def test_healthcheck_non_replicated_suffixes(topology_m2):
"""Check if backend lint function unexpectedly throws exception
:id: f922edf8-c527-4802-9f42-0b75bf97098a
:setup: 2 MMR topology
:steps:
1. Create a new suffix: cn=changelog
2. Call healthcheck (there should not be any exceptions raised)
:expectedresults:
1. Success
2. Success
"""
inst = topology_m2.ms['master1']
# Create second suffix
backends = Backends(inst)
backends.create(properties={'nsslapd-suffix': "cn=changelog",
'name': 'changelog'})
# Call healthcheck
args = FakeArgs()
args.instance = inst.serverid
args.verbose = inst.verbose
args.list_errors = False
args.list_checks = False
args.check = ['backends']
args.dry_run = False
args.json = False
health_check_run(inst, topology_m2.logcap.log, args)
def test_list(topology_st):
"""Test basic list method functionality
:id: 084c0937-0b39-4e89-8561-081ae2b144c6
:setup: Standalone instance
:steps:
1. List all backends
2. Create a backend
3. List all backends
4. Create one more backend
5. List all backends
6. Clean up the created backends
:expectedresults:
1. Operation should be successful
2. Backend should be created
3. Created backend should be listed
4. Backend should be created
5. Created backend should be listed
6. Operation should be successful
"""
backends = Backends(topology_st.standalone)
ents = backends.list()
nb_backend = len(ents)
for ent in ents:
topology_st.standalone.log.info("List(%d): backend %s" %
(nb_backend, ent.dn))
log.info("Create a first backend and check list all backends")
b1 = backends.create(properties={
'cn': BACKEND_NAME_1,
'nsslapd-suffix': NEW_SUFFIX_1_RDN
})
ents = backends.list()
for ent in ents:
topology_st.standalone.log.info("List(%d): backend %s" %
(nb_backend + 1, ent.dn))
assert len(ents) == (nb_backend + 1)
log.info("Create a second backend and check list all backends")
b2 = backends.create(properties={
'cn': BACKEND_NAME_2,
'nsslapd-suffix': NEW_SUFFIX_2_RDN
})
ents = backends.list()
for ent in ents:
topology_st.standalone.log.info("List(%d): backend %s" %
(nb_backend + 2, ent.dn))
assert len(ents) == (nb_backend + 2)
log.info("Just make it clean in the end")
b1.delete()
b2.delete()
def new_suffixes(topo):
"""Create new suffix, backend and mapping tree"""
for num in range(1, 4):
backends = Backends(topo.ins["standalone{}".format(num)])
backends.create(properties={
BACKEND_SUFFIX: NEW_SUFFIX,
BACKEND_NAME: NEW_BACKEND
})
domain = Domain(topo.ins["standalone{}".format(num)], NEW_SUFFIX)
domain.create(properties={'dc': 'test', 'description': NEW_SUFFIX})
def test_healthcheck_unable_to_query_backend(topology_st):
"""Check if HealthCheck returns DSBLE0002 code
:id: 716b1ff1-94bd-4780-98b8-96ff8ef21e30
:setup: Standalone instance
:steps:
1. Create DS instance
2. Create a new root suffix and database
3. Disable new suffix
4. Use HealthCheck without --json option
5. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Success
4. HealthCheck should return code DSBLE0002
5. HealthCheck should return code DSBLE0002
"""
RET_CODE = 'DSBLE0002'
NEW_SUFFIX = 'dc=test,dc=com'
NEW_BACKEND = 'userData'
standalone = topology_st.standalone
log.info('Create new suffix')
backends = Backends(standalone)
backends.create(properties={
'cn': NEW_BACKEND,
'nsslapd-suffix': NEW_SUFFIX,
})
log.info('Disable the newly created suffix')
mts = MappingTrees(standalone)
mt_new = mts.get(NEW_SUFFIX)
mt_new.replace('nsslapd-state', 'disabled')
run_healthcheck_and_flush_log(topology_st,
standalone,
RET_CODE,
json=False)
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
log.info('Enable the suffix again and check if nothing is broken')
mt_new.replace('nsslapd-state', 'backend')
run_healthcheck_and_flush_log(topology_st,
standalone,
RET_CODE,
json=False)
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=True)
def _create_schema(request, topo):
Schema(topo.standalone).\
add('attributetypes',
["( NAME 'testUserAccountControl' DESC 'Attribute Bitwise filteri-Multi-Valued'"
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
"( NAME 'testUserStatus' DESC 'State of User account active/disabled'"
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )"])
Schema(topo.standalone).\
add('objectClasses', "( NAME 'testperson' SUP top STRUCTURAL MUST "
"( sn $ cn $ testUserAccountControl $ "
"testUserStatus )MAY( userPassword $ telephoneNumber $ "
"seeAlso $ description ) X-ORIGIN 'BitWise' )")
# Creating Backend
backends = Backends(topo.standalone)
backend = backends.create(properties={
'nsslapd-suffix': SUFFIX,
'cn': 'AnujRoot'
})
