test_ldap.py revision 65e791f844b4513ca2c3ee23f8cd2979566b3719
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# LDAP integration test
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# Copyright (c) 2015 Red Hat, Inc.
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# Author: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# This is free software; you can redistribute it and/or modify it
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# under the terms of the GNU General Public License as published by
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# the Free Software Foundation; version 2 only
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# This program is distributed in the hope that it will be useful, but
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# WITHOUT ANY WARRANTY; without even the implied warranty of
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# General Public License for more details.
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# You should have received a copy of the GNU General Public License
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik# along with this program. If not, see <http://www.gnu.org/licenses/>.
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """LDAP server instance fixture"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """LDAP server connection fixture"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_ldap_entries(ldap_conn, ent_list=None):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Add LDAP entries from ent_list"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik if ent_list is not None:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef cleanup_ldap_entries(ldap_conn, ent_list=None):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Remove LDAP entries added by create_ldap_entries"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik for ou in ("Users", "Groups", "Netgroups", "Services", "Policies"):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik for entry in ldap_conn.search_s("ou=" + ou + "," +
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_ldap_cleanup(request, ldap_conn, ent_list=None):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Add teardown for removing all user/group LDAP entries"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik request.addfinalizer(lambda: cleanup_ldap_entries(ldap_conn, ent_list))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef create_ldap_fixture(request, ldap_conn, ent_list=None):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Add LDAP entries and add teardown for removing them"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_cleanup(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Format a basic SSSD configuration"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik schema_conf = "ldap_schema = " + schema + "\n"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik schema_conf += "ldap_group_object_class = groupOfNames\n"
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik debug_level = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik domains = LDAP
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik services = nss, pam
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik debug_level = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik memcache_timeout = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik entry_negative_timeout = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik debug_level = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ldap_auth_disable_tls_never_use_in_production = true
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik debug_level = 0xffff
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik {schema_conf}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik id_provider = ldap
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik auth_provider = ldap
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ldap_uri = {ldap_conn.ds_inst.ldap_url}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ldap_search_base = {ldap_conn.ds_inst.base_dn}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef format_interactive_conf(ldap_conn, schema):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Format an SSSD configuration with all caches refreshing in 4 seconds"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik memcache_timeout = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik entry_negative_timeout = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ldap_purge_cache_timeout = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik entry_cache_timeout = {0}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef format_rfc2307bis_deref_conf(ldap_conn, schema):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Format an SSSD configuration with all caches refreshing in 4 seconds"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik memcache_timeout = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik entry_negative_timeout = 0
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik entry_cache_timeout = {0}
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ldap_deref_threshold = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Create sssd.conf with specified contents"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik os.chmod(config.CONF_PATH, stat.S_IRUSR | stat.S_IWUSR)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Remove sssd.conf, if it exists"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Add teardown for removing sssd.conf"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik Create sssd.conf with specified contents and add teardown for removing it
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Start the SSSD process"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik if subprocess.call(["sssd", "-D", "-f"]) != 0:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Stop the SSSD process and remove its state"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Add teardown for stopping SSSD and removing its state"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Start SSSD and add teardown for stopping it and removing its state"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group("two_user_group", 2012, ["user1", "user2"])
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik ent_list.add_group("group(_u)ser1", 5001, ["t(u)ser"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user('usr\\\\001', 181818, 181818)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("empty_group1", 2010)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("empty_group2", 2011)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("two_user_group", 2012, ["user1", "user2"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group_empty_group", 2013, [], ["empty_group1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group_two_empty_groups", 2014,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("one_user_group1", 2015, ["user1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("one_user_group2", 2016, ["user2"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group_one_user_group", 2017,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik [], ["one_user_group1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group_two_user_group", 2018,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik [], ["two_user_group"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group_two_one_user_groups", 2019,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik return dict((u["name"], u) for u in entries)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_regression_ticket2163(ldap_conn, simple_rfc2307):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='usr\\001', passwd='*', uid=181818, gid=181818,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_sanity_rfc2307(ldap_conn, sanity_rfc2307):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik group_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='empty_group', passwd='*', gid=2010,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='two_user_group', passwd='*', gid=2012,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_group_by_name(group_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_sanity_rfc2307_bis(ldap_conn, sanity_rfc2307_bis):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001, gecos='1001',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='user2', passwd='*', uid=1002, gid=2002, gecos='1002',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='user3', passwd='*', uid=1003, gid=2003, gecos='1003',
