def extra_attributes(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user", 2001, 2000) ent_list.add_group("group", 2000) create_ldap_fixture(request, ldap_conn, ent_list) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [domain/LDAP] ldap_user_extra_attrs = mail, name:uid, givenName """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)
def sanity_rfc2307_bis(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_user("user3", 1003, 2003) ent_list.add_group_bis("group1", 2001) ent_list.add_group_bis("group2", 2002) ent_list.add_group_bis("group3", 2003) ent_list.add_group_bis("empty_group1", 2010) ent_list.add_group_bis("empty_group2", 2011) ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"]) ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"]) ent_list.add_group_bis("group_two_empty_groups", 2014, [], ["empty_group1", "empty_group2"]) ent_list.add_group_bis("one_user_group1", 2015, ["user1"]) ent_list.add_group_bis("one_user_group2", 2016, ["user2"]) ent_list.add_group_bis("group_one_user_group", 2017, [], ["one_user_group1"]) ent_list.add_group_bis("group_two_user_group", 2018, [], ["two_user_group"]) ent_list.add_group_bis("group_two_one_user_groups", 2019, [], ["one_user_group1", "one_user_group2"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def add_mixed_netgroup(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_netgroup("mixed_netgroup1") ent_list.add_netgroup("mixed_netgroup2", members=["mixed_netgroup1"]) ent_list.add_netgroup("mixed_netgroup3", ["(host1,user1,domain1)"]) ent_list.add_netgroup("mixed_netgroup4", ["(host2,user2,domain2)", "(host3,user3,domain3)"]) ent_list.add_netgroup("mixed_netgroup5", ["(host4,user4,domain4)"], ["mixed_netgroup1"]) ent_list.add_netgroup("mixed_netgroup6", ["(host5,user5,domain5)"], ["mixed_netgroup2"]) ent_list.add_netgroup("mixed_netgroup7", members=["mixed_netgroup3"]) ent_list.add_netgroup("mixed_netgroup8", members=["mixed_netgroup3", "mixed_netgroup4"]) ent_list.add_netgroup("mixed_netgroup9", ["(host6,user6,domain6)"], ["mixed_netgroup3", "mixed_netgroup4"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def env_mix_cased_name_override(request, ldap_conn): """Setup test for mixed case names""" prepare_sssd(request, ldap_conn, True, False) # Add entries ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 10001, 20001) ent_list.add_user("uSeR2", 10002, 20002) create_ldap_fixture(request, ldap_conn, ent_list) pwd.getpwnam('user1@LDAP') pwd.getpwnam('user2@LDAP') with pytest.raises(KeyError): pwd.getpwnam('ov_user1@LDAP') with pytest.raises(KeyError): pwd.getpwnam('ov_user2@LDAP') # Override subprocess.check_call([ "sss_override", "user-add", "user1@LDAP", "-u", "10010", "-g", "20010", "-n", "ov_user1", "-c", "Overriden User 1", "-h", "/home/ov/user1", "-s", "/bin/ov_user1_shell" ]) subprocess.check_call([ "sss_override", "user-add", "user2@LDAP", "-u", "10020", "-g", "20020", "-n", "ov_user2", "-c", "Overriden User 2", "-h", "/home/ov/user2", "-s", "/bin/ov_user2_shell" ]) restart_sssd()
def env_two_users_and_group(request, ldap_conn): prepare_sssd(request, ldap_conn) # Add entries ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 10001, 20001, gecos='User Number 1', loginShell='/bin/user1_shell', homeDirectory='/home/user1') ent_list.add_user("user2", 10002, 20001, gecos='User Number 2', loginShell='/bin/user2_shell', homeDirectory='/home/user2') ent_list.add_group("group", 2001, ["user2", "user1"]) create_ldap_fixture(request, ldap_conn, ent_list) # Assert entries are not overriden assert_user_default()
def add_tripled_netgroup(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_netgroup("tripled_netgroup", ["(host,user,domain)"]) create_ldap_fixture(request, ldap_conn, ent_list) return None
