def starttest(*args):
dn = "ou=test, dc=example, dc=com"
newrdn = "ou=test2"
dn2 = newrdn + ", dc=example, dc=com"
server = args[0]
print "starting starttest with " + str(server)
while True:
try:
entry = Entry(dn)
entry.setValues('objectclass', 'top', 'organizationalUnit')
entry.setValues('ou', 'test')
server.add_s(entry)
time.sleep(0.100)
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError, e:
print "Could not add test entry to server " + str(server), e
raise
try:
server.rename_s(dn, newrdn)
time.sleep(0.050)
except ldap.ALREADY_EXISTS: # replicated from the other server
pass
except ldap.NO_SUCH_OBJECT: # deleted by the other server
pass
except ldap.LDAPError, e:
print "Could not delete test entry from server " + str(server), e
raise
def enableAttrEncryption(srv,attrname,alg,dbname="userRoot"):
# Add an entry for this attribute
dn = "cn=%s,cn=encrypted attributes,cn=%s,cn=ldbm database,cn=plugins,cn=config" % (attrname, dbname)
ent = Entry(dn)
ent.setValue('objectclass', 'nsAttributeEncryption')
ent.setValue('nsEncryptionAlgorithm', alg)
srv.add_s(ent)
def doadds(m1):
print "Add %d entries to m1" % len(m1ents)
for ii in m1ents:
dn = "cn=%d,%s" % (ii, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
m1.add_s(ent)
def setup_mt(self, suffix, bename, parent=None):
"""Setup a suffix with the given backend-name.
@param suffix
@param bename
@param parent - the parent suffix
@param verbose - None
This method does not create the matching entry in the tree,
nor the given backend. Both should be created apart.
Ex. setup_mt(suffix='o=addressbook1', bename='addressbook1')
creates:
- the mapping in "cn=mapping tree,cn=config"
you have to create:
- the backend
- the ldap entry "o=addressbook1" *after*
"""
nsuffix = normalizeDN(suffix)
#escapedn = escapeDNValue(nsuffix)
if parent:
nparent = normalizeDN(parent)
else:
nparent = ""
filt = suffixfilt(suffix)
# if suffix exists, return
try:
entry = self.conn.getEntry(
DN_MAPPING_TREE, ldap.SCOPE_SUBTREE, filt)
return entry
except NoSuchEntryError:
entry = None
# fix me when we can actually used escaped DNs
#dn = "cn=%s,cn=mapping tree,cn=config" % escapedn
dn = ','.join(('cn="%s"' % nsuffix, DN_MAPPING_TREE))
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject', 'nsMappingTree'],
'nsslapd-state': 'backend',
# the value in the dn has to be DN escaped
# internal code will add the quoted value - unquoted value is useful for searching
'cn': nsuffix,
'nsslapd-backend': bename
})
#entry.setValues('cn', [escapedn, nsuffix]) # the value in the dn has to be DN escaped
# the other value can be the unescaped value
if parent:
entry.setValues('nsslapd-parent-suffix', nparent)
try:
self.log.debug("Creating entry: %r" % entry)
self.conn.add_s(entry)
except ldap.LDAPError, e:
raise ldap.LDAPError("Error adding suffix entry " + dn, e)
def test_update(self):
expected = 'pluto minnie'
given = {'cn': expected}
t = ('o=pippo', {
'o': ['pippo'],
'objectclass': ['organization', 'top']
})
e = Entry(t)
e.update(given)
assert e.cn == expected, "Bad cn: %s, expected: %s" % (e.cn, expected)
def test_update(self):
expected = 'pluto minnie'
given = {'cn': expected}
t = ('o=pippo', {
'o': ['pippo'],
'objectclass': ['organization', 'top']
})
e = Entry(t)
e.update(given)
assert e.cn == expected, "Bad cn: %s, expected: %s" % (e.cn, expected)
def handle(self,dn,entry):
if not dn:
dn = ''
newentry = Entry((dn, entry))
if newentry.hasValueCase('objectclass', 'inetorgperson'):
ocvals = newentry.getValues('objectclass')
ocvals.append('inetUser')
newentry.setValue('objectclass', ocvals)
try: self.conn.add_s(newentry)
except ldap.LDAPError, e:
if not self.cont: raise e
print "Error: could not add entry %s: error %s" % (dn, str(e))
def domods(m1):
ii = 0
dn = "cn=%d,%s" % (ii, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
m1.add_s(ent)
print "Do %d mods to m1" % len(m1ents)
for ii in m1ents:
newval = "description" + str(ii)
mod = [(ldap.MOD_REPLACE, 'description', newval)]
m1.modify_s(dn, mod)
def makeDSUserEnt():
global idnum
id = str(idnum)
userid = 'testuser' + id
dn = 'uid=%s,%s,%s' % (userid, usersubtree, suffix)
ent = Entry(dn)
ent.setValues('objectclass', userObjClasses)
ent.setValues('cn', 'Test User' + id)
ent.setValues('sn', 'User' + id)
ent.setValues('ou', 'people')
idnum += 1
return ent
def newEntry(entrycnt, mmx):
userid = "user%d %s" % (entrycnt, mmx)
dn = "uid=%s,ou=people,%s" % (userid, basedn)
ent = Entry(dn)
ent.setValues("objectclass", "inetOrgPerson")
ent.setValues("cn", "Test " + userid)
ent.setValues("sn", userid)
msgid = mmx.add(ent)
return (ent, msgid)
def enable_ssl(self, secport=636, secargs=None):
"""Configure SSL support into cn=encryption,cn=config.
