def lock(self):
"""Set the entry dn to nsDisabledRole and ensure it exists"""
current_status = self.status()
if current_status["state"] == RoleState.DIRECTLY_LOCKED:
raise ValueError(
f"Role is already {current_status['state'].describe()}")
inst = self._instance
mapping_trees = MappingTrees(inst)
root_suffix = ""
root_suffix = mapping_trees.get_root_suffix_by_entry(self.dn)
if root_suffix:
managed_roles = ManagedRoles(inst, root_suffix)
managed_role = managed_roles.ensure_state(
properties={"cn": "nsManagedDisabledRole"})
nested_roles = NestedRoles(inst, root_suffix)
try:
disabled_role = nested_roles.get("nsDisabledRole")
except ldap.NO_SUCH_OBJECT:
# We don't use "ensure_state" because we want to preserve the existing attributes
disabled_role = nested_roles.create(properties={
"cn": "nsDisabledRole",
"nsRoleDN": managed_role.dn
})
disabled_role.add("nsRoleDN", self.dn)
inact_containers = nsContainers(inst, basedn=root_suffix)
inact_container = inact_containers.ensure_state(
properties={'cn': 'nsAccountInactivationTmp'})
cos_templates = CosTemplates(inst, inact_container.dn)
cos_templates.ensure_state(
properties={
'cosPriority': '1',
'nsAccountLock': 'true',
'cn': f'{disabled_role.dn}'
})
cos_classic_defs = CosClassicDefinitions(inst, root_suffix)
cos_classic_defs.ensure_state(
properties={
'cosAttribute': 'nsAccountLock operational',
'cosSpecifier': 'nsRole',
'cosTemplateDn': inact_container.dn,
'cn': 'nsAccountInactivation_cos'
})
def status(self):
"""Check if role is locked in nsDisabledRole (directly or indirectly)
:returns: a dict
"""
inst = self._instance
disabled_roles = {}
try:
mapping_trees = MappingTrees(inst)
root_suffix = mapping_trees.get_root_suffix_by_entry(self.dn)
roles = Roles(inst, root_suffix)
disabled_roles = roles.get_disabled_roles()
nested_roles = NestedRoles(inst, root_suffix)
disabled_role = nested_roles.get("nsDisabledRole")
inact_containers = nsContainers(inst, basedn=root_suffix)
inact_container = inact_containers.get('nsAccountInactivationTmp')
cos_templates = CosTemplates(inst, inact_container.dn)
cos_template = cos_templates.get(f'{disabled_role.dn}')
cos_template.present('cosPriority', '1')
cos_template.present('nsAccountLock', 'true')
cos_classic_defs = CosClassicDefinitions(inst, root_suffix)
cos_classic_def = cos_classic_defs.get('nsAccountInactivation_cos')
cos_classic_def.present('cosAttribute',
'nsAccountLock operational')
cos_classic_def.present('cosTemplateDn', inact_container.dn)
cos_classic_def.present('cosSpecifier', 'nsRole')
except ldap.NO_SUCH_OBJECT:
return self._format_status_message(RoleState.PROBABLY_ACTIVATED)
for role, parent in disabled_roles.items():
if str.lower(self.dn) == str.lower(role.dn):
if parent is None:
return self._format_status_message(
RoleState.DIRECTLY_LOCKED)
else:
return self._format_status_message(
RoleState.INDIRECTLY_LOCKED, parent)
return self._format_status_message(RoleState.ACTIVATED)
def get_cos_classic_defs(self):
return CosClassicDefinitions(self._instance, self._dn).list()
def test_positive(topo):
"""
:id: ba6d5e9c-786b-11e8-860d-8c16451d917b
:setup: server
:steps:
1. Add filter role entry
2. Add ns container
3. Add cos template
4. Add CosClassic Definition
5. Cos entries should be added and searchable
6. employeeType attribute should be there in user entry as per the cos plugin property
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should success
5. Operation should success
6. Operation should success
"""
# Adding ns filter role
roles = FilterRoles(topo.standalone, DEFAULT_SUFFIX)
