Updated patch is attached,
There were a few more packages I had to install to get CI running for
Debian, should we had these to the makefile?
root@sssd2:~# apt-get python-openssl
dpkg
-ihttp://ftp.us.debian.org/debian/pool/main/n/nss-wrapper/libnss-wrapper_1.1.2-1_amd64.deb
dpkg
-ihttp://security.kali.org/pool/main/l/linux/linux-libc-dev_3.16.7-ckt20-1+deb8u4_amd64.deb
Below are test runs against Debian and Fedora
fakeroot /usr/bin/python2 /usr/bin/py.test -v --tb=native .
==============================================================================
test session starts
===============================================================================
platform linux2 -- Python 2.7.9 -- py-1.4.25 -- pytest-2.6.3 --
/usr/bin/python2
collected 73 items
ent_test.py::test_assert_passwd_by_name PASSED
ent_test.py::test_assert_passwd_by_uid PASSED
ent_test.py::test_assert_passwd_list PASSED
ent_test.py::test_assert_each_passwd_by_name PASSED
ent_test.py::test_assert_each_passwd_by_uid PASSED
ent_test.py::test_assert_each_passwd_with_name PASSED
ent_test.py::test_assert_each_passwd_with_uid PASSED
ent_test.py::test_assert_passwd PASSED
ent_test.py::test_group_member_matching PASSED
ent_test.py::test_assert_group_by_name PASSED
ent_test.py::test_assert_group_by_gid PASSED
ent_test.py::test_assert_group_list PASSED
ent_test.py::test_assert_each_group_by_name PASSED
ent_test.py::test_assert_each_group_by_gid PASSED
ent_test.py::test_assert_each_group_with_name PASSED
ent_test.py::test_assert_each_group_with_gid PASSED
ent_test.py::test_assert_group PASSED
ldap_local_override_test.py::test_simple_user_override PASSED
ldap_local_override_test.py::test_root_user_override PASSED
ldap_local_override_test.py::test_replace_user_override PASSED
ldap_local_override_test.py::test_remove_user_override PASSED
ldap_local_override_test.py::test_imp_exp_user_override PASSED
ldap_local_override_test.py::test_show_user_override PASSED
ldap_local_override_test.py::test_find_user_override PASSED
ldap_local_override_test.py::test_simple_group_override PASSED
ldap_local_override_test.py::test_root_group_override PASSED
ldap_local_override_test.py::test_replace_group_override PASSED
ldap_local_override_test.py::test_remove_group_override PASSED
ldap_local_override_test.py::test_imp_exp_group_override PASSED
ldap_local_override_test.py::test_regr_2802_override PASSED
ldap_local_override_test.py::test_regr_2757_override PASSED
ldap_local_override_test.py::test_regr_2790_override PASSED
ldap_test.py::test_regression_ticket2163 PASSED
ldap_test.py::test_sanity_rfc2307 PASSED
ldap_test.py::test_sanity_rfc2307_bis PASSED
ldap_test.py::test_refresh_after_cleanup_task PASSED
ldap_test.py::test_add_remove_user PASSED
ldap_test.py::test_add_remove_group_rfc2307 PASSED
ldap_test.py::test_add_remove_group_rfc2307_bis PASSED
ldap_test.py::test_add_remove_membership_rfc2307 PASSED
ldap_test.py::test_add_remove_membership_rfc2307_bis PASSED
ldap_test.py::test_override_homedir PASSED
ldap_test.py::test_fallback_homedir PASSED
ldap_test.py::test_override_shell PASSED
ldap_test.py::test_shell_fallback PASSED
ldap_test.py::test_default_shell PASSED
ldap_test.py::test_vetoed_shells PASSED
test_local_domain.py::test_wrong_LC_ALL PASSED
test_memory_cache.py::test_getpwnam PASSED
test_memory_cache.py::test_getpwnam_with_mc PASSED
test_memory_cache.py::test_getgrnam_simple PASSED
test_memory_cache.py::test_getgrnam_simple_with_mc PASSED
test_memory_cache.py::test_getgrnam_membership PASSED
test_memory_cache.py::test_getgrnam_membership_with_mc PASSED
test_memory_cache.py::test_initgroups PASSED
test_memory_cache.py::test_initgroups_with_mc PASSED
test_memory_cache.py::test_initgroups_fqname_with_mc PASSED