secargs is a dict like {
'nsSSLPersonalitySSL': 'Server-Cert'
}
"""
self.log.debug("configuring SSL with secargs:%r" % secargs)
secargs = secargs or {}
dn_enc = 'cn=encryption,cn=config'
ciphers = '-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,' + \
'+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,' + \
'+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha'
mod = [(ldap.MOD_REPLACE, 'nsSSL3', secargs.get('nsSSL3', 'on')),
(ldap.MOD_REPLACE, 'nsSSLClientAuth',
secargs.get('nsSSLClientAuth', 'allowed')),
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', secargs.get('nsSSL3Ciphers', ciphers))]
self.conn.modify_s(dn_enc, mod)
dn_rsa = 'cn=RSA,cn=encryption,cn=config'
e_rsa = Entry(dn_rsa)
e_rsa.update({
'objectclass': ['top', 'nsEncryptionModule'],
'nsSSLPersonalitySSL': secargs.get('nsSSLPersonalitySSL', 'Server-Cert'),
'nsSSLToken': secargs.get('nsSSLToken', 'internal (software)'),
'nsSSLActivation': secargs.get('nsSSLActivation', 'on')
})
try:
self.conn.add_s(e_rsa)
except ldap.ALREADY_EXISTS:
pass
mod = [
(ldap.MOD_REPLACE,
'nsslapd-security', secargs.get('nsslapd-security', 'on')),
(ldap.MOD_REPLACE,
'nsslapd-ssl-check-hostname', secargs.get('nsslapd-ssl-check-hostname', 'off')),
(ldap.MOD_REPLACE,
'nsslapd-secureport', str(secport))
]
self.log.debug("trying to modify %r with %r" % (DN_CONFIG, mod))
self.conn.modify_s(DN_CONFIG, mod)
fields = 'nsslapd-security nsslapd-ssl-check-hostname'.split()
return self.conn.getEntry(DN_CONFIG, attrlist=fields)
def enable_ssl(self, secport=636, secargs=None):
"""Configure SSL support into cn=encryption,cn=config.
secargs is a dict like {
'nsSSLPersonalitySSL': 'Server-Cert'
}
"""
self.log.debug("configuring SSL with secargs:%r" % secargs)
secargs = secargs or {}
dn_enc = 'cn=encryption,cn=config'
ciphers = '-rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,' + \
'+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,' + \
'+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha'
mod = [(ldap.MOD_REPLACE, 'nsSSL3', secargs.get('nsSSL3', 'on')),
(ldap.MOD_REPLACE, 'nsSSLClientAuth',
secargs.get('nsSSLClientAuth', 'allowed')),
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', secargs.get('nsSSL3Ciphers', ciphers))]
self.conn.modify_s(dn_enc, mod)
dn_rsa = 'cn=RSA,cn=encryption,cn=config'
e_rsa = Entry(dn_rsa)
e_rsa.update({
'objectclass': ['top', 'nsEncryptionModule'],
'nsSSLPersonalitySSL': secargs.get('nsSSLPersonalitySSL', 'Server-Cert'),
'nsSSLToken': secargs.get('nsSSLToken', 'internal (software)'),
'nsSSLActivation': secargs.get('nsSSLActivation', 'on')
})
try:
self.conn.add_s(e_rsa)
except ldap.ALREADY_EXISTS:
pass
mod = [
(ldap.MOD_REPLACE,
'nsslapd-security', secargs.get('nsslapd-security', 'on')),
(ldap.MOD_REPLACE,
'nsslapd-ssl-check-hostname', secargs.get('nsslapd-ssl-check-hostname', 'off')),
(ldap.MOD_REPLACE,
'nsslapd-secureport', str(secport))
]
self.log.debug("trying to modify %r with %r" % (DN_CONFIG, mod))
self.conn.modify_s(DN_CONFIG, mod)
fields = 'nsslapd-security nsslapd-ssl-check-hostname'.split()
return self.conn.getEntry(DN_CONFIG, attrlist=fields)
def handle(self,dn,entry):
"""
Append single record to dictionary of all records.
