def default_test():
host = 'localhost'
port = 10200
binddn = "cn=directory manager"
bindpw = "password"
suffix = 'dc=example,dc=com'
basedn = DN_CONFIG
scope = ldap.SCOPE_BASE
filt = "(objectclass=*)"
instance_name = ['m1', 'm2']
instance_config = {
'cfgdshost': host,
'cfgdsport': port,
'cfgdsuser': '******',
'cfgdspwd': 'admin',
'newrootpw': 'password',
'newhost': host,
'newport': port,
'newinstance': instance_name[0],
'newsuffix': suffix,
'setup_admin': True,
}
try:
m1 = DSAdmin(host, port, binddn, bindpw)
except:
m1 = DSAdminTools.createInstance(instance_config, verbose=1)
added_instances.append(instance_config['newinstance'])
# filename = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot, m1.inst)
# m1.importLDIF(filename, "dc=example,dc=com", None, True)
# m1.exportLDIF('/tmp/ldif', "dc=example,dc=com", False, True)
print m1.sroot, m1.inst, m1.errlog
ent = m1.getEntry(basedn, scope, filt, None)
if ent:
print ent.passwordmaxage
instance_config.update({
'newinstance': instance_name[1],
'newport': port + 10,
})
m1 = DSAdminTools.createInstance(instance_config, verbose=1)
added_instances.append(instance_config['newinstance'])
# m1.stop(True)
# m1.start(True)
cn = m1.setupBackend("dc=example2,dc=com")
rc = m1.setupSuffix("dc=example2,dc=com", cn)
entry = m1.getEntry(DN_CONFIG, ldap.SCOPE_SUBTREE, "(cn=" + cn + ")")
print "new backend entry is:"
print entry
print entry.getValues('objectclass')
print entry.OBJECTCLASS
results = m1.search_s("cn=monitor", ldap.SCOPE_SUBTREE)
print results
results = m1.getBackendsForSuffix("dc=example,dc=com")
print results
print "done"
def default_test():
host = 'localhost'
port = 10200
binddn = "cn=directory manager"
bindpw = "password"
suffix = 'dc=example,dc=com'
basedn = DN_CONFIG
scope = ldap.SCOPE_BASE
filt = "(objectclass=*)"
instance_name = ['m1', 'm2']
instance_config = {
'cfgdshost': host,
'cfgdsport': port,
'cfgdsuser': '******',
'cfgdspwd': 'admin',
'newrootpw': 'password',
'newhost': host,
'newport': port,
'newinstance': instance_name[0],
'newsuffix': suffix,
'setup_admin': True,
}
try:
m1 = DSAdmin(host, port, binddn, bindpw)
except:
m1 = DSAdminTools.createInstance(instance_config, verbose=1)
added_instances.append(instance_config['newinstance'])
# filename = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot, m1.inst)
# m1.importLDIF(filename, "dc=example,dc=com", None, True)
# m1.exportLDIF('/tmp/ldif', "dc=example,dc=com", False, True)
print m1.sroot, m1.inst, m1.errlog
ent = m1.getEntry(basedn, scope, filt, None)
if ent:
print ent.passwordmaxage
instance_config.update({
'newinstance': instance_name[1],
'newport': port + 10,
})
m1 = DSAdminTools.createInstance(instance_config, verbose=1)
added_instances.append(instance_config['newinstance'])
# m1.stop(True)
# m1.start(True)
cn = m1.setupBackend("dc=example2,dc=com")
rc = m1.setupSuffix("dc=example2,dc=com", cn)
entry = m1.getEntry(DN_CONFIG, ldap.SCOPE_SUBTREE, "(cn=" + cn + ")")
print "new backend entry is:"
print entry
print entry.getValues('objectclass')
print entry.OBJECTCLASS
results = m1.search_s("cn=monitor", ldap.SCOPE_SUBTREE)
print results
results = m1.getBackendsForSuffix("dc=example,dc=com")
print results
print "done"
ent = makeADUserEnt(ii)
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS:
print "AD entry", ent.dn, "already exists"
setWindowsPwd(ad, ent.dn)
# need the password, but skip the accountcontrol stuff
print "Wait for sync to happen . . ."
time.sleep(syncinterval+1)
adents = []
dsents = []
print "make sure all entries are in AD . . ."
for ii in xrange(1,11):
filt = "(samaccountname=testuser%d)" % ii
ents = ad.search_s(adusersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt)
if not ents or len(ents) == 0 or not ents[0]:
raise "error: " + filt + " not found in AD"
adents.append(ents[0])
print "make sure all entries are in DS . . ."
