示例#1
0
def test_undefined_in_group_eval_eleven(topo, test_user, aci_of_user):
    """
        Aci will not allow access as description is there with the user entry which is not allowed in ACI

        :id: 4cfa28e2-7841-11e8-8117-8c16451d917b
        :setup: server
        :steps:
            1. Add test entry
            2. Take a count of users using DN_DM
            3. Add test user
            4. add aci
            5. test should fullfil the aci rules
        :expectedresults:
            1. Entry should be added
            2. Operation should  succeed
            3. Operation should  succeed
            4. Operation should  succeed
            5. Operation should  succeed
    """
    Domain(topo.standalone, DEFAULT_SUFFIX).add(
        "aci",
        '(targetattr=*)(version 3.0; aci "tester"; allow(all) not( userattr = "description#GROUPDN");)'
    )
    user = UserAccount(topo.standalone, DEEPGROUPSCRATCHENTRY_GLOBAL)
    user.add("description", [ALLGROUPS_GLOBAL, GROUPH_GLOBAL])
    conn = UserAccount(topo.standalone, DEEPUSER_GLOBAL).bind(PW_DM)
    # Test that not(UNDEFINED(attrval1))
    user1 = UserAccount(conn, DEEPGROUPSCRATCHENTRY_GLOBAL)
    with pytest.raises(ldap.INSUFFICIENT_ACCESS):
        user1.add("sn", "Fred1")
    assert user.get_attr_val_utf8('cn')
    user.remove("description", [ALLGROUPS_GLOBAL, GROUPH_GLOBAL])
示例#2
0
def test_undefined_in_group_eval_eight(topo, test_user, aci_of_user):
    """
        Aci will not allow access as Group dn is not allowed so members will not allowed access.

        :id: 26ca7456-7841-11e8-801e-8c16451d917b
        :setup: server
        :steps:
            1. Add test entry
            2. Take a count of users using DN_DM
            3. Add test user
            4. add aci
            5. test should fullfil the aci rules
        :expectedresults:
            1. Entry should be added
            2. Operation should  succeed
            3. Operation should  succeed
            4. Operation should  succeed
            5. Operation should  succeed
    """
    Domain(topo.standalone, DEFAULT_SUFFIX).add(
        "aci",
        '(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn != "ldap:///{} || ldap:///{} || ldap:///{}" ;)'
        .format(GROUPH_GLOBAL, GROUPA_GLOBAL, ALLGROUPS_GLOBAL))
    conn = UserAccount(topo.standalone, DEEPUSER3_GLOBAL).bind(PW_DM)
    # test UNDEFINED in group
    user = UserAccount(conn, DEEPGROUPSCRATCHENTRY_GLOBAL)
    with pytest.raises(ldap.INSUFFICIENT_ACCESS):
        user.replace("description", "Fred")
    assert user.get_attr_val_utf8('uid') == 'scratchEntry'
示例#3
0
def test_passwordexpirationtime_attribute(topo, _add_user):
    """Regression test for bz1118006.

    :id: 867472d2-473c-11ea-b583-8c16451d917b
    :setup: Standalone
    :steps:
        1. Check that the passwordExpirationTime attribute is set to the epoch date
    :expected results:
        1. Success
    """
    Config(topo.standalone).replace('passwordMustChange', 'on')
    epoch_date = "19700101000000Z"
    time.sleep(1)
    user = UserAccount(topo.standalone, f'uid=pwadm_user_1,{DEFAULT_SUFFIX}')
    user.replace('userpassword', 'Secret123')
    time.sleep(1)
    # Check that the passwordExpirationTime attribute is set to the epoch date
    assert user.get_attr_val_utf8('passwordExpirationTime') == epoch_date
    Config(topo.standalone).replace('passwordMustChange', 'off')
    time.sleep(1)
示例#4
0
def test_gecos_directoryString_wins_M2(topo_m2, request):
    """Check that if inital syntax are IA5(M2) and DirectoryString(M1)
    Then directoryString wins when nsSchemaCSN M2 is the greatest

