Skip to content
Commits on Source (192)
92 additional commits have been omitted to prevent performance issues.
Show whitespace changes
Inline Side-by-side
.dockerignore 0 → 100644
View file @ 74833414
.git
.gitignore
./src/cockpit/389-console/node_modules
.gitignore
View file @ 74833414
......@@ -25,6 +25,7 @@ libtool
stamp-h1
*~
*.patch
.DS_Store
.autotools
.cproject
.project
......@@ -224,3 +225,8 @@ html/
src/lib389/dist/
src/lib389/man/
src/libsds/target/
dist
venv
.idea
src/cockpit/389-console/cockpit_dist/
src/cockpit/389-console/node_modules/
389-doap.rdf deleted 100644 → 0
View file @ e08b20cc
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl"?>
<rdf:RDF xml:lang="en"
xmlns="http://usefulinc.com/ns/doap#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:foaf="http://xmlns.com/foaf/0.1/">
<Project rdf:about="http://port389.org">
<created>2005-06-01</created>
<name>389 Project</name>
<shortname>389</shortname>
<homepage rdf:resource="http://port389.org" />
<shortdesc>Directory Server, Admin Server, Graphical Management Console, web based tools</shortdesc>
<description>The 389 Project provides an LDAPv3 compliant directory server, HTTP based administration server, graphical management console, and web based tools.</description>
<implements>LDAPv3 - IETF RFC 4511-4518</implements>
<bug-database rdf:resource="https://fedorahosted.org/389/report" />
<mailing-list rdf:resource="http://port389.org/wiki/Mailing_Lists" />
<mailing-list>389-devel@lists.fedoraproject.org</mailing-list>
<mailing-list>389-users@lists.fedoraproject.org</mailing-list>
<mailing-list>389-announce@lists.fedoraproject.org</mailing-list>
<mailing-list>389-commits@lists.fedoraproject.org</mailing-list>
<license rdf:resource="http://port389.org/wiki/Licensing" />
<download-page rdf:resource="http://port389.org/wiki/Download" />
<programming-language>C</programming-language>
<programming-language>Perl</programming-language>
<programming-language>Java</programming-language>
<release>
<Version>
<name>stable</name>
<branch>389-ds-base-1.2.11</branch>
<created>2012-10-09</created>
<revision>1.2.11.16</revision>
</Version>
</release>
<repository>
<GitRepository>
<location rdf:resource="git://git.fedorahosted.org/389/ds.git"/>
<browse rdf:resource="http://git.fedorahosted.org/cgit/389/ds.git/"/>
</GitRepository>
</repository>
<maintainer>
<foaf:Person>
<foaf:name>Rich Megginson</foaf:name>
<foaf:mbox rdf:resource="mailto:rmeggins@redhat.com"/>
</foaf:Person>
</maintainer>
</Project>
</rdf:RDF>
Makefile.am
View file @ 74833414
......@@ -26,13 +26,10 @@ UBSAN_CFLAGS = @ubsan_cflags@
SYSTEMD_DEFINES = @systemd_defs@
CMOCKA_INCLUDES = @cmocka_inc@
CMOCKA_INCLUDES = $(CMOCKA_CFLAGS)
PROFILING_DEFINES = @profiling_defs@
NSPR_INCLUDES = @nspr_inc@
SASL_INCLUDES = @sasl_inc@
EVENT_INCLUDES = @event_inc@
NSPR_INCLUDES = $(NSPR_CFLAGS)
# Rust inclusions.
if RUST_ENABLE
......@@ -140,44 +137,35 @@ AM_CFLAGS = $(DEBUG_CFLAGS) $(GCCSEC_CFLAGS) $(ASAN_CFLAGS) $(MSAN_CFLAGS) $(TSA
AM_CXXFLAGS = $(DEBUG_CXXFLAGS) $(GCCSEC_CFLAGS) $(ASAN_CFLAGS) $(MSAN_CFLAGS) $(TSAN_CFLAGS) $(UBSAN_CFLAGS)
# Flags for Directory Server
# WARNING: This needs a clean up, because slap.h is a horrible mess and is publically exposed!
DSPLUGIN_CPPFLAGS = $(DS_DEFINES) $(DS_INCLUDES) $(PATH_DEFINES) $(SYSTEMD_DEFINES) $(NUNCSTANS_INCLUDES) @openldap_inc@ @ldapsdk_inc@ @nss_inc@ $(NSPR_INCLUDES) @systemd_inc@
DSPLUGIN_CPPFLAGS = $(DS_DEFINES) $(DS_INCLUDES) $(PATH_DEFINES) $(SYSTEMD_DEFINES) $(NUNCSTANS_INCLUDES) @openldap_inc@ $(NSS_CFLAGS) $(NSPR_INCLUDES) $(SYSTEMD_CFLAGS)
# This should give access to internal headers only for tests!!!
DSINTERNAL_CPPFLAGS = -I$(srcdir)/include/ldaputil
# Flags for Datastructure Library
SDS_CPPFLAGS = $(SDS_INCLUDES) $(NSPR_INCLUDES)
# Flags for nunc-stans
NUNCSTANS_CPPFLAGS = $(NSPR_INCLUDES) $(NUNCSTANS_INCLUDES) $(SDS_INCLUDES) $(EVENT_INCLUDES)
NUNCSTANS_CPPFLAGS = $(NSPR_INCLUDES) $(NUNCSTANS_INCLUDES) $(SDS_INCLUDES) $(EVENT_CFLAGS)
#------------------------
# Linker Flags
#------------------------
SYSTEMD_LINK = @systemd_lib@
CMOCKA_LINKS = @cmocka_lib@
CMOCKA_LINKS = $(CMOCKA_LIBS)
PROFILING_LINKS = @profiling_links@
NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4
NSS_LINK = @nss_lib@ -lssl3 -lnss3
NSPR_LINK = $(NSPR_LIBS)
NSS_LINK = $(NSS_LIBS)
if OPENLDAP
# with recent versions of openldap - if you link with both ldap_r and ldap, the
# shared lib _fini for one will stomp on the other, and the program will crash
LDAPSDK_LINK_NOTHR = @openldap_lib@ -lldap@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@
LDAPSDK_LINK = @openldap_lib@ -lldap_r@ol_libver@ @ldap_lib_ldif@ -llber@ol_libver@
else
LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
LDAPSDK_LINK_NOTHR = $(LDAPSDK_LINK)
endif
ldaplib = @ldaplib@
ldaplib_defs = @ldaplib_defs@
DB_LINK = @db_lib@ -ldb-@db_libver@
SASL_LINK = @sasl_lib@ -lsasl2
ICU_LINK = @icu_lib@ -licui18n -licuuc -licudata
PCRE_LINK = @pcre_lib@ -lpcre
SASL_LINK = $(SASL_LIBS)
NETSNMP_LINK = @netsnmp_lib@ @netsnmp_link@
PAM_LINK = -lpam
KERBEROS_LINK = $(kerberos_lib)
EVENT_LINK = @event_lib@
EVENT_LINK = $(EVENT_LIBS)
PW_CRACK_LINK = -lcrack
LIBSOCKET=@LIBSOCKET@
......@@ -312,6 +300,7 @@ serverdir = $(libdir)/@serverdir@
serverplugindir = $(libdir)@serverplugindir@
taskdir = $(datadir)@scripttemplatedir@
systemdsystemunitdir = @with_systemdsystemunitdir@
systemdsystemunitdropindir = @with_systemdsystemunitdir@/$(PACKAGE_NAME)@.service.d
systemdsystemconfdir = @with_systemdsystemconfdir@
systemdgroupname = @with_systemdgroupname@
initdir = @initdir@
......@@ -526,7 +515,6 @@ dist_noinst_HEADERS = \
ldap/servers/slapd/http.h \
ldap/servers/slapd/intrinsics.h \
ldap/servers/slapd/log.h \
ldap/servers/slapd/mozldap.h \
ldap/servers/slapd/openldapber.h \
ldap/servers/slapd/pblock_v3.h \
ldap/servers/slapd/poll_using_select.h \
......@@ -614,7 +602,7 @@ dist_noinst_HEADERS += \
src/libsds/external/liblfds711/src/lfds711_queue_unbounded_manyproducer_manyconsumer/lfds711_queue_unbounded_manyproducer_manyconsumer_internal.h
endif
if WITH_CMOCKA
if ENABLE_CMOCKA
dist_noinst_HEADERS += \
test/test_slapd.h \
src/libsds/test/test_sds.h \
