def test_deleting_twice(topo_m2):
"""Deleting entry twice crashed a server
:id: 94045560-a64c-11ea-93d6-8c16451d917b
:setup: MMR with 2 masters
:steps:
1. Adding entry
2. Deleting the same entry from s1
3. Deleting the same entry from s2 after some seconds
:expected results:
1. Should succeeds
2. Should succeeds
3. Should succeeds
"""
m1 = topo_m2.ms["master1"]
m2 = topo_m2.ms["master2"]
# Adding entry
user1 = UserAccounts(m1, DEFAULT_SUFFIX, rdn=None).create_test_user(uid=1,
gid=1)
repl_manager = ReplicationManager(DEFAULT_SUFFIX)
repl_manager.wait_for_replication(m1, m2, timeout=100)
user2 = UserAccount(m2, f'uid=test_user_1,{DEFAULT_SUFFIX}')
assert user2.status()
# Deleting the same entry from s1
user1.delete()
repl_manager.wait_for_replication(m1, m2, timeout=100)
# Deleting the same entry from s2 after some seconds
with pytest.raises(ldap.NO_SUCH_OBJECT):
user2.delete()
assert m1.status()
assert m2.status()
def test_segfaults(topo_m2, _delete_after):
"""ns-slapd segfaults while trying to delete a tombstone entry
:id: 9f8f7388-a64c-11ea-b5f7-8c16451d917b
:setup: MMR with 2 masters
:steps:
1. Add new user
2. Delete user - should leave tombstone entry
3. Search for tombstone entry
4. Try to delete tombstone entry
5. Check if server is still alive
:expected results:
1. Should succeeds
2. Should succeeds
3. Should succeeds
4. Should succeeds
5. Should succeeds
"""
m1 = topo_m2.ms["master1"]
# Add user
user = UserAccounts(m1, DEFAULT_SUFFIX, rdn=None).create_test_user(uid=10,
gid=1)
# Delete user - should leave tombstone entry
user.delete()
tombstones = Tombstones(m1, DEFAULT_SUFFIX)
# Search for tombstone entry
fil = tombstones.filter("(&(objectClass=nstombstone)(uid=test_user_10))")
assert fil
# Try to delete tombstone entry
for user in fil:
user.delete()
# Check if server is still alive
assert m1.status()
def _create_and_delete_tombstone(topo_m2, id):
m1 = topo_m2.ms["master1"]
# Add new user
user1 = UserAccounts(m1, DEFAULT_SUFFIX, rdn=None).create_test_user(uid=id,
gid=id)
# Delete user - should leave tombstone entry
user1.delete()
tombstones = Tombstones(m1, DEFAULT_SUFFIX)
# Search for tombstone entry
fil = tombstones.filter(
"(&(objectClass=nstombstone)(uid=test_user_{}*))".format(id))[0]
assert fil
fil.rename("uid=engineer")
assert m1
def test_check_two_scheme(topo):
"""Check password scheme SHA and CRYPT
:id: 2b677f1e-33a6-11ea-a371-8c16451d917b
:setup: Standalone
:steps:
1. Change password scheme and create user with password.
2. check password scheme is set .
