report.html

Report generated on 27-Apr-2019 at 22:18:19 by pytest-html v1.20.0

Environment

389-ds-base 1.4.1.2-20190427git6a6b8d9.fc29
Packages {'pytest': '4.4.1', 'py': '1.5.4', 'pluggy': '0.9.0'}
Platform Linux-5.0.3-200.fc29.x86_64-x86_64-with-fedora-29-Twenty_Nine
Plugins {'metadata': '1.8.0', 'html': '1.20.0'}
Python 3.7.3
cyrus-sasl 2.1.27-0.3rc7.fc29
nspr 4.21.0-1.fc29
nss 3.43.0-1.fc29
openldap 2.4.46-10.fc29

Summary

1130 tests ran in 10725.48 seconds.

1024 passed, 4 skipped, 82 failed, 7 errors, 18 expected failures, 6 unexpected passes

Results

Result Test Duration Links
Error suites/attr_encryption/attr_encryption_test.py::test_basic::setup 11.15
topo = <lib389.topologies.TopologyMain object at 0x7f720b8e54e0>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. attr_encryption_test.py 32 INFO Enable TLS for attribute encryption attr_encryption_test.py 35 INFO Enables attribute encryption attr_encryption_test.py 40 INFO Enables attribute encryption for employeeNumber and telephoneNumber
Error suites/attr_encryption/attr_encryption_test.py::test_export_import_ciphertext::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720b8e54e0>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_export_import_plaintext::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720b8e54e0>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_attr_encryption_unindexed::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720b8e54e0>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_attr_encryption_multiple_backends::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720b8e54e0>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/attr_encryption/attr_encryption_test.py::test_attr_encryption_backends::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720b8e54e0>
request = <SubRequest 'enable_user_attr_encryption' for <Function test_basic>>

@pytest.fixture(scope="module")
def enable_user_attr_encryption(topo, request):
""" Enables attribute encryption for various attributes
Adds a test user with encrypted attributes
"""

log.info("Enable TLS for attribute encryption")
topo.standalone.enable_tls()

log.info("Enables attribute encryption")
backends = Backends(topo.standalone)
backend = backends.list()[0]
encrypt_attrs = backend.get_encrypted_attrs()

log.info("Enables attribute encryption for employeeNumber and telephoneNumber")
> emp_num_encrypt = encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
E AttributeError: 'list' object has no attribute 'create'

suites/attr_encryption/attr_encryption_test.py:41: AttributeError
Error suites/password/pwdModify_test.py::test_pwd_modify_with_password_policy::setup 0.05
topo = <lib389.topologies.TopologyMain object at 0x7f720a4745f8>
request = <SubRequest 'pwd_policy_setup' for <Function test_pwd_modify_with_password_policy>>

@pytest.fixture(scope="function")
def pwd_policy_setup(topo, request):
"""
Setup to set passwordStorageScheme as CLEAR
passwordHistory to on
passwordStorageScheme to SSHA
passwordHistory off
"""
log.info("Change the pwd storage type to clear and change the password once to refresh it(for the rest of tests")
> topo.standalone.simple_bind_s(DN_DM, PASSWORD)

suites/password/pwdModify_test.py:43:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:445: in simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:439: in simple_bind
return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720a04de80>
func = <built-in method simple_bind of LDAP object at 0x7f720a88bd00>
args = ('cn=Directory Manager', 'password', None, None), kwargs = {}
diagnostic_message_success = None, exc_type = None, exc_value = None
exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log setup ------------------------------
pwdModify_test.py 42 INFO Change the pwd storage type to clear and change the password once to refresh it(for the rest of tests
Failed suites/betxns/betxn_test.py::test_ri_and_mep_cache_corruption 0.86
topology_st = <lib389.topologies.TopologyMain object at 0x7f720acc8400>

def test_ri_and_mep_cache_corruption(topology_st):
"""Test RI plugin aborts change after MEP plugin fails.
This is really testing the entry cache for corruption

:id: 70d0b96e-b693-4bf7-bbf5-102a66ac5995

:setup: Standalone instance

:steps: 1. Enable and configure mep and ri plugins
2. Add user and add it to a group
3. Disable MEP plugin and remove MEP group
4. Delete user
5. Check that user is still a member of the group

:expectedresults:
1. Success
2. Success
3. Success
4. It fails with NO_SUCH_OBJECT
5. Success

"""
# Start plugins
topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')
mep_plugin = ManagedEntriesPlugin(topology_st.standalone)
mep_plugin.enable()
ri_plugin = ReferentialIntegrityPlugin(topology_st.standalone)
ri_plugin.enable()

# Add our org units
ous = OrganizationalUnits(topology_st.standalone, DEFAULT_SUFFIX)
ou_people = ous.create(properties={'ou': 'managed_people'})
ou_groups = ous.create(properties={'ou': 'managed_groups'})

# Configure MEP
mep_templates = MEPTemplates(topology_st.standalone, DEFAULT_SUFFIX)
mep_template1 = mep_templates.create(properties={
'cn': 'MEP template',
'mepRDNAttr': 'cn',
'mepStaticAttr': 'objectclass: posixGroup|objectclass: extensibleObject'.split('|'),
'mepMappedAttr': 'cn: $cn|uid: $cn|gidNumber: $uidNumber'.split('|')
})
mep_configs = MEPConfigs(topology_st.standalone)
mep_configs.create(properties={'cn': 'config',
'originScope': ou_people.dn,
'originFilter': 'objectclass=posixAccount',
'managedBase': ou_groups.dn,
'managedTemplate': mep_template1.dn})

# Add an entry that meets the MEP scope
users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX,
rdn='ou={}'.format(ou_people.rdn))
user = users.create(properties={
'uid': 'test-user1',
'cn': 'test-user',
'sn': 'test-user',
'uidNumber': '10011',
'gidNumber': '20011',
'homeDirectory': '/home/test-user1'
})

# Add group
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)
user_group = groups.ensure_state(properties={'cn': 'group', 'member': user.dn})

# Check if a managed group entry was created
mep_group = Group(topology_st.standalone, dn='cn={},{}'.format(user.rdn, ou_groups.dn))
if not mep_group.exists():
log.fatal("MEP group was not created for the user")
assert False

# Test MEP be txn pre op failure does not corrupt entry cache
# Should get the same exception for both rename attempts
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
mep_group.rename("cn=modrdn group")

with pytest.raises(ldap.UNWILLING_TO_PERFORM):
mep_group.rename("cn=modrdn group")

# Mess with MEP so it fails
> mep_plugin.disable()

suites/betxns/betxn_test.py:308:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/plugins.py:63: in disable
self.set('nsslapd-pluginEnabled', 'off')
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:387: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720b706518>
func = <built-in method result4 of LDAP object at 0x7f720b04f968>
args = (24, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'info': 'Renaming a managed entry is not allowed. It needs to be manually unlinked first.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
Failed suites/ds_logs/ds_logs_test.py::test_internal_log_level_260 4.39
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8ce358>
add_user_log_level_260 = None

@pytest.mark.bz1358706
@pytest.mark.ds49029
def test_internal_log_level_260(topology_st, add_user_log_level_260):
"""Tests client initiated operations when automember plugin is enabled
:id: e68a303e-c037-42b2-a5a0-fbea27c338a9
:setup: Standalone instance with internal operation
logging on and nsslapd-plugin-logging to on
:steps:
1. Configure access log level to 260 (4 + 256)
2. Set nsslapd-plugin-logging to on
3. Enable Referential Integrity and automember plugins
4. Restart the server
5. Add a test group
6. Add a test user and add it as member of the test group
7. Rename the test user
8. Delete the test user
9. Check the access logs for nested internal operation logs
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should be successful
8. Operation should be successful
9. Access log should contain internal info about operations of the user
"""

topo = topology_st.standalone

log.info('Restart the server to flush the logs')
topo.restart()

