def setup(): global conn conn = DSAdmin(**config.auth) conn.verbose = True conn.added_entries = [] conn.added_backends = set(['o=mockbe2']) conn.added_replicas = [] harn_nolog()
def default_test(): host = 'localhost' port = 10200 binddn = "cn=directory manager" bindpw = "password" suffix = 'dc=example,dc=com' basedn = DN_CONFIG scope = ldap.SCOPE_BASE filt = "(objectclass=*)" instance_name = ['m1', 'm2'] instance_config = { 'cfgdshost': host, 'cfgdsport': port, 'cfgdsuser': '******', 'cfgdspwd': 'admin', 'newrootpw': 'password', 'newhost': host, 'newport': port, 'newinstance': instance_name[0], 'newsuffix': suffix, 'setup_admin': True, } try: m1 = DSAdmin(host, port, binddn, bindpw) except: m1 = DSAdminTools.createInstance(instance_config, verbose=1) added_instances.append(instance_config['newinstance']) # filename = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot, m1.inst) # m1.importLDIF(filename, "dc=example,dc=com", None, True) # m1.exportLDIF('/tmp/ldif', "dc=example,dc=com", False, True) print m1.sroot, m1.inst, m1.errlog ent = m1.getEntry(basedn, scope, filt, None) if ent: print ent.passwordmaxage instance_config.update({ 'newinstance': instance_name[1], 'newport': port + 10, }) m1 = DSAdminTools.createInstance(instance_config, verbose=1) added_instances.append(instance_config['newinstance']) # m1.stop(True) # m1.start(True) cn = m1.setupBackend("dc=example2,dc=com") rc = m1.setupSuffix("dc=example2,dc=com", cn) entry = m1.getEntry(DN_CONFIG, ldap.SCOPE_SUBTREE, "(cn=" + cn + ")") print "new backend entry is:" print entry print entry.getValues('objectclass') print entry.OBJECTCLASS results = m1.search_s("cn=monitor", ldap.SCOPE_SUBTREE) print results results = m1.getBackendsForSuffix("dc=example,dc=com") print results print "done"
def setup(): global conn try: conn = DSAdmin(**config.auth) conn.verbose = True conn.added_entries = [] except SERVER_DOWN, e: log.error("To run tests you need a working 389 instance %s" % config.auth) raise e
def setup(): # uses an existing 389 instance # add a suffix # add an agreement # This setup is quite verbose but to test dsadmin method we should # do things manually. A better solution would be to use an LDIF. global conn conn = DSAdmin(**config.auth) conn.verbose = True conn.added_entries = [] conn.added_backends = set(['o=mockbe1']) conn.added_replicas = [] """
'passwordLockoutDuration': 1800, 'passwordResetFailureCount': 1800, 'passwordMaxFailure': nattempts, 'passwordLockout': 'on' } m1.setPwdPolicy(pwdpolicy) m2.setPwdPolicy(pwdpolicy) #m1.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on") #m2.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on") opattrs = [ 'passwordRetryCount', 'retryCountResetTime', 'accountUnlockTime', 'passwordExpirationTime', 'modifyTimestamp', 'modifiersName' ] print "Do %d attempts to bind with incorrect password . . ." % nattempts userconn = DSAdmin(host1, port1) for xx in range(0, nattempts + 1): try: userconn.simple_bind_s(userdn, "boguspassword") except ldap.INVALID_CREDENTIALS: print "password was not correct" except ldap.CONSTRAINT_VIOLATION: print "too many password attempts" print "m1 pwd attrs" print "%s" % m1.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)", opattrs) print "m2 pwd attrs" print "%s" % m2.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)", opattrs) mymod = [(ldap.MOD_REPLACE, "description", "changed %d" % xx)] m1.modify_s(userdn, mymod)
rootdn2 = rootdn1 rootpw1 = "password" rootpw2 = rootpw1 basedn = "dc=testdomain, dc=com" m1replargs = { 'suffix': basedn, 'bename': "userRoot", 'binddn': "cn=replrepl,cn=config", 'bindcn': "replrepl", 'bindpw': "replrepl" } #os.environ['USE_DBX'] = "1" m1 = DSAdmin(host1, port1, rootdn1, rootpw1) m1.replicaSetupAll(m1replargs) m2replargs = m1replargs #os.environ['USE_DBX'] = 1 m2 = DSAdmin(host2, port2, rootdn2, rootpw2) m2.replicaSetupAll(m2replargs) print "create agreements and init consumers" agmtm1tom2 = m1.setupAgreement(m2, m1replargs) m1.startReplication_async(agmtm1tom2) print "waiting for init to finish" m1.waitForReplInit(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) nents = 5
ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'samAccountName' DESC 'AD uid attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )" % oidnum) oidnum = oidnum + 1 ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'objectGUID' DESC 'AD uuid attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )" % oidnum) oidnum = oidnum + 1 ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'userAccountControl' DESC 'AD user account control' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )" % oidnum) oidnum = oidnum + 1 ad.addObjClass("( 2.16.840.1.113730.3.2.%d NAME 'adPerson' DESC 'AD person mixin' SUP top AUXILIARY MAY ( samAccountName $ objectGUID $ name $ userAccountControl ) )" % oidnum) oidnum = oidnum + 1 ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'groupType' DESC 'AD group type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )" % oidnum) oidnum = oidnum + 1 ad.addObjClass("( 2.16.840.1.113730.3.2.%d NAME 'group' DESC 'AD group' SUP top STRUCTURAL MAY ( samAccountName $ groupType $ objectGUID $ name $ member $ ou $ cn $ description ) )" % oidnum) oidnum = oidnum + 1 aduserObjClasses = ['adPerson'] else: aduserObjClasses = ['top', 'person', 'organizationalperson', 'user'] ad = DSAdmin(host2, port2, root2, rootpw2) # the list of users we want to check to see if they were synced userids = {} # All IPA users must have these objectclasses - they should be # the same as in the cn=ipaConfig ipaUserObjectClasses list # ntUser either by the winsync code, or when you want an # existing IPA user to be synced with AD userObjClasses = [ 'top', 'person', 'organizationalPerson', 'inetOrgPerson' ] if ipawinsync: useObjClasses.extend(['inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile'])
import os import sys import time import ldap from dsadmin import DSAdmin, Entry, LEAF_TYPE host1 = "vmf8i386.testdomain.com" host2 = "vmf9x8664.testdomain.com" port1 = 389 port2 = 389 rootdn1 = "cn=directory manager" rootpw1 = 'secret12' rootdn2 = "cn=directory manager" rootpw2 = 'secret12' mux = DSAdmin(host1, port1, rootdn1, rootpw1) farm = DSAdmin(host2, port2, rootdn2, rootpw2) suffix = 'dc=chaintest' # add the suffix farm.addSuffix(suffix) # add the suffix entry dn = suffix ent = Entry(dn) ent.setValues('objectclass', 'domain') farm.add_s(ent) # setup chaining mux.setupChaining(farm, suffix, False) # add ctuser on farm
host2 = "vmf9x8664" port1 = 389 port2 = port1 rootpw = "secret12" m1replargs = { 'suffix': "dc=example,dc=com", 'bename': "userRoot", 'binddn': "cn=replrepl,cn=config", 'bindcn': "replrepl", 'bindpw': "replrepl" # 'log' : False } m2replargs = m1replargs m1 = DSAdmin(host1, port1, "cn=directory manager", rootpw) m2 = DSAdmin(host2, port2, "cn=directory manager", rootpw) m1.replicaSetupAll(m1replargs) m2.replicaSetupAll(m2replargs) print "create agreements and init consumers" agmtm1tom2 = m1.setupAgreement(m2, m1replargs) m1.startReplication_async(agmtm1tom2) print "waiting for init to finish" m1.waitForReplInit(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) sys.exit(0) basedn = "dc=example,dc=com"
ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection']) for ent in ents: print ent print "start search request . . ." scope = ldap.SCOPE_SUBTREE; filter = '(|(objectclass=*)(objectclass=nsTombstone))' serverctrls = [TestCtrl()] ents = m1.search_s(basedn, scope, filter) print "search returned %d entries" % len(ents) print "send abandon with controls . . ." m1.abandon_ext(999, serverctrls) print "send abandon without controls . . ." msgid2 = m1.abandon_ext(999) print "send unbind with controls . . ." # for some reason, unbind_ext_s is not passing # controls passed in - so have to set_option m1.set_option(ldap.OPT_SERVER_CONTROLS, serverctrls) m1.unbind_ext_s(serverctrls) print "try a search after the unbind . . ." try: ents = m1.search_s(basedn, scope, filter) except ldap.LDAPError, e: print "caught exception", e print "open new connection . . ." m1 = DSAdmin(host1, port1, binddn, bindpw) print "show active connections . . ." ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection']) for ent in ents: print ent
