This is an automated email from the git hooks/post-receive script.
firstyear pushed a commit to branch master
in repository 389-ds-base.
commit 6ef4eb5ae3296303aa569ee56004eff0bc2464ea
Author: William Brown <firstyear(a)redhat.com>
Date: Tue Oct 31 15:09:57 2017 +1000
Ticket 3 - python 3 support - filter test
Bug Description: Filter suite did not work with python 3
Fix Description: Fix issue in default acis during configuration
and fix tests to work with python 3
https://pagure.io/lib389/issue/3
Author: wibrown
Review by: mreynolds (Thanks!)
---
.../suites/filter/rfc3673_all_oper_attrs_test.py | 96 ++++++++++------------
.../lib389/configurations/config_001003006.py | 10 +--
2 files changed, 50 insertions(+), 56 deletions(-)
diff --git a/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
b/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
index 625c333..e61ece1 100644
--- a/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
+++ b/dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
@@ -10,6 +10,7 @@ import pytest
from lib389.tasks import *
from lib389.utils import *
from lib389.topologies import topology_st
+from lib389.idm.user import UserAccounts
from lib389._constants import DN_DM, DEFAULT_SUFFIX, DN_CONFIG, PASSWORD
@@ -21,77 +22,70 @@ TEST_USER_PWD = 'all_attrs_test'
# Suffix for search, Regular user boolean, List of expected attrs
TEST_PARAMS = [(DN_ROOT, False, [
- 'aci', 'createTimestamp', 'creatorsName',
- 'modifiersName', 'modifyTimestamp', 'namingContexts',
- 'nsBackendSuffix', 'nsUniqueId', 'subschemaSubentry',
- 'supportedControl', 'supportedExtension',
- 'supportedFeatures', 'supportedLDAPVersion',
- 'supportedSASLMechanisms', 'vendorName', 'vendorVersion'
+ 'aci', 'createTimestamp', 'creatorsName',
+ 'modifiersName', 'modifyTimestamp',
'namingContexts',
+ 'nsBackendSuffix', 'nsUniqueId',
'subschemaSubentry',
+ 'supportedControl', 'supportedExtension',
+ 'supportedFeatures', 'supportedLDAPVersion',
+ 'supportedSASLMechanisms', 'vendorName',
'vendorVersion'
]),
(DN_ROOT, True, [
- 'createTimestamp', 'creatorsName',
- 'modifiersName', 'modifyTimestamp',
'namingContexts',
- 'nsBackendSuffix', 'nsUniqueId',
'subschemaSubentry',
- 'supportedControl', 'supportedExtension',
- 'supportedFeatures', 'supportedLDAPVersion',
- 'supportedSASLMechanisms', 'vendorName',
'vendorVersion'
+ 'createTimestamp', 'creatorsName',
+ 'modifiersName', 'modifyTimestamp',
'namingContexts',
+ 'nsBackendSuffix', 'nsUniqueId',
'subschemaSubentry',
+ 'supportedControl', 'supportedExtension',
+ 'supportedFeatures', 'supportedLDAPVersion',
+ 'supportedSASLMechanisms', 'vendorName',
'vendorVersion'
]),
(DN_PEOPLE, False, [
- 'aci', 'createTimestamp', 'creatorsName',
'entrydn',
- 'entryid', 'modifiersName',
'modifyTimestamp',
- 'nsUniqueId', 'numSubordinates', 'parentid'
+ 'aci', 'createTimestamp', 'creatorsName',
'entrydn',
+ 'entryid', 'modifiersName', 'modifyTimestamp',
+ 'nsUniqueId', 'numSubordinates', 'parentid'
]),
(DN_PEOPLE, True, [
- 'createTimestamp', 'creatorsName', 'entrydn',
- 'entryid', 'modifyTimestamp', 'nsUniqueId',
- 'numSubordinates', 'parentid'
+ 'createTimestamp', 'creatorsName', 'entrydn',
+ 'entryid', 'modifyTimestamp', 'nsUniqueId',
+ 'numSubordinates', 'parentid'
]),
(TEST_USER_DN, False, [
- 'createTimestamp', 'creatorsName', 'entrydn',
- 'entryid', 'modifiersName',
'modifyTimestamp',
- 'nsUniqueId', 'parentid'
+ 'createTimestamp', 'creatorsName', 'entrydn',