3. Delete user
:expected results:
1. Pass
2. Pass
3. Pass
"""
for schema, value in [("nsslapd-rootpwstoragescheme", "SHA"),
("passwordStorageScheme", "CRYPT")]:
Config(topo.standalone).replace(schema, value)
topo.standalone.restart()
user = UserAccounts(topo.standalone, DEFAULT_SUFFIX).create_test_user()
user.set('userpassword', 'ItsMeAnuj')
assert '{' + f'{"CRYPT".lower()}' + '}' \
in UserAccount(topo.standalone, user.dn).get_attr_val_utf8('userpassword').lower()
user.delete()
def test_expiration_date(topo, _fix_password):
"""Test check the expiration date is still in the future
:id: 3691739a-5a20-11ea-8712-8c16451d917b
:setup: Standalone
:steps:
1. Password expiration
2. Add a user with a password expiration date
3. Modify their password
4. Check the expiration date is still in the future
5. Modify the password expiration date
6. Check the expiration date is still in the future
7. Change policy so that user can change passwords
8. Deleting user
9. Adding user
10. Set password history ON
11. Modify password Once
12. Try to change the password with same one
:expected results:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Fail
"""
# Add a user with a password expiration date
user = UserAccounts(topo.standalone, DEFAULT_SUFFIX).create_test_user()
user.replace_many(('userpassword', 'bind4now'),
('passwordExpirationTime', '20380119031404Z'))
# Modify their password
user.replace('userPassword', 'secreter')
# Check the expiration date is still in the future
assert user.get_attr_val_utf8(
'passwordExpirationTime') == '20380119031404Z'
# Modify the password expiration date
user.replace('passwordExpirationTime', '20380119031405Z')
# Check the expiration date is still in the future
assert user.get_attr_val_utf8(
'passwordExpirationTime') == '20380119031405Z'
config = Config(topo.standalone)
# Change policy so that user can change passwords
config.replace('passwordchange', 'on')
# Deleting user
UserAccount(topo.standalone,
f'uid=test_user_1000,ou=People,{DEFAULT_SUFFIX}').delete()
# Adding user
user = UserAccounts(topo.standalone, DEFAULT_SUFFIX).create_test_user()
# Set password history ON
config.replace('passwordhistory', 'on')
# Modify password Once
user.replace('userPassword', 'secreter')
time.sleep(1)
assert DEFAULT_PASSWORD_STORAGE_SCHEME in user.get_attr_val_utf8(
'userPassword')
# Try to change the password with same one
for _ in range(3):
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
_change_password_with_own(topo, user.dn, 'secreter', 'secreter')
user.delete()
def test_binddn_tracking(topo, _create_inital):
"""Test Managed Entries basic functionality
:id: ea2ddfd4-aaec-11ea-8416-8c16451d917b
:setup: Standalone Instance
:steps:
1. Set nsslapd-plugin-binddn-tracking attribute under cn=config
2. Add user
3. Managed Entry Plugin runs against managed entries upon any update without validating
4. verify creation of User Private Group with its time stamp value
5. Modify the SN attribute which is not mapped with managed entry
6. run ModRDN operation and check the User Private group
7. Check the time stamp of UPG should be changed now
8. Check the creatorsname should be user dn and internalCreatorsname should be plugin name
9. Check if a managed group entry was created
:expected results:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""
config = Config(topo.standalone)
# set nsslapd-plugin-binddn-tracking attribute under cn=config
config.replace('nsslapd-plugin-binddn-tracking', 'on')
# Add user
user = UserAccounts(topo.standalone,
f'cn=Users,{DEFAULT_SUFFIX}',
rdn=None).create_test_user()
assert user.get_attr_val_utf8(
'mepManagedEntry') == f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}'
entry = Account(topo.standalone,
f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}')
# Managed Entry Plugin runs against managed entries upon any update without validating
# verify creation of User Private Group with its time stamp value
stamp1 = entry.get_attr_val_utf8('modifyTimestamp')
user.replace('sn', 'NewSN_modified')
stamp2 = entry.get_attr_val_utf8('modifyTimestamp')
# Modify the SN attribute which is not mapped with managed entry
# Check the time stamp of UPG should not be changed
assert stamp1 == stamp2