# Creating suffix
suffix = Domain(topo.standalone, SUFFIX).create(properties={'dc': 'anuj'})
# Creating users
users = UserAccounts(topo.standalone, suffix.dn, rdn=None)
for user in [('btestuser1', ['514'], ['Disabled'], 100),
('btestuser2', ['65536'], ['PasswordNeverExpired'], 101),
('btestuser3', ['8388608'], ['PasswordExpired'], 102),
('btestuser4', ['256'], ['TempDuplicateAccount'], 103),
('btestuser5', ['16777216'], ['TrustedAuthDelegation'], 104),
('btestuser6', ['528'], ['AccountLocked'], 105),
('btestuser7', ['513'], ['AccountActive'], 106),
('btestuser11', ['655236'], ['TestStatus1'], 107),
('btestuser12', ['665522'], ['TestStatus2'], 108),
('btestuser13', ['266552'], ['TestStatus3'], 109),
('btestuser8', ['98536', '99512', '99528'],
['AccountActive', 'PasswordExxpired', 'AccountLocked'], 110),
('btestuser9', [
'87536',
'912',
], [
'AccountActive',
'PasswordNeverExpired',
], 111),
('btestuser10', ['89536', '97546', '96579'],
['TestVerify1', 'TestVerify2', 'TestVerify3'], 112)]:
CreateUsers(users, user[0], user[1], user[2], user[3]).user_create()
def fin():
"""
Deletes entries after the test.
"""
for user in users.list():
user.delete()
suffix.delete()
backend.delete()
request.addfinalizer(fin)
def test_del_suffix_backend(topo):
"""Adding a database entry fails if the same database was deleted after an import
:id: ac702c35-74b6-434e-8e30-316433f3e91a
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add entries
2. Stop the server and do online import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Restart the server and check the status
:expectedresults: Adding database with the same name should be successful and the server should not hang
"""
log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX2,
TEST_BACKEND2))
backends = Backends(topo.standalone)
backend = backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX2,
'name': TEST_BACKEND2
})
log.info('Create LDIF file and import it')
ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(ldif_dir, 'suffix_del2.ldif')
dbgen(topo.standalone, 10, ldif_file, TEST_SUFFIX2)
topo.standalone.tasks.importLDIF(suffix=TEST_SUFFIX2,
input_file=ldif_file,
args={TASK_WAIT: True})
log.info('Deleting suffix-{}'.format(TEST_SUFFIX2))
backend.delete()
log.info(
'Adding the same database-{} after deleting it'.format(TEST_BACKEND2))
backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX2,
'name': TEST_BACKEND2
})
log.info(
'Checking if server can be restarted after re-adding the same database'
)
topo.standalone.restart()
assert not topo.standalone.detectDisorderlyShutdown()
def test_del_suffix_import(topo):
"""Adding a database entry fails if the same database was deleted after an import
:id: 652421ef-738b-47ed-80ec-2ceece6b5d77
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add few entries
2. Stop the server and do offline import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Check if adding the same database name is a success
:expectedresults: Adding database with the same name should be successful
"""
log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX1,
TEST_BACKEND1))
backends = Backends(topo.standalone)
backend = backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX1,
'name': TEST_BACKEND1
})
log.info('Create LDIF file and import it')
ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(ldif_dir, 'suffix_del1.ldif')
dbgen(topo.standalone, 10, ldif_file, TEST_SUFFIX1)
log.info('Stopping the server and running offline import')
topo.standalone.stop()
assert topo.standalone.ldif2db(TEST_BACKEND1, TEST_SUFFIX1, None, None,
ldif_file)
topo.standalone.start()
log.info('Deleting suffix-{}'.format(TEST_SUFFIX2))
backend.delete()
log.info(
'Adding the same database-{} after deleting it'.format(TEST_BACKEND1))
backends.create(properties={
'nsslapd-suffix': TEST_SUFFIX1,
'name': TEST_BACKEND1
})
def test_import_be_default(topo):
""" Create a backend using the name "default". previously this name was
used int
:id: 8e507beb-e917-4330-8cac-1ff0eee10508
:feature: Import
:setup: Standalone instance
:steps:
1. Create a test suffix using the be name of "default"
2. Create an ldif for the "default" backend
3. Import ldif
4. Verify all entries were imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
log.info('Adding suffix:{} and backend: {}...'.format(
TEST_DEFAULT_SUFFIX, TEST_DEFAULT_NAME))
backends = Backends(topo.standalone)
backends.create(properties={
'nsslapd-suffix': TEST_DEFAULT_SUFFIX,
'name': TEST_DEFAULT_NAME
})
log.info('Create LDIF file and import it...')
ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(ldif_dir, 'default.ldif')
dbgen(topo.standalone, 5, ldif_file, TEST_DEFAULT_SUFFIX)
log.info('Stopping the server and running offline import...')
topo.standalone.stop()
assert topo.standalone.ldif2db(TEST_DEFAULT_NAME, None, None, None,
ldif_file)
topo.standalone.start()
log.info('Verifying entry count after import...')
entries = topo.standalone.search_s(TEST_DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE,
"(objectclass=*)")
assert len(entries) > 1
log.info('Test PASSED')
def new_suffixes(topology_st):
"""Add two suffixes with backends, one is a parent
of the another
"""
log.info('Adding suffix:{} and backend: {}'.format(NEW_SUFFIX_1,
NEW_BACKEND_1))
bes = Backends(topology_st.standalone)
be_1 = bes.create(properties={
'cn': 'NEW_BACKEND_1',
'nsslapd-suffix': NEW_SUFFIX_1,
})
# Create the root objects with their ACI
log.info('Adding ACI to allow our test user to search')
ACI_TARGET = '(targetattr != "userPassword || aci")'
ACI_ALLOW = '(version 3.0; acl "Enable anonymous access";allow (read, search, compare)'
ACI_SUBJECT = '(userdn = "ldap:///anyone");)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
o_1 = Organisation(topology_st.standalone, NEW_SUFFIX_1)
o_1.create(properties={
'o': NEW_SUFFIX_1_NAME,
'aci': ACI_BODY,
})
log.info('Adding suffix:{} and backend: {}'.format(NEW_SUFFIX_2,
NEW_BACKEND_2))
be_2 = bes.create(properties={
'cn': 'NEW_BACKEND_2',
'nsslapd-suffix': NEW_SUFFIX_2,
})
# We have to adjust the MT to say that BE_1 is a parent.
mt = be_2.get_mapping_tree()
mt.set_parent(NEW_SUFFIX_1)
ou_2 = OrganisationalUnit(topology_st.standalone, NEW_SUFFIX_2)
ou_2.create(properties={'ou': NEW_SUFFIX_2_NAME})
def assert_data_present(inst):
# Do we have the backend marker?
d = Domain(inst, DEFAULT_SUFFIX)
try:
desc = d.get_attr_val_utf8('description')
if desc == TEST_MARKER:
return
except:
# Just reset everything.
pass
# Reset the backends
bes = Backends(inst)
try:
be = bes.get(DEFAULT_SUFFIX)
be.delete()
except:
pass
be = bes.create(properties={
'nsslapd-suffix': DEFAULT_SUFFIX,
'cn': 'userRoot',
})
be.create_sample_entries('001004002')
# Load our data
# We can't use dbgen as that relies on local access :(
# Add 40,000 groups
groups = Groups(inst, DEFAULT_SUFFIX)
for i in range(1, GROUP_MAX):
rdn = 'group_{0:07d}'.format(i)
groups.create(properties={
'cn': rdn,
})
# Add 60,000 users
users = nsUserAccounts(inst, DEFAULT_SUFFIX)
for i in range(1, USER_MAX):
rdn = 'user_{0:07d}'.format(i)
users.create(
properties={
'uid': rdn,
'cn': rdn,
'displayName': rdn,
'uidNumber': '%s' % i,
'gidNumber': '%s' % i,
'homeDirectory': '/home/%s' % rdn,
'userPassword': rdn,
})
# Add the marker
d.replace('description', TEST_MARKER)
def backend(topology_st, request):
"""Create and remove a backend"""
log.info('Create a backend')
backends = Backends(topology_st.standalone)
backend = backends.create(properties={'nsslapd-suffix': NEW_SUFFIX_1_RDN,
'cn': BACKEND_NAME_1})
def fin():
log.info("Just make it clean in the end")
if backend.exists():
backend.delete()
request.addfinalizer(fin)
return backend
def test_defaultnamingcontext_1(topo):
"""This test case should be part of function test_defaultnamingcontext
Please move it back after we have a fix for bug 1610234
"""
log.info("Remove the original suffix which is currently nsslapd-defaultnamingcontext"
"and check nsslapd-defaultnamingcontext become empty.")
