URL: https://github.com/SSSD/sssd/pull/5253
Author: aborah-sudo
Title: #5253: libdirsrv should be modified to be compatible with new DS
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5253/head:pr5253
git checkout pr5253
From 2071b4f4e3e4b21f35dea68188ec8f50c80aab95 Mon Sep 17 00:00:00 2001
From: Anuj Borah <abo...@redhat.com>
Date: Thu, 23 Jul 2020 11:48:24 +0530
Subject: [PATCH] libdirsrv should be modified to be compatible with new DS
---
.../python/sssd/testlib/common/libdirsrv.py | 86 +++++++++++++------
1 file changed, 62 insertions(+), 24 deletions(-)
diff --git a/src/tests/python/sssd/testlib/common/libdirsrv.py b/src/tests/python/sssd/testlib/common/libdirsrv.py
index 43d73d7c18..59922e3bb4 100644
--- a/src/tests/python/sssd/testlib/common/libdirsrv.py
+++ b/src/tests/python/sssd/testlib/common/libdirsrv.py
@@ -14,8 +14,8 @@
from sssd.testlib.common.exceptions import LdapException
from sssd.testlib.common.utils import LdapOperations
-DS_USER = 'nobody'
-DS_GROUP = 'nobody'
+DS_USER = 'dirsrv'
+DS_GROUP = 'dirsrv'
DS_ADMIN = 'admin'
DS_ROOTDN = 'CN=Directory Manager'
@@ -64,17 +64,21 @@ def create_config(self):
"""
config = ConfigParser.RawConfigParser()
config.optionxform = str
- config.add_section('General')
- config.set('General', 'FullMachineName', self.dsinstance_host)
- config.set('General', 'SuiteSpotUserID', DS_USER)
- config.set('General', 'SuiteSpotGroup', DS_GROUP)
- config.set('General', 'ConfigDirectoryAdminID', DS_ADMIN)
+ config.add_section('general')
+ config.set('general', 'full_machine_name', self.dsinstance_host)
+ config.set('general', 'user', DS_USER)
+ config.set('general', 'group', DS_GROUP)
config.add_section('slapd')
- config.set('slapd', 'ServerIdentifier', self.instance_name)
- config.set('slapd', 'ServerPort', self.dsldap_port)
- config.set('slapd', 'Suffix', self.dsinstance_suffix)
- config.set('slapd', 'RootDN', self.dsrootdn)
- config.set('slapd', 'RootDNPwd', self.dsrootdn_pwd)
+ config.set('slapd', 'instance_name', self.instance_name)
+ config.set('slapd', 'port', self.dsldap_port)
+ config.set('slapd', 'suffix', self.dsinstance_suffix)
+ config.set('slapd', 'root_dn', self.dsrootdn)
+ config.set('slapd', 'root_password', self.dsrootdn_pwd)
+ config.set('slapd', 'self_sign_cert', False)
+ config.add_section('backend-userroot')
+ config.set('backend-userroot', 'create_suffix_entry', 'True')
+ config.set('backend-userroot', 'sample_entries', '001003006')
+ config.set('backend-userroot', 'suffix', self.dsinstance_suffix)
(ds_config, ds_config_file_path) = tempfile.mkstemp(suffix='cfg')
os.close(ds_config)
@@ -95,11 +99,11 @@ def setup_ds(self, ds_cfg_file):
subprocess.CalledProcessError:
"""
self.multihost.transport.put_file(ds_cfg_file, '/tmp/test.cfg')
- setup_args = ['setup-ds.pl', '--silent',
- '--file=/tmp/test.cfg', '--debug']
+ setup_cmd = 'dscreate -v from-file %s' % '/tmp/test.cfg'
try:
- self.multihost.run_command(setup_args)
+ self.multihost.run_command(setup_cmd)
except subprocess.CalledProcessError:
+ self.multihost.log.info("Failed to setup Directory Server")
raise
else:
os.remove(ds_cfg_file)
@@ -119,10 +123,11 @@ def remove_ds(self, inst_name=None):