"""
if not dn:
dn = ''
newentry = Entry((dn, entry))
objclasses = newentry.getValues('objectclass')
if 'inetOrgPerson' in objclasses:
print "adding posixAccount to ", dn
objclasses.append('posixAccount')
objclasses.append('myintobjclass')
newentry.setValue('objectclass', objclasses)
newentry.setValue('uidNumber', str(self.uidNumber))
newentry.setValue('gidNumber', str(self.uidNumber))
newentry.setValue('homeDirectory', '/home/foo')
newentry.setValue('myintattr', str(self.uidNumber))
self.uidNumber = self.uidNumber + 1
print>>self.output_file, str(newentry)
def test_init_with_tuple(self):
expected = 'pippo'
given = 'o=pippo'
t = (given, {
'o': [expected],
'objectclass': ['organization', 'top']
})
e = Entry(t)
assert e.dn == given
assert expected in e.o
def addouent(ds, dn):
pdns = [dn]
while len(pdns) > 0:
dn = pdns.pop()
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try:
ds.add_s(ent)
print "added entry", ent.dn
except ldap.ALREADY_EXISTS:
continue
except ldap.NO_SUCH_OBJECT:
pdns.append(dn)
rdns = ldap.explode_dn(dn)
pdn = ','.join(rdns[1:])
pdns.append(pdn)
except Exception, e:
print "Could not add entry", ent.dn, str(e)
raise e
def addouent(ds,dn):
pdns = [dn]
while len(pdns) > 0:
dn = pdns.pop()
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try:
ds.add_s(ent)
print "added entry", ent.dn
except ldap.ALREADY_EXISTS:
continue
except ldap.NO_SUCH_OBJECT:
pdns.append(dn)
rdns = ldap.explode_dn(dn)
pdn = ','.join(rdns[1:])
pdns.append(pdn)
except Exception, e:
print "Could not add entry", ent.dn, str(e)
raise e
def newEntry(entrycnt, mmx):
userid = "user%d %s" % (entrycnt, mmx)
dn = "uid=%s,ou=people,%s" % (userid, basedn)
ent = Entry(dn)
ent.setValues("objectclass", "inetOrgPerson")
ent.setValues("cn", "Test " + userid)
ent.setValues("sn", userid)
msgid = mmx.add(ent)
return (ent, msgid)
def handle(self, dn, entry):
"""
Append single record to dictionary of all records.
"""
ent = Entry((dn, entry))
normdn = DSAdmin.normalizeDN(dn)
self.dndict[normdn] = ent
cn = ent.cn
if cn:
self.cndict[cn] = ent
self.dnlist.append(ent)
def changelog(self, dbname='changelogdb'):
"""Add and return the replication changelog entry.
If dbname starts with "/" then it's considered a full path,
otherwise it's relative to self.dbdir
"""
dn = DN_CHANGELOG
dirpath = os.path.join(self.conn.dbdir, dbname)
entry = Entry(dn)
entry.update({
'objectclass': ("top", "extensibleobject"),
'cn': "changelog5",
'nsslapd-changelogdir': dirpath
})
self.log.debug("adding changelog entry: %r" % entry)
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.warn("entry %s already exists" % dn)
return self.conn._test_entry(dn, ldap.SCOPE_BASE)
def changelog(self, dbname='changelogdb'):
"""Add and return the replication changelog entry.
If dbname starts with "/" then it's considered a full path,
otherwise it's relative to self.dbdir
"""
dn = DN_CHANGELOG
dirpath = os.path.join(self.conn.dbdir, dbname)
entry = Entry(dn)
entry.update({
'objectclass': ("top", "extensibleobject"),
'cn': "changelog5",
'nsslapd-changelogdir': dirpath
})
self.log.debug("adding changelog entry: %r" % entry)
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.warn("entry %s already exists" % dn)
return self.conn._test_entry(dn, ldap.SCOPE_BASE)
def starttest(*args):
dn = "ou=test, dc=example, dc=com"
newrdn = "ou=test2"
dn2 = newrdn + ", dc=example, dc=com"
server = args[0]
print "starting starttest with " + str(server)
while True:
try:
entry = Entry(dn)
entry.setValues('objectclass', 'top', 'organizationalUnit')
entry.setValues('ou', 'test')
server.add_s(entry)
time.sleep(0.100)
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError, e:
print "Could not add test entry to server " + str(server), e
raise
try:
server.rename_s(dn, newrdn)
time.sleep(0.050)
except ldap.ALREADY_EXISTS: # replicated from the other server
pass
except ldap.NO_SUCH_OBJECT: # deleted by the other server
pass
except ldap.LDAPError, e:
print "Could not delete test entry from server " + str(server), e
raise
def handle(self, dn, entry):
"""
Append single record to dictionary of all records.
"""
if not dn:
dn = ''
newentry = Entry((dn, entry))
try:
self.dsadmin.add_s(newentry)
except ldap.ALREADY_EXISTS:
print "Entry %s already exists - skipping" % dn
return
cs.mark()
def doadds(m1):
print "Add %d entries to m1" % len(m1ents)
for ii in m1ents:
dn = "cn=%d,%s" % (ii, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
m1.add_s(ent)
def setup_mt(self, suffix, bename, parent=None):
"""Setup a suffix with the given backend-name.
@param suffix
@param bename
@param parent - the parent suffix
@param verbose - None
This method does not create the matching entry in the tree,
nor the given backend. Both should be created apart.
Ex. setup_mt(suffix='o=addressbook1', bename='addressbook1')
creates:
- the mapping in "cn=mapping tree,cn=config"
you have to create:
- the backend
- the ldap entry "o=addressbook1" *after*
"""
nsuffix = normalizeDN(suffix)
#escapedn = escapeDNValue(nsuffix)
if parent:
nparent = normalizeDN(parent)
else:
nparent = ""
filt = suffixfilt(suffix)
# if suffix exists, return
try:
entry = self.conn.getEntry(
DN_MAPPING_TREE, ldap.SCOPE_SUBTREE, filt)
return entry
except NoSuchEntryError:
entry = None
# fix me when we can actually used escaped DNs
#dn = "cn=%s,cn=mapping tree,cn=config" % escapedn
dn = ','.join(('cn="%s"' % nsuffix, DN_MAPPING_TREE))
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject', 'nsMappingTree'],
'nsslapd-state': 'backend',
# the value in the dn has to be DN escaped
# internal code will add the quoted value - unquoted value is useful for searching
'cn': nsuffix,
'nsslapd-backend': bename
})
#entry.setValues('cn', [escapedn, nsuffix]) # the value in the dn has to be DN escaped
# the other value can be the unescaped value
if parent:
entry.setValues('nsslapd-parent-suffix', nparent)
try:
self.log.debug("Creating entry: %r" % entry)
self.conn.add_s(entry)
except ldap.LDAPError, e:
raise ldap.LDAPError("Error adding suffix entry " + dn, e)
def addbackend_harn(conn, name, beattrs=None):
"""Create the suffix o=name and its backend."""