# These comments contain lines we are trying to find without regex
log.info("Check the access logs for ADD operation of the user")
# op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com"
> assert topo.ds_access_log.match(r'.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
E assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>>('.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>> = <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>.match
E + where <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400> = <lib389.DirSrv object at 0x7f720a15dda0>.ds_access_log

suites/ds_logs/ds_logs_test.py:398: AssertionError
------------------------------ Captured log setup ------------------------------
ds_logs_test.py 97 INFO Enable automember plugin ds_logs_test.py 101 INFO Enable Referential Integrity plugin ds_logs_test.py 105 INFO Set nsslapd-plugin-logging to on ds_logs_test.py 108 INFO Restart the server ds_logs_test.py 114 INFO Configure access log level to 260 (4 + 256) ds_logs_test.py 81 INFO Renaming user ds_logs_test.py 84 INFO Delete the user ds_logs_test.py 87 INFO Delete automember entry, org. unit and group for the next test------------------------------ Captured log call -------------------------------
ds_logs_test.py 392 INFO Restart the server to flush the logs ds_logs_test.py 396 INFO Check the access logs for ADD operation of the user
Failed suites/ds_logs/ds_logs_test.py::test_internal_log_level_131076 4.20
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8ce358>
add_user_log_level_131076 = None

@pytest.mark.bz1358706
@pytest.mark.ds49029
def test_internal_log_level_131076(topology_st, add_user_log_level_131076):
"""Tests client-initiated operations while referential integrity plugin is enabled
:id: 44836ac9-dabd-4a8c-abd5-ecd7c2509739
:setup: Standalone instance
Configure access log level to - 131072 + 4
Set nsslapd-plugin-logging to on
:steps:
1. Configure access log level to 131076
2. Set nsslapd-plugin-logging to on
3. Enable Referential Integrity and automember plugins
4. Restart the server
5. Add a test group
6. Add a test user and add it as member of the test group
7. Rename the test user
8. Delete the test user
9. Check the access logs for nested internal operation logs
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should be successful
8. Operation should be successful
9. Access log should contain internal info about operations of the user
"""

topo = topology_st.standalone

log.info('Restart the server to flush the logs')
topo.restart()

# These comments contain lines we are trying to find without regex
log.info("Check the access logs for ADD operation of the user")
# op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com"
assert not topo.ds_access_log.match(r'.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
# (Internal) op=10(1)(1) MOD dn="cn=group,ou=Groups,dc=example,dc=com"
> assert topo.ds_access_log.match(r'.*\(Internal\) op=10\(1\)\(1\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>>('.*\\(Internal\\) op=10\\(1\\)\\(1\\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>> = <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>.match
E + where <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400> = <lib389.DirSrv object at 0x7f720a15dda0>.ds_access_log

suites/ds_logs/ds_logs_test.py:483: AssertionError
------------------------------ Captured log setup ------------------------------
ds_logs_test.py 130 INFO Configure access log level to 131076 (4 + 131072) ds_logs_test.py 81 INFO Renaming user ds_logs_test.py 84 INFO Delete the user ds_logs_test.py 87 INFO Delete automember entry, org. unit and group for the next test------------------------------ Captured log call -------------------------------
ds_logs_test.py 475 INFO Restart the server to flush the logs ds_logs_test.py 479 INFO Check the access logs for ADD operation of the user
Failed suites/ds_logs/ds_logs_test.py::test_internal_log_level_516 4.41
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8ce358>
add_user_log_level_516 = None

@pytest.mark.bz1358706
@pytest.mark.ds49029
def test_internal_log_level_516(topology_st, add_user_log_level_516):
"""Tests client initiated operations when referential integrity plugin is enabled
:id: bee1d681-763d-4fa5-aca2-569cf93f8b71
:setup: Standalone instance
Configure access log level to - 512+4
Set nsslapd-plugin-logging to on
:steps:
1. Configure access log level to 516
2. Set nsslapd-plugin-logging to on
3. Enable Referential Integrity and automember plugins
4. Restart the server
5. Add a test group
6. Add a test user and add it as member of the test group
7. Rename the test user
8. Delete the test user
9. Check the access logs for nested internal operation logs
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should be successful
8. Operation should be successful
9. Access log should contain internal info about operations of the user
"""

topo = topology_st.standalone

log.info('Restart the server to flush the logs')
topo.restart()

# These comments contain lines we are trying to find without regex
log.info("Check the access logs for ADD operation of the user")
# op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com"
assert not topo.ds_access_log.match(r'.*op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com".*')
# (Internal) op=10(1)(1) MOD dn="cn=group,ou=Groups,dc=example,dc=com"
> assert topo.ds_access_log.match(r'.*\(Internal\) op=10\(1\)\(1\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>>('.*\\(Internal\\) op=10\\(1\\)\\(1\\) MOD dn="cn=group,ou=Groups,dc=example,dc=com".*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>> = <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400>.match
E + where <lib389.dirsrv_log.DirsrvAccessLog object at 0x7f720afbe400> = <lib389.DirSrv object at 0x7f720a15dda0>.ds_access_log

suites/ds_logs/ds_logs_test.py:565: AssertionError
------------------------------ Captured log setup ------------------------------
ds_logs_test.py 122 INFO Configure access log level to 516 (4 + 512) ds_logs_test.py 81 INFO Renaming user ds_logs_test.py 84 INFO Delete the user ds_logs_test.py 87 INFO Delete automember entry, org. unit and group for the next test------------------------------ Captured log call -------------------------------
ds_logs_test.py 557 INFO Restart the server to flush the logs ds_logs_test.py 561 INFO Check the access logs for ADD operation of the user
Failed suites/ds_tools/replcheck_test.py::test_check_ruv 21.29
topo_tls_ldapi = <lib389.topologies.TopologyMain object at 0x7f7209fe0400>

def test_check_ruv(topo_tls_ldapi):
"""Check that the report has RUV

:id: 1cc6b28b-8a42-45fb-ab50-9552db0ac179
:setup: Two master replication
:steps:
1. Get RUV from master and replica
2. Generate the report
3. Check that the RUV is mentioned in the report
:expectedresults:
1. It should be successful
2. It should be successful
3. The RUV should be mentioned in the report
"""

m1 = topo_tls_ldapi.ms["master1"]

replicas_m1 = Replica(m1, DEFAULT_SUFFIX)
ruv_entries = replicas_m1.get_attr_vals_utf8('nsds50ruv')

for tool_cmd in replcheck_cmd_list(topo_tls_ldapi):
> result = subprocess.check_output(tool_cmd, encoding='utf-8')

suites/ds_tools/replcheck_test.py:191:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib64/python3.7/subprocess.py:395: in check_output
**kwargs).stdout
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', ...],)
kwargs = {'encoding': 'utf-8', 'stdout': -1}
process = <subprocess.Popen object at 0x7f7209fcfc18>
stdout = 'LDIF file (/tmp/export_master1.ldif) does not exist\n', stderr = None
retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if 'stdin' in kwargs:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if ('stdout' in kwargs) or ('stderr' in kwargs):
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired:
process.kill()
stdout, stderr = process.communicate()
raise TimeoutExpired(process.args, timeout, output=stdout,
stderr=stderr)
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
raise CalledProcessError(retcode, process.args,
> output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', '1', '-m', '/tmp/export_master1.ldif', '-r', '/tmp/export_master2.ldif']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:487: CalledProcessError
Failed suites/ds_tools/replcheck_test.py::test_missing_entries 22.14
topo_tls_ldapi = <lib389.topologies.TopologyMain object at 0x7f7209fe0400>

def test_missing_entries(topo_tls_ldapi):
"""Check that the report has missing entries