"""
if inst_name is None:
inst_name = self.ds_inst_name
- remove_args = ['remove-ds.pl', '-i', inst_name, '-d']
+ remove_cmd = 'dsctl %s remove --do-it' % (inst_name)
try:
- self.multihost.run_command(remove_args)
+ self.multihost.run_command(remove_cmd)
except subprocess.CalledProcessError:
+ self.multihost.log.info("Failed to remove %s instance" % inst_name)
raise
def _copy_pkcs12(self, ssl_dir):
@@ -199,7 +204,7 @@ def setup_certs(self, ssl_dir):
ca_p12 = os.path.join(self.dsinst_path, 'ca.p12')
server_p12 = os.path.join(self.dsinst_path, 'server.p12')
# recreate the database
- certutil_cmd = 'certutil -N -d %s -f %s' % (self.dsinst_path, pwfile)
+ certutil_cmd = 'certutil -T -d %s -f %s' % (self.dsinst_path, pwfile)
self.multihost.run_command(certutil_cmd)
create_cert_dir = 'mkdir -p /etc/openldap/cacerts'
# recreate the database
@@ -280,6 +285,35 @@ def enable_ssl(self, binduri, tls_port):
else:
print('Enabled nsslapd-securePort=%r' % tls_port)
+ def enable_anonymous_search(self, binduri):
+ """Enable anonymous search access to basedn
+
+ Args:
+ binduri (str): LDAP uri to bind with
+
+ Returns:
+ boold: True if ACI is added
+
+ Exceptions:
+ LdapException
+ """
+ ldap_obj = LdapOperations(uri=binduri, binddn=self.dsrootdn,
+ bindpw=self.dsrootdn_pwd)
+ # Enable Anonymous access aci
+ allow_anonymous = "(targetattr!=\"userPassword" \
+ " || aci\")(version 3.0; acl \"Enable " \
+ "anonymous access\"; allow (read, " \
+ "search, compare) userdn=\"ldap:///anyone\";;)"
+
+ add_aci = [(ldap.MOD_ADD, 'aci',
+ [allow_anonymous.encode('utf-8')])]
+ (ret, return_value) = ldap_obj.modify_ldap(self.dsinstance_suffix, add_aci)
+ if not return_value:
+ raise LdapException("Failed to enable "
+ "anonymous access aci")
+ else:
+ print("Enabled Anonymous access aci to %s" % self.dsinstance_suffix)
+
class DirSrvWrap(object):
"""This is a wrapper class for DirSrv.
@@ -500,8 +534,14 @@ def create_ds_instance(self,
try:
self.dirsrv_obj.setup_ds(cfg_file)
except subprocess.CalledProcessError:
- raise DirSrvException('fail to DS config file to setup')
+ raise DirSrvException('failed to '
+ 'setup Directory server')
self.dirsrv_info[self.ds_instance_name] = self.dirsrv_obj.__dict__
+ ldap_uri = 'ldap://%s:%r' % (self.ds_instance_host, self.ds_ldap_port)
+ try:
+ self.dirsrv_obj.enable_anonymous_search(ldap_uri)
+ except LdapException:
+ raise DirSrvException("Failed to enable anonymous search")
if self.ssl:
try:
self.dirsrv_obj.setup_certs(self.ssl_dir)
@@ -581,14 +621,12 @@ def remove_ds_instance(self, instance_name):
"""
ret = self.dirsrv_info[instance_name]
if ret['instance_name'] == instance_name:
- ds_inst_name = ret['ds_inst_name']
+ ds_inst1 = ret['ds_inst_name']
try:
- self.dirsrv_obj.remove_ds(ds_inst_name)
+ self.dirsrv_obj.remove_ds(ds_inst1)
except subprocess.CalledProcessError:
- raise DirSrvException('Could not remove DS Instance',
- ds_inst_name)
+ raise DirSrvException('Could not remove instance', ds_inst1)
else:
del self.ds_used_ports[instance_name]
- return True
else:
raise DirSrvException('%s Instance not found' % instance_name)
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