test_memory_cache.py::test_initgroups_case_insensitive_with_mc1 PASSED
test_memory_cache.py::test_initgroups_case_insensitive_with_mc2 PASSED
test_memory_cache.py::test_initgroups_case_insensitive_with_mc3 PASSED
test_memory_cache.py::test_invalidation_of_gids_after_initgroups PASSED
test_memory_cache.py::test_initgroups_without_change_in_membership PASSED
test_memory_cache.py::test_invalidate_user_before_stop PASSED
test_memory_cache.py::test_invalidate_user_after_stop PASSED
test_memory_cache.py::test_invalidate_users_before_stop PASSED
test_memory_cache.py::test_invalidate_users_after_stop PASSED
test_memory_cache.py::test_invalidate_group_before_stop PASSED
test_memory_cache.py::test_invalidate_group_after_stop PASSED
test_memory_cache.py::test_invalidate_groups_before_stop PASSED
test_memory_cache.py::test_invalidate_groups_after_stop PASSED
test_memory_cache.py::test_invalidate_everything_before_stop PASSED
test_memory_cache.py::test_invalidate_everything_after_stop PASSED
test_memory_cache.py::test_removed_mc PASSED
==========================================================================
73 passed in 203.82 seconds
===========================================================================
rm -f /tmp/sssd-intg.zncqC9vY/var/log/sssd/*
make[1]: Leaving directory '/root/sssd/x86_64/intg/bld/src/tests/intg'
root@sssd2:~/sssd/x86_64# cat /etc/debian_version
8.3
cd "/root/sssd.git/x86_64/../src/tests/intg"; \
nss_wrapper=$(pkg-config --libs nss_wrapper); \
uid_wrapper=$(pkg-config --libs uid_wrapper); \
PATH="$(dirname -- /usr/sbin/slapd):$PATH" \
PATH="/tmp/sssd-intg.icQ2aGpF/sbin:/tmp/sssd-intg.icQ2aGpF/bin:$PATH" \
PATH="/root/sssd.git/x86_64/intg/bld/src/tests/intg:/root/sssd.git/x86_64/../src/tests/intg:$PATH"
\
PYTHONPATH="/root/sssd.git/x86_64/intg/bld/src/tests/intg:/root/sssd.git/x86_64/../src/tests/intg"
\
LDB_MODULES_PATH="/tmp/sssd-intg.icQ2aGpF/lib/ldb" \
LD_PRELOAD="$nss_wrapper $uid_wrapper" \
NSS_WRAPPER_PASSWD="/root/sssd.git/x86_64/intg/bld/src/tests/intg/passwd" \
NSS_WRAPPER_GROUP="/root/sssd.git/x86_64/intg/bld/src/tests/intg/group" \
NSS_WRAPPER_MODULE_SO_PATH="/tmp/sssd-intg.icQ2aGpF/lib/libnss_sss.so.2" \
NSS_WRAPPER_MODULE_FN_PREFIX="sss" \
UID_WRAPPER=1 \
UID_WRAPPER_ROOT=1 \
fakeroot /usr/bin/python2 /usr/bin/py.test -v --tb=native .
==============================================================================
test session starts
===============================================================================
platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.7.3 --
/usr/bin/python2
rootdir: /root/sssd.git/src/tests/intg, inifile:
collected 73 items
ent_test.py::test_assert_passwd_by_name PASSED
ent_test.py::test_assert_passwd_by_uid PASSED
ent_test.py::test_assert_passwd_list PASSED
ent_test.py::test_assert_each_passwd_by_name PASSED
ent_test.py::test_assert_each_passwd_by_uid PASSED
ent_test.py::test_assert_each_passwd_with_name PASSED
ent_test.py::test_assert_each_passwd_with_uid PASSED
ent_test.py::test_assert_passwd PASSED
ent_test.py::test_group_member_matching PASSED
ent_test.py::test_assert_group_by_name PASSED
ent_test.py::test_assert_group_by_gid PASSED
ent_test.py::test_assert_group_list PASSED
ent_test.py::test_assert_each_group_by_name PASSED
ent_test.py::test_assert_each_group_by_gid PASSED
ent_test.py::test_assert_each_group_with_name PASSED
ent_test.py::test_assert_each_group_with_gid PASSED
ent_test.py::test_assert_group PASSED
ldap_local_override_test.py::test_simple_user_override PASSED
ldap_local_override_test.py::test_root_user_override PASSED
ldap_local_override_test.py::test_replace_user_override PASSED
ldap_local_override_test.py::test_remove_user_override PASSED
ldap_local_override_test.py::test_imp_exp_user_override PASSED