:id: bd27de78-0046-431c-8240-a93052df1cdc
:setup: Two master replication
:steps:
1. Pause replication between master and replica
2. Add two entries to master and two entries to replica
3. Generate the report
4. Check that the entries DN are mentioned in the report
:expectedresults:
1. It should be successful
2. It should be successful
3. It should be successful
4. The entries DN should be mentioned in the report
"""

m1 = topo_tls_ldapi.ms["master1"]
m2 = topo_tls_ldapi.ms["master2"]

try:
topo_tls_ldapi.pause_all_replicas()
users_m1 = UserAccounts(m1, DEFAULT_SUFFIX)
user0 = users_m1.create_test_user(1000)
user1 = users_m1.create_test_user(1001)
users_m2 = UserAccounts(m2, DEFAULT_SUFFIX)
user2 = users_m2.create_test_user(1002)
user3 = users_m2.create_test_user(1003)

for tool_cmd in replcheck_cmd_list(topo_tls_ldapi):
> result = subprocess.check_output(tool_cmd, encoding='utf-8').lower()

suites/ds_tools/replcheck_test.py:225:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib64/python3.7/subprocess.py:395: in check_output
**kwargs).stdout
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', ...],)
kwargs = {'encoding': 'utf-8', 'stdout': -1}
process = <subprocess.Popen object at 0x7f720a8049b0>
stdout = 'LDIF file (/tmp/export_master1.ldif) does not exist\n', stderr = None
retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if 'stdin' in kwargs:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if ('stdout' in kwargs) or ('stderr' in kwargs):
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired:
process.kill()
stdout, stderr = process.communicate()
raise TimeoutExpired(process.args, timeout, output=stdout,
stderr=stderr)
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
raise CalledProcessError(retcode, process.args,
> output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', '1', '-m', '/tmp/export_master1.ldif', '-r', '/tmp/export_master2.ldif']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:487: CalledProcessError
Failed suites/ds_tools/replcheck_test.py::test_tombstones 22.25
topo_tls_ldapi = <lib389.topologies.TopologyMain object at 0x7f7209fe0400>

def test_tombstones(topo_tls_ldapi):
"""Check that the report mentions right number of tombstones

:id: bd27de78-0046-431c-8240-a93052df1cdc
:setup: Two master replication
:steps:
1. Add an entry to master and wait for replication
2. Pause replication between master and replica
3. Delete the entry from master
4. Generate the report
5. Check that we have different number of tombstones in the report
:expectedresults:
1. It should be successful
2. It should be successful
3. It should be successful
4. It should be successful
5. It should be successful
"""

m1 = topo_tls_ldapi.ms["master1"]

try:
users_m1 = UserAccounts(m1, DEFAULT_SUFFIX)
user_m1 = users_m1.create(properties=TEST_USER_PROPERTIES)
time.sleep(1)
topo_tls_ldapi.pause_all_replicas()
user_m1.delete()
time.sleep(2)

for tool_cmd in replcheck_cmd_list(topo_tls_ldapi):
> result = subprocess.check_output(tool_cmd, encoding='utf-8').lower()

suites/ds_tools/replcheck_test.py:266:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib64/python3.7/subprocess.py:395: in check_output
**kwargs).stdout
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', ...],)
kwargs = {'encoding': 'utf-8', 'stdout': -1}
process = <subprocess.Popen object at 0x7f720aff75c0>
stdout = 'LDIF file (/tmp/export_master1.ldif) does not exist\n', stderr = None
retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if 'stdin' in kwargs:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if ('stdout' in kwargs) or ('stderr' in kwargs):
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired:
process.kill()
stdout, stderr = process.communicate()
raise TimeoutExpired(process.args, timeout, output=stdout,
stderr=stderr)
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
raise CalledProcessError(retcode, process.args,
> output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', '1', '-m', '/tmp/export_master1.ldif', '-r', '/tmp/export_master2.ldif']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:487: CalledProcessError
Failed suites/ds_tools/replcheck_test.py::test_conflict_entries 27.12
topo_tls_ldapi = <lib389.topologies.TopologyMain object at 0x7f7209fe0400>

def test_conflict_entries(topo_tls_ldapi):
"""Check that the report has conflict entries

:id: c8fe3e84-b346-4969-8f5d-3462b643a1d2
:setup: Two master replication
:steps:
1. Pause replication between master and replica
2. Add two entries to master and two entries to replica
3. Delete first entry from master
4. Add a child to the first entry
5. Resume replication between master and replica
6. Generate the report
7. Check that the entries DN are mentioned in the report
:expectedresults:
1. It should be successful
2. It should be successful
3. It should be successful
4. It should be successful
5. It should be successful
6. It should be successful
7. The entries DN should be mentioned in the report
"""

m1 = topo_tls_ldapi.ms["master1"]
m2 = topo_tls_ldapi.ms["master2"]

topo_tls_ldapi.pause_all_replicas()

_create_container(m1, DEFAULT_SUFFIX, 'conflict_parent0')
_create_container(m2, DEFAULT_SUFFIX, 'conflict_parent0')
cont_p_m1 = _create_container(m1, DEFAULT_SUFFIX, 'conflict_parent1')
cont_p_m2 = _create_container(m2, DEFAULT_SUFFIX, 'conflict_parent1')
_delete_container(cont_p_m1)
_create_container(m2, cont_p_m2.dn, 'conflict_child0')

topo_tls_ldapi.resume_all_replicas()
time.sleep(5)

for tool_cmd in replcheck_cmd_list(topo_tls_ldapi):
> result = subprocess.check_output(tool_cmd, encoding='utf-8')

suites/ds_tools/replcheck_test.py:311:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib64/python3.7/subprocess.py:395: in check_output
**kwargs).stdout
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', ...],)
kwargs = {'encoding': 'utf-8', 'stdout': -1}
process = <subprocess.Popen object at 0x7f720ac74240>
stdout = 'LDIF file (/tmp/export_master1.ldif) does not exist\n', stderr = None
retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if 'stdin' in kwargs:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if ('stdout' in kwargs) or ('stderr' in kwargs):
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired:
process.kill()
stdout, stderr = process.communicate()
raise TimeoutExpired(process.args, timeout, output=stdout,
stderr=stderr)
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
raise CalledProcessError(retcode, process.args,
> output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', '1', '-m', '/tmp/export_master1.ldif', '-r', '/tmp/export_master2.ldif']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:487: CalledProcessError
Failed suites/ds_tools/replcheck_test.py::test_inconsistencies 26.21
topo_tls_ldapi = <lib389.topologies.TopologyMain object at 0x7f7209fe0400>

def test_inconsistencies(topo_tls_ldapi):
"""Check that the report mentions inconsistencies with attributes

:id: c8fe3e84-b346-4969-8f5d-3462b643a1d2
:setup: Two master replication
:steps:
1. Add an entry to master and wait for replication
2. Pause replication between master and replica
3. Set different description attr values to master and replica
4. Add telephoneNumber attribute to master and not to replica
5. Generate the report
6. Check that attribute values are mentioned in the report
7. Generate the report with -i option to ignore some attributes
8. Check that attribute values are mentioned in the report
:expectedresults:
1. It should be successful
2. It should be successful
3. It should be successful
4. It should be successful
5. It should be successful
6. The attribute values should be mentioned in the report
7. It should be successful
8. The attribute values should not be mentioned in the report
"""

m1 = topo_tls_ldapi.ms["master1"]
m2 = topo_tls_ldapi.ms["master2"]
attr_m1 = "m1_inconsistency"
attr_m2 = "m2_inconsistency"
attr_m1_only = "123123123"

try:
users_m1 = UserAccounts(m1, DEFAULT_SUFFIX)
users_m2 = UserAccounts(m2, DEFAULT_SUFFIX)
user_m1 = users_m1.create(properties=TEST_USER_PROPERTIES)
time.sleep(1)
user_m2 = users_m2.get(user_m1.rdn)
topo_tls_ldapi.pause_all_replicas()
user_m1.set("description", attr_m1)
user_m2.set("description", attr_m2)
user_m1.set("telephonenumber", attr_m1_only)
time.sleep(2)

for tool_cmd in replcheck_cmd_list(topo_tls_ldapi):
> result = subprocess.check_output(tool_cmd, encoding='utf-8').lower()

suites/ds_tools/replcheck_test.py:359:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib64/python3.7/subprocess.py:395: in check_output
**kwargs).stdout
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', ...],)
kwargs = {'encoding': 'utf-8', 'stdout': -1}
process = <subprocess.Popen object at 0x7f720a17ae80>
stdout = 'LDIF file (/tmp/export_master1.ldif) does not exist\n', stderr = None
retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if 'stdin' in kwargs:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if ('stdout' in kwargs) or ('stderr' in kwargs):
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired:
process.kill()
stdout, stderr = process.communicate()
raise TimeoutExpired(process.args, timeout, output=stdout,
stderr=stderr)
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
raise CalledProcessError(retcode, process.args,
> output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/ds-replcheck', 'offline', '-b', 'dc=example,dc=com', '--conflicts', '--rid', '1', '-m', '/tmp/export_master1.ldif', '-r', '/tmp/export_master2.ldif']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:487: CalledProcessError
Failed suites/dynamic_plugins/dynamic_plugins_test.py::test_acceptance 3.24
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720acc0c50>

def test_acceptance(topology_m2):
"""Exercise each plugin and its main features, while
changing the configuration without restarting the server.