for ii in xrange(1,11):
filt = "(uid=testuser%d)" % ii
ents = ds.search_s(usersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt, dsattrs)
if not ents or len(ents) == 0 or not ents[0]:
raise "error: " + filt + " not found in DS"
dsents.append(ents[0])
for dsent, adent in zip(dsents, adents):
if not entriesAreEqual(dsent, adent):
print "entries are not equal", dsent.dn, adent.dn
srv1 = DSAdmin(host1, int(port1), dn1, pw1)
srv2 = DSAdmin(host2, int(port2), dn2, pw2)
agmts1to2 = srv1.findAgreementDNs()
agmts2to1 = srv2.findAgreementDNs()
suffixes = {}
srv1.lastnumchanges = {}
srv2.lastnumchanges = {}
srv1.avgrate = {}
srv2.avgrate = {}
srv1.count = {}
srv2.count = {}
repls = {}
for dn in agmts1to2:
ents = srv1.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*',
['nsDS5ReplicaRoot'])
ndn = DSAdmin.normalizeDN(dn)
nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot)
suffixes[nrr] = dn
srv1.lastnumchanges[ndn] = 0
rdns = ldap.explode_dn(dn, 0)
ndn = DSAdmin.normalizeDN(','.join(rdns[1:]))
repls[ndn] = ndn
for dn in agmts2to1:
ents = srv2.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*',
['nsDS5ReplicaRoot'])
ndn = DSAdmin.normalizeDN(dn)
nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot)
suffixes[nrr] = dn
srv2.lastnumchanges[ndn] = 0
rdns = ldap.explode_dn(dn, 0)
time.sleep(5)
print "repl status:", ds.getReplStatus(agmtdn)
ds.startReplication(agmtdn)
time.sleep(5)
print "repl status:", ds.getReplStatus(agmtdn)
groupids = ['testglobalsecpre', 'testglobaldistpre', 'testlocalsecpre', 'testlocaldistpre']
print "Group entries on AD:"
for gid in groupids:
filt = "(samaccountname=%s)" % gid
ents = ad.search_s(suffix, scope, filt);
print str(ents[0])
print ""
print "Group entries on DS:"
for gid in groupids:
filt = "(cn=%s)" % gid
ents = ds.search_s(suffix, scope, filt);
print str(ents[0])
print ""
print "Add a user to each group in AD"
sys.stdin.readline()
print "Wait for sync . . ."
time.sleep(15)
print "Group entries on AD:"
time.sleep(5)
print "repl status:", ds.getReplStatus(agmtdn)
idnum = 6
ent = makeDSUserEnt()
uid = ent.uid
print "Now adding", uid, "to DS . . ."
ds.add_s(ent)
time.sleep(1)
ents = ds.search_s(suffix, scope, "(uid=%s)" % uid, attrs)
ent = ents[0]
print "Added entry to DS, adding telephonenumber . . ."
mod = [(ldap.MOD_ADD, 'telephoneNumber', telnum1)]
ds.modify_s(ent.dn, mod)
time.sleep(1)
print "Making entry a sync-able entry . . ."
mod = [(ldap.MOD_DELETE, 'telephoneNumber', telnum1),
(ldap.MOD_ADD, 'telephoneNumber', telnum2),
(ldap.MOD_ADD, 'description', 'test bug206966'),
(ldap.MOD_ADD, 'objectclass', 'ntUser'),
(ldap.MOD_ADD, 'ntUserDomainId', uid),
(ldap.MOD_ADD, 'ntUserCreateNewAccount', 'true')]
ds.modify_s(ent.dn, mod)
time.sleep(1)
print "Now compare the entries . . ."
ents = ds.search_s(suffix, scope, "(uid=%s)" % uid)
print "DS Entry: ", str(ents[0])
ents = ad.search_s(suffix, scope, "(samaccountname=%s)" % uid)
print "AD Entry: ", str(ents[0])
print "repl status:", ds.getReplStatus(agmtdn)
idnum = 6
ent = makeDSUserEnt()
uid = ent.uid
print "Now adding", uid, "to DS . . ."
ds.add_s(ent)
time.sleep(1)
ents = ds.search_s(suffix, scope, "(uid=%s)" % uid, attrs)
ent = ents[0]
print "Added entry to DS, adding telephonenumber . . ."
mod = [(ldap.MOD_ADD, 'telephoneNumber', telnum1)]
ds.modify_s(ent.dn, mod)
time.sleep(1)
print "Making entry a sync-able entry . . ."