def mpg_setup(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_user("user3", 1003, 2003) ent_list.add_group_bis("group1", 2001) ent_list.add_group_bis("group2", 2002) ent_list.add_group_bis("group3", 2003) ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"]) ent_list.add_group_bis("one_user_group1", 2015, ["user1"]) ent_list.add_group_bis("one_user_group2", 2016, ["user2"]) create_ldap_entries(ldap_conn, ent_list) create_ldap_cleanup(request, ldap_conn, None) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ unindent(""" [domain/LDAP] auto_private_groups = True """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def add_user_with_cert(request, ldap_conn): config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) create_ldap_fixture(request, ldap_conn, ent_list) der_path = os.path.dirname(config.PAM_CERT_DB_PATH) der_path += "/SSSD_test_cert_x509_0001.der" with open(der_path, 'rb') as f: val = f.read() dn = "uid=user1,ou=Users," + LDAP_BASE_DN ''' Using 'userCert' instead of 'userCertificate' to hold the user certificate because the default OpenLDAP has syntax and matching rules which are not used in other LDAP servers. ''' ldap_conn.modify_s(dn, [(ldap.MOD_ADD, 'userCert', val)]) conf = format_certificate_conf(ldap_conn, SCHEMA_RFC2307_BIS, config) create_conf_fixture(request, conf) create_sssd_fixture(request) create_ca_db_fixture(request) return None
def sanity_nss_filter_cached(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_user("user3", 1003, 2003) ent_list.add_user("root", 1004, 2004) ent_list.add_user("zerouid", 0, 0) ent_list.add_group_bis("group1", 2001) ent_list.add_group_bis("group2", 2002) ent_list.add_group_bis("group3", 2003) ent_list.add_group_bis("root", 2004) ent_list.add_group_bis("zerogid", 0) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ unindent(""" [nss] filter_users = user2 filter_groups = group2 entry_negative_timeout = 1 """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def populate_rfc2307bis(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_user("user3", 1003, 2003) ent_list.add_group_bis("group1", 2001) ent_list.add_group_bis("group2", 2002) ent_list.add_group_bis("group3", 2003) ent_list.add_group_bis("empty_group1", 2010) ent_list.add_group_bis("empty_group2", 2011) ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"]) ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"]) ent_list.add_group_bis("group_two_empty_groups", 2014, [], ["empty_group1", "empty_group2"]) ent_list.add_group_bis("one_user_group1", 2015, ["user1"]) ent_list.add_group_bis("one_user_group2", 2016, ["user2"]) ent_list.add_group_bis("group_one_user_group", 2017, [], ["one_user_group1"]) ent_list.add_group_bis("group_two_user_group", 2018, [], ["two_user_group"]) ent_list.add_group_bis("group_two_one_user_groups", 2019, [], ["one_user_group1", "one_user_group2"]) create_ldap_fixture(request, ldap_conn, ent_list)
def env_regr_2790_override(request, ldap_conn): prepare_sssd(request, ldap_conn) # Add entries ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 10001, 20001) ent_list.add_user("user2", 10002, 20002) ent_list.add_group("group1", 2001, ["user1", "user2"]) ent_list.add_group("group2", 2002, ["user2"]) create_ldap_fixture(request, ldap_conn, ent_list) # Assert entries are not overridden with pytest.raises(KeyError): pwd.getpwnam('alias1') with pytest.raises(KeyError): pwd.getpwnam('alias1@LDAP') with pytest.raises(KeyError): pwd.getpwnam('alias2') with pytest.raises(KeyError): pwd.getpwnam('alias2@LDAP') # Override subprocess.check_call(["sss_override", "user-add", "user1", "-n", "alias1"]) subprocess.check_call(["sss_override", "user-add", "user2", "-n", "alias2"]) restart_sssd()
def env_group_basic(request, ldap_conn): prepare_sssd(request, ldap_conn) # Add entries ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 10001, 20001, gecos='User Number 1', loginShell='/bin/user1_shell', homeDirectory='/home/user1') ent_list.add_user("user2", 10002, 20001, gecos='User Number 2', loginShell='/bin/user2_shell', homeDirectory='/home/user2') ent_list.add_group("group", 2001, ["user2", "user1"]) ent_list.add_group("empty_group", 2002, []) create_ldap_fixture(request, ldap_conn, ent_list) # Assert entries are not overriden with pytest.raises(KeyError): pwd.getpwnam('ov_group') with pytest.raises(KeyError): pwd.getpwnam('ov_group@LDAP') with pytest.raises(KeyError): pwd.getpwnam('ov_empty_group') with pytest.raises(KeyError): pwd.getpwnam('ov_empty_group@LDAP')
def load_data_to_ldap(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("CamelCaseUser1", 1002, 2002) ent_list.add_group("group1", 2001, ["user1"]) ent_list.add_group("CamelCaseGroup1", 2002, ["CamelCaseUser1"]) create_ldap_fixture(request, ldap_conn, ent_list)
def rfc2307bis_no_nesting(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_group_bis("group1", 20001, member_uids=["user1"]) create_ldap_fixture(request, ldap_conn, ent_list) create_conf_fixture(request, zero_nesting_sssd_conf(ldap_conn, SCHEMA_RFC2307_BIS)) create_sssd_fixture(request) return None
def simple_rfc2307(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user('usr\\\\001', 181818, 181818) ent_list.add_group("group1", 181818) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def sanity_rfc2307_bis(request, ldap_conn): ent_list = ldap_ent.List(LDAP_BASE_DN) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_user("user3", 1003, 2003) ent_list.add_group_bis("group1", 2001) ent_list.add_group_bis("group2", 2002) ent_list.add_group_bis("group3", 2003) ent_list.add_group_bis("empty_group1", 2010) ent_list.add_group_bis("empty_group2", 2011) ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"]) ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"]) ent_list.add_group_bis("group_two_empty_groups", 2014, [], ["empty_group1", "empty_group2"]) ent_list.add_group_bis("one_user_group1", 2015, ["user1"]) ent_list.add_group_bis("one_user_group2", 2016, ["user2"]) ent_list.add_group_bis("group_one_user_group", 2017, [], ["one_user_group1"]) ent_list.add_group_bis("group_two_user_group", 2018, [], ["two_user_group"]) ent_list.add_group_bis("group_two_one_user_groups", 2019, [], ["one_user_group1", "one_user_group2"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = unindent("""\ [sssd] debug_level = 0xffff config_file_version = 2 domains = LDAP services = nss, pam [nss] debug_level = 0xffff memcache_timeout = 0 [pam] debug_level = 0xffff [domain/LDAP] ldap_auth_disable_tls_never_use_in_production = true debug_level = 0xffff enumerate = true ldap_schema = rfc2307bis ldap_group_object_class = groupOfNames id_provider = ldap auth_provider = ldap sudo_provider = ldap ldap_uri = {ldap_conn.ds_inst.ldap_url} ldap_search_base = {ldap_conn.ds_inst.base_dn} """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def env_replace_user_override(request, ldap_conn): prepare_sssd(request, ldap_conn) # Add entries ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 10001, 20001, gecos='User Number 1', loginShell='/bin/user1_shell', homeDirectory='/home/user1') create_ldap_fixture(request, ldap_conn, ent_list) # Assert entries are not overriden ent.assert_passwd_by_name( 'user1', dict(name='user1', passwd='*', uid=10001, gid=20001, gecos='User Number 1', dir='/home/user1', shell='/bin/user1_shell')) # Override subprocess.check_call([ "sss_override", "user-add", "user1", "-u", "10010", "-g", "20010", "-n", "ov_user1", "-c", "Overriden User 1", "-h", "/home/ov/user1", "-s", "/bin/ov_user1_shell" ]) # Restart SSSD so the override might take effect restart_sssd() # Assert entries are overriden ent.assert_passwd_by_name( 'user1', dict(name='ov_user1', passwd='*', uid=10010, gid=20010, gecos='Overriden User 1', dir='/home/ov/user1', shell='/bin/ov_user1_shell')) # Override of override subprocess.check_call([ "sss_override", "user-add", "user1", "-u", "10100", "-g", "20100", "-n", "ov2_user1", "-c", "Overriden2 User 1", "-h", "/home/ov2/user1", "-s", "/bin/ov2_user1_shell" ]) # Restart SSSD so the override might take effect restart_sssd()
def add_empty_netgroup(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_netgroup("empty_netgroup") create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def simple_rfc2307(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user('usr\\\\001', 181818, 181818) ent_list.add_group("group1", 181818) create_ldap_fixture(request, ldap_conn, ent_list) config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307, config) create_conf_fixture(request, conf) create_sssd_fixture(request) create_ca_db_fixture(request) return None