if len(args.H) != len(args.D) or len(args.H) != len(args.w): print "must provide the same number of host:port as binddn as bindpw" sys.exit(1) sufary = args.b suffixes = {} conns = [] for ii in range(0, len(args.H)): ary = args.H[ii].split(':') host = ary[0] if len(ary) == 1: port = 389 else: port = int(ary[1]) conn = DSAdmin(host, port, args.D[ii], args.w[ii]) conn.lastnumchanges = {} conn.avgrate = {} conn.count = {} conn.starttime = {} conn.endtime = {} conns.append(conn) sufary = args.b if not sufary: sufary = conn.getSuffixes() for suf in sufary: filt = '(nsds5replicaroot=' + suf + ')' agmts = conn.findAgreementDNs(filt) if not agmts: raise Exception("error: server " + str(conn) + " has no agreements for suffix " + suf)
initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get( 'PREFIX', '/usr') m1.importLDIF(initfile, '', "userRoot", True) #m1.setLogLevel(65535) print "Add the filtered group entry with bogus filter" dn = "cn=TestDynamicGroup,dc=example,dc=com" ent = Entry(dn) ent.setValues('description', "Dynamic test group") ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls') ent.setValues( 'memberurl', 'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)') #ent.cn = 'TestDynamicGroup' m1.add_s(ent) print "Add the bogus aci for that group" addmod = [( ldap.MOD_REPLACE, 'aci', '(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)' )] m1.modify_s("dc=example,dc=com", addmod) #m1.setLogLevel(0) print "Do a search binding as a member of the group" conn = DSAdmin(host1, port1, "uid=scarter,ou=people,dc=example,dc=com", "sprain") entries = conn.search_s("uid=scarter,ou=people,dc=example,dc=com", ldap.SCOPE_BASE, "objectclass=*")
ent = Entry(admindn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain Admin User') ent.setValues('sn', 'Chain') ent.setValues('givenName', 'Admin User') ent.setValues('userPassword', "adminpw") mux.add_s(ent) # add an aci for this user on the farm mod = [( ldap.MOD_ADD, 'aci', '(targetattr = "*") (version 3.0; acl "Administration User ACL";allow (all)(userdn = "ldap:///uid=ttestuser,cn=config");)' )] farm.modify_s(suffix, mod) admin = DSAdmin(host1, port1, admindn, adminpw) # add a new user using the admin account, first without user password dn = "uid=chainuser," + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain User') ent.setValues('sn', 'Chain') ent.setValues('givenName', 'User') admin.add_s(ent) print "added entry", dn # next, try it with userPassword dn = "uid=chainuser2," + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson')
def setup(): # uses an existing 389 instance # add a suffix # add an agreement # This setup is quite verbose but to test dsadmin method we should # do things manually. A better solution would be to use an LDIF. global conn conn = DSAdmin(**config.auth) conn.verbose = True conn.added_entries = [] conn.added_backends = set(['o=mockbe1']) conn.added_replicas = [] # add a backend for testing ruv and agreements addbackend_harn(conn, 'testReplica') # add another backend for testing replica.add() addbackend_harn(conn, 'testReplicaCreation') # replication needs changelog conn.replica.changelog() # add rmanager entry try: conn.add_s( Entry((DN_RMANAGER, { 'objectclass': "top person inetOrgPerson".split(), 'sn': ["bind dn pseudo user"], 'cn': 'replication manager', 'uid': 'rmanager' }))) conn.added_entries.append(DN_RMANAGER) except ldap.ALREADY_EXISTS: pass # add a master replica entry # to test ruv and agreements replica_dn = ','.join( ['cn=replica', 'cn="o=testReplica"', DN_MAPPING_TREE]) replica_e = Entry(replica_dn) replica_e.update({ 'objectclass': ["top", "nsds5replica", "extensibleobject"], 'cn': "replica", 'nsds5replicaroot': 'o=testReplica', 'nsds5replicaid': MOCK_REPLICA_ID, 'nsds5replicatype': '3', 'nsds5flags': '1', 'nsds5replicabinddn': DN_RMANAGER }) try: conn.add_s(replica_e) except ldap.ALREADY_EXISTS: pass conn.added_entries.append(replica_dn) agreement_dn = ','.join(('cn=testAgreement', replica_dn)) agreement_e = Entry(agreement_dn) agreement_e.update({ 'objectclass': ["top", "nsds5replicationagreement"], 'cn': 'testAgreement', 'nsds5replicahost': 'localhost', 'nsds5replicaport': '22389', 'nsds5replicatimeout': '120', 'nsds5replicabinddn': DN_RMANAGER, 'nsds5replicacredentials': 'password', 'nsds5replicabindmethod': 'simple', 'nsds5replicaroot': 'o=testReplica', 'nsds5replicaupdateschedule': '0000-2359 0123456', 'description': 'testAgreement' }) try: conn.add_s(agreement_e) except ldap.ALREADY_EXISTS: pass conn.added_entries.append(agreement_dn) conn.agreement_dn = agreement_dn
