chainuser," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'User')
admin.add_s(ent)
print "added entry", dn

# next, try it with userPassword
dn = "uid=chainuser2," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
示例#7
0
for ent in ents:
    print ent
print "start search request . . ."
scope = ldap.SCOPE_SUBTREE
filter = '(|(objectclass=*)(objectclass=nsTombstone))'
serverctrls = [TestCtrl()]
ents = m1.search_s(basedn, scope, filter)
print "search returned %d entries" % len(ents)
print "send abandon with controls . . ."
m1.abandon_ext(999, serverctrls)
print "send abandon without controls . . ."
msgid2 = m1.abandon_ext(999)
print "send unbind with controls . . ."
# for some reason, unbind_ext_s is not passing
# controls passed in - so have to set_option
m1.set_option(ldap.OPT_SERVER_CONTROLS, serverctrls)
m1.unbind_ext_s(serverctrls)
print "try a search after the unbind . . ."
try:
    ents = m1.search_s(basedn, scope, filter)
except ldap.LDAPError, e:
    print "caught exception", e

print "open new connection . . ."
m1 = DSAdmin(host1, port1, binddn, bindpw)
print "show active connections . . ."
ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)',
                   ['currentconnections', 'connection'])
for ent in ents:
    print ent