:id: 96136538-0151-4b09-9933-0e0cbf2c786c
:setup: 2 Master Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Go through all plugin basic functionality
5. Resume replication
6. Go through all plugin basic functionality again
7. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""

m1 = topology_m2.ms["master1"]
msg = ' (no replication)'
replication_run = False

# First part of the test should be without replication
topology_m2.pause_all_replicas()

# First enable dynamic plugins
m1.config.replace('nsslapd-dynamic-plugins', 'on')

# Test that critical plugins can be updated even though the change might not be applied
ldbm_config = LDBMConfig(m1)
ldbm_config.replace('description', 'test')

while True:
# First run the tests with replication disabled, then rerun them with replication set up

############################################################################
# Test plugin functionality
############################################################################

log.info('####################################################################')
log.info('Testing Dynamic Plugins Functionality' + msg + '...')
log.info('####################################################################\n')

> acceptance_test.check_all_plugins(topology_m2)

suites/dynamic_plugins/dynamic_plugins_test.py:119:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/acceptance_test.py:1797: in check_all_plugins
func(topo, args)
suites/plugins/acceptance_test.py:170: in test_acctpolicy
check_dependency(inst, plugin, online=isinstance(args, str))
suites/plugins/acceptance_test.py:56: in check_dependency
acct_usability.replace('nsslapd-plugin-depends-on-named', plugin.rdn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:268: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:387: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720a8016a0>
func = <built-in method result4 of LDAP object at 0x7f720a730b98>
args = (69, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists
Failed suites/dynamic_plugins/dynamic_plugins_test.py::test_memory_corruption 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720acc0c50>

def test_memory_corruption(topology_m2):
"""Check the plugins for memory corruption issues while
dynamic plugins option is enabled

:id: 96136538-0151-4b09-9933-0e0cbf2c7862
:setup: 2 Master Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Restart the plugin many times in a linked list fashion
restarting previous and preprevious plugins in the list of all plugins
5. Run the functional test
6. Repeat 4 and 5 steps for all plugins
7. Resume replication
8. Go through 4-6 steps once more
9. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""


m1 = topology_m2.ms["master1"]
msg = ' (no replication)'
replication_run = False

# First part of the test should be without replication
> topology_m2.pause_all_replicas()

suites/dynamic_plugins/dynamic_plugins_test.py:177:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/topologies.py:216: in pause_all_replicas
replica = replicas.get(DEFAULT_SUFFIX)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1304: in get
replica = super(Replicas, self).get(selector, dn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1048: in get
results = self._get_selector(selector)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1085: in _get_selector
escapehatch='i am sure'
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720a8016a0>
func = <built-in method search_ext of LDAP object at 0x7f720a730b98>
args = ('cn=mapping tree,cn=config', 2, '(&(&(objectclass=nsds5Replica))(|(nsDS5ReplicaRoot=dc=example,dc=com)))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
Failed suites/dynamic_plugins/dynamic_plugins_test.py::test_stress 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720acc0c50>

def test_stress(topology_m2):
"""Test plugins while under a big load. Perform the test 5 times

:id: 96136538-0151-4b09-9933-0e0cbf2c7863
:setup: 2 Master Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Do one run through all tests
5. Enable Referential integrity and MemberOf plugins
6. Launch three new threads to add a bunch of users
7. While we are adding users restart the MemberOf and
Linked Attributes plugins many times
8. Wait for the 'adding' threads to complete
9. Now launch three threads to delete the users
10. Restart both the MemberOf, Referential integrity and
Linked Attributes plugins during these deletes
11. Wait for the 'deleting' threads to complete
12. Now make sure both the MemberOf and Referential integrity plugins still work correctly
13. Cleanup the stress tests (delete the group entry)
14. Perform 4-13 steps five times
15. Resume replication
16. Go through 4-14 steps once more
17. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
"""

m1 = topology_m2.ms["master1"]
msg = ' (no replication)'
replication_run = False
stress_max_runs = 5

# First part of the test should be without replication
> topology_m2.pause_all_replicas()

suites/dynamic_plugins/dynamic_plugins_test.py:295:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/topologies.py:216: in pause_all_replicas
replica = replicas.get(DEFAULT_SUFFIX)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1304: in get
replica = super(Replicas, self).get(selector, dn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1048: in get
results = self._get_selector(selector)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1085: in _get_selector
escapehatch='i am sure'
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720a8016a0>
func = <built-in method search_ext of LDAP object at 0x7f720a730b98>
args = ('cn=mapping tree,cn=config', 2, '(&(&(objectclass=nsds5Replica))(|(nsDS5ReplicaRoot=dc=example,dc=com)))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
Failed suites/import/regression_test.py::test_import_be_default 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720afab5c0>

def test_import_be_default(topo):
""" Create a backend using the name "default". previously this name was
used int

:id: 8e507beb-e917-4330-8cac-1ff0eee10508
:feature: Import
:setup: Standalone instance
:steps:
1. Create a test suffix using the be name of "default"
2. Create an ldif for the "default" backend
3. Import ldif
4. Verify all entries were imported
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""
log.info('Adding suffix:{} and backend: {}...'.format(TEST_DEFAULT_SUFFIX,
TEST_DEFAULT_NAME))
backends = Backends(topo.standalone)
backends.create(properties={BACKEND_SUFFIX: TEST_DEFAULT_SUFFIX,
> BACKEND_NAME: TEST_DEFAULT_NAME})

suites/import/regression_test.py:54:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f720aee55f8>, dn = None
properties = {'name': 'default', 'suffix': 'dc=default,dc=com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
regression_test.py 51 INFO Adding suffix:dc=default,dc=com and backend: default...
Failed suites/import/regression_test.py::test_del_suffix_import 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720afab5c0>

def test_del_suffix_import(topo):
"""Adding a database entry fails if the same database was deleted after an import

:id: 652421ef-738b-47ed-80ec-2ceece6b5d77
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add few entries
2. Stop the server and do offline import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Check if adding the same database name is a success
:expectedresults: Adding database with the same name should be successful
"""

log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX1, TEST_BACKEND1))
backends = Backends(topo.standalone)
> backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX1, BACKEND_NAME: TEST_BACKEND1})

suites/import/regression_test.py:92:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f720abdaa90>, dn = None
properties = {'name': 'importest1', 'suffix': 'dc=importest1,dc=com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log call -------------------------------
regression_test.py 90 INFO Adding suffix:dc=importest1,dc=com and backend: importest1
Failed suites/import/regression_test.py::test_del_suffix_backend 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720afab5c0>

def test_del_suffix_backend(topo):
"""Adding a database entry fails if the same database was deleted after an import

:id: ac702c35-74b6-434e-8e30-316433f3e91a
:feature: Import
:setup: Standalone instance
:steps: 1. Create a test suffix and add entries
2. Stop the server and do online import using ldif2db
3. Delete the suffix backend
4. Add a new suffix with the same database name
5. Restart the server and check the status
:expectedresults: Adding database with the same name should be successful and the server should not hang
"""

log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX2, TEST_BACKEND2))
backends = Backends(topo.standalone)
> backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX2, BACKEND_NAME: TEST_BACKEND2})

suites/import/regression_test.py:128:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f720a033eb8>, dn = None
properties = {'name': 'importest2', 'suffix': 'dc=importest2,dc=com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log call -------------------------------
regression_test.py 126 INFO Adding suffix:dc=importest2,dc=com and backend: importest2
Failed suites/password/pwdModify_test.py::test_pwd_modify_with_different_operation 22.12
topo = <lib389.topologies.TopologyMain object at 0x7f720a4745f8>

def test_pwd_modify_with_different_operation(topo):
"""Performing various password modify operation,
make sure that password is actually modified

