{'description': 'normal, regular AD account disabled, do not expire password', 'userAccountControl': 512 + 2 + 65536} ] userids_disabled = {} if useds: print "Create sub-ou's on the AD side and add users . . ." ii = 0 dns = ['ou=people,' + suffix, 'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix, 'ou=12,ou=1,ou=people,' + suffix] for dn in dns: ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ad.add_s(ent) except ldap.ALREADY_EXISTS: pass print "Add users to", dn for jj in range(0,5): strii = str(ii) userdn = 'cn=Test User' + strii + ',' + dn ent = Entry(userdn) userid = 'userid' + strii ent.setValues('objectclass', ['person', 'adPerson']) ent.setValues('sn', 'User' + strii) ent.setValues('samAccountName', userid) ent.setValues('objectGUID', struct.pack('B', ii)) ent.setValues('name', 'Test User' + strii) # same as cn kk = ii % len(userAcctVals) for attr, val in userAcctVals[kk].iteritems(): ent.setValues(attr, str(val))
agmtm1tom2 = m1.setupAgreement(m2, m1replargs) m1.startReplication_async(agmtm1tom2) print "waiting for init to finish" m1.waitForReplInit(agmtm1tom2) agmtm2tom1 = m2.setupAgreement(m1, m2replargs) nents = 5 m1ents = range(nents) m2ents = range(len(m1ents), len(m1ents)+nents+1) print "Add %d entries to m2" % len(m2ents) for ii in m2ents: dn = "cn=%d, %s" % (ii, basedn) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'testuser') m2.add_s(ent) print "Added m2 entry", dn print "Add %d entries to m1" % len(m1ents) for ii in m1ents: dn = "cn=%d, %s" % (ii, basedn) ent = Entry(dn) ent.setValues('objectclass', 'person') ent.setValues('sn', 'testuser') m1.add_s(ent) print "Added m1 entry", dn print "Sleep for 5 seconds to let changes propagate . . ." time.sleep(5) print "see if m1 entries made it to m2"
}] userids_disabled = {} if useds: print "Create sub-ou's on the AD side and add users . . ." ii = 0 dns = [ 'ou=people,' + suffix, 'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix, 'ou=12,ou=1,ou=people,' + suffix ] for dn in dns: ent = Entry(dn) ent.setValues('objectclass', 'organizationalUnit') try: ad.add_s(ent) except ldap.ALREADY_EXISTS: pass print "Add users to", dn for jj in range(0, 5): strii = str(ii) userdn = 'cn=Test User' + strii + ',' + dn ent = Entry(userdn) userid = 'userid' + strii ent.setValues('objectclass', ['person', 'adPerson']) ent.setValues('sn', 'User' + strii) ent.setValues('samAccountName', userid) ent.setValues('objectGUID', struct.pack('B', ii)) ent.setValues('name', 'Test User' + strii) # same as cn kk = ii % len(userAcctVals) for attr, val in userAcctVals[kk].iteritems():
mux.add_s(ent) # add an aci for this user on the farm mod = [(ldap.MOD_ADD, 'aci', '(targetattr = "*") (version 3.0; acl "Administration User ACL";allow (all)(userdn = "ldap:///uid=ttestuser,cn=config");)')] farm.modify_s(suffix, mod) admin = DSAdmin(host1, port1, admindn, adminpw) # add a new user using the admin account, first without user password dn = "uid=chainuser," + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain User') ent.setValues('sn', 'Chain') ent.setValues('givenName', 'User') admin.add_s(ent) print "added entry", dn # next, try it with userPassword dn = "uid=chainuser2," + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain User') ent.setValues('sn', 'Chain') ent.setValues('givenName', 'User') ent.setValues('userPassword', "password") admin.add_s(ent) # search for user on farm ents = farm.search_s(dn, ldap.SCOPE_BASE) if not ents:
port2 = 389 rootdn1 = "cn=directory manager" rootpw1 = 'secret12' rootdn2 = "cn=directory manager" rootpw2 = 'secret12' mux = DSAdmin(host1, port1, rootdn1, rootpw1) farm = DSAdmin(host2, port2, rootdn2, rootpw2) suffix = 'dc=chaintest' # add the suffix farm.addSuffix(suffix) # add the suffix entry dn = suffix ent = Entry(dn) ent.setValues('objectclass', 'domain') farm.add_s(ent) # setup chaining mux.setupChaining(farm, suffix, False) # add ctuser on farm dn = 'uid=ctuser,' + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain Testuser') ent.setValues('sn', 'Testuser') ent.setValues('givenName', 'Chain') farm.add_s(ent)
mod = [( ldap.MOD_ADD, 'aci', '(targetattr = "*") (version 3.0; acl "Administration User ACL";allow (all)(userdn = "ldap:///uid=ttestuser,cn=config");)' )] farm.modify_s(suffix, mod) admin = DSAdmin(host1, port1, admindn, adminpw) # add a new user using the admin account, first without user password dn = "uid=chainuser," + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain User') ent.setValues('sn', 'Chain') ent.setValues('givenName', 'User') admin.add_s(ent) print "added entry", dn # next, try it with userPassword dn = "uid=chainuser2," + suffix ent = Entry(dn) ent.setValues('objectclass', 'inetOrgPerson') ent.setValues('cn', 'Chain User') ent.setValues('sn', 'Chain') ent.setValues('givenName', 'User') ent.setValues('userPassword', "password") admin.add_s(ent) # search for user on farm ents = farm.search_s(dn, ldap.SCOPE_BASE) if not ents:
