def extra_attributes(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user", 2001, 2000)
ent_list.add_group("group", 2000)
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[domain/LDAP]
ldap_user_extra_attrs = mail, name:uid, givenName
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
def sanity_rfc2307_bis(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
ent_list.add_group_bis("group1", 2001)
ent_list.add_group_bis("group2", 2002)
ent_list.add_group_bis("group3", 2003)
ent_list.add_group_bis("empty_group1", 2010)
ent_list.add_group_bis("empty_group2", 2011)
ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
ent_list.add_group_bis("group_two_empty_groups", 2014, [],
["empty_group1", "empty_group2"])
ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
ent_list.add_group_bis("group_one_user_group", 2017, [],
["one_user_group1"])
ent_list.add_group_bis("group_two_user_group", 2018, [],
["two_user_group"])
ent_list.add_group_bis("group_two_one_user_groups", 2019, [],
["one_user_group1", "one_user_group2"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def add_mixed_netgroup(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_netgroup("mixed_netgroup1")
ent_list.add_netgroup("mixed_netgroup2", members=["mixed_netgroup1"])
ent_list.add_netgroup("mixed_netgroup3", ["(host1,user1,domain1)"])
ent_list.add_netgroup("mixed_netgroup4",
["(host2,user2,domain2)", "(host3,user3,domain3)"])
ent_list.add_netgroup("mixed_netgroup5",
["(host4,user4,domain4)"],
["mixed_netgroup1"])
ent_list.add_netgroup("mixed_netgroup6",
["(host5,user5,domain5)"],
["mixed_netgroup2"])
ent_list.add_netgroup("mixed_netgroup7", members=["mixed_netgroup3"])
ent_list.add_netgroup("mixed_netgroup8",
members=["mixed_netgroup3", "mixed_netgroup4"])
ent_list.add_netgroup("mixed_netgroup9",
["(host6,user6,domain6)"],
["mixed_netgroup3", "mixed_netgroup4"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def env_mix_cased_name_override(request, ldap_conn):
"""Setup test for mixed case names"""
prepare_sssd(request, ldap_conn, True, False)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001)
ent_list.add_user("uSeR2", 10002, 20002)
create_ldap_fixture(request, ldap_conn, ent_list)
pwd.getpwnam('user1@LDAP')
pwd.getpwnam('user2@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user1@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_user2@LDAP')
# Override
subprocess.check_call([
"sss_override", "user-add", "user1@LDAP", "-u", "10010", "-g", "20010",
"-n", "ov_user1", "-c", "Overriden User 1", "-h", "/home/ov/user1",
"-s", "/bin/ov_user1_shell"
])
subprocess.check_call([
"sss_override", "user-add", "user2@LDAP", "-u", "10020", "-g", "20020",
"-n", "ov_user2", "-c", "Overriden User 2", "-h", "/home/ov/user2",
"-s", "/bin/ov_user2_shell"
])
restart_sssd()
def env_two_users_and_group(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1",
10001,
20001,
gecos='User Number 1',
loginShell='/bin/user1_shell',
homeDirectory='/home/user1')
ent_list.add_user("user2",
10002,
20001,
gecos='User Number 2',
loginShell='/bin/user2_shell',
homeDirectory='/home/user2')
ent_list.add_group("group", 2001, ["user2", "user1"])
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overriden
assert_user_default()
def add_tripled_netgroup(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_netgroup("tripled_netgroup", ["(host,user,domain)"])
create_ldap_fixture(request, ldap_conn, ent_list)
return None
def mpg_setup(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
ent_list.add_group_bis("group1", 2001)
ent_list.add_group_bis("group2", 2002)
ent_list.add_group_bis("group3", 2003)
ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
create_ldap_entries(ldap_conn, ent_list)
create_ldap_cleanup(request, ldap_conn, None)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
unindent("""
[domain/LDAP]
auto_private_groups = True
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def add_user_with_cert(request, ldap_conn):
config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH']
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
create_ldap_fixture(request, ldap_conn, ent_list)
der_path = os.path.dirname(config.PAM_CERT_DB_PATH)
der_path += "/SSSD_test_cert_x509_0001.der"
with open(der_path, 'rb') as f:
val = f.read()
dn = "uid=user1,ou=Users," + LDAP_BASE_DN
'''
Using 'userCert' instead of 'userCertificate' to hold the user certificate
because the default OpenLDAP has syntax and matching rules which are not
used in other LDAP servers.
