summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-11-23 16:52:40 -0500
committerRob Crittenden <rcritten@redhat.com>2011-11-22 23:57:10 -0500
commit2f4b3972a04e3ebf99ea7fd51c2b102cc8342582 (patch)
treee2dcc0f790fd56b4067b4f8f50ee7756a2e87e41 /tests
parent56401c1abe7d4c78650acfcd9bbe8c8edc1dac57 (diff)
downloadfreeipa-2f4b3972a04e3ebf99ea7fd51c2b102cc8342582.tar.gz
freeipa-2f4b3972a04e3ebf99ea7fd51c2b102cc8342582.tar.xz
freeipa-2f4b3972a04e3ebf99ea7fd51c2b102cc8342582.zip
Add plugin framework to LDAP updates.
There are two reasons for the plugin framework: 1. To provide a way of doing manual/complex LDAP changes without having to keep extending ldapupdate.py (like we did with managed entries). 2. Allows for better control of restarts. There are two types of plugins, preop and postop. A preop plugin runs before any file-based updates are loaded. A postop plugin runs after all file-based updates are applied. A preop plugin may update LDAP directly or craft update entries to be applied with the file-based updates. Either a preop or postop plugin may attempt to restart the dirsrv instance. The instance is only restartable if ipa-ldap-updater is being executed as root. A warning is printed if a restart is requested for a non-root user. Plugins are not executed by default. This is so we can use ldapupdate to apply simple updates in commands like ipa-nis-manage. https://fedorahosted.org/freeipa/ticket/1789 https://fedorahosted.org/freeipa/ticket/1790 https://fedorahosted.org/freeipa/ticket/2032
Diffstat (limited to 'tests')
-rw-r--r--tests/test_ipaserver/test_ldap.py22
1 files changed, 20 insertions, 2 deletions
diff --git a/tests/test_ipaserver/test_ldap.py b/tests/test_ipaserver/test_ldap.py
index b3f8009f9..abfd1be7f 100644
--- a/tests/test_ipaserver/test_ldap.py
+++ b/tests/test_ipaserver/test_ldap.py
@@ -31,7 +31,7 @@ from ipaserver.plugins.ldap2 import ldap2
from ipalib.plugins.service import service, service_show
from ipalib.plugins.host import host
import nss.nss as nss
-from ipalib import api, x509, create_api
+from ipalib import api, x509, create_api, errors
from ipapython import ipautil
from ipalib.dn import *
@@ -49,7 +49,7 @@ class test_ldap(object):
('cn','services'),('cn','accounts'),api.env.basedn))
def tearDown(self):
- if self.conn:
+ if self.conn and self.conn.isconnected():
self.conn.disconnect()
def test_anonymous(self):
@@ -120,3 +120,21 @@ class test_ldap(object):
cert = cert[0]
serial = unicode(x509.get_serial_number(cert, x509.DER))
assert serial is not None
+
+ def test_autobind(self):
+ """
+ Test an autobind LDAP bind using ldap2
+ """
+ ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % api.env.realm.replace('.','-')
+ self.conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
+ try:
+ self.conn.connect(autobind=True)
+ except errors.DatabaseError, e:
+ if e.desc == 'Inappropriate authentication':
+ raise nose.SkipTest("Only executed as root")
+ (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate'])
+ cert = entry_attrs.get('usercertificate')
+ cert = cert[0]
+ serial = unicode(x509.get_serial_number(cert, x509.DER))
+ assert serial is not None
+