time.sleep(1)
# run ModRDN operation and check the User Private group
user.rename(new_rdn='uid=UserNewRDN',
newsuperior='cn=Users,dc=example,dc=com')
assert user.get_attr_val_utf8(
'mepManagedEntry') == f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}'
entry = Account(topo.standalone,
f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}')
stamp3 = entry.get_attr_val_utf8('modifyTimestamp')
# Check the time stamp of UPG should be changed now
assert stamp2 != stamp3
time.sleep(1)
user.replace('gidNumber', '1')
stamp4 = entry.get_attr_val_utf8('modifyTimestamp')
assert stamp4 != stamp3
# Check the creatorsname should be user dn and internalCreatorsname should be plugin name
assert entry.get_attr_val_utf8('creatorsname') == 'cn=directory manager'
assert entry.get_attr_val_utf8(
'internalCreatorsname') == 'cn=Managed Entries,cn=plugins,cn=config'
assert entry.get_attr_val_utf8('modifiersname') == 'cn=directory manager'
user.delete()
config.replace('nsslapd-plugin-binddn-tracking', 'off')
def test_mentry01(topo, _create_inital):
"""Test Managed Entries basic functionality
:id: 9b87493b-0493-46f9-8364-6099d0e5d806
:setup: Standalone Instance
:steps:
1. Check the plug-in status
2. Add Template and definition entry
3. Add our org units
4. Add users with PosixAccount ObjectClass and verify creation of User Private Group
5. Disable the plug-in and check the status
6. Enable the plug-in and check the status the plug-in is disabled and creation of UPG should fail
7. Add users with PosixAccount ObjectClass and verify creation of User Private Group
8. Add users, run ModRDN operation and check the User Private group
9. Add users, run LDAPMODIFY to change the gidNumber and check the User Private group
10. Checking whether creation of User Private group fails for existing group entry
11. Checking whether adding of posixAccount objectClass to existing user creates UPG
12. Running ModRDN operation and checking the user private groups mepManagedBy attribute
13. Deleting mepManagedBy attribute and running ModRDN operation to check if it creates a new UPG
14. Change the RDN of template entry, DSA Unwilling to perform error expected
15. Change the RDN of cn=Users to cn=TestUsers and check UPG are deleted
:expected results:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Fail(Unwilling to perform )
15. Success
"""
# Check the plug-in status
mana = ManagedEntriesPlugin(topo.standalone)
assert mana.status()
# Add Template and definition entry
org1 = OrganizationalUnits(
topo.standalone, DEFAULT_SUFFIX).create(properties={'ou': 'Users'})
org2 = OrganizationalUnit(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}')
meps = MEPTemplates(topo.standalone, DEFAULT_SUFFIX)
mep_template1 = meps.create(
properties={
'cn':
'UPG Template1',
'mepRDNAttr':
'cn',
'mepStaticAttr':
'objectclass: posixGroup',
'mepMappedAttr':
'cn: $uid|gidNumber: $gidNumber|description: User private group for $uid'
.split('|')
})
conf_mep = MEPConfigs(topo.standalone)
conf_mep.create(
properties={
'cn': 'UPG Definition2',
'originScope': org1.dn,
'originFilter': 'objectclass=posixaccount',
'managedBase': org2.dn,
'managedTemplate': mep_template1.dn
})
# Add users with PosixAccount ObjectClass and verify creation of User Private Group
user = UserAccounts(topo.standalone,
f'ou=Users,{DEFAULT_SUFFIX}',
rdn=None).create_test_user()
assert user.get_attr_val_utf8(
'mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}'
# Disable the plug-in and check the status
mana.disable()
user.delete()
topo.standalone.restart()
# Add users with PosixAccount ObjectClass when the plug-in is disabled and creation of UPG should fail
user = UserAccounts(topo.standalone,
f'ou=Users,{DEFAULT_SUFFIX}',
rdn=None).create_test_user()
assert not user.get_attr_val_utf8('mepManagedEntry')
# Enable the plug-in and check the status
mana.enable()
user.delete()
topo.standalone.restart()
# Add users with PosixAccount ObjectClass and verify creation of User Private Group
user = UserAccounts(topo.standalone,
f'ou=Users,{DEFAULT_SUFFIX}',
rdn=None).create_test_user()
assert user.get_attr_val_utf8(
'mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}'