suffix = "o=%s" % name
e = Entry((suffix, {'objectclass': ['top', 'organization'], 'o': [name]}))
try:
ret = conn.addSuffix(suffix, bename=name, beattrs=beattrs)
except ldap.ALREADY_EXISTS:
raise
finally:
conn.added_backends.add(suffix)
conn.add(e)
conn.added_entries.append(e.dn)
return ret
def domods(m1):
ii = 0
dn = "cn=%d,%s" % (ii, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
m1.add_s(ent)
print "Do %d mods to m1" % len(m1ents)
for ii in m1ents:
newval = "description" + str(ii)
mod = [(ldap.MOD_REPLACE, 'description', newval)]
m1.modify_s(dn, mod)
def handle(self, dn, entry):
if not dn:
dn = ''
newentry = Entry((dn, entry))
if newentry.hasValueCase('objectclass', 'inetorgperson'):
ocvals = newentry.getValues('objectclass')
ocvals.append('inetUser')
newentry.setValue('objectclass', ocvals)
try:
self.conn.add_s(newentry)
except ldap.LDAPError, e:
if not self.cont: raise e
print "Error: could not add entry %s: error %s" % (dn, str(e))
# the same as in the cn=ipaConfig ipaUserObjectClasses list
# ntUser either by the winsync code, or when you want an
# existing IPA user to be synced with AD
userObjClasses = [
'top', 'person', 'organizationalPerson', 'inetOrgPerson'
]
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = ['ou=people,' + suffix,
'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix,
'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS: pass
print "Add users to", dn
for jj in range(0,5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
try: ad.add_s(ent)
'employeeNumber', 'homePhone', 'homePostalAddress', 'manager', 'secretary'
]
for attr in indexattrs:
m1.addIndex(basedn, attr, ['pres', 'eq', 'sub'])
m2.addIndex(basedn, attr, ['pres', 'eq', 'sub'])
binattr = "userCertificate;binary"
binval = ''.join([chr(ii % 256) for ii in xrange(0, 65536)])
basedn2 = "dc=example2,dc=com"
print "adding another suffix", basedn2
m1.addSuffix(basedn2)
m2.addSuffix(basedn2)
print "add several entries to", basedn2
ent = Entry(basedn2)
ent.setValues('objectclass', 'extensibleObject')
m1.add_s(ent)
m2.add_s(ent)
nusers = 100
print "add", nusers, "users to", basedn2
for ii in xrange(0, nusers):
uid = "user%03d" % ii
dn = "uid=%s,%s" % (uid, basedn2)
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('sn', 'User%03d' % ii)
ent.setValues('cn', 'Test User%03d' % ii)
ent.setValues(binattr, binval)
m1.add_s(ent)
'newsuffix': basedn,
'no_admin': True,
'ConfigFile': [cfgfd.name]
})
os.unlink(cfgfd.name)
initfile = ''
if os.environ.has_key('SERVER_ROOT'):
initfile = "%s/slapd-%s/ldif/Example.ldif" % (ds.sroot,ds.inst)
else:
initfilesrc = "%s/share/dirsrv/data/Example.ldif" % os.environ.get('PREFIX', '/usr')
initfile = "%s/var/lib/dirsrv/slapd-%s/ldif/Example.ldif" % (os.environ.get('PREFIX', ''), 'ds')
shutil.copy(initfilesrc, initfile)
print "importing database"
ds.importLDIF(initfile, '', "userRoot", False)
print "get the list of all users"
ents = ds.search_s(basedn, ldap.SCOPE_SUBTREE, "objectclass=inetorgperson")
for ii in xrange(0, 5):
groupdn = "cn=testgroup%d,ou=groups,%s" % (ii, basedn)
print "add a bunch of users to the group", groupdn
ent = Entry(groupdn)
ent.setValues('objectclass', 'groupOfNames')
ent.setValues('member', [ee.dn for ee in ents])
ds.add_s(ent)
#print "delete some users"
#for ent in ents:
# print "deleting user", ent.dn
# ds.delete_s(ent.dn)
'description':
'normal, regular AD account disabled, do not expire password',
'userAccountControl': 512 + 2 + 65536
}]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = [
'ou=people,' + suffix, 'ou=1,ou=people,' + suffix,
'ou=2,ou=people,' + suffix, 'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix
]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try:
ad.add_s(ent)
except ldap.ALREADY_EXISTS:
pass
print "Add users to", dn
for jj in range(0, 5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
replargs[m4] = m4replargs
srvs.append(m4)
print "create all of the agreements and init the masters"
for mmx in srvs:
for mmy in srvs:
if mmx == mmy: continue
agmtdn = mmx.setupAgreement(mmy, replargs[mmx])
if mmx == m1:
mmx.startReplication(agmtdn)
print mmx.getReplStatus(agmtdn)
print "test to make sure replication is working"
for (ii, mmx) in enumerate(srvs):
dn = "cn=user%d,ou=people,%s" % (ii, basedn)
ent = Entry(dn)
ent.setValues("objectclass", "extensibleObject")
mmx.add_s(ent)
time.sleep(2)
for mmy in srvs:
while True:
try: ents = mmy.search_s(dn, ldap.SCOPE_BASE)
except ldap.NO_SUCH_OBJECT: ents = []
if len(ents) < 1:
print "waiting for", dn, "on", str(mmy)
time.sleep(1)
elif ents[0]:
print "found", dn, "on", str(mmy)
break
mmx.delete_s(dn)
time.sleep(2)
print "create agreements and init consumers"
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
time.sleep(5)
#m1.setLogLevel(1,8192)
#m2.setLogLevel(1,8192)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
time.sleep(5)
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
print "Add a bunch of entries to queue up the changelog . . ."