""" Please remove these declarations after moving the test
to function test_defaultnamingcontext
"""
backends = Backends(topo.standalone)
test_db2 = 'test2_db'
test_suffix2 = 'dc=test2,dc=com'
b2 = backends.create(properties={'cn': test_db2,
'nsslapd-suffix': test_suffix2})
b2.delete()
assert topo.standalone.config.get_attr_val_utf8('nsslapd-defaultnamingcontext') == ' '
def _create_entries(request, topo):
"""
Will create necessary users for this script.
"""
# Creating Backend
backends = Backends(topo.standalone)
backend = backends.create(properties={'nsslapd-suffix': SUFFIX, 'cn': 'AnujRoot'})
# Creating suffix
suffix = Domain(topo.standalone, SUFFIX).create(properties={'dc': 'anuj'})
# Add ACI
domain = Domain(topo.standalone, SUFFIX)
domain.add("aci", f'(targetattr!="userPassword")(version 3.0; acl '
f'"Enable anonymous access";allow (read, search, compare) userdn="ldap:///anyone";)')
# Creating Users
users = UserAccounts(topo.standalone, suffix.dn, rdn=None)
for user in ['scarter',
'dmiller',
'jwallace',
'rdaugherty',
'tmason',
'bjablons',
'bhal2',
'lulrich',
'fmcdonnagh',
'prigden',
'mlott',
'tpierce',
'brentz',
'ekohler',
'tschneid',
'falbers',
'jburrell',
'calexand',
'phunt',
'rulrich',
'awhite',
'jjensen',
'dward',
'plorig',
'mreuter',
'dswain',
'jvedder',
'jlutz',
'tcouzens',
'kcope',
'mvaughan',
'dcope',
'ttully',
'drose',
'jvaughan',
'brigden',
'rjense2',
'bparker',
'cnewport']:
users.create(properties={
'mail': f'{user}@redhat.com',
'uid': user,
'givenName': user.title(),
'cn': f'bit {user}',
'sn': user.title(),
'manager': f'uid={user},{SUFFIX}',
'userpassword': PW_DM,
'homeDirectory': '/home/' + user,
'uidNumber': '1000',
'gidNumber': '2000',
})
def fin():
"""
Deletes entries after the test.
"""
for user in users.list():
user.delete()
suffix.delete()
backend.delete()
request.addfinalizer(fin)
def test_defaultnamingcontext(topo):
"""Tests configuration attribute defaultNamingContext in the rootdse
:id: de9a21d3-00f9-4c6d-bb40-56aa1ba36578
:setup: Standalone instance
:steps:
