def accpol_local(topology_st, accpol_global, request):
"""Configure Local account policy plugin for ou=people subtree and restart the server"""
log.info('Adding Local account policy plugin configuration entries')
try:
topology_st.standalone.config.set('passwordmaxage', '400')
accp = AccountPolicyConfig(topology_st.standalone, dn=ACCP_CONF)
accp.remove_all('accountInactivityLimit')
locl_conf = AccountPolicyConfig(topology_st.standalone, dn=LOCL_CONF)
locl_conf.create(properties={
'cn': 'AccountPolicy1',
'accountInactivityLimit': '10'
})
cos_template = CosTemplate(topology_st.standalone, dn=TEMPL_COS)
cos_template.create(properties={
'cn': 'TempltCoS',
'acctPolicySubentry': LOCL_CONF
})
cos_def = CosPointerDefinition(topology_st.standalone, dn=DEFIN_COS)
cos_def.create(
properties={
'cn': 'DefnCoS',
'cosTemplateDn': TEMPL_COS,
'cosAttribute':
'acctPolicySubentry default operational-default'
})
except ldap.LDAPError as e:
log.error('Failed to configure Local account policy plugin')
log.error('Failed to add entry {}, {}, {}:'.format(
LOCL_CONF, TEMPL_COS, DEFIN_COS))
raise e
topology_st.standalone.restart(timeout=10)
def fin():
log.info(
'Disabling Local accpolicy plugin and removing pwpolicy attrs')
try:
topology_st.standalone.plugins.disable(name=PLUGIN_ACCT_POLICY)
for entry_dn in [LOCL_CONF, TEMPL_COS, DEFIN_COS]:
entry = UserAccount(topology_st.standalone, dn=entry_dn)
entry.delete()
except ldap.LDAPError as e:
log.error('Failed to disable Local accpolicy plugin, {}'.format(
e.message['desc']))
assert False
topology_st.standalone.restart(timeout=10)
request.addfinalizer(fin)
def test_positive(topo):
"""
:id: ba6d5e9c-786b-11e8-860d-8c16451d917b
:setup: server
:steps:
1. Add filter role entry
2. Add ns container
3. Add cos template
4. Add CosClassic Definition
5. Cos entries should be added and searchable
6. employeeType attribute should be there in user entry as per the cos plugin property
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should success
5. Operation should success
6. Operation should success
"""
# Adding ns filter role
roles = FilterRoles(topo.standalone, DEFAULT_SUFFIX)
roles.create(properties={
'cn': 'FILTERROLEENGROLE',
'nsRoleFilter': 'cn=eng*'
})
# adding ns container
nsContainer(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties={'cn': 'cosTemplates'})
# creating cos template
properties = {
'employeeType':
'EngType',
'cn':
'"cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,dc=example,dc=com'
}
CosTemplate(topo.standalone, 'cn="cn=filterRoleEngRole,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# creating CosClassicDefinition
properties = {
'cosTemplateDn':
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,{}'.format(
DEFAULT_SUFFIX),
'cosAttribute':
'employeeType',
'cosSpecifier':
'nsrole',
'cn':
'cosClassicGenerateEmployeeTypeUsingnsrole'
}
CosClassicDefinition(topo.standalone,'cn=cosClassicGenerateEmployeeTypeUsingnsrole,{}'.format(DEFAULT_SUFFIX))\
.create(properties=properties)
# Adding User entry
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1'
}
user = UserAccount(topo.standalone,
'cn=enguser1,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
# Asserting Cos should be added and searchable
cosdef = CosClassicDefinitions(
topo.standalone,
DEFAULT_SUFFIX).get('cosClassicGenerateEmployeeTypeUsingnsrole')
assert cosdef.dn == 'cn=cosClassicGenerateEmployeeTypeUsingnsrole,dc=example,dc=com'
assert cosdef.get_attr_val_utf8(
'cn') == 'cosClassicGenerateEmployeeTypeUsingnsrole'
# CoS definition entry's cosSpecifier attribute specifies the employeeType attribute
assert user.present('employeeType')
def _add_user(request, topo):
org = Organization(topo.standalone).create(properties={"o": "acivattr"}, basedn=DEFAULT_SUFFIX)
org.add('aci', '(targetattr="*")(targetfilter="(nsrole=*)")(version 3.0; aci "tester"; '
'allow(all) userdn="ldap:///cn=enguser1,ou=eng,o=acivattr,{}";)'.format(DEFAULT_SUFFIX))
ou = OrganizationalUnit(topo.standalone, "ou=eng,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'eng'})
ou = OrganizationalUnit(topo.standalone, "ou=sales,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'sales'})
roles = FilteredRoles(topo.standalone, DNBASE)
roles.create(properties={'cn':'FILTERROLEENGROLE', 'nsRoleFilter':'cn=eng*'})
roles.create(properties={'cn': 'FILTERROLESALESROLE', 'nsRoleFilter': 'cn=sales*'})
nsContainer(topo.standalone,
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(
properties={'cn': 'cosTemplates'})
properties = {'employeeType': 'EngType', 'cn':'"cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com'}
CosTemplate(topo.standalone,'cn="cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX)).\
create(properties=properties)
properties = {'employeeType': 'SalesType', 'cn': '"cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com'}
CosTemplate(topo.standalone,
'cn="cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,'
'o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(properties=properties)
properties = {
'cosTemplateDn': 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX),
'cosAttribute': 'employeeType', 'cosSpecifier': 'nsrole', 'cn': 'cosClassicGenerateEmployeeTypeUsingnsrole'}
CosClassicDefinition(topo.standalone,
'cn=cosClassicGenerateEmployeeTypeUsingnsrole,o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(
properties=properties)
properties = {
'uid': 'salesuser1',
'cn': 'salesuser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesuser1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=salesuser1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'salesmanager1',
'cn': 'salesmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesmanager1',
'userPassword': PW_DM,
}
user = UserAccount(topo.standalone, 'cn=salesmanager1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=enguser1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'engmanager1',
'cn': 'engmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'engmanager1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=engmanager1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
def fin():
for DN in [ENG_USER,SALES_UESER,ENG_MANAGER,SALES_MANAGER,FILTERROLESALESROLE,FILTERROLEENGROLE,ENG_OU,SALES_OU,
'cn="cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com',
'cn="cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX), 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX),
'cn=cosClassicGenerateEmployeeTypeUsingnsrole,o=acivattr,{}'.format(DEFAULT_SUFFIX), DNBASE]:
UserAccount(topo.standalone, DN).delete()
request.addfinalizer(fin)