for ii in xrange(0, 100):
cn = "test user%d" % ii
dn = "cn=%s,ou=people,%s" % (cn, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('cn', cn)
ent.setValues('sn', 'user' + str(ii))
m1.add_s(ent)
time.sleep(1)
print "Check replication status - note number of changes sent, in progress . . ."
print m1.getReplStatus(agmtm1tom2)
#print "Pause replication . . ."
#m1.stopReplication(agmtm1tom2)
#time.sleep(1)
#print "Check replication status - note number of changes sent, in progress . . ."
#print m1.getReplStatus(agmtm1tom2)
def makeADUserEnt():
global idnum
id = str(idnum)
userid = 'testuser' + id
cn = 'Test User' + id
dn = 'cn=%s,%s,%s' % (cn, adusersubtree, suffix)
ent = Entry(dn)
ent.setValues('objectclass', aduserObjClasses)
ent.setValues('cn', cn)
ent.setValues('sn', 'User' + id)
ent.setValues('userPrincipalName', '%s@%s' % (userid, realm))
ent.setValues('sAMAccountName', userid)
idnum += 1
return ent
def makeDSUserEnt():
global idnum
id = str(idnum)
userid = 'testuser' + id
dn = 'uid=%s,%s,%s' % (userid, usersubtree, suffix)
ent = Entry(dn)
ent.setValues('objectclass', userObjClasses)
ent.setValues('cn', 'Test User' + id)
ent.setValues('sn', 'User' + id)
ent.setValues('userPassword', 'Password' + id)
if ipawinsync:
ent.setValues('krbPrincipalName', '%s@%s' % (userid, realm))
ent.setValues('uidNumber', str(500+idnum))
ent.setValues('gidNumber', '1002')
ent.setValues('homeDirectory', '/home/' + userid)
if jj % 2:
ent.setValues('description', 'User added disabled to DS')
else:
ent.setValues('description', 'User added enabled to DS')
idnum += 1
return ent
print "create agreements and init consumers"
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
time.sleep(5)
#m1.setLogLevel(1,8192)
#m2.setLogLevel(1,8192)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
time.sleep(5)
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
print "Add a bunch of entries to queue up the changelog . . ."
for ii in xrange(0,100):
cn = "test user%d" % ii
dn = "cn=%s,ou=people,%s" % (cn, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('cn', cn)
ent.setValues('sn', 'user' + str(ii))
m1.add_s(ent)
time.sleep(1)
print "Check replication status - note number of changes sent, in progress . . ."
print m1.getReplStatus(agmtm1tom2)
#print "Pause replication . . ."
#m1.stopReplication(agmtm1tom2)
#time.sleep(1)
#print "Check replication status - note number of changes sent, in progress . . ."
#print m1.getReplStatus(agmtm1tom2)
def makeADUserEnt(idnum):
id = str(idnum)
userid = 'testuser' + id
cn = 'Test User' + id
dn = 'cn=%s,%s' % (cn, active_user_subtree)
ent = Entry(dn)
ent.setValues('objectclass', aduserObjClasses)
ent.setValues('cn', cn)
ent.setValues('sn', 'User' + id)
ent.setValues('userPrincipalName', '%s@%s' % (userid, realm))
ent.setValues('sAMAccountName', userid)
return ent
{'description': 'normal, regular AD account, do not expire password',
'userAccountControl': 512 + 65536},
{'description': 'normal, regular AD account disabled, do not expire password',
'userAccountControl': 512 + 2 + 65536}
]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = ['ou=people,' + suffix,
'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix,
'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS: pass
print "Add users to", dn
for jj in range(0,5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
kk = ii % len(userAcctVals)
time.sleep(2)
m1.startReplication(agmtm1tom2)
print "repl status after starting"
print m1.getReplStatus(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
agmtm1toc1 = m1.setupAgreement(c1, m1replargs)
time.sleep(2)
m1.startReplication(agmtm1toc1)
print "repl status after starting"
print m1.getReplStatus(agmtm1toc1)
agmtm2toc1 = m2.setupAgreement(c1, m2replargs)
print "add entry on m1 . . ."