ldap_local_override_test.py::test_show_user_override PASSED
ldap_local_override_test.py::test_find_user_override PASSED
ldap_local_override_test.py::test_simple_group_override PASSED
ldap_local_override_test.py::test_root_group_override PASSED
ldap_local_override_test.py::test_replace_group_override PASSED
ldap_local_override_test.py::test_remove_group_override PASSED
ldap_local_override_test.py::test_imp_exp_group_override PASSED
ldap_local_override_test.py::test_regr_2802_override PASSED
ldap_local_override_test.py::test_regr_2757_override PASSED
ldap_local_override_test.py::test_regr_2790_override PASSED
ldap_test.py::test_regression_ticket2163 PASSED
ldap_test.py::test_sanity_rfc2307 PASSED
ldap_test.py::test_sanity_rfc2307_bis PASSED
ldap_test.py::test_refresh_after_cleanup_task PASSED
ldap_test.py::test_add_remove_user PASSED
ldap_test.py::test_add_remove_group_rfc2307 PASSED
ldap_test.py::test_add_remove_group_rfc2307_bis PASSED
ldap_test.py::test_add_remove_membership_rfc2307 PASSED
ldap_test.py::test_add_remove_membership_rfc2307_bis PASSED
ldap_test.py::test_override_homedir PASSED
ldap_test.py::test_fallback_homedir PASSED
ldap_test.py::test_override_shell PASSED
ldap_test.py::test_shell_fallback PASSED
ldap_test.py::test_default_shell PASSED
ldap_test.py::test_vetoed_shells PASSED
test_local_domain.py::test_wrong_LC_ALL PASSED
test_memory_cache.py::test_getpwnam PASSED
test_memory_cache.py::test_getpwnam_with_mc PASSED
test_memory_cache.py::test_getgrnam_simple PASSED
test_memory_cache.py::test_getgrnam_simple_with_mc PASSED
test_memory_cache.py::test_getgrnam_membership PASSED
test_memory_cache.py::test_getgrnam_membership_with_mc PASSED
test_memory_cache.py::test_initgroups PASSED
test_memory_cache.py::test_initgroups_with_mc PASSED
test_memory_cache.py::test_initgroups_fqname_with_mc PASSED
test_memory_cache.py::test_initgroups_case_insensitive_with_mc1 PASSED
test_memory_cache.py::test_initgroups_case_insensitive_with_mc2 PASSED
test_memory_cache.py::test_initgroups_case_insensitive_with_mc3 PASSED
test_memory_cache.py::test_invalidation_of_gids_after_initgroups PASSED
test_memory_cache.py::test_initgroups_without_change_in_membership PASSED
test_memory_cache.py::test_invalidate_user_before_stop PASSED
test_memory_cache.py::test_invalidate_user_after_stop PASSED
test_memory_cache.py::test_invalidate_users_before_stop PASSED
test_memory_cache.py::test_invalidate_users_after_stop PASSED
test_memory_cache.py::test_invalidate_group_before_stop PASSED
test_memory_cache.py::test_invalidate_group_after_stop PASSED
test_memory_cache.py::test_invalidate_groups_before_stop PASSED
test_memory_cache.py::test_invalidate_groups_after_stop PASSED
test_memory_cache.py::test_invalidate_everything_before_stop PASSED
test_memory_cache.py::test_invalidate_everything_after_stop PASSED
test_memory_cache.py::test_removed_mc PASSED
==========================================================================
73 passed in 206.11 seconds
===========================================================================
rm -f /tmp/sssd-intg.icQ2aGpF/var/log/sssd/*
make[1]: Leaving directory '/root/sssd.git/x86_64/intg/bld/src/tests/intg'
[root@sssd1 x86_64]# cat /etc/fedora-release
Fedora release 23 (Twenty Three)
On 2/29/16 3:18 AM, Jakub Hrozek wrote:
On Sun, Feb 28, 2016 at 08:19:57PM -0500, Dan Lavu wrote:
I've made most of the the suggested changes but I'm going to take sometime
and get the test running on Debian as well (Mostly to find out if /etc/pki
is a Red Hat thing or not). Fedora and Debian are the only distros we are
testing/supporting against correct?
Yes, we support RHEL >= 6, Fedora (all supported versions) and Debian
Testing.
Also wondering if the ci setup issue I'm
seeing applies to apt.
