diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-11-23 16:52:40 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-11-22 23:57:10 -0500 |
| commit | 2f4b3972a04e3ebf99ea7fd51c2b102cc8342582 (patch) | |
| tree | e2dcc0f790fd56b4067b4f8f50ee7756a2e87e41 /tests | |
| parent | 56401c1abe7d4c78650acfcd9bbe8c8edc1dac57 (diff) | |
| download | freeipa-2f4b3972a04e3ebf99ea7fd51c2b102cc8342582.tar.gz freeipa-2f4b3972a04e3ebf99ea7fd51c2b102cc8342582.tar.xz freeipa-2f4b3972a04e3ebf99ea7fd51c2b102cc8342582.zip | |
Add plugin framework to LDAP updates.
There are two reasons for the plugin framework:
1. To provide a way of doing manual/complex LDAP changes without having
to keep extending ldapupdate.py (like we did with managed entries).
2. Allows for better control of restarts.
There are two types of plugins, preop and postop. A preop plugin runs
before any file-based updates are loaded. A postop plugin runs after
all file-based updates are applied.
A preop plugin may update LDAP directly or craft update entries to be
applied with the file-based updates.
Either a preop or postop plugin may attempt to restart the dirsrv instance.
The instance is only restartable if ipa-ldap-updater is being executed
as root. A warning is printed if a restart is requested for a non-root
user.
Plugins are not executed by default. This is so we can use ldapupdate
to apply simple updates in commands like ipa-nis-manage.
https://fedorahosted.org/freeipa/ticket/1789
https://fedorahosted.org/freeipa/ticket/1790
https://fedorahosted.org/freeipa/ticket/2032
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_ipaserver/test_ldap.py | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/tests/test_ipaserver/test_ldap.py b/tests/test_ipaserver/test_ldap.py index b3f8009f9..abfd1be7f 100644 --- a/tests/test_ipaserver/test_ldap.py +++ b/tests/test_ipaserver/test_ldap.py @@ -31,7 +31,7 @@ from ipaserver.plugins.ldap2 import ldap2 from ipalib.plugins.service import service, service_show from ipalib.plugins.host import host import nss.nss as nss -from ipalib import api, x509, create_api +from ipalib import api, x509, create_api, errors from ipapython import ipautil from ipalib.dn import * @@ -49,7 +49,7 @@ class test_ldap(object): ('cn','services'),('cn','accounts'),api.env.basedn)) def tearDown(self): - if self.conn: + if self.conn and self.conn.isconnected(): self.conn.disconnect() def test_anonymous(self): @@ -120,3 +120,21 @@ class test_ldap(object): cert = cert[0] serial = unicode(x509.get_serial_number(cert, x509.DER)) assert serial is not None + + def test_autobind(self): + """ + Test an autobind LDAP bind using ldap2 + """ + ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % api.env.realm.replace('.','-') + self.conn = ldap2(shared_instance=False, ldap_uri=ldapuri) + try: + self.conn.connect(autobind=True) + except errors.DatabaseError, e: + if e.desc == 'Inappropriate authentication': + raise nose.SkipTest("Only executed as root") + (dn, entry_attrs) = self.conn.get_entry(self.dn, ['usercertificate']) + cert = entry_attrs.get('usercertificate') + cert = cert[0] + serial = unicode(x509.get_serial_number(cert, x509.DER)) + assert serial is not None + |