......@@ -648,7 +636,6 @@ dist_noinst_DATA = \
$(srcdir)/LICENSE.* \
$(srcdir)/VERSION.sh \
$(srcdir)/wrappers/*.in \
$(srcdir)/wrappers/systemd.template.sysconfig \
$(srcdir)/dirsrvtests \
$(srcdir)/src/lib389/setup.py \
$(srcdir)/src/lib389
......@@ -761,7 +748,7 @@ install-data-hook:
mkdir -p $(DESTDIR)$(cockpitdir)
rsync -rupE src/cockpit/389-console/cockpit_dist/ $(DESTDIR)$(cockpitdir)
mkdir -p $(DESTDIR)$(metainfodir)
rsync -up src/cockpit/389-console/org.cockpit-project.389-console.metainfo.xml $(DESTDIR)$(metainfodir)/org.cockpit-project.389-console.metainfo.xml
rsync -up src/cockpit/389-console/org.port389.cockpit_console.metainfo.xml $(DESTDIR)$(metainfodir)/org.port389.cockpit_console.metainfo.xml
if ENABLE_PERL
sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
......@@ -894,6 +881,11 @@ if SYSTEMD
systemdsystemunit_DATA = wrappers/$(PACKAGE_NAME)@.service \
wrappers/$(systemdgroupname) \
wrappers/$(PACKAGE_NAME)-snmp.service
systemdsystemunitdropin_DATA = wrappers/$(PACKAGE_NAME)@.service.d/custom.conf
if with_sanitizer
systemdsystemunitdropin_DATA += wrappers/$(PACKAGE_NAME)@.service.d/xsan.conf
endif
else
if INITDDIR
init_SCRIPTS = wrappers/$(PACKAGE_NAME) \
......@@ -901,14 +893,9 @@ init_SCRIPTS = wrappers/$(PACKAGE_NAME) \
endif
endif
if SYSTEMD
initconfig_DATA = ldap/admin/src/$(PACKAGE_NAME) \
wrappers/$(PACKAGE_NAME).systemd
else
if INITDDIR
initconfig_DATA = ldap/admin/src/$(PACKAGE_NAME)
endif
endif
inf_DATA = ldap/admin/src/slapd.inf \
ldap/admin/src/scripts/dscreate.map \
......@@ -1273,12 +1260,10 @@ libns_dshttpd_la_SOURCES = lib/libaccess/access_plhash.cpp \
lib/libadmin/template.c \
lib/libadmin/util.c \
lib/base/crit.cpp \
lib/base/dns.cpp \
lib/base/dnsdmain.cpp \
lib/base/ereport.cpp \
lib/base/file.cpp \
lib/base/fsmutex.cpp \
lib/base/net.cpp \
lib/base/nscperror.c \
lib/base/plist.cpp \
lib/base/pool.cpp \
......@@ -1314,6 +1299,7 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \
ldap/servers/slapd/ch_malloc.c \
ldap/servers/slapd/computed.c \
ldap/servers/slapd/control.c \
ldap/servers/slapd/configdse.c \
ldap/servers/slapd/counters.c \
ldap/servers/slapd/csn.c \
ldap/servers/slapd/csngen.c \
......@@ -1395,8 +1381,8 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \
ldap/servers/slapd/slapi_pal.c \
$(libavl_a_SOURCES)
libslapd_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(SASL_INCLUDES) @db_inc@ @kerberos_inc@ @pcre_inc@ $(SDS_CPPFLAGS) $(SVRCORE_INCLUDES)
libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(KERBEROS_LINK) $(PCRE_LINK) $(THREADLIB) $(SYSTEMD_LINK) libsds.la libsvrcore.la
libslapd_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(SASL_CFLAGS) @db_inc@ $(KERBEROS_CFLAGS) $(PCRE_CFLAGS) $(SDS_CPPFLAGS) $(SVRCORE_INCLUDES)
libslapd_la_LIBADD = $(LDAPSDK_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(KERBEROS_LIBS) $(PCRE_LIBS) $(THREADLIB) $(SYSTEMD_LIBS) libsds.la libsvrcore.la
libslapd_la_LDFLAGS = $(AM_LDFLAGS) $(SLAPD_LDFLAGS)
......@@ -1614,8 +1600,8 @@ libcollation_plugin_la_SOURCES = ldap/servers/plugins/collation/collate.c \
ldap/servers/plugins/collation/config.c \
ldap/servers/plugins/collation/orfilter.c
libcollation_plugin_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) @icu_inc@
libcollation_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSPR_LINK) $(ICU_LINK) $(LIBCSTD) $(LIBCRUN)
libcollation_plugin_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(ICU_CFLAGS)
libcollation_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSPR_LINK) $(ICU_LIBS) $(LIBCSTD) $(LIBCRUN)
libcollation_plugin_la_DEPENDENCIES = libslapd.la
libcollation_plugin_la_LDFLAGS = -avoid-version
# libcollation_plugin_la_LINK = $(CXXLINK) -avoid-version
......@@ -1857,8 +1843,8 @@ libreplication_plugin_la_SOURCES = ldap/servers/plugins/replication/cl5_api.c \
ldap/servers/plugins/replication/windows_protocol_util.c \
ldap/servers/plugins/replication/windows_tot_protocol.c
libreplication_plugin_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) @icu_inc@ @db_inc@
libreplication_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSS_LINK) $(NSPR_LINK) $(ICU_LINK) $(DB_LINK)
libreplication_plugin_la_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(ICU_CFLAGS) @db_inc@
libreplication_plugin_la_LIBADD = libslapd.la $(LDAPSDK_LINK) $(NSS_LINK) $(NSPR_LINK) $(ICU_LIBS) $(DB_LINK)
libreplication_plugin_la_DEPENDENCIES = libslapd.la
libreplication_plugin_la_LDFLAGS = -avoid-version
......@@ -1981,7 +1967,7 @@ libwhoami_plugin_la_LDFLAGS = -avoid-version
#------------------------
dbscan_SOURCES = ldap/servers/slapd/tools/dbscan.c
dbscan_CPPFLAGS = @db_inc@ @nspr_inc@ $(AM_CPPFLAGS)
dbscan_CPPFLAGS = @db_inc@ $(NSPR_INCLUDES) $(AM_CPPFLAGS)
dbscan_LDADD = $(NSPR_LINK) $(DB_LINK)
#------------------------
......@@ -2021,7 +2007,7 @@ ldclt_SOURCES = ldap/servers/slapd/tools/ldaptool-sasl.c \
ldap/servers/slapd/tools/ldclt/version.c \
ldap/servers/slapd/tools/ldclt/workarounds.c
ldclt_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/ldap/servers/slapd/tools $(DSPLUGIN_CPPFLAGS) $(SASL_INCLUDES)
ldclt_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/ldap/servers/slapd/tools $(DSPLUGIN_CPPFLAGS) $(SASL_CFLAGS)
ldclt_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) $(THREADLIB)
#------------------------
......@@ -2069,7 +2055,6 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
ldap/servers/slapd/bind.c \
ldap/servers/slapd/compare.c \
ldap/servers/slapd/config.c \
ldap/servers/slapd/configdse.c \
ldap/servers/slapd/connection.c \
ldap/servers/slapd/conntable.c \
ldap/servers/slapd/daemon.c \
......@@ -2098,9 +2083,9 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
ldap/servers/slapd/unbind.c \
$(GETSOCKETPEER)
ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(SASL_INCLUDES) $(SVRCORE_INCLUDES)
ns_slapd_CPPFLAGS = $(AM_CPPFLAGS) $(DSPLUGIN_CPPFLAGS) $(SASL_CFLAGS) $(SVRCORE_INCLUDES)
ns_slapd_LDADD = libnunc-stans.la libslapd.la libldaputil.la libsvrcore.la $(LDAPSDK_LINK) $(NSS_LINK) $(LIBADD_DL) \
$(NSPR_LINK) $(SASL_LINK) $(LIBNSL) $(LIBSOCKET) $(THREADLIB) $(SYSTEMD_LINK) $(EVENT_LINK)
$(NSPR_LINK) $(SASL_LINK) $(LIBNSL) $(LIBSOCKET) $(THREADLIB) $(SYSTEMD_LIBS) $(EVENT_LINK)
