summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-02-23 10:43:40 -0500
committerRob Crittenden <rcritten@redhat.com>2011-03-03 11:02:02 -0500
commitf476c097d2ac5f0270ea3207955cd7184ffb9e1d (patch)
treea303189340b1ae907ae2fd826907ede7010b4d53
parentf785af4efea088466f8ec2259c79640b9f94e542 (diff)
downloadfreeipa-f476c097d2ac5f0270ea3207955cd7184ffb9e1d.zip
freeipa-f476c097d2ac5f0270ea3207955cd7184ffb9e1d.tar.gz
freeipa-f476c097d2ac5f0270ea3207955cd7184ffb9e1d.tar.xz
Replace only if old and new have nothing in common
Jakub did the initial diagnosis of this, I added a fix for removing the last entry when removing members and a test case. ticket 1000
-rw-r--r--ipaserver/plugins/ldap2.py2
-rw-r--r--tests/test_xmlrpc/test_replace.py204
2 files changed, 205 insertions, 1 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 568792d..ebbca60 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -798,7 +798,7 @@ class ldap2(CrudBackend, Encoder):
force_replace = False
if k in self._FORCE_REPLACE_ON_UPDATE_ATTRS or is_single_value:
force_replace = True
- elif len(adds) == 1 and len(rems) == 1:
+ elif len(v) > 0 and len(v.intersection(old_v)) == 0:
force_replace = True
if adds:
diff --git a/tests/test_xmlrpc/test_replace.py b/tests/test_xmlrpc/test_replace.py
new file mode 100644
index 0000000..715a866
--- /dev/null
+++ b/tests/test_xmlrpc/test_replace.py
@@ -0,0 +1,204 @@
+# Authors:
+# Rob Crittenden <rcritten@redhat.com>
+#
+# Copyright (C) 2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Test the modlist replace logic. Some attributes require a MOD_REPLACE
+while others are fine using ADD/DELETE.
+
+Note that member management in other tests also exercises the
+gen_modlist code.
+"""
+
+from ipalib import api, errors
+from tests.test_xmlrpc import objectclasses
+from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
+
+
+user_memberof = (u'cn=ipausers,cn=groups,cn=accounts,%s' % api.env.basedn,)
+user1=u'tuser1'
+
+
+class test_attr(Declarative):
+
+ cleanup_commands = [
+ ('user_del', [user1], {}),
+ ]
+
+ tests = [
+
+ dict(
+ desc='Create %r with 2 e-mail accounts' % user1,
+ command=(
+ 'user_add', [user1], dict(givenname=u'Test', sn=u'User1',
+ mail=[u'test1@example.com', u'test2@example.com'])
+ ),
+ expected=dict(
+ value=user1,
+ summary=u'Added user "tuser1"',
+ result=dict(
+ gecos=[user1],
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ krbprincipalname=[u'tuser1@' + api.env.realm],
+ loginshell=[u'/bin/sh'],
+ objectclass=objectclasses.user,
+ sn=[u'User1'],
+ uid=[user1],
+ uidnumber=[fuzzy_digits],
+ displayname=[u'Test User1'],
+ cn=[u'Test User1'],
+ initials=[u'TU'],
+ mail=[u'test1@example.com', u'test2@example.com'],
+ ipauniqueid=[fuzzy_uuid],
+ dn=u'uid=tuser1,cn=users,cn=accounts,' + api.env.basedn,
+ ),
+ ),
+ ),
+
+
+ dict(
+ desc='Drop one e-mail account, add another to %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(mail=[u'test1@example.com', u'test3@example.com'])
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ mail=[u'test1@example.com', u'test3@example.com'],
+ memberof_group=[u'ipausers'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
+
+ dict(
+ desc='Set mail to a new single value %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(mail=u'test4@example.com')
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ mail=[u'test4@example.com'],
+ memberof_group=[u'ipausers'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
+
+ dict(
+ desc='Set mail to three new values %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(mail=[u'test5@example.com', u'test6@example.com', u'test7@example.com'])
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ mail=[u'test6@example.com', u'test7@example.com', u'test5@example.com'],
+ memberof_group=[u'ipausers'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
+
+ dict(
+ desc='Remove all mail values %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(mail=u'')
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ memberof_group=[u'ipausers'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
+
+ dict(
+ desc='Ensure single-value mods work too, replace initials %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(initials=u'ABC')
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ initials=[u'ABC'],
+ memberof_group=[u'ipausers'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
+
+ dict(
+ desc='Drop a single-value attribute %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(initials=u'')
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ memberof_group=[u'ipausers'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
+ ]