:id: e36d68a8-0960-48e4-932c-6c2f64abaebc
:setup: Standalone instance and TLS enabled
:steps:
1. Attempt for Password change for an entry that does not exists
2. Attempt for Password change for an entry that exists
3. Attempt for Password change to old for an entry that exists
4. Attempt for Password Change with Binddn as testuser but with wrong old password
5. Attempt for Password Change with Binddn as testuser
6. Attempt for Password Change without giving newpassword
7. Checking password change Operation using a Non-Secure connection
8. Testuser attempts to change password for testuser2(userPassword attribute is Set)
9. Directory Manager attempts to change password for testuser2(userPassword attribute is Set)
10. Create a password syntax policy. Attempt to change to password that violates that policy
11. userPassword mod with control results in ber decode error

:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should not be successful
5. Operation should be successful
6. Operation should be successful
7. Operation should not be successful
8. Operation should not be successful
9. Operation should be successful
10. Operation should violates the policy
11. Operation should be successful
"""

topo.standalone.enable_tls()
os.environ["LDAPTLS_CACERTDIR"] = topo.standalone.get_ssca_dir()
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
TEST_USER_PROPERTIES['userpassword'] = OLD_PASSWD
global user
user = users.create(properties=TEST_USER_PROPERTIES)
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou = ous.get('people')
ou.add('aci', USER_ACI)

with pytest.raises(ldap.NO_SUCH_OBJECT):
log.info("Attempt for Password change for an entry that does not exists")
assert topo.standalone.passwd_s('uid=testuser1,ou=People,dc=example,dc=com', OLD_PASSWD, NEW_PASSWD)
log.info("Attempt for Password change for an entry that exists")
assert topo.standalone.passwd_s(user.dn, OLD_PASSWD, NEW_PASSWD)
log.info("Attempt for Password change to old for an entry that exists")
assert topo.standalone.passwd_s(user.dn, NEW_PASSWD, OLD_PASSWD)
log.info("Attempt for Password Change with Binddn as testuser but with wrong old password")
topo.standalone.simple_bind_s(user.dn, OLD_PASSWD)
with pytest.raises(ldap.INVALID_CREDENTIALS):
topo.standalone.passwd_s(user.dn, NEW_PASSWD, NEW_PASSWD)
log.info("Attempt for Password Change with Binddn as testuser")
assert topo.standalone.passwd_s(user.dn, OLD_PASSWD, NEW_PASSWD)
log.info("Attempt for Password Change without giving newpassword")
assert topo.standalone.passwd_s(user.dn, None, OLD_PASSWD)
assert user.get_attr_val_utf8('uid') == 'testuser'
log.info("Change password to NEW_PASSWD i.e newpassword")
assert topo.standalone.passwd_s(user.dn, None, NEW_PASSWD)
assert topo.standalone.passwd_s(user.dn, NEW_PASSWD, None)
log.info("Check binding with old/new password")
password = [OLD_PASSWD, NEW_PASSWD]
for pass_val in password:
with pytest.raises(ldap.INVALID_CREDENTIALS):
topo.standalone.simple_bind_s(user.dn, pass_val)
log.info("Change password back to OLD_PASSWD i.e password")
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
assert topo.standalone.passwd_s(user.dn, None, NEW_PASSWD)
log.info("Checking password change Operation using a Non-Secure connection")
conn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
with pytest.raises(ldap.CONFIDENTIALITY_REQUIRED):
conn.passwd_s(user.dn, NEW_PASSWD, OLD_PASSWD)
log.info("Testuser attempts to change password for testuser2(userPassword attribute is Set)")
global user_2
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
user_2 = users.create(properties={
'uid': 'testuser2',
'cn': 'testuser2',
'sn': 'testuser2',
'uidNumber': '3000',
'gidNumber': '4000',
'homeDirectory': '/home/testuser2',
'userPassword': OLD_PASSWD
})

topo.standalone.simple_bind_s(user.dn, NEW_PASSWD)
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
assert topo.standalone.passwd_s(user_2.dn, OLD_PASSWD, NEW_PASSWD)
log.info("Directory Manager attempts to change password for testuser2(userPassword attribute is Set)")
topo.standalone.simple_bind_s(DN_DM, PASSWORD)
assert topo.standalone.passwd_s(user_2.dn, OLD_PASSWD, NEW_PASSWD)
log.info("Changing userPassword attribute to Undefined for testuser2")
topo.standalone.modify_s(user_2.dn, [(ldap.MOD_REPLACE, 'userPassword', None)])
log.info("Testuser attempts to change password for testuser2(userPassword attribute is Undefined)")
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
topo.standalone.simple_bind_s(user.dn, NEW_PASSWD)
> assert topo.standalone.passwd_s(user_2.dn, None, NEW_PASSWD)

suites/password/pwdModify_test.py:153:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:661: in passwd_s
return self.extop_result(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:579: in extop_result
resulttype,msg,msgid,respctrls,respoid,respvalue = self.result4(msgid,all=1,timeout=self.timeout,add_ctrls=1,add_intermediates=1,add_extop=1)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720a04de80>
func = <built-in method result4 of LDAP object at 0x7f720a88bd00>
args = (26, 1, -1, 1, 1, 1), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
pwdModify_test.py 99 INFO Attempt for Password change for an entry that does not exists pwdModify_test.py 101 INFO Attempt for Password change for an entry that exists pwdModify_test.py 103 INFO Attempt for Password change to old for an entry that exists pwdModify_test.py 105 INFO Attempt for Password Change with Binddn as testuser but with wrong old password pwdModify_test.py 109 INFO Attempt for Password Change with Binddn as testuser pwdModify_test.py 111 INFO Attempt for Password Change without giving newpassword pwdModify_test.py 114 INFO Change password to NEW_PASSWD i.e newpassword pwdModify_test.py 117 INFO Check binding with old/new password pwdModify_test.py 122 INFO Change password back to OLD_PASSWD i.e password pwdModify_test.py 125 INFO Checking password change Operation using a Non-Secure connection pwdModify_test.py 129 INFO Testuser attempts to change password for testuser2(userPassword attribute is Set) pwdModify_test.py 145 INFO Directory Manager attempts to change password for testuser2(userPassword attribute is Set) pwdModify_test.py 148 INFO Changing userPassword attribute to Undefined for testuser2 pwdModify_test.py 150 INFO Testuser attempts to change password for testuser2(userPassword attribute is Undefined)
Failed suites/password/pwdModify_test.py::test_pwd_modify_with_subsuffix 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f720a4745f8>

def test_pwd_modify_with_subsuffix(topo):
"""Performing various password modify operation.

:id: 2255b4e6-3546-4ec5-84a5-cd8b3d894ac5
:setup: Standalone instance (TLS enabled)
:steps:
1. Add a new SubSuffix & password policy
2. Add two New users under the SubEntry
3. Change password of uid=test_user0,ou=TestPeople_bug834047,dc=example,dc=com to newpassword
4. Try to delete password- case when password is specified
5. Try to delete password- case when password is not specified

:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
"""

log.info("Add a new SubSuffix")
> topo.standalone.simple_bind_s(DN_DM, PASSWORD)

suites/password/pwdModify_test.py:227:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:445: in simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:439: in simple_bind
return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720a04de80>
func = <built-in method simple_bind of LDAP object at 0x7f720a88bd00>
args = ('cn=Directory Manager', 'password', None, None), kwargs = {}
diagnostic_message_success = None, exc_type = None, exc_value = None
exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
pwdModify_test.py 226 INFO Add a new SubSuffix
Failed suites/password/pwdPolicy_warning_test.py::test_when_maxage_and_warning_are_the_same 0.49
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a06d048>
global_policy_default = None, add_user = None

def test_when_maxage_and_warning_are_the_same(topology_st, global_policy_default, add_user):
"""Test the warning expiry when passwordMaxAge and
passwordWarning are set to the same value.

