report.html

Report generated on 09-Apr-2019 at 22:06:50 by pytest-html v1.20.0

Environment

389-ds-base 1.4.1.2-20190409git51eb5b2.fc29
Packages {'pytest': '4.4.0', 'py': '1.5.4', 'pluggy': '0.9.0'}
Platform Linux-5.0.3-200.fc29.x86_64-x86_64-with-fedora-29-Twenty_Nine
Plugins {'metadata': '1.8.0', 'html': '1.20.0'}
Python 3.7.2
cyrus-sasl 2.1.27-0.3rc7.fc29
nspr 4.21.0-1.fc29
nss 3.43.0-1.fc29
openldap 2.4.46-10.fc29

Summary

1114 tests ran in 10235.57 seconds.

999 passed, 4 skipped, 91 failed, 13 errors, 18 expected failures, 6 unexpected passes

Results

Result Test Duration Links
Error suites/attr_encryption/attr_encryption_test.py::test_basic::setup 11.06
topo = <lib389.topologies.TopologyMain object at 0x7f16af70dc88>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. attr_encryption_test.py 32 INFO Enable TLS for attribute encryption attr_encryption_test.py 35 INFO Enables attribute encryption attr_encryption_test.py 40 INFO Enables attribute encryption for employeeNumber and telephoneNumber
Error suites/attr_encryption/attr_encryption_test.py::test_export_import_ciphertext::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16af70dc88>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_export_import_plaintext::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16af70dc88>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_attr_encryption_unindexed::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16af70dc88>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_attr_encryption_multiple_backends::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16af70dc88>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_attr_encryption_backends::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16af70dc88>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/password/regression_test.py::test_global_vs_local[ZZZZZZCNpwtest1ZZZZZZZZ]::teardown 3.00
def fin():
log.info('Deleting user-{}'.format(tuser.dn))
> tuser.delete()

suites/password/regression_test.py:85:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:717: in delete
self._instance.delete_ext_s(self._dn, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:553: in delete_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (84, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access', 'info': "Insufficient 'delete' privilege to delete the entry 'uid=UIDpwtest1,ou=People,dc=example,dc=com'.\n"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INSUFFICIENT_ACCESS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off--------------------------- Captured stdout teardown ---------------------------
Instance slapd-standalone1 removed. ---------------------------- Captured log teardown -----------------------------
regression_test.py 84 INFO Deleting user-uid=UIDpwtest1,ou=People,dc=example,dc=com regression_test.py 59 INFO Reset pwpolicy configuration settings
Error suites/replication/cleanallruv_test.py::test_clean_force::teardown 64.61
def fin():
try:
# Restart the masters and rerun cleanallruv
for inst in topology_m4.ms.values():
inst.restart()

cruv_task = CleanAllRUVTask(topology_m4.ms["master1"])
cruv_task.create(properties={
'replica-id': m4rid,
'replica-base-dn': DEFAULT_SUFFIX,
'replica-force-cleaning': 'no',
})
cruv_task.wait()
except ldap.UNWILLING_TO_PERFORM:
# In some casse we already cleaned rid4, so if we fail, it's okay
pass
> restore_master4(topology_m4)

suites/replication/cleanallruv_test.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/replication/cleanallruv_test.py:135: in restore_master4
repl.join_master(topology_m4.ms["master1"], topology_m4.ms["master4"])
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1581: in join_master
self.test_replication(to_instance, from_instance)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1945: in test_replication
self.wait_for_replication(from_instance, to_instance, timeout)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicationManager object at 0x7f16acb755c0>
from_instance = <lib389.DirSrv object at 0x7f16acc08ac8>
to_instance = <lib389.DirSrv object at 0x7f16acb45b00>, timeout = 20

def wait_for_replication(self, from_instance, to_instance, timeout=20):
"""Wait for a replication event to occur from instance to instance. This
shows some point of synchronisation has occured.

:param from_instance: The instance whos state we we want to check from
:type from_instance: lib389.DirSrv
:param to_instance: The instance whos state we want to check matches from.
:type to_instance: lib389.DirSrv
:param timeout: Fail after timeout seconds.
:type timeout: int

"""
# Touch something then wait_for_replication.
from_groups = Groups(from_instance, basedn=self._suffix, rdn=None)
to_groups = Groups(to_instance, basedn=self._suffix, rdn=None)
from_group = from_groups.get('replication_managers')
to_group = to_groups.get('replication_managers')

change = str(uuid.uuid4())

from_group.replace('description', change)

for i in range(0, timeout):
desc = to_group.get_attr_val_utf8('description')
if change == desc:
self._log.info("SUCCESS: Replication from %s to %s is working" % (from_instance.ldapuri, to_instance.ldapuri))
return True
time.sleep(1)
> raise Exception("Replication did not sync in time!")
E Exception: Replication did not sync in time!

/usr/local/lib/python3.7/site-packages/lib389/replica.py:1929: Exception
------------------------------ Captured log setup ------------------------------
cleanallruv_test.py 149 DEBUG Wait a bit before the reset - it is required for the slow machines cleanallruv_test.py 151 DEBUG -------------- BEGIN RESET of m4 ----------------- replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39003 is working cleanallruv_test.py 177 DEBUG -------------- FINISH RESET of m4 ----------------------------------------------- Captured log call -------------------------------
cleanallruv_test.py 318 INFO Running test_clean_force... cleanallruv_test.py 68 INFO test_clean_force: remove all the agreements to master 4... cleanallruv_test.py 336 INFO test_clean: run the cleanAllRUV task... cleanallruv_test.py 346 INFO test_clean_force: check all the masters have been cleaned... cleanallruv_test.py 350 INFO test_clean_force PASSED, restoring master 4...---------------------------- Captured log teardown -----------------------------
replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39004 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39004 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working
Error suites/replication/cleanallruv_test.py::test_abort::setup 34.15
request = <SubRequest 'm4rid' for <Function test_abort>>
topology_m4 = <lib389.topologies.TopologyMain object at 0x7f16ac7665c0>

@pytest.fixture()
def m4rid(request, topology_m4):
log.debug("Wait a bit before the reset - it is required for the slow machines")
time.sleep(5)
log.debug("-------------- BEGIN RESET of m4 -----------------")
repl = ReplicationManager(DEFAULT_SUFFIX)
> repl.test_replication_topology(topology_m4.ms.values())

suites/replication/cleanallruv_test.py:153:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1959: in test_replication_topology
self.test_replication(a, b, timeout)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1945: in test_replication
self.wait_for_replication(from_instance, to_instance, timeout)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicationManager object at 0x7f16ac82ff28>
from_instance = <lib389.DirSrv object at 0x7f16acc08ac8>
to_instance = <lib389.DirSrv object at 0x7f16acb45b00>, timeout = 20

def wait_for_replication(self, from_instance, to_instance, timeout=20):
"""Wait for a replication event to occur from instance to instance. This
shows some point of synchronisation has occured.

:param from_instance: The instance whos state we we want to check from
:type from_instance: lib389.DirSrv
:param to_instance: The instance whos state we want to check matches from.
:type to_instance: lib389.DirSrv
:param timeout: Fail after timeout seconds.
:type timeout: int

"""
# Touch something then wait_for_replication.
from_groups = Groups(from_instance, basedn=self._suffix, rdn=None)
to_groups = Groups(to_instance, basedn=self._suffix, rdn=None)
from_group = from_groups.get('replication_managers')
to_group = to_groups.get('replication_managers')

change = str(uuid.uuid4())

from_group.replace('description', change)

for i in range(0, timeout):
desc = to_group.get_attr_val_utf8('description')
if change == desc:
self._log.info("SUCCESS: Replication from %s to %s is working" % (from_instance.ldapuri, to_instance.ldapuri))
return True
time.sleep(1)
> raise Exception("Replication did not sync in time!")
E Exception: Replication did not sync in time!

/usr/local/lib/python3.7/site-packages/lib389/replica.py:1929: Exception
------------------------------ Captured log setup ------------------------------
cleanallruv_test.py 149 DEBUG Wait a bit before the reset - it is required for the slow machines cleanallruv_test.py 151 DEBUG -------------- BEGIN RESET of m4 ----------------- replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working
Error suites/replication/cleanallruv_test.py::test_abort_restart::setup 34.16
request = <SubRequest 'm4rid' for <Function test_abort_restart>>
topology_m4 = <lib389.topologies.TopologyMain object at 0x7f16ac7665c0>

@pytest.fixture()
def m4rid(request, topology_m4):
log.debug("Wait a bit before the reset - it is required for the slow machines")
time.sleep(5)
log.debug("-------------- BEGIN RESET of m4 -----------------")
repl = ReplicationManager(DEFAULT_SUFFIX)
> repl.test_replication_topology(topology_m4.ms.values())

suites/replication/cleanallruv_test.py:153:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1959: in test_replication_topology
self.test_replication(a, b, timeout)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1945: in test_replication
self.wait_for_replication(from_instance, to_instance, timeout)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicationManager object at 0x7f16ac9f3eb8>
from_instance = <lib389.DirSrv object at 0x7f16acc08ac8>
to_instance = <lib389.DirSrv object at 0x7f16acb45b00>, timeout = 20

def wait_for_replication(self, from_instance, to_instance, timeout=20):
"""Wait for a replication event to occur from instance to instance. This
shows some point of synchronisation has occured.

:param from_instance: The instance whos state we we want to check from
:type from_instance: lib389.DirSrv
:param to_instance: The instance whos state we want to check matches from.
:type to_instance: lib389.DirSrv
:param timeout: Fail after timeout seconds.
:type timeout: int

"""
# Touch something then wait_for_replication.
from_groups = Groups(from_instance, basedn=self._suffix, rdn=None)
to_groups = Groups(to_instance, basedn=self._suffix, rdn=None)
from_group = from_groups.get('replication_managers')
to_group = to_groups.get('replication_managers')

change = str(uuid.uuid4())

from_group.replace('description', change)

for i in range(0, timeout):
desc = to_group.get_attr_val_utf8('description')
if change == desc:
self._log.info("SUCCESS: Replication from %s to %s is working" % (from_instance.ldapuri, to_instance.ldapuri))
return True
time.sleep(1)
> raise Exception("Replication did not sync in time!")
E Exception: Replication did not sync in time!

/usr/local/lib/python3.7/site-packages/lib389/replica.py:1929: Exception
------------------------------ Captured log setup ------------------------------
cleanallruv_test.py 149 DEBUG Wait a bit before the reset - it is required for the slow machines cleanallruv_test.py 151 DEBUG -------------- BEGIN RESET of m4 ----------------- replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working
Error suites/replication/cleanallruv_test.py::test_abort_certify::setup 34.21
request = <SubRequest 'm4rid' for <Function test_abort_certify>>
topology_m4 = <lib389.topologies.TopologyMain object at 0x7f16ac7665c0>

@pytest.fixture()
def m4rid(request, topology_m4):
log.debug("Wait a bit before the reset - it is required for the slow machines")
time.sleep(5)
log.debug("-------------- BEGIN RESET of m4 -----------------")
repl = ReplicationManager(DEFAULT_SUFFIX)
> repl.test_replication_topology(topology_m4.ms.values())

suites/replication/cleanallruv_test.py:153:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1959: in test_replication_topology
self.test_replication(a, b, timeout)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1945: in test_replication
self.wait_for_replication(from_instance, to_instance, timeout)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicationManager object at 0x7f16acce7be0>
from_instance = <lib389.DirSrv object at 0x7f16acc08ac8>
to_instance = <lib389.DirSrv object at 0x7f16acb45b00>, timeout = 20

def wait_for_replication(self, from_instance, to_instance, timeout=20):
"""Wait for a replication event to occur from instance to instance. This
shows some point of synchronisation has occured.

:param from_instance: The instance whos state we we want to check from
:type from_instance: lib389.DirSrv
:param to_instance: The instance whos state we want to check matches from.
:type to_instance: lib389.DirSrv
:param timeout: Fail after timeout seconds.
:type timeout: int

"""
# Touch something then wait_for_replication.
from_groups = Groups(from_instance, basedn=self._suffix, rdn=None)
to_groups = Groups(to_instance, basedn=self._suffix, rdn=None)
from_group = from_groups.get('replication_managers')
to_group = to_groups.get('replication_managers')

change = str(uuid.uuid4())

from_group.replace('description', change)

for i in range(0, timeout):
desc = to_group.get_attr_val_utf8('description')
if change == desc:
self._log.info("SUCCESS: Replication from %s to %s is working" % (from_instance.ldapuri, to_instance.ldapuri))
return True
time.sleep(1)
> raise Exception("Replication did not sync in time!")
E Exception: Replication did not sync in time!

/usr/local/lib/python3.7/site-packages/lib389/replica.py:1929: Exception
------------------------------ Captured log setup ------------------------------
cleanallruv_test.py 149 DEBUG Wait a bit before the reset - it is required for the slow machines cleanallruv_test.py 151 DEBUG -------------- BEGIN RESET of m4 ----------------- replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working
Error suites/replication/cleanallruv_test.py::test_stress_clean::setup 34.26
request = <SubRequest 'm4rid' for <Function test_stress_clean>>
topology_m4 = <lib389.topologies.TopologyMain object at 0x7f16ac7665c0>

@pytest.fixture()
def m4rid(request, topology_m4):
log.debug("Wait a bit before the reset - it is required for the slow machines")
time.sleep(5)
log.debug("-------------- BEGIN RESET of m4 -----------------")
repl = ReplicationManager(DEFAULT_SUFFIX)
> repl.test_replication_topology(topology_m4.ms.values())

suites/replication/cleanallruv_test.py:153:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1959: in test_replication_topology
self.test_replication(a, b, timeout)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1945: in test_replication
self.wait_for_replication(from_instance, to_instance, timeout)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicationManager object at 0x7f16acb79940>
from_instance = <lib389.DirSrv object at 0x7f16acc08ac8>
to_instance = <lib389.DirSrv object at 0x7f16acb45b00>, timeout = 20

def wait_for_replication(self, from_instance, to_instance, timeout=20):
"""Wait for a replication event to occur from instance to instance. This
shows some point of synchronisation has occured.

:param from_instance: The instance whos state we we want to check from
:type from_instance: lib389.DirSrv
:param to_instance: The instance whos state we want to check matches from.
:type to_instance: lib389.DirSrv
:param timeout: Fail after timeout seconds.
:type timeout: int

"""
# Touch something then wait_for_replication.
from_groups = Groups(from_instance, basedn=self._suffix, rdn=None)
to_groups = Groups(to_instance, basedn=self._suffix, rdn=None)
from_group = from_groups.get('replication_managers')
to_group = to_groups.get('replication_managers')

change = str(uuid.uuid4())

from_group.replace('description', change)

for i in range(0, timeout):
desc = to_group.get_attr_val_utf8('description')
if change == desc:
self._log.info("SUCCESS: Replication from %s to %s is working" % (from_instance.ldapuri, to_instance.ldapuri))
return True
time.sleep(1)
> raise Exception("Replication did not sync in time!")
E Exception: Replication did not sync in time!

/usr/local/lib/python3.7/site-packages/lib389/replica.py:1929: Exception
------------------------------ Captured log setup ------------------------------
cleanallruv_test.py 149 DEBUG Wait a bit before the reset - it is required for the slow machines cleanallruv_test.py 151 DEBUG -------------- BEGIN RESET of m4 ----------------- replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working
Error suites/replication/cleanallruv_test.py::test_multiple_tasks_with_force::setup 34.16
request = <SubRequest 'm4rid' for <Function test_multiple_tasks_with_force>>
topology_m4 = <lib389.topologies.TopologyMain object at 0x7f16ac7665c0>

@pytest.fixture()
def m4rid(request, topology_m4):
log.debug("Wait a bit before the reset - it is required for the slow machines")
time.sleep(5)
log.debug("-------------- BEGIN RESET of m4 -----------------")
repl = ReplicationManager(DEFAULT_SUFFIX)
> repl.test_replication_topology(topology_m4.ms.values())

suites/replication/cleanallruv_test.py:153:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1959: in test_replication_topology
self.test_replication(a, b, timeout)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1945: in test_replication
self.wait_for_replication(from_instance, to_instance, timeout)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicationManager object at 0x7f16ac82fda0>
from_instance = <lib389.DirSrv object at 0x7f16acc08ac8>
to_instance = <lib389.DirSrv object at 0x7f16acb45b00>, timeout = 20

def wait_for_replication(self, from_instance, to_instance, timeout=20):
"""Wait for a replication event to occur from instance to instance. This
shows some point of synchronisation has occured.

:param from_instance: The instance whos state we we want to check from
:type from_instance: lib389.DirSrv
:param to_instance: The instance whos state we want to check matches from.
:type to_instance: lib389.DirSrv
:param timeout: Fail after timeout seconds.
:type timeout: int

"""
# Touch something then wait_for_replication.
from_groups = Groups(from_instance, basedn=self._suffix, rdn=None)
to_groups = Groups(to_instance, basedn=self._suffix, rdn=None)
from_group = from_groups.get('replication_managers')
to_group = to_groups.get('replication_managers')

change = str(uuid.uuid4())

from_group.replace('description', change)

for i in range(0, timeout):
desc = to_group.get_attr_val_utf8('description')
if change == desc:
self._log.info("SUCCESS: Replication from %s to %s is working" % (from_instance.ldapuri, to_instance.ldapuri))
return True
time.sleep(1)
> raise Exception("Replication did not sync in time!")
E Exception: Replication did not sync in time!

/usr/local/lib/python3.7/site-packages/lib389/replica.py:1929: Exception
------------------------------ Captured log setup ------------------------------
cleanallruv_test.py 149 DEBUG Wait a bit before the reset - it is required for the slow machines cleanallruv_test.py 151 DEBUG -------------- BEGIN RESET of m4 ----------------- replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working
Failed suites/ds_logs/ds_logs_test.py::test_internal_log_level_260 4.37
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ae47a2e8>
add_user_log_level_260 = None

@pytest.mark.bz1358706
@pytest.mark.ds49029
def test_internal_log_level_260(topology_st, add_user_log_level_260):
"""Tests client initiated operations when automember plugin is enabled
:id: e68a303e-c037-42b2-a5a0-fbea27c338a9
:setup: Standalone instance with internal operation
logging on and nsslapd-plugin-logging to on
:steps:
1. Configure access log level to 260 (4 + 256)
2. Set nsslapd-plugin-logging to on
3. Enable Referential Integrity and automember plugins
4. Restart the server
5. Add a test group
6. Add a test user and add it as member of the test group
7. Rename the test user
8. Delete the test user
9. Check the access logs for nested internal operation logs
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should be successful
8. Operation should be successful
9. Access log should contain internal info about operations of the user
"""

topo = topology_st.standalone

log.info('Restart the server to flush the logs')
topo.restart()

# These comments contain lines we are trying to find without regex
log.info("Check the access logs for ADD operation of the user")
# op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com"
> assert topo.ds_access_log.match(r'.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
E assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>>('.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>> = <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>.match
E + where <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50> = <lib389.DirSrv object at 0x7f16ae01c9b0>.ds_access_log

suites/ds_logs/ds_logs_test.py:398: AssertionError
------------------------------ Captured log setup ------------------------------
ds_logs_test.py 97 INFO Enable automember plugin ds_logs_test.py 101 INFO Enable Referential Integrity plugin ds_logs_test.py 105 INFO Set nsslapd-plugin-logging to on ds_logs_test.py 108 INFO Restart the server ds_logs_test.py 114 INFO Configure access log level to 260 (4 + 256) ds_logs_test.py 81 INFO Renaming user ds_logs_test.py 84 INFO Delete the user ds_logs_test.py 87 INFO Delete automember entry, org. unit and group for the next test------------------------------ Captured log call -------------------------------
ds_logs_test.py 392 INFO Restart the server to flush the logs ds_logs_test.py 396 INFO Check the access logs for ADD operation of the user
Failed suites/ds_logs/ds_logs_test.py::test_internal_log_level_131076 4.35
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ae47a2e8>
add_user_log_level_131076 = None

@pytest.mark.bz1358706
@pytest.mark.ds49029
def test_internal_log_level_131076(topology_st, add_user_log_level_131076):
"""Tests client-initiated operations while referential integrity plugin is enabled
:id: 44836ac9-dabd-4a8c-abd5-ecd7c2509739
:setup: Standalone instance
Configure access log level to - 131072 + 4
Set nsslapd-plugin-logging to on
:steps:
1. Configure access log level to 131076
2. Set nsslapd-plugin-logging to on
3. Enable Referential Integrity and automember plugins
4. Restart the server
5. Add a test group
6. Add a test user and add it as member of the test group
7. Rename the test user
8. Delete the test user
9. Check the access logs for nested internal operation logs
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should be successful
8. Operation should be successful
9. Access log should contain internal info about operations of the user
"""

topo = topology_st.standalone

log.info('Restart the server to flush the logs')
topo.restart()

# These comments contain lines we are trying to find without regex
log.info("Check the access logs for ADD operation of the user")
# op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com"
assert not topo.ds_access_log.match(r'.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
# (Internal) op=10(1)(1) MOD dn="cn=group,ou=Groups,dc=example,dc=com"
> assert topo.ds_access_log.match(r'.*\(Internal\) op=10\(1\)\(1\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>>('.*\\(Internal\\) op=10\\(1\\)\\(1\\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>> = <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>.match
E + where <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50> = <lib389.DirSrv object at 0x7f16ae01c9b0>.ds_access_log

suites/ds_logs/ds_logs_test.py:483: AssertionError
------------------------------ Captured log setup ------------------------------
ds_logs_test.py 130 INFO Configure access log level to 131076 (4 + 131072) ds_logs_test.py 81 INFO Renaming user ds_logs_test.py 84 INFO Delete the user ds_logs_test.py 87 INFO Delete automember entry, org. unit and group for the next test------------------------------ Captured log call -------------------------------
ds_logs_test.py 475 INFO Restart the server to flush the logs ds_logs_test.py 479 INFO Check the access logs for ADD operation of the user
Failed suites/ds_logs/ds_logs_test.py::test_internal_log_level_516 4.36
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ae47a2e8>
add_user_log_level_516 = None

@pytest.mark.bz1358706
@pytest.mark.ds49029
def test_internal_log_level_516(topology_st, add_user_log_level_516):
"""Tests client initiated operations when referential integrity plugin is enabled
:id: bee1d681-763d-4fa5-aca2-569cf93f8b71
:setup: Standalone instance
Configure access log level to - 512+4
Set nsslapd-plugin-logging to on
:steps:
1. Configure access log level to 516
2. Set nsslapd-plugin-logging to on
3. Enable Referential Integrity and automember plugins
4. Restart the server
5. Add a test group
6. Add a test user and add it as member of the test group
7. Rename the test user
8. Delete the test user
9. Check the access logs for nested internal operation logs
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should be successful
8. Operation should be successful
9. Access log should contain internal info about operations of the user
"""

topo = topology_st.standalone

log.info('Restart the server to flush the logs')
topo.restart()

# These comments contain lines we are trying to find without regex
log.info("Check the access logs for ADD operation of the user")
# op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com"
assert not topo.ds_access_log.match(r'.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
# (Internal) op=10(1)(1) MOD dn="cn=group,ou=Groups,dc=example,dc=com"
> assert topo.ds_access_log.match(r'.*\(Internal\) op=10\(1\)\(1\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>>('.*\\(Internal\\) op=10\\(1\\)\\(1\\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>> = <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50>.match
E + where <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f16ae9b2c50> = <lib389.DirSrv object at 0x7f16ae01c9b0>.ds_access_log

suites/ds_logs/ds_logs_test.py:565: AssertionError
------------------------------ Captured log setup ------------------------------
ds_logs_test.py 122 INFO Configure access log level to 516 (4 + 512) ds_logs_test.py 81 INFO Renaming user ds_logs_test.py 84 INFO Delete the user ds_logs_test.py 87 INFO Delete automember entry, org. unit and group for the next test------------------------------ Captured log call -------------------------------
ds_logs_test.py 557 INFO Restart the server to flush the logs ds_logs_test.py 561 INFO Check the access logs for ADD operation of the user
Failed suites/dynamic_plugins/dynamic_plugins_test.py::test_acceptance 5.16
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ae941b38>

def test_acceptance(topology_m2):
"""Exercise each plugin and its main features, while
changing the configuration without restarting the server.

:id: 96136538-0151-4b09-9933-0e0cbf2c786c
:setup: 2 Master Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Go through all plugin basic functionality
5. Resume replication
6. Go through all plugin basic functionality again
7. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""

m1 = topology_m2.ms["master1"]
msg = ' (no replication)'
replication_run = False

# First part of the test should be without replication
topology_m2.pause_all_replicas()

# First enable dynamic plugins
m1.config.replace('nsslapd-dynamic-plugins', 'on')

# Test that critical plugins can be updated even though the change might not be applied
ldbm_config = LDBMConfig(m1)
ldbm_config.replace('description', 'test')

while True:
# First run the tests with replication disabled, then rerun them with replication set up

############################################################################
# Test plugin functionality
############################################################################

log.info('####################################################################')
log.info('Testing Dynamic Plugins Functionality' + msg + '...')
log.info('####################################################################\n')

> acceptance_test.check_all_plugins(topology_m2)

suites/dynamic_plugins/dynamic_plugins_test.py:119:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/acceptance_test.py:1797: in check_all_plugins
func(topo, args)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topo = <lib389.topologies.TopologyMain object at 0x7f16ae941b38>
args = 'online'

def test_linkedattrs(topo, args=None):
"""Test Linked Attributes basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d804
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Add a config entry for directReport
4. Add test entries
5. Add the linked attrs config entry
6. User1 - Set "directReport" to user2
7. See if manager was added to the other entry
8. User1 - Remove "directReport"
9. See if manager was removed
10. Change the config - using linkType "indirectReport" now
11. Make sure the old linkType(directManager) is not working
12. See if manager was added to the other entry, better not be...
13. Now, set the new linkType "indirectReport", which should add "manager" to the other entry
14. See if manager was added to the other entry, better not be
15. Remove "indirectReport" should remove "manager" to the other entry
16. See if manager was removed
17. Disable plugin and make some updates that would of triggered the plugin
18. The entry should not have a manager attribute
19. Enable the plugin and rerun the task entry
20. Add the task again
21. Check if user2 now has a manager attribute now
22. Check nsslapd-plugin-depends-on-named for the plugin
23. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
18. Success
19. Success
20. Success
21. Success
22. Success
23. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = LinkedAttributesPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_LINKED_ATTRS + '...')