dn = 'uid=testuser,dc=example,dc=com'
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', "1")
ent.setValues('sn', 'testuser')
m1.add_s(ent)
time.sleep(2)
print "search for entry on m2 . . ."
ents = m2.search_s(dn, ldap.SCOPE_BASE)
if not ents:
time.sleep(2)
ents = m2.search_s(dn, ldap.SCOPE_BASE)
if not ents:
print "entry not found on m2"
sys.exit(1)
else:
print "entry found on m2"
replargs[m4] = m4replargs
srvs.append(m4)
print "create all of the agreements and init the masters"
for mmx in srvs:
for mmy in srvs:
if mmx == mmy: continue
agmtdn = mmx.setupAgreement(mmy, replargs[mmx])
if mmx == m1:
mmx.startReplication(agmtdn)
print mmx.getReplStatus(agmtdn)
print "test to make sure replication is working"
for (ii, mmx) in enumerate(srvs):
dn = "cn=user%d,ou=people,%s" % (ii, basedn)
ent = Entry(dn)
ent.setValues("objectclass", "extensibleObject")
mmx.add_s(ent)
time.sleep(2)
for mmy in srvs:
while True:
try:
ents = mmy.search_s(dn, ldap.SCOPE_BASE)
except ldap.NO_SUCH_OBJECT:
ents = []
if len(ents) < 1:
print "waiting for", dn, "on", str(mmy)
time.sleep(1)
elif ents[0]:
print "found", dn, "on", str(mmy)
break
agmtm1tom2 = m1.setupAgreement(m2, m1replargs)
m1.startReplication_async(agmtm1tom2)
print "waiting for init to finish"
m1.waitForReplInit(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
sys.exit(0)
basedn = "dc=example,dc=com"
nents = 20000
myiter = xrange(0, nents)
for ii in myiter:
dn = "cn=%d, %s" % (ii, basedn)
svr = (m1,m2)[ii % 2]
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
ent.setValues('description', 'added description')
svr.add_s(ent)
print "Added", dn
print "Sleep for 20 seconds to let changes propagate . . ."
time.sleep(20)
print "Verify all entries are present in both servers . . ."
for ii in myiter:
dn = "cn=%d, %s" % (ii, basedn)
ent = m1.getEntry(dn, ldap.SCOPE_BASE)
if not ent: raise "Entry %s not found in %s" % (dn, m1)
ent = m2.getEntry(dn, ldap.SCOPE_BASE)
if not ent: raise "Entry %s not found in %s" % (dn, m2)
time.sleep(2)
m1.startReplication(agmtm1tom2)
print "repl status after starting"
print m1.getReplStatus(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
agmtm1toc1 = m1.setupAgreement(c1, m1replargs)
time.sleep(2)
m1.startReplication(agmtm1toc1)
print "repl status after starting"
print m1.getReplStatus(agmtm1toc1)
agmtm2toc1 = m2.setupAgreement(c1, m2replargs)
print "add entry on m1 . . ."
dn = "uid=testuser,dc=example,dc=com"
ent = Entry(dn)
ent.setValues("objectclass", "inetOrgPerson")
ent.setValues("cn", "1")
ent.setValues("sn", "testuser")
m1.add_s(ent)
time.sleep(2)
print "search for entry on m2 . . ."
ents = m2.search_s(dn, ldap.SCOPE_BASE)
if not ents:
time.sleep(2)
ents = m2.search_s(dn, ldap.SCOPE_BASE)
if not ents:
print "entry not found on m2"
sys.exit(1)
else:
print "entry found on m2"
})
#del os.environ['USE_DBX']
initfile = ''
if os.environ.has_key('SERVER_ROOT'):
initfile = "%s/slapd-%s/ldif/Example.ldif" % (m1.sroot, m1.inst)
else:
initfile = "%s/share/dirsrv/data/Example.ldif" % os.environ.get(
'PREFIX', '/usr')
m1.importLDIF(initfile, '', "userRoot", True)
#m1.setLogLevel(65535)
print "Add the filtered group entry with bogus filter"
dn = "cn=TestDynamicGroup,dc=example,dc=com"
ent = Entry(dn)
ent.setValues('description', "Dynamic test group")
ent.setValues('objectclass', 'top', 'groupofuniquenames', 'groupofurls')
ent.setValues(
'memberurl',
'ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=scart*)')
#ent.cn = 'TestDynamicGroup'
m1.add_s(ent)
print "Add the bogus aci for that group"
addmod = [(
ldap.MOD_REPLACE, 'aci',
'(targetattr = "*") (version 3.0;acl "Test Crash ACL";allow (all)(groupdn = "ldap:///cn=TestDynamicGroup,dc=example,dc=com");)'
)]
m1.modify_s("dc=example,dc=com", addmod)
#m1.setLogLevel(0)
srv.modify_s(ent.dn, mod)
ents = srv.getBackendsForSuffix(base2)
for ent in ents:
srv.modify_s(ent.dn, mod)
srv.stop(True)
#os.environ["USE_GDB"] = "1"
srv.start(True)
msgid1 = srv.search(basedn, ldap.SCOPE_SUBTREE, "objectclass=*")
taskdns = []
for (bename, fn) in zip(benames, initfiles):
outfile = fn + ".out"
cn = "export" + str(int(time.time())) + "-" + bename
taskdn = "cn=%s,cn=export,cn=tasks,cn=config" % cn
entry = Entry(taskdn)
entry.setValues('objectclass', 'top', 'extensibleObject')
entry.setValues('cn', cn)
entry.setValues('nsFilename', outfile)
entry.setValues('nsInstance', bename)
srv.add_s(entry)
taskdns.append(taskdn)
msgid2 = srv.search(basedn, ldap.SCOPE_SUBTREE, "objectclass=*")
attrlist = ['nsTaskLog', 'nsTaskStatus', 'nsTaskExitCode', 'nsTaskCurrentItem', 'nsTaskTotalItems']
for taskdn in taskdns:
try:
entry = srv.getEntry(taskdn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
print entry
except ldap.NO_SUCH_OBJECT:
time.sleep(2)
m1.startReplication(agmtm1tom2)
print "repl status after starting"
print m1.getReplStatus(agmtm1tom2)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
agmtm1toc1 = m1.setupAgreement(c1, m1replargs)
time.sleep(2)
m1.startReplication(agmtm1toc1)
print "repl status after starting"
print m1.getReplStatus(agmtm1toc1)
agmtm2toc1 = m2.setupAgreement(c1, m2replargs)
print "add entry on m1 . . ."
