|
# Authors:
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2010 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Test some simple LDAP requests using the ldap2 backend
# This fetches a certificate from a host principal so we can ensure that the
# schema is working properly. We know this because the schema will tell the
# encoder not to utf-8 encode binary attributes.
# The DM password needs to be set in ~/.ipa/.dmpw
import os
import nose
from nose.tools import assert_raises # pylint: disable=E0611
import nss.nss as nss
from ipaserver.plugins.ldap2 import ldap2
from ipalib.plugins.service import service, service_show
from ipalib.plugins.host import host
from ipalib import api, x509, create_api, errors
from ipapython import ipautil
from ipapython.dn import DN
class test_ldap(object):
"""
Test various LDAP client bind methods.
"""
def setUp(self):
self.conn = None
self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host)
self.ccache = '/tmp/krb5cc_%d' % os.getuid()
nss.nss_init_nodb()
self.dn = DN(('krbprincipalname','ldap/%s@%s' % (api.env.host, api.env.realm)),
('cn','services'),('cn','accounts'),api.env.basedn)
def tearDown(self):
if self.conn and self.conn.isconnected():
self.conn.disconnect()
def test_anonymous(self):
"""
Test an anonymous LDAP bind using ldap2
"""
self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
self.conn.connect()
(dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
cert = entry_attrs.get('usercertificate')
cert = cert[0]
serial = unicode(x509.get_serial_number(cert, x509.DER))
assert serial is not None
def test_GSSAPI(self):
"""
Test a GSSAPI LDAP bind using ldap2
"""
if not ipautil.file_exists(self.ccache):
raise nose.SkipTest('Missing ccache %s' % self.ccache)
self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
self.conn.connect(ccache='FILE:%s' % self.ccache)
(dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
cert = entry_attrs.get('usercertificate')
cert = cert[0]
serial = unicode(x509.get_serial_number(cert, x509.DER))
assert serial is not None
def test_simple(self):
"""
Test a simple LDAP bind using ldap2
"""
pwfile = api.env.dot_ipa + os.sep + ".dmpw"
if ipautil.file_exists(pwfile):
fp = open(pwfile, "r")
dm_password = fp.read().rstrip()
fp.close()
else:
raise nose.SkipTest("No directory manager password in %s" % pwfile)
self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
self.conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
(dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
cert = entry_attrs.get('usercertificate')
cert = cert[0]
serial = unicode(x509.get_serial_number(cert, x509.DER))
assert serial is not None
def test_Backend(self):
"""
Test using the ldap2 Backend directly (ala ipa-server-install)
"""
# Create our own api because the one generated for the tests is
# a client-only api. Then we register in the commands and objects
# we need for the test.
myapi = create_api(mode=None)
myapi.bootstrap(context='cli', in_server=True, in_tree=True)
myapi.register(ldap2)
myapi.register(host)
myapi.register(service)
myapi.register(service_show)
myapi.finalize()
pwfile = api.env.dot_ipa + os.sep + ".dmpw"
if ipautil.file_exists(pwfile):
fp = open(pwfile, "r")
dm_password = fp.read().rstrip()
fp.close()
else:
raise nose.SkipTest("No directory manager password in %s" % pwfile)
myapi.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)
result = myapi.Command['service_show']('ldap/%s@%s' % (api.env.host, api.env.realm,))
entry_attrs = result['result']
cert = entry_attrs.get('usercertificate')
cert = cert[0]
serial = unicode(x509.get_serial_number(cert, x509.DER))
assert serial is not None
def test_autobind(self):
"""
Test an autobind LDAP bind using ldap2
"""
ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % api.env.realm.replace('.','-')
self.conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
try:
self.conn.connect(autobind=True)
except errors.ACIError:
raise nose.SkipTest("Only executed as root")
(dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
cert = entry_attrs.get('usercertificate')
cert = cert[0]
serial = unicode(x509.get_serial_number(cert, x509.DER))
assert serial is not None
class test_LDAPEntry(object):
"""
Test the LDAPEntry class
"""
cn1 = [u'test1']
cn2 = [u'test2']
dn1 = DN(('cn', cn1[0]))
dn2 = DN(('cn', cn2[0]))
def setUp(self):
self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host)
self.conn = ldap2(shared_instance=False, ldap_uri=self.ldapuri)
self.conn.connect()
self.entry = self.conn.make_entry(self.dn1, cn=self.cn1)
def tearDown(self):
if self.conn and self.conn.isconnected():
self.conn.disconnect()
def test_entry(self):
e = self.entry
assert e.dn is self.dn1
assert u'cn' in e
assert u'cn' in e.keys()
assert 'CN' in e
assert 'CN' not in e.keys()
assert 'commonName' in e
assert 'commonName' not in e.keys()
assert e['CN'] is self.cn1
assert e['CN'] is e[u'cn']
e.dn = self.dn2
assert e.dn is self.dn2
def test_set_attr(self):
e = self.entry
e['commonName'] = self.cn2
assert u'cn' in e
assert u'cn' not in e.keys()
assert 'CN' in e
assert 'CN' not in e.keys()
assert 'commonName' in e
assert 'commonName' in e.keys()
assert e['CN'] is self.cn2
assert e['CN'] is e[u'cn']
def test_del_attr(self):
e = self.entry
del e['CN']
assert 'CN' not in e
assert 'CN' not in e.keys()
assert u'cn' not in e
assert u'cn' not in e.keys()
assert 'commonName' not in e
assert 'commonName' not in e.keys()
def test_popitem(self):
e = self.entry
assert e.popitem() == ('cn', self.cn1)
e.keys() == []
def test_setdefault(self):
e = self.entry
assert e.setdefault('cn', self.cn2) == self.cn1
assert e['cn'] == self.cn1
assert e.setdefault('xyz', self.cn2) == self.cn2
assert e['xyz'] == self.cn2
def test_update(self):
e = self.entry
e.update({'cn': self.cn2}, xyz=self.cn2)
assert e['cn'] == self.cn2
assert e['xyz'] == self.cn2
def test_pop(self):
e = self.entry
assert e.pop('cn') == self.cn1
assert 'cn' not in e
assert e.pop('cn', 'default') is 'default'
with assert_raises(KeyError):
e.pop('cn')
def test_clear(self):
e = self.entry
e.clear()
assert not e
assert 'cn' not in e
def test_has_key(self):
e = self.entry
assert not e.has_key('xyz')
assert e.has_key('cn')
assert e.has_key('COMMONNAME')
def test_get(self):
e = self.entry
assert e.get('cn') == self.cn1
assert e.get('commonname') == self.cn1
assert e.get('COMMONNAME', 'default') == self.cn1
assert e.get('bad key', 'default') == 'default'
def test_single_value(self):
e = self.entry
assert e.single_value('cn') == self.cn1[0]
assert e.single_value('commonname') == self.cn1[0]
assert e.single_value('COMMONNAME', 'default') == self.cn1[0]
assert e.single_value('bad key', 'default') == 'default'
|