############################################################################
# Configure plugin
############################################################################

# Add test entries
users = UserAccounts(inst, DEFAULT_SUFFIX)
user1 = users.create_test_user(uid=1001)
user1.add('objectclass', 'extensibleObject')
user2 = users.create_test_user(uid=1002)
user2.add('objectclass', 'extensibleObject')

# Add the linked attrs config entry
la_configs = LinkedAttributesConfigs(inst)
la_config = la_configs.create(properties={'cn': 'config',
'linkType': 'directReport',
'managedType': 'manager'})

############################################################################
# Test plugin
############################################################################
# Set "directReport" should add "manager" to the other entry
user1.replace('directReport', user2.dn)

# See if manager was added to the other entry
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert entries

# Remove "directReport" should remove "manager" to the other entry
user1.remove_all('directReport')

# See if manager was removed
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

############################################################################
# Change the config - using linkType "indirectReport" now
############################################################################
la_config.replace('linkType', 'indirectReport')

############################################################################
# Test plugin
############################################################################
# Make sure the old linkType(directManager) is not working
user1.replace('directReport', user2.dn)

# See if manager was added to the other entry, better not be...
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

# Now, set the new linkType "indirectReport", which should add "manager" to the other entry
user1.replace('indirectReport', user2.dn)

# See if manager was added to the other entry, better not be
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert entries

# Remove "indirectReport" should remove "manager" to the other entry
user1.remove_all('indirectReport')

# See if manager was removed
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

############################################################################
# Test Fixup Task
############################################################################
# Disable plugin and make some updates that would of triggered the plugin
plugin.disable()

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

user1.replace('indirectReport', user2.dn)

# The entry should not have a manager attribute
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

# Enable the plugin and rerun the task entry
plugin.enable()

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

# Add the task again
> task = plugin.fixup(DEFAULT_SUFFIX, 'objectclass=top')
E TypeError: fixup() takes 2 positional arguments but 3 were given

suites/plugins/acceptance_test.py:775: TypeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists
Failed suites/dynamic_plugins/dynamic_plugins_test.py::test_memory_corruption 5.76
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ae941b38>

def test_memory_corruption(topology_m2):
"""Check the plugins for memory corruption issues while
dynamic plugins option is enabled

:id: 96136538-0151-4b09-9933-0e0cbf2c7862
:setup: 2 Master Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Restart the plugin many times in a linked list fashion
restarting previous and preprevious plugins in the list of all plugins
5. Run the functional test
6. Repeat 4 and 5 steps for all plugins
7. Resume replication
8. Go through 4-6 steps once more
9. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""


m1 = topology_m2.ms["master1"]
msg = ' (no replication)'
replication_run = False

# First part of the test should be without replication
topology_m2.pause_all_replicas()

# First enable dynamic plugins
m1.config.replace('nsslapd-dynamic-plugins', 'on')

# Test that critical plugins can be updated even though the change might not be applied
ldbm_config = LDBMConfig(m1)
ldbm_config.replace('description', 'test')

while True:
# First run the tests with replication disabled, then rerun them with replication set up

############################################################################
# Test the stability by exercising the internal lists, callabcks, and task handlers
############################################################################

log.info('####################################################################')
log.info('Testing Dynamic Plugins for Memory Corruption' + msg + '...')
log.info('####################################################################\n')
prev_plugin_test = None
prev_prev_plugin_test = None

for plugin_test in acceptance_test.func_tests:
#
# Restart the plugin several times (and prev plugins) - work that linked list
#
plugin_test(topology_m2, "restart")

if prev_prev_plugin_test:
prev_prev_plugin_test(topology_m2, "restart")

plugin_test(topology_m2, "restart")

if prev_plugin_test:
prev_plugin_test(topology_m2, "restart")

plugin_test(topology_m2, "restart")

# Now run the functional test
> plugin_test(topology_m2, "dynamic")

suites/dynamic_plugins/dynamic_plugins_test.py:216:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/acceptance_test.py:694: in test_linkedattrs
user1 = users.create_test_user(uid=1001)
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:864: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:840: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16adf63b38>
func = <built-in method result4 of LDAP object at 0x7f16ae842120>
args = (317, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/dynamic_plugins/dynamic_plugins_test.py::test_stress 4.55
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ae941b38>

def test_stress(topology_m2):
"""Test plugins while under a big load. Perform the test 5 times

:id: 96136538-0151-4b09-9933-0e0cbf2c7863
:setup: 2 Master Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Do one run through all tests
5. Enable Referential integrity and MemberOf plugins
6. Launch three new threads to add a bunch of users
7. While we are adding users restart the MemberOf and
Linked Attributes plugins many times
8. Wait for the 'adding' threads to complete
9. Now launch three threads to delete the users
10. Restart both the MemberOf, Referential integrity and
Linked Attributes plugins during these deletes
11. Wait for the 'deleting' threads to complete
12. Now make sure both the MemberOf and Referential integrity plugins still work correctly
13. Cleanup the stress tests (delete the group entry)
14. Perform 4-13 steps five times
15. Resume replication
16. Go through 4-14 steps once more
17. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
"""

m1 = topology_m2.ms["master1"]
msg = ' (no replication)'
replication_run = False
stress_max_runs = 5

# First part of the test should be without replication
topology_m2.pause_all_replicas()

# First enable dynamic plugins
m1.config.replace('nsslapd-dynamic-plugins', 'on')

# Test that critical plugins can be updated even though the change might not be applied
ldbm_config = LDBMConfig(m1)
ldbm_config.replace('description', 'test')

while True:
# First run the tests with replication disabled, then rerun them with replication set up

log.info('Do one run through all tests ' + msg + '...')
> acceptance_test.check_all_plugins(topology_m2)

suites/dynamic_plugins/dynamic_plugins_test.py:308:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/acceptance_test.py:1797: in check_all_plugins
func(topo, args)
suites/plugins/acceptance_test.py:694: in test_linkedattrs
user1 = users.create_test_user(uid=1001)
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:864: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:840: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16adf63b38>
func = <built-in method result4 of LDAP object at 0x7f16ae842120>
args = (419, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/import/regression_test.py::test_import_be_default 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16aedfdcf8>

def test_import_be_default(topo):
""" Create a backend using the name "default". previously this name was
used int

:id: 8e507beb-e917-4330-8cac-1ff0eee10508
:feature: Import
:setup: Standalone instance
:steps:
1. Create a test suffix using the be name of "default"
2. Create an ldif for the "default" backend
3. Import ldif
4. Verify all entries were imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
log.info('Adding suffix:{} and backend: {}...'.format(TEST_DEFAULT_SUFFIX,
TEST_DEFAULT_NAME))
backends = Backends(topo.standalone)
backends.create(properties={BACKEND_SUFFIX: TEST_DEFAULT_SUFFIX,
> BACKEND_NAME: TEST_DEFAULT_NAME})

suites/import/regression_test.py:54:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f16ae6ff940>, dn = None
properties = {'name': 'default', 'suffix': 'dc=default,dc=com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
regression_test.py 51 INFO Adding suffix:dc=default,dc=com and backend: default...
Failed suites/import/regression_test.py::test_del_suffix_import 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16aedfdcf8>

def test_del_suffix_import(topo):
"""Adding a database entry fails if the same database was deleted after an import

:id: 652421ef-738b-47ed-80ec-2ceece6b5d77
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add few entries
2. Stop the server and do offline import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Check if adding the same database name is a success
:expectedresults: Adding database with the same name should be successful
"""

log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX1, TEST_BACKEND1))
backends = Backends(topo.standalone)
> backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX1, BACKEND_NAME: TEST_BACKEND1})

suites/import/regression_test.py:92:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f16aee08400>, dn = None
properties = {'name': 'importest1', 'suffix': 'dc=importest1,dc=com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log call -------------------------------
regression_test.py 90 INFO Adding suffix:dc=importest1,dc=com and backend: importest1
Failed suites/import/regression_test.py::test_del_suffix_backend 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16aedfdcf8>

def test_del_suffix_backend(topo):
"""Adding a database entry fails if the same database was deleted after an import

:id: ac702c35-74b6-434e-8e30-316433f3e91a
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add entries
2. Stop the server and do online import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Restart the server and check the status
:expectedresults: Adding database with the same name should be successful and the server should not hang
"""

log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX2, TEST_BACKEND2))
backends = Backends(topo.standalone)
> backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX2, BACKEND_NAME: TEST_BACKEND2})

suites/import/regression_test.py:128:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f16aedf47b8>, dn = None
properties = {'name': 'importest2', 'suffix': 'dc=importest2,dc=com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log call -------------------------------
regression_test.py 126 INFO Adding suffix:dc=importest2,dc=com and backend: importest2
Failed suites/password/regression_test.py::test_pwp_local_unlock 0.11
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>

def test_pwp_local_unlock(topo, passw_policy, create_user):
"""Test subtree policies use the same global default for passwordUnlock

:id: 741a8417-5f65-4012-b9ed-87987ce3ca1b
:setup: Standalone instance
:steps:
1. Test user can bind
2. Bind with bad passwords to lockout account, and verify account is locked
3. Wait for lockout interval, and bind with valid password
:expectedresults:
1. Bind successful
2. Entry is locked
3. Entry can bind with correct password
"""
# Add aci so users can change their own password
USER_ACI = '(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)'
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou = ous.get('people')
ou.add('aci', USER_ACI)

log.info("Verify user can bind...")
create_user.bind(PASSWORD)

log.info('Test passwordUnlock default - user should be able to reset password after lockout')
for i in range(0, 2):
try:
create_user.bind("bad-password")
except ldap.INVALID_CREDENTIALS:
# expected
pass
except ldap.LDAPError as e:
log.fatal("Got unexpected failure: " + str(e))
raise e

log.info('Verify account is locked')
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
> create_user.bind(PASSWORD)
E Failed: DID NOT RAISE <class 'ldap.CONSTRAINT_VIOLATION'>

suites/password/regression_test.py:127: Failed
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. regression_test.py 42 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to on regression_test.py 49 INFO Configure subtree password policy for ou=people,dc=example,dc=com regression_test.py 72 INFO Adding user-uid=UIDpwtest1,ou=people,dc=example,dc=com------------------------------ Captured log call -------------------------------
regression_test.py 111 INFO Verify user can bind... regression_test.py 114 INFO Test passwordUnlock default - user should be able to reset password after lockout regression_test.py 125 INFO Verify account is locked
Failed suites/password/regression_test.py::test_trivial_passw_check[CNpwtest1] 0.28
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

create_user.rebind(PASSWORD)
log.info('Replace userPassword attribute with {}'.format(user_pasw))
with pytest.raises(ldap.CONSTRAINT_VIOLATION) as excinfo:
create_user.reset_password(user_pasw)
> log.fatal('Failed: Userpassword with {} is accepted'.format(user_pasw))
E Failed: DID NOT RAISE <class 'ldap.CONSTRAINT_VIOLATION'>

suites/password/regression_test.py:159: Failed
------------------------------ Captured log call -------------------------------
regression_test.py 156 INFO Replace userPassword attribute with CNpwtest1 regression_test.py 159 CRITICAL Failed: Userpassword with CNpwtest1 is accepted
Failed suites/password/regression_test.py::test_trivial_passw_check[SNpwtest1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'SNpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (17, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[UIDpwtest1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'UIDpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (18, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[MAILpwtest1@redhat.com] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'MAILpwtest1@redhat.com'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (19, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[GNpwtest1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'GNpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (20, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[CNpwtest1ZZZZ] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1ZZZZ'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (21, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZZZZZCNpwtest1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZZZCNpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (22, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZCNpwtest1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZCNpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (23, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[CNpwtest1Z] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1Z'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (24, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZCNpwtest1Z] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZCNpwtest1Z'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (25, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZZCNpwtest1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZCNpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (26, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[CNpwtest1ZZ] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1ZZ'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (27, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZZCNpwtest1ZZ] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZCNpwtest1ZZ'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (28, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZZZCNpwtest1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZCNpwtest1'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (29, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[CNpwtest1ZZZ] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1ZZZ'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (30, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZZZCNpwtest1ZZZ] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZCNpwtest1ZZZ'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (31, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_trivial_passw_check[ZZZZZZCNpwtest1ZZZZZZZZ] 0.03
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZZZZCNpwtest1ZZZZZZZZ'

@pytest.mark.bz1465600
@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_trivial_passw_check(topo, passw_policy, create_user, user_pasw):
"""PasswordCheckSyntax attribute fails to validate cn, sn, uid, givenname, ou and mail attributes

:id: bf9fe1ef-56cb-46a3-a6f8-5530398a06dc
:setup: Standalone instance.
:steps:
1. Configure local password policy with PasswordCheckSyntax set to on.
2. Add users with cn, sn, uid, givenname, mail and userPassword attributes.
3. Configure subtree password policy for ou=people subtree.
4. Reset userPassword with trivial values like cn, sn, uid, givenname, ou and mail attributes.
:expectedresults:
1. Enabling PasswordCheckSyntax should PASS.
2. Add users should PASS.
3. Configure subtree password policy should PASS.
4. Resetting userPassword to cn, sn, uid and mail should be rejected.
"""

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (32, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
Failed suites/password/regression_test.py::test_global_vs_local[CNpwtest1] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (35, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[SNpwtest1] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'SNpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (38, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[UIDpwtest1] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'UIDpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (41, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[MAILpwtest1@redhat.com] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'MAILpwtest1@redhat.com'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (44, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[GNpwtest1] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'GNpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (47, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[CNpwtest1ZZZZ] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1ZZZZ'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (50, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZZZZZCNpwtest1] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZZZCNpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (53, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZCNpwtest1] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZCNpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (56, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[CNpwtest1Z] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1Z'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (59, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZCNpwtest1Z] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZCNpwtest1Z'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (62, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZZCNpwtest1] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZCNpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (65, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[CNpwtest1ZZ] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1ZZ'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (68, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZZCNpwtest1ZZ] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZCNpwtest1ZZ'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (71, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZZZCNpwtest1] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZCNpwtest1'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (74, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[CNpwtest1ZZZ] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'CNpwtest1ZZZ'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (77, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZZZCNpwtest1ZZZ] 0.12
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZCNpwtest1ZZZ'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (80, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/password/regression_test.py::test_global_vs_local[ZZZZZZCNpwtest1ZZZZZZZZ] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f16aec8cb70>
passw_policy = None
create_user = <lib389.idm.user.UserAccount object at 0x7f16ae6e7e10>
user_pasw = 'ZZZZZZCNpwtest1ZZZZZZZZ'

@pytest.mark.parametrize("user_pasw", TEST_PASSWORDS)
def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
"""Passwords rejected if its similar to uid, cn, sn, givenname, ou and mail attributes

:id: dfd6cf5d-8bcd-4895-a691-a43ad9ec1be8
:setup: Standalone instance
:steps:
1. Configure global password policy with PasswordCheckSyntax set to off
2. Add users with cn, sn, uid, mail, givenname and userPassword attributes
3. Replace userPassword similar to cn, sn, uid, givenname, ou and mail attributes
:expectedresults:
1. Disabling the local policy should PASS.
2. Add users should PASS.
3. Resetting userPasswords similar to cn, sn, uid, givenname, ou and mail attributes should PASS.
"""

log.info('Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off')
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
topo.standalone.config.set('nsslapd-pwpolicy-local', 'off')

> create_user.rebind(PASSWORD)

suites/password/regression_test.py:187:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:62: in rebind
self._instance.simple_bind_s(self.dn, password, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ae3a0828>
func = <built-in method result4 of LDAP object at 0x7f16ae367288>
args = (83, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
regression_test.py 183 INFO Configure Pwpolicy with PasswordCheckSyntax and nsslapd-pwpolicy-local set to off
Failed suites/plugins/acceptance_test.py::test_linkedattrs 13.29
topo = <lib389.topologies.TopologyMain object at 0x7f16acbbf9b0>, args = None

def test_linkedattrs(topo, args=None):
"""Test Linked Attributes basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d804
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Add a config entry for directReport
4. Add test entries
5. Add the linked attrs config entry
6. User1 - Set "directReport" to user2
7. See if manager was added to the other entry
8. User1 - Remove "directReport"
9. See if manager was removed
10. Change the config - using linkType "indirectReport" now
11. Make sure the old linkType(directManager) is not working
12. See if manager was added to the other entry, better not be...
13. Now, set the new linkType "indirectReport", which should add "manager" to the other entry
14. See if manager was added to the other entry, better not be
15. Remove "indirectReport" should remove "manager" to the other entry
16. See if manager was removed
17. Disable plugin and make some updates that would of triggered the plugin
18. The entry should not have a manager attribute
19. Enable the plugin and rerun the task entry
20. Add the task again
21. Check if user2 now has a manager attribute now
22. Check nsslapd-plugin-depends-on-named for the plugin
23. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
18. Success
19. Success
20. Success
21. Success
22. Success
23. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = LinkedAttributesPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_LINKED_ATTRS + '...')

############################################################################
# Configure plugin
############################################################################

# Add test entries
users = UserAccounts(inst, DEFAULT_SUFFIX)
user1 = users.create_test_user(uid=1001)
user1.add('objectclass', 'extensibleObject')
user2 = users.create_test_user(uid=1002)
user2.add('objectclass', 'extensibleObject')

# Add the linked attrs config entry
la_configs = LinkedAttributesConfigs(inst)
la_config = la_configs.create(properties={'cn': 'config',
'linkType': 'directReport',
'managedType': 'manager'})

############################################################################
# Test plugin
############################################################################
# Set "directReport" should add "manager" to the other entry
user1.replace('directReport', user2.dn)

# See if manager was added to the other entry
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert entries

# Remove "directReport" should remove "manager" to the other entry
user1.remove_all('directReport')

# See if manager was removed
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

############################################################################
# Change the config - using linkType "indirectReport" now
############################################################################
la_config.replace('linkType', 'indirectReport')

############################################################################
# Test plugin
############################################################################
# Make sure the old linkType(directManager) is not working
user1.replace('directReport', user2.dn)

# See if manager was added to the other entry, better not be...
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

# Now, set the new linkType "indirectReport", which should add "manager" to the other entry
user1.replace('indirectReport', user2.dn)

# See if manager was added to the other entry, better not be
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert entries

# Remove "indirectReport" should remove "manager" to the other entry
user1.remove_all('indirectReport')

# See if manager was removed
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

############################################################################
# Test Fixup Task
############################################################################
# Disable plugin and make some updates that would of triggered the plugin
plugin.disable()

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

user1.replace('indirectReport', user2.dn)

# The entry should not have a manager attribute
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

# Enable the plugin and rerun the task entry
plugin.enable()

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

# Add the task again
> task = plugin.fixup(DEFAULT_SUFFIX, 'objectclass=top')
E TypeError: fixup() takes 2 positional arguments but 3 were given

suites/plugins/acceptance_test.py:775: TypeError
Failed suites/plugins/acceptance_test.py::test_memberof 4.43
topo = <lib389.topologies.TopologyMain object at 0x7f16acbbf9b0>, args = None

def test_memberof(topo, args=None):
"""Test MemberOf basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d805
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Replace groupattr with 'member'
4. Add our test entries
5. Check if the user now has a "memberOf" attribute
6. Remove "member" should remove "memberOf" from the entry
7. Check that "memberOf" was removed
8. Replace 'memberofgroupattr': 'uniquemember'
9. Replace 'uniquemember': user1
10. Check if the user now has a "memberOf" attribute
11. Remove "uniquemember" should remove "memberOf" from the entry
12. Check that "memberOf" was removed
13. The shared config entry uses "member" - the above test uses "uniquemember"
14. Delete the test entries then read them to start with a clean slate
15. Check if the user now has a "memberOf" attribute
16. Check that "memberOf" was removed
17. Replace 'memberofgroupattr': 'uniquemember'
18. Check if the user now has a "memberOf" attribute
19. Remove "uniquemember" should remove "memberOf" from the entry
20. Check that "memberOf" was removed
21. Replace 'memberofgroupattr': 'member'
22. Remove shared config from plugin
23. Check if the user now has a "memberOf" attribute
24. Remove "uniquemember" should remove "memberOf" from the entry
25. Check that "memberOf" was removed
26. First change the plugin to use uniquemember
27. Add uniquemember, should not update user1
28. Check for "memberOf"
29. Enable memberof plugin
30. Run the task and validate that it worked
31. Check for "memberOf"
32. Check nsslapd-plugin-depends-on-named for the plugin
33. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
18. Success
19. Success
20. Success
21. Success
22. Success
23. Success
24. Success
25. Success
26. Success
27. Success
28. Success
29. Success
30. Success
31. Success
32. Success
33. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = MemberOfPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_MEMBER_OF + '...')

############################################################################
# Configure plugin
############################################################################
plugin.replace_groupattr('member')

############################################################################
# Test plugin
############################################################################
# Add our test entries
users = UserAccounts(inst, DEFAULT_SUFFIX)
> user1 = users.create_test_user(uid=1001)

suites/plugins/acceptance_test.py:902:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:864: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:840: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace17908>
func = <built-in method result4 of LDAP object at 0x7f16ae3bc940>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/plugins/acceptance_test.py::test_retrocl 4.33
topo = <lib389.topologies.TopologyMain object at 0x7f16acbbf9b0>, args = None

def test_retrocl(topo, args=None):
"""Test Retro Changelog basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d810
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Gather the current change count (it's not 1 once we start the stability tests)
4. Add a user
5. Check we logged this in the retro cl
6. Change the config - disable plugin
7. Delete the user
8. Check we didn't log this in the retro cl
9. Check nsslapd-plugin-depends-on-named for the plugin
10. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = RetroChangelogPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_RETRO_CHANGELOG + '...')

############################################################################
# Configure plugin
############################################################################

# Gather the current change count (it's not 1 once we start the stabilty tests)
entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
entry_count = len(entry)

############################################################################
# Test plugin
############################################################################

# Add a user
users = UserAccounts(inst, DEFAULT_SUFFIX)
> user1 = users.create_test_user(uid=1001)

suites/plugins/acceptance_test.py:1603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:864: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:840: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace17908>
func = <built-in method result4 of LDAP object at 0x7f16ace1ba80>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/plugins/acceptance_test.py::test_rootdn 4.08
topo = <lib389.topologies.TopologyMain object at 0x7f16acbbf9b0>, args = None

def test_rootdn(topo, args=None):
"""Test Root DNA Access control basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d811
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Add an user and aci to open up cn=config
4. Set an aci so we can modify the plugin after we deny the root dn
5. Set allowed IP to an unknown host - blocks root dn
6. Bind as Root DN
7. Bind as the user who can make updates to the config
8. Test that invalid plugin changes are rejected
9. Remove the restriction
10. Bind as Root DN
11. Check nsslapd-plugin-depends-on-named for the plugin
12. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = RootDNAccessControlPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_ROOTDN_ACCESS + '...')

############################################################################
# Configure plugin
############################################################################

# Add an user and aci to open up cn=config
users = UserAccounts(inst, DEFAULT_SUFFIX)
> user1 = users.create_test_user(uid=1001)

suites/plugins/acceptance_test.py:1712:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:864: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:840: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace17908>
func = <built-in method result4 of LDAP object at 0x7f16acb14850>
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/plugins/dna_test.py::test_dnatype_only_valid 0.10
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ae865860>

@pytest.mark.ds47937
def test_dnatype_only_valid(topology_st):
"""Test that DNA plugin only accepts valid attributes for "dnaType"

:id: 0878ecff-5fdc-47d7-8c8f-edf4556f9746
:setup: Standalone Instance
:steps:
1. Create a use entry
2. Create DNA shared config entry container
3. Create DNA shared config entry
4. Add DNA plugin config entry
5. Enable DNA plugin
6. Restart the instance
7. Replace dnaType with invalid value
:expectedresults:
1. Successful
2. Successful
3. Successful
4. Successful
5. Successful
6. Successful
7. Unwilling to perform exception should be raised
"""

inst = topology_st.standalone
plugin = DNAPlugin(inst)

log.info("Creating an entry...")
users = UserAccounts(inst, DEFAULT_SUFFIX)
users.create_test_user(uid=1)

log.info("Creating \"ou=ranges\"...")
ous = OrganizationalUnits(inst, DEFAULT_SUFFIX)
ou_ranges = ous.create(properties={'ou': 'ranges'})
ou_people = ous.get("People")

log.info("Creating DNA shared config entry...")
shared_configs = DNAPluginSharedConfigs(inst, ou_ranges.dn)
shared_configs.create(properties={'dnaHostName': str(inst.host),
'dnaPortNum': str(inst.port),
> 'dnaRemainingValues': '9501'})

suites/plugins/dna_test.py:63:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/plugins.py:1922: in create
return co.create(properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.plugins.DNAPluginSharedConfig object at 0x7f16ace99048>
properties = {'dnaHostName': 'server.example.com', 'dnaPortNum': '38901', 'dnaRemainingValues': '9501'}
basedn = 'ou=ranges,dc=example,dc=com', ensure = False

def create(self, properties=None, basedn=None, ensure=False):
"""The shared config DNA plugin entry has two RDN values
The function takes care about that special case
"""

for attr in self._must_attributes:
if properties.get(attr, None) is None:
> raise ldap.UNWILLING_TO_PERFORM('Attribute %s must not be None' % attr)
E ldap.UNWILLING_TO_PERFORM: Attribute dnaHostname must not be None

/usr/local/lib/python3.7/site-packages/lib389/plugins.py:1847: UNWILLING_TO_PERFORM
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_day_of_week 0.04
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_day_of_week(topology_st, rootdn_setup):
"""Test the days of week feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e1
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set the deny days
2. Bind as Root DN
3. Set the allow days
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_day_of_week...')

days = ('Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat')
day = int(time.strftime("%w", time.gmtime()))

if day == 6:
# Handle the roll over from Saturday into Sunday
deny_days = days[1] + ', ' + days[2]
allow_days = days[6] + ',' + days[0]
elif day > 3:
deny_days = days[0] + ', ' + days[1]
allow_days = days[day] + ',' + days[day - 1]
else:
deny_days = days[4] + ',' + days[5]
allow_days = days[day] + ',' + days[day + 1]

log.info('Today: ' + days[day])
log.info('Allowed days: ' + allow_days)
log.info('Deny days: ' + deny_days)

#
# Set the deny days
#
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-days-allowed',
ensure_bytes(deny_days))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: Failed to set the deny days: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False

if succeeded:
log.fatal('test_rootdn_access_day_of_week: Root DN was incorrectly able to bind')
assert False

#
# Set the allow days
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: : failed to bind as user1')
assert False

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-days-allowed',
ensure_bytes(allow_days))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: Failed to set the deny days: error {}'
.format(e))
assert False

try:
> topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

suites/plugins/rootdn_plugin_test.py:263:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=Directory Manager', 'password'), kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x55b1b74cac68, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x55b1b738cf58, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 267, code te..._rootdn_access_day_of_week', code_context=[' topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, who = 'cn=Directory Manager'
cred = 'password', serverctrls = None, clientctrls = None

def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None):
"""
simple_bind_s([who='' [,cred='']]) -> 4-tuple
"""
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (18,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 18, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (18, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 18, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f16ae3aa260>, 18, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16ae3aa260>
args = (18, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'})
exc_traceback = <traceback object at 0x7f16aebb1b88>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16ae3aa260>
args = (18, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_day_of_week(topology_st, rootdn_setup):
"""Test the days of week feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e1
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set the deny days
2. Bind as Root DN
3. Set the allow days
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_day_of_week...')