1. Check the attribute nsslapd-defaultnamingcontext is present in cn=config
2. Delete nsslapd-defaultnamingcontext attribute
3. Add new valid Suffix and modify nsslapd-defaultnamingcontext with new suffix
4. Add new invalid value at runtime to nsslapd-defaultnamingcontext
5. Modify nsslapd-defaultnamingcontext with blank value
6. Add new suffix when nsslapd-defaultnamingcontext is empty
7. Check the value of the nsslapd-defaultnamingcontext automatically have the new suffix
8. Adding new suffix when nsslapd-defaultnamingcontext is not empty
9. Check the value of the nsslapd-defaultnamingcontext has not changed
10. Remove the newly added suffix and check the values of the attribute is not changed
11. Remove the original suffix which is currently nsslapd-defaultnamingcontext
12. Check nsslapd-defaultnamingcontext become empty.
:expectedresults:
1. This should be successful
2. It should give 'server unwilling to perform' error
3. It should be successful
4. It should give 'no such object' error
5. It should be successful
6. Add should be successful
7. nsslapd-defaultnamingcontext should have new suffix
8. Add should be successful
9. defaultnamingcontext should not change
10. Remove should be successful and defaultnamingcontext should not change
11. Removal should be successful
12. nsslapd-defaultnamingcontext should be empty
"""
backends = Backends(topo.standalone)
test_suffix1 = 'dc=test1,dc=com'
test_db1 = 'test1_db'
test_suffix2 = 'dc=test2,dc=com'
test_db2 = 'test2_db'
test_suffix3 = 'dc=test3,dc=com'
test_db3 = 'test3_db'
log.info("Check the attribute nsslapd-defaultnamingcontext is present in cn=config")
assert topo.standalone.config.present('nsslapd-defaultnamingcontext')
log.info("Delete nsslapd-defaultnamingcontext attribute")
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
topo.standalone.config.remove_all('nsslapd-defaultnamingcontext')
b1 = backends.create(properties={'cn': test_db1,
'nsslapd-suffix': test_suffix1})
log.info("modify nsslapd-defaultnamingcontext with new suffix")
topo.standalone.config.replace('nsslapd-defaultnamingcontext', test_suffix1)
log.info("Add new invalid value at runtime to nsslapd-defaultnamingcontext")
with pytest.raises(ldap.NO_SUCH_OBJECT):
topo.standalone.config.replace('nsslapd-defaultnamingcontext', 'some_invalid_value')
log.info("Modify nsslapd-defaultnamingcontext with blank value")
topo.standalone.config.replace('nsslapd-defaultnamingcontext', ' ')
log.info("Add new suffix when nsslapd-defaultnamingcontext is empty")
b2 = backends.create(properties={'cn': test_db2,
'nsslapd-suffix': test_suffix2})
log.info("Check the value of the nsslapd-defaultnamingcontext automatically have the new suffix")
assert topo.standalone.config.get_attr_val_utf8('nsslapd-defaultnamingcontext') == test_suffix2
log.info("Adding new suffix when nsslapd-defaultnamingcontext is not empty")
b3 = backends.create(properties={'cn': test_db3,
'nsslapd-suffix': test_suffix3})
log.info("Check the value of the nsslapd-defaultnamingcontext has not changed")
assert topo.standalone.config.get_attr_val_utf8('nsslapd-defaultnamingcontext') == test_suffix2
log.info("Remove the newly added suffix and check the values of the attribute is not changed")
b3.delete()
assert topo.standalone.config.get_attr_val_utf8('nsslapd-defaultnamingcontext') == test_suffix2
log.info("Remove all the suffix at the end")
b1.delete()
b2.delete()
def test_exhaust_db_locks_basic(topology_st_fn, setup_attruniq_index_be_import,
lock_threshold):
"""Test that when all of the locks are exhausted the instance still working
and database is not corrupted
:id: 299108cc-04d8-4ddc-b58e-99157fccd643
:customerscenario: True
:parametrized: yes
:setup: Standalone instance with Attr Uniq plugin and user indexes disabled
:steps: 1. Set nsslapd-db-locks to 11000
2. Check that we stop acquiring new locks when the threshold is reached
3. Check that we can regulate a pause interval for DB locks monitoring thread
4. Make sure the feature works for different backends on the same suffix
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
inst = topology_st_fn.standalone
ADDITIONAL_SUFFIX = 'ou=newpeople,dc=example,dc=com'
backends = Backends(inst)
backends.create(properties={
'nsslapd-suffix': ADDITIONAL_SUFFIX,
'name': ADDITIONAL_SUFFIX[-3:]
})
ous = OrganizationalUnits(inst, DEFAULT_SUFFIX)
ous.create(properties={'ou': 'newpeople'})
bdb_config = BDB_LDBMConfig(inst)
bdb_config.replace("nsslapd-db-locks", "11000")
# Restart server
inst.restart()
for lock_enabled in ["on", "off"]:
for lock_pause in ["100", "500", "1000"]:
bdb_config.replace("nsslapd-db-locks-monitoring-enabled",
lock_enabled)
bdb_config.replace("nsslapd-db-locks-monitoring-threshold",
lock_threshold)
bdb_config.replace("nsslapd-db-locks-monitoring-pause", lock_pause)
inst.restart()
if lock_enabled == "off":
raised_exception = (RuntimeError, ldap.SERVER_DOWN)
else:
raised_exception = ldap.OPERATIONS_ERROR
users = UserAccounts(inst, DEFAULT_SUFFIX)
with pytest.raises(raised_exception):
spawn_worker_thread(
create_user_wrapper, users, log, 30,
f"Adding user with monitoring enabled='{lock_enabled}'; "
f"threshold='{lock_threshold}'; pause='{lock_pause}'.")
