#
# LDAP integration test
#
# Copyright (c) 2015 Red Hat, Inc.
# Author: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
#
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import os
import stat
import pwd
import grp
import ent
import config
import signal
import subprocess
import time
import ldap
import pytest
import ds_openldap
import ldap_ent
from util import *
LDAP_BASE_DN = "dc=example,dc=com"
"""LDAP server instance fixture"""
"cn=admin", "Secret123"
)
try:
except:
raise
return ds_inst
"""LDAP server connection fixture"""
return ldap_conn
"""Add LDAP entries from ent_list"""
if ent_list is not None:
"""Remove LDAP entries added by create_ldap_entries"""
if ent_list is None:
attrlist=[]):
else:
"""Add LDAP entries and add teardown for removing them"""
"""
Format a basic SSSD configuration
The files domain is defined but not enabled in order to avoid enumerating
users from the files domain that would otherwise by implicitly enabled
"""
if schema == SCHEMA_RFC2307_BIS:
schema_conf += "ldap_group_object_class = groupOfNames\n"
return unindent("""\
[sssd]
debug_level = 0xffff
domains = LDAP
services = nss, pam
[nss]
debug_level = 0xffff
memcache_timeout = 0
[pam]
debug_level = 0xffff
id_provider = files
ldap_auth_disable_tls_never_use_in_production = true
debug_level = 0xffff
enumerate = true
{schema_conf}
id_provider = ldap
auth_provider = ldap
ldap_uri = {ldap_conn.ds_inst.ldap_url}
ldap_search_base = {ldap_conn.ds_inst.base_dn}
"""Format an SSSD configuration with all caches refreshing in 4 seconds"""
return \
unindent("""
[nss]
memcache_timeout = 0
enum_cache_timeout = {0}
entry_negative_timeout = 0
ldap_enumeration_refresh_timeout = {0}
ldap_purge_cache_timeout = 1
entry_cache_timeout = {0}
"""Create sssd.conf with specified contents"""
def cleanup_conf_file():
"""Remove sssd.conf, if it exists"""
"""Add teardown for removing sssd.conf"""
"""
Create sssd.conf with specified contents and add teardown for removing it
"""
def create_sssd_process():
"""Start the SSSD process"""
raise Exception("sssd start failed")
def cleanup_sssd_process():
"""Stop the SSSD process and remove its state"""
try:
while True:
try:
except:
break
except:
pass
"""Add teardown for stopping SSSD and removing its state"""
"""Start SSSD and add teardown for stopping it and removing its state"""
return None
[], ["empty_group1", "empty_group2"])
[], ["one_user_group1"])
[], ["two_user_group"])
[], ["one_user_group1", "one_user_group2"])
return None
)
)
)
)
"""Create blank RFC2307 directory fixture with interactive SSSD conf"""
"""Create blank RFC2307bis directory fixture with interactive SSSD conf"""
"""
Create an RFC2307 directory fixture with interactive SSSD conf,
one user and one group
"""
return None
"""
Create an RFC2307bis directory fixture with interactive SSSD conf,
one user and two groups
"""
return None
"""Test user addition and removal are reflected by SSSD"""
# Add the user
# Remove the user
"""Test RFC2307 group addition and removal are reflected by SSSD"""
# Add the group
# Remove the group
"""Test RFC2307bis group addition and removal are reflected by SSSD"""
# Add the group
# Remove the group
"""Test user membership addition and removal are reflected by SSSD"""
# Add user to group
# Remove user from group
"""
Test user and group membership addition and removal are reflected by SSSD,
with RFC2307bis schema
"""
# Add user to group1
b"uid=user,ou=Users," + base_dn_bytes)])
# Add group1 to group2
b"cn=group1,ou=Groups," + base_dn_bytes)])
# Remove group1 from group2
# Remove user from group1
homeDirectory="/home/A")
homeDirectory="/home/B")
homeDirectory="")
conf = \
unindent("""\
[nss]
override_homedir = /home/B
"""Test the effect of the "override_homedir" option"""
)
)
homeDirectory="/home/A")
homeDirectory="/home/B")
homeDirectory="")
conf = \
unindent("""\
[nss]
fallback_homedir = /home/B
"""Test the effect of the "fallback_homedir" option"""
)
)
loginShell="/bin/A")
loginShell="/bin/B")
loginShell="")
conf = \
unindent("""\
[nss]
override_shell = /bin/B
"""Test the effect of the "override_shell" option"""
)
)
loginShell="/bin/sh")
loginShell="")
conf = \
unindent("""\
[nss]
allowed_shells = /bin/not_installed
"""Test the effect of the "shell_fallback" option"""
)
)
loginShell="/bin/sh")
loginShell="")
conf = \
unindent("""\
[nss]
allowed_shells = /bin/default, /bin/not_installed
"""Test the effect of the "default_shell" option"""
)
)
loginShell="/bin/sh")
loginShell="/bin/vetoed")
loginShell="")
conf = \
unindent("""\
[nss]
"""Test the effect of the "vetoed_shells" option"""
)
)
conf = \
unindent("""
auto_private_groups = True
return None
"""
Test the auto_private_groups together with enumeration
"""
)
)