Dan
On 2/26/16 5:53 AM, Jakub Hrozek wrote:
On Thu, Feb 25, 2016 at 05:18:09PM -0500, Dan Lavu wrote:
Here is a patch for https://fedorahosted.org/sssd/ticket/2820
First real patch... criticisms to for what I need to improve on are welcome,
including concepts that I should learn, thanks.
Thanks a lot for the patch!
See my comments inline:
From 529adb3e0d763a8ee9ba9b4c5b13f933d723e8de Mon Sep 17 00:00:00 2001
From: Dan Lavu <dl...@redhat.com>
Date: Fri, 5 Feb 2016 08:51:07 -0500
Subject: [PATCH] Adding SSL encryption to integration tests.
---
src/tests/intg/ca.py | 166 ++++++++++++++++++++++++++++++++++++++++++
src/tests/intg/ds_openldap.py | 14 ++++
2 files changed, 180 insertions(+)
create mode 100644 src/tests/intg/ca.py
diff --git a/src/tests/intg/ca.py b/src/tests/intg/ca.py
new file mode 100644
index
0000000000000000000000000000000000000000..a44a92e5d5053338dabd7d8d82d2b1d50ec7594e
--- /dev/null
+++ b/src/tests/intg/ca.py
@@ -0,0 +1,166 @@
+#
+# SSSD LOCAL domain tests
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Dan Lavu <d...@redhat.com>
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from OpenSSL import crypto
+from os.path import exists, join
+
+import socket
+import os
+import fnmatch
+
+
+class CA:
It would be nice to use the new-style classes, so class CA(object)
+ """CA Class"""
+
+ def __init__(self, subject=None, country=None, state=None,
+ city=None, organization=None, unit=None, config_dir=None):
+ if subject is None:
+ self.subject = socket.gethostname()
+ if country is None:
+ self.country = 'US'
+ if state is None:
+ self.state = 'NC'
+ if city is None:
+ self.city = 'Raleigh'
+ if organization is None:
+ self.organization = 'Red Hat'
+ if unit is None:
+ self.unit = 'SSSD'
+ if config_dir is None:
+ self.config_dir = '/etc/pki'
/etc/pki is not writable unless you're root. We should store the certs
in another directory writable by any user. Maybe this is something
Nikolai (CC) could help us with, I know we use fakeroot to set up the
directory structure, but I'm fuzzy on the details, so I don't know
myself which part of the tests we should exactly touch..
Also, does the /etc/pki path exists on Debian and other distributions or
is it Red Hat-centric?
When we have this done, hopefully we can remove the use of
'ldap_auth_disable_tls_never_use_in_production' from our tests?
+
+ self.hostname = socket.gethostname()
This is maybe something to fix in a later iteration of the patch, but I
wonder if it was useful to override the hostname to something else than
what gethostname() reports. Not sure at the moment..
+ self.csr_dir = self.config_dir + '/CA/newcerts'
+ self.key_dir = self.config_dir + '/tls/private'
+ self.cert_dir = self.config_dir + '/tls/certs'
+
+ self.index = int(1000)
+
+
+ def setup(self):
+ """Setup CA using OpenSSL"""
+ cacert = socket.gethostname() + '-ca.crt'
+ cakey = socket.gethostname() + '-ca.key'
Instead of using socket.gethostname(), maybe using self.hostname would
be better here (and elsewhere) ?
+
+ if not exists(join(self.cert_dir, cacert)) or not
exists(join(self.key_dir, cakey)):
+ key = crypto.PKey()
+ key.generate_key(crypto.TYPE_RSA, 2048)
+
+ ca = crypto.X509()
+ ca.get_subject().C = self.country
+ ca.get_subject().ST = self.state
+ ca.get_subject().L = self.city
+ ca.get_subject().O = self.organization
+ ca.get_subject().OU = self.unit
+ ca.get_subject().CN = self.subject
+ ca.set_serial_number(self.index)
+ ca.gmtime_adj_notBefore(0)
+ ca.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
+ ca.set_issuer(ca.get_subject())
+ ca.set_pubkey(key)
+ ca.sign(key, 'sha1')
>From c4fa0355be7688a3c814a108335a3ff91f4708fd Mon Sep 17 00:00:00 2001
From: Dan Lavu <dl...@redhat.com>
Date: Fri, 5 Feb 2016 08:51:07 -0500
Subject: [PATCH] Adding SSL encryption to integration tests.