ns_slapd_DEPENDENCIES = libslapd.la libnunc-stans.la libldaputil.la
# We need to link ns-slapd with the C++ compiler on HP-UX since we load
# some C++ shared libraries (such as icu).
......@@ -2133,7 +2118,7 @@ rsearch_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBSOCKE
#-------------------------
# CMOCKA TEST PROGRAMS
#-------------------------
if WITH_CMOCKA
if ENABLE_CMOCKA
check_PROGRAMS = test_slapd \
test_libsds \
......@@ -2229,17 +2214,12 @@ fixupcmd = sed \
-e 's,@sbindir\@,$(sbindir),g' \
-e 's,@libdir\@,$(libdir),g' \
-e 's,@libexecdir\@,$(libexecdir),g' \
-e 's,@nspr_libdir\@,$(nspr_libdir),g' \
-e 's,@nss_libdir\@,$(nss_libdir),g' \
-e 's,@ldapsdk_libdir\@,$(ldapsdk_libdir),g' \
-e 's,@ldapsdk_bindir\@,$(ldapsdk_bindir),g' \
-e 's,@ldaptool_bindir\@,$(ldaptool_bindir),g' \
-e 's,@ldaptool_opts\@,$(ldaptool_opts),g' \
-e 's,@plainldif_opts\@,$(plainldif_opts),g' \
-e 's,@db_libdir\@,$(db_libdir),g' \
-e 's,@db_bindir\@,$(db_bindir),g' \
-e 's,@sasl_libdir\@,$(sasl_libdir),g' \
-e 's,@sasl_path\@,@sasl_path@,g' \
-e 's,@netsnmp_libdir\@,$(netsnmp_libdir),g' \
-e 's,@pcre_libdir\@,$(pcre_libdir),g' \
-e 's,@propertydir\@,$(propertydir),g' \
......@@ -2336,17 +2316,18 @@ endif
# yes, that is an @ in the filename . . .
%/$(PACKAGE_NAME)@.service: %/systemd.template.service.in
if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
if [ ! -z ${SANITIZER} ] ; then \
service_template=$(shell echo $^ | sed 's/template/template.xsan/g'); \
else \
service_template=$^; \
fi; \
$(fixupcmd) $$service_template > $@
$(fixupcmd) $^ > $@
%/$(PACKAGE_NAME).systemd: %/systemd.template.sysconfig
%/$(PACKAGE_NAME)@.service.d/custom.conf: %/systemd.template.service.custom.conf.in
if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
$(fixupcmd) $^ > $@
if with_sanitizer
%/$(PACKAGE_NAME)@.service.d/xsan.conf: %/systemd.template.service.xsan.conf.in
if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
$(fixupcmd) $^ > $@
endif
%/$(systemdgroupname): %/systemd.group.in
if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
$(fixupcmd) $^ > $@
......
VERSION.sh
View file @ 74833414
......@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=4
VERSION_MAINT=0.20
VERSION_MAINT=1.5
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL=
VERSION_DATE=$(date -u +%Y%m%d)
......
autogen.sh
View file @ 74833414
......@@ -35,12 +35,16 @@ checkvers() {
vers="$1"; shift
needmaj="$1"; shift
needmin="$1"; shift
if [ "$#" != "0" ]; then
needrev="$1"; shift
fi
verslist=`echo $vers | tr '.' ' '`
set $verslist
maj=$1; shift
min=$1; shift
if [ "$#" != "0" ]; then
rev=$1; shift
fi
if [ "$maj" -gt "$needmaj" ] ; then return 0; fi
if [ "$maj" -lt "$needmaj" ] ; then return 1; fi
# if we got here, maj == needmaj
......
configure.ac
View file @ 74833414
......@@ -34,6 +34,7 @@ AC_PROG_CC
AM_PROG_CC_C_O
AM_PROG_AS
AC_PROG_CC_STDC
PKG_PROG_PKG_CONFIG
# disable static libs by default - we only use a couple
AC_DISABLE_STATIC
......@@ -75,7 +76,7 @@ AC_FUNC_STAT
AC_FUNC_STRERROR_R
AC_FUNC_STRFTIME
AC_FUNC_VPRINTF
AC_CHECK_FUNCS([endpwent ftruncate getcwd gethostbyname inet_ntoa localtime_r memmove memset mkdir munmap putenv rmdir setrlimit socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset])
AC_CHECK_FUNCS([endpwent ftruncate getcwd getaddrinfo inet_pton inet_ntop localtime_r memmove memset mkdir munmap putenv rmdir setrlimit socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset])
