Martin Kosek wrote:
On Sun, 2011-07-17 at 17:42 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Martin Kosek wrote:
On Tue, 2011-07-05 at 13:41 -0400, Rob Crittenden wrote:
Rob Crittenden wrote:
Rob Crittenden wrote:
389-ds postop plugins, such as the managed entry and memberof plugins,
add values after the data has been returned to the client. In the case
of the managed entry plugin this affects the parent entry as well
(adds
an objectclass value).
This wreaks havoc on our tests as the values don't match what we
expect.
The solution is to wait for the postop plugins to finish their work,
then return. I've added this as an option. The downside is it is going
to naturally slow things down, so it is off by default.
It is currently only used in the hostgroup plugin.
The option is wait_for_attr. Add this to ~/.ipa/default.conf and
set it
to True and all the current tests will pass (assuming you apply
patches
814-816 as well).
So now we won't have any excuses for missing test failures in the unit
tests...
rob
Bah, found a small problem. Self-NACK.
rob
Updated patch attached.
Note that I don't think there is a way for us to handle things like
memberof_indirect. We wouldn't know to wait.
rob
Works fine for the hostgroup entry. It's good it can be switched on/off.
But what about other managed entries, like user entry? Would it make
sense to add a wait here too? Or maybe something systematic to baseldap
so that we wouldn't have to implement this wait to every managed entry.
Martin
I can certainly add it to users to check for managed groups. Making it
generic would be difficult because some are conditional (such as users).
rob
Added support for managed users as well.
rob
Waiting for managed users work too. However, I have just noticed that
the entire solution works only partially.
It waits for mepOriginEntry objectclass, but it doesn't add the new LDAP
attributes "mepmanagedentry" and "memberof" to the<command>-add result:
# ipa hostgroup-add hgroup3 --desc=foo --all --raw
-------------------------
Added hostgroup "hgroup3"
-------------------------
dn:
cn=hgroup3,cn=hostgroups,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
cn: hgroup3
description: foo
ipauniqueid: 20d1b8e4-b114-11e0-ab28-00163e0ed706
objectclass: ipaobject
objectclass: ipahostgroup
objectclass: nestedGroup
objectclass: groupOfNames
objectclass: top
objectclass: mepOriginEntry
# ipa hostgroup-show hgroup3 --all --raw
dn:
cn=hgroup3,cn=hostgroups,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
cn: hgroup3
description: foo
ipauniqueid: 20d1b8e4-b114-11e0-ab28-00163e0ed706
memberof: cn=hgroup3,cn=ng,cn=alt,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com<====
mepmanagedentry:
cn=hgroup3,cn=ng,cn=alt,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com<====
objectclass: ipaobject
objectclass: ipahostgroup
objectclass: nestedGroup
objectclass: groupOfNames
objectclass: top
objectclass: mepOriginEntry
# ipa user-add --first=Foo --last=Bar fbar2 --all --raw
------------------
Added user "fbar2"
------------------
dn: uid=fbar2,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
uid: fbar2
givenname: Foo
sn: Bar
cn: Foo Bar
displayname: Foo Bar
initials: FB
homedirectory: /home/fbar2
gecos: Foo Bar
loginshell: /bin/sh
krbprincipalname: fb...@idm.lab.bos.redhat.com
uidnumber: 524600004
gidnumber: 524600004
ipauniqueid: b22ab54c-b115-11e0-b354-00163e0ed706
krbpwdpolicyreference:
cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: inetuser
objectclass: posixaccount
objectclass: krbprincipalaux
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: mepOriginEntry
# ipa user-show fbar2 --all --raw
dn: uid=fbar2,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
uid: fbar2
givenname: Foo
sn: Bar
cn: Foo Bar
displayname: Foo Bar
initials: FB
homedirectory: /home/fbar2
gecos: Foo Bar
loginshell: /bin/sh
krbprincipalname: fb...@idm.lab.bos.redhat.com
uidnumber: 524600004
gidnumber: 524600004
nsaccountlock: False
ipauniqueid: b22ab54c-b115-11e0-b354-00163e0ed706
krbpwdpolicyreference:
cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
memberof:
cn=ipausers,cn=groups,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com<====
mepmanagedentry:
cn=fbar2,cn=groups,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com<====
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: inetuser
objectclass: posixaccount
objectclass: krbprincipalaux
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: mepOriginEntry
I think there attributes should be added in post_callback (and to the
tests).