'''
ldap_conn.modify_s(dn, [(ldap.MOD_ADD, 'userCert', val)])
conf = format_certificate_conf(ldap_conn, SCHEMA_RFC2307_BIS, config)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
create_ca_db_fixture(request)
return None
def sanity_nss_filter_cached(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
ent_list.add_user("root", 1004, 2004)
ent_list.add_user("zerouid", 0, 0)
ent_list.add_group_bis("group1", 2001)
ent_list.add_group_bis("group2", 2002)
ent_list.add_group_bis("group3", 2003)
ent_list.add_group_bis("root", 2004)
ent_list.add_group_bis("zerogid", 0)
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
unindent("""
[nss]
filter_users = user2
filter_groups = group2
entry_negative_timeout = 1
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def populate_rfc2307bis(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
ent_list.add_group_bis("group1", 2001)
ent_list.add_group_bis("group2", 2002)
ent_list.add_group_bis("group3", 2003)
ent_list.add_group_bis("empty_group1", 2010)
ent_list.add_group_bis("empty_group2", 2011)
ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
ent_list.add_group_bis("group_two_empty_groups", 2014,
[], ["empty_group1", "empty_group2"])
ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
ent_list.add_group_bis("group_one_user_group", 2017,
[], ["one_user_group1"])
ent_list.add_group_bis("group_two_user_group", 2018,
[], ["two_user_group"])
ent_list.add_group_bis("group_two_one_user_groups", 2019,
[], ["one_user_group1", "one_user_group2"])
create_ldap_fixture(request, ldap_conn, ent_list)
def env_regr_2790_override(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001)
ent_list.add_user("user2", 10002, 20002)
ent_list.add_group("group1", 2001,
["user1", "user2"])
ent_list.add_group("group2", 2002,
["user2"])
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overridden
with pytest.raises(KeyError):
pwd.getpwnam('alias1')
with pytest.raises(KeyError):
pwd.getpwnam('alias1@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('alias2')
with pytest.raises(KeyError):
pwd.getpwnam('alias2@LDAP')
# Override
subprocess.check_call(["sss_override", "user-add", "user1",
"-n", "alias1"])
subprocess.check_call(["sss_override", "user-add", "user2",
"-n", "alias2"])
restart_sssd()
def env_group_basic(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 10001, 20001,
gecos='User Number 1',
loginShell='/bin/user1_shell',
homeDirectory='/home/user1')
ent_list.add_user("user2", 10002, 20001,
gecos='User Number 2',
loginShell='/bin/user2_shell',
homeDirectory='/home/user2')
ent_list.add_group("group", 2001,
["user2", "user1"])
ent_list.add_group("empty_group", 2002, [])
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overriden
with pytest.raises(KeyError):
pwd.getpwnam('ov_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_group@LDAP')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group')
with pytest.raises(KeyError):
pwd.getpwnam('ov_empty_group@LDAP')
def load_data_to_ldap(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("CamelCaseUser1", 1002, 2002)
ent_list.add_group("group1", 2001, ["user1"])
ent_list.add_group("CamelCaseGroup1", 2002, ["CamelCaseUser1"])
create_ldap_fixture(request, ldap_conn, ent_list)
def rfc2307bis_no_nesting(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
create_ldap_fixture(request, ldap_conn, ent_list)
create_conf_fixture(request,
zero_nesting_sssd_conf(ldap_conn, SCHEMA_RFC2307_BIS))
create_sssd_fixture(request)
return None
def simple_rfc2307(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def sanity_rfc2307_bis(request, ldap_conn):
ent_list = ldap_ent.List(LDAP_BASE_DN)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_user("user3", 1003, 2003)
ent_list.add_group_bis("group1", 2001)
ent_list.add_group_bis("group2", 2002)
ent_list.add_group_bis("group3", 2003)
ent_list.add_group_bis("empty_group1", 2010)
ent_list.add_group_bis("empty_group2", 2011)
ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
ent_list.add_group_bis("group_two_empty_groups", 2014, [],
["empty_group1", "empty_group2"])
ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
ent_list.add_group_bis("group_one_user_group", 2017, [],
["one_user_group1"])
ent_list.add_group_bis("group_two_user_group", 2018, [],
["two_user_group"])
ent_list.add_group_bis("group_two_one_user_groups", 2019, [],
["one_user_group1", "one_user_group2"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = unindent("""\
[sssd]
debug_level = 0xffff
config_file_version = 2
domains = LDAP
services = nss, pam
[nss]
debug_level = 0xffff
memcache_timeout = 0
[pam]
debug_level = 0xffff
[domain/LDAP]
ldap_auth_disable_tls_never_use_in_production = true
debug_level = 0xffff
enumerate = true
ldap_schema = rfc2307bis
ldap_group_object_class = groupOfNames
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def env_replace_user_override(request, ldap_conn):
prepare_sssd(request, ldap_conn)
# Add entries
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1",
10001,
20001,
gecos='User Number 1',
loginShell='/bin/user1_shell',
homeDirectory='/home/user1')
create_ldap_fixture(request, ldap_conn, ent_list)
# Assert entries are not overriden
ent.assert_passwd_by_name(
'user1',
dict(name='user1',
passwd='*',
uid=10001,
gid=20001,
gecos='User Number 1',
dir='/home/user1',