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik group_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group1', passwd='*', gid=2001, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group2', passwd='*', gid=2002, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group3', passwd='*', gid=2003, mem=ent.contains_only()),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='empty_group1', passwd='*', gid=2010,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='empty_group2', passwd='*', gid=2011,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='two_user_group', passwd='*', gid=2012,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group_empty_group', passwd='*', gid=2013,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group_two_empty_groups', passwd='*', gid=2014,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='one_user_group1', passwd='*', gid=2015,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='one_user_group2', passwd='*', gid=2016,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group_one_user_group', passwd='*', gid=2017,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group_two_user_group', passwd='*', gid=2018,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='group_two_one_user_groups', passwd='*', gid=2019,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_group_by_name(group_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef refresh_after_cleanup_task(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group1", 2001, ["user1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group2", 2002, [], ["group1"])
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik entry_cache_user_timeout = 1
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik entry_cache_group_timeout = 5000
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ldap_purge_cache_timeout = 3
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik Regression test for ticket:
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name='user1', passwd='*', uid=1001, gid=2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Create blank RFC2307 directory fixture with interactive SSSD conf"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_interactive_conf(ldap_conn, SCHEMA_RFC2307))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Create blank RFC2307bis directory fixture with interactive SSSD conf"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_interactive_conf(ldap_conn, SCHEMA_RFC2307_BIS))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef user_and_group_rfc2307(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik Create an RFC2307 directory fixture with interactive SSSD conf,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik one user and one group
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_interactive_conf(ldap_conn, SCHEMA_RFC2307))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef user_and_groups_rfc2307_bis(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik Create an RFC2307bis directory fixture with interactive SSSD conf,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik one user and two groups
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_interactive_conf(ldap_conn, SCHEMA_RFC2307_BIS))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef rfc2307bis_deref_group_with_users(request, ldap_conn):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik Create an RFC2307bis directory fixture with interactive SSSD conf,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik one user and two groups
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_group_bis("group1", 20000, member_uids=("user1", "user2"))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnikdef test_ldap_group_dereference(ldap_conn, rfc2307bis_deref_group_with_users):
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(mem=ent.contains_only("user1", "user2")))
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_homedir_A", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_homedir_B", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_empty_homedir", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik override_homedir = /home/B
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Test the effect of the "override_homedir" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_homedir_A", uid=1001, dir="/home/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_homedir_A", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_homedir_B", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_empty_homedir", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik fallback_homedir = /home/B
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Test the effect of the "fallback_homedir" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_homedir_A", uid=1001, dir="/home/A"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_homedir_B", uid=1002, dir="/home/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_empty_homedir", uid=1003, dir="/home/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_shell_A", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_shell_B", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik override_shell = /bin/B
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Test the effect of the "override_shell" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_shell_A", uid=1001, shell="/bin/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_shell_B", uid=1002, shell="/bin/B"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_empty_shell", uid=1003, shell="/bin/B")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_sh_shell", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik shell_fallback = /bin/fallback
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik allowed_shells = /bin/not_installed
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Test the effect of the "shell_fallback" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_not_installed_shell", uid=1002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_empty_shell", uid=1003, shell="")
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_sh_shell", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_not_installed_shell", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik default_shell = /bin/default
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik allowed_shells = /bin/default, /bin/not_installed
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik shell_fallback = /bin/fallback
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Test the effect of the "default_shell" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_not_installed_shell", uid=1002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_empty_shell", uid=1003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_sh_shell", 1001, 2001,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_vetoed_shell", 1002, 2002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent_list.add_user("user_with_empty_shell", 1003, 2003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik default_shell = /bin/default
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik vetoed_shells = /bin/vetoed
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik shell_fallback = /bin/fallback
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik """Test the effect of the "vetoed_shells" option"""
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik passwd_pattern = expected_list_to_name_dict([
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_sh_shell", uid=1001, shell="/bin/sh"),
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_vetoed_shell", uid=1002,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik dict(name="user_with_empty_shell", uid=1003,
49a5412cbc98e630de17359c29cb8d6ce0e16168Lukas Slebodnik ent.assert_each_passwd_by_name(passwd_pattern)
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnikdef test_user_2307bis_nested_groups(ldap_conn,
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik Test nested groups.