days = ('Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat')
day = int(time.strftime("%w", time.gmtime()))

if day == 6:
# Handle the roll over from Saturday into Sunday
deny_days = days[1] + ', ' + days[2]
allow_days = days[6] + ',' + days[0]
elif day > 3:
deny_days = days[0] + ', ' + days[1]
allow_days = days[day] + ',' + days[day - 1]
else:
deny_days = days[4] + ',' + days[5]
allow_days = days[day] + ',' + days[day + 1]

log.info('Today: ' + days[day])
log.info('Allowed days: ' + allow_days)
log.info('Deny days: ' + deny_days)

#
# Set the deny days
#
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-days-allowed',
ensure_bytes(deny_days))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: Failed to set the deny days: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False

if succeeded:
log.fatal('test_rootdn_access_day_of_week: Root DN was incorrectly able to bind')
assert False

#
# Set the allow days
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: : failed to bind as user1')
assert False

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-days-allowed',
ensure_bytes(allow_days))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: Failed to set the deny days: error {}'
.format(e))
assert False

try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: Root DN bind failed unexpectedly failed: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:267: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 201 INFO Running test_rootdn_access_day_of_week... rootdn_plugin_test.py 217 INFO Today: Wed rootdn_plugin_test.py 218 INFO Allowed days: Wed,Thu rootdn_plugin_test.py 219 INFO Deny days: Thu,Fri rootdn_plugin_test.py 266 CRITICAL test_rootdn_access_day_of_week: Root DN bind failed unexpectedly failed: error {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_denied_ip 3.69
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_denied_ip(topology_st, rootdn_setup):
"""Test denied IP feature - we can just test denying 127.0.0.1

:id: a0ef30e5-538b-46fa-9762-01a4435a15e2
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-ip to '127.0.0.1' and '::1'
2. Bind as Root DN
3. Change the denied IP so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_ip...')
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
'rootdn-deny-ip',
b'127.0.0.1'),
(ldap.MOD_ADD,
'rootdn-deny-ip',
b'::1')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: Failed to set rootDN plugin config: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
conn = ldap.initialize('ldap://{}:{}'.format(LOCALHOST_IP, topology_st.standalone.port))
topology_st.standalone.restart()
conn.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False
if succeeded:
log.fatal('test_rootdn_access_denied_ip: Root DN was incorrectly able to bind')
assert False

#
# Change the denied IP so root DN succeeds
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: failed to bind as user1')
assert False

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-deny-ip', b'255.255.255.255')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: Failed to set rootDN plugin config: error {}'
.format(e))
assert False

try:
> topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

suites/plugins/rootdn_plugin_test.py:352:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=Directory Manager', 'password'), kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x55b1b7335c98, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x55b1b673b888, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 356, code te...st_rootdn_access_denied_ip', code_context=[' topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, who = 'cn=Directory Manager'
cred = 'password', serverctrls = None, clientctrls = None

def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None):
"""
simple_bind_s([who='' [,cred='']]) -> 4-tuple
"""
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (4,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 4, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (4, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 4, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f16acca1d78>, 4, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16acca1d78>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'})
exc_traceback = <traceback object at 0x7f16acd148c8>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16acca1d78>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_denied_ip(topology_st, rootdn_setup):
"""Test denied IP feature - we can just test denying 127.0.0.1

:id: a0ef30e5-538b-46fa-9762-01a4435a15e2
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-ip to '127.0.0.1' and '::1'
2. Bind as Root DN
3. Change the denied IP so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_ip...')
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
'rootdn-deny-ip',
b'127.0.0.1'),
(ldap.MOD_ADD,
'rootdn-deny-ip',
b'::1')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: Failed to set rootDN plugin config: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
conn = ldap.initialize('ldap://{}:{}'.format(LOCALHOST_IP, topology_st.standalone.port))
topology_st.standalone.restart()
conn.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False
if succeeded:
log.fatal('test_rootdn_access_denied_ip: Root DN was incorrectly able to bind')
assert False

#
# Change the denied IP so root DN succeeds
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: failed to bind as user1')
assert False

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-deny-ip', b'255.255.255.255')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: Failed to set rootDN plugin config: error {}'
.format(e))
assert False

try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: Root DN bind failed unexpectedly failed: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:356: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 308 INFO Running test_rootdn_access_denied_ip... rootdn_plugin_test.py 355 CRITICAL test_rootdn_access_denied_ip: Root DN bind failed unexpectedly failed: error {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_denied_host 0.04
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_denied_host(topology_st, rootdn_setup):
"""Test denied Host feature - we can just test denying localhost

:id: a0ef30e5-538b-46fa-9762-01a4435a15e3
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-host to hostname (localhost if not accessable)
2. Bind as Root DN
3. Change the denied host so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_host...')
hostname = socket.gethostname()
localhost = DirSrvTools.getLocalhost()
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-deny-host',
ensure_bytes(hostname))])
if localhost != hostname:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-deny-host',
ensure_bytes(localhost))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: Failed to set deny host: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False

if succeeded:
log.fatal('test_rootdn_access_denied_host: Root DN was incorrectly able to bind')
assert False

#
# Change the denied host so root DN succeeds
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: : failed to bind as user1')
assert False

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-deny-host', b'i.dont.exist.com')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: Failed to set rootDN plugin config: error {}'
.format(e))
assert False

try:
> topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

suites/plugins/rootdn_plugin_test.py:443:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=Directory Manager', 'password'), kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x55b1b73d7398, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x55b1b75ccdb8, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 447, code te..._rootdn_access_denied_host', code_context=[' topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, who = 'cn=Directory Manager'
cred = 'password', serverctrls = None, clientctrls = None

def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None):
"""
simple_bind_s([who='' [,cred='']]) -> 4-tuple
"""
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (10,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 10, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (10, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 10, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f16acca1d78>, 10, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16acca1d78>
args = (10, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'})
exc_traceback = <traceback object at 0x7f16aef55348>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16acca1d78>
args = (10, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_denied_host(topology_st, rootdn_setup):
"""Test denied Host feature - we can just test denying localhost

:id: a0ef30e5-538b-46fa-9762-01a4435a15e3
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-host to hostname (localhost if not accessable)
2. Bind as Root DN
3. Change the denied host so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_host...')
hostname = socket.gethostname()
localhost = DirSrvTools.getLocalhost()
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-deny-host',
ensure_bytes(hostname))])
if localhost != hostname:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-deny-host',
ensure_bytes(localhost))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: Failed to set deny host: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False

if succeeded:
log.fatal('test_rootdn_access_denied_host: Root DN was incorrectly able to bind')
assert False

#
# Change the denied host so root DN succeeds
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: : failed to bind as user1')
assert False

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-deny-host', b'i.dont.exist.com')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: Failed to set rootDN plugin config: error {}'
.format(e))
assert False

try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: Root DN bind failed unexpectedly failed: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:447: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 397 INFO Running test_rootdn_access_denied_host... rootdn_plugin_test.py 446 CRITICAL test_rootdn_access_denied_host: Root DN bind failed unexpectedly failed: error {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_allowed_ip 3.85
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_allowed_ip(topology_st, rootdn_setup):
"""Test allowed ip feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e4
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed ip to 255.255.255.255 - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_ip...')

#
# Set allowed ip to 255.255.255.255 - blocks the Root DN
#
try:
conn = ldap.initialize('ldap://{}:{}'.format(LOCALHOST_IP, topology_st.standalone.port))
> topology_st.standalone.restart()

suites/plugins/rootdn_plugin_test.py:495:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, timeout = 120, post_open = True

def restart(self, timeout=120, post_open=True):
'''
It restarts an instance and rebind it. Its final state after rebind
(open) is DIRSRV_STATE_ONLINE.

@param self
@param timeout (in sec) to wait for successful stop

@return None

@raise ValueError
'''
self.stop(timeout)
time.sleep(1)
> self.start(timeout, post_open)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1266:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, timeout = 120, post_open = True

def start(self, timeout=120, post_open=True):
'''
It starts an instance and rebind it. Its final state after rebind
(open) is DIRSRV_STATE_ONLINE

@param self
@param timeout (in sec) to wait for successful start

@return None

@raise ValueError
'''

if self.status() is True:
return

if self.with_systemd() and not self.containerised:
# Do systemd things here ...
subprocess.check_call(["systemctl",
"start",
"dirsrv@%s" % self.serverid])
else:
# Start the process.
# Wait for it to terminate
# This means the server is probably ready to go ....
env = {}
if self.has_asan():
self.log.warning("WARNING: Starting instance with ASAN options. This is probably not what you want. Please contact support.")
self.log.info("INFO: ASAN options will be copied from your environment")
env['ASAN_SYMBOLIZER_PATH'] = "/usr/bin/llvm-symbolizer"
env['ASAN_OPTIONS'] = "symbolize=1 detect_deadlocks=1 log_path=%s/ns-slapd-%s.asan" % (self.ds_paths.run_dir, self.serverid)
env.update(os.environ)
output = None
try:
cmd = ["%s/ns-slapd" % self.get_sbin_dir(),
"-D",
self.ds_paths.config_dir,
"-i",
self.ds_paths.pid_file],
self.log.debug("DEBUG: starting with %s" % cmd)
output = subprocess.check_output(*cmd, env=env, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError:
self.log.error('Failed to start ns-slapd: "%s"' % output)
raise ValueError('Failed to start DS')
count = timeout
pid = pid_from_file(self.ds_paths.pid_file)
while (pid is None) and count > 0:
count -= 1
time.sleep(1)
pid = pid_from_file(self.ds_paths.pid_file)
if pid == 0 or pid is None:
raise ValueError('Failed to start DS')
# Wait
while not pid_exists(pid) and count > 0:
# It looks like DS changes the value in here at some point ...
# It's probably a DS bug, but if we "keep checking" the file, eventually
# we get the main server pid, and it's ready to go.
pid = pid_from_file(self.ds_paths.pid_file)
time.sleep(1)
count -= 1
if not pid_exists(pid):
raise ValueError("Failed to start DS")
if post_open:
> self.open()

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1176:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
uri = 'ldap://server.example.com:38901', saslmethod = None, sasltoken = None
certdir = '/etc/dirsrv/slapd-standalone1', starttls = False, connOnly = False
reqcert = 1, usercert = None, userkey = None

def open(self, uri=None, saslmethod=None, sasltoken=None, certdir=None, starttls=False, connOnly=False, reqcert=ldap.OPT_X_TLS_HARD,
usercert=None, userkey=None):
'''
It opens a ldap bound connection to dirsrv so that online
administrative tasks are possible. It binds with the binddn
property, then it initializes various fields from DirSrv
(via __initPart2)

The state changes -> DIRSRV_STATE_ONLINE

@param self
@param saslmethod - None, or GSSAPI
@param sasltoken - The ldap.sasl token type to bind with.
@param certdir - Certificate directory for TLS
@return None

@raise LDAPError
'''

# Force our state offline to prevent paths from trying to search
# cn=config while we startup.
self.state = DIRSRV_STATE_OFFLINE

if not uri:
uri = self.toLDAPURL()

self.log.debug('open(): Connecting to uri %s', uri)
if hasattr(ldap, 'PYLDAP_VERSION') and MAJOR >= 3:
super(DirSrv, self).__init__(uri, bytes_mode=False, trace_level=TRACE_LEVEL)
else:
super(DirSrv, self).__init__(uri, trace_level=TRACE_LEVEL)

if certdir is None and self.isLocal:
certdir = self.get_cert_dir()
self.log.debug("Using dirsrv ca certificate %s", certdir)

if certdir is not None:
"""
We have a certificate directory, so lets start up TLS negotiations
"""
# Note this sets LDAP.OPT not SELF. Because once self has opened
# it can NOT change opts AT ALL.
self.set_option(ldap.OPT_X_TLS_CACERTDIR, ensure_str(certdir))
self.log.debug("Using external ca certificate %s", certdir)

if userkey is not None:
# Note this sets LDAP.OPT not SELF. Because once self has opened
# it can NOT change opts AT ALL.
self.log.debug("Using user private key %s", userkey)
self.set_option(ldap.OPT_X_TLS_KEYFILE, ensure_str(userkey))

if usercert is not None:
self.log.debug("Using user certificate %s", usercert)
self.set_option(ldap.OPT_X_TLS_CERTFILE, ensure_str(usercert))

if certdir is not None:
self.log.debug("Using external ca certificate %s", certdir)
self.set_option(ldap.OPT_X_TLS_CACERTDIR, ensure_str(certdir))

if certdir or starttls:
try:
# Note this sets LDAP.OPT not SELF. Because once self has opened
# it can NOT change opts on reused (ie restart)
self.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, reqcert)
self.log.debug("Using certificate policy %s", reqcert)
self.log.debug("ldap.OPT_X_TLS_REQUIRE_CERT = %s", reqcert)
except ldap.LDAPError as e:
self.log.fatal('TLS negotiation failed: %s', e)
raise e

# Tell python ldap to make a new TLS context with this information.
self.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

if starttls and not uri.startswith('ldaps'):
self.start_tls_s(escapehatch='i am sure')

if saslmethod and sasltoken is not None:
# Just pass the sasltoken in!
self.sasl_interactive_bind_s("", sasltoken, escapehatch='i am sure')
elif saslmethod and saslmethod.lower() == 'gssapi':
"""
Perform kerberos/gssapi authentication
"""
sasl_auth = ldap.sasl.gssapi("")
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')

elif saslmethod == 'EXTERNAL':
# Do nothing.
sasl_auth = ldap.sasl.external()
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')
elif saslmethod:
# Unknown or unsupported method
self.log.debug('Unsupported SASL method: %s', saslmethod)
raise ldap.UNWILLING_TO_PERFORM

elif self.can_autobind():
# Connect via ldapi, and autobind.
# do nothing: the bind is complete.
self.log.debug("open(): Using root autobind ...")
sasl_auth = ldap.sasl.external()
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')

else:
"""
Do a simple bind
"""
try:
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
except ldap.SERVER_DOWN as e:
# TODO add server info in exception
self.log.debug("Cannot connect to %r", uri)
raise e
except ldap.LDAPError as e:
self.log.debug("Error: Failed to authenticate as %s: %s" % (self.binddn, e))
> raise e

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1084:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
uri = 'ldap://server.example.com:38901', saslmethod = None, sasltoken = None
certdir = '/etc/dirsrv/slapd-standalone1', starttls = False, connOnly = False
reqcert = 1, usercert = None, userkey = None

def open(self, uri=None, saslmethod=None, sasltoken=None, certdir=None, starttls=False, connOnly=False, reqcert=ldap.OPT_X_TLS_HARD,
usercert=None, userkey=None):
'''
It opens a ldap bound connection to dirsrv so that online
administrative tasks are possible. It binds with the binddn
property, then it initializes various fields from DirSrv
(via __initPart2)

The state changes -> DIRSRV_STATE_ONLINE

@param self
@param saslmethod - None, or GSSAPI
@param sasltoken - The ldap.sasl token type to bind with.
@param certdir - Certificate directory for TLS
@return None

@raise LDAPError
'''

# Force our state offline to prevent paths from trying to search
# cn=config while we startup.
self.state = DIRSRV_STATE_OFFLINE

if not uri:
uri = self.toLDAPURL()

self.log.debug('open(): Connecting to uri %s', uri)
if hasattr(ldap, 'PYLDAP_VERSION') and MAJOR >= 3:
super(DirSrv, self).__init__(uri, bytes_mode=False, trace_level=TRACE_LEVEL)
else:
super(DirSrv, self).__init__(uri, trace_level=TRACE_LEVEL)

if certdir is None and self.isLocal:
certdir = self.get_cert_dir()
self.log.debug("Using dirsrv ca certificate %s", certdir)

if certdir is not None:
"""
We have a certificate directory, so lets start up TLS negotiations
"""
# Note this sets LDAP.OPT not SELF. Because once self has opened
# it can NOT change opts AT ALL.
self.set_option(ldap.OPT_X_TLS_CACERTDIR, ensure_str(certdir))
self.log.debug("Using external ca certificate %s", certdir)

if userkey is not None:
# Note this sets LDAP.OPT not SELF. Because once self has opened
# it can NOT change opts AT ALL.
self.log.debug("Using user private key %s", userkey)
self.set_option(ldap.OPT_X_TLS_KEYFILE, ensure_str(userkey))

if usercert is not None:
self.log.debug("Using user certificate %s", usercert)
self.set_option(ldap.OPT_X_TLS_CERTFILE, ensure_str(usercert))

if certdir is not None:
self.log.debug("Using external ca certificate %s", certdir)
self.set_option(ldap.OPT_X_TLS_CACERTDIR, ensure_str(certdir))

if certdir or starttls:
try:
# Note this sets LDAP.OPT not SELF. Because once self has opened
# it can NOT change opts on reused (ie restart)
self.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, reqcert)
self.log.debug("Using certificate policy %s", reqcert)
self.log.debug("ldap.OPT_X_TLS_REQUIRE_CERT = %s", reqcert)
except ldap.LDAPError as e:
self.log.fatal('TLS negotiation failed: %s', e)
raise e

# Tell python ldap to make a new TLS context with this information.
self.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

if starttls and not uri.startswith('ldaps'):
self.start_tls_s(escapehatch='i am sure')

if saslmethod and sasltoken is not None:
# Just pass the sasltoken in!
self.sasl_interactive_bind_s("", sasltoken, escapehatch='i am sure')
elif saslmethod and saslmethod.lower() == 'gssapi':
"""
Perform kerberos/gssapi authentication
"""
sasl_auth = ldap.sasl.gssapi("")
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')

elif saslmethod == 'EXTERNAL':
# Do nothing.
sasl_auth = ldap.sasl.external()
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')
elif saslmethod:
# Unknown or unsupported method
self.log.debug('Unsupported SASL method: %s', saslmethod)
raise ldap.UNWILLING_TO_PERFORM

elif self.can_autobind():
# Connect via ldapi, and autobind.
# do nothing: the bind is complete.
self.log.debug("open(): Using root autobind ...")
sasl_auth = ldap.sasl.external()
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')

else:
"""
Do a simple bind
"""
try:
> self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1077:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=Directory Manager', 'password'), kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, who = 'cn=Directory Manager'
cred = 'password', serverctrls = None, clientctrls = None

def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None):
"""
simple_bind_s([who='' [,cred='']]) -> 4-tuple
"""
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (1,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 1, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (1, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 1, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f16ace6aa80>, 1, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16ace6aa80>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'})
exc_traceback = <traceback object at 0x7f16ae398408>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16ace6aa80>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_allowed_ip(topology_st, rootdn_setup):
"""Test allowed ip feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e4
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed ip to 255.255.255.255 - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_ip...')

#
# Set allowed ip to 255.255.255.255 - blocks the Root DN
#
try:
conn = ldap.initialize('ldap://{}:{}'.format(LOCALHOST_IP, topology_st.standalone.port))
topology_st.standalone.restart()
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-ip', b'255.255.255.255')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_ip: Failed to set allowed host: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:500: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 488 INFO Running test_rootdn_access_allowed_ip... rootdn_plugin_test.py 499 CRITICAL test_rootdn_access_allowed_ip: Failed to set allowed host: error {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_allowed_host 0.04
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_allowed_host(topology_st, rootdn_setup):
"""Test allowed host feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e5
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed host to an unknown host - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_host...')

#
# Set allowed host to an unknown host - blocks the Root DN
#
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-host', b'i.dont.exist.com')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: Failed to set allowed host: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False

if succeeded:
log.fatal('test_rootdn_access_allowed_host: Root DN was incorrectly able to bind')
assert False

#
# Allow localhost
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: : failed to bind as user1')
assert False

hostname = socket.gethostname()
localhost = DirSrvTools.getLocalhost()
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_DELETE,
'rootdn-allow-host',
None)])
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-allow-host',
ensure_bytes(localhost))])
if hostname != localhost:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-allow-host',
ensure_bytes(hostname))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: Failed to set allowed host: error {}'
.format(e))
assert False

try:
> topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

suites/plugins/rootdn_plugin_test.py:633:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=Directory Manager', 'password'), kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x55b1b75cf2c8, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x55b1b6522eb8, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 637, code te...rootdn_access_allowed_host', code_context=[' topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, who = 'cn=Directory Manager'
cred = 'password', serverctrls = None, clientctrls = None

def simple_bind_s(self,who=None,cred=None,serverctrls=None,clientctrls=None):
"""
simple_bind_s([who='' [,cred='']]) -> 4-tuple
"""
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (8,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 8, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (8, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>, msgid = 8, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f16ace6aa80>, 8, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16ace6aa80>
args = (8, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'})
exc_traceback = <traceback object at 0x7f16adfaa708>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ace2f320>
func = <built-in method result4 of LDAP object at 0x7f16ace6aa80>
args = (8, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ace5b7f0>
rootdn_setup = None

def test_rootdn_access_allowed_host(topology_st, rootdn_setup):
"""Test allowed host feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e5
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed host to an unknown host - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_host...')

#
# Set allowed host to an unknown host - blocks the Root DN
#
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-host', b'i.dont.exist.com')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: Failed to set allowed host: error {}'
.format(e))
assert False

#
# Bind as Root DN - should fail
#
try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
succeeded = True
except ldap.LDAPError as e:
succeeded = False

if succeeded:
log.fatal('test_rootdn_access_allowed_host: Root DN was incorrectly able to bind')
assert False

#
# Allow localhost
#
try:
topology_st.standalone.simple_bind_s(USER1_DN, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: : failed to bind as user1')
assert False

hostname = socket.gethostname()
localhost = DirSrvTools.getLocalhost()
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_DELETE,
'rootdn-allow-host',
None)])
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-allow-host',
ensure_bytes(localhost))])
if hostname != localhost:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-allow-host',
ensure_bytes(hostname))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: Failed to set allowed host: error {}'
.format(e))
assert False

try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: Root DN bind failed unexpectedly failed: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:637: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 580 INFO Running test_rootdn_access_allowed_host... rootdn_plugin_test.py 636 CRITICAL test_rootdn_access_allowed_host: Root DN bind failed unexpectedly failed: error {'desc': 'Server is unwilling to perform', 'info': 'RootDN access control violation'}
Failed suites/sasl/regression_test.py::test_openldap_no_nss_crypto 45.31
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ac6dd7f0>

def test_openldap_no_nss_crypto(topology_m2):
"""Check that we allow usage of OpenLDAP libraries
that don't use NSS for crypto

:id: 0a622f3d-8ba5-4df2-a1de-1fb2237da40a
:setup: Replication with two masters:
master_1 ----- startTLS -----> master_2;
master_1 <-- TLS_clientAuth -- master_2;
nsslapd-extract-pemfiles set to 'on' on both masters
without specifying cert names
:steps:
1. Add 5 users to master 1 and 2
2. Check that the users were successfully replicated
3. Relocate PEM files on master 1
4. Check PEM files in master 1 config directory
5. Add 5 users more to master 1 and 2
6. Check that the users were successfully replicated
7. Export userRoot on master 1
:expectedresults:
1. Users should be successfully added
2. Users should be successfully replicated
3. Operation should be successful
4. PEM files should be found
5. Users should be successfully added
6. Users should be successfully replicated
7. Operation should be successful
"""

log.info("Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto")

create_keys_certs(topology_m2)
> config_tls_agreements(topology_m2)