:id: e57a1b1c-96fc-11e7-a91b-28d244694824
:setup: Standalone instance, a user entry,
Global password policy configured as below:
passwordExp: on
passwordMaxAge: 86400
passwordWarning: 86400
passwordSendExpiringTime: off
:steps:
1. Bind as the normal user
2. Change user's password to reset its password expiration time
3. Request the control for the user
4. Bind as DM
:expectedresults:
1. Bind should be successful
2. Password should be changed and password's expiration time reset
3. Password expiry warning time should be returned by the
server since passwordMaxAge and passwordWarning are set
to the same value
4. Bind should be successful
"""

log.info('Set the new values')
topology_st.standalone.config.set('passwordMaxAge', '86400')
res_ctrls = None

log.info("First change user's password to reset its password expiration time")
users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
user = users.get(USER_RDN)
user.rebind(USER_PASSWD)
user.reset_password(USER_PASSWD)

log.info("Binding with {} and requesting the password expiry warning time"
.format(USER_DN))
res_ctrls = get_password_warning(topology_st)

log.info('Check that control is returned even'
'if passwordSendExpiringTime is set to off')
> assert res_ctrls
E assert []

suites/password/pwdPolicy_warning_test.py:455: AssertionError
------------------------------ Captured log setup ------------------------------
pwdPolicy_warning_test.py 82 INFO Get the default values pwdPolicy_warning_test.py 88 INFO Set the new values pwdPolicy_warning_test.py 112 INFO Add the user------------------------------ Captured log call -------------------------------
pwdPolicy_warning_test.py 439 INFO Set the new values pwdPolicy_warning_test.py 443 INFO First change user's password to reset its password expiration time pwdPolicy_warning_test.py 450 INFO Binding with uid=tuser,ou=people,dc=example,dc=com and requesting the password expiry warning time pwdPolicy_warning_test.py 157 INFO Bind with the user and request the password expiry warning time pwdPolicy_warning_test.py 453 INFO Check that control is returned evenif passwordSendExpiringTime is set to off
Failed suites/plugins/acceptance_test.py::test_linkedattrs 13.58
topo = <lib389.topologies.TopologyMain object at 0x7f720a04d390>, args = None

def test_linkedattrs(topo, args=None):
"""Test Linked Attributes basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d804
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Add a config entry for directReport
4. Add test entries
5. Add the linked attrs config entry
6. User1 - Set "directReport" to user2
7. See if manager was added to the other entry
8. User1 - Remove "directReport"
9. See if manager was removed
10. Change the config - using linkType "indirectReport" now
11. Make sure the old linkType(directManager) is not working
12. See if manager was added to the other entry, better not be...
13. Now, set the new linkType "indirectReport", which should add "manager" to the other entry
14. See if manager was added to the other entry, better not be
15. Remove "indirectReport" should remove "manager" to the other entry
16. See if manager was removed
17. Disable plugin and make some updates that would of triggered the plugin
18. The entry should not have a manager attribute
19. Enable the plugin and rerun the task entry
20. Add the task again
21. Check if user2 now has a manager attribute now
22. Check nsslapd-plugin-depends-on-named for the plugin
23. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
18. Success
19. Success
20. Success
21. Success
22. Success
23. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = LinkedAttributesPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_LINKED_ATTRS + '...')

############################################################################
# Configure plugin
############################################################################

# Add test entries
users = UserAccounts(inst, DEFAULT_SUFFIX)
user1 = users.create_test_user(uid=1001)
user1.add('objectclass', 'extensibleObject')
user2 = users.create_test_user(uid=1002)
user2.add('objectclass', 'extensibleObject')

# Add the linked attrs config entry
la_configs = LinkedAttributesConfigs(inst)
la_config = la_configs.create(properties={'cn': 'config',
'linkType': 'directReport',
'managedType': 'manager'})

############################################################################
# Test plugin
############################################################################
# Set "directReport" should add "manager" to the other entry
user1.replace('directReport', user2.dn)

# See if manager was added to the other entry
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert entries

# Remove "directReport" should remove "manager" to the other entry
user1.remove_all('directReport')

# See if manager was removed
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

############################################################################
# Change the config - using linkType "indirectReport" now
############################################################################
la_config.replace('linkType', 'indirectReport')

############################################################################
# Test plugin
############################################################################
# Make sure the old linkType(directManager) is not working
user1.replace('directReport', user2.dn)

# See if manager was added to the other entry, better not be...
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

# Now, set the new linkType "indirectReport", which should add "manager" to the other entry
user1.replace('indirectReport', user2.dn)

# See if manager was added to the other entry, better not be
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert entries

# Remove "indirectReport" should remove "manager" to the other entry
user1.remove_all('indirectReport')

# See if manager was removed
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

############################################################################
# Test Fixup Task
############################################################################
# Disable plugin and make some updates that would of triggered the plugin
plugin.disable()

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

user1.replace('indirectReport', user2.dn)

# The entry should not have a manager attribute
entries = inst.search_s(user2.dn, ldap.SCOPE_BASE, '(manager=*)')
assert not entries

# Enable the plugin and rerun the task entry
plugin.enable()

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

# Add the task again
> task = plugin.fixup(DEFAULT_SUFFIX, 'objectclass=top')
E TypeError: fixup() takes 2 positional arguments but 3 were given

suites/plugins/acceptance_test.py:775: TypeError
Failed suites/plugins/acceptance_test.py::test_memberof 4.40
topo = <lib389.topologies.TopologyMain object at 0x7f720a04d390>, args = None

def test_memberof(topo, args=None):
"""Test MemberOf basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d805
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Replace groupattr with 'member'
4. Add our test entries
5. Check if the user now has a "memberOf" attribute
6. Remove "member" should remove "memberOf" from the entry
7. Check that "memberOf" was removed
8. Replace 'memberofgroupattr': 'uniquemember'
9. Replace 'uniquemember': user1
10. Check if the user now has a "memberOf" attribute
11. Remove "uniquemember" should remove "memberOf" from the entry
12. Check that "memberOf" was removed
13. The shared config entry uses "member" - the above test uses "uniquemember"
14. Delete the test entries then read them to start with a clean slate
15. Check if the user now has a "memberOf" attribute
16. Check that "memberOf" was removed
17. Replace 'memberofgroupattr': 'uniquemember'
18. Check if the user now has a "memberOf" attribute
19. Remove "uniquemember" should remove "memberOf" from the entry
20. Check that "memberOf" was removed
21. Replace 'memberofgroupattr': 'member'
22. Remove shared config from plugin
23. Check if the user now has a "memberOf" attribute
24. Remove "uniquemember" should remove "memberOf" from the entry
25. Check that "memberOf" was removed
26. First change the plugin to use uniquemember
27. Add uniquemember, should not update user1
28. Check for "memberOf"
29. Enable memberof plugin
30. Run the task and validate that it worked
31. Check for "memberOf"
32. Check nsslapd-plugin-depends-on-named for the plugin
33. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
18. Success
19. Success
20. Success
21. Success
22. Success
23. Success
24. Success
25. Success
26. Success
27. Success
28. Success
29. Success
30. Success
31. Success
32. Success
33. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = MemberOfPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_MEMBER_OF + '...')

############################################################################
# Configure plugin
############################################################################
plugin.replace_groupattr('member')

############################################################################
# Test plugin
############################################################################
# Add our test entries
users = UserAccounts(inst, DEFAULT_SUFFIX)
> user1 = users.create_test_user(uid=1001)

suites/plugins/acceptance_test.py:902:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720ae20978>
func = <built-in method result4 of LDAP object at 0x7f720abe2198>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/plugins/acceptance_test.py::test_retrocl 4.43
topo = <lib389.topologies.TopologyMain object at 0x7f720a04d390>, args = None

def test_retrocl(topo, args=None):
"""Test Retro Changelog basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d810
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Gather the current change count (it's not 1 once we start the stability tests)
4. Add a user
5. Check we logged this in the retro cl
6. Change the config - disable plugin
7. Delete the user
8. Check we didn't log this in the retro cl
9. Check nsslapd-plugin-depends-on-named for the plugin
10. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = RetroChangelogPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_RETRO_CHANGELOG + '...')