# These functions are *required* without option.
AC_CHECK_FUNCS([clock_gettime], [], AC_MSG_ERROR([unable to locate required symbol clock_gettime]))
......@@ -195,6 +196,8 @@ AC_SUBST([ubsan_cflags])
AC_SUBST([ubsan_rust_defs])
AM_CONDITIONAL(enable_ubsan,test "$enable_ubsan" = "yes")
AM_CONDITIONAL(with_sanitizer,test "$enable_asan" = "yes" -o "$enable_msan" = "yes" -o "$enable_tsan" = "yes" -o "$enable_ubsan" = "yes")
# Enable CLANG
AC_MSG_CHECKING(for --enable-clang)
AC_ARG_ENABLE(clang, AS_HELP_STRING([--enable-clang], [Enable clang (default: no)]),
......@@ -208,10 +211,10 @@ AM_CONDITIONAL(CLANG_ENABLE,test "$enable_clang" = "yes")
# Enable Perl
if test -z "$enable_perl" ; then
enable_perl=yes
enable_perl=no
fi
AC_MSG_CHECKING(for --enable-perl)
AC_ARG_ENABLE(perl, AS_HELP_STRING([--enable-perl], [Enable perl and shell script wrappers (default: yes)])
AC_ARG_ENABLE(perl, AS_HELP_STRING([--enable-perl], [Enable deprecated legacy perl and shell scripts (default: no)]),
[
AC_MSG_RESULT(yes)
],
......@@ -504,7 +507,7 @@ defaultgroup=dirsrv
AC_MSG_CHECKING(for --with-perldir)
AC_ARG_WITH([perldir],
AS_HELP_STRING([--with-perldir=PATH],
[Directory for perl)])
[Directory for perl])
)
if test -n "$with_perldir"; then
if test "$with_perldir" = yes ; then
......@@ -521,7 +524,7 @@ fi
AC_MSG_CHECKING(for --with-pythonexec)
AC_ARG_WITH([pythonexec],
AS_HELP_STRING([--with-pythonexec=PATH],
[Path to executable for python)])
[Path to executable for python])
)
if test -n "$with_pythonexec"; then
if test "$with_pythonexec" = yes ; then
......@@ -815,51 +818,80 @@ AM_CONDITIONAL([FREEBSD],[test "$platform" = "freebsd"])
AM_CONDITIONAL([SPARC],[test "x$TARGET" = xSPARC])
# Check for library dependencies
m4_include(m4/event.m4)
m4_include(m4/nspr.m4)
m4_include(m4/nss.m4)
PKG_CHECK_MODULES([EVENT], [libevent])
if $PKG_CONFIG --exists nspr; then
PKG_CHECK_MODULES([NSPR], [nspr])
else
PKG_CHECK_MODULES([NSPR], [dirsec-nspr])
fi
if $PKG_CONFIG --exists nss; then
PKG_CHECK_MODULES([NSS], [nss])
nss_libdir=`$PKG_CONFIG --libs-only-L nss | sed -e s/-L// | sed -e s/\ .*$//`
else
PKG_CHECK_MODULES([NSS], [dirsec-nss])
nss_libdir=`$PKG_CONFIG --libs-only-L dirsec-nss | sed -e s/-L// | sed -e s/\ .*$//`
fi
AC_SUBST(nss_libdir)
m4_include(m4/openldap.m4)
m4_include(m4/mozldap.m4)
m4_include(m4/db.m4)
m4_include(m4/sasl.m4)
m4_include(m4/icu.m4)
PKG_CHECK_MODULES([SASL], [libsasl2])
PKG_CHECK_MODULES([ICU], [icu-i18n >= 60.2])
m4_include(m4/netsnmp.m4)
m4_include(m4/kerberos.m4)
m4_include(m4/pcre.m4)
PKG_CHECK_MODULES([KERBEROS], [krb5])
krb5_vendor=`$PKG_CONFIG --variable=vendor krb5`
if test "$krb5_vendor" = "MIT"; then
AC_DEFINE(HAVE_KRB5, 1, [Define if you have Kerberos V])
save_LIBS="$LIBS"
LIBS="$KERBEROS_LIBS"
AC_CHECK_FUNCS([krb5_cc_new_unique])
LIBS="$save_LIBS"
elif test "$krb5_vendor" = "Heimdal"; then
AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1, [Define if you have Heimdal Kerberos])
fi
if $PKG_CONFIG --exists pcre; then
PKG_CHECK_MODULES([PCRE], [pcre])
pcre_libdir=`$PKG_CONFIG --libs-only-L pcre | sed -e s/-L// | sed -e s/\ .*$//`
else
PKG_CHECK_MODULES([PCRE], [libpcre])
pcre_libdir=`$PKG_CONFIG --libs-only-L libpcre | sed -e s/-L// | sed -e s/\ .*$//`
fi
AC_SUBST(pcre_libdir)
m4_include(m4/selinux.m4)
m4_include(m4/systemd.m4)
m4_include(m4/cmocka.m4)
AC_MSG_CHECKING(whether to enable cmocka unit tests)
AC_ARG_ENABLE(cmocka, AS_HELP_STRING([--enable-cmocka], [Enable cmocka unit tests (default: no)]))
if test "x$enable_cmocka" = "xyes"; then
AC_MSG_RESULT(yes)
PKG_CHECK_MODULES([CMOCKA], [cmocka])
AC_DEFINE([ENABLE_CMOCKA], [1], [Enable cmocka unit tests])
else
AC_MSG_RESULT(no)
fi
AM_CONDITIONAL([ENABLE_CMOCKA], [test "x$enable_cmocka" = "xyes"])
m4_include(m4/doxygen.m4)
PACKAGE_BASE_VERSION=`echo $PACKAGE_VERSION | awk -F\. '{print $1"."$2}'`
AC_SUBST(PACKAGE_BASE_VERSION)
# set sasl_path for wrapper scripts
if test -z "$sasl_libdir" ; then
sasl_path="$libdir/sasl2"
else
sasl_path="$sasl_libdir/sasl2"
fi
AM_CONDITIONAL(OPENLDAP,test "$with_openldap" = "yes")
# write out paths for binary components
AC_SUBST(ldapsdk_inc)
AC_SUBST(ldapsdk_lib)
AC_SUBST(ldapsdk_libdir)
AC_SUBST(ldapsdk_bindir)
AC_SUBST(ldaplib)
AC_SUBST(ldaplib_defs)
AC_SUBST(ldaptool_bindir)
AC_SUBST(ldaptool_opts)
AC_SUBST(plainldif_opts)
AC_SUBST(sasl_inc)
AC_SUBST(sasl_lib)
AC_SUBST(sasl_libdir)
AC_SUBST(sasl_path)
AC_SUBST(pcre_inc)
AC_SUBST(pcre_lib)
AC_SUBST(pcre_libdir)
AC_SUBST(nunc_stans_inc)
AC_SUBST(nunc_stans_lib)
AC_SUBST(nunc_stans_libdir)
......
dirsrvtests/pytest.ini 0 → 100644
View file @ 74833414
[pytest]
markers =
tier0: mark a test as part of tier0
tier1: mark a test as part of tier1
tier2: mark a test as part of tier2
tier3: mark a test as part of tier3
dirsrvtests/tests/perf/memberof_test.py
View file @ 74833414
......@@ -18,6 +18,8 @@ from lib389._constants import SUFFIX, DN_SCHEMA, DN_DM, DEFAULT_SUFFIX, PASSWORD
PLUGIN_MANAGED_ENTRY, PLUGIN_AUTOMEMBER, DN_CONFIG_LDBM, HOST_STANDALONE, PORT_STANDALONE
from lib389.topologies import topology_st as topo
pytestmark = pytest.mark.tier3
MEMOF_PLUGIN = ('cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config')
MAN_ENTRY_PLUGIN = ('cn=' + PLUGIN_MANAGED_ENTRY + ',cn=plugins,cn=config')
AUTO_MEM_PLUGIN = ('cn=' + PLUGIN_AUTOMEMBER + ',cn=plugins,cn=config')
......
dirsrvtests/tests/stress/cos/cos_scale_template_test.py
View file @ 74833414
......@@ -20,6 +20,8 @@ from lib389._constants import DEFAULT_SUFFIX
import time
pytestmark = pytest.mark.tier3
# Given this should complete is about 0.005, this is generous.
# For the final test with 20 templates, about 0.02 is an acceptable time.
THRESHOLD = 0.05
......
dirsrvtests/tests/stress/reliabilty/reliab_7_5_test.py
View file @ 74833414
......@@ -21,6 +21,8 @@ from lib389.utils import *
from lib389.idm.directorymanager import DirectoryManager
pytestmark = pytest.mark.tier3
logging.getLogger(__name__).setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s' +
' - %(message)s')
......
