[SSSD] Re: [PATCH]: test ldap provider with TLS or SSL

10 Mar 2017

      Hi Dan,
On 03/09/2017 12:33 PM, Dan Lavu wrote:
...
Thanks for the review, the responses are inline.
On Wed, Mar 8, 2017 at 1:59 AM, Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com mailto:Nikolai.Kondrashov@redhat.com> wrote:
             def _setup_config(self):
                 """Setup the instance initial configuration."""
        @@ -78,9 +83,6 @@ class DSOpenLDAP(DS):
                 uid = os.geteuid()
                 gid = os.getegid()
    -        #
    -        # Add configuration
    -        #

Why does this need to be removed?

Just seems strange to have everything commented using quotes and these are hashes, added them back in.
Hmm, are you talking about docstrings:
https://www.python.org/dev/peps/pep-0257/ ?
...
                 if attempt > 30:
                     raise Exception("Failed to start slapd")
                 time.sleep(1)

    +        if self.ca <http://self.ca>:
    +            self.ca_hostname = socket.gethostname()
    +            self.ca_inst = ca_openssl.CAOpenSSL(config.PREFIX, self.ca_hostname,
    +                                                "US",
    +                                                "NC",
    +                                                "Raleigh",
    +                                                "Red Hat Inc.",
    +                                                "SSSD")
    +            self.ca_inst.setup()
    +            self.ca_inst.gen_cert(self.ca_inst.gen_csr(self.ca_hostname), self.ca_hostname)
    +            self.enable_ssl(self.ca_inst.ca_cert_file, self.ca_inst.ca_cert_file, self.ca_inst.ca_cert_key_file)

By "passing CA to the constructor" I meant pass an actual CA instance to the
constructor. I.e. CA should be created and set up outside the DS, in the
tests. Can you do that?

Can you clarify or give me an example of what you want?
Sure.
I'm suggesting making the DS interface support this usage:
@pytest.fixture(scope="module")
     def ca_inst(request):
         """CA instance fixture"""
         hostname = socket.gethostname()
         ca_inst = ca_openssl.CAOpenSSL(config.PREFIX, hostname,
                                        "US", "NC", "Raleigh", "Red Hat Inc.",
                                        "SSSD")
         try:
             ca_inst.setup()
         except:
             ca_inst.teardown()
             raise
         request.addfinalizer(lambda: ca_inst.teardown())
         return ca_inst
@pytest.fixture(scope="module")
     def ds_inst(request, ca_inst):
         """LDAP server instance fixture"""
         ds_inst = ds_openldap.DSOpenLDAP(
             config.PREFIX, 10389, LDAP_BASE_DN,
             "cn=admin", "Secret123", ssl_port=10636, ca=ca_inst
         )
try:
             ds_inst.setup()
         except:
             ds_inst.teardown()
             raise
         request.addfinalizer(lambda: ds_inst.teardown())
         return ds_inst
Nick

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[SSSD] Re: [PATCH]: test ldap provider with TLS or SSL