suites/sasl/regression_test.py:400:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/sasl/regression_test.py:316: in config_tls_agreements
rentry = m1.search_s(replmgr, ldap.SCOPE_BASE, 'objectclass=*')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:165: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ac86eda0>
func = <built-in method result4 of LDAP object at 0x7f16ac9b9c38>
args = (5, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_OBJECT
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists----------------------------- Captured stdout call -----------------------------
Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? pk12util: PKCS12 EXPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL ----------------------------- Captured stderr call -----------------------------
Generating key. This may take a few moments... ------------------------------ Captured log call -------------------------------
regression_test.py 397 INFO Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto regression_test.py 127 INFO ######################### Creating SSL Keys and Certs ###################### regression_test.py 130 INFO ##### Ensure that nsslapd-extract-pemfiles is 'off' on master1 regression_test.py 132 INFO ##### restart master1 regression_test.py 130 INFO ##### Ensure that nsslapd-extract-pemfiles is 'off' on master2 regression_test.py 132 INFO ##### restart master2 regression_test.py 140 INFO ##### shutdown master1 regression_test.py 143 INFO ##### Creating a password file regression_test.py 152 INFO ##### create the pin file regression_test.py 163 INFO ##### Creating a noise file regression_test.py 172 INFO ##### Create key3.db and cert8.db database (master1): ['certutil', '-N', '-d', '/etc/dirsrv/slapd-master1', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 176 INFO ##### Creating encryption key for CA (master1): ['certutil', '-G', '-d', '/etc/dirsrv/slapd-master1', '-z', '/etc/dirsrv/slapd-master1/noise.txt', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 182 INFO ##### Creating self-signed CA certificate (master1) -- nickname CAcertificate regression_test.py 190 INFO ##### Creating Server certificate -- nickname Server-Cert1: ['certutil', '-S', '-n', 'Server-Cert1', '-s', 'CN=server.example.com,OU=389 Directory Server', '-c', 'CAcertificate', '-t', ',,', '-m', '1001', '-v', '120', '-d', '/etc/dirsrv/slapd-master1', '-z', '/etc/dirsrv/slapd-master1/noise.txt', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 198 INFO ##### Creating Server certificate -- nickname Server-Cert2: ['certutil', '-S', '-n', 'Server-Cert2', '-s', 'CN=server.example.com,OU=390 Directory Server', '-c', 'CAcertificate', '-t', ',,', '-m', '1002', '-v', '120', '-d', '/etc/dirsrv/slapd-master1', '-z', '/etc/dirsrv/slapd-master1/noise.txt', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 203 INFO ##### start master1 regression_test.py 206 INFO ##### enable SSL in master1 with all ciphers regression_test.py 46 INFO ######################### Enabling SSL LDAPSPORT 41636 ###################### regression_test.py 210 INFO ##### Check the cert db: ['certutil', '-L', '-d', '/etc/dirsrv/slapd-master1'] regression_test.py 111 INFO OUT: regression_test.py 116 INFO regression_test.py 116 INFO Certificate Nickname Trust Attributes regression_test.py 116 INFO SSL,S/MIME,JAR/XPI regression_test.py 116 INFO regression_test.py 116 INFO CAcertificate CTu,u,u regression_test.py 116 INFO Server-Cert1 u,u,u regression_test.py 116 INFO Server-Cert2 u,u,u regression_test.py 117 INFO ERR: regression_test.py 213 INFO ##### restart master1 regression_test.py 216 INFO ##### Check PEM files of master1 (before setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert1, Server-Cert1-Key) not in /etc/dirsrv/slapd-master1 ###################### regression_test.py 80 INFO /etc/dirsrv/slapd-master1/CAcertificate.pem is correctly not generated. regression_test.py 93 INFO /etc/dirsrv/slapd-master1/Server-Cert1.pem is correctly not generated. regression_test.py 106 INFO /etc/dirsrv/slapd-master1/Server-Cert1-Key.pem is correctly not generated. regression_test.py 219 INFO ##### Set on to nsslapd-extract-pemfiles regression_test.py 222 INFO ##### restart master1 regression_test.py 225 INFO ##### Check PEM files of master1 (after setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert1, Server-Cert1-Key) in /etc/dirsrv/slapd-master1 ###################### regression_test.py 71 INFO /etc/dirsrv/slapd-master1/CAcertificate.pem is successfully generated. regression_test.py 84 INFO /etc/dirsrv/slapd-master1/Server-Cert1.pem is successfully generated. regression_test.py 97 INFO /etc/dirsrv/slapd-master1/Server-Cert1-Key.pem is successfully generated. regression_test.py 232 INFO ##### Extract PK12 file for master2: pk12util -o /tmp/Server-Cert2.pk12 -n "Server-Cert2" -d /etc/dirsrv/slapd-master1 -w /etc/dirsrv/slapd-master1/pwdfile.txt -k /etc/dirsrv/slapd-master1/pwdfile.txt regression_test.py 235 INFO ##### Check PK12 files regression_test.py 237 INFO /tmp/Server-Cert2.pk12 is successfully extracted. regression_test.py 242 INFO ##### stop master2 regression_test.py 245 INFO ##### Initialize Cert DB for master2 regression_test.py 247 INFO ##### Create key3.db and cert8.db database (master2): ['certutil', '-N', '-d', '/etc/dirsrv/slapd-master2', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 250 INFO ##### Import certs to master2 regression_test.py 251 INFO Importing CAcertificate regression_test.py 255 INFO ##### Importing Server-Cert2 to master2: pk12util -i /tmp/Server-Cert2.pk12 -n "Server-Cert2" -d /etc/dirsrv/slapd-master2 -w /etc/dirsrv/slapd-master1/pwdfile.txt -k /etc/dirsrv/slapd-master1/pwdfile.txt regression_test.py 257 INFO copy /etc/dirsrv/slapd-master1/pin.txt to /etc/dirsrv/slapd-master2/pin.txt regression_test.py 261 INFO ##### start master2 regression_test.py 264 INFO ##### enable SSL in master2 with all ciphers regression_test.py 46 INFO ######################### Enabling SSL LDAPSPORT 42636 ###################### regression_test.py 267 INFO ##### restart master2 regression_test.py 270 INFO ##### Check PEM files of master2 (before setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert2, Server-Cert2-Key) not in /etc/dirsrv/slapd-master2 ###################### regression_test.py 80 INFO /etc/dirsrv/slapd-master2/CAcertificate.pem is correctly not generated. regression_test.py 93 INFO /etc/dirsrv/slapd-master2/Server-Cert2.pem is correctly not generated. regression_test.py 106 INFO /etc/dirsrv/slapd-master2/Server-Cert2-Key.pem is correctly not generated. regression_test.py 273 INFO ##### Set on to nsslapd-extract-pemfiles regression_test.py 276 INFO ##### restart master2 regression_test.py 279 INFO ##### Check PEM files of master2 (after setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert2, Server-Cert2-Key) in /etc/dirsrv/slapd-master2 ###################### regression_test.py 71 INFO /etc/dirsrv/slapd-master2/CAcertificate.pem is successfully generated. regression_test.py 84 INFO /etc/dirsrv/slapd-master2/Server-Cert2.pem is successfully generated. regression_test.py 97 INFO /etc/dirsrv/slapd-master2/Server-Cert2-Key.pem is successfully generated. regression_test.py 282 INFO ##### restart master1 regression_test.py 285 INFO ######################### Creating SSL Keys and Certs Done ###################### regression_test.py 289 INFO ######################### Configure SSL/TLS agreements ###################### regression_test.py 290 INFO ######################## master1 -- startTLS -> master2 ##################### regression_test.py 291 INFO ##################### master1 <- tls_clientAuth -- master2 ################## regression_test.py 293 INFO ##### Update the agreement of master1 regression_test.py 299 INFO ##### Add the cert to the repl manager on master1 regression_test.py 313 INFO ##### master2 Server Cert in base64 format: MIICxzCCAa+gAwIBAgICA+owDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAxMGQ0FjZXJ0MB4XDTE5MDQxMDAwNDEwMFoXDTI5MDQxMDAwNDEwMFowPDEdMBsGA1UECxMUMzkwIERpcmVjdG9yeSBTZXJ2ZXIxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgwuMx11L1CvCAvPK2cFVc1W1lBxAcutofb9rJzNMvr9MakWAHqgg0yoQLSBYBkAlGdbX2X9YhOfhzWMimGFc8I02naaqpitCLYFKK24s/GvSgUcXb1WVrmTEhb6vg8OschvK9PyFBSadnV6A5Or4AHzGgnuhxI9gsRUfj5xY3cEDXuldoBm7UPGhmyV7hM0Le1eYm8otTxVwXC/GCCpun35cE91Kr7xjU/XMWRqAWNDOybku0JRDMYFVW6obimEwgbwriiKDqeLZHf6mXBYIgQhNLdev0ku3vb5/h9u8wwl4cUYeQGvyzKshwB6Bjz26v0oPYkEE6m3tTET/yMMjsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAEUgI/QL/WDq4z1jXc3tRY345oQ8OSA1V7/pKfLnPWtxMzgw3yRF4APH/N1doSqR6Bc41PAKMCew7MczkKgbXws5ou57bsZf5mZ2dOKhjyJpbzKwubwPKklSoi1Yi2qgjwOxJYt9AdK5xF90ubnrXPKa9gJ+XPIsWmv79fl4uLLjMtgPfaldKLPSEgPNPrlgt0Yi9Q8aTDYxF9GTR0OJSqN+OhyhXs9KpDdvqmWXpHaAs5W3bz/zxDmFtpvVOJ9VcqeeEJSOzWvNk7EdVywSxtRV69iN/plSykhMqwm1S4TDm1n5XOW+R6MxWAuyeakAv0DvyJV5DYlcopXuz7z3uZw==
Failed suites/setup_ds/remove_test.py::test_basic[True] 2.53
topology_st = <lib389.topologies.TopologyMain object at 0x7f16abb7aac8>
simple_allocate = True

@pytest.mark.parametrize("simple_allocate", (True, False))
def test_basic(topology_st, simple_allocate):
"""Check that all DS directories and systemd items were removed"""

inst = topology_st.standalone

# FreeIPA uses local_simple_allocate for the removal process
if simple_allocate:
inst = DirSrv(verbose=inst.verbose)
inst.local_simple_allocate(topology_st.standalone.serverid)

remove_ds_instance(inst)

paths = [inst.ds_paths.backup_dir,
inst.ds_paths.cert_dir,
inst.ds_paths.config_dir,
inst.ds_paths.db_dir,
inst.get_changelog_dir(),
inst.ds_paths.ldif_dir,
inst.ds_paths.lock_dir,
inst.ds_paths.log_dir,
"{}/sysconfig/dirsrv-{}".format(inst.ds_paths.sysconf_dir, inst.serverid)]
for path in paths:
> assert not os.path.exists(path)
E AssertionError: assert not True
E + where True = <function exists at 0x7f16b13d1510>('/etc/sysconfig/dirsrv-standalone1')
E + where <function exists at 0x7f16b13d1510> = <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'>.exists
E + where <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'> = os.path

suites/setup_ds/remove_test.py:56: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stderr call -----------------------------
Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@standalone1.service. ------------------------------ Captured log call -------------------------------
__init__.py 476 INFO Allocate local instance <class 'lib389.DirSrv'> with None
Failed suites/setup_ds/remove_test.py::test_basic[False] 2.57
topology_st = <lib389.topologies.TopologyMain object at 0x7f16abb8fc50>
simple_allocate = False

@pytest.mark.parametrize("simple_allocate", (True, False))
def test_basic(topology_st, simple_allocate):
"""Check that all DS directories and systemd items were removed"""

inst = topology_st.standalone

# FreeIPA uses local_simple_allocate for the removal process
if simple_allocate:
inst = DirSrv(verbose=inst.verbose)
inst.local_simple_allocate(topology_st.standalone.serverid)

remove_ds_instance(inst)

paths = [inst.ds_paths.backup_dir,
inst.ds_paths.cert_dir,
inst.ds_paths.config_dir,
inst.ds_paths.db_dir,
inst.get_changelog_dir(),
inst.ds_paths.ldif_dir,
inst.ds_paths.lock_dir,
inst.ds_paths.log_dir,
"{}/sysconfig/dirsrv-{}".format(inst.ds_paths.sysconf_dir, inst.serverid)]
for path in paths:
> assert not os.path.exists(path)
E AssertionError: assert not True
E + where True = <function exists at 0x7f16b13d1510>('/etc/sysconfig/dirsrv-standalone1')
E + where <function exists at 0x7f16b13d1510> = <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'>.exists
E + where <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'> = os.path

suites/setup_ds/remove_test.py:56: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed tickets/ticket47462_test.py::test_ticket47462 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ac6b3ef0>

def test_ticket47462(topology_m2):
"""
Test that AES properly replaces DES during an update/restart, and that
replication also works correctly.
"""

#
# First set config as if it's an older version. Set DES to use
# libdes-plugin, MMR to depend on DES, delete the existing AES plugin,
# and set a DES password for the replication agreement.
#
# Add an extra attribute to the DES plugin args
#
try:
topology_m2.ms["master1"].modify_s(DES_PLUGIN,
> [(ldap.MOD_REPLACE, 'nsslapd-pluginEnabled', 'on')])

tickets/ticket47462_test.py:47:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aba83ac8>
func = <built-in method modify_ext of LDAP object at 0x7f16abda7e68>
args = ('cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config', [(2, 'nsslapd-pluginEnabled', 'on')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', 'o')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists
Failed tickets/ticket47838_test.py::test_47838_init 5.59
topology_st = <lib389.topologies.TopologyMain object at 0x7f16aca51128>

def test_47838_init(topology_st):
"""
Generate self signed cert and import it to the DS cert db.
Enable SSL
"""
_header(topology_st, 'Testing Ticket 47838 - harden the list of ciphers available by default')
onss_version = os.popen("rpm -q nss | awk -F'-' '{print $2}'", "r")
global nss_version
nss_version = onss_version.readline()
nss_ssl = NssSsl(dbpath=topology_st.standalone.get_cert_dir())
nss_ssl.reinit()
nss_ssl.create_rsa_ca()
nss_ssl.create_rsa_key_and_cert()

log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'),
(ldap.MOD_REPLACE, 'nsTLS1', b'on'),
(ldap.MOD_REPLACE, 'nsSSLClientAuth', b'allowed'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on'),
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all')])

topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', b'on'),
(ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', b'off'),
(ldap.MOD_REPLACE, 'nsslapd-secureport', ensure_bytes(MY_SECURE_PORT))])

topology_st.standalone.add_s(Entry((RSA_DN, {'objectclass': "top nsEncryptionModule".split(),
'cn': RSA,
'nsSSLPersonalitySSL': SERVERCERT,
'nsSSLToken': 'internal (software)',
> 'nsSSLActivation': 'on'})))

tickets/ticket47838_test.py:85:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:430: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:195: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16abd333c8>
func = <built-in method result4 of LDAP object at 0x7f16abac3648>
args = (6, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket47838_test.py 48 INFO ############################################### ticket47838_test.py 49 INFO ####### ticket47838_test.py 50 INFO ####### Testing Ticket 47838 - harden the list of ciphers available by default ticket47838_test.py 51 INFO ####### ticket47838_test.py 52 INFO ############################################### ticket47838_test.py 69 INFO ######################### enable SSL in the directory server with all ciphers ######################
Failed tickets/ticket47838_test.py::test_47838_run_9 4.47
topology_st = <lib389.topologies.TopologyMain object at 0x7f16aca51128>

def test_47838_run_9(topology_st):
"""
Check no nsSSL3Ciphers
Default ciphers are enabled.
allowWeakCipher: on
nsslapd-errorlog-level: 0
"""
_header(topology_st,
'Test Case 10 - Check no nsSSL3Ciphers (default setting) with no errorlog-level & allowWeakCipher on')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', None),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on')])
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.47838_8' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(1)
topology_st.standalone.start(timeout=120)

enabled = os.popen('egrep "SSL info:" %s | egrep \": enabled\" | wc -l' % topology_st.standalone.errlog)
disabled = os.popen('egrep "SSL info:" %s | egrep \": disabled\" | wc -l' % topology_st.standalone.errlog)
ecount = int(enabled.readline().rstrip())
dcount = int(disabled.readline().rstrip())

log.info("Enabled ciphers: %d" % ecount)
log.info("Disabled ciphers: %d" % dcount)
if nss_version >= NSS330:
> assert ecount == 33
E assert 28 == 33
E -28
E +33

tickets/ticket47838_test.py:484: AssertionError
------------------------------ Captured log call -------------------------------
ticket47838_test.py 48 INFO ############################################### ticket47838_test.py 49 INFO ####### ticket47838_test.py 50 INFO ####### Test Case 10 - Check no nsSSL3Ciphers (default setting) with no errorlog-level & allowWeakCipher on ticket47838_test.py 51 INFO ####### ticket47838_test.py 52 INFO ############################################### ticket47838_test.py 469 INFO ######################### Restarting the server ###################### ticket47838_test.py 481 INFO Enabled ciphers: 28 ticket47838_test.py 482 INFO Disabled ciphers: 0
Failed tickets/ticket47950_test.py::test_ticket47950 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab271320>

def test_ticket47950(topology_st):
"""
Testing nsslapd-plugin-binddn-tracking does not cause issues around
access control and reconfiguring replication/repl agmt.
"""

log.info('Testing Ticket 47950 - Testing nsslapd-plugin-binddn-tracking')

#
# Turn on bind dn tracking
#
try:
> topology_st.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'nsslapd-plugin-binddn-tracking', 'on')])

tickets/ticket47950_test.py:39:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab2605f8>
func = <built-in method modify_ext of LDAP object at 0x7f16ab54b850>
args = ('cn=config', [(2, 'nsslapd-plugin-binddn-tracking', 'on')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', 'o')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed tickets/ticket47966_test.py::test_ticket47966 0.01
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ac9d7588>

def test_ticket47966(topology_m2):
'''
Testing bulk import when the backend with VLV was recreated.
If the test passes without the server crash, 47966 is verified.
'''
log.info('Testing Ticket 47966 - [VLV] slapd crashes during Dogtag clone reinstallation')
M1 = topology_m2.ms["master1"]
M2 = topology_m2.ms["master2"]
m1_m2_agmt = M1.agreement.list(suffix=DEFAULT_SUFFIX)[0].dn

log.info('0. Create a VLV index on Master 2.')
# get the backend entry
be = M2.replica.conn.backend.list(suffix=DEFAULT_SUFFIX)
if not be:
log.fatal("ticket47966: enable to retrieve the backend for %s" % DEFAULT_SUFFIX)
raise ValueError("no backend for suffix %s" % DEFAULT_SUFFIX)
bent = be[0]
beName = bent.getValue('cn')
beDn = "cn=%s,cn=ldbm database,cn=plugins,cn=config" % beName

# generate vlvSearch entry
vlvSrchDn = "cn=vlvSrch,%s" % beDn
log.info('0-1. vlvSearch dn: %s' % vlvSrchDn)
vlvSrchEntry = Entry(vlvSrchDn)
vlvSrchEntry.setValues('objectclass', 'top', 'vlvSearch')
vlvSrchEntry.setValues('cn', 'vlvSrch')
vlvSrchEntry.setValues('vlvBase', DEFAULT_SUFFIX)
vlvSrchEntry.setValues('vlvFilter', '(|(objectclass=*)(objectclass=ldapsubentry))')
vlvSrchEntry.setValues('vlvScope', '2')
> M2.add_s(vlvSrchEntry)

tickets/ticket47966_test.py:50:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:430: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:195: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab970fd0>
func = <built-in method result4 of LDAP object at 0x7f16ab827530>
args = (25, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_OBJECT
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket47966_test.py 26 INFO Testing Ticket 47966 - [VLV] slapd crashes during Dogtag clone reinstallation ticket47966_test.py 31 INFO 0. Create a VLV index on Master 2. backend.py 76 INFO List backend with suffix=dc=example,dc=com ticket47966_test.py 43 INFO 0-1. vlvSearch dn: cn=vlvSrch,cn=b'userRoot',cn=ldbm database,cn=plugins,cn=config
Failed tickets/ticket47973_test.py::test_ticket47973_case 5.05
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab626f28>

def test_ticket47973_case(topology_st):
log.info('Testing Ticket 47973 (case) - Test the cases in the original schema are preserved.')

log.info('case 1 - Test the cases in the original schema are preserved.')

tsfile = topology_st.standalone.schemadir + '/98test.ldif'
tsfd = open(tsfile, "w")
Mozattr0 = "MoZiLLaaTTRiBuTe"
testschema = "dn: cn=schema\nattributetypes: ( 8.9.10.11.12.13.14 NAME '" + Mozattr0 + "' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Dummy Schema' )\nobjectclasses: ( 1.2.3.4.5.6.7 NAME 'MozillaObject' SUP top MUST ( objectclass $ cn ) MAY ( " + Mozattr0 + " ) X-ORIGIN 'user defined' )"
tsfd.write(testschema)
tsfd.close()

try:
# run the schema reload task with the default schemadir
topology_st.standalone.tasks.schemaReload(schemadir=topology_st.standalone.schemadir,
args={TASK_WAIT: False})
except ValueError:
log.error('Schema Reload task failed.')
assert False

time.sleep(5)

try:
schemaentry = topology_st.standalone.search_s("cn=schema", ldap.SCOPE_BASE,
'objectclass=top',
["objectclasses"])
oclist = schemaentry[0].data.get("objectclasses")
except ldap.LDAPError as e:
log.error('Failed to get schema entry: error (%s)' % e.args[0]['desc'])
raise e

found = 0
for oc in oclist:
log.info('OC: %s' % oc)
moz = re.findall(Mozattr0, oc.decode('utf-8'))
if moz:
found = 1
log.info('case 1: %s is in the objectclasses list -- PASS' % Mozattr0)

if found == 0:
log.error('case 1: %s is not in the objectclasses list -- FAILURE' % Mozattr0)
> assert False
E assert False

tickets/ticket47973_test.py:154: AssertionError
------------------------------ Captured log call -------------------------------
tasks.py 1107 INFO Schema Reload task (task-04092019_210014) completed successfully ticket47973_test.py 153 ERROR case 1: MoZiLLaaTTRiBuTe is not in the objectclasses list -- FAILURE
Failed tickets/ticket47988_test.py::test_ticket47988_init 4.36
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ab24b160>

def test_ticket47988_init(topology_m2):
"""
It adds
- Objectclass with MAY 'member'
- an entry ('bind_entry') with which we bind to test the 'SELFDN' operation
It deletes the anonymous aci

"""

_header(topology_m2, 'test_ticket47988_init')

# enable acl error logging
mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', ensure_bytes(str(8192)))] # REPL
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

mod = [(ldap.MOD_REPLACE, 'nsslapd-accesslog-level', ensure_bytes(str(260)))] # Internal op
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

# add dummy entries
for cpt in range(MAX_OTHERS):
name = "%s%d" % (OTHER_NAME, cpt)
topology_m2.ms["master1"].add_s(Entry(("cn=%s,%s" % (name, SUFFIX), {
'objectclass': "top person".split(),
'sn': name,
'cn': name})))

# check that entry 0 is replicated before
loop = 0
entryDN = "cn=%s0,%s" % (OTHER_NAME, SUFFIX)
while loop <= 10:
try:
ent = topology_m2.ms["master2"].getEntry(entryDN, ldap.SCOPE_BASE, "(objectclass=*)", ['telephonenumber'])
break
except ldap.NO_SUCH_OBJECT:
time.sleep(1)
loop += 1
assert (loop <= 10)

topology_m2.ms["master1"].stop(timeout=10)
topology_m2.ms["master2"].stop(timeout=10)

# install the specific schema M1: ipa3.3, M2: ipa4.1
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa3.3.tar.gz")
_install_schema(topology_m2.ms["master1"], schema_file)
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa4.1.tar.gz")
_install_schema(topology_m2.ms["master2"], schema_file)

> topology_m2.ms["master1"].start(timeout=10)

/export/tests/tickets/ticket47988_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1133: in start
"dirsrv@%s" % self.serverid])
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

popenargs = (['systemctl', 'start', 'dirsrv@master1'],), kwargs = {}
retcode = 1, cmd = ['systemctl', 'start', 'dirsrv@master1']

def check_call(*popenargs, **kwargs):
"""Run command with arguments. Wait for command to complete. If
the exit code was zero then return, otherwise raise
CalledProcessError. The CalledProcessError object will have the
return code in the returncode attribute.

The arguments are the same as for the call function. Example:

check_call(["ls", "-l"])
"""
retcode = call(*popenargs, **kwargs)
if retcode:
cmd = kwargs.get("args")
if cmd is None:
cmd = popenargs[0]
> raise CalledProcessError(retcode, cmd)
E subprocess.CalledProcessError: Command '['systemctl', 'start', 'dirsrv@master1']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:347: CalledProcessError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists----------------------------- Captured stderr call -----------------------------
Job for dirsrv@master1.service failed because the control process exited with error code. See "systemctl status dirsrv@master1.service" and "journalctl -xe" for details. ------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_init ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ################################################### ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/02common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-admin.ldif ticket47988_test.py 96 INFO replace /etc/dirsrv/slapd-master1/schema/99user.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60nss-ldap.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60autofs.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-web.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60samba.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10dna-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/05rfc4523.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60basev2.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10automember-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/05rfc2927.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10mep-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60ipadns.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10rfc2307.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-mail.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/05rfc4524.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60trust.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60ipaconfig.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-directory.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60eduperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60mozilla.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/65ipasudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60rfc3712.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60rfc2739.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-value.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60acctpolicy.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/01core389.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60sabayon.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60pam-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/00core.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/25java-object.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60sudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/70ipaotp.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60pureftpd.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/61kerberos-ipav3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60kerberos.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60basev3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/06inetorgperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/30ns-common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/28pilot.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/20subscriber.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-certificate.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60posix-winsync-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/02common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-admin.ldif ticket47988_test.py 96 INFO replace /etc/dirsrv/slapd-master2/schema/99user.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60nss-ldap.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60autofs.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-web.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60samba.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10dna-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/05rfc4523.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60basev2.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10automember-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/05rfc2927.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10mep-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60ipadns.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10rfc2307.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-mail.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/05rfc4524.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60trust.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60ipaconfig.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-directory.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60eduperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60mozilla.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/65ipasudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60rfc3712.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60rfc2739.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-value.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60acctpolicy.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/01core389.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60sabayon.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60pam-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/00core.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/25java-object.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60sudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/70ipaotp.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60pureftpd.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/61kerberos-ipav3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60kerberos.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60basev3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/06inetorgperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/30ns-common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/28pilot.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/20subscriber.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-certificate.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60posix-winsync-plugin.ldif
Failed tickets/ticket47988_test.py::test_ticket47988_1 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ab24b160>

def test_ticket47988_1(topology_m2):
'''
Check that replication is working and pause replication M2->M1
'''
_header(topology_m2, 'test_ticket47988_1')

topology_m2.ms["master1"].log.debug("\n\nCheck that replication is working and pause replication M2->M1\n")
> _do_update_entry(supplier=topology_m2.ms["master2"], consumer=topology_m2.ms["master1"], attempts=5)

/export/tests/tickets/ticket47988_test.py:232:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:182: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab148e80>
func = <built-in method result4 of LDAP object at 0x7f16ab6bbda0>
args = (27, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_1 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_2 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ab24b160>

def test_ticket47988_2(topology_m2):
'''
Update M1 schema and trigger update M1->M2
So M1 should learn new/extended definitions that are in M2 schema
'''
_header(topology_m2, 'test_ticket47988_2')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:244:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:568: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:165: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab11cc88>
func = <built-in method result4 of LDAP object at 0x7f16ab6bba08>
args = (63, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_2 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_3 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ab24b160>

def test_ticket47988_3(topology_m2):
'''
Resume replication M2->M1 and check replication is still working
'''
_header(topology_m2, 'test_ticket47988_3')

> _resume_M2_to_M1(topology_m2)

/export/tests/tickets/ticket47988_test.py:281:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:220: in _resume_M2_to_M1
ents = topology_m2.ms["master2"].agreement.list(suffix=SUFFIX)
/usr/local/lib/python3.7/site-packages/lib389/agreement.py:852: in list
replica_entries = self.conn.replica.list(suffix)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:168: in list
ents = self.conn.search_s(base, ldap.SCOPE_SUBTREE, filtr)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab148e80>
func = <built-in method search_ext of LDAP object at 0x7f16ab6bbda0>
args = ('cn=mapping tree,cn=config', 2, '(&(objectclass=nsds5Replica)(nsDS5ReplicaRoot=dc=example,dc=com))', None, 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_3 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ################################################### ticket47988_test.py 219 INFO ######################### resume RA M2->M1 ######################
Failed tickets/ticket47988_test.py::test_ticket47988_4 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ab24b160>

def test_ticket47988_4(topology_m2):
'''
Check schemaCSN is identical on both server
And save the nsschemaCSN to later check they do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_4')

> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:293:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:568: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab11cc88>
func = <built-in method search_ext of LDAP object at 0x7f16ab6bba08>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_4 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_5 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ab24b160>

def test_ticket47988_5(topology_m2):
'''
Check schemaCSN do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_5')

> _do_update_entry(supplier=topology_m2.ms["master1"], consumer=topology_m2.ms["master2"], attempts=5)

/export/tests/tickets/ticket47988_test.py:311:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:182: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab11cc88>
func = <built-in method modify_ext of LDAP object at 0x7f16ab6bba08>
args = ('cn=other_entry0,dc=example,dc=com', [(2, 'telephonenumber', b'178')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_5 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_6 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16ab24b160>

def test_ticket47988_6(topology_m2):
'''
Update M1 schema and trigger update M2->M1
So M2 should learn new/extended definitions that are in M1 schema
'''

_header(topology_m2, 'test_ticket47988_6')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:334:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:568: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab11cc88>
func = <built-in method search_ext of LDAP object at 0x7f16ab6bba08>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_6 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket48005_test.py::test_ticket48005_usn 4.40
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab8d5588>

def test_ticket48005_usn(topology_st):
'''
Enable entryusn
Delete all user entries.
Run USN tombstone cleanup task
Shutdown the server
Check if a core file was generated or not
If no core was found, this test case was successful.
'''
log.info("Ticket 48005 usn test...")
topology_st.standalone.plugins.enable(name=PLUGIN_USN)

topology_st.standalone.restart(timeout=10)

try:
> entries = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, "(objectclass=inetorgperson)")

