{'description': 'normal, regular AD account disabled, do not expire password',
'userAccountControl': 512 + 2 + 65536}
]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = ['ou=people,' + suffix,
'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix,
'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS: pass
print "Add users to", dn
for jj in range(0,5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
kk = ii % len(userAcctVals)
for attr, val in userAcctVals[kk].iteritems():
ent.setValues(attr, str(val))
{'description': 'normal, regular AD account disabled, do not expire password',
'userAccountControl': 512 + 2 + 65536}
]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = ['ou=people,' + suffix,
'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix,
'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS: pass
print "Add users to", dn
for jj in range(0,5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
kk = ii % len(userAcctVals)
for attr, val in userAcctVals[kk].iteritems():
ent.setValues(attr, str(val))
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
nents = 5
m1ents = range(nents)
m2ents = range(len(m1ents), len(m1ents)+nents+1)
print "Add %d entries to m2" % len(m2ents)
for ii in m2ents:
dn = "cn=%d, %s" % (ii, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
m2.add_s(ent)
print "Added m2 entry", dn
print "Add %d entries to m1" % len(m1ents)
for ii in m1ents:
dn = "cn=%d, %s" % (ii, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
m1.add_s(ent)
print "Added m1 entry", dn
print "Sleep for 5 seconds to let changes propagate . . ."
time.sleep(5)
print "see if m1 entries made it to m2"
}]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = [
'ou=people,' + suffix, 'ou=1,ou=people,' + suffix,
'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix
]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try:
ad.add_s(ent)
except ldap.ALREADY_EXISTS:
pass
print "Add users to", dn
for jj in range(0, 5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
kk = ii % len(userAcctVals)
for attr, val in userAcctVals[kk].iteritems():
mux.add_s(ent)
# add an aci for this user on the farm
mod = [(ldap.MOD_ADD, 'aci', '(targetattr = "*") (version 3.0; acl "Administration User ACL";allow (all)(userdn = "ldap:///uid=ttestuser,cn=config");)')]
farm.modify_s(suffix, mod)
admin = DSAdmin(host1, port1, admindn, adminpw)
# add a new user using the admin account, first without user password
dn = "uid=chainuser," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'User')
admin.add_s(ent)
print "added entry", dn
# next, try it with userPassword
dn = "uid=chainuser2," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'User')
ent.setValues('userPassword', "password")
admin.add_s(ent)
# search for user on farm
ents = farm.search_s(dn, ldap.SCOPE_BASE)
if not ents:
}]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = [
'ou=people,' + suffix, 'ou=1,ou=people,' + suffix,
'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix
]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try:
ad.add_s(ent)
except ldap.ALREADY_EXISTS:
pass
print "Add users to", dn
for jj in range(0, 5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
kk = ii % len(userAcctVals)
for attr, val in userAcctVals[kk].iteritems():
port2 = 389
rootdn1 = "cn=directory manager"
rootpw1 = 'secret12'
rootdn2 = "cn=directory manager"
rootpw2 = 'secret12'
mux = DSAdmin(host1, port1, rootdn1, rootpw1)
farm = DSAdmin(host2, port2, rootdn2, rootpw2)
suffix = 'dc=chaintest'
# add the suffix
farm.addSuffix(suffix)
# add the suffix entry
dn = suffix
ent = Entry(dn)
ent.setValues('objectclass', 'domain')
farm.add_s(ent)
# setup chaining
mux.setupChaining(farm, suffix, False)
# add ctuser on farm
dn = 'uid=ctuser,' + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain Testuser')
ent.setValues('sn', 'Testuser')
ent.setValues('givenName', 'Chain')
farm.add_s(ent)
{'description': 'normal, regular AD account disabled, do not expire password',
'userAccountControl': 512 + 2 + 65536}
]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = ['ou=people,' + suffix,
'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix,
'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS: pass
print "Add users to", dn
for jj in range(0,5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
kk = ii % len(userAcctVals)
for attr, val in userAcctVals[kk].iteritems():
ent.setValues(attr, str(val))
mod = [(
ldap.MOD_ADD, 'aci',
'(targetattr = "*") (version 3.0; acl "Administration User ACL";allow (all)(userdn = "ldap:///uid=ttestuser,cn=config");)'
)]
farm.modify_s(suffix, mod)
admin = DSAdmin(host1, port1, admindn, adminpw)
# add a new user using the admin account, first without user password
dn = "uid=chainuser," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'User')
admin.add_s(ent)
print "added entry", dn
# next, try it with userPassword
dn = "uid=chainuser2," + suffix
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'User')
ent.setValues('userPassword', "password")
admin.add_s(ent)
# search for user on farm
ents = farm.search_s(dn, ldap.SCOPE_BASE)
if not ents:
def setup():