---
src/tests/intg/ca.py | 163 ++++++++++++++++++++++++++++++++++++++++++
src/tests/intg/config.py.m4 | 1 +
src/tests/intg/ds_openldap.py | 19 ++++-
3 files changed, 182 insertions(+), 1 deletion(-)
create mode 100644 src/tests/intg/ca.py
diff --git a/src/tests/intg/ca.py b/src/tests/intg/ca.py
new file mode 100644
index
0000000000000000000000000000000000000000..c7adb7a2f0c2ea7f342c9df1d6ad41dcb2fcc28e
--- /dev/null
+++ b/src/tests/intg/ca.py
@@ -0,0 +1,163 @@
+#
+# SSSD LOCAL domain tests
+#
+# Copyright (c) 2016 Red Hat, Inc.
+# Author: Dan Lavu <d...@redhat.com>
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from OpenSSL import crypto
+from os.path import exists, join
+
+import socket
+import os
+import shutil
+import config
+
+
+class CA():
+ """CA Class"""
+
+ def __init__(self, subject=None, country='US', state='NC',
+ city='Raleigh', organization='Red Hat Inc.', unit='SSSD',
config_dir=config.SSL_PATH):
+ if subject is None:
+ self.subject = socket.gethostname()
+ self.country = country
+ self.state = state
+ self.city = city
+ self.organization = organization
+ self.unit = unit
+ self.hostname = socket.gethostname()
+ if config.SSL_PATH is not '/tmp':
+ self.config_dir = config_dir
+ else:
+ self.config_dir = config_dir + '/ssl'
+ self.csr_dir = self.config_dir + '/newcerts'
+ self.key_dir = self.config_dir + '/private'
+ self.cert_dir = self.config_dir + '/certs'
+
+ self.index = int(1000)
+
+
+ def setup(self):
+ """Setup CA using OpenSSL"""
+ cacert = self.hostname + '-ca.crt'
+ cakey = self.hostname + '-ca.key'
+
+ if not exists(join(self.cert_dir, cacert)) or not
exists(join(self.key_dir, cakey)):
+ key = crypto.PKey()
+ key.generate_key(crypto.TYPE_RSA, 2048)
+
+ ca = crypto.X509()
+ ca.get_subject().C = self.country
+ ca.get_subject().ST = self.state
+ ca.get_subject().L = self.city
+ ca.get_subject().O = self.organization
+ ca.get_subject().OU = self.unit
+ ca.get_subject().CN = self.subject
+ ca.set_serial_number(self.index)
+ ca.gmtime_adj_notBefore(0)
+ ca.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
+ ca.set_issuer(ca.get_subject())
+ ca.set_pubkey(key)
+ ca.sign(key, 'sha1')
+
+ if not os.path.exists(self.csr_dir):
+ os.makedirs(self.csr_dir)
+ if not os.path.exists(self.key_dir):
+ os.makedirs(self.key_dir)
+ if not os.path.exists(self.cert_dir):
+ os.makedirs(self.cert_dir)
+
+ open(os.path.join(self.cert_dir, cacert), 'wt').write \
+ (crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
+ open(os.path.join(self.key_dir, cakey), 'wt').write \
+ (crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
+
+
+ def teardown(self):
+ """Teardown CA certificate files"""
+ if os.path.exists(self.config_dir) and not '/tmp':
+ shutil.rmtree(self.config_dir)
+
+
+ def get_ca(self):
+ """Returns CA certificate in ASCII PEM encoding"""
+ ca = crypto.load_certificate(crypto.FILETYPE_PEM, open\
+ (os.path.join(self.cert_dir, socket.gethostname() +
'-ca.crt'), 'rt').read())
+ ca_crt = crypto.dump_certificate(crypto.FILETYPE_PEM, ca)
+
+ return ca_crt
+
+
+ def get_cert(self, csr, text=False):
+ """Retrieves certificate
+ required: csr -csr_type
+ optional: text
+ False - will return a pem object type (Default)
+ True - will return the certificate as ASCII
+ """
+ cacert = self.hostname + '-ca.crt'
+ cakey = self.hostname + '-ca.key'
+ ca_crt = crypto.load_certificate(crypto.FILETYPE_PEM,
open(os.path.join(self.cert_dir, cacert), 'rt').read())
+ ca_key = crypto.load_privatekey(crypto.FILETYPE_PEM,
open(os.path.join(self.key_dir, cakey), 'rt').read())
+
+ cert = crypto.X509()
+ cert.set_subject(csr.get_subject())