/export/tests/tickets/ticket48005_test.py:281:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:165: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16ab8b2748>
func = <built-in method result4 of LDAP object at 0x7f16aad88d00>
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_OBJECT
------------------------------ Captured log call -------------------------------
ticket48005_test.py 275 INFO Ticket 48005 usn test...
Failed tickets/ticket48194_test.py::test_init 4.18
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>

def test_init(topology_st):
"""
Generate self signed cert and import it to the DS cert db.
Enable SSL
"""
_header(topology_st, 'Testing Ticket 48194 - harden the list of ciphers available by default')

nss_ssl = NssSsl(dbpath=topology_st.standalone.get_cert_dir())
nss_ssl.reinit()
nss_ssl.create_rsa_ca()
nss_ssl.create_rsa_key_and_cert()

log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'),
(ldap.MOD_REPLACE, 'nsTLS1', b'on'),
(ldap.MOD_REPLACE, 'nsSSLClientAuth', b'allowed'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on'),
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all')])

topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', b'on'),
(ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', b'off'),
(ldap.MOD_REPLACE, 'nsslapd-secureport', ensure_bytes(LDAPSPORT))])

topology_st.standalone.add_s(Entry((RSA_DN, {'objectclass': "top nsEncryptionModule".split(),
'cn': RSA,
'nsSSLPersonalitySSL': SERVERCERT,
'nsSSLToken': 'internal (software)',
> 'nsSSLActivation': 'on'})))

/export/tests/tickets/ticket48194_test.py:72:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:430: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:195: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aaa422e8>
func = <built-in method result4 of LDAP object at 0x7f16aae415a8>
args = (6, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Testing Ticket 48194 - harden the list of ciphers available by default ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 56 INFO ######################### enable SSL in the directory server with all ciphers ######################
Failed tickets/ticket48194_test.py::test_run_1 5.64
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>

def test_run_1(topology_st):
"""
Check nsSSL3Ciphers: +all
All ciphers are enabled except null.
Note: default allowWeakCipher (i.e., off) for +all
"""
_header(topology_st, 'Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])
# Make sure allowWeakCipher is not set.
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'allowWeakCipher', None)])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_0' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:156:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 149 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_2 5.57
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>

def test_run_2(topology_st):
"""
Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+rsa_aes_128_sha,+rsa_aes_256_sha')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_1' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)
connectWithOpenssl(topology_st, 'AES256-SHA256', False)
> connectWithOpenssl(topology_st, 'AES128-SHA', True)

/export/tests/tickets/ticket48194_test.py:182:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>
cipher = 'AES128-SHA', expect = True

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:106: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 173 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, (NONE), Cipher is (NONE)\n' ticket48194_test.py 84 INFO Testing AES256-SHA256 -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES256-SHA256 ticket48194_test.py 103 INFO Found: b'New, (NONE), Cipher is (NONE)\n' ticket48194_test.py 84 INFO Testing AES128-SHA -- expect to handshake successfully ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES128-SHA ticket48194_test.py 103 INFO Found: b'New, (NONE), Cipher is (NONE)\n'
Failed tickets/ticket48194_test.py::test_run_4 5.67
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>

def test_run_4(topology_st):
"""
Check no nsSSL3Ciphers
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', b'-all')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_3' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:226:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 219 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_5 5.86
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>

def test_run_5(topology_st):
"""
Check nsSSL3Ciphers: default
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_4' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:248:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 241 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_6 5.68
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>

def test_run_6(topology_st):
"""
Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256
All ciphers are disabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_5' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:272:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 265 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_8 5.49
topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>

def test_run_8(topology_st):
"""
Check nsSSL3Ciphers: default + allowWeakCipher: off
Strong Default ciphers are enabled.
"""
_header(topology_st, 'Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off)')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'off')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_7' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:295:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f16ab786780>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off) ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 288 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48226_test.py::test_ticket48226_set_purgedelay 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16aad8f208>

def test_ticket48226_set_purgedelay(topology_m2):
args = {REPLICA_PURGE_DELAY: '5',
REPLICA_PURGE_INTERVAL: '5'}
try:
> topology_m2.ms["master1"].replica.setProperties(DEFAULT_SUFFIX, None, None, args)

/export/tests/tickets/ticket48226_test.py:25:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicaLegacy object at 0x7f16aaed5e80>
suffix = 'dc=example,dc=com', replica_dn = None, replica_entry = None
properties = {'ReplicaPurgeDelay': '5', 'ReplicaTombstonePurgeInterval': '5'}

def setProperties(self, suffix=None, replica_dn=None, replica_entry=None,
properties=None):
'''
Set the properties of the replica. If an 'replica_entry' (Entry) is
provided, it updates the entry, else it updates the entry on the
server. If the 'replica_dn' is provided it retrieves the entry
using it, else it retrieve the replica using the 'suffix'.

@param suffix : suffix stored in that replica (online update)
@param replica_dn: DN of the replica (online update)
@param replica_entry: Entry of a replica (offline update)
@param properties: dictionary of properties
Supported properties are:
REPLICA_SUFFIX
REPLICA_ID
REPLICA_TYPE
REPLICA_BINDDN
REPLICA_PURGE_DELAY
REPLICA_PRECISE_PURGING
REPLICA_REFERRAL
REPLICA_FLAGS

@return None

@raise ValueError: if unknown properties
ValueError: if invalid replica_entry
ValueError: if replica_dn or suffix are not associated to
a replica

'''

# No properties provided
if len(properties) == 0:
return

# check that the given properties are valid
for prop in properties:
# skip the prefix to add/del value
if not inProperties(prop, REPLICA_PROPNAME_TO_ATTRNAME):
raise ValueError("unknown property: %s" % prop)
else:
self.log.debug("setProperties: %s:%s",
prop, properties[prop])

# At least we need to have suffix/replica_dn/replica_entry
if not suffix and not replica_dn and not replica_entry:
raise InvalidArgumentError("suffix and replica_dn and replica_" +
"entry are missing")

# the caller provides a set of properties to set into a replica entry
if replica_entry:
if not isinstance(replica_entry, Entry):
raise ValueError("invalid instance of the replica_entry")

# that is fine, now set the values
for prop in properties:
val = rawProperty(prop)

# for Entry update it is a replace
replica_entry.update({REPLICA_PROPNAME_TO_ATTRNAME[val]:
properties[prop]})

return

# If it provides the suffix or the replicaDN, replica.list will
# return the appropriate entry
ents = self.conn.replica.list(suffix=suffix, replica_dn=replica_dn)
if len(ents) != 1:
if replica_dn:
raise ValueError("invalid replica DN: %s" % replica_dn)
else:
raise ValueError("invalid suffix: %s" % suffix)

# build the MODS
mods = []
for prop in properties:
# take the operation type from the property name
val = rawProperty(prop)
if str(prop).startswith('+'):
op = ldap.MOD_ADD
elif str(prop).startswith('-'):
op = ldap.MOD_DELETE
else:
op = ldap.MOD_REPLACE

mods.append((op, REPLICA_PROPNAME_TO_ATTRNAME[val],
properties[prop]))

# that is fine now to apply the MOD
> self.conn.modify_s(ents[0].dn, mods)

/usr/local/lib/python3.7/site-packages/lib389/replica.py:260:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x55b1b76a58a8, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,..., code_context=[' firstresult=hook.spec.opts.get("firstresult") if hook.spec else False,\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x55b1b767e848, file '/usr/local/lib/python3.7/site-packages/lib389/replica.py', line 260, c...ca.py', lineno=260, function='setProperties', code_context=[' self.conn.modify_s(ents[0].dn, mods)\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aabedef0>
dn = 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config'
modlist = [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aabedef0>
dn = 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config'
modlist = [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')]
serverctrls = None, clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
> msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aabedef0>
dn = 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config'
modlist = [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')]
serverctrls = None, clientctrls = None

def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None):
"""
modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
"""
if PY2:
dn = self._bytesify_input('dn', dn)
modlist = self._bytesify_modlist('modlist', modlist, with_opcode=True)
> return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method modify_ext of LDAP object at 0x7f16aaf07058>, 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aabedef0>
func = <built-in method modify_ext of LDAP object at 0x7f16aaf07058>
args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '5')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError

During handling of the above exception, another exception occurred:

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16aad8f208>

def test_ticket48226_set_purgedelay(topology_m2):
args = {REPLICA_PURGE_DELAY: '5',
REPLICA_PURGE_INTERVAL: '5'}
try:
topology_m2.ms["master1"].replica.setProperties(DEFAULT_SUFFIX, None, None, args)
except:
log.fatal('Failed to configure replica')
> assert False
E assert False

/export/tests/tickets/ticket48226_test.py:28: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket48226_test.py 27 CRITICAL Failed to configure replica
Failed tickets/ticket48226_test.py::test_ticket48226_1 0.01
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16aad8f208>

def test_ticket48226_1(topology_m2):
name = 'test_entry'
dn = "cn=%s,%s" % (name, SUFFIX)

topology_m2.ms["master1"].add_s(Entry((dn, {'objectclass': "top person".split(),
'sn': name,
'cn': name})))

# First do an update that is replicated
mods = [(ldap.MOD_ADD, 'description', '5')]
> topology_m2.ms["master1"].modify_s(dn, mods)

/export/tests/tickets/ticket48226_test.py:50:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aabedef0>
func = <built-in method modify_ext of LDAP object at 0x7f16aaf07058>
args = ('cn=test_entry,dc=example,dc=com', [(0, 'description', '5')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '5')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
Failed tickets/ticket48637_test.py::test_ticket48637 4.41
topology_st = <lib389.topologies.TopologyMain object at 0x7f16aadea320>

def test_ticket48637(topology_st):
"""Test for entry cache corruption

This requires automember and managed entry plugins to be configured.

Then remove the group that automember would use to trigger a failure when
adding a new entry. Automember fails, and then managed entry also fails.

Make sure a base search on the entry returns error 32
"""

if DEBUGGING:
# Add debugging steps(if any)...
pass

#
# Add our setup entries
#
try:
topology_st.standalone.add_s(Entry((PEOPLE_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'people'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add people ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((GROUP_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'groups'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add groups ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_OU, {
'objectclass': 'top extensibleObject'.split(),
'ou': 'mep'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_TEMPLATE, {
'objectclass': 'top mepTemplateEntry'.split(),
'cn': 'mep template',
'mepRDNAttr': 'cn',
'mepStaticAttr': 'objectclass: groupofuniquenames',
'mepMappedAttr': 'cn: $uid'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

#
# Configure automember
#
try:
topology_st.standalone.add_s(Entry((AUTO_DN, {
'cn': 'All Users',
'objectclass': ['top', 'autoMemberDefinition'],
'autoMemberScope': 'dc=example,dc=com',
'autoMemberFilter': 'objectclass=person',
'autoMemberDefaultGroup': GROUP_DN,
'autoMemberGroupingAttr': 'uniquemember:dn'})))
except ldap.LDAPError as e:
log.fatal('Failed to configure automember plugin : ' + str(e))
assert False

#
# Configure managed entry plugin
#
try:
topology_st.standalone.add_s(Entry((MEP_DN, {
'cn': 'MEP Definition',
'objectclass': ['top', 'extensibleObject'],
'originScope': 'ou=people,dc=example,dc=com',
'originFilter': 'objectclass=person',
'managedBase': 'ou=groups,dc=example,dc=com',
'managedTemplate': MEP_TEMPLATE})))
except ldap.LDAPError as e:
log.fatal('Failed to configure managed entry plugin : ' + str(e))
assert False

#
# Restart DS
#
topology_st.standalone.restart(timeout=30)

#
# Add entry that should fail since the automember group does not exist
#
try:
topology_st.standalone.add_s(Entry((USER_DN, {
'uid': 'test',
'objectclass': ['top', 'person', 'extensibleObject'],
'sn': 'test',
'cn': 'test'})))
except ldap.LDAPError as e:
pass

#
# Search for the entry - it should not be returned
#
try:
entry = topology_st.standalone.search_s(USER_DN, ldap.SCOPE_SUBTREE,
'objectclass=*')
if entry:
log.fatal('Entry was incorrectly returned')
> assert False
E assert False

/export/tests/tickets/ticket48637_test.py:137: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket48637_test.py 136 CRITICAL Entry was incorrectly returned
Failed tickets/ticket48755_test.py::test_ticket48755 0.00
Fixture "add_ou_entry" called directly. Fixtures are not meant to be called directly,
but are created automatically when test functions request them as parameters.
See https://docs.pytest.org/en/latest/fixture.html for more information about fixtures, and
https://docs.pytest.org/en/latest/deprecations.html#calling-fixtures-directly about how to update your code.
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket48755_test.py 82 INFO Ticket 48755 - moving an entry could make the online init fail ticket48755_test.py 87 INFO Generating DIT_0
Failed tickets/ticket48784_test.py::test_ticket48784 20.73
Fixture "add_entry" called directly. Fixtures are not meant to be called directly,
but are created automatically when test functions request them as parameters.
See https://docs.pytest.org/en/latest/fixture.html for more information about fixtures, and
https://docs.pytest.org/en/latest/deprecations.html#calling-fixtures-directly about how to update your code.
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket48784_test.py 88 INFO Ticket 48784 - Allow usage of OpenLDAP libraries that don't use NSS for crypto ticket48784_test.py 48 INFO ######################### Configure SSL/TLS agreements ###################### ticket48784_test.py 49 INFO ######################## master1 <-- startTLS -> master2 ##################### ticket48784_test.py 51 INFO ##### Update the agreement of master1 ticket48784_test.py 56 INFO ##### Update the agreement of master2 ticket48784_test.py 66 INFO ######################### Configure SSL/TLS agreements Done ######################
Failed tickets/ticket48798_test.py::test_ticket48798 7.18
topology_st = <lib389.topologies.TopologyMain object at 0x7f16aaf43048>

def test_ticket48798(topology_st):
"""
Test DH param sizes offered by DS.

"""
topology_st.standalone.enable_tls()

# Confirm that we have a connection, and that it has DH

# Open a socket to the port.
# Check the security settings.
> size = check_socket_dh_param_size(topology_st.standalone.host, topology_st.standalone.sslport)

/export/tests/tickets/ticket48798_test.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket48798_test.py:21: in check_socket_dh_param_size
output = check_output(cmd, shell=True)
/usr/lib64/python3.7/subprocess.py:395: in check_output
**kwargs).stdout
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = ('echo quit | openssl s_client -connect server.example.com:63601 -msg -cipher DH | grep -A 1 ServerKeyExchange',)
kwargs = {'shell': True, 'stdout': -1}
process = <subprocess.Popen object at 0x7f16aaa671d0>, stdout = b''
stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if 'stdin' in kwargs:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if ('stdout' in kwargs) or ('stderr' in kwargs):
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired:
process.kill()
stdout, stderr = process.communicate()
raise TimeoutExpired(process.args, timeout, output=stdout,
stderr=stderr)
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
raise CalledProcessError(retcode, process.args,
> output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command 'echo quit | openssl s_client -connect server.example.com:63601 -msg -cipher DH | grep -A 1 ServerKeyExchange' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:487: CalledProcessError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stderr call -----------------------------
depth=1 C = AU, ST = Queensland, L = 389ds, O = testing, CN = ssca.389ds.example.com verify error:num=19:self signed certificate in certificate chain verify return:1 depth=1 C = AU, ST = Queensland, L = 389ds, O = testing, CN = ssca.389ds.example.com verify return:1 depth=0 C = AU, ST = Queensland, L = 389ds, O = testing, GN = abb8906e-c9c0-4792-ae39-bd9cf5233a60, CN = server.example.com verify return:1 DONE
Failed tickets/ticket48961_test.py::test_ticket48961_storagescheme 0.01
topology_st = <lib389.topologies.TopologyMain object at 0x7f16aad19a90>

def test_ticket48961_storagescheme(topology_st):
"""
Test deleting of the storage scheme.
"""

default = topology_st.standalone.config.get_attr_val('passwordStorageScheme')
# Change it
topology_st.standalone.config.set('passwordStorageScheme', 'CLEAR')
# Now delete it
> topology_st.standalone.config.remove('passwordStorageScheme', None)

/export/tests/tickets/ticket48961_test.py:27:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:296: in remove
self.set(key, value, action=ldap.MOD_DELETE)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:378: in set
serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aaf0d0f0>
func = <built-in method result4 of LDAP object at 0x7f16aaf14c88>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.OPERATIONS_ERROR: {'desc': 'Operations error', 'info': 'passwordStorageScheme: deleting the value is not allowed.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: OPERATIONS_ERROR
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed tickets/ticket48961_test.py::test_ticket48961_deleteall 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f16aad19a90>

def test_ticket48961_deleteall(topology_st):
"""
Test that we can delete all valid attrs, and that a few are rejected.
"""
attr_to_test = {
'nsslapd-listenhost': 'localhost',
'nsslapd-securelistenhost': 'localhost',
'nsslapd-allowed-sasl-mechanisms': 'GSSAPI',
'nsslapd-svrtab': 'Some bogus data', # This one could reset?
}
attr_to_fail = {
# These are the values that should always be dn dse.ldif too
'nsslapd-localuser': 'dirsrv',
'nsslapd-defaultnamingcontext': 'dc=example,dc=com', # Can't delete
'nsslapd-accesslog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/access',
'nsslapd-auditlog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/audit',
'nsslapd-errorlog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/errors',
'nsslapd-tmpdir': '/tmp',
'nsslapd-rundir': '/opt/dirsrv/var/run/dirsrv',
'nsslapd-bakdir': '/opt/dirsrv/var/lib/dirsrv/slapd-standalone/bak',
'nsslapd-certdir': '/opt/dirsrv/etc/dirsrv/slapd-standalone',
'nsslapd-instancedir': '/opt/dirsrv/lib/dirsrv/slapd-standalone',
'nsslapd-ldifdir': '/opt/dirsrv/var/lib/dirsrv/slapd-standalone/ldif',
'nsslapd-lockdir': '/opt/dirsrv/var/lock/dirsrv/slapd-standalone',
'nsslapd-schemadir': '/opt/dirsrv/etc/dirsrv/slapd-standalone/schema',
'nsslapd-workingdir': '/opt/dirsrv/var/log/dirsrv/slapd-standalone',
'nsslapd-localhost': 'localhost.localdomain',
# These can't be reset, but might be in dse.ldif. Probably in libglobs.
'nsslapd-certmap-basedn': 'cn=certmap,cn=config',
'nsslapd-port': '38931', # Can't delete
'nsslapd-secureport': '636', # Can't delete
'nsslapd-conntablesize': '1048576',
'nsslapd-rootpw': '{SSHA512}...',
# These are hardcoded server magic.
'nsslapd-hash-filters': 'off', # Can't delete
'nsslapd-requiresrestart': 'cn=config:nsslapd-port', # Can't change
'nsslapd-plugin': 'cn=case ignore string syntax,cn=plugins,cn=config', # Can't change
'nsslapd-privatenamespaces': 'cn=schema', # Can't change
'nsslapd-allowed-to-delete-attrs': 'None', # Can't delete
'nsslapd-accesslog-list': 'List!', # Can't delete
'nsslapd-auditfaillog-list': 'List!',
'nsslapd-auditlog-list': 'List!',
'nsslapd-errorlog-list': 'List!',
'nsslapd-config': 'cn=config',
'nsslapd-versionstring': '389-Directory/1.3.6.0',
'objectclass': '',
'cn': '',
# These are the odd values
'nsslapd-backendconfig': 'cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config', # Doesn't exist?
'nsslapd-betype': 'ldbm database', # Doesn't exist?
'nsslapd-connection-buffer': 1, # Has an ldap problem
'nsslapd-malloc-mmap-threshold': '-10', # Defunct anyway
'nsslapd-malloc-mxfast': '-10',
'nsslapd-malloc-trim-threshold': '-10',
'nsslapd-referralmode': '',
'nsslapd-saslpath': '',
'passwordadmindn': '',
}

> config_entry = topology_st.standalone.config.raw_entry()
E TypeError: 'NoneType' object is not callable

/export/tests/tickets/ticket48961_test.py:100: TypeError
Failed tickets/ticket49071_test.py::test_ticket49071 7.04
topo = <lib389.topologies.TopologyMain object at 0x7f16aacc0a90>

def test_ticket49071(topo):
"""Verify- Import ldif with duplicate DNs, should not log error "unable to flush"

:id: dce2b898-119d-42b8-a236-1130f58bff17
:feature: It is to verify bug:1406101, ticket:49071
:setup: Standalone instance, ldif file with duplicate entries
:steps: 1. Create a ldif file with duplicate entries
2. Import ldif file to DS
3. Check error log file, it should not log "unable to flush"
4. Check error log file, it should log "Duplicated DN detected"
:expectedresults: Error log should not contain "unable to flush" error
"""

log.info('ticket 49071: Create import file')
l = """dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example

dn: ou=myDups00001,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: myDups00001

dn: ou=myDups00001,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: myDups00001
"""

ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(ldif_dir, 'data.ldif')
with open(ldif_file, "w") as fd:
fd.write(l)
fd.close()

log.info('ticket 49071: Import ldif having duplicate entry')
try:
topo.standalone.tasks.importLDIF(suffix=DEFAULT_SUFFIX,
input_file=ldif_file,
args={TASK_WAIT: True})
except ValueError:
log.fatal('ticket 49104: Online import failed')
raise

log.info('ticket 49071: Error log should not have - unable to flush')
assert not topo.standalone.ds_error_log.match('.*unable to flush.*')

log.info('ticket 49071: Error log should have - Duplicated DN detected')
> assert topo.standalone.ds_error_log.match('.*Duplicated DN detected.*')
E AssertionError: assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f16aac9f198>>('.*Duplicated DN detected.*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f16aac9f198>> = <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f16aac9f198>.match
E + where <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f16aac9f198> = <lib389.DirSrv object at 0x7f16aac8d710>.ds_error_log
E + where <lib389.DirSrv object at 0x7f16aac8d710> = <lib389.topologies.TopologyMain object at 0x7f16aacc0a90>.standalone

/export/tests/tickets/ticket49071_test.py:64: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket49071_test.py 28 INFO ticket 49071: Create import file ticket49071_test.py 51 INFO ticket 49071: Import ldif having duplicate entry tasks.py 434 ERROR Error: import task import_04092019_212607 for file /var/lib/dirsrv/slapd-standalone1/ldif/data.ldif exited with -23 ticket49071_test.py 60 INFO ticket 49071: Error log should not have - unable to flush ticket49071_test.py 63 INFO ticket 49071: Error log should have - Duplicated DN detected
Failed tickets/ticket49073_test.py::test_ticket49073 8.27
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16aa7fb630>

def test_ticket49073(topology_m2):
"""Write your replication test here.

To access each DirSrv instance use: topology_m2.ms["master1"], topology_m2.ms["master2"],
..., topology_m2.hub1, ..., topology_m2.consumer1,...

Also, if you need any testcase initialization,
please, write additional fixture for that(include finalizer).
"""
topology_m2.ms["master1"].plugins.enable(name=PLUGIN_MEMBER_OF)
topology_m2.ms["master1"].restart(timeout=10)
topology_m2.ms["master2"].plugins.enable(name=PLUGIN_MEMBER_OF)
topology_m2.ms["master2"].restart(timeout=10)

# Configure fractional to prevent total init to send memberof
ents = topology_m2.ms["master1"].agreement.list(suffix=SUFFIX)
assert len(ents) == 1
log.info('update %s to add nsDS5ReplicatedAttributeListTotal' % ents[0].dn)
topology_m2.ms["master1"].modify_s(ents[0].dn,
[(ldap.MOD_REPLACE,
'nsDS5ReplicatedAttributeListTotal',
'(objectclass=*) $ EXCLUDE '),
(ldap.MOD_REPLACE,
'nsDS5ReplicatedAttributeList',
> '(objectclass=*) $ EXCLUDE memberOf')])

/export/tests/tickets/ticket49073_test.py:102:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f16aac454e0>
func = <built-in method modify_ext of LDAP object at 0x7f16aac42e40>
args = ('cn=002,cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsDS5ReplicatedAttributeListTotal', '(objectclass=*) $ EXCLUDE '), (2, 'nsDS5ReplicatedAttributeList', '(objectclass=*) $ EXCLUDE memberOf')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '(')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket49073_test.py 95 INFO update cn=002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config to add nsDS5ReplicatedAttributeListTotal
Failed tickets/ticket49192_test.py::test_ticket49192 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f16aa8c7588>

def test_ticket49192(topo):
"""Trigger deadlock when removing suffix
"""

#
# Create a second suffix/backend
#
log.info('Creating second backend...')
topo.standalone.backends.create(None, properties={
BACKEND_NAME: "Second_Backend",
> 'suffix': "o=hang.com",
})

/export/tests/tickets/ticket49192_test.py:35:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1090: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f16aa7d1358>, dn = None
properties = {'name': 'Second_Backend', 'suffix': 'o=hang.com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket49192_test.py 32 INFO Creating second backend...
Failed tickets/ticket49303_test.py::test_ticket49303 10.96
topo = <lib389.topologies.TopologyMain object at 0x7f16aab2c7f0>

def test_ticket49303(topo):
"""
Test the nsTLSAllowClientRenegotiation setting.
"""
sslport = SECUREPORT_STANDALONE1

log.info("Ticket 49303 - Allow disabling of SSL renegotiation")

# No value set, defaults to reneg allowed
enable_ssl(topo.standalone, sslport)
> assert try_reneg(HOST_STANDALONE1, sslport) is True
E AssertionError: assert False is True
E + where False = try_reneg('localhost', 63601)

/export/tests/tickets/ticket49303_test.py:86: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket49303_test.py 82 INFO Ticket 49303 - Allow disabling of SSL renegotiation
Failed tickets/ticket49463_test.py::test_ticket_49463 165.35
topo = <lib389.topologies.TopologyMain object at 0x7f16aac3e358>

def test_ticket_49463(topo):
"""Specify a test case purpose or name here

:id: d1aa2e8b-e6ab-4fc6-9c63-c6f622544f2d
:setup: Fill in set up configuration here
:steps:
1. Enable fractional replication
2. Enable replication logging
3. Check that replication is working fine
4. Generate skipped updates to create keep alive entries
5. Remove M3 from the topology
6. issue cleanAllRuv FORCE that will run on M1 then propagated M2 and M4
7. Check that Number DEL keep alive '3' is <= 1
8. Check M1 is the originator of cleanAllRuv and M2/M4 the propagated ones
9. Check replication M1,M2 and M4 can recover
10. Remove M4 from the topology
11. Issue cleanAllRuv not force while M2 is stopped (that hangs the cleanAllRuv)
12. Check that nsds5ReplicaCleanRUV is correctly encoded on M1 (last value: 1)
13. Check that nsds5ReplicaCleanRUV encoding survives M1 restart
14. Check that nsds5ReplicaCleanRUV encoding is valid on M2 (last value: 0)
15. Check that (for M4 cleanAllRUV) M1 is Originator and M2 propagation
:expectedresults:
1. No report of failure when the RUV is updated
"""

# Step 1 - Configure fractional (skip telephonenumber) replication
M1 = topo.ms["master1"]
M2 = topo.ms["master2"]
M3 = topo.ms["master3"]
M4 = topo.ms["master4"]
repl = ReplicationManager(DEFAULT_SUFFIX)
fractional_server_to_replica(M1, M2)
fractional_server_to_replica(M1, M3)
fractional_server_to_replica(M1, M4)

fractional_server_to_replica(M2, M1)
fractional_server_to_replica(M2, M3)
fractional_server_to_replica(M2, M4)

fractional_server_to_replica(M3, M1)
fractional_server_to_replica(M3, M2)
fractional_server_to_replica(M3, M4)

fractional_server_to_replica(M4, M1)
fractional_server_to_replica(M4, M2)
fractional_server_to_replica(M4, M3)