############################################################################
# Configure plugin
############################################################################

# Gather the current change count (it's not 1 once we start the stabilty tests)
entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
entry_count = len(entry)

############################################################################
# Test plugin
############################################################################

# Add a user
users = UserAccounts(inst, DEFAULT_SUFFIX)
> user1 = users.create_test_user(uid=1001)

suites/plugins/acceptance_test.py:1603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720ae20978>
func = <built-in method result4 of LDAP object at 0x7f720a5cfa58>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/plugins/acceptance_test.py::test_rootdn 4.16
topo = <lib389.topologies.TopologyMain object at 0x7f720a04d390>, args = None

def test_rootdn(topo, args=None):
"""Test Root DNA Access control basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d811
:setup: Standalone Instance
:steps:
1. Enable the plugin
2. Restart the instance
3. Add an user and aci to open up cn=config
4. Set an aci so we can modify the plugin after we deny the root dn
5. Set allowed IP to an unknown host - blocks root dn
6. Bind as Root DN
7. Bind as the user who can make updates to the config
8. Test that invalid plugin changes are rejected
9. Remove the restriction
10. Bind as Root DN
11. Check nsslapd-plugin-depends-on-named for the plugin
12. Clean up
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
"""

inst = topo[0]

# stop the plugin, and start it
plugin = RootDNAccessControlPlugin(inst)
plugin.disable()
plugin.enable()

if args == "restart":
return

# If args is None then we run the test suite as pytest standalone and it's not dynamic
if args is None:
inst.restart()

log.info('Testing ' + PLUGIN_ROOTDN_ACCESS + '...')

############################################################################
# Configure plugin
############################################################################

# Add an user and aci to open up cn=config
users = UserAccounts(inst, DEFAULT_SUFFIX)
> user1 = users.create_test_user(uid=1001)

suites/plugins/acceptance_test.py:1712:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720ae20978>
func = <built-in method result4 of LDAP object at 0x7f7208e138f0>
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/plugins/accpol_test.py::test_glnologin_attr 24.18
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_global = None

def test_glnologin_attr(topology_st, accpol_global):
"""Verify if user account is inactivated based on createTimeStamp attribute, no lastLoginTime attribute present

:id: 3032f670-705d-4f69-96f5-d75445cffcfb
:setup: Standalone instance, Local account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with createTimestamp as stateattrname
2. lastLoginTime attribute will not be effective.
3. Add few users to ou=groups subtree in the default suffix
4. Wait for 10 secs and check if account is not inactivated, expected 0
5. Modify AccountInactivityLimit to 20 secs
6. Wait for +9 secs and check if account is not inactivated, expected 0
7. Wait for +3 secs and check if account is inactivated, error 19
8. Modify accountInactivityLimit to 3 secs
9. Add few users to ou=groups subtree in the default suffix
10. Wait for 3 secs and check if account is inactivated, error 19
11. Modify accountInactivityLimit to 30 secs
12. Add few users to ou=groups subtree in the default suffix
13. Wait for 90 secs and check if account is not inactivated, expected 0
14. Wait for +28 secs and check if account is not inactivated, expected 0
15. Wait for +2 secs and check if account is inactivated, error 19
16. Replace the lastLoginTime attribute and check if account is activated
17. Modify accountInactivityLimit to 12 secs, which is the default
18. Run ldapsearch as normal user, expected 0.
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
18. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nologinusr"
nousrs = 3

log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
log.info('Set attribute StateAttrName to createTimestamp, loginTime attr wont be considered')
modify_attr(topology_st, ACCP_CONF, 'stateattrname', 'createTimestamp')
topology_st.standalone.restart(timeout=10)
add_users(topology_st, suffix, subtree, userid, nousrs, 2)
log.info('Sleep for 9 secs to check if account is not inactivated, expected 0')
time.sleep(9)
account_status(topology_st, suffix, subtree, userid, nousrs, 2, "Enabled")

modify_attr(topology_st, ACCP_CONF, 'accountInactivityLimit', '20')
time.sleep(9)
> account_status(topology_st, suffix, subtree, userid, nousrs, 2, "Enabled")

suites/plugins/accpol_test.py:578:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:306: in account_status
raise e
suites/plugins/accpol_test.py:303: in account_status
topology_st.standalone.simple_bind_s(userdn, USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f7208eda2b0>
args = (6, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'Account inactivity limit exceeded. Contact system administrator to reset.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: CONSTRAINT_VIOLATION
------------------------------ Captured log call -------------------------------
accpol_test.py 567 INFO AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs accpol_test.py 568 INFO Set attribute StateAttrName to createTimestamp, loginTime attr wont be considered accpol_test.py 184 INFO Modify attribute value for a given DN accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs accpol_test.py 572 INFO Sleep for 9 secs to check if account is not inactivated, expected 0 accpol_test.py 184 INFO Modify attribute value for a given DN accpol_test.py 305 ERROR User uid=nologinusr3,ou=groups,dc=example,dc=com failed to login, expected 0
Failed suites/plugins/accpol_test.py::test_glnoalt_stattr 4.02
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_global = None

def test_glnoalt_stattr(topology_st, accpol_global):
"""Verify if user account can be inactivated based on lastLoginTime attribute, altstateattrname set to 1.1

:id: 8dcc3540-578f-422a-bb44-28c2cf20dbcd
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with altstateattrname to 1.1
2. Add few users to ou=groups subtree in the default suffix
3. Wait till it reaches accountInactivityLimit
4. Remove lastLoginTime attribute from the user entry
5. Run ldapsearch as normal user, expected 0. no lastLoginTime attribute present
6. Wait till it reaches accountInactivityLimit and check users, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nologinusr"
nousrs = 3
log.info('Set attribute altStateAttrName to 1.1')
modify_attr(topology_st, ACCP_CONF, 'altstateattrname', '1.1')
topology_st.standalone.restart(timeout=10)
> add_users(topology_st, suffix, subtree, userid, nousrs, 0)

suites/plugins/accpol_test.py:635:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:278: in add_users
users.create(properties=user_properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f7208d85288>
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
------------------------------ Captured log call -------------------------------
accpol_test.py 632 INFO Set attribute altStateAttrName to 1.1 accpol_test.py 184 INFO Modify attribute value for a given DN accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs
Failed suites/plugins/accpol_test.py::test_glattr_modtime 17.46
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_global = None

def test_glattr_modtime(topology_st, accpol_global):
"""Verify if user account can be inactivated based on modifyTimeStamp attribute

:id: 67380839-2966-45dc-848a-167a954153e1
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with altstateattrname to modifyTimestamp
2. Add few users to ou=groups subtree in the default suffix
3. Wait till the accountInactivityLimit exceeded and check users, expected error 19
4. Modify cn attribute for user, ModifyTimeStamp is updated.
5. Check if user is activated based on ModifyTimeStamp attribute, expected 0
6. Change the plugin to use createTimeStamp and remove lastLoginTime attribute
7. Check if account is inactivated, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "modtimeusr"
nousrs = 3
log.info('Set attribute altStateAttrName to modifyTimestamp')
modify_attr(topology_st, ACCP_CONF, 'altstateattrname', 'modifyTimestamp')
topology_st.standalone.restart(timeout=10)
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 13 secs to check if account is inactivated, expected 0')
time.sleep(13)
check_attr(topology_st, suffix, subtree, userid, nousrs, "modifyTimeStamp=*")
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")

suites/plugins/accpol_test.py:686:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
suffix = 'dc=example,dc=com', subtree = 'ou=groups', userid = 'modtimeusr'
nousrs = 3, ulimit = 0, tochck = 'Disabled'

def account_status(topology_st, suffix, subtree, userid, nousrs, ulimit, tochck):
"""Check account status for the given suffix, subtree, userid and nousrs"""

while (nousrs > ulimit):
usrrdn = '{}{}'.format(userid, nousrs)
userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
if (tochck == "Enabled"):
try:
topology_st.standalone.simple_bind_s(userdn, USER_PASW)
except ldap.LDAPError as e:
log.error('User {} failed to login, expected 0'.format(userdn))
raise e
elif (tochck == "Expired"):
with pytest.raises(ldap.INVALID_CREDENTIALS):
topology_st.standalone.simple_bind_s(userdn, USER_PASW)
log.error('User {} password not expired , expected error 49'.format(userdn))
elif (tochck == "Disabled"):
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
topology_st.standalone.simple_bind_s(userdn, USER_PASW)
> log.error('User {} is not inactivated, expected error 19'.format(userdn))
E Failed: DID NOT RAISE <class 'ldap.CONSTRAINT_VIOLATION'>

suites/plugins/accpol_test.py:314: Failed
------------------------------ Captured log call -------------------------------
accpol_test.py 679 INFO Set attribute altStateAttrName to modifyTimestamp accpol_test.py 184 INFO Modify attribute value for a given DN accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs accpol_test.py 683 INFO Sleep for 13 secs to check if account is inactivated, expected 0 accpol_test.py 197 INFO Check ModifyTimeStamp attribute present for user accpol_test.py 314 ERROR User uid=modtimeusr3,ou=groups,dc=example,dc=com is not inactivated, expected error 19
Failed suites/plugins/accpol_test.py::test_glnoalt_nologin 27.52
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_global = None

def test_glnoalt_nologin(topology_st, accpol_global):
"""Verify if account policy plugin works if we set altstateattrname set to 1.1 and alwaysrecordlogin to NO