def setup(): # uses an existing 389 instance # add a suffix # add an agreement # This setup is quite verbose but to test dsadmin method we should # do things manually. A better solution would be to use an LDIF. global conn conn = DSAdmin(**config.auth) conn.verbose = True conn.added_entries = [] conn.added_backends = set(['o=mockbe1']) conn.added_replicas = [] # add a backend for testing ruv and agreements addbackend_harn(conn, 'testReplica') # add another backend for testing replica.add() addbackend_harn(conn, 'testReplicaCreation') # replication needs changelog conn.replica.changelog() # add rmanager entry try: conn.add_s( Entry((DN_RMANAGER, { 'objectclass': "top person inetOrgPerson".split(), 'sn': ["bind dn pseudo user"], 'cn': 'replication manager', 'uid': 'rmanager' }))) conn.added_entries.append(DN_RMANAGER) except ldap.ALREADY_EXISTS: pass # add a master replica entry # to test ruv and agreements replica_dn = ','.join( ['cn=replica', 'cn="o=testReplica"', DN_MAPPING_TREE]) replica_e = Entry(replica_dn) replica_e.update({ 'objectclass': ["top", "nsds5replica", "extensibleobject"], 'cn': "replica", 'nsds5replicaroot': 'o=testReplica', 'nsds5replicaid': MOCK_REPLICA_ID, 'nsds5replicatype': '3', 'nsds5flags': '1', 'nsds5replicabinddn': DN_RMANAGER }) try: conn.add_s(replica_e) except ldap.ALREADY_EXISTS: pass conn.added_entries.append(replica_dn) agreement_dn = ','.join(('cn=testAgreement', replica_dn)) agreement_e = Entry(agreement_dn) agreement_e.update({ 'objectclass': ["top", "nsds5replicationagreement"], 'cn': 'testAgreement', 'nsds5replicahost': 'localhost', 'nsds5replicaport': '22389', 'nsds5replicatimeout': '120', 'nsds5replicabinddn': DN_RMANAGER, 'nsds5replicacredentials': 'password', 'nsds5replicabindmethod': 'simple', 'nsds5replicaroot': 'o=testReplica', 'nsds5replicaupdateschedule': '0000-2359 0123456', 'description': 'testAgreement' }) try: conn.add_s(agreement_e) except ldap.ALREADY_EXISTS: pass conn.added_entries.append(agreement_dn) conn.agreement_dn = agreement_dn
def setup(): # uses an existing 389 instance # add a suffix # add an agreement # This setup is quite verbose but to test dsadmin method we should # do things manually. A better solution would be to use an LDIF. global conn conn = DSAdmin(**config.auth) conn.verbose = True conn.added_entries = [] conn.added_backends = set(['o=mockbe1']) conn.added_replicas = [] # add a backend for testing ruv and agreements addbackend_harn(conn, 'testReplica') # add another backend for testing replica.add() addbackend_harn(conn, 'testReplicaCreation') # replication needs changelog conn.replica.changelog() # add rmanager entry try: conn.add_s(Entry((DN_RMANAGER, { 'objectclass': "top person inetOrgPerson".split(), 'sn': ["bind dn pseudo user"], 'cn': 'replication manager', 'uid': 'rmanager' })) ) conn.added_entries.append(DN_RMANAGER) except ldap.ALREADY_EXISTS: pass # add a master replica entry # to test ruv and agreements replica_dn = ','.join( ['cn=replica', 'cn="o=testReplica"', DN_MAPPING_TREE]) replica_e = Entry(replica_dn) replica_e.update({ 'objectclass': ["top", "nsds5replica", "extensibleobject"], 'cn': "replica", 'nsds5replicaroot': 'o=testReplica', 'nsds5replicaid': MOCK_REPLICA_ID, 'nsds5replicatype': '3', 'nsds5flags': '1', 'nsds5replicabinddn': DN_RMANAGER }) try: conn.add_s(replica_e) except ldap.ALREADY_EXISTS: pass conn.added_entries.append(replica_dn) agreement_dn = ','.join(('cn=testAgreement', replica_dn)) agreement_e = Entry(agreement_dn) agreement_e.update({ 'objectclass': ["top", "nsds5replicationagreement"], 'cn': 'testAgreement', 'nsds5replicahost': 'localhost', 'nsds5replicaport': '22389', 'nsds5replicatimeout': '120', 'nsds5replicabinddn': DN_RMANAGER, 'nsds5replicacredentials': 'password', 'nsds5replicabindmethod': 'simple', 'nsds5replicaroot': 'o=testReplica', 'nsds5replicaupdateschedule': '0000-2359 0123456', 'description': 'testAgreement' }) try: conn.add_s(agreement_e) except ldap.ALREADY_EXISTS: pass conn.added_entries.append(agreement_dn) conn.agreement_dn = agreement_dn
# os.environ['USE_VALGRIND'] = '1' # srv = DSAdmin.createInstance({ # 'newrootpw': 'password', # 'newhost': host1, # 'newport': port1, # 'newinst': newinst, # 'newsuffix': basedn, # 'no_admin': True # }) srv = DSAdmin(host1, port1, "cn=directory manager", 'password') ent = Entry(basedn) ent.setValues('objectclass', 'domain') try: srv.add_s(ent) except ldap.ALREADY_EXISTS: pass ent = Entry("ou=people," + basedn) ent.setValues('objectclass', 'organizationalUnit') try: srv.add_s(ent) except ldap.ALREADY_EXISTS: pass def genpwd(pwd, salt): sha = hashlib.sha1(pwd) sha.update(salt) return '{SSHA}' + base64.b64encode(sha.digest() + salt)