roles.create(properties={
'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'
})
# adding ns container
nsContainer(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties={'cn': 'cosTemplates'})
# creating cos template
properties = {
'employeeType':
'EngType',
'cn':
'"cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,dc=example,dc=com'
}
CosTemplate(topo.standalone, 'cn="cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# creating CosClassicDefinition
properties = {
'cosTemplateDn':
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(
DEFAULT_SUFFIX),
'cosAttribute':
'employeeType',
'cosSpecifier':
'nsrole',
'cn':
'cosClassicGenerateEmployeeTypeUsingnsrole'
}
CosClassicDefinition(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsrole,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# Adding User entry
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1'
}
user = UserAccount(topo.standalone,
'cn=enguser1,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
# Asserting Cos should be added and searchable
cosdef = CosClassicDefinitions(
topo.standalone,
DEFAULT_SUFFIX).get('cosClassicGenerateEmployeeTypeUsingnsrole')
assert cosdef.dn == 'cn=cosClassicGenerateEmployeeTypeUsingnsrole,dc=example,dc=com'
assert cosdef.get_attr_val_utf8(
'cn') == 'cosClassicGenerateEmployeeTypeUsingnsrole'
# CoS definition entry's cosSpecifier attribute specifies the employeeType attribute
assert user.present('employeeType')
def test_usandsconf_dbgen_cos_classic(topology_st, set_log_file_and_ldif):
"""Test ldifgen (formerly dbgen) tool to create a COS definition
:id: 8557f994-8a91-4f8a-86f6-9cb826a0b8f1
:setup: Standalone instance
:steps:
1. Create DS instance
2. Run ldifgen to generate ldif with classic COS definition
3. Import generated ldif to database
4. Check it was properly imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
LDAP_RESULT = 'adding new entry "cn=My_Postal_Def,ou=cos definitions,dc=example,dc=com"'
standalone = topology_st.standalone
args = FakeArgs()
args.type = 'classic'
args.NAME = 'My_Postal_Def'
args.parent = 'ou=cos definitions,dc=example,dc=com'
args.create_parent = True
args.cos_specifier = 'businessCategory'
args.cos_attr = ['postalcode', 'telephonenumber']
args.cos_template = 'cn=sales,cn=classicCoS,dc=example,dc=com'
args.ldif_file = ldif_file
content_list = [
'Generating LDIF with the following options:',
'NAME={}'.format(args.NAME), 'type={}'.format(args.type),
'parent={}'.format(args.parent), 'create-parent={}'.format(
args.create_parent), 'cos-specifier={}'.format(args.cos_specifier),
'cos-template={}'.format(args.cos_template),
'cos-attr={}'.format(args.cos_attr),
'ldif-file={}'.format(args.ldif_file), 'Writing LDIF',
'Successfully created LDIF file: {}'.format(args.ldif_file)
]
log.info('Run ldifgen to create COS definition ldif')
dbgen_create_cos_def(standalone, log, args)
log.info('Check if file exists')
assert os.path.exists(ldif_file)
check_value_in_log_and_reset(content_list)
# Groups, COS, Roles and modification ldifs are designed to be used by ldapmodify, not ldif2db
run_ldapmodify_from_file(standalone, ldif_file, LDAP_RESULT)
log.info('Check that COS definition is imported')
cos_def = CosClassicDefinitions(standalone, args.parent)
assert cos_def.exists(args.NAME)
new_cos = cos_def.get(args.NAME)
assert new_cos.present('cosTemplateDN', args.cos_template)
assert new_cos.present('cosSpecifier', args.cos_specifier)
assert new_cos.present('cosAttribute', args.cos_attr[0])
assert new_cos.present('cosAttribute', args.cos_attr[1])