Martin
Updated patch attached. The interesting change here is the
entry_from_entry() function.
Python calls functions passing by value the actual value passed may be
an immutable reference. This means we can't simply fetch the new entry
and replace what we already have, we have to do it value by value. We
also have to wipe out what is already there first because it is possible
an attribute has disappeared (I don't think one actually does in
practice in these two calls but it is cleaner this way).
For kicks you can see this in action with this snippet:
def tryme(x):
x = 5
y = 9
tryme(y)
print y
y is 9. Fun, isn't it?
rob
rob
>From 61130d654b7acdb7fa0a0108ba30d0b068eb8efc Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 1 Jul 2011 15:32:31 -0400
Subject: [PATCH] Optionally wait for 389-ds postop plugins to complete
Add a new command that lets you wait for an attribute to appear in
a value. Using this you can do things like wait for a managed entry
to be created, adding a new objectclass to the parent entry.
This is controlled by a new booleon option, wait_for_attr, defaulting
to False.
https://fedorahosted.org/freeipa/ticket/1144
---
ipalib/constants.py | 1 +
ipalib/plugins/baseldap.py | 53 ++++++++++++++++++++++++++++
ipalib/plugins/hostgroup.py | 8 ++++
ipalib/plugins/user.py | 5 +++
tests/test_xmlrpc/objectclasses.py | 4 ++-
tests/test_xmlrpc/test_attr.py | 3 ++
tests/test_xmlrpc/test_group_plugin.py | 5 ++-
tests/test_xmlrpc/test_hostgroup_plugin.py | 2 +
tests/test_xmlrpc/test_krbtpolicy.py | 3 ++
tests/test_xmlrpc/test_nesting.py | 14 +++++++
tests/test_xmlrpc/test_netgroup_plugin.py | 8 ++++
tests/test_xmlrpc/test_replace.py | 3 ++
tests/test_xmlrpc/test_user_plugin.py | 14 +++++++-
13 files changed, 120 insertions(+), 3 deletions(-)
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 23e8025..026e073 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -148,6 +148,7 @@ DEFAULT_CONFIG = (
# Enable certain optional plugins:
('enable_ra', False),
('ra_plugin', 'selfsign'),
+ ('wait_for_attr', False),
# Used when verifying that the API hasn't changed. Not for production.
('validate_api', False),
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 8d58422..1ff7a2a 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -194,6 +194,25 @@ def get_effective_rights(ldap, dn, attrs=None):
return rdict
+def entry_from_entry(entry, newentry):
+ """
+ Python is more or less pass-by-value except for immutable objects. So if
+ you pass in a dict to a function you are free to change members of that
+ dict but you can't create a new dict in the function and expect to replace
+ what was passed in.
+
+ In some post-op plugins that is exactly what we want to do, so here is a
+ clumsy way around the problem.
+ """
+
+ # Wipe out the current data
+ for e in entry.keys():
+ del entry[e]
+
+ # Re-populate it with new wentry
+ for e in newentry:
+ entry[e] = newentry[e]
+
def wait_for_memberof(keys, entry_start, completed, show_command, adding=True):
"""
When adding or removing reverse members we are faking an update to
@@ -238,6 +257,40 @@ def wait_for_memberof(keys, entry_start, completed, show_command, adding=True):
return entry_attrs
+def wait_for_value(ldap, dn, attr, value):
+ """
+ 389-ds postoperation plugins are executed after the data has been
+ returned to a client. This means that plugins that add data in a
+ postop are not included in data returned to the user.
+
+ The downside of waiting is that this increases the time of the
+ command.
+
+ The updated entry is returned.
+ """
+ # Loop a few times to give the postop-plugin a chance to complete
+ # Don't sleep for more than 6 seconds.
+ x = 0
+ while x < 20:
+ # sleep first because the first search, even on a quiet system,
+ # almost always fails.
+ time.sleep(.3)
+ x = x + 1
+
+ # FIXME: put a try/except around here? I think it is probably better
+ # to just let the exception filter up to the caller.
+ (dn, entry_attrs) = ldap.get_entry( dn, ['*'])
+ if attr in entry_attrs:
+ if isinstance(entry_attrs[attr], (list, tuple)):
+ values = map(lambda y:y.lower(), entry_attrs[attr])
+ if value.lower() in values:
+ break
+ else:
+ if value.lower() == entry_attrs[attr].lower():
+ break
+
+ return entry_attrs
+
class LDAPObject(Object):
"""
Object representing a LDAP entry.