import os import sys import time import ldap from dsadmin import DSAdmin, Entry host1, port1, dn1, pw1, host2, port2, dn2, pw2 = sys.argv[1:] srv1 = DSAdmin(host1, int(port1), dn1, pw1) srv2 = DSAdmin(host2, int(port2), dn2, pw2) agmts1to2 = srv1.findAgreementDNs() agmts2to1 = srv2.findAgreementDNs() suffixes = {} srv1.lastnumchanges = {} srv2.lastnumchanges = {} srv1.avgrate = {} srv2.avgrate = {} srv1.count = {} srv2.count = {} repls = {} for dn in agmts1to2: ents = srv1.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*', ['nsDS5ReplicaRoot']) ndn = DSAdmin.normalizeDN(dn) nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot) suffixes[nrr] = dn srv1.lastnumchanges[ndn] = 0 rdns = ldap.explode_dn(dn, 0) ndn = DSAdmin.normalizeDN(','.join(rdns[1:]))
ad.addObjClass( "( 2.16.840.1.113730.3.2.%d NAME 'adPerson' DESC 'AD person mixin' SUP top AUXILIARY MAY ( samAccountName $ objectGUID $ name $ userAccountControl ) )" % oidnum) oidnum = oidnum + 1 ad.addAttr( "( 2.16.840.1.113730.3.1.%d NAME 'groupType' DESC 'AD group type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )" % oidnum) oidnum = oidnum + 1 ad.addObjClass( "( 2.16.840.1.113730.3.2.%d NAME 'group' DESC 'AD group' SUP top STRUCTURAL MAY ( samAccountName $ groupType $ objectGUID $ name $ member $ ou $ cn $ description ) )" % oidnum) oidnum = oidnum + 1 aduserObjClasses = ['adPerson'] else: aduserObjClasses = ['top', 'person', 'organizationalperson', 'user'] ad = DSAdmin(host2, port2, nobind=True) # require TLS/SSL for password updates ad.start_tls_s() ad.simple_bind_s(root2, rootpw2) # the list of users we want to check to see if they were synced userids = {} # All IPA users must have these objectclasses - they should be # the same as in the cn=ipaConfig ipaUserObjectClasses list # ntUser either by the winsync code, or when you want an # existing IPA user to be synced with AD userObjClasses = [ 'top', 'person', 'organizationalPerson', 'inetOrgPerson', 'ntUser' ]
print "starting replication . . ." m1.startReplication(agmtm1toc1) print "Replication started" print "Press Enter to continue . . ." foo = sys.stdin.readline() print "modify entry on m1" dn = "uid=scarter,ou=people,dc=example,dc=com" mod = [(ldap.MOD_ADD, 'description', 'description')] m1.modify_s(dn, mod) c1.waitForEntry(dn, 10, 'description') print "Modify entry on c1" dn = "uid=jvedder,ou=people,dc=example,dc=com" cc1 = DSAdmin(host2, port2, dn, "befitting") mod = [(ldap.MOD_REPLACE, 'telephonenumber', '123456789')] cc1.modify_s(dn, mod) print "Wait for mod to show up on m1" time.sleep(10) ents = m1.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', ['telephonenumber']) ent = ents[0] if ent.telephonenumber == '123456789': print "m1 success - telephonenumber changed" else: print "m1 failed - value is still " + ent.telephonenumber ents = c1.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', ['telephonenumber']) ent = ents[0] if ent.telephonenumber == '123456789': print "c1 success - telephonenumber changed"
port1 = cfgport + 30 basedn = 'dc=example,dc=com' newinst = 'srv' # os.environ['USE_VALGRIND'] = '1' # srv = DSAdmin.createInstance({ # 'newrootpw': 'password', # 'newhost': host1, # 'newport': port1, # 'newinst': newinst, # 'newsuffix': basedn, # 'no_admin': True # }) srv = DSAdmin(host1, port1, "cn=directory manager", 'password') ent = Entry(basedn) ent.setValues('objectclass', 'domain') try: srv.add_s(ent) except ldap.ALREADY_EXISTS: pass ent = Entry("ou=people," + basedn) ent.setValues('objectclass', 'organizationalUnit') try: srv.add_s(ent) except ldap.ALREADY_EXISTS: pass