    :id: 2da7f1b1-f86d-4072-a940-ba56d4bc8348
    :setup: Two suppliers replication setup
    :steps:
        1. Create a testuser on M1
        2  Stop M1 and M2
        3  Change gecos def on M2 to be IA5
        4  Start M1 and M2
        5  Update M2 schema so that M2 has greatest nsSchemaCSN
        6  Update testuser on M2 and trigger replication to M1
        7  Update testuser on M2 with gecos directoryString value
        8  Check replication is still working
        9  Check gecos is DirectoryString on M1 and M2
    :expectedresults:
        1. success
        2. success
        3. success
        4. success
        5. success
        6. success
        7. success
        8. success
        9. success

    """

    repl = ReplicationManager(DEFAULT_SUFFIX)
    m1 = topo_m2.ms["supplier1"]
    m2 = topo_m2.ms["supplier2"]

    # create a test user
    testuser_dn = 'uid={},{}'.format('testuser', DEFAULT_SUFFIX)
    testuser = UserAccount(m1, testuser_dn)
    try:
        testuser.create(
            properties={
                'uid': 'testuser',
                'cn': 'testuser',
                'sn': 'testuser',
                'uidNumber': '1000',
                'gidNumber': '2000',
                'homeDirectory': '/home/testuser',
            })
    except ldap.ALREADY_EXISTS:
        pass
    testuser.replace('displayName', 'to trigger replication M1-> M2')
    repl.wait_for_replication(m1, m2)

    # Stop suppliers to update the schema
    m1.stop()
    m2.stop()

    # on M1: gecos is DirectoryString (default)
    # on M2: gecos is IA5
    schema_filename = (m2.schemadir + "/99user.ldif")
    try:
        with open(schema_filename, 'w') as schema_file:
            schema_file.write("dn: cn=schema\n")
            schema_file.write(
                "attributetypes: ( 1.3.6.1.1.1.1.2 NAME " +
                "'gecos' DESC 'The GECOS field; the common name' " +
                "EQUALITY caseIgnoreIA5Match " +
                "SUBSTR caseIgnoreIA5SubstringsMatch " +
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 " + "SINGLE-VALUE )\n")
        os.chmod(schema_filename, 0o777)
    except OSError as e:
        log.fatal("Failed to update schema file: " +
                  "{} Error: {}".format(schema_filename, str(e)))

    # start the instances
    m1.start()
    m2.start()

    # Check that gecos is IA5 on M2
    schema = SchemaLegacy(m2)
    attributetypes = schema.query_attributetype('gecos')
    assert attributetypes[0].syntax == "1.3.6.1.4.1.1466.115.121.1.26"

    # update M2 schema to increase its nsschemaCSN
    new_at = "( dummy-oid NAME 'dummy' DESC 'dummy attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307' )"
    m2.schema.add_schema('attributetypes', ensure_bytes(new_at))

    # update just to trigger replication M2->M1
    # and update of M2 schema
    testuser_m2 = UserAccount(m2, testuser_dn)
    testuser_m2.replace('displayName', 'to trigger replication M2-> M1')

    # Add a gecos UTF value on M1
    testuser.replace('gecos', 'Hélène')

    # Check replication is still working
    testuser.replace('displayName', 'ascii value')
    repl.wait_for_replication(m1, m2)
    assert testuser_m2.exists()
    assert testuser_m2.get_attr_val_utf8('displayName') == 'ascii value'

    # Check that gecos is DirectoryString on M1
    schema = SchemaLegacy(m1)
    attributetypes = schema.query_attributetype('gecos')
    assert attributetypes[0].syntax == "1.3.6.1.4.1.1466.115.121.1.15"

    # Check that gecos is DirectoryString on M2
    schema = SchemaLegacy(m2)
    attributetypes = schema.query_attributetype('gecos')
    assert attributetypes[0].syntax == "1.3.6.1.4.1.1466.115.121.1.15"

    def fin():
        m1.start()
        m2.start()
        testuser.delete()
        m1.schema.del_schema('attributetypes', ensure_bytes(new_at))
        repl.wait_for_replication(m1, m2)