# uses an existing 389 instance
# add a suffix
# add an agreement
# This setup is quite verbose but to test dsadmin method we should
# do things manually. A better solution would be to use an LDIF.
global conn
conn = DSAdmin(**config.auth)
conn.verbose = True
conn.added_entries = []
conn.added_backends = set(['o=mockbe1'])
conn.added_replicas = []
# add a backend for testing ruv and agreements
addbackend_harn(conn, 'testReplica')
# add another backend for testing replica.add()
addbackend_harn(conn, 'testReplicaCreation')
# replication needs changelog
conn.replica.changelog()
# add rmanager entry
try:
conn.add_s(
Entry((DN_RMANAGER, {
'objectclass': "top person inetOrgPerson".split(),
'sn': ["bind dn pseudo user"],
'cn': 'replication manager',
'uid': 'rmanager'
})))
conn.added_entries.append(DN_RMANAGER)
except ldap.ALREADY_EXISTS:
pass
# add a master replica entry
# to test ruv and agreements
replica_dn = ','.join(
['cn=replica', 'cn="o=testReplica"', DN_MAPPING_TREE])
replica_e = Entry(replica_dn)
replica_e.update({
'objectclass': ["top", "nsds5replica", "extensibleobject"],
'cn': "replica",
'nsds5replicaroot': 'o=testReplica',
'nsds5replicaid': MOCK_REPLICA_ID,
'nsds5replicatype': '3',
'nsds5flags': '1',
'nsds5replicabinddn': DN_RMANAGER
})
try:
conn.add_s(replica_e)
except ldap.ALREADY_EXISTS:
pass
conn.added_entries.append(replica_dn)
agreement_dn = ','.join(('cn=testAgreement', replica_dn))
agreement_e = Entry(agreement_dn)
agreement_e.update({
'objectclass': ["top", "nsds5replicationagreement"],
'cn': 'testAgreement',
'nsds5replicahost': 'localhost',
'nsds5replicaport': '22389',
'nsds5replicatimeout': '120',
'nsds5replicabinddn': DN_RMANAGER,
'nsds5replicacredentials': 'password',
'nsds5replicabindmethod': 'simple',
'nsds5replicaroot': 'o=testReplica',
'nsds5replicaupdateschedule': '0000-2359 0123456',
'description': 'testAgreement'
})
try:
conn.add_s(agreement_e)
except ldap.ALREADY_EXISTS:
pass
conn.added_entries.append(agreement_dn)
conn.agreement_dn = agreement_dn
def setup():
# uses an existing 389 instance
# add a suffix
# add an agreement
# This setup is quite verbose but to test dsadmin method we should
# do things manually. A better solution would be to use an LDIF.
global conn
conn = DSAdmin(**config.auth)
conn.verbose = True
conn.added_entries = []
conn.added_backends = set(['o=mockbe1'])
conn.added_replicas = []
# add a backend for testing ruv and agreements
addbackend_harn(conn, 'testReplica')
# add another backend for testing replica.add()
addbackend_harn(conn, 'testReplicaCreation')
# replication needs changelog
conn.replica.changelog()
# add rmanager entry
try:
conn.add_s(Entry((DN_RMANAGER, {
'objectclass': "top person inetOrgPerson".split(),
'sn': ["bind dn pseudo user"],
'cn': 'replication manager',
'uid': 'rmanager'
}))
)
conn.added_entries.append(DN_RMANAGER)
except ldap.ALREADY_EXISTS:
pass
# add a master replica entry
# to test ruv and agreements
replica_dn = ','.join(
['cn=replica', 'cn="o=testReplica"', DN_MAPPING_TREE])
replica_e = Entry(replica_dn)
replica_e.update({
'objectclass': ["top", "nsds5replica", "extensibleobject"],
'cn': "replica",
'nsds5replicaroot': 'o=testReplica',
'nsds5replicaid': MOCK_REPLICA_ID,
'nsds5replicatype': '3',
'nsds5flags': '1',
'nsds5replicabinddn': DN_RMANAGER
})
try:
conn.add_s(replica_e)
except ldap.ALREADY_EXISTS:
pass
conn.added_entries.append(replica_dn)
agreement_dn = ','.join(('cn=testAgreement', replica_dn))
agreement_e = Entry(agreement_dn)
agreement_e.update({
'objectclass': ["top", "nsds5replicationagreement"],
'cn': 'testAgreement',
'nsds5replicahost': 'localhost',
'nsds5replicaport': '22389',
'nsds5replicatimeout': '120',
'nsds5replicabinddn': DN_RMANAGER,
'nsds5replicacredentials': 'password',
'nsds5replicabindmethod': 'simple',
'nsds5replicaroot': 'o=testReplica',
'nsds5replicaupdateschedule': '0000-2359 0123456',
'description': 'testAgreement'
})
try:
conn.add_s(agreement_e)
except ldap.ALREADY_EXISTS:
pass
conn.added_entries.append(agreement_dn)
conn.agreement_dn = agreement_dn
# os.environ['USE_VALGRIND'] = '1'
# srv = DSAdmin.createInstance({
# 'newrootpw': 'password',
# 'newhost': host1,
# 'newport': port1,
# 'newinst': newinst,
# 'newsuffix': basedn,
# 'no_admin': True
# })
srv = DSAdmin(host1, port1, "cn=directory manager", 'password')
ent = Entry(basedn)
ent.setValues('objectclass', 'domain')
try:
srv.add_s(ent)
except ldap.ALREADY_EXISTS:
pass
ent = Entry("ou=people," + basedn)
ent.setValues('objectclass', 'organizationalUnit')
try:
srv.add_s(ent)
except ldap.ALREADY_EXISTS:
pass
def genpwd(pwd, salt):
sha = hashlib.sha1(pwd)
sha.update(salt)
return '{SSHA}' + base64.b64encode(sha.digest() + salt)