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik Regression test for ticket:
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik # group1, two_user_group, one_user_group1, group_one_user_group,
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik # group_two_user_group, group_two_one_user_groups
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik expected_gids = [2001, 2012, 2015, 2017, 2018, 2019]
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001,
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik (res, errno, gids) = sssd_id.call_sssd_initgroups("user1", primary_gid)
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik assert sorted(gids) == sorted(expected_gids), \
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik "result: %s\n expected %s" % (
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik ", ".join(["%s" % s for s in sorted(gids)]),
1ba26271952de1beeb9e041bedf87d720d3f5680Lukas Slebodnik ", ".join(["%s" % s for s in sorted(expected_gids)])
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnikdef test_special_characters_in_names(ldap_conn, sanity_rfc2307):
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik Test special characters which could cause malformed filter
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik in ldb_seach.
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik Regression test for ticket:
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik dict(name="t(u)ser", passwd="*", uid=5000, gid=5001,
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik "group(_u)ser1",
e59b73366d3067c576e39a214a34ace2f9a84878Lukas Slebodnik dict(name="group(_u)ser1", passwd="*", gid=5001,
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik create_ldap_fixture(request, ldap_conn, ent_list)
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik format_basic_conf(ldap_conn, SCHEMA_RFC2307) + \
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik ldap_user_extra_attrs = mail, name:uid, givenName
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnikdef test_extra_attribute_already_exists(ldap_conn, extra_attributes):
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik """Test the effect of the "vetoed_shells" option"""
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik user_dn = "uid=" + user + ",ou=Users," + ldap_conn.ds_inst.base_dn
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik old = {'objectClass': ['top', 'inetOrgPerson', 'posixAccount']}
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik new = {'objectClass': ['top', 'inetOrgPerson', 'posixAccount',
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik 'extensibleObject']}
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik ldap_conn.modify_s(user_dn, [(ldap.MOD_ADD, extra_attribute, given_name)])
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik dict(name="user", uid=2001, gid=2000, shell="/bin/bash"),
b6bc67f3272d8a45fb6b5c01c8a3f8e74010eb71Lukas Slebodnik val = ldb_conn.get_entry_attr(sssd_ldb.CacheType.sysdb,
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech Adding user to group
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef test_add_user_to_group(ldap_conn, add_user_to_group):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech Adding user to group
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list.add_group_bis("group1", 20001, member_uids=["user1", "user2"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef test_remove_user_from_group(ldap_conn, remove_user_from_group):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech Removing two users from group, step by step
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech group1_dn = 'cn=group1,ou=Groups,' + ldap_conn.ds_inst.base_dn
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech # removing of user2 from group1
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech old = {'member': ["uid=user1,ou=Users,dc=example,dc=com",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech "uid=user2,ou=Users,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech new = {'member': ["uid=user1,ou=Users,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_group_by_name("group1", dict(mem=ent.contains_only("user1")))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech # removing of user1 from group1
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech old = {'member': ["uid=user1,ou=Users,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_group_by_name("group1", dict(mem=ent.contains_only()))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čechdef remove_user_from_nested_group(request, ldap_conn):
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list.add_group_bis("group2", 20002, member_uids=["user2"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent_list.add_group_bis("group3", 20003, member_gids=["group1", "group2"])
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech group3_dn = 'cn=group3,ou=Groups,' + ldap_conn.ds_inst.base_dn
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech # removing of group2 from group3
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech old = {'member': ["cn=group1,ou=Groups,dc=example,dc=com",
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech "cn=group2,ou=Groups,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech new = {'member': ["cn=group1,ou=Groups,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech # removing of group1 from group3
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech old = {'member': ["cn=group1,ou=Groups,dc=example,dc=com"]}
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user1", dict(name="user1", uid=1001, gid=2001))
eaf44bc07dda469a20be07d46737d93f518e2047Petr Čech ent.assert_passwd_by_name("user2", dict(name="user2", uid=1002, gid=2002))
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek """Format an SSSD configuration with group nesting disabled"""
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek ldap_group_nesting_level = 0
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek ent_list.add_group_bis("group1", 20001, member_uids=["user1"])
65e791f844b4513ca2c3ee23f8cd2979566b3719Jakub Hrozek create_ldap_fixture(request, ldap_conn, ent_list)