# Restart because we already run out of locks and the next unindexed searches will fail eventually
if lock_enabled == "off":
_kill_ns_slapd(inst)
inst.restart()
users = UserAccounts(inst, ADDITIONAL_SUFFIX, rdn=None)
with pytest.raises(raised_exception):
spawn_worker_thread(
create_user_wrapper, users, log, 30,
f"Adding user with monitoring enabled='{lock_enabled}'; "
f"threshold='{lock_threshold}'; pause='{lock_pause}'.")
# In case feature is disabled - restart for the clean up
if lock_enabled == "off":
_kill_ns_slapd(inst)
inst.restart()
def apply(self, inst):
bes = Backends(inst)
be = bes.create(properties={
'cn': self.uuid,
'nsslapd-suffix': self.suffix,
})
def test_be_delete(topo):
"""Test that we can delete a backend that contains replication
configuration and encrypted attributes. The default naming
context should also be updated to reflect the next available suffix
:id: 5208f897-7c95-4925-bad0-9ceb95fee678
:setup: Master Instance
:steps:
1. Create second backend/suffix
2. Add an encrypted attribute to the default suffix
3. Delete default suffix
4. Check the nsslapd-defaultnamingcontext is updated
5. Delete the last backend
6. Check the namingcontext has not changed
7. Add new backend
8. Set default naming context
9. Verify the naming context is correct
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""
inst = topo.ms["master1"]
# Create second suffix
backends = Backends(inst)
default_backend = backends.get(DEFAULT_SUFFIX)
new_backend = backends.create(properties={
'nsslapd-suffix': SECOND_SUFFIX,
'name': 'namingRoot'
})
# Add encrypted attribute entry under default suffix
encrypt_attrs = EncryptedAttrs(inst,
basedn='cn=encrypted attributes,{}'.format(
default_backend.dn))
encrypt_attrs.create(properties={
'cn': 'employeeNumber',
'nsEncryptionAlgorithm': 'AES'
})
# Delete default suffix
default_backend.delete()
# Check that the default naming context is set to the new/second suffix
default_naming_ctx = inst.config.get_attr_val_utf8(
'nsslapd-defaultnamingcontext')
assert default_naming_ctx == SECOND_SUFFIX
# delete new backend, but the naming context should not change
new_backend.delete()
# Check that the default naming context is still set to the new/second suffix
default_naming_ctx = inst.config.get_attr_val_utf8(
'nsslapd-defaultnamingcontext')
assert default_naming_ctx == SECOND_SUFFIX
# Add new backend
new_backend = backends.create(properties={
'nsslapd-suffix': THIRD_SUFFIX,
'name': 'namingRoot2'
})
# manaully set naming context
inst.config.set('nsslapd-defaultnamingcontext', THIRD_SUFFIX)
# Verify naming context is correct
default_naming_ctx = inst.config.get_attr_val_utf8(
'nsslapd-defaultnamingcontext')
assert default_naming_ctx == THIRD_SUFFIX
def test_attr_encryption_backends(topo, enable_user_attr_encryption):
"""Tests Configuration of attribute encryption for single backend
where more backends are present
:id: f3ef40e1-17d6-44d8-a3a4-4a25a57e9064
:setup: Standalone instance
SSL Enabled
:steps:
1. Add two test backends
2. Configure attribute encryption for telephoneNumber in one test backend
3. Add a test user in both backends with telephoneNumber
4. Export ldif from both test backends
5. Check that telephoneNumber is encrypted in the ldif file of db1
6. Check that telephoneNumber is not encrypted in the ldif file of db2
7. Delete both test backends
:expectedresults:
1. This should be successful
2. This should be successful
3. This should be successful
4. This should be successful
5. This should be successful
6. This should be successful
7. This should be successful
"""
log.info("Add two test backends")
test_suffix1 = 'dc=test1,dc=com'
test_db1 = 'test_db1'
test_suffix2 = 'dc=test2,dc=com'
test_db2 = 'test_db2'
# Create backends
backends = Backends(topo.standalone)
test_backend1 = backends.create(properties={'cn': test_db1,
'nsslapd-suffix': test_suffix1})
test_backend2 = backends.create(properties={'cn': test_db2,
'nsslapd-suffix': test_suffix2})
# Create the top of the tree
suffix1 = Domain(topo.standalone, test_suffix1)
test1 = suffix1.create(properties={'dc': 'test1'})
suffix2 = Domain(topo.standalone, test_suffix2)
test2 = suffix2.create(properties={'dc': 'test2'})
log.info("Enables attribute encryption for telephoneNumber in test_backend1")
backend1_encrypt_attrs = EncryptedAttrs(topo.standalone, basedn='cn=encrypted attributes,{}'.format(test_backend1.dn))
b1_encrypt = backend1_encrypt_attrs.create(properties={'cn': 'telephoneNumber',
'nsEncryptionAlgorithm': 'AES'})
log.info("Add a test user with telephoneNumber in both backends")
users = UserAccounts(topo.standalone, test1.dn, None)
test_user = users.create(properties=TEST_USER_PROPERTIES)
test_user.replace('telephoneNumber', '1234567890')
users = UserAccounts(topo.standalone, test2.dn, None)
test_user = users.create(properties=TEST_USER_PROPERTIES)
test_user.replace('telephoneNumber', '1234567890')
log.info("Export data as ciphertext from both backends")
export_db1 = os.path.join(topo.standalone.ds_paths.ldif_dir, "export_db1.ldif")
export_db2 = os.path.join(topo.standalone.ds_paths.ldif_dir, "export_db2.ldif")
# Offline export
topo.standalone.stop()
if not topo.standalone.db2ldif(bename=test_db1, suffixes=(test_suffix1,),
excludeSuffixes=None, encrypt=False, repl_data=None, outputfile=export_db1):
log.fatal('Failed to run offline db2ldif')
assert False
if not topo.standalone.db2ldif(bename=test_db2, suffixes=(test_suffix2,),
excludeSuffixes=None, encrypt=False, repl_data=None, outputfile=export_db2):
log.fatal('Failed to run offline db2ldif')
assert False
topo.standalone.start()
log.info("Check that the attribute is present in the exported file in db1")
log.info("Check that the encrypted value of attribute is not present in the exported file in db1")
with open(export_db1, 'r') as ldif_file:
ldif = ldif_file.read()
assert 'telephoneNumber' in ldif
assert 'telephoneNumber: 1234567890' not in ldif
log.info("Check that the attribute is present in the exported file in db2")
log.info("Check that the value of attribute is also present in the exported file in db2")
with open(export_db2, 'r') as ldif_file:
ldif = ldif_file.read()
assert 'telephoneNumber' in ldif
assert 'telephoneNumber: 1234567890' in ldif
log.info("Delete test backends")
test_backend1.delete()
test_backend2.delete()
def test_create(topology_st):
"""Test basic list method functionality
:id: df55a60b-f4dd-4f18-975d-4b223e63091f
:setup: Standalone instance
:steps:
2. Create a backend specifying properties with a name and a suffix
2. Create a backend specifying no properties
3. Create a backend specifying suffix that already exist
4. Create a backend specifying existing backend name but new suffix
5. Create a backend specifying no backend name
6. Create a backend specifying no backend suffix
7. Clean up the created backend
:expectedresults:
1. Backend should be created
2. Unwilling to perform error should be raised
3. Unwilling to perform error should be raised
4. Unwilling to perform error should be raised
5. Unwilling to perform error should be raised
6. Unwilling to perform error should be raised
7. Operation should be successful
"""
backends = Backends(topology_st.standalone)
log.info("Create a backend")
backend = backends.create(properties={
'cn': BACKEND_NAME_1,
'nsslapd-suffix': NEW_SUFFIX_1_RDN
})
log.info("Check behaviour with missing properties")
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
backends.create()
log.info("Check behaviour with already existing backend for that suffix")
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
backends.create(properties={
'cn': BACKEND_NAME_2,
'nsslapd-suffix': NEW_SUFFIX_1_RDN
})
log.info("Check behaviour with already existing backend nasme, "
"but new suffix")
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
backends.create(properties={
'cn': BACKEND_NAME_1,
'nsslapd-suffix': NEW_SUFFIX_2_RDN
})
log.info("Create a backend without BACKEND_NAME")
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
backends.create(properties={'nsslapd-suffix': NEW_SUFFIX_2_RDN})
ents = backends.list()
assert len(ents) == 1
log.info("Create a backend without BACKEND_SUFFIX")
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
backends.create(properties={'cn': BACKEND_NAME_1})
ents = backends.list()
assert len(ents) == 1
log.info("Just make it clean in the end")
backend.delete()