        # on M2 restore a default 99user.ldif
        m2.stop()
        os.remove(m2.schemadir + "/99user.ldif")
        schema_filename = (m2.schemadir + "/99user.ldif")
        try:
            with open(schema_filename, 'w') as schema_file:
                schema_file.write("dn: cn=schema\n")
            os.chmod(schema_filename, 0o777)
        except OSError as e:
            log.fatal("Failed to update schema file: " +
                      "{} Error: {}".format(schema_filename, str(e)))
        m2.start()

    request.addfinalizer(fin)
示例#5
0
def test_gecos_mixed_definition_topo(topo_m2, request):
    """Check that replication is still working if schema contains
       definitions that does not conform with a replicated entry

    :id: d5940e71-d18a-4b71-aaf7-b9185361fffe
    :setup: Two suppliers replication setup
    :steps:
        1. Create a testuser on M1
        2  Stop M1 and M2
        3  Change gecos def on M2 to be IA5
        4  Update testuser with gecos directoryString value
        5  Check replication is still working
    :expectedresults:
        1. success
        2. success
        3. success
        4. success
        5. success

    """

    repl = ReplicationManager(DEFAULT_SUFFIX)
    m1 = topo_m2.ms["supplier1"]
    m2 = topo_m2.ms["supplier2"]

    # create a test user
    testuser_dn = 'uid={},{}'.format('testuser', DEFAULT_SUFFIX)
    testuser = UserAccount(m1, testuser_dn)
    try:
        testuser.create(
            properties={
                'uid': 'testuser',
                'cn': 'testuser',
                'sn': 'testuser',
                'uidNumber': '1000',
                'gidNumber': '2000',
                'homeDirectory': '/home/testuser',
            })
    except ldap.ALREADY_EXISTS:
        pass
    repl.wait_for_replication(m1, m2)

    # Stop suppliers to update the schema
    m1.stop()
    m2.stop()

    # on M1: gecos is DirectoryString (default)
    # on M2: gecos is IA5
    schema_filename = (m2.schemadir + "/99user.ldif")
    try:
        with open(schema_filename, 'w') as schema_file:
            schema_file.write("dn: cn=schema\n")
            schema_file.write(
                "attributetypes: ( 1.3.6.1.1.1.1.2 NAME " +
                "'gecos' DESC 'The GECOS field; the common name' " +
                "EQUALITY caseIgnoreIA5Match " +
                "SUBSTR caseIgnoreIA5SubstringsMatch " +
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 " + "SINGLE-VALUE )\n")
        os.chmod(schema_filename, 0o777)
    except OSError as e:
        log.fatal("Failed to update schema file: " +
                  "{} Error: {}".format(schema_filename, str(e)))

    # start the instances
    m1.start()
    m2.start()

    # Check that gecos is IA5 on M2
    schema = SchemaLegacy(m2)
    attributetypes = schema.query_attributetype('gecos')
    assert attributetypes[0].syntax == "1.3.6.1.4.1.1466.115.121.1.26"

    # Add a gecos UTF value on M1
    testuser.replace('gecos', 'Hélène')

    # Check replication is still working
    testuser.replace('displayName', 'ascii value')
    repl.wait_for_replication(m1, m2)
    testuser_m2 = UserAccount(m2, testuser_dn)
    assert testuser_m2.exists()
    assert testuser_m2.get_attr_val_utf8('displayName') == 'ascii value'

    def fin():
        m1.start()
        m2.start()
        testuser.delete()
        repl.wait_for_replication(m1, m2)

        # on M2 restore a default 99user.ldif
        m2.stop()
        os.remove(m2.schemadir + "/99user.ldif")
        schema_filename = (m2.schemadir + "/99user.ldif")
        try:
            with open(schema_filename, 'w') as schema_file:
                schema_file.write("dn: cn=schema\n")
            os.chmod(schema_filename, 0o777)
        except OSError as e:
            log.fatal("Failed to update schema file: " +
                      "{} Error: {}".format(schema_filename, str(e)))
        m2.start()
        m1.start()

    request.addfinalizer(fin)