shell='/bin/user1_shell'))
# Override
subprocess.check_call([
"sss_override", "user-add", "user1", "-u", "10010", "-g", "20010",
"-n", "ov_user1", "-c", "Overriden User 1", "-h", "/home/ov/user1",
"-s", "/bin/ov_user1_shell"
])
# Restart SSSD so the override might take effect
restart_sssd()
# Assert entries are overriden
ent.assert_passwd_by_name(
'user1',
dict(name='ov_user1',
passwd='*',
uid=10010,
gid=20010,
gecos='Overriden User 1',
dir='/home/ov/user1',
shell='/bin/ov_user1_shell'))
# Override of override
subprocess.check_call([
"sss_override", "user-add", "user1", "-u", "10100", "-g", "20100",
"-n", "ov2_user1", "-c", "Overriden2 User 1", "-h", "/home/ov2/user1",
"-s", "/bin/ov2_user1_shell"
])
# Restart SSSD so the override might take effect
restart_sssd()
def add_empty_netgroup(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_netgroup("empty_netgroup")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def simple_rfc2307(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user('usr\\\\001', 181818, 181818)
ent_list.add_group("group1", 181818)
create_ldap_fixture(request, ldap_conn, ent_list)
config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH']
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307, config)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
create_ca_db_fixture(request)
return None
def load_data_to_ldap(request, ldap_conn, schema):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user11", 1011, 2001)
ent_list.add_user("user21", 1021, 2001)
if schema == SCHEMA_RFC2307_BIS:
ent_list.add_group_bis("group1", 2001, ("user1", "user11", "user21"))
elif schema == SCHEMA_RFC2307:
ent_list.add_group("group1", 2001, ("user1", "user11", "user21"))
create_ldap_fixture(request, ldap_conn, ent_list)
def add_user_to_group(request, ldap_conn):
"""
Adding user to group
"""
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
create_ldap_fixture(request, ldap_conn, ent_list)
create_conf_fixture(
request, format_rfc2307bis_deref_conf(ldap_conn, SCHEMA_RFC2307_BIS))
create_sssd_fixture(request)
return None
def remove_user_from_nested_group(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1002, 2002)
ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
ent_list.add_group_bis("group2", 20002, member_uids=["user2"])
ent_list.add_group_bis("group3", 20003, member_gids=["group1", "group2"])
create_ldap_fixture(request, ldap_conn, ent_list)
create_conf_fixture(
request, format_rfc2307bis_deref_conf(ldap_conn, SCHEMA_RFC2307_BIS))
create_sssd_fixture(request)
return None
def remove_step_by_step(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_netgroup("rm_empty_netgroup1", ["(host1,user1,domain1)"])
ent_list.add_netgroup("rm_empty_netgroup2", ["(host2,user2,domain2)"],
["rm_empty_netgroup1"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return ent_list
def add_user_with_ssh_key(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1",
1001,
2001,
sshPubKey=(USER1_PUBKEY1, USER1_PUBKEY2))
ent_list.add_user("user2", 1002, 2001)
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def user_and_group_rfc2307(request, ldap_conn):
"""
Create an RFC2307 directory fixture with interactive SSSD conf,
one user and one group
"""
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user", 1001, 2000)
ent_list.add_group("group", 2001)
create_ldap_fixture(request, ldap_conn, ent_list)
create_conf_fixture(request,
format_interactive_conf(ldap_conn, SCHEMA_RFC2307))
create_sssd_fixture(request)
return None
def add_common_rules(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user1", 1001, 2001)
ent_list.add_user("user2", 1001, 2001)
ent_list.add_sudo_rule("user1_allow_less_shadow",
users=("user1", ),
hosts=("ALL", ),
commands=("/usr/bin/less /etc/shadow", "/bin/ls"))
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def add_tripled_netgroup(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_netgroup("tripled_netgroup", ["(host,user,domain)"])
ent_list.add_netgroup("adv_tripled_netgroup",
["(host1,user1,domain1)", "(host2,user2,domain2)"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def add_nets(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_ipnet("net1", "192.168.1.1",
aliases=["net1_alias1", "net1_alias2"])
ent_list.add_ipnet("net2", "10.2.2.2",
aliases=["net2_alias1", "net2_alias2"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def removing_nested_netgroups(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_netgroup("t2841_netgroup1", ["(host1,user1,domain1)"])
ent_list.add_netgroup("t2841_netgroup2", ["(host2,user2,domain2)"])
ent_list.add_netgroup("t2841_netgroup3",
members=["t2841_netgroup1", "t2841_netgroup2"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
create_conf_fixture(request, conf)
create_sssd_fixture(request)
return None
def override_shell(request, ldap_conn):
ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
ent_list.add_user("user_with_shell_A", 1001, 2001, loginShell="/bin/A")
ent_list.add_user("user_with_shell_B", 1002, 2002, loginShell="/bin/B")
ent_list.add_user("user_with_empty_shell", 1003, 2003, loginShell="")
create_ldap_fixture(request, ldap_conn, ent_list)
conf = \
format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
unindent("""\
[nss]
override_shell = /bin/B
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)