# Step 2 - enable internal op logging and replication debug
for i in (M1, M2, M3, M4):
i.config.loglevel(vals=[256 + 4], service='access')
i.config.loglevel(vals=[LOG_REPLICA, LOG_DEFAULT], service='error')

# Step 3 - Check that replication is working fine
add_user(M1, 11, desc="add to M1")
add_user(M2, 21, desc="add to M2")
add_user(M3, 31, desc="add to M3")
add_user(M4, 41, desc="add to M4")

for i in (M1, M2, M3, M4):
for j in (M1, M2, M3, M4):
if i == j:
continue
repl.wait_for_replication(i, j)

# Step 4 - Generate skipped updates to create keep alive entries
for i in (M1, M2, M3, M4):
cn = '%s_%d' % (USER_CN, 11)
dn = 'uid=%s,ou=People,%s' % (cn, SUFFIX)
users = UserAccount(i, dn)
for j in range(110):
users.set('telephoneNumber', str(j))

# Step 5 - Remove M3 from the topology
M3.stop()
M1.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
M2.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
M4.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)

# Step 6 - Then issue cleanAllRuv FORCE that will run on M1, M2 and M4
M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='3',
force=True, args={TASK_WAIT: True})

# Step 7 - Count the number of received DEL of the keep alive 3
for i in (M1, M2, M4):
i.restart()
regex = re.compile(".*DEL dn=.cn=repl keep alive 3.*")
for i in (M1, M2, M4):
count = count_pattern_accesslog(M1, regex)
log.debug("count on %s = %d" % (i, count))

# check that DEL is replicated once (If DEL is kept in the fix)
# check that DEL is is not replicated (If DEL is finally no long done in the fix)
assert ((count == 1) or (count == 0))

# Step 8 - Check that M1 is Originator of cleanAllRuv and M2, M4 propagation
regex = re.compile(".*Original task deletes Keep alive entry .3.*")
assert pattern_errorlog(M1, regex)

regex = re.compile(".*Propagated task does not delete Keep alive entry .3.*")
assert pattern_errorlog(M2, regex)
assert pattern_errorlog(M4, regex)

# Step 9 - Check replication M1,M2 and M4 can recover
add_user(M1, 12, desc="add to M1")
add_user(M2, 22, desc="add to M2")
for i in (M1, M2, M4):
for j in (M1, M2, M4):
if i == j:
continue
repl.wait_for_replication(i, j)

# Step 10 - Remove M4 from the topology
M4.stop()
M1.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)
M2.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)

# Step 11 - Issue cleanAllRuv not force while M2 is stopped (that hangs the cleanAllRuv)
M2.stop()
M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='4',
force=False, args={TASK_WAIT: False})

# Step 12
# CleanAllRuv is hanging waiting for M2 to restart
# Check that nsds5ReplicaCleanRUV is correctly encoded on M1
replicas = Replicas(M1)
replica = replicas.list()[0]
time.sleep(0.5)
replica.present('nsds5ReplicaCleanRUV')
log.info("M1: nsds5ReplicaCleanRUV=%s" % replica.get_attr_val_utf8('nsds5replicacleanruv'))
regex = re.compile("^4:.*:no:1$")
> assert regex.match(replica.get_attr_val_utf8('nsds5replicacleanruv'))
E AssertionError: assert None
E + where None = <built-in method match of re.Pattern object at 0x7f16aba5edb0>('4:no:1:dc=example,dc=com')
E + where <built-in method match of re.Pattern object at 0x7f16aba5edb0> = re.compile('^4:.*:no:1$').match
E + and '4:no:1:dc=example,dc=com' = <bound method DSLdapObject.get_attr_val_utf8 of <lib389.replica.Replica object at 0x7f16aae22b00>>('nsds5replicacleanruv')
E + where <bound method DSLdapObject.get_attr_val_utf8 of <lib389.replica.Replica object at 0x7f16aae22b00>> = <lib389.replica.Replica object at 0x7f16aae22b00>.get_attr_val_utf8

/export/tests/tickets/ticket49463_test.py:187: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39003, 'ldap-secureport': 63703, 'server-id': 'master3', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39004, 'ldap-secureport': 63704, 'server-id': 'master4', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 153 INFO Joining master master3 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39003 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39003 topologies.py 153 INFO Joining master master4 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39004 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39004 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39004 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master1 to master3 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 already exists topologies.py 161 INFO Ensuring master master1 to master4 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39004 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master2 to master3 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39003 is was created topologies.py 161 INFO Ensuring master master2 to master4 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39004 is was created topologies.py 161 INFO Ensuring master master3 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master3 to master2 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39002 is was created topologies.py 161 INFO Ensuring master master3 to master4 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39004 is was created topologies.py 161 INFO Ensuring master master4 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master4 to master2 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39002 is was created topologies.py 161 INFO Ensuring master master4 to master3 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39003 is was created------------------------------ Captured log call -------------------------------
replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39004 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39003 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39004 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39002 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39004 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39001 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39002 already exists replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39003 already exists replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39003 is working agreement.py 1042 INFO Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed agreement.py 1042 INFO Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed agreement.py 1042 INFO Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed tasks.py 1338 INFO cleanAllRUV task (task-04092019_214200) completed successfully replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39001 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39002 is working agreement.py 1042 INFO Agreement (cn=004,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed agreement.py 1042 INFO Agreement (cn=004,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed tasks.py 1338 INFO cleanAllRUV task (task-04092019_214243) completed successfully ticket49463_test.py 185 INFO M1: nsds5ReplicaCleanRUV=4:no:1:dc=example,dc=com
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_targattrfilters_18] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f16aed150b8>
real_value = '(target = ldap:///cn=Jeff Vedder,ou=Product Development,dc=example,dc=com)(targetattr=*)(version 3.0; acl "Name of th...3123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_targattrfilters_20] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f16aed150b8>
real_value = '(target = ldap:///cn=Jeff Vedder,ou=Product Development,dc=example,dc=com)(targetattr=*)(version 3.0; acl "Name of the ACI"; deny(write)userdns="ldap:///anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_bind_rule_set_with_more_than_three] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f16aed150b8>
real_value = '(target = ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "Name of the ACI"; deny absolute (all)userdn="ldap:////////anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_Use_double_equal_instead_of_equal_in_the_targetattr] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f16aed150b8>
real_value = '(target = ldap:///dc=example,dc=com)(targetattr==*)(version 3.0; acl "Name of the ACI"; deny absolute (all)userdn="ldap:///anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_Use_double_equal_instead_of_equal_in_the_targetfilter] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f16aed150b8>
real_value = '(target = ldap:///dc=example,dc=com)(targetfilter==*)(version 3.0; acl "Name of the ACI"; deny absolute (all)userdn="ldap:///anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_memberof_groups 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7f16aca09dd8>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16aca0e4a8>
base_m2 = <lib389.idm.nscontainer.nsContainer object at 0x7f16aca09a90>

def test_memberof_groups(self, topology_m2, base_m2):
"""Check that conflict properly resolved for operations
with memberOf and groups

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb3
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Enable memberOf plugin
2. Add 30 users to m1 and wait for replication to happen
3. Pause replication
4. Create a group on m1 and m2
5. Create a group on m1 and m2, delete from m1
6. Create a group on m1, delete from m1, and create on m2,
7. Create a group on m2 and m1, delete from m1
8. Create two different groups on m2
9. Resume replication
10. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
9. It should pass
10. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:399: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_managed_entries 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7f16aca6a0f0>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16aca0e4a8>

def test_managed_entries(self, topology_m2):
"""Check that conflict properly resolved for operations
with managed entries

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb4
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Create ou=managed_users and ou=managed_groups under test container
2. Configure managed entries plugin and add a template to test container
3. Add a user to m1 and wait for replication to happen
4. Pause replication
5. Create a user on m1 and m2 with a same group ID on both master
6. Create a user on m1 and m2 with a different group ID on both master
7. Resume replication
8. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:490: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_nested_entries_with_children 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7f16ac84ccc0>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f16aca0e4a8>
base_m2 = <lib389.idm.nscontainer.nsContainer object at 0x7f16ac84cb38>

def test_nested_entries_with_children(self, topology_m2, base_m2):
"""Check that conflict properly resolved for operations
with nested entries with children

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb5
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Add 15 containers to m1 and wait for replication to happen
2. Pause replication
3. Create parent-child on master2 and master1
4. Create parent-child on master1 and master2
5. Create parent-child on master1 and master2 different child rdn
6. Create parent-child on master1 and delete parent on master2
7. Create parent on master1, delete it and parent-child on master2, delete them
8. Create parent on master1, delete it and parent-two children on master2
9. Create parent-two children on master1 and parent-child on master2, delete them
10. Create three subsets inside existing container entry, applying only part of changes on m2
11. Create more combinations of the subset with parent-child on m1 and parent on m2
12. Delete container on m1, modify user1 on m1, create parent on m2 and modify user2 on m2
13. Resume replication
14. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
9. It should pass
10. It should pass
11. It should pass
12. It should pass
13. It should pass
14. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:581: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestThreeMasters::test_nested_entries 0.00
self = <tests.suites.replication.conflict_resolve_test.TestThreeMasters object at 0x7f16ac6a5710>
topology_m3 = <lib389.topologies.TopologyMain object at 0x7f16ac6a0630>
base_m3 = <lib389.idm.nscontainer.nsContainer object at 0x7f16ac8833c8>

def test_nested_entries(self, topology_m3, base_m3):
"""Check that conflict properly resolved for operations
with nested entries with children

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb6
:setup: Three master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Add 15 containers to m1 and wait for replication to happen
2. Pause replication
3. Create two child entries under each of two entries
4. Create three child entries under each of three entries
5. Create two parents on m1 and m2, then on m1 - create a child and delete one parent,
on m2 - delete one parent and create a child
6. Test a few more parent-child combinations with three instances
7. Resume replication
8. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:794: XFailed
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39003, 'ldap-secureport': 63703, 'server-id': 'master3', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 153 INFO Joining master master3 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39003 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39003 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master1 to master3 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master2 to master3 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39003 is was created topologies.py 161 INFO Ensuring master master3 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master3 to master2 ... replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39002 is was created
XFailed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaPort-0-65535-9999999999999999999999999999999999999999999999999999999999999999999-invalid-389] 0.03
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaPort', too_small = '0', too_big = '65535'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '389'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_add(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf94
:setup: standalone instance
:steps:
1. Use a value that is too small
2. Use a value that is too big
3. Use a value that overflows the int
4. Use a value with character value (not a number)
5. Use a valid value
:expectedresults:
1. Add is rejected
2. Add is rejected
3. Add is rejected
4. Add is rejected
5. Add is allowed
"""

agmt_reset(topo)
replica = replica_setup(topo)

agmts = Agreements(topo.standalone, basedn=replica.dn)

# Test too small
perform_invalid_create(agmts, agmt_dict, attr, too_small)
# Test too big
> perform_invalid_create(agmts, agmt_dict, attr, too_big)

suites/replication/replica_config_test.py:210:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

many = <lib389.agreement.Agreements object at 0x7f16acc0b5c0>
properties = {'cn': 'test_agreement', 'nsDS5ReplicaBindDN': 'uid=tester', 'nsDS5ReplicaBindMethod': 'SIMPLE', 'nsDS5ReplicaHost': 'localhost.localdomain', ...}
attr = 'nsds5ReplicaPort', value = '65535'

def perform_invalid_create(many, properties, attr, value):
my_properties = copy.deepcopy(properties)
my_properties[attr] = value
with pytest.raises(ldap.LDAPError):
> many.create(properties=my_properties)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:106: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaPort-0-65535-9999999999999999999999999999999999999999999999999999999999999999999-invalid-389] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaPort', too_small = '0', too_big = '65535'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '389'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
> perform_invalid_modify(agmt, attr, too_small)

suites/replication/replica_config_test.py:245:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f16ac84c518>
attr = 'nsds5ReplicaPort', value = '0'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaTimeout', too_small = '-1', too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f16aca63ef0>
attr = 'nsds5ReplicaTimeout', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaBusyWaitTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaBusyWaitTime', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f16ac91ac50>
attr = 'nsds5ReplicaBusyWaitTime', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaSessionPauseTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaSessionPauseTime', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f16acce7cc0>
attr = 'nsds5ReplicaSessionPauseTime', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaFlowControlWindow--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaFlowControlWindow', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f16ac8bf128>
attr = 'nsds5ReplicaFlowControlWindow', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaFlowControlPause--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaFlowControlPause', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f16ac8dc320>
attr = 'nsds5ReplicaFlowControlPause', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaProtocolTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f16aca63128>
attr = 'nsds5ReplicaProtocolTimeout', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f16ac8d3f60>
attr = 'nsds5ReplicaProtocolTimeout', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/ruvstore_test.py::test_memoryruv_sync_with_databaseruv 0.03
topo = <lib389.topologies.TopologyMain object at 0x7f16ac907898>

@pytest.mark.xfail(reason="No method to safety access DB ruv currently exists online.")
def test_memoryruv_sync_with_databaseruv(topo):
"""Check if memory ruv and database ruv are synced

:id: 5f38ac5f-6353-460d-bf60-49cafffda5b3
:setup: Replication with two masters.
:steps: 1. Add user to server and compare memory ruv and database ruv.
2. Modify description of user and compare memory ruv and database ruv.
3. Modrdn of user and compare memory ruv and database ruv.
4. Delete user and compare memory ruv and database ruv.
:expectedresults:
1. For add user, the memory ruv and database ruv should be the same.
2. For modify operation, the memory ruv and database ruv should be the same.
3. For modrdn operation, the memory ruv and database ruv should be the same.
4. For delete operation, the memory ruv and database ruv should be the same.
"""

log.info('Adding user: {} to master1'.format(TEST_ENTRY_NAME))
users = UserAccounts(topo.ms['master1'], DEFAULT_SUFFIX)
tuser = users.create(properties=USER_PROPERTIES)
> _compare_memoryruv_and_databaseruv(topo, 'add')

suites/replication/ruvstore_test.py:137:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topo = <lib389.topologies.TopologyMain object at 0x7f16ac907898>
operation_type = 'add'

def _compare_memoryruv_and_databaseruv(topo, operation_type):
"""Compare the memoryruv and databaseruv for ldap operations"""

log.info('Checking memory ruv for ldap: {} operation'.format(operation_type))
replicas = Replicas(topo.ms['master1'])
replica = replicas.list()[0]
memory_ruv = replica.get_attr_val_utf8('nsds50ruv')

log.info('Checking database ruv for ldap: {} operation'.format(operation_type))
> entry = replicas.get_ruv_entry(DEFAULT_SUFFIX)
E AttributeError: 'Replicas' object has no attribute 'get_ruv_entry'