mod = [(ldap.MOD_DELETE, 'telephoneNumber', telnum1),
(ldap.MOD_ADD, 'telephoneNumber', telnum2),
(ldap.MOD_ADD, 'description', 'test bug206966'),
(ldap.MOD_ADD, 'objectclass', 'ntUser'),
(ldap.MOD_ADD, 'ntUserDomainId', uid),
(ldap.MOD_ADD, 'ntUserCreateNewAccount', 'true')
]
ds.modify_s(ent.dn, mod)
time.sleep(1)
print "Now compare the entries . . ."
ents = ds.search_s(suffix, scope, "(uid=%s)" % uid)
print "DS Entry: ", str(ents[0])
ents = ad.search_s(suffix, scope, "(samaccountname=%s)" % uid)
print "AD Entry: ", str(ents[0])
'no_admin': True
})
#del os.environ['USE_DBX']
initfile = ''
if os.environ.has_key('SERVER_ROOT'):
initfile = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot,m1.inst)
else:
initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get('PREFIX', '/usr')
m1.importLDIF(initfile, '', "userRoot", True)
#m1.setLogLevel(65535)
print "Add the filtered group entry with bogus filter"
dn = "cn=TestDynamicGroup,dc=example,dc=com"
ent = Entry(dn)
ent.setValues('description', "Dynamic test group")
ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls')
ent.setValues('memberurl', 'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)')
#ent.cn = 'TestDynamicGroup'
m1.add_s(ent)
print "Add the bogus aci for that group"
addmod = [(ldap.MOD_REPLACE, 'aci', '(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)')]
m1.modify_s("dc=example,dc=com", addmod)
#m1.setLogLevel(0)
print "Do a search binding as a member of the group"
conn = DSAdmin(host1, port1, "uid=scarter,ou=people,dc=example,dc=com", "sprain")
entries = conn.search_s("uid=scarter,ou=people,dc=example,dc=com", ldap.SCOPE_BASE, "objectclass=*");
print "Add user", ent.dn
ds.add_s(ent)
dn2 = ent.dn
dn = "cn=testgroup," + usersubtree + "," + suffix
ent = Entry(dn)
ent.setValues('objectclass', ['top', 'groupOfUniqueNames', 'ntgroup'])
ent.setValues('uniquemember', [dn1, dn2])
ent.setValues('ntUserDomainId', 'testgroup')
ent.setValues('ntGroupCreateNewGroup', 'true')
print "Add group", ent.dn
ds.add_s(ent)
print "modify", dn2
mod = [(ldap.MOD_ADD, 'description', 'a description')]
ds.modify_s(dn2, mod)
print "Wait for the magic to happen . . ."
time.sleep(5)
print "repl status:", ds.getReplStatus(agmtdn)
print "AD testuser6 entry:"
ents = ad.search_s(suffix, scope, "(samaccountname=testuser6)")
print ents[0]
print "AD testuser7 entry:"
ents = ad.search_s(suffix, scope, "(samaccountname=testuser7)")
print ents[0]
print "AD testgroup entry:"
ents = ad.search_s(suffix, scope, "(samaccountname=testgroup)")
print ents[0]
try:
ad.add_s(ent)
except ldap.ALREADY_EXISTS:
print "AD entry", ent.dn, "already exists"
setWindowsPwd(ad, ent.dn)
# need the password, but skip the accountcontrol stuff
print "Wait for sync to happen . . ."
time.sleep(syncinterval + 1)
adents = []
dsents = []
print "make sure all entries are in AD . . ."
for ii in xrange(1, 11):
filt = "(samaccountname=testuser%d)" % ii
ents = ad.search_s(adusersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt)
if not ents or len(ents) == 0 or not ents[0]:
raise "error: " + filt + " not found in AD"
adents.append(ents[0])
print "make sure all entries are in DS . . ."
for ii in xrange(1, 11):
filt = "(uid=testuser%d)" % ii
ents = ds.search_s(usersubtree + "," + suffix, ldap.SCOPE_SUBTREE, filt,
dsattrs)
if not ents or len(ents) == 0 or not ents[0]:
raise "error: " + filt + " not found in DS"
dsents.append(ents[0])
for dsent, adent in zip(dsents, adents):
if not entriesAreEqual(dsent, adent):
ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection'])
for ent in ents:
print ent
print "start search request . . ."
scope = ldap.SCOPE_SUBTREE;
filter = '(|(objectclass=*)(objectclass=nsTombstone))'
serverctrls = [TestCtrl()]
ents = m1.search_s(basedn, scope, filter)
print "search returned %d entries" % len(ents)
print "send abandon with controls . . ."
m1.abandon_ext(999, serverctrls)
print "send abandon without controls . . ."
msgid2 = m1.abandon_ext(999)
print "send unbind with controls . . ."