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 11ed663..ef44a8b 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -98,6 +98,14 @@ class hostgroup_add(LDAPCreate):
msg_summary = _('Added hostgroup "%(value)s"')
+ def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+ if self.api.env.wait_for_attr:
+ newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry')
+ entry_from_entry(entry_attrs, newentry)
+
+ return dn
+
+
api.register(hostgroup_add)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index e6060c0..3068c62 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -402,6 +402,11 @@ class user_add(LDAPCreate):
self.api.Command['user_mod'](keys[-1], **kw)
except (errors.EmptyModlist, errors.NotFound):
pass
+ else:
+ if self.api.env.wait_for_attr:
+ newentry = wait_for_value(ldap, dn, 'objectclass', 'mepOriginEntry')
+ entry_from_entry(entry_attrs, newentry)
+
return dn
api.register(user_add)
diff --git a/tests/test_xmlrpc/objectclasses.py b/tests/test_xmlrpc/objectclasses.py
index 41350f0..29cd6af 100644
--- a/tests/test_xmlrpc/objectclasses.py
+++ b/tests/test_xmlrpc/objectclasses.py
@@ -21,7 +21,7 @@
Defines the expected objectclass for various entries.
"""
-user = [
+user_base = [
u'top',
u'person',
u'organizationalperson',
@@ -33,6 +33,8 @@ user = [
u'ipaobject',
]
+user = user_base + [u'mepOriginEntry']
+
group = [
u'top',
u'groupofnames',
diff --git a/tests/test_xmlrpc/test_attr.py b/tests/test_xmlrpc/test_attr.py
index 9f1b1c5..1ea6a88 100644
--- a/tests/test_xmlrpc/test_attr.py
+++ b/tests/test_xmlrpc/test_attr.py
@@ -61,6 +61,9 @@ class test_attr(Declarative):
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=tuser1,cn=users,cn=accounts,' + api.env.basedn,
),
),
diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py
index 97349e8..d4f6cd4 100644
--- a/tests/test_xmlrpc/test_group_plugin.py
+++ b/tests/test_xmlrpc/test_group_plugin.py
@@ -590,6 +590,9 @@ class test_group(Declarative):
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user1, api.env.basedn),
),
),
@@ -691,7 +694,7 @@ class test_group(Declarative):
homedirectory=[u'/home/tuser1'],
krbprincipalname=[u'tuser1@' + api.env.realm],
loginshell=[u'/bin/sh'],
- objectclass=objectclasses.user,
+ objectclass=objectclasses.user_base,
sn=[u'User1'],
uid=[user1],
uidnumber=[fuzzy_digits],
diff --git a/tests/test_xmlrpc/test_hostgroup_plugin.py b/tests/test_xmlrpc/test_hostgroup_plugin.py
index 99ca922..803b8a7 100644
--- a/tests/test_xmlrpc/test_hostgroup_plugin.py
+++ b/tests/test_xmlrpc/test_hostgroup_plugin.py
@@ -23,6 +23,7 @@ Test the `ipalib.plugins.hostgroup` module.