+ cert.set_serial_number(self.index+1)
+ cert.gmtime_adj_notBefore(0)
+ cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
+ cert.set_issuer(ca_crt.get_subject())
+ cert.set_pubkey(csr.get_pubkey())
+ cert.sign(ca_key, 'sha1')
+
+ open(os.path.join(self.cert_dir, socket.gethostname() + '.crt'), 'wt')\
+ .write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+ server_crt = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+
+ if text is True:
+ return server_crt
+ else:
+ return cert
+
+
+ def request_cert(self, fqdn=None, text=False):
+ """Generates CSR
+ optional: fqdn, socket.gethostname() (Default)
+ optional: text
+ False - will return a pem object type (Default)
+ True - will return the certificate as ASCII
+ """
+ if fqdn is None:
+ fqdn = socket.getfqdn()
+
+ hostname = socket.gethostname()
+ key = crypto.PKey()
+ key.generate_key(crypto.TYPE_RSA, 2048)
+ csr = crypto.X509Req()
+ csr.get_subject().CN = fqdn
+ csr.set_pubkey(key)
+ csr.sign(key, 'sha1')
+
+ open(os.path.join(self.key_dir, hostname + '.key'), 'wt').\
+ write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
+ open(os.path.join(self.csr_dir, hostname + '.csr'), 'wt').\
+ write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr))
+
+ server_csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
+
+ if text is True:
+ return server_csr
+ else:
+ return csr
\ No newline at end of file
diff --git a/src/tests/intg/config.py.m4 b/src/tests/intg/config.py.m4
index
563127c6ea895508308a4f94689cc4e26ca4cbde..141813fa7a7a5bc9c06e48dfc938885f4eb1d539
100644
--- a/src/tests/intg/config.py.m4
+++ b/src/tests/intg/config.py.m4
@@ -11,3 +11,4 @@ PID_PATH = "pidpath"
PIDFILE_PATH = PID_PATH + "/sssd.pid"
LOG_PATH = "logpath"
MCACHE_PATH = "mcpath"
+SSL_PATH = "/tmp/ssl"
diff --git a/src/tests/intg/ds_openldap.py b/src/tests/intg/ds_openldap.py
index
fb230a081b58bd4e135585daa5a6ddf8f494861c..dbbbfea660d3c4e0f7c7546663cc8560522ffa37
100644
--- a/src/tests/intg/ds_openldap.py
+++ b/src/tests/intg/ds_openldap.py
@@ -27,8 +27,10 @@ import errno
import signal
import shutil
import sys
+import socket
from util import *
from ds import DS
+from ca import CA
def hash_password(password):
@@ -39,7 +41,7 @@ def hash_password(password):
return "{SSHA}" + base64.standard_b64encode(hash.digest() + salt)
-class DSOpenLDAP(DS):
+class DSOpenLDAP(DS, CA):
"""OpenLDAP directory server instance."""
def __init__(self, dir, port, base_dn, admin_rdn, admin_pw):
@@ -60,6 +62,9 @@ class DSOpenLDAP(DS):
self.conf_dir = self.dir + "/etc/ldap"
self.conf_slapd_d_dir = self.conf_dir + "/slapd.d"
self.data_dir = self.dir + "/var/lib/ldap"
+ self.ca_inst = CA()
+
+
def _setup_config(self):
"""Setup the instance initial configuration."""
@@ -73,6 +78,13 @@ class DSOpenLDAP(DS):
uid = os.geteuid()
gid = os.getegid()
+ self.ca_inst.setup()
+ self.ca_inst.get_cert(self.ca_inst.request_cert())
+ fqdn = socket.gethostname()
+ cert = os.path.join(self.ca_inst.cert_dir, fqdn + '.crt')
+ ca_cert = os.path.join(self.ca_inst.cert_dir, fqdn + '-ca.crt')
+ key = os.path.join(self.ca_inst.key_dir, fqdn + '.key')
+
#
# Add configuration
#
@@ -82,6 +94,9 @@ class DSOpenLDAP(DS):
cn: config
olcPidFile: {self.pid_path}
olcArgsFile: {args_file}
+ olcTLSCertificateKeyFile: {key}
+ olcTLSCertificateFile: {cert}
+ olcTLSCACertificatePath: {ca_cert}
# Read slapd.conf(5) for possible values
olcLogLevel: none
@@ -282,3 +297,5 @@ class DSOpenLDAP(DS):
for path in (self.conf_slapd_d_dir, self.run_dir, self.data_dir):
shutil.rmtree(path, True)
+
+ self.ca_inst.teardown()
--
1.8.3.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org