dirsrvtests/tests/stress/reliabilty/reliab_conn_test.py
View file @ 74833414
......@@ -6,20 +6,18 @@ import logging
import pytest
import signal
import threading
from lib389 import DirSrv
from lib389.tools import DirSrvTools
from lib389._constants import *
from lib389.properties import *
from lib389.tasks import *
from lib389.utils import *
from lib389.idm.directorymanager import DirectoryManager
from lib389.idm.user import UserAccounts
from lib389.topologies import topology_st
DEBUGGING = os.getenv('DEBUGGING', default=False)
pytestmark = pytest.mark.tier3
if DEBUGGING:
logging.getLogger(__name__).setLevel(logging.DEBUG)
else:
logging.getLogger(__name__).setLevel(logging.INFO)
log = logging.getLogger(__name__)
MAX_CONNS = 10000000
......@@ -27,45 +25,7 @@ MAX_THREADS = 20
STOP = False
HOSTNAME = DirSrvTools.getLocalhost()
PORT = 389
class TopologyStandalone(object):
"""The DS Topology Class"""
def __init__(self, standalone):
"""Init"""
standalone.open()
self.standalone = standalone
@pytest.fixture(scope="module")
def topology(request):
"""Create DS Deployment"""
# Creating standalone instance ...
standalone = DirSrv(verbose=DEBUGGING)
args_instance[SER_HOST] = HOST_STANDALONE
args_instance[SER_PORT] = PORT_STANDALONE
args_instance[SER_SECURE_PORT] = SECUREPORT_STANDALONE
args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
args_standalone = args_instance.copy()
standalone.allocate(args_standalone)
instance_standalone = standalone.exists()
if instance_standalone:
standalone.delete()
standalone.create()
standalone.open()
def fin():
"""If we are debugging just stop the instances, otherwise remove them
"""
if DEBUGGING:
standalone.stop()
else:
standalone.delete()
request.addfinalizer(fin)
return TopologyStandalone(standalone)
NUNC_STANS = False
def signalHandler(signal, frame):
......@@ -81,35 +41,15 @@ def init(inst):
"""Set the idle timeout, and add sample entries
"""
try:
inst.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
'nsslapd-idletimeout',
'5')])
except ldap.LDAPError as e:
log.fatal('Failed to set idletimeout: ' + str(e))
assert False
try:
inst.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
'nsslapd-enable-nunc-stans',
'on')])
except ldap.LDAPError as e:
log.fatal('Failed to enable nunc-stans: ' + str(e))
assert False
inst.config.set('nsslapd-idletimeout', '5')
if NUNC_STANS:
inst.config.set('nsslapd-enable-nunc-stans', 'on')
inst.restart()
users = UserAccounts(inst, DEFAULT_SUFFIX)
for idx in range(0, 9):
user_dn = 'uid=entry%d,%s' % (idx, DEFAULT_SUFFIX)
try:
inst.add_s(Entry((user_dn,
{'objectclass': ['top', 'extensibleObject'],
'uid': 'entry%d' % idx,
'cn': 'entry%d' % idx,
'userpassword': 'password'})))
except ldap.LDAPError as e:
log.fatal('Failed to add user entry (%s): %s' % (user_dn, str(e)))
assert False
inst.restart()
user = users.create_test_user(uid=str(idx), gid=str(idx))
user.reset_password('password')
class BindOnlyConn(threading.Thread):
......@@ -146,7 +86,7 @@ class IdleConn(threading.Thread):
"""This class opens and closes connections
"""
def __init__(self, inst):
"""Initialize the thread class withte server isntance info"""
"""Initialize the thread class with the server instance info"""
threading.Thread.__init__(self)
self.daemon = True
self.inst = inst
......@@ -160,7 +100,7 @@ class IdleConn(threading.Thread):
while idx < (MAX_CONNS / 10) and not STOP:
try:
conn = self.inst.clone()
conn.simple_bind_s('uid=entry0,dc=example,dc=com', 'password')
conn.simple_bind_s('uid=test_user_0,dc=example,dc=com', 'password')
conn.search_s('dc=example,dc=com', ldap.SCOPE_SUBTREE,
'uid=*')
time.sleep(10)
......@@ -217,7 +157,7 @@ class LongConn(threading.Thread):
idx += 1
def test_connection_load(topology):
def test_connection_load(topology_st):
"""Send the server a variety of connections using many threads:
- Open, Bind, Close
- Open, Bind, Search, wait to trigger idletimeout, Search, Close
......@@ -229,7 +169,7 @@ def test_connection_load(topology):
# Set the config and add sample entries
log.info('Initializing setup...')
init(topology.standalone)
init(topology_st.standalone)
#
# Bind/Unbind Conn Threads
......@@ -238,7 +178,7 @@ def test_connection_load(topology):
threads = []
idx = 0
while idx < MAX_THREADS:
threads.append(BindOnlyConn(topology.standalone))
threads.append(BindOnlyConn(topology_st.standalone))
idx += 1
for thread in threads:
thread.start()
......@@ -251,7 +191,7 @@ def test_connection_load(topology):
idx = 0
idle_threads = []
while idx < MAX_THREADS:
idle_threads.append(IdleConn(topology.standalone))
idle_threads.append(IdleConn(topology_st.standalone))
idx += 1
for thread in idle_threads:
thread.start()
......@@ -264,7 +204,7 @@ def test_connection_load(topology):
idx = 0
long_threads = []
while idx < MAX_THREADS:
long_threads.append(LongConn(topology.standalone))
long_threads.append(LongConn(topology_st.standalone))
idx += 1
for thread in long_threads:
thread.start()
......@@ -285,4 +225,3 @@ if __name__ == '__main__':
# -s for DEBUG mode
CURRENT_FILE = os.path.realpath(__file__)
pytest.main("-s %s" % CURRENT_FILE)
dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py
View file @ 74833414
......@@ -12,6 +12,8 @@ from lib389.tasks import *
from lib389.utils import *
from lib389.repltools import ReplTools
pytestmark = pytest.mark.tier3
logging.getLogger(__name__).setLevel(logging.INFO)
log = logging.getLogger(__name__)
......
dirsrvtests/tests/stress/replication/mmr_01_4m_test.py
View file @ 74833414
......@@ -12,6 +12,8 @@ from lib389.tasks import *
from lib389.utils import *
from lib389.repltools import ReplTools
pytestmark = pytest.mark.tier3
logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
......
dirsrvtests/tests/suites/acl/acivattr_test.py 0 → 100644
View file @ 74833414
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2019 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
import pytest, os, ldap
from lib389._constants import DEFAULT_SUFFIX, PW_DM
from lib389.idm.user import UserAccount
from lib389.idm.organization import Organization
from lib389.idm.organizationalunit import OrganizationalUnit
from lib389.cos import CosTemplate, CosClassicDefinition
from lib389.topologies import topology_st as topo
from lib389.idm.nscontainer import nsContainer
from lib389.idm.domain import Domain
from lib389.idm.role import FilterRoles
pytestmark = pytest.mark.tier1
DNBASE = "o=acivattr,{}".format(DEFAULT_SUFFIX)
ENG_USER = "cn=enguser1,ou=eng,{}".format(DNBASE)
SALES_UESER = "cn=salesuser1,ou=sales,{}".format(DNBASE)
ENG_MANAGER = "cn=engmanager1,ou=eng,{}".format(DNBASE)
SALES_MANAGER = "cn=salesmanager1,ou=sales,{}".format(DNBASE)
SALES_OU = "ou=sales,{}".format(DNBASE)
ENG_OU = "ou=eng,{}".format(DNBASE)
FILTERROLESALESROLE = "cn=FILTERROLESALESROLE,{}".format(DNBASE)
FILTERROLEENGROLE = "cn=FILTERROLEENGROLE,{}".format(DNBASE)
@pytest.fixture(scope="function")
def aci_of_user(request, topo):
aci_list = Domain(topo.standalone, DEFAULT_SUFFIX).get_attr_vals('aci')
def finofaci():
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
domain.set('aci', None)
for i in aci_list:
domain.add("aci", i)
request.addfinalizer(finofaci)
@pytest.fixture(scope="function")
def _add_user(request, topo):
org = Organization(topo.standalone).create(properties={"o": "acivattr"}, basedn=DEFAULT_SUFFIX)
org.add('aci', '(targetattr="*")(targetfilter="(nsrole=*)")(version 3.0; aci "tester"; '
'allow(all) userdn="ldap:///cn=enguser1,ou=eng,o=acivattr,{}";)'.format(DEFAULT_SUFFIX))
ou = OrganizationalUnit(topo.standalone, "ou=eng,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'eng'})