dn = 'uid=testuser,dc=example,dc=com'
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', "1")
ent.setValues('sn', 'testuser')
m1.add_s(ent)
time.sleep(2)
print "search for entry on m2 . . ."
ents = m2.search_s(dn, ldap.SCOPE_BASE)
if not ents:
time.sleep(2)
ents = m2.search_s(dn, ldap.SCOPE_BASE)
if not ents:
print "entry not found on m2"
sys.exit(1)
else:
print "entry found on m2"
m1.modify_s(userdn, mymod)
time.sleep(5)
ent = m2.getEntry(userdn, ldap.SCOPE_BASE)
if ent.description == "changed back":
print "replication is still working"
else:
print "replication is not working any longer"
sys.exit(1)
nents = 1000
svrs = (m1, m2)
nsvrs = len(svrs)
print "Add %d entries alternately . . ." % nents
for ii in range(0,nents):
dn = "cn=%d, %s" % (ii, basedn)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
svr = svrs[ii % nsvrs]
svr.add_s(ent)
print "Added %s to %s" % (dn, svr)
print "see if all entries are on both servers . . ."
time.sleep(10)
for ii in range(0,nents):
dn = "cn=%d, %s" % (ii, basedn)
try:
ent = m1.getEntry(dn, ldap.SCOPE_BASE)
ent = m2.getEntry(dn, ldap.SCOPE_BASE)
except:
print "Could not read entry", dn
'no_admin': True
})
#del os.environ['USE_GDB']
val1 = 'PRC (China)Limited company'
val2 = 'PRC (China) Limited company'
rdn1 = "ou=" + val1
rdn2 = "ou=" + val2
filt1 = '(ou=*\\28China\\29Limited*)'
filt2 = '(ou=*\\28China\\29*)'
filt3 = '(businessCategory=*\\29Limited*)'
dn1 = rdn1 + "," + basedn
dn2 = rdn2 + "," + basedn
ent = Entry(dn1)
ent.setValues('objectclass', 'extensibleObject')
ent.setValues('businessCategory', val1)
srv.add_s(ent)
ent = Entry(dn2)
ent.setValues('objectclass', 'extensibleObject')
ent.setValues('businessCategory', val2)
srv.add_s(ent)
ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, filt1)
print "filter", filt1, "returns the following"
for ent in ents:
print ent
ents = srv.search_s(basedn, ldap.SCOPE_SUBTREE, filt2)
def makeDSUserEnt(idnum):
id = str(idnum)
userid = 'testuser' + id
dn = 'uid=%s,%s,%s,%s' % (userid, active_user_cont, usersubtree, suffix)
ent = Entry(dn)
ent.setValues('objectclass', userObjClasses)
ent.setValues('cn', 'Test User' + id)
ent.setValues('sn', 'User' + id)
ent.setValues('uid', userid)
ent.setValues('userPassword', 'Password' + id)
ent.setValues('ntUserDomainId', userid)
ent.setValues('userPassword', 'Ornette1')
if ipawinsync:
ent.setValues('krbPrincipalName', '%s@%s' % (userid, realm))
ent.setValues('uidNumber', str(500+idnum))
ent.setValues('gidNumber', '1002')
ent.setValues('homeDirectory', '/home/' + userid)
if idnum % 2:
ent.setValues('description', 'User added disabled to DS')
ent.setValues('nsAccountLock', 'TRUE')
else:
ent.setValues('description', 'User added enabled to DS')
else:
ent.setValues('description', 'User added to DS')
ent.setValues('ntUserCreateNewAccount', 'TRUE')
ent.setValues('ntUserDeleteAccount', 'TRUE')
return ent
def test_update_complex(self):
# compare two entries created with different methods
nsuffix, replid, replicatype = "dc=example,dc=com", 5, dsadmin.REPLICA_RDWR_TYPE
binddnlist, legacy = ['uid=pippo, cn=config'], 'off'
dn = "dc=example,dc=com"
entry = Entry(dn)
entry.setValues(
'objectclass', "top", "nsds5replica", "extensibleobject")
entry.setValues('cn', "replica")
entry.setValues('nsds5replicaroot', nsuffix)
entry.setValues('nsds5replicaid', str(replid))
entry.setValues('nsds5replicatype', str(replicatype))
entry.setValues('nsds5flags', "1")
entry.setValues('nsds5replicabinddn', binddnlist)
entry.setValues('nsds5replicalegacyconsumer', legacy)
uentry = Entry((
dn, {
'objectclass': ["top", "nsds5replica", "extensibleobject"],
'cn': ["replica"],
})
)
print uentry
