def setup():
global conn
conn = DSAdmin(**config.auth)
conn.verbose = True
conn.added_entries = []
conn.added_backends = set(['o=mockbe2'])
conn.added_replicas = []
harn_nolog()
def default_test():
host = 'localhost'
port = 10200
binddn = "cn=directory manager"
bindpw = "password"
suffix = 'dc=example,dc=com'
basedn = DN_CONFIG
scope = ldap.SCOPE_BASE
filt = "(objectclass=*)"
instance_name = ['m1', 'm2']
instance_config = {
'cfgdshost': host,
'cfgdsport': port,
'cfgdsuser': '******',
'cfgdspwd': 'admin',
'newrootpw': 'password',
'newhost': host,
'newport': port,
'newinstance': instance_name[0],
'newsuffix': suffix,
'setup_admin': True,
}
try:
m1 = DSAdmin(host, port, binddn, bindpw)
except:
m1 = DSAdminTools.createInstance(instance_config, verbose=1)
added_instances.append(instance_config['newinstance'])
# filename = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot, m1.inst)
# m1.importLDIF(filename, "dc=example,dc=com", None, True)
# m1.exportLDIF('/tmp/ldif', "dc=example,dc=com", False, True)
print m1.sroot, m1.inst, m1.errlog
ent = m1.getEntry(basedn, scope, filt, None)
if ent:
print ent.passwordmaxage
instance_config.update({
'newinstance': instance_name[1],
'newport': port + 10,
})
m1 = DSAdminTools.createInstance(instance_config, verbose=1)
added_instances.append(instance_config['newinstance'])
# m1.stop(True)
# m1.start(True)
cn = m1.setupBackend("dc=example2,dc=com")
rc = m1.setupSuffix("dc=example2,dc=com", cn)
entry = m1.getEntry(DN_CONFIG, ldap.SCOPE_SUBTREE, "(cn=" + cn + ")")
print "new backend entry is:"
print entry
print entry.getValues('objectclass')
print entry.OBJECTCLASS
results = m1.search_s("cn=monitor", ldap.SCOPE_SUBTREE)
print results
results = m1.getBackendsForSuffix("dc=example,dc=com")
print results
print "done"
def setup():
global conn
try:
conn = DSAdmin(**config.auth)
conn.verbose = True
conn.added_entries = []
except SERVER_DOWN, e:
log.error("To run tests you need a working 389 instance %s" %
config.auth)
raise e
def setup():
# uses an existing 389 instance
# add a suffix
# add an agreement
# This setup is quite verbose but to test dsadmin method we should
# do things manually. A better solution would be to use an LDIF.
global conn
conn = DSAdmin(**config.auth)
conn.verbose = True
conn.added_entries = []
conn.added_backends = set(['o=mockbe1'])
conn.added_replicas = []
"""
'passwordLockoutDuration': 1800,
'passwordResetFailureCount': 1800,
'passwordMaxFailure': nattempts,
'passwordLockout': 'on'
}
m1.setPwdPolicy(pwdpolicy)
m2.setPwdPolicy(pwdpolicy)
#m1.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on")
#m2.setPwdPolicy(passwordLockout="on", passwordisglobalpolicy="on")
opattrs = [
'passwordRetryCount', 'retryCountResetTime', 'accountUnlockTime',
'passwordExpirationTime', 'modifyTimestamp', 'modifiersName'
]
print "Do %d attempts to bind with incorrect password . . ." % nattempts
userconn = DSAdmin(host1, port1)
for xx in range(0, nattempts + 1):
try:
userconn.simple_bind_s(userdn, "boguspassword")
except ldap.INVALID_CREDENTIALS:
print "password was not correct"
except ldap.CONSTRAINT_VIOLATION:
print "too many password attempts"
print "m1 pwd attrs"
print "%s" % m1.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)",
opattrs)
print "m2 pwd attrs"
print "%s" % m2.getEntry(userdn, ldap.SCOPE_BASE, "(objectclass=*)",
opattrs)
mymod = [(ldap.MOD_REPLACE, "description", "changed %d" % xx)]
m1.modify_s(userdn, mymod)
rootdn2 = rootdn1
rootpw1 = "password"
rootpw2 = rootpw1
basedn = "dc=testdomain, dc=com"
m1replargs = {
'suffix': basedn,
'bename': "userRoot",
'binddn': "cn=replrepl,cn=config",
'bindcn': "replrepl",
'bindpw': "replrepl"
}
#os.environ['USE_DBX'] = "1"
m1 = DSAdmin(host1, port1, rootdn1, rootpw1)
m1.replicaSetupAll(m1replargs)
m2replargs = m1replargs
#os.environ['USE_DBX'] = 1
m2 = DSAdmin(host2, port2, rootdn2, rootpw2)
m2.replicaSetupAll(m2replargs)
print "create agreements and init consumers"