def test_large_ldif2db_ancestorid_index_creation(topo):
"""Import with ldif2db a large file - check that the ancestorid index creation phase has a correct performance
:id: fe7f78f6-6e60-425d-ad47-b39b67e29113
:setup: Standalone instance
:steps:
1. Delete the previous errors log to start from a fresh one
2. Create test suffix and backend
3. Create a large nested ldif file
4. Stop the server
5. Run an offline import
6. Restart the server
7. Check in the errors log that an independant ancestorid IDs sorting is done
8. Get the log of the starting of the ancestorid indexing process
9. Get the log of the end of the ancestorid indexing process
10. Get the start and end time for ancestorid index creation from these logs
11. Calculate the duration of the ancestorid indexing process
:expectedresults:
1. Success
2. Test suffix and backend successfully created
3. ldif file successfully created
4. Success
5. Import is successfully performed
6. Success
7. Log of ancestorid sorting start and end are present
8. Log of the beginning of gathering ancestorid is found
9. Log of the final ancestorid index creation is found
10. Start and end times are successfully extracted
11. The duration of the ancestorid index creation process should be less than 10s
"""
ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(topo.standalone.ds_paths.ldif_dir,
'large_nested.ldif')
# Have a reasonable balance between the need for a large ldif file to import and the time of test execution
# total number of users
num_users = 100000
# Choose a limited number of users per node to get as much as possible non-leaf entries
node_limit = 5
# top suffix
suffix = 'o=test'
# backend
backend = 'test'
log.info('Delete the previous errors logs')
topo.standalone.deleteErrorLogs()
log.info('Add suffix:{} and backend: {}...'.format(suffix, backend))
backends = Backends(topo.standalone)
backends.create(properties={'nsslapd-suffix': suffix, 'name': backend})
props = {'numUsers': num_users, 'nodeLimit': node_limit, 'suffix': suffix}
instance = topo.standalone
log.info('Create a large nested ldif file using dbgen : %s' % ldif_file)
dbgen_nested_ldif(instance, ldif_file, props)
log.info('Stop the server and run offline import...')
topo.standalone.stop()
assert topo.standalone.ldif2db(backend, None, None, None, ldif_file)
log.info('Starting the server')
topo.standalone.start()
log.info(
'parse the errors logs to check lines with "Starting sort of ancestorid" are present'
)
start_sort_str = str(
topo.standalone.ds_error_log.match(
r'.*Starting sort of ancestorid non-leaf IDs*'))[1:-1]
assert len(start_sort_str) > 0
log.info(
'parse the errors logs to check lines with "Finished sort of ancestorid" are present'
)
end_sort_str = str(
topo.standalone.ds_error_log.match(
r'.*Finished sort of ancestorid non-leaf IDs*'))[1:-1]
assert len(end_sort_str) > 0
log.info(
'parse the error logs for the line with "Gathering ancestorid non-leaf IDs"'
)
start_ancestorid_indexing_op_str = str(
topo.standalone.ds_error_log.match(
r'.*Gathering ancestorid non-leaf IDs*'))[1:-1]
assert len(start_ancestorid_indexing_op_str) > 0
log.info(
'parse the error logs for the line with "Created ancestorid index"')
end_ancestorid_indexing_op_str = str(
topo.standalone.ds_error_log.match(
r'.*Created ancestorid index*'))[1:-1]
assert len(end_ancestorid_indexing_op_str) > 0
log.info(
'get the ancestorid non-leaf IDs indexing start and end time from the collected strings'
)
# Collected lines look like : '[15/May/2020:05:30:27.245967313 -0400] - INFO - bdb_get_nonleaf_ids - import userRoot: Gathering ancestorid non-leaf IDs...'
# We are getting the sec.nanosec part of the date, '27.245967313' in the above example
start_time = (start_ancestorid_indexing_op_str.split()[0]).split(':')[3]
end_time = (end_ancestorid_indexing_op_str.split()[0]).split(':')[3]
log.info(
'Calculate the elapsed time for the ancestorid non-leaf IDs index creation'
)
etime = (Decimal(end_time) - Decimal(start_time))
# The time for the ancestorid index creation should be less than 10s for an offline import of an ldif file with 100000 entries / 5 entries per node
# Should be adjusted if these numbers are modified in the test
assert etime <= 10