# for some reason, unbind_ext_s is not passing
# controls passed in - so have to set_option
m1.set_option(ldap.OPT_SERVER_CONTROLS, serverctrls)
m1.unbind_ext_s(serverctrls)
print "try a search after the unbind . . ."
try:
ents = m1.search_s(basedn, scope, filter)
except ldap.LDAPError, e:
print "caught exception", e
print "open new connection . . ."
m1 = DSAdmin(host1, port1, binddn, bindpw)
print "show active connections . . ."
ents = m1.search_s("cn=monitor", ldap.SCOPE_BASE, '(objectclass=*)', ['currentconnections', 'connection'])
for ent in ents:
print ent
initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get(
'PREFIX', '/usr')
m1.importLDIF(initfile, '', "userRoot", True)
#m1.setLogLevel(65535)
print "Add the filtered group entry with bogus filter"
dn = "cn=TestDynamicGroup,dc=example,dc=com"
ent = Entry(dn)
ent.setValues('description', "Dynamic test group")
ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls')
ent.setValues(
'memberurl',
'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)')
#ent.cn = 'TestDynamicGroup'
m1.add_s(ent)
print "Add the bogus aci for that group"
addmod = [(
ldap.MOD_REPLACE, 'aci',
'(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)'
)]
m1.modify_s("dc=example,dc=com", addmod)
#m1.setLogLevel(0)
print "Do a search binding as a member of the group"
conn = DSAdmin(host1, port1, "uid=scarter,ou=people,dc=example,dc=com",
"sprain")
entries = conn.search_s("uid=scarter,ou=people,dc=example,dc=com",
ldap.SCOPE_BASE, "objectclass=*")
srv1 = DSAdmin(host1, int(port1), dn1, pw1)
srv2 = DSAdmin(host2, int(port2), dn2, pw2)
agmts1to2 = srv1.findAgreementDNs()
agmts2to1 = srv2.findAgreementDNs()
suffixes = {}
srv1.lastnumchanges = {}
srv2.lastnumchanges = {}
srv1.avgrate = {}
srv2.avgrate = {}
srv1.count = {}
srv2.count = {}
repls = {}
for dn in agmts1to2:
ents = srv1.search_s(dn, ldap.SCOPE_BASE, "objectclass=*", ["nsDS5ReplicaRoot"])
ndn = DSAdmin.normalizeDN(dn)
nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot)
suffixes[nrr] = dn
srv1.lastnumchanges[ndn] = 0
rdns = ldap.explode_dn(dn, 0)
ndn = DSAdmin.normalizeDN(",".join(rdns[1:]))
repls[ndn] = ndn
for dn in agmts2to1:
ents = srv2.search_s(dn, ldap.SCOPE_BASE, "objectclass=*", ["nsDS5ReplicaRoot"])
ndn = DSAdmin.normalizeDN(dn)
nrr = DSAdmin.normalizeDN(ents[0].nsDS5ReplicaRoot)
suffixes[nrr] = dn
srv2.lastnumchanges[ndn] = 0
rdns = ldap.explode_dn(dn, 0)
ndn = DSAdmin.normalizeDN(",".join(rdns[1:]))
def genpwd(pwd, salt):
sha = hashlib.sha1(pwd)
sha.update(salt)
return '{SSHA}' + base64.b64encode(sha.digest() + salt)
pwd = 'averylongpassword'
for ii in xrange(0, 100):
dn = 'cn=user%d,ou=people,%s' % (ii, basedn)
try:
srv.delete_s(dn)
except ldap.NO_SUCH_OBJECT:
pass
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'User' + str(ii))
if ii > 0:
salt = 'a' * ii
pwdstr = genpwd(pwd, salt)
else:
pwdstr = pwd
ent.setValues('userPassword', pwdstr)
srv.add_s(ent)
for ii in xrange(0, 100):
dn = 'cn=user%d,ou=people,%s' % (ii, basedn)
srv.simple_bind_s(dn, pwd)
ents = srv.search_s("", ldap.SCOPE_BASE, '(objectclass=*)',
['vendorVersion'])
print dn, 'successfully read', ents[0].vendorVersion