suites/replication/ruvstore_test.py:79: AttributeError
------------------------------ Captured log call -------------------------------
ruvstore_test.py 134 INFO Adding user: rep2lusr to master1 ruvstore_test.py 73 INFO Checking memory ruv for ldap: add operation ruvstore_test.py 78 INFO Checking database ruv for ldap: add operation
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaBusyWaitTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.16
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaSessionPauseTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaFlowControlWindow--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaFlowControlPause--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.16
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaProtocolTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
No log output captured.
Skipped suites/config/regression_test.py::test_set_cachememsize_to_custom_value::setup 0.00
('suites/config/regression_test.py', 31, 'Skipped: available memory is too low')
Skipped suites/memory_leaks/range_search_test.py::test_range_search::setup 0.00
('suites/memory_leaks/range_search_test.py', 21, "Skipped: Don't run if ASAN is not enabled")
Skipped tickets/ticket47815_test.py::test_ticket47815::setup 0.00
('tickets/ticket47815_test.py', 23, 'Skipped: Not implemented, or invalid by nsMemberOf')
Skipped tickets/ticket49121_test.py::test_ticket49121::setup 0.00
('tickets/ticket49121_test.py', 30, "Skipped: Don't run if ASAN is not enabled")
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_EQ_ACI)] 0.03
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_PRES_ACI)] 0.03
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_SUB_ACI)] 0.03
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, ROLE_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, ROLE_SUB_ACI)] 0.03
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_EQ_ACI)] 0.03
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_PRES_ACI)] 0.03
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_SUB_ACI)] 0.03
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, LDAPURL_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, REAL_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_OU, REAL_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, REAL_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(SALES_UESER, SALES_MANAGER, LDAPURL_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, ENG_MANAGER, ROLE_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acl_deny_test.py::test_multi_deny_aci 11.44
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. acl_deny_test.py 37 INFO Add uid=tuser1,ou=People,dc=example,dc=com acl_deny_test.py 48 INFO Add uid=tuser,ou=People,dc=example,dc=com------------------------------ Captured log call -------------------------------
acl_deny_test.py 80 INFO Pass 1 acl_deny_test.py 83 INFO Testing two searches behave the same... acl_deny_test.py 126 INFO Testing search does not return any entries... acl_deny_test.py 80 INFO Pass 2 acl_deny_test.py 83 INFO Testing two searches behave the same... acl_deny_test.py 126 INFO Testing search does not return any entries... acl_deny_test.py 190 INFO Test PASSED
Passed suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[lang-ja] 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists acl_test.py 75 INFO ========Executing test with 'lang-ja' subtype======== acl_test.py 76 INFO Add a target attribute acl_test.py 79 INFO Add a user attribute acl_test.py 87 INFO Add an ACI with attribute subtype------------------------------ Captured log call -------------------------------
acl_test.py 116 INFO Search for the added attribute acl_test.py 123 INFO The added attribute was found
Passed suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[binary] 0.00
------------------------------ Captured log setup ------------------------------
acl_test.py 75 INFO ========Executing test with 'binary' subtype======== acl_test.py 76 INFO Add a target attribute acl_test.py 79 INFO Add a user attribute acl_test.py 87 INFO Add an ACI with attribute subtype------------------------------ Captured log call -------------------------------
acl_test.py 116 INFO Search for the added attribute acl_test.py 123 INFO The added attribute was found
Passed suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[phonetic] 0.00
------------------------------ Captured log setup ------------------------------
acl_test.py 75 INFO ========Executing test with 'phonetic' subtype======== acl_test.py 76 INFO Add a target attribute acl_test.py 79 INFO Add a user attribute acl_test.py 87 INFO Add an ACI with attribute subtype------------------------------ Captured log call -------------------------------
acl_test.py 116 INFO Search for the added attribute acl_test.py 123 INFO The added attribute was found
Passed suites/acl/acl_test.py::test_mode_default_add_deny 0.04
------------------------------ Captured log setup ------------------------------
acl_test.py 231 INFO ######## INITIALIZATION ######## acl_test.py 234 INFO Add uid=bind_entry,dc=example,dc=com acl_test.py 244 INFO Add cn=staged user,dc=example,dc=com acl_test.py 248 INFO Add cn=accounts,dc=example,dc=com acl_test.py 252 INFO Add cn=excepts,cn=accounts,dc=example,dc=com------------------------------ Captured log call -------------------------------
acl_test.py 284 INFO ######## mode moddn_aci : ADD (should fail) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 292 INFO Try to add cn=accounts,dc=example,dc=com acl_test.py 301 INFO Exception (expected): INSUFFICIENT_ACCESS
Passed suites/acl/acl_test.py::test_mode_default_delete_deny 0.03
------------------------------ Captured log call -------------------------------
acl_test.py 319 INFO ######## DELETE (should fail) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 326 INFO Try to delete cn=staged user,dc=example,dc=com acl_test.py 331 INFO Exception (expected): INSUFFICIENT_ACCESS
Passed suites/acl/acl_test.py::test_moddn_staging_prod[0-cn=staged user,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.30
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (0) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account0,cn=staged user,dc=example,dc=com -> uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account0,cn=staged user,dc=example,dc=com -> uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[1-cn=staged user,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (1) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account1,cn=staged user,dc=example,dc=com -> uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account1,cn=staged user,dc=example,dc=com -> uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[2-cn=staged user,dc=example,dc=com-cn=bad*,dc=example,dc=com-True] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (2) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account2,cn=staged user,dc=example,dc=com -> uid=new_account2,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account2,cn=staged user,dc=example,dc=com -> uid=new_account2,cn=accounts,dc=example,dc=com acl_test.py 398 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[3-cn=st*,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (3) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account3,cn=staged user,dc=example,dc=com -> uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account3,cn=staged user,dc=example,dc=com -> uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[4-cn=bad*,dc=example,dc=com-cn=accounts,dc=example,dc=com-True] 0.31
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (4) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account4,cn=staged user,dc=example,dc=com -> uid=new_account4,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account4,cn=staged user,dc=example,dc=com -> uid=new_account4,cn=accounts,dc=example,dc=com acl_test.py 398 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[5-cn=st*,dc=example,dc=com-cn=ac*,dc=example,dc=com-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (5) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account5,cn=staged user,dc=example,dc=com -> uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account5,cn=staged user,dc=example,dc=com -> uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[6-None-cn=ac*,dc=example,dc=com-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (6) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account6,cn=staged user,dc=example,dc=com -> uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account6,cn=staged user,dc=example,dc=com -> uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[7-cn=st*,dc=example,dc=com-None-False] 0.41
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (7) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account7,cn=staged user,dc=example,dc=com -> uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account7,cn=staged user,dc=example,dc=com -> uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[8-None-None-False] 0.30
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (8) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account8,cn=staged user,dc=example,dc=com -> uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account8,cn=staged user,dc=example,dc=com -> uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod_9 1.32
------------------------------ Captured log call -------------------------------
acl_test.py 441 INFO ######## MOVE staging -> Prod (9) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 454 INFO Try to MODDN uid=new_account9,cn=staged user,dc=example,dc=com -> uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 461 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 467 INFO Disable the moddn right acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 472 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 480 INFO Try to MODDN uid=new_account9,cn=staged user,dc=example,dc=com -> uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 487 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 509 INFO Try to MODDN uid=new_account9,cn=staged user,dc=example,dc=com -> uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 520 INFO Enable the moddn right acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 524 INFO ######## MOVE staging -> Prod (10) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 536 INFO Try to MODDN uid=new_account10,cn=staged user,dc=example,dc=com -> uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 543 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 560 INFO Try to MODDN uid=new_account10,cn=staged user,dc=example,dc=com -> uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 567 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 576 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 582 INFO Try to MODDN uid=new_account10,cn=staged user,dc=example,dc=com -> uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_prod_staging 0.56
------------------------------ Captured log call -------------------------------
acl_test.py 611 INFO ######## MOVE staging -> Prod (11) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 624 INFO Try to MODDN uid=new_account11,cn=staged user,dc=example,dc=com -> uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 631 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 635 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 641 INFO Try to MODDN uid=new_account11,cn=staged user,dc=example,dc=com -> uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 656 INFO Try to move back MODDN uid=new_account11,cn=accounts,dc=example,dc=com -> uid=new_account11,cn=staged user,dc=example,dc=com acl_test.py 663 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_check_repl_M2_to_M1 1.10
------------------------------ Captured log call -------------------------------
acl_test.py 693 INFO Bind as cn=Directory Manager (M2) acl_test.py 713 INFO Update (M2) uid=new_account12,cn=staged user,dc=example,dc=com (description) acl_test.py 726 INFO Update uid=new_account12,cn=staged user,dc=example,dc=com (description) replicated on M1
Passed suites/acl/acl_test.py::test_moddn_staging_prod_except 0.34
------------------------------ Captured log call -------------------------------
acl_test.py 751 INFO ######## MOVE staging -> Prod (13) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 763 INFO Try to MODDN uid=new_account13,cn=staged user,dc=example,dc=com -> uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 770 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 774 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 158 INFO Add a DENY aci under cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 781 INFO Try to MODDN uid=new_account13,cn=staged user,dc=example,dc=com -> uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 787 INFO ######## MOVE staging -> Prod/Except (14) ######## acl_test.py 793 INFO Try to MODDN uid=new_account14,cn=staged user,dc=example,dc=com -> uid=new_account14,cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 800 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 158 INFO Add a DENY aci under cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_mode_default_ger_no_moddn 0.00
------------------------------ Captured log call -------------------------------
acl_test.py 827 INFO ######## mode moddn_aci : GER no moddn ######## acl_test.py 838 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 841 INFO ######## entryLevelRights: b'v'
Passed suites/acl/acl_test.py::test_mode_default_ger_with_moddn 0.26
------------------------------ Captured log call -------------------------------
acl_test.py 865 INFO ######## mode moddn_aci: GER with moddn ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 883 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 886 INFO ######## entryLevelRights: b'vn' acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_mode_legacy_ger_no_moddn1 0.10
------------------------------ Captured log call -------------------------------
acl_test.py 916 INFO ######## Disable the moddn aci mod ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 920 INFO ######## mode legacy 1: GER no moddn ######## acl_test.py 930 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 933 INFO ######## entryLevelRights: b'v'
Passed suites/acl/acl_test.py::test_mode_legacy_ger_no_moddn2 0.36
------------------------------ Captured log call -------------------------------
acl_test.py 959 INFO ######## Disable the moddn aci mod ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 963 INFO ######## mode legacy 2: GER no moddn ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 980 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 983 INFO ######## entryLevelRights: b'v' acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_mode_legacy_ger_with_moddn 0.33
------------------------------ Captured log call -------------------------------
acl_test.py 1019 INFO ######## Disable the moddn aci mod ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 1023 INFO ######## mode legacy : GER with moddn ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 1045 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 1048 INFO ######## entryLevelRights: b'vn' acl_test.py 131 INFO Bind as cn=Directory Manager
Passed suites/acl/acl_test.py::test_rdn_write_get_ger 0.00
------------------------------ Captured log setup ------------------------------
acl_test.py 1059 INFO ######## Add entry tuser ########------------------------------ Captured log call -------------------------------
acl_test.py 1083 INFO ######## GER rights for anonymous ######## acl_test.py 1093 INFO dn: dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=Directory Administrators,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=People,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=Special Users,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=Accounting Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=HR Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=QA Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=PD Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=replication_managers,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=Services,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=server.example.com:63701,ou=Services,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=server.example.com:63702,ou=Services,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=bind_entry,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account2,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account4,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account12,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account14,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account15,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account16,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account17,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account18,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account19,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=tuser,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v'
Passed suites/acl/acl_test.py::test_rdn_write_modrdn_anonymous 0.11
------------------------------ Captured log call -------------------------------
acl_test.py 1122 INFO dn: acl_test.py 1124 INFO ######## 'objectClass': [b'top'] acl_test.py 1124 INFO ######## 'defaultnamingcontext': [b'dc=example,dc=com'] acl_test.py 1124 INFO ######## 'dataversion': [b'020190409231702'] acl_test.py 1124 INFO ######## 'netscapemdsuffix': [b'cn=ldap://dc=server,dc=example,dc=com:39001'] acl_test.py 1129 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 1136 INFO The entry was not renamed (expected) acl_test.py 131 INFO Bind as cn=Directory Manager
Passed suites/acl/enhanced_aci_modrnd_test.py::test_enhanced_aci_modrnd 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. enhanced_aci_modrnd_test.py 30 INFO Add a container: ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 37 INFO Add a container: ou=test_ou_2,dc=example,dc=com enhanced_aci_modrnd_test.py 44 INFO Add a user: cn=test_user,ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 59 INFO Add an ACI 'allow (all)' by cn=test_user,ou=test_ou_1,dc=example,dc=com to the ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 63 INFO Add an ACI 'allow (all)' by cn=test_user,ou=test_ou_1,dc=example,dc=com to the ou=test_ou_2,dc=example,dc=com------------------------------ Captured log call -------------------------------
enhanced_aci_modrnd_test.py 93 INFO Bind as cn=test_user,ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 98 INFO User MODRDN operation from ou=test_ou_1,dc=example,dc=com to ou=test_ou_2,dc=example,dc=com enhanced_aci_modrnd_test.py 103 INFO Check there is no user in ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 109 INFO Check there is our user in ou=test_ou_2,dc=example,dc=com
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_five 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_six 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_seven 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eight 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_nine 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_ten 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eleven 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_twelve 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_fourteen 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_fifteen 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_sixteen 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_seventeen 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eighteen 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_caching_changes 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/globalgroup_test.py::test_deny_group_member_all_rights_to_user 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deny_group_member_all_rights_to_group_members 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_denial 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_denial_two 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_allow 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_allow_two 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_two 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_three 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_four 0.04
No log output captured.
Passed suites/acl/misc_test.py::test_accept_aci_in_addition_to_acl 0.08
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/misc_test.py::test_more_then_40_acl_will_crash_slapd 0.22
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_search_access_should_not_include_read_access 0.01
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_only_allow_some_targetattr 0.29
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_only_allow_some_targetattr_two 0.30
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_memberurl_needs_to_be_normalized 0.12
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_greater_than_200_acls_can_be_created 3.59
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_server_bahaves_properly_with_very_long_attribute_names 0.04
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_do_bind_as_201_distinct_users 12.71
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/modify_test.py::test_allow_write_access_to_targetattr_with_a_single_attribute 0.06
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/modify_test.py::test_allow_write_access_to_targetattr_with_multiple_attibutes 0.05
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdn_all 0.11
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdn_with_wildcards_in_dn 0.07
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdn_with_multiple_dns 0.16
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_target_with_wildcards 0.16
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdnattr 0.10
No log output captured.
Passed suites/acl/modify_test.py::test_allow_selfwrite_access_to_anyone 0.13
No log output captured.
Passed suites/acl/modify_test.py::test_uniquemember_should_also_be_the_owner 0.17
No log output captured.
Passed suites/acl/modify_test.py::test_aci_with_both_allow_and_deny 0.12
No log output captured.
Passed suites/acl/modify_test.py::test_allow_owner_to_modify_entry 0.10
No log output captured.
Passed suites/acl/modrdn_test.py::test_allow_write_privilege_to_anyone 0.02
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/modrdn_test.py::test_allow_write_privilege_to_dynamic_group_with_scope_set_to_base_in_ldap_url 0.05
No log output captured.
Passed suites/acl/modrdn_test.py::test_write_access_to_naming_atributes 0.04
No log output captured.
Passed suites/acl/modrdn_test.py::test_write_access_to_naming_atributes_two 0.07
No log output captured.
Passed suites/acl/modrdn_test.py::test_access_aci_list_contains_any_deny_rule 0.10
No log output captured.
Passed suites/acl/modrdn_test.py::test_renaming_target_entry 0.08
No log output captured.
Passed suites/acl/repeated_ldap_add_test.py::test_repeated_ldap_add 34.66
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stdout call -----------------------------
uid=buser123,ou=BOU,dc=example,dc=com inactivated. ------------------------------ Captured log call -------------------------------
repeated_ldap_add_test.py 182 INFO Testing Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc. repeated_ldap_add_test.py 184 INFO Disabling accesslog logbuffering repeated_ldap_add_test.py 187 INFO Bind as {cn=Directory Manager,password} repeated_ldap_add_test.py 190 INFO Adding ou=BOU a bind user belongs to. repeated_ldap_add_test.py 195 INFO Adding a bind user. repeated_ldap_add_test.py 202 INFO Adding a test user. repeated_ldap_add_test.py 209 INFO Deleting aci in dc=example,dc=com. repeated_ldap_add_test.py 212 INFO While binding as DM, acquire an access log path and instance dir repeated_ldap_add_test.py 218 INFO Bind case 1. the bind user has no rights to read the entry itself, bind should be successful. repeated_ldap_add_test.py 219 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123} who has no access rights. repeated_ldap_add_test.py 227 INFO Access log path: /var/log/dirsrv/slapd-standalone1/access repeated_ldap_add_test.py 230 INFO Bind case 2-1. the bind user does not exist, bind should fail with error INVALID_CREDENTIALS repeated_ldap_add_test.py 231 INFO Bind as {uid=bogus,dc=example,dc=com,bogus} who does not exist. repeated_ldap_add_test.py 235 INFO Exception (expected): INVALID_CREDENTIALS repeated_ldap_add_test.py 236 INFO Desc Invalid credentials repeated_ldap_add_test.py 244 INFO Cause found - 09/Apr/2019:19:18:29.268176134 -0400] conn=1 op=10 RESULT err=49 tag=97 nentries=0 etime=0.0006387449 - No such entry repeated_ldap_add_test.py 248 INFO Bind case 2-2. the bind user's suffix does not exist, bind should fail with error INVALID_CREDENTIALS repeated_ldap_add_test.py 249 INFO Bind as {uid=bogus,ou=people,dc=bogus,bogus} who does not exist. repeated_ldap_add_test.py 258 INFO Cause found - 09/Apr/2019:19:18:31.276131591 -0400] conn=1 op=11 RESULT err=49 tag=97 nentries=0 etime=0.0003837722 - No suffix for bind dn found repeated_ldap_add_test.py 262 INFO Bind case 2-3. the bind user's password is wrong, bind should fail with error INVALID_CREDENTIALS repeated_ldap_add_test.py 263 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,bogus} who does not exist. repeated_ldap_add_test.py 267 INFO Exception (expected): INVALID_CREDENTIALS repeated_ldap_add_test.py 268 INFO Desc Invalid credentials repeated_ldap_add_test.py 276 INFO Cause found - [09/Apr/2019:19:18:33.306556716 -0400] conn=1 op=12 RESULT err=49 tag=97 nentries=0 etime=0.0026588778 - Invalid credentials repeated_ldap_add_test.py 279 INFO Adding aci for uid=buser123,ou=BOU,dc=example,dc=com to ou=BOU,dc=example,dc=com. repeated_ldap_add_test.py 281 INFO aci: (targetattr="*")(version 3.0; acl "buser123"; allow(all) userdn = "ldap:///uid=buser123,ou=BOU,dc=example,dc=com";) repeated_ldap_add_test.py 282 INFO Bind as {cn=Directory Manager,password} repeated_ldap_add_test.py 287 INFO Bind case 3. the bind user has the right to read the entry itself, bind should be successful. repeated_ldap_add_test.py 288 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123} which should be ok. repeated_ldap_add_test.py 291 INFO The following operations are against the subtree the bind user uid=buser123,ou=BOU,dc=example,dc=com has no rights. repeated_ldap_add_test.py 296 INFO Search case 1. the bind user has no rights to read the search entry, it should return no search results with <class 'ldap.SUCCESS'> repeated_ldap_add_test.py 106 INFO Searching existing entry uid=tuser0,ou=people,dc=example,dc=com, which should be ok. repeated_ldap_add_test.py 139 INFO Search should return none repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 302 INFO Search case 2-1. the search entry does not exist, the search should return no search results with SUCCESS repeated_ldap_add_test.py 106 INFO Searching non-existing entry uid=bogus,dc=example,dc=com, which should be ok. repeated_ldap_add_test.py 139 INFO Search should return none repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 308 INFO Search case 2-2. the search entry does not exist, the search should return no search results with SUCCESS repeated_ldap_add_test.py 106 INFO Searching non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should be ok. repeated_ldap_add_test.py 139 INFO Search should return none repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 315 INFO Add case 1. the bind user has no rights AND the adding entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Adding existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 321 INFO Add case 2-1. the bind user has no rights AND the adding entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Adding non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 327 INFO Add case 2-2. the bind user has no rights AND the adding entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Adding non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 334 INFO Modify case 1. the bind user has no rights AND the modifying entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Modifying existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 340 INFO Modify case 2-1. the bind user has no rights AND the modifying entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Modifying non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 346 INFO Modify case 2-2. the bind user has no rights AND the modifying entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Modifying non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 353 INFO Modrdn case 1. the bind user has no rights AND the renaming entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Renaming existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 359 INFO Modrdn case 2-1. the bind user has no rights AND the renaming entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Renaming non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 365 INFO Modrdn case 2-2. the bind user has no rights AND the renaming entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Renaming non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 371 INFO Modrdn case 3. the bind user has no rights AND the node moving an entry to exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Moving to existing superior ou=groups,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 377 INFO Modrdn case 4-1. the bind user has no rights AND the node moving an entry to does not, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Moving to non-existing superior ou=OU,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 383 INFO Modrdn case 4-2. the bind user has no rights AND the node moving an entry to does not, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Moving to non-existing superior ou=OU,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 390 INFO Delete case 1. the bind user has no rights AND the deleting entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Deleting existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 396 INFO Delete case 2-1. the bind user has no rights AND the deleting entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Deleting non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 402 INFO Delete case 2-2. the bind user has no rights AND the deleting entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Deleting non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 405 INFO EXTRA: Check no regressions repeated_ldap_add_test.py 406 INFO Adding aci for uid=buser123,ou=BOU,dc=example,dc=com to dc=example,dc=com. repeated_ldap_add_test.py 408 INFO Bind as {cn=Directory Manager,password} repeated_ldap_add_test.py 413 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123}. repeated_ldap_add_test.py 423 INFO Search case. the search entry does not exist, the search should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Searching non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 429 INFO Add case. the adding entry already exists, it should fail with ALREADY_EXISTS repeated_ldap_add_test.py 106 INFO Adding existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with ALREADY_EXISTS. repeated_ldap_add_test.py 129 INFO Exception (expected): ALREADY_EXISTS repeated_ldap_add_test.py 130 INFO Desc Already exists repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 434 INFO Modify case. the modifying entry does not exist, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Modifying non-existing entry uid=bogus,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 439 INFO Modrdn case 1. the renaming entry does not exist, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Renaming non-existing entry uid=bogus,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 444 INFO Modrdn case 2. the node moving an entry to does not, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Moving to non-existing superior ou=OU,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 449 INFO Delete case. the deleting entry does not exist, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Deleting non-existing entry uid=bogus,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 452 INFO Inactivate uid=buser123,ou=BOU,dc=example,dc=com repeated_ldap_add_test.py 459 INFO ['/usr/sbin/ns-inactivate.pl', '-Z', 'standalone1', '-D', 'cn=Directory Manager', '-w', 'password', '-I', 'uid=buser123,ou=BOU,dc=example,dc=com'] repeated_ldap_add_test.py 463 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123} which should fail with UNWILLING_TO_PERFORM. repeated_ldap_add_test.py 467 INFO Exception (expected): UNWILLING_TO_PERFORM repeated_ldap_add_test.py 468 INFO Desc Server is unwilling to perform repeated_ldap_add_test.py 471 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,bogus} which should fail with UNWILLING_TO_PERFORM. repeated_ldap_add_test.py 475 INFO Exception (expected): UNWILLING_TO_PERFORM repeated_ldap_add_test.py 476 INFO Desc Server is unwilling to perform repeated_ldap_add_test.py 479 INFO SUCCESS
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_non_leaf 0.64
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_wildcard_non_leaf 0.74
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_wildcard_leaf 0.72
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_equality_search 0.55
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_equality_search_two 0.72
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_substring_search 0.51
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_substring_search_two 0.73
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_boolean_or_of_two_equality_search 0.10
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_to__userdn_two 0.63
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_userdn 0.61
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_presence_search 0.08
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url 0.48
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url_two 0.54
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url_matching_all_users 0.83
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_a_dynamic_group 0.47
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_with_host_port_set_on_ldap_url 0.40
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_with_scope_set_to_one_in_ldap_url 0.45
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_two 0.55
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_access_to_group_should_deny_access_to_all_uniquemember 0.61
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_entry_with_lots_100_attributes 6.64
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_groupdnattr_value_is_another_group 0.10
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with_target_set 0.55
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/search_real_test.py::test_deny_all_access_to_a_target_with_wild_card 0.57
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_without_a_target_set 0.81
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_read_search_and_compare_access_with_target_and_targetattr_set 0.58
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_read_access_to_multiple_groupdns 0.74
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_to_userdnattr 0.55
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with__target_set 0.77
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with__targetattr_set 1.10
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with_targetattr_set 0.57
No log output captured.
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_add 0.49
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. selfdn_permissions_test.py 57 INFO Add OCticket47653 that allows 'member' attribute selfdn_permissions_test.py 62 INFO Add cn=bind_entry, dc=example,dc=com------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 105 INFO ######################### ADD ###################### selfdn_permissions_test.py 108 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 138 INFO Try to add Add cn=test_entry, dc=example,dc=com (aci is missing): dn: cn=test_entry, dc=example,dc=com cn: test_entry member: cn=bind_entry, dc=example,dc=com objectclass: top objectclass: person objectclass: OCticket47653 postalAddress: here postalCode: 1234 sn: test_entry selfdn_permissions_test.py 142 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 146 INFO Bind as cn=Directory Manager and add the ADD SELFDN aci selfdn_permissions_test.py 158 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 163 INFO Try to add Add cn=test_entry, dc=example,dc=com (member is missing) selfdn_permissions_test.py 171 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 177 INFO Try to add Add cn=test_entry, dc=example,dc=com (with several member values) selfdn_permissions_test.py 180 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 183 INFO Try to add Add cn=test_entry, dc=example,dc=com should be successful
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_search 0.56
------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 204 INFO ######################### SEARCH ###################### selfdn_permissions_test.py 206 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 210 INFO Try to search cn=test_entry, dc=example,dc=com (aci is missing) selfdn_permissions_test.py 215 INFO Bind as cn=Directory Manager and add the READ/SEARCH SELFDN aci selfdn_permissions_test.py 228 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 232 INFO Try to search cn=test_entry, dc=example,dc=com should be successful
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_modify 0.45
------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 255 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 258 INFO ######################### MODIFY ###################### selfdn_permissions_test.py 262 INFO Try to modify cn=test_entry, dc=example,dc=com (aci is missing) selfdn_permissions_test.py 266 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 270 INFO Bind as cn=Directory Manager and add the WRITE SELFDN aci selfdn_permissions_test.py 283 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 287 INFO Try to modify cn=test_entry, dc=example,dc=com. It should succeeds
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_delete 0.27
------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 312 INFO ######################### DELETE ###################### selfdn_permissions_test.py 315 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 320 INFO Try to delete cn=test_entry, dc=example,dc=com (aci is missing) selfdn_permissions_test.py 323 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 327 INFO Bind as cn=Directory Manager and add the READ/SEARCH SELFDN aci selfdn_permissions_test.py 339 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 343 INFO Try to delete cn=test_entry, dc=example,dc=com should be successful
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_1] 0.02
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_2] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_3] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_4] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_5] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_6] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_7] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_8] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_9] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_10] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_11] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_12] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_13] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_14] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_15] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_16] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_17] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_19] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_21] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_22] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_23] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Missing_acl_mispel] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Missing_acl_string] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Wrong_version_string] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Missing_version_string] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Authenticate_statement] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Multiple_targets] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Target_set_to_self] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_target_set_with_ldap_instead_of_ldap] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_target_set_with_more_than_three] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_target_set_with_less_than_three] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_bind_rule_set_with_less_than_three] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_semicolon_instead_of_comma_in_permission] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_double_equal_instead_of_equal_in_the_target] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_use_double_equal_instead_of_equal_in_user_and_group_access] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_donot_cote_the_name_of_the_aci] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_extra_parentheses_case_1] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_extra_parentheses_case_2] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_extra_parentheses_case_3] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_no_semicolon_at_the_end_of_the_aci] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_a_character_different_of_a_semicolon_at_the_end_of_the_aci] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_bad_filter] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_double_equal_instead_of_equal_in_the_targattrfilters] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_double_equal_instead_of_equal_inside_the_targattrfilters] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_target_set_above_the_entry_test 0.01
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_we_can_search_as_expected 0.01
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/valueacl_part2_test.py::test_we_can_mod_title_as_expected 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_modify_with_multiple_filters 0.03
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_denied_by_multiple_filters 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_allowed_add_one_attribute 0.03
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_cannot_add_an_entry_with_attribute_values_we_are_not_allowed_add 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_on_modrdn 0.03
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_on_modrdn_allow 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_targattrfilters_keyword 0.09
No log output captured.
Passed suites/acl/valueacl_test.py::test_delete_an_attribute_value_we_are_not_allowed_to_delete 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/valueacl_test.py::test_donot_allow_write_access_to_title_if_value_is_not_architect 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_delete_an_attribute_value_we_are_allowed_to_delete 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_delete_an_attribute_value_we_are_not_allowed_to_deleted 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_modify_replace 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_modify_delete 0.07
No log output captured.
Passed suites/acl/valueacl_test.py::test_replace_an_attribute_if_we_lack 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_remove_an_attribute_if_we_have_del_rights_to_all_attr_value 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_remove_an_attribute_if_we_donot_have_del_rights_to_all_attr_value 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_remove_an_attribute_if_we_have_del_rights_to_all_attr_values 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_cantnot_delete_an_entry_with_attribute_values_we_are_not_allowed_delete 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_we_can_add_and_delete_an_entry_with_attribute_values_we_are_allowed_add_and_delete 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_title 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_to_modify 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_selfwrite_does_not_confer_write_on_a_targattrfilters_atribute 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_selfwrite_continues_to_give_rights_to_attr_in_targetattr_list 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_add_an_attribute_value_we_are_allowed_to_add_with_ldapanyone 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_hierarchy 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_targattrfilters_and_search_permissions_and_that_ldapmodify_works_as_expected 0.03
No log output captured.
Passed suites/acl/valueacl_test.py::test_targattrfilters_and_search_permissions_and_that_ldapmodify_works_as_expected_two 0.01
No log output captured.
Passed suites/automember_plugin/automember_mod_test.py::test_mods 10.87