ou = OrganizationalUnit(topo.standalone, "ou=sales,o=acivattr,{}".format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'sales'})
roles = FilterRoles(topo.standalone, DNBASE)
roles.create(properties={'cn':'FILTERROLEENGROLE', 'nsRoleFilter':'cn=eng*'})
roles.create(properties={'cn': 'FILTERROLESALESROLE', 'nsRoleFilter': 'cn=sales*'})
nsContainer(topo.standalone,
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(
properties={'cn': 'cosTemplates'})
properties = {'employeeType': 'EngType', 'cn':'"cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com'}
CosTemplate(topo.standalone,'cn="cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX)).\
create(properties=properties)
properties = {'employeeType': 'SalesType', 'cn': '"cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com'}
CosTemplate(topo.standalone,
'cn="cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,'
'o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(properties=properties)
properties = {
'cosTemplateDn': 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX),
'cosAttribute': 'employeeType', 'cosSpecifier': 'nsrole', 'cn': 'cosClassicGenerateEmployeeTypeUsingnsrole'}
CosClassicDefinition(topo.standalone,
'cn=cosClassicGenerateEmployeeTypeUsingnsrole,o=acivattr,{}'.format(DEFAULT_SUFFIX)).create(
properties=properties)
properties = {
'uid': 'salesuser1',
'cn': 'salesuser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesuser1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=salesuser1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'salesmanager1',
'cn': 'salesmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'salesmanager1',
'userPassword': PW_DM,
}
user = UserAccount(topo.standalone, 'cn=salesmanager1,ou=sales,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'enguser1',
'cn': 'enguser1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'enguser1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=enguser1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
properties = {
'uid': 'engmanager1',
'cn': 'engmanager1',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'engmanager1',
'userPassword': PW_DM
}
user = UserAccount(topo.standalone, 'cn=engmanager1,ou=eng,o=acivattr,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
def fin():
for DN in [ENG_USER,SALES_UESER,ENG_MANAGER,SALES_MANAGER,FILTERROLESALESROLE,FILTERROLEENGROLE,ENG_OU,SALES_OU,
'cn="cn=filterRoleEngRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,dc=example,dc=com',
'cn="cn=filterRoleSalesRole,o=acivattr,dc=example,dc=com",'
'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX), 'cn=cosClassicGenerateEmployeeTypeUsingnsroleTemplates,o=acivattr,{}'.format(DEFAULT_SUFFIX),
'cn=cosClassicGenerateEmployeeTypeUsingnsrole,o=acivattr,{}'.format(DEFAULT_SUFFIX), DNBASE]:
UserAccount(topo.standalone, DN).delete()
request.addfinalizer(fin)
REAL_EQ_ACI = '(targetattr="*")(targetfilter="(cn=engmanager1)") (version 3.0; acl "real-eq"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
REAL_PRES_ACI = '(targetattr="*")(targetfilter="(cn=*)") (version 3.0; acl "real-pres"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
REAL_SUB_ACI = '(targetattr="*")(targetfilter="(cn=eng*)") (version 3.0; acl "real-sub"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
ROLE_EQ_ACI = '(targetattr="*")(targetfilter="(nsrole=cn=filterroleengrole,o=sun.com)") (version 3.0; acl "role-eq"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
ROLE_PRES_ACI = '(targetattr="*")(targetfilter="(nsrole=*)") (version 3.0; acl "role-pres"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
ROLE_SUB_ACI = '(targetattr="*")(targetfilter="(nsrole=cn=filterroleeng*)") (version 3.0; acl "role-sub"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
COS_EQ_ACI = '(targetattr="*")(targetfilter="(employeetype=engtype)") (version 3.0; acl "cos-eq"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
COS_PRES_ACI = '(targetattr="*")(targetfilter="(employeetype=*)") (version 3.0; acl "cos-pres"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
COS_SUB_ACI = '(targetattr="*")(targetfilter="(employeetype=eng*)") (version 3.0; acl "cos-sub"; allow (all) userdn="ldap:///{}";)'.format(ENG_USER)
LDAPURL_ACI = '(targetattr="*")(version 3.0; acl "url"; allow (all) userdn="ldap:///o=acivattr,dc=example,dc=com??sub?(nsrole=*eng*)";)'
@pytest.mark.parametrize("user,entry,aci", [
(ENG_USER, ENG_MANAGER, REAL_EQ_ACI),
(ENG_USER, ENG_MANAGER, REAL_PRES_ACI),
(ENG_USER, ENG_MANAGER, REAL_SUB_ACI),
(ENG_USER, ENG_MANAGER, ROLE_PRES_ACI),
(ENG_USER, ENG_MANAGER, ROLE_SUB_ACI),
(ENG_USER, ENG_MANAGER, COS_EQ_ACI),
(ENG_USER, ENG_MANAGER, COS_PRES_ACI),
(ENG_USER, ENG_MANAGER, COS_SUB_ACI),
(ENG_USER, ENG_MANAGER, LDAPURL_ACI),
], ids=[
"(ENG_USER, ENG_MANAGER, REAL_EQ_ACI)",
"(ENG_USER, ENG_MANAGER, REAL_PRES_ACI)",
"(ENG_USER, ENG_MANAGER, REAL_SUB_ACI)",
"(ENG_USER, ENG_MANAGER, ROLE_PRES_ACI)",
'(ENG_USER, ENG_MANAGER, ROLE_SUB_ACI)',
'(ENG_USER, ENG_MANAGER, COS_EQ_ACI)',
'(ENG_USER, ENG_MANAGER, COS_PRES_ACI)',
'(ENG_USER, ENG_MANAGER, COS_SUB_ACI)',
'(ENG_USER, ENG_MANAGER, LDAPURL_ACI)',
])
def test_positive(topo, _add_user, aci_of_user, user, entry, aci):
"""
:id: ba6d5e9c-786b-11e8-860d-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. ACI role should be followed
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# set aci
Domain(topo.standalone, DNBASE).set("aci", aci)
# create connection
conn = UserAccount(topo.standalone, user).bind(PW_DM)
# according to the aci , user will be able to change description
UserAccount(conn, entry).replace("description", "Fred")
assert UserAccount(conn, entry).present('description')
@pytest.mark.parametrize("user,entry,aci", [
(ENG_USER, SALES_MANAGER, REAL_EQ_ACI),
(ENG_USER, SALES_OU, REAL_PRES_ACI),
(ENG_USER, SALES_MANAGER, REAL_SUB_ACI),
(ENG_USER, SALES_MANAGER, ROLE_EQ_ACI),
(ENG_USER, SALES_OU, ROLE_PRES_ACI),
(ENG_USER, SALES_MANAGER, ROLE_SUB_ACI),
(ENG_USER, SALES_MANAGER, COS_EQ_ACI),
(ENG_USER, SALES_OU, COS_PRES_ACI),
(ENG_USER, SALES_MANAGER, COS_SUB_ACI),
(SALES_UESER, SALES_MANAGER, LDAPURL_ACI),
(ENG_USER, ENG_MANAGER, ROLE_EQ_ACI),
], ids=[
"(ENG_USER, SALES_MANAGER, REAL_EQ_ACI)",
"(ENG_USER, SALES_OU, REAL_PRES_ACI)",
"(ENG_USER, SALES_MANAGER, REAL_SUB_ACI)",
"(ENG_USER, SALES_MANAGER, ROLE_EQ_ACI)",
"(ENG_USER, SALES_MANAGER, ROLE_PRES_ACI)",
'(ENG_USER, SALES_MANAGER, ROLE_SUB_ACI)',
'(ENG_USER, SALES_MANAGER, COS_EQ_ACI)',
'(ENG_USER, SALES_MANAGER, COS_PRES_ACI)',
'(ENG_USER, SALES_MANAGER, COS_SUB_ACI)',
'(SALES_UESER, SALES_MANAGER, LDAPURL_ACI)',
'(ENG_USER, ENG_MANAGER, ROLE_EQ_ACI)'
])
def test_negative(topo, _add_user, aci_of_user, user, entry, aci):
"""
:id: c4c887c2-786b-11e8-a328-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. ACI role should be followed
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# set aci
Domain(topo.standalone, DNBASE).set("aci", aci)
# create connection
conn = UserAccount(topo.standalone, user).bind(PW_DM)
# according to the aci , user will not be able to change description
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
UserAccount(conn, entry).replace("description", "Fred")
if __name__ == "__main__":
CURRENT_FILE = os.path.realpath(__file__)
pytest.main("-s -v %s" % CURRENT_FILE)
dirsrvtests/tests/suites/acl/acl_deny_test.py
View file @ 74833414
......@@ -8,6 +8,8 @@ from lib389.topologies import topology_st as topo
from lib389.idm.user import UserAccount, UserAccounts, TEST_USER_PROPERTIES
from lib389.idm.domain import Domain
pytestmark = pytest.mark.tier1
DEBUGGING = os.getenv("DEBUGGING", default=False)
if DEBUGGING:
logging.getLogger(__name__).setLevel(logging.DEBUG)
......