# Add users, run ModRDN operation and check the User Private group
# Add users, run LDAPMODIFY to change the gidNumber and check the User Private group
user.rename(new_rdn='uid=UserNewRDN',
newsuperior='ou=Users,dc=example,dc=com')
assert user.get_attr_val_utf8(
'mepManagedEntry') == f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}'
user.replace('gidNumber', '20209')
entry = Account(topo.standalone,
f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}')
assert entry.get_attr_val_utf8('gidNumber') == '20209'
user.replace_many(('sn', 'new_modified_sn'), ('gidNumber', '31309'))
assert entry.get_attr_val_utf8('gidNumber') == '31309'
user.delete()
# Checking whether creation of User Private group fails for existing group entry
Groups(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}',
rdn=None).create(properties={'cn': 'MENTRY_14'})
user = UserAccounts(topo.standalone,
f'ou=Users,{DEFAULT_SUFFIX}',
rdn=None).create_test_user()
with pytest.raises(ldap.NO_SUCH_OBJECT):
entry.status()
user.delete()
# Checking whether adding of posixAccount objectClass to existing user creates UPG
# Add Users without posixAccount objectClass
users = WithObjectClass(topo.standalone,
f'uid=test_test, ou=Users,{DEFAULT_SUFFIX}')
user_properties1 = {
'uid': 'test_test',
'cn': 'test',
'sn': 'test',
'mail': '*****@*****.**',
'telephoneNumber': '123'
}
user = users.create(properties=user_properties1)
assert not user.get_attr_val_utf8('mepManagedEntry')
# Add posixAccount objectClass
user.replace_many(
('objectclass', ['top', 'person', 'inetorgperson', 'posixAccount']),
('homeDirectory', '/home/ok'), ('uidNumber', '61603'),
('gidNumber', '61603'))
assert not user.get_attr_val_utf8('mepManagedEntry')
user = UserAccounts(topo.standalone,
f'ou=Users,{DEFAULT_SUFFIX}',
rdn=None).create_test_user()
entry = Account(topo.standalone,
'cn=test_user_1000,ou=Groups,dc=example,dc=com')
# Add inetuser objectClass
user.replace_many(('objectclass', [
'top', 'account', 'posixaccount', 'inetOrgPerson',
'organizationalPerson', 'nsMemberOf', 'nsAccount', 'person',
'mepOriginEntry', 'inetuser'
]), ('memberOf', entry.dn))
assert entry.status()
user.delete()
user = UserAccounts(topo.standalone,
f'ou=Users,{DEFAULT_SUFFIX}',
rdn=None).create_test_user()
entry = Account(topo.standalone,
'cn=test_user_1000,ou=Groups,dc=example,dc=com')
# Add groupofNames objectClass
user.replace_many(('objectclass', [
'top', 'account', 'posixaccount', 'inetOrgPerson',
'organizationalPerson', 'nsMemberOf', 'nsAccount', 'person',
'mepOriginEntry', 'groupofNames'
]), ('memberOf', user.dn))
assert entry.status()
# Running ModRDN operation and checking the user private groups mepManagedBy
# attribute was also reset because the modrdn on the origin will do a modrdn
# on checkManagedEntry to match the new rdn value of the origin entry
checkManagedEntry = UserAccounts(topo.standalone,
f'ou=Groups,{DEFAULT_SUFFIX}',
rdn=None)
check_entry = checkManagedEntry.create(
properties={
'objectclass': ['top', 'extensibleObject'],
'uid': 'CheckModRDN',
'uidNumber': '12',
'gidNumber': '12',
'homeDirectory': '/home',
'sn': 'tmp',
'cn': 'tmp',
})
user.replace('mepManagedEntry', check_entry.dn)
user.rename(new_rdn='uid=UserNewRDN',
newsuperior='ou=Users,dc=example,dc=com')
assert user.get_attr_val_utf8_l(
'mepManagedEntry'
) == f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}'.lower()
# Deleting mepManagedBy attribute and running ModRDN operation to check if it creates a new UPG
user.remove('mepManagedEntry', f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}')
user.rename(new_rdn='uid=UserNewRDN1',
newsuperior='ou=Users,dc=example,dc=com')
assert user.get_attr_val_utf8(
'mepManagedEntry') == f'cn=UserNewRDN1,ou=Groups,{DEFAULT_SUFFIX}'
# Change the RDN of template entry, DSA Unwilling to perform error expected
mep = MEPTemplate(topo.standalone, f'cn=UPG Template,{DEFAULT_SUFFIX}')
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
mep.rename(new_rdn='cn=UPG Template2', newsuperior='dc=example,dc=com')
# Change the RDN of cn=Users to cn=TestUsers and check UPG are deleted
before = user.get_attr_val_utf8('mepManagedEntry')
user.rename(new_rdn='uid=Anuj', newsuperior='ou=Users,dc=example,dc=com')
assert user.get_attr_val_utf8('mepManagedEntry') != before