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
nents = 5
ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'samAccountName' DESC 'AD uid attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )" % oidnum)
oidnum = oidnum + 1
ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'objectGUID' DESC 'AD uuid attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )" % oidnum)
oidnum = oidnum + 1
ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'userAccountControl' DESC 'AD user account control' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )" % oidnum)
oidnum = oidnum + 1
ad.addObjClass("( 2.16.840.1.113730.3.2.%d NAME 'adPerson' DESC 'AD person mixin' SUP top AUXILIARY MAY ( samAccountName $ objectGUID $ name $ userAccountControl ) )" % oidnum)
oidnum = oidnum + 1
ad.addAttr("( 2.16.840.1.113730.3.1.%d NAME 'groupType' DESC 'AD group type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )" % oidnum)
oidnum = oidnum + 1
ad.addObjClass("( 2.16.840.1.113730.3.2.%d NAME 'group' DESC 'AD group' SUP top STRUCTURAL MAY ( samAccountName $ groupType $ objectGUID $ name $ member $ ou $ cn $ description ) )" % oidnum)
oidnum = oidnum + 1
aduserObjClasses = ['adPerson']
else:
aduserObjClasses = ['top', 'person', 'organizationalperson', 'user']
ad = DSAdmin(host2, port2, root2, rootpw2)
# the list of users we want to check to see if they were synced
userids = {}
# All IPA users must have these objectclasses - they should be
# the same as in the cn=ipaConfig ipaUserObjectClasses list
# ntUser either by the winsync code, or when you want an
# existing IPA user to be synced with AD
userObjClasses = [
'top', 'person', 'organizationalPerson', 'inetOrgPerson'
]
if ipawinsync:
useObjClasses.extend(['inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile'])
import os
import sys
import time
import ldap
from dsadmin import DSAdmin, Entry, LEAF_TYPE
host1 = "vmf8i386.testdomain.com"
host2 = "vmf9x8664.testdomain.com"
port1 = 389
port2 = 389
rootdn1 = "cn=directory manager"
rootpw1 = 'secret12'
rootdn2 = "cn=directory manager"
rootpw2 = 'secret12'
mux = DSAdmin(host1, port1, rootdn1, rootpw1)
farm = DSAdmin(host2, port2, rootdn2, rootpw2)
suffix = 'dc=chaintest'
# add the suffix
farm.addSuffix(suffix)
# add the suffix entry
dn = suffix
ent = Entry(dn)
ent.setValues('objectclass', 'domain')
farm.add_s(ent)
# setup chaining
mux.setupChaining(farm, suffix, False)
# add ctuser on farm
host2 = "vmf9x8664"
port1 = 389
port2 = port1
rootpw = "secret12"
m1replargs = {
'suffix': "dc=example,dc=com",
'bename': "userRoot",
'binddn': "cn=replrepl,cn=config",
'bindcn': "replrepl",
'bindpw': "replrepl"
# 'log' : False
}
m2replargs = m1replargs
m1 = DSAdmin(host1, port1, "cn=directory manager", rootpw)
m2 = DSAdmin(host2, port2, "cn=directory manager", rootpw)
m1.replicaSetupAll(m1replargs)
m2.replicaSetupAll(m2replargs)
print "create agreements and init consumers"
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
sys.exit(0)
basedn = "dc=example,dc=com"
ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection'])
for ent in ents:
print ent
print "start search request . . ."
scope = ldap.SCOPE_SUBTREE;
filter = '(|(objectclass=*)(objectclass=nsTombstone))'
serverctrls = [TestCtrl()]
ents = m1.search_s(basedn, scope, filter)
print "search returned %d entries" % len(ents)
print "send abandon with controls . . ."
m1.abandon_ext(999, serverctrls)
print "send abandon without controls . . ."
msgid2 = m1.abandon_ext(999)
print "send unbind with controls . . ."
# for some reason, unbind_ext_s is not passing
# controls passed in - so have to set_option
m1.set_option(ldap.OPT_SERVER_CONTROLS, serverctrls)
m1.unbind_ext_s(serverctrls)
print "try a search after the unbind . . ."
try:
ents = m1.search_s(basedn, scope, filter)
except ldap.LDAPError, e:
print "caught exception", e
print "open new connection . . ."
m1 = DSAdmin(host1, port1, binddn, bindpw)
print "show active connections . . ."
ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection'])
for ent in ents:
print ent
if len(args.H) != len(args.D) or len(args.H) != len(args.w):
print "must provide the same number of host:port as binddn as bindpw"
sys.exit(1)
sufary = args.b
suffixes = {}
conns = []
for ii in range(0, len(args.H)):
ary = args.H[ii].split(':')
host = ary[0]
if len(ary) == 1:
port = 389
else:
port = int(ary[1])
conn = DSAdmin(host, port, args.D[ii], args.w[ii])
conn.lastnumchanges = {}
conn.avgrate = {}
conn.count = {}
conn.starttime = {}
conn.endtime = {}
conns.append(conn)
sufary = args.b
if not sufary:
sufary = conn.getSuffixes()
for suf in sufary:
filt = '(nsds5replicaroot=' + suf + ')'
agmts = conn.findAgreementDNs(filt)
if not agmts:
raise Exception("error: server " + str(conn) +
" has no agreements for suffix " + suf)
initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get(
'PREFIX', '/usr')
m1.importLDIF(initfile, '', "userRoot", True)
#m1.setLogLevel(65535)
print "Add the filtered group entry with bogus filter"
dn = "cn=TestDynamicGroup,dc=example,dc=com"
ent = Entry(dn)
ent.setValues('description', "Dynamic test group")
ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls')
ent.setValues(
'memberurl',
'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)')
#ent.cn = 'TestDynamicGroup'
m1.add_s(ent)
print "Add the bogus aci for that group"
addmod = [(
ldap.MOD_REPLACE, 'aci',
'(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)'
)]
m1.modify_s("dc=example,dc=com", addmod)
#m1.setLogLevel(0)
print "Do a search binding as a member of the group"
conn = DSAdmin(host1, port1, "uid=scarter,ou=people,dc=example,dc=com",
"sprain")
entries = conn.search_s("uid=scarter,ou=people,dc=example,dc=com",
ldap.SCOPE_BASE, "objectclass=*")
ent = Entry(admindn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain Admin User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'Admin User')
ent.setValues('userPassword', "adminpw")
mux.add_s(ent)
# add an aci for this user on the farm
mod = [(
ldap.MOD_ADD, 'aci',
'(targetattr = "*") (version 3.0; acl "Administration User ACL";allow (all)(userdn = "ldap:///uid=ttestuser,cn=config");)'
)]
farm.modify_s(suffix, mod)
admin = DSAdmin(host1, port1, admindn, adminpw)
# add a new user using the admin account, first without user password
dn = "uid=chainuser," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'User')
admin.add_s(ent)
print "added entry", dn
# next, try it with userPassword
dn = "uid=chainuser2," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
def setup():
# uses an existing 389 instance
# add a suffix
# add an agreement
# This setup is quite verbose but to test dsadmin method we should
# do things manually. A better solution would be to use an LDIF.
global conn
conn = DSAdmin(**config.auth)
conn.verbose = True
conn.added_entries = []
conn.added_backends = set(['o=mockbe1'])
conn.added_replicas = []
# add a backend for testing ruv and agreements
addbackend_harn(conn, 'testReplica')
# add another backend for testing replica.add()
addbackend_harn(conn, 'testReplicaCreation')
# replication needs changelog
conn.replica.changelog()
# add rmanager entry
try:
conn.add_s(
Entry((DN_RMANAGER, {
'objectclass': "top person inetOrgPerson".split(),
'sn': ["bind dn pseudo user"],
'cn': 'replication manager',
'uid': 'rmanager'
})))
conn.added_entries.append(DN_RMANAGER)
except ldap.ALREADY_EXISTS:
pass
# add a master replica entry
# to test ruv and agreements
replica_dn = ','.join(
['cn=replica', 'cn="o=testReplica"', DN_MAPPING_TREE])
replica_e = Entry(replica_dn)
replica_e.update({
'objectclass': ["top", "nsds5replica", "extensibleobject"],
'cn': "replica",
'nsds5replicaroot': 'o=testReplica',
'nsds5replicaid': MOCK_REPLICA_ID,
'nsds5replicatype': '3',
'nsds5flags': '1',
'nsds5replicabinddn': DN_RMANAGER
})
try:
conn.add_s(replica_e)
except ldap.ALREADY_EXISTS:
pass
conn.added_entries.append(replica_dn)
agreement_dn = ','.join(('cn=testAgreement', replica_dn))
agreement_e = Entry(agreement_dn)
agreement_e.update({
'objectclass': ["top", "nsds5replicationagreement"],