"""
from ipalib import api, errors
+from ipalib.dn import DN
from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid
from tests.test_xmlrpc import objectclasses
@@ -79,6 +80,7 @@ class test_hostgroup(Declarative):
objectclass=objectclasses.hostgroup,
description=[u'Test hostgroup 1'],
ipauniqueid=[fuzzy_uuid],
+ mepmanagedentry=['cn=%s,cn=ng,cn=alt,%s' % (hostgroup1, api.env.basedn)],
),
),
),
diff --git a/tests/test_xmlrpc/test_krbtpolicy.py b/tests/test_xmlrpc/test_krbtpolicy.py
index bbfadb3..4d2443e 100644
--- a/tests/test_xmlrpc/test_krbtpolicy.py
+++ b/tests/test_xmlrpc/test_krbtpolicy.py
@@ -106,6 +106,9 @@ class test_krbtpolicy(Declarative):
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user1, api.env.basedn)
),
),
diff --git a/tests/test_xmlrpc/test_nesting.py b/tests/test_xmlrpc/test_nesting.py
index 5418628..0d1c785 100644
--- a/tests/test_xmlrpc/test_nesting.py
+++ b/tests/test_xmlrpc/test_nesting.py
@@ -167,6 +167,9 @@ class test_nesting(Declarative):
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user1, api.env.basedn)
),
),
@@ -196,6 +199,9 @@ class test_nesting(Declarative):
cn=[u'Test User2'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user2, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user2, api.env.basedn)
),
),
@@ -225,6 +231,9 @@ class test_nesting(Declarative):
cn=[u'Test User3'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user3, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user3, api.env.basedn)
),
),
@@ -254,6 +263,9 @@ class test_nesting(Declarative):
cn=[u'Test User4'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user4, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user4, api.env.basedn)
),
),
@@ -623,6 +635,7 @@ class test_nesting(Declarative):
objectclass=objectclasses.hostgroup,
description=[u'Test hostgroup 1'],
ipauniqueid=[fuzzy_uuid],
+ mepmanagedentry=[u'cn=%s,cn=ng,cn=alt,%s' % (hostgroup1, api.env.basedn)],
),
),
),
@@ -642,6 +655,7 @@ class test_nesting(Declarative):
objectclass=objectclasses.hostgroup,
description=[u'Test hostgroup 2'],
ipauniqueid=[fuzzy_uuid],
+ mepmanagedentry=[u'cn=%s,cn=ng,cn=alt,%s' % (hostgroup2, api.env.basedn)],
),
),
),
diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py
index 47256e4..fcb3b06 100644
--- a/tests/test_xmlrpc/test_netgroup_plugin.py
+++ b/tests/test_xmlrpc/test_netgroup_plugin.py
@@ -183,6 +183,8 @@ class test_netgroup(Declarative):
cn=[hostgroup1],
objectclass=objectclasses.hostgroup,
description=[u'Test hostgroup 1'],
+ mepmanagedentry=['cn=%s,cn=ng,cn=alt,%s' % (hostgroup1, api
+.env.basedn)],
ipauniqueid=[fuzzy_uuid],
),
),
@@ -212,6 +214,9 @@ class test_netgroup(Declarative):
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user1, api.env.basedn),
),
),
@@ -240,6 +245,9 @@ class test_netgroup(Declarative):
cn=[u'Test User2'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user2, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=%s,cn=users,cn=accounts,%s' % (user2, api.env.basedn),
),
),
diff --git a/tests/test_xmlrpc/test_replace.py b/tests/test_xmlrpc/test_replace.py
index 6681778..4209e70 100644
--- a/tests/test_xmlrpc/test_replace.py
+++ b/tests/test_xmlrpc/test_replace.py
@@ -67,6 +67,9 @@ class test_replace(Declarative):
initials=[u'TU'],
mail=[u'te...@example.com', u'te...@example.com'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=tuser1,cn=users,cn=accounts,' + api.env.basedn,
),
),
diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py
index 36e19de..e0f2d7f 100644
--- a/tests/test_xmlrpc/test_user_plugin.py
+++ b/tests/test_xmlrpc/test_user_plugin.py
@@ -98,6 +98,9 @@ class test_user(Declarative):
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=tuser1,cn=users,cn=accounts,' + api.env.basedn,
),
),
@@ -153,7 +156,7 @@ class test_user(Declarative):
'krbprincipalname': [u'tuser1@' + api.env.realm],
'loginshell': [u'/bin/sh'],
'memberof_group': [u'ipausers'],
- 'objectclass': objectclasses.user + [u'mepOriginEntry'],
+ 'objectclass': objectclasses.user,
'sn': [u'User1'],
'uid': [user1],
'uidnumber': [fuzzy_digits],
@@ -442,6 +445,9 @@ class test_user(Declarative):
cn=[u'Test User1'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=tuser1,cn=users,cn=accounts,' + api.env.basedn,
),
),
@@ -471,6 +477,9 @@ class test_user(Declarative):
cn=[u'Test User2'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user2, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=tuser2,cn=users,cn=accounts,' + api.env.basedn,
),
),
@@ -602,6 +611,9 @@ class test_user(Declarative):
postalcode=[u'01234-5678'],
telephonenumber=[u'410-555-1212'],
ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
+ mepmanagedentry=[u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
+ memberof_group=[u'ipausers'],
dn=u'uid=tuser1,cn=users,cn=accounts,' + api.env.basedn,
),
),
--
1.7.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel