See
<
http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/114/display...
------------------------------------------
[...truncated 4699 lines...]
'\''objectclass'\'': '\''top
extensibleObject'\''.split(),
'\''ou'\'':
'\''level4'\''
})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.error('\''Failed to add ou=people: error '\'' +
e.message['\''desc'\''])
assert False
#
# Add a user to the branch
#
try:
topology_st.standalone.add_s(Entry((USER_DN, {
'\''objectclass'\'': '\''top
extensibleObject'\''.split(),
'\''uid'\'':
'\''user1'\''
})))
except ldap.LDAPError as e:
log.error('\''Failed to add user1: error '\'' +
e.message['\''desc'\''])
assert False
#
# Enable password policy and add the subtree policy
#
try:
topology_st.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
'\''nsslapd-pwpolicy-local'\'',
'\''on'\'')])
except ldap.LDAPError as e:
log.error('\''Failed to set pwpolicy-local: error '\''
+ e.message['\''desc'\''])
assert False
addSubtreePwPolicy(topology_st.standalone)
#
# Now check the user has its expected passwordPolicy subentry
#
try:
entries = topology_st.standalone.search_s(USER_DN,
ldap.SCOPE_BASE,
'\''(objectclass=top)'\'',
['\''pwdpolicysubentry'\'', '\''dn'\''])
if not entries[0].hasAttr('\''pwdpolicysubentry'\''):
log.fatal('\''User does not have expected
pwdpolicysubentry!'\'')
assert False
E assert False
tickets/ticket47981_test.py:190: AssertionError
---------------------------- Captured stdout setup -----------------------------
OK group dirsrv exists
OK user dirsrv exists
---------------------------- Captured stderr setup -----------------------------
INFO:lib389.topologies:Instance with parameters
{'\''ldap-port'\'': 38901, '\''suffix'\'':
'\''dc=example,dc=com'\'',
'\''krb5_realm'\'': None,
'\''deployed-dir'\'': '\''/usr'\'',
'\''inst-backupdir'\'': '\''/tmp'\'',
'\''hostname'\'': '\''localhost'\'',
'\''server-id'\'': '\''standalone1'\'',
'\''root-pw'\'': '\''password'\'',
'\''root-dn'\'': '\''cn=Directory
Manager'\'', '\''group-id'\'': None,
'\''InstScriptsEnabled'\'': None,
'\''user-id'\'': None,
'\''ldap-secureport'\'': None} was created.
----------------------------- Captured stderr call -----------------------------
INFO:dirsrvtests.tests.tickets.ticket47981_test:Testing Ticket 47981 - Test that COS def
changes are correctly reflected in affected users
INFO:dirsrvtests.tests.tickets.ticket47981_test:Adding second suffix that will not contain
any COS entries...
INFO:lib389:List backend with suffix=o=netscaperoot
INFO:lib389:Creating a local backend
INFO:lib389:List backend cn=netscaperoot,cn=ldbm database,cn=plugins,cn=config
INFO:lib389:Found entry dn: cn=netscaperoot,cn=ldbm database,cn=plugins,cn=config
cn: netscaperoot
nsslapd-cachememsize: 512000
nsslapd-cachesize: -1
nsslapd-directory: /var/lib/dirsrv/slapd-standalone1/db/netscaperoot
nsslapd-dncachememsize: 16777216
nsslapd-readonly: off
nsslapd-require-index: off
nsslapd-suffix: o=netscaperoot
objectClass: top
objectClass: extensibleObject
objectClass: nsBackendInstance
INFO:lib389:Entry dn: cn="o=netscaperoot",cn=mapping tree,cn=config
cn: o=netscaperoot
nsslapd-backend: netscaperoot
nsslapd-state: backend
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
INFO:lib389:Found entry dn: cn=o\3Dnetscaperoot,cn=mapping tree,cn=config
cn: o=netscaperoot
nsslapd-backend: netscaperoot
nsslapd-state: backend
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
INFO:dirsrvtests.tests.tickets.ticket47981_test:Add our test entries to the default
suffix, and proceed with the test...
CRITICAL:dirsrvtests.tests.tickets.ticket47981_test:User does not have expected
pwdpolicysubentry!
______________________________ test_basic_feature ______________________________
topology_st = <lib389.topologies.TopologyMain object at 0x7fe081aa6710>
def test_basic_feature(topology_st):
"""Check basic SASL functionality for PLAIN mechanism
:id: 75ddc6fa-aa5a-4025-9c71-1abad20c91fc
:setup: Standalone instance
:steps:
1. Stop the instance
2. Clean up confdir from previous cert and key files
3. Create RSA files: CA, key and cert
4. Start the instance
5. Create RSA entry
6. Set nsslapd-secureport to 636 and nsslapd-security to
'\''on'\''
7. Restart the instance
8. Create a user
9. Check we can bind
10. Check that PLAIN is listed in supported mechs
11. Set up Plain SASL credentials
12. Try to open a connection without TLS
13. Try to open a connection with TLS
14. Try to open a connection with a wrong password
:expectedresults:
1. The instance should stop
2. Confdir should be clean
3. RSA files should be created
4. The instance should start
5. RSA entry should be created
6. nsslapd-secureport and nsslapd-security should be set successfully
7. The instance should be restarted
8. User should be created
9. Bind should be successful
10. PLAIN should be listed in supported mechs
11. Plain SASL should be successfully set
12. AUTH_UNKNOWN exception should be raised
13. The connection should open
14. INVALID_CREDENTIALS exception should be raised
"""
standalone = topology_st.standalone
# SETUP TLS
standalone.stop()
# Prepare SSL but don'\''t enable it.
for f in ('\''key3.db'\'',
'\''cert8.db'\'', '\''key4.db'\'',
'\''cert9.db'\'', '\''secmod.db'\'',
'\''pkcs11.txt'\''):
try:
os.remove("%s/%s" % (standalone.confdir, f))
except:
pass
assert(standalone.nss_ssl.reinit() is True)
assert(standalone.nss_ssl.create_rsa_ca() is True)
assert(standalone.nss_ssl.create_rsa_key_and_cert() is True)
# Start again
standalone.start()
standalone.rsa.create()
# Set the secure port and nsslapd-security
# Could this fail with selinux?
standalone.config.set('\''nsslapd-secureport'\'',
str(DEFAULT_SECURE_PORT))
standalone.config.set('\''nsslapd-security'\'',
'\''on'\'')
# Do we need to restart to allow starttls?
standalone.restart()
# Create a user
sas = ServiceAccounts(standalone, DEFAULT_SUFFIX)
sas._basedn = DEFAULT_SUFFIX
sa = sas.create(properties={'\''cn'\'':
'\''testaccount'\'', '\''userPassword'\'':
'\''password'\''})
# Check we can bind. This will raise exceptions if it fails.
sa.bind('\''password'\'')
# Check that PLAIN is listed in supported mechns.
assert(standalone.rootdse.supports_sasl_plain())
# The sasl parameters don'\''t change, so set them up now.
# Do we need the sasl map dn:?
auth_tokens = PlainSASL("dn:%s" % sa.dn,
'\''password'\'')
# Check that it fails without TLS
with pytest.raises(ldap.AUTH_UNKNOWN):
standalone.openConnection(saslmethod='\''PLAIN'\'',
sasltoken=auth_tokens, starttls=False, connOnly=True)
# We *have* to use REQCERT NEVER here because python ldap fails cert verification
for .... some reason that even
# I can not solve. I think it'\''s leaking state across connections in
start_tls_s?
# Check that it works with TLS
conn = standalone.openConnection(saslmethod='\''PLAIN'\'',
sasltoken=auth_tokens, starttls=True, connOnly=True,
certdir=standalone.get_cert_dir(), reqcert=ldap.OPT_X_TLS_NEVER)
<
http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/3...:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
<
http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/3...:
in openConnection
server.open(*args, **kwargs)
<
http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/3...:
in open
self.start_tls_s()
<
http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/3...:
in inner
return f(*args, **kwargs)
/usr/lib64/python2.7/site-packages/ldap/ldapobject.py:609: in start_tls_s
return self._ldap_call(self._l.start_tls_s)
<
http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/3...:
in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <lib389.DirSrv object at 0x7fe089096b50>
func = <built-in method start_tls_s of LDAP object at 0x7fe08b125fd0>, args = ()
kwargs = {}, diagnostic_message_success = None
e = CONNECT_ERROR({'\''info'\'': '\''TLS error
-8174:security library: bad database.'\'',
'\''desc'\'': '\''Connect error'\''},)
def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('\''*** %s %s - %s\n%s\n'\'' % (
repr(self),
self._uri,
'\''.'\''.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
E CONNECT_ERROR:
{'\''info'\'': '\''TLS error -8174:security library:
bad database.'\'', '\''desc'\'':
'\''Connect error'\''}
/usr/lib64/python2.7/site-packages/ldap/ldapobject.py:106: CONNECT_ERROR
---------------------------- Captured stdout setup -----------------------------
OK group dirsrv exists
OK user dirsrv exists
---------------------------- Captured stderr setup -----------------------------
INFO:lib389.topologies:Instance with parameters
{'\''ldap-port'\'': 38901, '\''suffix'\'':
'\''dc=example,dc=com'\'',
'\''krb5_realm'\'': None,
'\''deployed-dir'\'': '\''/usr'\'',
'\''inst-backupdir'\'': '\''/tmp'\'',
'\''hostname'\'': '\''localhost'\'',
'\''server-id'\'': '\''standalone1'\'',
'\''root-pw'\'': '\''password'\'',
'\''root-dn'\'': '\''cn=Directory
Manager'\'', '\''group-id'\'': None,
'\''InstScriptsEnabled'\'': None,
'\''user-id'\'': None,
'\''ldap-secureport'\'': None} was created.
----------------------------- Captured stderr call -----------------------------
Generating key. This may take a few moments...
Generating key. This may take a few moments...
============== 2 failed, 644 passed, 1 skipped in 9074.00 seconds =============='
+ '[' 1 -ne 0 ']'
+ echo CI Tests 'FAILED!'
CI Tests FAILED!
+ MSG=FAILED
+ RC=1
+ sudo /usr/sbin/sendmail mreynolds(a)redhat.com firstyear(a)redhat.com
+ sudo rm -rf /var/tmp/slapd.vg.127481 /var/tmp/slapd.vg.25420 /var/tmp/slapd.vg.25531
/var/tmp/slapd.vg.43714
+ exit 1
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released