dirsrvtests/tests/suites/acl/acl_test.py
View file @ 74833414
......@@ -18,6 +18,8 @@ from lib389.idm.organizationalrole import OrganizationalRole, OrganizationalRole
from lib389.topologies import topology_m2
from lib389._constants import SUFFIX, DN_SCHEMA, DN_DM, DEFAULT_SUFFIX, PASSWORD
pytestmark = pytest.mark.tier1
logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
......
dirsrvtests/tests/suites/acl/conftest.py 0 → 100644
View file @ 74833414
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2019 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ----
"""
This is the config file for keywords test scripts.
"""
import pytest
from lib389._constants import DEFAULT_SUFFIX, PW_DM
from lib389.idm.user import UserAccounts
from lib389.idm.organizationalunit import OrganizationalUnit, OrganizationalUnits
from lib389.topologies import topology_st as topo
from lib389.idm.domain import Domain
@pytest.fixture(scope="function")
def aci_of_user(request, topo):
"""
Removes and Restores ACIs after the test.
"""
aci_list = Domain(topo.standalone, DEFAULT_SUFFIX).get_attr_vals_utf8('aci')
def finofaci():
"""
Removes and Restores ACIs after the test.
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
domain.remove_all('aci')
for aci in aci_list:
domain.add("aci", aci)
request.addfinalizer(finofaci)
@pytest.fixture(scope="module")
def add_user(request, topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
ous_origin = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_origin = ous_origin.create(properties={'ou': 'Keywords'})
ous_next = OrganizationalUnits(topo.standalone, ou_origin.dn)
for ou in ['Authmethod', 'Dayofweek', 'DNS', 'IP', 'Timeofday']:
ous_next.create(properties={'ou': ou})
users_day_of_week = UserAccounts(topo.standalone, f"ou=Dayofweek,ou=Keywords,{DEFAULT_SUFFIX}", rdn=None)
for user in ['EVERYDAY_KEY', 'TODAY_KEY', 'NODAY_KEY']:
users_day_of_week.create(properties={
'uid': user,
'cn': user,
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + user,
'userPassword': PW_DM
})
users_ip = UserAccounts(topo.standalone, f"ou=IP,ou=Keywords,{DEFAULT_SUFFIX}", rdn=None)
for user in ['FULLIP_KEY', 'NETSCAPEIP_KEY', 'NOIP_KEY']:
users_ip.create(properties={
'uid': user,
'cn': user,
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + user,
'userPassword': PW_DM
})
users_timeof_day = UserAccounts(topo.standalone, f"ou=Timeofday,ou=Keywords,{DEFAULT_SUFFIX}", rdn=None)
for user in ['FULLWORKER_KEY', 'DAYWORKER_KEY', 'NOWORKER_KEY', 'NIGHTWORKER_KEY']:
users_timeof_day.create(properties={
'uid': user,
'cn': user,
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + user,
'userPassword': PW_DM
})
users_authmethod = UserAccounts(topo.standalone, f"ou=Authmethod,ou=Keywords,{DEFAULT_SUFFIX}", rdn=None)
for user in ['NONE_1_KEY', 'NONE_2_KEY', 'SIMPLE_1_KEY']:
users_authmethod.create(properties={
'uid': user,
'cn': user,
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + user,
'userPassword': PW_DM
})
users_dns = UserAccounts(topo.standalone, f"ou=DNS,ou=Keywords,{DEFAULT_SUFFIX}", rdn=None)
for user in ['FULLDNS_KEY', 'SUNDNS_KEY', 'NODNS_KEY', 'NETSCAPEDNS_KEY']:
users_dns.create(properties={
'uid': user,
'cn': user,
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + user,
'userPassword': PW_DM
})
def fin():
"""
Deletes entries after the test.
"""
for user in users_day_of_week.list() + users_ip.list() + users_timeof_day.list() + \
users_authmethod.list() + users_dns.list():
user.delete()
for ou in sorted(ous_next.list(), key=lambda x: len(x.dn), reverse=True):
ou.delete()
request.addfinalizer(fin)
dirsrvtests/tests/suites/acl/deladd_test.py 0 → 100644
View file @ 74833414
# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2019 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
"""
Importing necessary Modules.
"""
import os
import pytest
from lib389._constants import DEFAULT_SUFFIX, PW_DM
from lib389.idm.user import UserAccount, UserAccounts
from lib389.idm.group import Groups
from lib389.idm.organizationalunit import OrganizationalUnit, OrganizationalUnits
from lib389.topologies import topology_st as topo
from lib389.idm.domain import Domain
import ldap
pytestmark = pytest.mark.tier1
USER_WITH_ACI_DELADD = 'uid=test_user_1000,ou=People,dc=example,dc=com'
USER_DELADD = 'uid=test_user_1,ou=Accounting,dc=example,dc=com'
@pytest.fixture(scope="function")
def _aci_of_user(request, topo):
"""
Removes and Restores ACIs after the test.
"""
aci_list = Domain(topo.standalone, DEFAULT_SUFFIX).get_attr_vals('aci')
def finofaci():
"""
Removes and Restores ACIs after the test.
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
domain.remove_all('aci')
for i in aci_list:
domain.add("aci", i)
request.addfinalizer(finofaci)
@pytest.fixture(scope="function")
def _add_user(request, topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
user = users.create_test_user()
user.set("userPassword", PW_DM)
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ous.create(properties={'ou':'Accounting'})
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn='ou=Accounting')
for i in range(1, 3):
user = users.create_test_user(uid=i, gid=i)
user.set("userPassword", PW_DM)
def fin():
"""
Deletes entries after the test.