# Entry.update *replaces*, so be careful with multi-valued attrs
uentry.update({
'nsds5replicaroot': nsuffix,
'nsds5replicaid': str(replid),
'nsds5replicatype': str(replicatype),
'nsds5flags': '1',
'nsds5replicabinddn': binddnlist,
'nsds5replicalegacyconsumer': legacy
})
uentry_s, entry_s = map(str, (uentry, entry))
assert uentry_s == entry_s, "Mismatching entries [%r] vs [%r]" % (
uentry, entry)
agmtm2tom1 = m2.setupAgreement(m1, m2replargs)
# the attribute value must be larger
# than 1024 * 32 bytes in order to
# trigger the clcache buffer resize
size = 1024 * 32 + 1
val1 = "description1" + ("#" * size)
val2 = "description1" + ("#" * size)
nents = 2
print "Add %d entries alternately . . ." % nents
svrs = (m1, m2)
vals = (val1, val2)
nsvrs = len(svrs)
for ii in range(0, nents):
dn = "cn=%d, %s" % (ii, suffix)
ent = Entry(dn)
ent.setValues('objectclass', 'person')
ent.setValues('sn', 'testuser')
ent.setValues('description', vals[ii % nsvrs])
svr = svrs[ii % nsvrs]
svr.add_s(ent)
print "Added %s to %s" % (dn, svr)
print "see if all entries are on both servers . . ."
time.sleep(5)
for ii in range(0, nents):
dn = "cn=%d, %s" % (ii, suffix)
ent = m1.getEntry(dn, ldap.SCOPE_BASE)
ent = m2.getEntry(dn, ldap.SCOPE_BASE)
os.environ['USE_GDB'] = "1"
farm = DSAdmin.createInstance({
'newrootpw': rootpw2,
'newhost': host2,
'newport': port2,
'newinst': 'farm',
'newsuffix': 'dc=notused',
'no_admin': True
})
# add the suffix
farm.addSuffix(suffix)
# add the suffix entry
dn = suffix
ent = Entry(dn)
ent.setValues('objectclass', 'domain')
farm.add_s(ent)
# setup chaining
mux.setupChaining(farm, suffix, False)
# add an administrative user on the mux
admindn = 'uid=ttestuser,cn=config'
adminpw = "adminpw"
ent = Entry(admindn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Chain Admin User')
ent.setValues('sn', 'Chain')
ent.setValues('givenName', 'Admin User')
ent.setValues('userPassword', "adminpw")
rootpw = "password"
basedn = 'dc=example,dc=com'
newinst = 'ds'
os.environ['USE_VALGRIND'] = "1"
srv = DSAdmin.createInstance({
'newrootpw': rootpw,
'newhost': host1,
'newport': port1,
'newinst': newinst,
'newsuffix': basedn,
'no_admin': True
})
print "turn on syntax checking and trivial words checking"
attr = "passwordCheckSyntax"
mod = [(ldap.MOD_REPLACE, attr, "on")]
srv.modify_s("cn=config", mod)
print "add a user with a password"
dn = "uid=scarter,dc=example,dc=com"
bindpw = "SPrain12"
ent = Entry(dn)
ent.setValues('objectclass', 'inetOrgPerson')
ent.setValues('cn', 'Sam Carter')
ent.setValues('sn', 'Carter')
ent.setValues('givenName', 'Sam')
ent.setValues('userPassword', bindpw)
srv.add_s(ent)
{'description': 'normal, regular AD account, do not expire password',
'userAccountControl': 512 + 65536},
{'description': 'normal, regular AD account disabled, do not expire password',
'userAccountControl': 512 + 2 + 65536}
]
userids_disabled = {}
if useds:
print "Create sub-ou's on the AD side and add users . . ."
ii = 0
dns = ['ou=people,' + suffix,
'ou=1,ou=people,' + suffix, 'ou=2,ou=people,' + suffix,
'ou=11,ou=1,ou=people,' + suffix,
'ou=12,ou=1,ou=people,' + suffix]
for dn in dns:
ent = Entry(dn)
ent.setValues('objectclass', 'organizationalUnit')
try: ad.add_s(ent)
except ldap.ALREADY_EXISTS: pass
print "Add users to", dn
for jj in range(0,5):
strii = str(ii)
userdn = 'cn=Test User' + strii + ',' + dn
ent = Entry(userdn)
userid = 'userid' + strii
ent.setValues('objectclass', ['person', 'adPerson'])
ent.setValues('sn', 'User' + strii)
ent.setValues('samAccountName', userid)
ent.setValues('objectGUID', struct.pack('B', ii))
ent.setValues('name', 'Test User' + strii) # same as cn
kk = ii % len(userAcctVals)