'cn': 'testAgreement',
'nsds5replicahost': 'localhost',
'nsds5replicaport': '22389',
'nsds5replicatimeout': '120',
'nsds5replicabinddn': DN_RMANAGER,
'nsds5replicacredentials': 'password',
'nsds5replicabindmethod': 'simple',
'nsds5replicaroot': 'o=testReplica',
'nsds5replicaupdateschedule': '0000-2359 0123456',
'description': 'testAgreement'
})
try:
conn.add_s(agreement_e)
except ldap.ALREADY_EXISTS:
pass
conn.added_entries.append(agreement_dn)
conn.agreement_dn = agreement_dn
import os
import sys
import time
import ldap
from dsadmin import DSAdmin, Entry
host1, port1, dn1, pw1, host2, port2, dn2, pw2 = sys.argv[1:]
srv1 = DSAdmin(host1, int(port1), dn1, pw1)
srv2 = DSAdmin(host2, int(port2), dn2, pw2)
agmts1to2 = srv1.findAgreementDNs()
agmts2to1 = srv2.findAgreementDNs()
suffixes = {}
srv1.lastnumchanges = {}
srv2.lastnumchanges = {}
srv1.avgrate = {}
srv2.avgrate = {}
srv1.count = {}
srv2.count = {}
repls = {}
for dn in agmts1to2:
ents = srv1.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*',
['nsDS5ReplicaRoot'])
ndn = DSAdmin.normalizeDN(dn)
nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot)
suffixes[nrr] = dn
srv1.lastnumchanges[ndn] = 0
rdns = ldap.explode_dn(dn, 0)
ndn = DSAdmin.normalizeDN(','.join(rdns[1:]))
ad.addObjClass(
"( 2.16.840.1.113730.3.2.%d NAME 'adPerson' DESC 'AD person mixin' SUP top AUXILIARY MAY ( samAccountName $ objectGUID $ name $ userAccountControl ) )"
% oidnum)
oidnum = oidnum + 1
ad.addAttr(
"( 2.16.840.1.113730.3.1.%d NAME 'groupType' DESC 'AD group type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )"
% oidnum)
oidnum = oidnum + 1
ad.addObjClass(
"( 2.16.840.1.113730.3.2.%d NAME 'group' DESC 'AD group' SUP top STRUCTURAL MAY ( samAccountName $ groupType $ objectGUID $ name $ member $ ou $ cn $ description ) )"
% oidnum)
oidnum = oidnum + 1
aduserObjClasses = ['adPerson']
else:
aduserObjClasses = ['top', 'person', 'organizationalperson', 'user']
ad = DSAdmin(host2, port2, nobind=True)
# require TLS/SSL for password updates
ad.start_tls_s()
ad.simple_bind_s(root2, rootpw2)
# the list of users we want to check to see if they were synced
userids = {}
# All IPA users must have these objectclasses - they should be
# the same as in the cn=ipaConfig ipaUserObjectClasses list
# ntUser either by the winsync code, or when you want an
# existing IPA user to be synced with AD
userObjClasses = [
'top', 'person', 'organizationalPerson', 'inetOrgPerson', 'ntUser'
]
print "starting replication . . ."
m1.startReplication(agmtm1toc1)
print "Replication started"
print "Press Enter to continue . . ."
foo = sys.stdin.readline()
print "modify entry on m1"
dn = "uid=scarter,ou=people,dc=example,dc=com"
mod = [(ldap.MOD_ADD, 'description', 'description')]
m1.modify_s(dn, mod)
c1.waitForEntry(dn, 10, 'description')
print "Modify entry on c1"
dn = "uid=jvedder,ou=people,dc=example,dc=com"
cc1 = DSAdmin(host2, port2, dn, "befitting")
mod = [(ldap.MOD_REPLACE, 'telephonenumber', '123456789')]
cc1.modify_s(dn, mod)
print "Wait for mod to show up on m1"
time.sleep(10)
ents = m1.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', ['telephonenumber'])
ent = ents[0]
if ent.telephonenumber == '123456789':
print "m1 success - telephonenumber changed"
else:
print "m1 failed - value is still " + ent.telephonenumber
ents = c1.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', ['telephonenumber'])
ent = ents[0]
if ent.telephonenumber == '123456789':
print "c1 success - telephonenumber changed"
port1 = cfgport + 30
basedn = 'dc=example,dc=com'
newinst = 'srv'
# os.environ['USE_VALGRIND'] = '1'
# srv = DSAdmin.createInstance({
# 'newrootpw': 'password',
# 'newhost': host1,
# 'newport': port1,
# 'newinst': newinst,
# 'newsuffix': basedn,
# 'no_admin': True
# })
srv = DSAdmin(host1, port1, "cn=directory manager", 'password')
ent = Entry(basedn)
ent.setValues('objectclass', 'domain')
try:
srv.add_s(ent)
except ldap.ALREADY_EXISTS:
pass
ent = Entry("ou=people," + basedn)
ent.setValues('objectclass', 'organizationalUnit')
try:
srv.add_s(ent)
except ldap.ALREADY_EXISTS:
pass