def load_data_to_ldap(request, ldap_conn, schema): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user11", 1011, 2001) ent_list.add_user("user21", 1021, 2001) if schema == SCHEMA_RFC2307_BIS: ent_list.add_group_bis("group1", 2001, ("user1", "user11", "user21")) elif schema == SCHEMA_RFC2307: ent_list.add_group("group1", 2001, ("user1", "user11", "user21")) create_ldap_fixture(request, ldap_conn, ent_list)
def add_user_to_group(request, ldap_conn): """ Adding user to group """ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_group_bis("group1", 20001, member_uids=["user1"]) create_ldap_fixture(request, ldap_conn, ent_list) create_conf_fixture( request, format_rfc2307bis_deref_conf(ldap_conn, SCHEMA_RFC2307_BIS)) create_sssd_fixture(request) return None
def remove_user_from_nested_group(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1002, 2002) ent_list.add_group_bis("group1", 20001, member_uids=["user1"]) ent_list.add_group_bis("group2", 20002, member_uids=["user2"]) ent_list.add_group_bis("group3", 20003, member_gids=["group1", "group2"]) create_ldap_fixture(request, ldap_conn, ent_list) create_conf_fixture( request, format_rfc2307bis_deref_conf(ldap_conn, SCHEMA_RFC2307_BIS)) create_sssd_fixture(request) return None
def remove_step_by_step(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_netgroup("rm_empty_netgroup1", ["(host1,user1,domain1)"]) ent_list.add_netgroup("rm_empty_netgroup2", ["(host2,user2,domain2)"], ["rm_empty_netgroup1"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return ent_list
def add_user_with_ssh_key(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001, sshPubKey=(USER1_PUBKEY1, USER1_PUBKEY2)) ent_list.add_user("user2", 1002, 2001) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def user_and_group_rfc2307(request, ldap_conn): """ Create an RFC2307 directory fixture with interactive SSSD conf, one user and one group """ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user", 1001, 2000) ent_list.add_group("group", 2001) create_ldap_fixture(request, ldap_conn, ent_list) create_conf_fixture(request, format_interactive_conf(ldap_conn, SCHEMA_RFC2307)) create_sssd_fixture(request) return None
def add_common_rules(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user1", 1001, 2001) ent_list.add_user("user2", 1001, 2001) ent_list.add_sudo_rule("user1_allow_less_shadow", users=("user1", ), hosts=("ALL", ), commands=("/usr/bin/less /etc/shadow", "/bin/ls")) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def add_tripled_netgroup(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_netgroup("tripled_netgroup", ["(host,user,domain)"]) ent_list.add_netgroup("adv_tripled_netgroup", ["(host1,user1,domain1)", "(host2,user2,domain2)"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def add_nets(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_ipnet("net1", "192.168.1.1", aliases=["net1_alias1", "net1_alias2"]) ent_list.add_ipnet("net2", "10.2.2.2", aliases=["net2_alias1", "net2_alias2"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def removing_nested_netgroups(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_netgroup("t2841_netgroup1", ["(host1,user1,domain1)"]) ent_list.add_netgroup("t2841_netgroup2", ["(host2,user2,domain2)"]) ent_list.add_netgroup("t2841_netgroup3", members=["t2841_netgroup1", "t2841_netgroup2"]) create_ldap_fixture(request, ldap_conn, ent_list) conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) create_conf_fixture(request, conf) create_sssd_fixture(request) return None
def override_shell(request, ldap_conn): ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) ent_list.add_user("user_with_shell_A", 1001, 2001, loginShell="/bin/A") ent_list.add_user("user_with_shell_B", 1002, 2002, loginShell="/bin/B") ent_list.add_user("user_with_empty_shell", 1003, 2003, loginShell="") create_ldap_fixture(request, ldap_conn, ent_list) conf = \ format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \ unindent("""\ [nss] override_shell = /bin/B """).format(**locals()) create_conf_fixture(request, conf) create_sssd_fixture(request)