"""
users1 = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
for dn_dn in users1.list():
dn_dn.delete()
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
for dn_dn in groups.list():
dn_dn.delete()
ou_ou = OrganizationalUnit(topo.standalone, f'ou=Accounting,{DEFAULT_SUFFIX}')
ou_ou.delete()
request.addfinalizer(fin)
def test_allow_delete_access_to_groupdn(topo, _add_user, _aci_of_user):
"""
Test allow delete access to groupdn
:id: 7cf15992-68ad-11e8-85af-54e1ad30572c
:setup: topo.standalone
:steps:
1. Add test entry
2. Add ACI that allows groupdn to delete
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Delete operation should succeed
4. Delete operation for ACI should succeed
"""
# Create Group and add member
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})
group.add_member(USER_WITH_ACI_DELADD)
# set aci
aci_target = f'(targetattr="*")'
aci_allow = f'(version 3.0; acl "All rights for {group.dn}"; allow (delete) '
aci_subject = f'groupdn="ldap:///{group.dn}";)'
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", (aci_target + aci_allow + aci_subject))
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Perform delete operation
for i in [USER_DELADD, USER_WITH_ACI_DELADD]:
UserAccount(conn, i).delete()
def test_allow_add_access_to_anyone(topo, _add_user, _aci_of_user):
"""
Test to allow add access to anyone
:id: 5ca31cc4-68e0-11e8-8666-8c16451d917b
:setup: topo.standalone
:steps:
1. Add test entry
2. Add ACI that allows groupdn to add
3. Add something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Add operation should succeed
4. Delete operation for ACI should succeed
"""
# set aci
aci_target = f'(targetattr="*")'
aci_allow = f'(version 3.0; acl "All rights for anyone"; allow (add) '
aci_subject = f'userdn="ldap:///anyone";)'
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", (aci_target + aci_allow + aci_subject))
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Perform add operation
users = UserAccounts(conn, DEFAULT_SUFFIX, rdn='ou=Accounting')
user = users.create_test_user(gid=3, uid=3)
assert user.exists()
users = UserAccounts(conn, DEFAULT_SUFFIX)
user = users.create_test_user(gid=3, uid=3)
assert user.exists()
def test_allow_delete_access_to_anyone(topo, _add_user, _aci_of_user):
"""
Test to allow delete access to anyone
:id: f5447c7e-68e1-11e8-84c4-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that allows groupdn to delete some userdn
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should succeed
4. Delete operation for ACI should succeed
"""
# set aci
aci_target = f'(targetattr="*")'
aci_allow = f'(version 3.0; acl "All rights for anyone"; allow (delete) '
aci_subject = f'userdn="ldap:///anyone";)'
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", (aci_target + aci_allow + aci_subject))
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Perform delete operation
UserAccount(conn, USER_DELADD).delete()
def test_allow_delete_access_not_to_userdn(topo, _add_user, _aci_of_user):
"""
Test to Allow delete access to != userdn
:id: 00637f6e-68e3-11e8-92a3-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that allows userdn not to delete some userdn
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should not succeed
4. Delete operation for ACI should succeed
"""
# set aci
aci_target = f'(targetattr="*")'
aci_allow = f'(version 3.0; acl "All rights for %s"; allow (delete) ' % USER_DELADD
aci_subject = f'userdn!="ldap:///{USER_WITH_ACI_DELADD}";)'
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", (aci_target + aci_allow + aci_subject))
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Perform delete operation
user = UserAccount(conn, USER_DELADD)
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
user.delete()
def test_allow_delete_access_not_to_group(topo, _add_user, _aci_of_user):
"""
Test to Allow delete access to != groupdn
:id: f58fc8b0-68e5-11e8-9313-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that allows groupdn not to delete some userdn
3. Delete something using test USER_DELADD belong to test group
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should not succeed
4. Delete operation for ACI should succeed
"""
# Create group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})
group.add_member(USER_WITH_ACI_DELADD)
# set aci
aci_target = f'(targetattr="*")'
aci_allow = f'(version 3.0; acl "All rights for {group.dn}"; allow (delete)'
aci_subject = f'groupdn!="ldap:///{group.dn}";)'
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", (aci_target + aci_allow + aci_subject))
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
user = UserAccount(conn, USER_DELADD)
# Perform delete operation
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
user.delete()
def test_allow_add_access_to_parent(topo, _add_user, _aci_of_user):
"""
Test to Allow add privilege to parent
:id: 2dd7f624-68e7-11e8-8591-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that Allow add privilege to parent
3. Add something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should succeed
4. Delete operation for ACI should succeed
"""
# set aci
aci_target = f'(targetattr="*")'
aci_allow = f'(version 3.0; acl "All rights for parent"; allow (add) '
aci_subject = f'userdn="ldap:///parent";)'
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", (aci_target + aci_allow + aci_subject))
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Perform Allow add privilege to parent
users = UserAccounts(conn, DEFAULT_SUFFIX, rdn='uid=test_user_1000, ou=people')
user = users.create_test_user(gid=1, uid=1)
assert user.exists()
# Delete created user
UserAccounts(topo.standalone, DEFAULT_SUFFIX).get('test_user_1').delete()
def test_allow_delete_access_to_parent(topo, _add_user, _aci_of_user):
"""
Test to Allow delete access to parent
:id: 2dd7f624-68e7-11e8-8591-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that Allow delete privilege to parent
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should succeed
4. Delete operation for ACI should succeed
"""
# set aci
aci_target = f'(targetattr="*")'
aci_allow = f'(version 3.0; acl "All rights for parent"; allow (add,delete) '
aci_subject = f'userdn="ldap:///parent";)'
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", (aci_target + aci_allow + aci_subject))
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Create a user with parent 'uid=test_user_1000, ou=people, {}'.format(DEFAULT_SUFFIX)
users = UserAccounts(conn, DEFAULT_SUFFIX, rdn='uid=test_user_1000, ou=people')
new_user = users.create_test_user(gid=1, uid=1)
assert new_user.exists()
# Perform Allow delete access to parent
new_user.delete()
def test_allow_delete_access_to_dynamic_group(topo, _add_user, _aci_of_user):
"""
Test to Allow delete access to dynamic group
:id: 14ffa452-68ed-11e8-a60d-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that Allow delete privilege to dynamic group
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should succeed
4. Delete operation for ACI should succeed
"""
# Create dynamic group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})
group.add("objectclass", "groupOfURLs")
group.add("memberURL",
f"ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=test_user_1000))")
# Set ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", f'(target = ldap:///{DEFAULT_SUFFIX})(targetattr=*)'
f'(version 3.0; acl "$tet_thistest"; '
f'allow (delete) (groupdn = "ldap:///{group.dn}"); )')
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Perform Allow delete access to dynamic group
UserAccount(conn, USER_DELADD).delete()
def test_allow_delete_access_to_dynamic_group_uid(topo, _add_user, _aci_of_user):
"""
Test to Allow delete access to dynamic group
:id: 14ffa452-68ed-11e8-a60d-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that Allow delete privilege to dynamic group
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should succeed
4. Delete operation for ACI should succeed
"""
# Create dynamic group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})
group.add("objectclass", "groupOfURLs")
group.add("memberURL",
f'ldap:///{DEFAULT_SUFFIX}??sub?(&(objectclass=person)(cn=test_user_1000))')
# Set ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", f'(target = ldap:///{DEFAULT_SUFFIX})'
f'(targetattr=uid)(version 3.0; acl "$tet_thistest"; '
f'allow (delete) (groupdn = "ldap:///{group.dn}"); )')
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
# Perform Allow delete access to dynamic group
UserAccount(conn, USER_DELADD).delete()
def test_allow_delete_access_not_to_dynamic_group(topo, _add_user, _aci_of_user):
"""
Test to Allow delete access to != dynamic group
:id: 14ffa452-68ed-11e8-a60d-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that delete access to != dynamic group
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should not succeed
4. Delete operation for ACI should succeed
"""
# Create dynamic group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})
group.add("objectclass", "groupOfURLs")
group.add("memberURL",
f'ldap:///{DEFAULT_SUFFIX}??sub?(&(objectclass=person)(cn=test_user_1000))')
# Set ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", f'(target = ldap:///{DEFAULT_SUFFIX})'
f'(targetattr=*)(version 3.0; acl "$tet_thistest"; '
f'allow (delete) (groupdn != "ldap:///{group.dn}"); )')
# create connection with USER_WITH_ACI_DELADD
conn = UserAccount(topo.standalone, USER_WITH_ACI_DELADD).bind(PW_DM)
user = UserAccount(conn, USER_DELADD)
# Perform Allow delete access to != dynamic group
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
user.delete()
if __name__ == "__main__":
CURRENT_FILE = os.path.realpath(__file__)
pytest.main("-s -v %s" % CURRENT_FILE)
dirsrvtests/tests/suites/acl/enhanced_aci_modrnd_test.py
View file @ 74833414
......@@ -11,6 +11,8 @@ from lib389.tasks import *
from lib389.utils import *
from lib389.topologies import topology_st
pytestmark = pytest.mark.tier1
logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
......