+ 'entryid', 'modifiersName', 'modifyTimestamp',
+ 'nsUniqueId', 'parentid'
]),
(TEST_USER_DN, True, [
- 'createTimestamp', 'creatorsName', 'entrydn',
- 'entryid', 'modifyTimestamp', 'nsUniqueId',
'parentid'
+ 'createTimestamp', 'creatorsName', 'entrydn',
+ 'entryid', 'modifyTimestamp', 'nsUniqueId',
'parentid'
]),
- (DN_CONFIG, False, ['numSubordinates',
'passwordHistory'])]
+ (DN_CONFIG, False, [
+ 'numSubordinates', 'passwordHistory'
+ ])
+ ]
@pytest.fixture(scope="module")
def test_user(topology_st):
"""User for binding operation"""
- try:
- topology_st.standalone.add_s(Entry((TEST_USER_DN, {
- 'objectclass': 'top person'.split(),
- 'objectclass': 'organizationalPerson',
- 'objectclass': 'inetorgperson',
- 'cn': TEST_USER_NAME,
- 'sn': TEST_USER_NAME,
- 'userpassword': TEST_USER_PWD,
- 'mail': '%s(a)redhat.com' % TEST_USER_NAME,
- 'uid': TEST_USER_NAME
- })))
- except ldap.LDAPError as e:
- log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
- e.message['desc']))
- raise e
-
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
+ users.create(properties={
+ 'cn': TEST_USER_NAME,
+ 'sn': TEST_USER_NAME,
+ 'userpassword': TEST_USER_PWD,
+ 'mail': '%s(a)redhat.com' % TEST_USER_NAME,
+ 'uid': TEST_USER_NAME,
+ 'uidNumber': '1000',
+ 'gidNumber': '1000',
+ 'homeDirectory': '/home/test'
+ })
@pytest.fixture(scope="module")
def user_aci(topology_st):
- """Deny modifiersName attribute for the test user
+ """Don't allow modifiersName attribute for the test user
under whole suffix
"""
- ACI_TARGET = '(targetattr= "modifiersName")'
- ACI_ALLOW = '(version 3.0; acl "Deny modifiersName for user"; deny
(read)'
- ACI_SUBJECT = ' userdn = "ldap:///%s";)' % TEST_USER_DN
- ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
- topology_st.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD,
- 'aci',
- ACI_BODY)])
+ ACI_BODY = ensure_bytes('(targetattr= "objectClass || cn || sn || mail ||
uid || uidNumber || gidNumber || homeDirectory || creatorsName || createTimestamp ||
modifyTimestamp || nsUniqueId || parentid || entryid || entrydn || ou ||
numSubordinates")(version 3.0; acl "Allow read for user"; allow
(read,search,compare) userdn = "ldap:///%s";)' % TEST_USER_DN)
+ topology_st.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci',
ACI_BODY)])
def test_supported_features(topology_st):
@@ -111,7 +105,7 @@ def test_supported_features(topology_st):
['supportedFeatures'])
supported_value = entries[0].data['supportedfeatures']
- assert supported_value == ['1.3.6.1.4.1.4203.1.5.1']
+ assert supported_value == [b'1.3.6.1.4.1.4203.1.5.1']
@pytest.mark.parametrize('add_attr', ['', '*',
'objectClass'])
@@ -142,10 +136,10 @@ def test_search_basic(topology_st, test_user, user_aci, add_attr,
if regular_user:
log.info("bound as: %s", TEST_USER_DN)
- topology_st.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+ topology_st.standalone.simple_bind_s(TEST_USER_DN, ensure_bytes(TEST_USER_PWD))
else:
log.info("bound as: %s", DN_DM)
- topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
+ topology_st.standalone.simple_bind_s(DN_DM, ensure_bytes(PASSWORD))
search_filter = ['+']
if add_attr:
diff --git a/src/lib389/lib389/configurations/config_001003006.py
b/src/lib389/lib389/configurations/config_001003006.py
index 8c2895f..9ec80bf 100644
--- a/src/lib389/lib389/configurations/config_001003006.py
+++ b/src/lib389/lib389/configurations/config_001003006.py
@@ -34,7 +34,7 @@ class c001003006_sample_entries(sampleentries):