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
automember_mod_test.py 134 INFO Test PASSED
Passed suites/automember_plugin/automember_test.py::test_automemberscope 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/automember_plugin/automember_test.py::test_automemberfilter 0.01
No log output captured.
Passed suites/automember_plugin/automember_test.py::test_adduser 0.03
No log output captured.
Passed suites/automember_plugin/automember_test.py::test_delete_default_group 4.44
No log output captured.
Passed suites/automember_plugin/automember_test.py::test_delete_target_group 4.45
No log output captured.
Passed suites/basic/basic_test.py::test_basic_ops 0.15
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/basic/basic_test.py::test_basic_import_export 37.37
----------------------------- Captured stderr call -----------------------------
ldiffile: /var/lib/dirsrv/slapd-standalone1/ldif/export.ldif
Passed suites/basic/basic_test.py::test_basic_backup 8.95
------------------------------ Captured log call -------------------------------
tasks.py 557 INFO Backup task backup_04092019_192209 completed successfully tasks.py 611 INFO Restore task restore_04092019_192211 completed successfully
Passed suites/basic/basic_test.py::test_basic_db2index 5.10
----------------------------- Captured stderr call -----------------------------
[09/Apr/2019:19:22:21.215459950 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [09/Apr/2019:19:22:21.221989389 -0400] - INFO - check_and_set_import_cache - pagesize: 4096, available bytes 7788216320, process usage 22679552 [09/Apr/2019:19:22:21.225322285 -0400] - INFO - check_and_set_import_cache - Import allocates 3042272KB import cache. [09/Apr/2019:19:22:21.228152865 -0400] - INFO - dblayer_copy_directory - Backing up file 0 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/objectclass.db) [09/Apr/2019:19:22:21.230316787 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/objectclass.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/objectclass.db [09/Apr/2019:19:22:21.232490104 -0400] - INFO - dblayer_copy_directory - Backing up file 1 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/entryrdn.db) [09/Apr/2019:19:22:21.234633376 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/entryrdn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/entryrdn.db [09/Apr/2019:19:22:21.236685055 -0400] - INFO - dblayer_copy_directory - Backing up file 2 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/nsuniqueid.db) [09/Apr/2019:19:22:21.239191874 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/nsuniqueid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/nsuniqueid.db [09/Apr/2019:19:22:21.242107269 -0400] - INFO - dblayer_copy_directory - Backing up file 3 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/numsubordinates.db) [09/Apr/2019:19:22:21.244271928 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/numsubordinates.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/numsubordinates.db [09/Apr/2019:19:22:21.246624681 -0400] - INFO - dblayer_copy_directory - Backing up file 4 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/cn.db) [09/Apr/2019:19:22:21.248935004 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/cn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/cn.db [09/Apr/2019:19:22:21.251423858 -0400] - INFO - dblayer_copy_directory - Backing up file 5 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/uid.db) [09/Apr/2019:19:22:21.253460225 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/uid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/uid.db [09/Apr/2019:19:22:21.255486029 -0400] - INFO - dblayer_copy_directory - Backing up file 6 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/mail.db) [09/Apr/2019:19:22:21.257529894 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/mail.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/mail.db [09/Apr/2019:19:22:21.260032701 -0400] - INFO - dblayer_copy_directory - Backing up file 7 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/DBVERSION) [09/Apr/2019:19:22:21.262304708 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/DBVERSION to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/DBVERSION [09/Apr/2019:19:22:21.264341060 -0400] - INFO - dblayer_copy_directory - Backing up file 8 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/uniquemember.db) [09/Apr/2019:19:22:21.266660970 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/uniquemember.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/uniquemember.db [09/Apr/2019:19:22:21.268798596 -0400] - INFO - dblayer_copy_directory - Backing up file 9 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/entryusn.db) [09/Apr/2019:19:22:21.271513134 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/entryusn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/entryusn.db [09/Apr/2019:19:22:21.273652966 -0400] - INFO - dblayer_copy_directory - Backing up file 10 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/telephoneNumber.db) [09/Apr/2019:19:22:21.277419957 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/telephoneNumber.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/telephoneNumber.db [09/Apr/2019:19:22:21.282640316 -0400] - INFO - dblayer_copy_directory - Backing up file 11 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/aci.db) [09/Apr/2019:19:22:21.285162429 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/aci.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/aci.db [09/Apr/2019:19:22:21.287458711 -0400] - INFO - dblayer_copy_directory - Backing up file 12 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/sn.db) [09/Apr/2019:19:22:21.289543097 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/sn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/sn.db [09/Apr/2019:19:22:21.291634946 -0400] - INFO - dblayer_copy_directory - Backing up file 13 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/id2entry.db) [09/Apr/2019:19:22:21.293592920 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/id2entry.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/id2entry.db [09/Apr/2019:19:22:21.296165397 -0400] - INFO - dblayer_copy_directory - Backing up file 14 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/givenName.db) [09/Apr/2019:19:22:21.299201532 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/givenName.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/givenName.db [09/Apr/2019:19:22:21.306859627 -0400] - INFO - dblayer_copy_directory - Backing up file 15 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/parentid.db) [09/Apr/2019:19:22:21.310908110 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/parentid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/parentid.db [09/Apr/2019:19:22:21.313372811 -0400] - INFO - dblayer_copy_directory - Backing up file 16 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/ancestorid.db) [09/Apr/2019:19:22:21.315573105 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/ancestorid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/userRoot/ancestorid.db [09/Apr/2019:19:22:21.317844279 -0400] - INFO - upgradedb_core - userRoot: Start upgradedb. [09/Apr/2019:19:22:21.319984503 -0400] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [09/Apr/2019:19:22:21.437658116 -0400] - INFO - import_main_offline - reindex userRoot: Index buffering enabled with bucket size 100 [09/Apr/2019:19:22:22.142422214 -0400] - INFO - import_monitor_threads - reindex userRoot: Workers finished; cleaning up... [09/Apr/2019:19:22:22.345418452 -0400] - INFO - import_monitor_threads - reindex userRoot: Workers cleaned up. [09/Apr/2019:19:22:22.348939299 -0400] - INFO - import_main_offline - reindex userRoot: Cleaning up producer thread... [09/Apr/2019:19:22:22.351601781 -0400] - INFO - import_main_offline - reindex userRoot: Indexing complete. Post-processing... [09/Apr/2019:19:22:22.353661131 -0400] - INFO - import_main_offline - reindex userRoot: Generating numsubordinates (this may take several minutes to complete)... [09/Apr/2019:19:22:22.355713071 -0400] - INFO - import_main_offline - reindex userRoot: Generating numSubordinates complete. [09/Apr/2019:19:22:22.357797567 -0400] - INFO - ldbm_get_nonleaf_ids - reindex userRoot: Gathering ancestorid non-leaf IDs... [09/Apr/2019:19:22:22.359866379 -0400] - INFO - ldbm_get_nonleaf_ids - reindex userRoot: Finished gathering ancestorid non-leaf IDs. [09/Apr/2019:19:22:22.364497271 -0400] - INFO - ldbm_ancestorid_new_idl_create_index - reindex userRoot: Creating ancestorid index (new idl)... [09/Apr/2019:19:22:22.367336450 -0400] - INFO - ldbm_ancestorid_new_idl_create_index - reindex userRoot: Created ancestorid index (new idl). [09/Apr/2019:19:22:22.369685094 -0400] - INFO - import_main_offline - reindex userRoot: Flushing caches... [09/Apr/2019:19:22:22.371751708 -0400] - INFO - import_main_offline - reindex userRoot: Closing files... [09/Apr/2019:19:22:22.432331190 -0400] - INFO - dblayer_pre_close - All database threads now stopped [09/Apr/2019:19:22:22.435408184 -0400] - INFO - import_main_offline - reindex userRoot: Reindexing complete. Processed 160 entries in 1 seconds. (160.00 entries/sec) [09/Apr/2019:19:22:22.439133762 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/log.0000000001 to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-09T19:22:21.117566/log.0000000001 [09/Apr/2019:19:22:22.449120068 -0400] - WARN - dblayer_get_home_dir - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file. [09/Apr/2019:19:22:22.451928986 -0400] - ERR - dblayer_copyfile - Failed to open source file (null)/DBVERSION by "No such file or directory" [09/Apr/2019:19:22:22.454084147 -0400] - INFO - dblayer_pre_close - All database threads now stopped [09/Apr/2019:19:22:22.575927037 -0400] - INFO - slapd_exemode_db2index - Backend Instance: userRoot [09/Apr/2019:19:22:22.581308733 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [09/Apr/2019:19:22:22.586772552 -0400] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [09/Apr/2019:19:22:22.589431954 -0400] - INFO - check_and_set_import_cache - pagesize: 4096, available bytes 7786483712, process usage 22835200 [09/Apr/2019:19:22:22.591624829 -0400] - INFO - check_and_set_import_cache - Import allocates 3041595KB import cache. [09/Apr/2019:19:22:22.707878354 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexing attribute: uid [09/Apr/2019:19:22:22.719315137 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Finished indexing. [09/Apr/2019:19:22:22.735641748 -0400] - INFO - dblayer_pre_close - All database threads now stopped
Passed suites/basic/basic_test.py::test_basic_acl 0.23
No log output captured.
Passed suites/basic/basic_test.py::test_basic_searches 0.07
No log output captured.
Passed suites/basic/basic_test.py::test_basic_referrals 4.05
No log output captured.
Passed suites/basic/basic_test.py::test_basic_systemctl 11.90
----------------------------- Captured stderr call -----------------------------
Job for dirsrv@standalone1.service failed because the control process exited with error code. See "systemctl status dirsrv@standalone1.service" and "journalctl -xe" for details.
Passed suites/basic/basic_test.py::test_basic_ldapagent 5.02
No log output captured.
Passed suites/basic/basic_test.py::test_basic_dse_survives_kill9 11.17
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[namingContexts] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedLDAPVersion] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedControl] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedExtension] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedSASLMechanisms] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[vendorName] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[vendorVersion] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[namingContexts] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedLDAPVersion] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedControl] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedExtension] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedSASLMechanisms] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[vendorName] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[vendorVersion] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_basic_anonymous_search 0.02
No log output captured.
Passed suites/basic/basic_test.py::test_search_original_type 0.02
No log output captured.
Passed suites/basic/basic_test.py::test_search_ou 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_connection_buffer_size 0.02
No log output captured.
Passed suites/basic/basic_test.py::test_critical_msg_on_empty_range_idl 5.34
No log output captured.
Passed suites/basic/basic_test.py::test_ldbm_modification_audit_log 11.53
No log output captured.
Passed suites/basic/basic_test.py::test_dscreate 10.75
----------------------------- Captured stdout call -----------------------------
Starting installation... Completed installation for test_dscreate
Passed suites/betxns/betxn_test.py::test_betxt_7bit 4.43
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
betxn_test.py 48 INFO Running test_betxt_7bit... betxn_test.py 74 INFO test_betxt_7bit: PASSED
Passed suites/betxns/betxn_test.py::test_betxn_attr_uniqueness 4.43
------------------------------ Captured log call -------------------------------
betxn_test.py 125 INFO test_betxn_attr_uniqueness: PASSED
Passed suites/betxns/betxn_test.py::test_betxn_memberof 4.43
------------------------------ Captured log call -------------------------------
betxn_test.py 171 INFO test_betxn_memberof: PASSED
Passed suites/betxns/betxn_test.py::test_betxn_modrdn_memberof_cache_corruption 4.47
------------------------------ Captured log call -------------------------------
betxn_test.py 225 INFO test_betxn_modrdn_memberof: PASSED
Passed suites/betxns/betxn_test.py::test_ri_and_mep_cache_corruption 0.10
------------------------------ Captured log call -------------------------------
betxn_test.py 335 INFO Test PASSED
Passed suites/clu/clu_test.py::test_clu_pwdhash 0.03
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
clu_test.py 38 INFO Running test_clu_pwdhash... clu_test.py 52 INFO pwdhash generated: {SSHA}9g0D4XhpSZsG5imVxOdQ9D65UMI/3d46sfrwKw== clu_test.py 53 INFO test_clu_pwdhash: PASSED
Passed suites/clu/clu_test.py::test_clu_pwdhash_mod 0.04
------------------------------ Captured log call -------------------------------
clu_test.py 76 INFO Running test_clu_pwdhash_mod... clu_test.py 85 INFO pwdhash generated: {SSHA256}pyWo8aGALba1309d7OR1BDPNK5tcTp27Tr3RVn6Zjg9jWTklQrjbBw== clu_test.py 86 INFO returned the hashed string using the algorithm set in nsslapd-rootpwstoragescheme
Passed suites/config/autotuning_test.py::test_threads_basic 0.25
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
autotuning_test.py 37 INFO Set nsslapd-threadnumber: -1 to enable autotuning autotuning_test.py 40 INFO Assert nsslapd-threadnumber is equal to the documented expected value
Passed suites/config/autotuning_test.py::test_threads_invalid_value[-2] 0.00
------------------------------ Captured log call -------------------------------
autotuning_test.py 56 INFO Set nsslapd-threadnumber: -2. Operation should fail
Passed suites/config/autotuning_test.py::test_threads_invalid_value[0] 0.00
------------------------------ Captured log call -------------------------------
autotuning_test.py 56 INFO Set nsslapd-threadnumber: 0. Operation should fail
Passed suites/config/autotuning_test.py::test_threads_invalid_value[invalid] 0.00
------------------------------ Captured log call -------------------------------
autotuning_test.py 56 INFO Set nsslapd-threadnumber: invalid. Operation should fail
Passed suites/config/autotuning_test.py::test_threads_back_from_manual_value 0.04
------------------------------ Captured log call -------------------------------
autotuning_test.py 78 INFO Set nsslapd-threadnumber: -1 to enable autotuning and save the new value autotuning_test.py 82 INFO Set nsslapd-threadnumber to the autotuned value decreased by 2 autotuning_test.py 87 INFO Set nsslapd-threadnumber: -1 to enable autotuning autotuning_test.py 90 INFO Assert nsslapd-threadnumber is back to the autotuned value
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[-] 3.90
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 141 INFO Delete nsslapd-cache-autosize autotuning_test.py 151 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'25'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[-0] 4.41
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 141 INFO Delete nsslapd-cache-autosize autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'0'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-400] 4.54
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 173 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[-40] 4.41
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 132 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 141 INFO Delete nsslapd-cache-autosize autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 173 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-] 4.46
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 132 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 151 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'25'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-401] 4.51
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 173 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-0] 4.49
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 132 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'0'
Passed suites/config/autotuning_test.py::test_cache_autosize_basic_sane[0] 9.01
------------------------------ Captured log call -------------------------------
autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 222 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 0 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 0 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 250 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 222 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 33333333 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 33333333 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 250 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'0'
Passed suites/config/autotuning_test.py::test_cache_autosize_basic_sane[] 8.98
------------------------------ Captured log call -------------------------------
autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 222 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 230 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 0 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 0 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 250 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 222 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 230 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 33333333 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 33333333 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 250 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'25'
Passed suites/config/autotuning_test.py::test_cache_autosize_basic_sane[40] 9.01
------------------------------ Captured log call -------------------------------
autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 222 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 0 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 0 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 250 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 222 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 33333333 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 33333333 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 250 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_invalid_values[-2] 0.01
------------------------------ Captured log call -------------------------------
autotuning_test.py 281 INFO Set nsslapd-cache-autosize-split to -2 autotuning_test.py 287 INFO Set nsslapd-cache-autosize to -2
Passed suites/config/autotuning_test.py::test_cache_autosize_invalid_values[102] 0.01
------------------------------ Captured log call -------------------------------
autotuning_test.py 281 INFO Set nsslapd-cache-autosize-split to 102 autotuning_test.py 287 INFO Set nsslapd-cache-autosize to 102
Passed suites/config/autotuning_test.py::test_cache_autosize_invalid_values[invalid] 0.01
------------------------------ Captured log call -------------------------------
autotuning_test.py 281 INFO Set nsslapd-cache-autosize-split to invalid autotuning_test.py 287 INFO Set nsslapd-cache-autosize to invalid
Passed suites/config/regression_test.py::test_maxbersize_repl 6.84
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
regression_test.py 98 INFO Set nsslapd-errorlog-maxlogsize before nsslapd-errorlog-logmaxdiskspace regression_test.py 102 INFO Assert no init_dse_file errors in the error log regression_test.py 106 INFO Set nsslapd-errorlog-maxlogsize after nsslapd-errorlog-logmaxdiskspace regression_test.py 110 INFO Assert no init_dse_file errors in the error log
Passed suites/config/removed_config_49298_test.py::test_restore_config 3.40
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
removed_config_49298_test.py 41 INFO /etc/dirsrv/slapd-standalone1
Passed suites/config/removed_config_49298_test.py::test_removed_config 2.44
----------------------------- Captured stderr call -----------------------------
Job for dirsrv@standalone1.service failed because the control process exited with error code. See "systemctl status dirsrv@standalone1.service" and "journalctl -xe" for details. ------------------------------ Captured log call -------------------------------
removed_config_49298_test.py 70 INFO /etc/dirsrv/slapd-standalone1
Passed suites/cos/cos_test.py::test_positive 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/cos/indirect_cos_test.py::test_indirect_cos 1.30
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. indirect_cos_test.py 106 INFO Add custom schema... indirect_cos_test.py 119 INFO Add test user... indirect_cos_test.py 136 INFO Setup indirect COS...------------------------------ Captured log call -------------------------------
indirect_cos_test.py 156 INFO Checking user... indirect_cos_test.py 55 INFO Create password policy for subtree ou=people,dc=example,dc=com indirect_cos_test.py 163 INFO Checking user...
Passed suites/disk_monitoring/disk_monitoring_test.py::test_verify_operation_when_disk_monitoring_is_off 4.45
---------------------------- Captured stdout setup -----------------------------
Relabeled /var/log/dirsrv/slapd-standalone1 from unconfined_u:object_r:user_tmp_t:s0 to system_u:object_r:dirsrv_var_log_t:s0 ---------------------------- Captured stderr setup -----------------------------
chown: cannot access '/var/log/dirsrv/slapd-standalone1/*': No such file or directory ------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stderr call -----------------------------
25+0 records in 25+0 records out 26214400 bytes (26 MB, 25 MiB) copied, 0.0099852 s, 2.6 GB/s dd: error writing '/var/log/dirsrv/slapd-standalone1/foo1': No space left on device 10+0 records in 9+0 records out 10465280 bytes (10 MB, 10 MiB) copied, 0.00417037 s, 2.5 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_free_up_the_disk_space_and_change_ds_config 4.33
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_verify_operation_with_nsslapd_disk_monitoring_logging_critical_off 34.48
----------------------------- Captured stderr call -----------------------------
10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.00428532 s, 2.4 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_on_below_half_of_the_threshold 25.34
----------------------------- Captured stderr call -----------------------------
31+0 records in 31+0 records out 32505856 bytes (33 MB, 31 MiB) copied, 0.0120096 s, 2.7 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_setting_nsslapd_disk_monitoring_logging_critical_to_off 3.86
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_off 74.10
----------------------------- Captured stderr call -----------------------------
10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.00428005 s, 2.4 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_off_below_half_of_the_threshold 149.20
----------------------------- Captured stderr call -----------------------------
30+0 records in 30+0 records out 31457280 bytes (31 MB, 30 MiB) copied, 0.0120338 s, 2.6 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_go_straight_below_half_of_the_threshold 107.85
----------------------------- Captured stderr call -----------------------------
31+0 records in 31+0 records out 32505856 bytes (33 MB, 31 MiB) copied, 0.012632 s, 2.6 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_go_straight_below_4kb 17.82
----------------------------- Captured stderr call -----------------------------
25+0 records in 25+0 records out 26214400 bytes (26 MB, 25 MiB) copied, 0.0102612 s, 2.6 GB/s dd: error writing '/var/log/dirsrv/slapd-standalone1/foo1': No space left on device 10+0 records in 9+0 records out 10366976 bytes (10 MB, 9.9 MiB) copied, 0.00429037 s, 2.4 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_threshold_to_overflow_value 0.02
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_threshold_is_reached_to_half 14.34
----------------------------- Captured stderr call -----------------------------
10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.00433512 s, 2.4 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold--2] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-9223372036854775808] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-2047] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-0] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold--1294967296] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-invalid] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-invalid] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-1] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-00] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-525 948] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period--10] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-logging-critical-oninvalid] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period--11] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-01] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_valid_operations_are_permitted 3.80
No log output captured.
Passed suites/ds_logs/ds_logs_test.py::test_check_default 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ds_logs_test.py 159 DEBUG on
Passed suites/ds_logs/ds_logs_test.py::test_plugin_set_invalid 0.00
------------------------------ Captured log call -------------------------------
ds_logs_test.py 178 INFO test_plugin_set_invalid - Expect to fail with junk value
Passed suites/ds_logs/ds_logs_test.py::test_log_plugin_on 4.32
------------------------------ Captured log call -------------------------------
ds_logs_test.py 205 INFO Bug 1273549 - Check access logs for millisecond, when attribute is ON ds_logs_test.py 206 INFO perform any ldap operation, which will trigger the logs ds_logs_test.py 31 INFO Adding 10 users ds_logs_test.py 210 INFO Restart the server to flush the logs ds_logs_test.py 213 INFO parse the access logs
Passed suites/ds_logs/ds_logs_test.py::test_log_plugin_off 12.37
------------------------------ Captured log call -------------------------------
ds_logs_test.py 245 INFO Bug 1273549 - Check access logs for missing millisecond, when attribute is OFF ds_logs_test.py 247 INFO test_log_plugin_off - set the configuration attribute to OFF ds_logs_test.py 250 INFO Restart the server to flush the logs ds_logs_test.py 253 INFO test_log_plugin_off - delete the previous access logs ds_logs_test.py 259 INFO Restart the server to flush the logs ds_logs_test.py 262 INFO check access log that microseconds are not present
Passed suites/ds_logs/ds_logs_test.py::test_internal_log_server_level_0 7.90
------------------------------ Captured log call -------------------------------
ds_logs_test.py 286 INFO Delete the previous access logs ds_logs_test.py 289 INFO Set nsslapd-plugin-logging to on ds_logs_test.py 292 INFO Configure access log level to 0 ds_logs_test.py 296 INFO Restart the server to flush the logs ds_logs_test.py 300 INFO Check if access log does not contain internal log of MOD operation ds_logs_test.py 306 INFO Check if the other internal operations are not present
Passed suites/ds_logs/ds_logs_test.py::test_internal_log_server_level_4 11.32
------------------------------ Captured log call -------------------------------
ds_logs_test.py 333 INFO Delete the previous access logs for the next test ds_logs_test.py 336 INFO Set nsslapd-plugin-logging to on ds_logs_test.py 339 INFO Configure access log level to 4 ds_logs_test.py 343 INFO Restart the server to flush the logs ds_logs_test.py 347 INFO Check if access log contains internal MOD operation in correct format ds_logs_test.py 353 INFO Check if the other internal operations have the correct format ds_logs_test.py 357 INFO Delete the previous access logs for the next test
Passed suites/ds_logs/regression_test.py::test_default_loglevel_stripped[24576] 0.01
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/ds_logs/regression_test.py::test_default_loglevel_stripped[16512] 0.02
No log output captured.
Passed suites/ds_logs/regression_test.py::test_default_loglevel_stripped[16385] 0.65
No log output captured.
Passed suites/ds_logs/regression_test.py::test_dse_config_loglevel_error 12.90
No log output captured.
Passed suites/ds_tools/logpipe_test.py::test_user_permissions 0.03
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. logpipe_test.py 30 INFO Add system test user - dirsrv_testuser------------------------------ Captured log call -------------------------------
logpipe_test.py 66 INFO Try to create a logpipe in the log directory with "-u" option specifying the user
Passed suites/ds_tools/replcheck_test.py::test_state 0.35
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1514 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1795 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1926 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1583 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1768 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists replica.py 1926 INFO SUCCESS: Replication from ldaps://server.example.com:63701 to ldaps://server.example.com:63702 is working replcheck_test.py 99 INFO Export LDAPTLS_CACERTDIR env variable for ds-replcheck replica.py 1926 INFO SUCCESS: Replication from ldaps://server.example.com:63701 to ldaps://server.example.com:63702 is working replica.py 1926 INFO SUCCESS: Replication from ldaps://server.example.com:63702 to ldaps://server.example.com:63701 is working
Passed suites/ds_tools/replcheck_test.py::test_check_ruv 16.35
----------------------------- Captured stderr call -----------------------------
ldiffile: /tmp/export_master1.ldif ldiffile: /tmp/export_master2.ldif
Passed suites/ds_tools/replcheck_test.py::test_missing_entries 14.78
----------------------------- Captured stderr call -----------------------------
ldiffile: /tmp/export_master1.ldif ldiffile: /tmp/export_master2.ldif
Passed suites/ds_tools/replcheck_test.py::test_tombstones 17.15
----------------------------- Captured stderr call -----------------------------
ldiffile: /tmp/export_master1.ldif ldiffile: /tmp/export_master2.ldif
Passed suites/ds_tools/replcheck_test.py::test_conflict_entries 24.90
----------------------------- Captured stderr call -----------------------------
ldiffile: /tmp/export_master1.ldif ldiffile: /tmp/export_master2.ldif
Passed suites/ds_tools/replcheck_test.py::test_inconsistencies 18.54
----------------------------- Captured stderr call -----------------------------
ldiffile: /tmp/export_master1.ldif ldiffile: /tmp/export_master2.ldif
Passed suites/filter/basic_filter_test.py::test_search_attr 0.06
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(sn=last1)(givenname=first1))-1] 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(sn=last1)(givenname=first1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(sn=last1)(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(sn=last1)(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(&(sn=last1))(&(givenname=first1))))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(&(sn=last1))(&(givenname=first1))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=*)(sn=last3)(givenname=*))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=*)(sn=last3)(givenname=*))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=*)(&(sn=last3)(givenname=*)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=*)(&(sn=last3)(givenname=*)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid5)(&(&(sn=*))(&(givenname=*))))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid5)(&(&(sn=*))(&(givenname=*))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(objectclass=*)(uid=*)(sn=last*))-5] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(objectclass=*)(uid=*)(sn=last*))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(objectclass=*)(uid=*)(sn=last1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(objectclass=*)(uid=*)(sn=last1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=uid1)(sn=last1)(givenname=first1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=uid1)(sn=last1)(givenname=first1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=uid1)(|(sn=last1)(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=uid1)(|(sn=last1)(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=uid1)(|(|(sn=last1))(|(givenname=first1))))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=uid1)(|(|(sn=last1))(|(givenname=first1))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(objectclass=*)(sn=last1)(|(givenname=first1)))-14] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(objectclass=*)(sn=last1)(|(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(objectclass=*)(sn=last1))(|(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(objectclass=*)(sn=last1))(|(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(objectclass=*)(sn=last))(|(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(objectclass=*)(sn=last))(|(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(!(cn=NULL)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(!(cn=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(!(cn=NULL))(uid=uid1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(!(cn=NULL))(uid=uid1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=*)(&(!(uid=1))(!(givenname=first1))))-4] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=*)(&(!(uid=1))(!(givenname=first1))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(|(uid=uid1)(uid=NULL))(sn=last1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(|(uid=uid1)(uid=NULL))(sn=last1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(|(uid=uid1)(uid=NULL))(!(sn=NULL)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(|(uid=uid1)(uid=NULL))(!(sn=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(|(uid=uid1)(sn=last2))(givenname=first1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(|(uid=uid1)(sn=last2))(givenname=first1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(uid=uid1)(!(uid=NULL)))(sn=last2))-2] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(uid=uid1)(!(uid=NULL)))(sn=last2))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(uid=uid1)(uid=NULL))(sn=last2))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(uid=uid1)(uid=NULL))(sn=last2))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid5)(sn=*)(cn=*)(givenname=*)(uid=u*)(sn=la*)(cn=full*)(givenname=f*)(uid>=u)(!(givenname=NULL)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid5)(sn=*)(cn=*)(givenname=*)(uid=u*)(sn=la*)(cn=full*)(givenname=f*)(uid>=u)(!(givenname=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(objectclass=*)(sn=last))(&(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(objectclass=*)(sn=last))(&(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(sn=last1)(givenname=NULL))-0] 0.01
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(sn=last1)(givenname=NULL))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(sn=last1)(givenname=NULL)))-0] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(sn=last1)(givenname=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(&(sn=last1))(&(givenname=NULL))))-0] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(&(sn=last1))(&(givenname=NULL))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(&(sn=last1))(&(givenname=NULL)(sn=*)))(|(sn=NULL)))-0] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(&(sn=last1))(&(givenname=NULL)(sn=*)))(|(sn=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(&(sn=last*))(&(givenname=first*)))(&(sn=NULL)))-0] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(&(sn=last*))(&(givenname=first*)))(&(sn=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=NULL)(sn=NULL)(givenname=NULL))-0] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=NULL)(sn=NULL)(givenname=NULL))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=NULL)(|(sn=NULL)(givenname=NULL)))-0] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=NULL)(|(sn=NULL)(givenname=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=NULL)(|(|(sn=NULL))(|(givenname=NULL))))-0] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=NULL)(|(|(sn=NULL))(|(givenname=NULL))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*))-5] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*)(uid=*))"...
Passed suites/filter/complex_filters_test.py::test_filters[(uid>=uid3)-3] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(uid>=uid3)"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=*)(uid>=uid3))-3] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=*)(uid>=uid3))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid>=uid3)(uid<=uid5))-5] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid>=uid3)(uid<=uid5))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid>=uid3)(uid<=uid5))-3] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid>=uid3)(uid<=uid5))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(uid>=uid3)(uid<=uid5))(uid=*))-5] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(uid>=uid3)(uid<=uid5))(uid=*))"...
Passed suites/filter/filter_logic_test.py::test_eq 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/filter/filter_logic_test.py::test_sub 0.00
No log output captured.
Passed suites/filter/filter_logic_test.py::test_not_eq 0.00
No log output captured.
Passed suites/filter/filter_logic_test.py::test_ranges 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_and_eq 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_range 0.00
No log output captured.
Passed suites/filter/filter_logic_test.py::test_and_allid_shortcut 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_or_eq 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_and_not_eq 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_or_not_eq 0.00
No log output captured.
Passed suites/filter/filter_logic_test.py::test_and_range 0.02
No log output captured.
Passed suites/filter/filter_logic_test.py::test_or_range 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_and_and_eq 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_or_or_eq 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_and_or_eq 0.01
No log output captured.
Passed suites/filter/filter_logic_test.py::test_or_and_eq 0.01
No log output captured.
Passed suites/filter/filter_test.py::test_filter_escaped 0.08
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
filter_test.py 40 INFO Running test_filter_escaped... filter_test.py 76 INFO test_filter_escaped: PASSED
Passed suites/filter/filter_test.py::test_filter_search_original_attrs 0.00
------------------------------ Captured log call -------------------------------
filter_test.py 93 INFO Running test_filter_search_original_attrs... filter_test.py 106 INFO test_filter_search_original_attrs: PASSED
Passed suites/filter/filter_test.py::test_filter_scope_one 0.00
------------------------------ Captured log call -------------------------------
filter_test.py 126 INFO Search user using ldapsearch with scope one filter_test.py 128 INFO [dn: cn=Directory Administrators,dc=example,dc=com cn: Directory Administrators ] filter_test.py 130 INFO Search should only have one entry
Passed suites/filter/filter_test.py::test_filter_with_attribute_subtype 0.12
------------------------------ Captured log call -------------------------------
filter_test.py 155 INFO Bind as cn=Directory Manager filter_test.py 162 INFO ######################### ADD ###################### filter_test.py 185 INFO Try to add Add cn=test_entry both, dc=example,dc=com: dn: cn=test_entry both, dc=example,dc=com cn: test_entry both cn;en: test_entry en cn;fr: test_entry fr objectclass: top objectclass: person sn: test_entry both filter_test.py 188 INFO Try to add Add cn=test_entry en only, dc=example,dc=com: dn: cn=test_entry en only, dc=example,dc=com cn: test_entry en only cn;en: test_entry en objectclass: top objectclass: person sn: test_entry en only filter_test.py 191 INFO ######################### SEARCH ###################### filter_test.py 195 INFO Try to search with filter (&(sn=test_entry en only)(!(cn=test_entry fr))) filter_test.py 199 INFO Found cn=test_entry en only,dc=example,dc=com filter_test.py 203 INFO Try to search with filter (&(sn=test_entry en only)(!(cn;fr=test_entry fr))) filter_test.py 207 INFO Found cn=test_entry en only,dc=example,dc=com filter_test.py 211 INFO Try to search with filter (&(sn=test_entry en only)(!(cn;en=test_entry en))) filter_test.py 214 INFO Found none filter_test.py 216 INFO ######################### DELETE ###################### filter_test.py 218 INFO Try to delete cn=test_entry both, dc=example,dc=com filter_test.py 221 INFO Try to delete cn=test_entry en only, dc=example,dc=com filter_test.py 224 INFO Testcase PASSED
Passed suites/filter/filter_test.py::test_extended_search 0.02
------------------------------ Captured log call -------------------------------
filter_test.py 252 INFO Running test_filter_escaped... filter_test.py 269 INFO Try to search with filter (cn:de:=ext-test-entry) filter_test.py 275 INFO Try to search with filter (cn:caseIgnoreIA5Match:=EXT-TEST-ENTRY) filter_test.py 281 INFO Try to search with filter (cn:caseIgnoreMatch:=EXT-TEST-ENTRY) filter_test.py 287 INFO Try to search with filter (cn:caseExactMatch:=EXT-TEST-ENTRY) filter_test.py 293 INFO Try to search with filter (cn:caseExactMatch:=ext-test-entry) filter_test.py 299 INFO Try to search with filter (cn:caseExactIA5Match:=EXT-TEST-ENTRY) filter_test.py 305 INFO Try to search with filter (cn:caseExactIA5Match:=ext-test-entry)
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_supported_features 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[-False-oper_attr_list0] 0.11
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 144 INFO bound as: cn=Directory Manager
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[-False-oper_attr_list0-*] 0.10
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 144 INFO bound as: cn=Directory Manager
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[-False-oper_attr_list0-objectClass] 0.10
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 144 INFO bound as: cn=Directory Manager
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[-True-oper_attr_list1] 0.03
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 141 INFO bound as: uid=all_attrs_test,ou=people,dc=example,dc=com
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[-True-oper_attr_list1-*] 0.03
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 141 INFO bound as: uid=all_attrs_test,ou=people,dc=example,dc=com
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[-True-oper_attr_list1-objectClass] 0.03
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 141 INFO bound as: uid=all_attrs_test,ou=people,dc=example,dc=com
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[ou=people,dc=example,dc=com-False-oper_attr_list2] 0.10
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 144 INFO bound as: cn=Directory Manager
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[ou=people,dc=example,dc=com-False-oper_attr_list2-*] 0.10
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 144 INFO bound as: cn=Directory Manager
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[ou=people,dc=example,dc=com-False-oper_attr_list2-objectClass] 0.10
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 144 INFO bound as: cn=Directory Manager
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[ou=people,dc=example,dc=com-True-oper_attr_list3] 0.03
------------------------------ Captured log call -------------------------------
rfc3673_all_oper_attrs_test.py 141 INFO bound as: uid=all_attrs_test,ou=people,dc=example,dc=com
Passed suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic[ou=people,dc=example,dc=com-True-oper_attr_list3-*] 0.03