# I think in python 2 this forces unicode return ...
'dc': dc_ava,
'description': self._basedn,
- 'aci' : '(targetattr ="*")(version 3.0;acl
"Directory Administrators Group";allow (all) (groupdn =
"ldap:///cn=Directory Administrators,
%{BASEDN}");)'.format(BASEDN=self._basedn)
+ 'aci' : '(targetattr ="*")(version 3.0;acl
"Directory Administrators Group";allow (all) (groupdn =
"ldap:///cn=Directory
Administrators,{BASEDN}");)'.format(BASEDN=self._basedn)
})
# Create the OUs
ous = OrganisationalUnits(self._instance, self._basedn)
@@ -45,10 +45,10 @@ class c001003006_sample_entries(sampleentries):
'ou': 'People',
'aci' : [
'(targetattr ="userpassword || telephonenumber ||
facsimiletelephonenumber")(version 3.0;acl "Allow self entry
modification";allow (write)(userdn = "ldap:///self");)',
- '(targetattr !="cn || sn || uid")(targetfilter
="(ou=Accounting)")(version 3.0;acl "Accounting Managers Group
Permissions";allow (write)(groupdn = "ldap:///cn=Accounting
Managers,ou=groups,%{BASEDN}");)'.format(BASEDN=self._basedn),
- '(targetattr !="cn || sn || uid")(targetfilter
="(ou=Human Resources)")(version 3.0;acl "HR Group Permissions";allow
(write)(groupdn = "ldap:///cn=HR
Managers,ou=groups,%{BASEDN}");)'.format(BASEDN=self._basedn),
- '(targetattr !="cn ||sn || uid")(targetfilter
="(ou=Product Testing)")(version 3.0;acl "QA Group Permissions";allow
(write)(groupdn = "ldap:///cn=QA
Managers,ou=groups,%{BASEDN}");)'.format(BASEDN=self._basedn),
- '(targetattr !="cn || sn || uid")(targetfilter
="(ou=Product Development)")(version 3.0;acl "Engineering Group
Permissions";allow (write)(groupdn = "ldap:///cn=PD
Managers,ou=groups,%{BASEDN}");)'.format(BASEDN=self._basedn),
+ '(targetattr !="cn || sn || uid")(targetfilter
="(ou=Accounting)")(version 3.0;acl "Accounting Managers Group
Permissions";allow (write)(groupdn = "ldap:///cn=Accounting
Managers,ou=groups,{BASEDN}");)'.format(BASEDN=self._basedn),
+ '(targetattr !="cn || sn || uid")(targetfilter
="(ou=Human Resources)")(version 3.0;acl "HR Group Permissions";allow
(write)(groupdn = "ldap:///cn=HR
Managers,ou=groups,{BASEDN}");)'.format(BASEDN=self._basedn),
+ '(targetattr !="cn ||sn || uid")(targetfilter
="(ou=Product Testing)")(version 3.0;acl "QA Group Permissions";allow
(write)(groupdn = "ldap:///cn=QA
Managers,ou=groups,{BASEDN}");)'.format(BASEDN=self._basedn),
+ '(targetattr !="cn || sn || uid")(targetfilter
="(ou=Product Development)")(version 3.0;acl "Engineering Group
Permissions";allow (write)(groupdn = "ldap:///cn=PD
Managers,ou=groups,{BASEDN}");)'.format(BASEDN=self._basedn),
]
})
ous.create(properties = {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.