:id: 49eda7db-84de-47ba-8f81-ac5e4de3a500
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with altstateattrname to 1.1
2. Set alwaysrecordlogin to NO.
3. Add few users to ou=groups subtree in the default suffix
4. Wait till accountInactivityLimit exceeded and check users, expected 0
5. Check for lastLoginTime attribute, it should not be present
6. Wait for few more secs and check if account is not inactivated, expected 0
7. Run ldapsearch as normal user, expected 0. no lastLoginTime attribute present
8. Set altstateattrname to createTimeStamp
9. Check if user account is inactivated based on createTimeStamp attribute.
10. Account should be inactivated, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "norecrodlogusr"
nousrs = 3
log.info('Set attribute altStateAttrName to 1.1')
modify_attr(topology_st, ACCP_CONF, 'altstateattrname', '1.1')
log.info('Set attribute alwaysrecordlogin to No')
modify_attr(topology_st, ACCP_CONF, 'alwaysrecordlogin', 'no')
topology_st.standalone.restart(timeout=10)
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 13 secs to check if account is not inactivated, expected 0')
time.sleep(13)
account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")
time.sleep(3)
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")

suites/plugins/accpol_test.py:744:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:306: in account_status
raise e
suites/plugins/accpol_test.py:303: in account_status
topology_st.standalone.simple_bind_s(userdn, USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f7208a8de18>
args = (10, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'Account inactivity limit exceeded. Contact system administrator to reset.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: CONSTRAINT_VIOLATION
------------------------------ Captured log call -------------------------------
accpol_test.py 734 INFO Set attribute altStateAttrName to 1.1 accpol_test.py 184 INFO Modify attribute value for a given DN accpol_test.py 736 INFO Set attribute alwaysrecordlogin to No accpol_test.py 184 INFO Modify attribute value for a given DN accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs accpol_test.py 740 INFO Sleep for 13 secs to check if account is not inactivated, expected 0 accpol_test.py 305 ERROR User uid=norecrodlogusr1,ou=groups,dc=example,dc=com failed to login, expected 0
Failed suites/plugins/accpol_test.py::test_glinact_nsact 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_global = None

def test_glinact_nsact(topology_st, accpol_global):
"""Verify if user account can be activated using ns-activate.pl script.

:id: 876a7a7c-0b3f-4cd2-9b45-1dc80846e334
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin
2. Add few users to ou=groups subtree in the default suffix
3. Wait for few secs and inactivate user using ns-inactivate.pl
4. Wait till accountInactivityLimit exceeded.
5. Run ldapsearch as normal user, expected error 19.
6. Activate user using ns-activate.pl script
7. Check if account is activated, expected error 19
8. Replace the lastLoginTime attribute and check if account is activated
9. Run ldapsearch as normal user, expected 0.
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nsactusr"
nousrs = 1
log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
> add_users(topology_st, suffix, subtree, userid, nousrs, 0)

suites/plugins/accpol_test.py:791:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:278: in add_users
users.create(properties=user_properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f7208a8de18>
args = (11, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access', 'info': "Insufficient 'add' privilege to the 'userPassword' attribute"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INSUFFICIENT_ACCESS
------------------------------ Captured log call -------------------------------
accpol_test.py 790 INFO AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs
Failed suites/plugins/accpol_test.py::test_glinact_acclock 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_global = None

def test_glinact_acclock(topology_st, accpol_global):
"""Verify if user account is activated when account is unlocked by passwordlockoutduration.

:id: 43601a61-065c-4c80-a7c2-e4f6ae17beb8
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=groups subtree in the default suffix
2. Wait for few secs and attempt invalid binds for user
3. User account should be locked based on Account Lockout policy.
4. Wait till accountInactivityLimit exceeded and check users, expected error 19
5. Wait for passwordlockoutduration and check if account is active
6. Check if account is unlocked, expected error 19, since account is inactivated
7. Replace the lastLoginTime attribute and check users, expected 0
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "pwlockusr"
nousrs = 1
log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
> add_users(topology_st, suffix, subtree, userid, nousrs, 0)

suites/plugins/accpol_test.py:836:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:278: in add_users
users.create(properties=user_properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f7208a8de18>
args = (12, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access', 'info': "Insufficient 'add' privilege to the 'userPassword' attribute"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INSUFFICIENT_ACCESS
------------------------------ Captured log call -------------------------------
accpol_test.py 835 INFO AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs
Failed suites/plugins/accpol_test.py::test_glnact_pwexp 14.22
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_global = None

def test_glnact_pwexp(topology_st, accpol_global):
"""Verify if user account is activated when password is reset after password is expired

:id: 3bb97992-101a-4e5a-b60a-4cc21adcc76e
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=groups subtree in the default suffix
2. Set passwordmaxage to few secs
3. Wait for passwordmaxage to reach and check if password expired
4. Run ldapsearch as normal user, expected error 19.
5. Reset the password for user account
6. Wait till accountInactivityLimit exceeded and check users
7. Run ldapsearch as normal user, expected error 19.
8. Replace the lastLoginTime attribute and check if account is activated
9. Run ldapsearch as normal user, expected 0.
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "pwexpusr"
nousrs = 1
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
try:
topology_st.standalone.config.set('passwordmaxage', '9')
except ldap.LDAPError as e:
log.error('Failed to change the value of passwordmaxage to 9')
raise e
log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
log.info('Passwordmaxage is set to 9. Password will expire in 9 secs')
add_users(topology_st, suffix, subtree, userid, nousrs, 0)

log.info('Sleep for 9 secs and check if password expired')
time.sleep(9)
account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Expired")
time.sleep(4) # Passed inactivity
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")

suites/plugins/accpol_test.py:909:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:313: in account_status
topology_st.standalone.simple_bind_s(userdn, USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f7208a8de18>
args = (17, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials', 'info': 'password expired!'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
------------------------------ Captured log call -------------------------------
accpol_test.py 901 INFO AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs accpol_test.py 902 INFO Passwordmaxage is set to 9. Password will expire in 9 secs accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs accpol_test.py 905 INFO Sleep for 9 secs and check if password expired
Failed suites/plugins/accpol_test.py::test_locact_inact 28.29
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_local = None

def test_locact_inact(topology_st, accpol_local):
"""Verify if user account is inactivated when accountInactivityLimit is exceeded.

:id: 02140e36-79eb-4d88-ba28-66478689289b
:setup: Standalone instance, ou=people subtree configured for Local account
policy plugin configuration, set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=people subtree in the default suffix
2. Wait for few secs before it reaches accountInactivityLimit and check users.
3. Run ldapsearch as normal user, expected 0
4. Wait till accountInactivityLimit is exceeded
5. Run ldapsearch as normal user and check if its inactivated, expected error 19.
6. Replace user's lastLoginTime attribute and check if its activated, expected 0
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Should return error code 19
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=people"
userid = "inactusr"
nousrs = 3
log.info('AccountInactivityLimit set to 10. Account will be inactivated if not accessed in 10 secs')
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 9 secs to check if account is not inactivated, expected value 0')
time.sleep(9)
log.info('Account should not be inactivated since AccountInactivityLimit not exceeded')
account_status(topology_st, suffix, subtree, userid, 3, 2, "Enabled")
log.info('Sleep for 2 more secs to check if account is inactivated')
time.sleep(2)
account_status(topology_st, suffix, subtree, userid, 2, 0, "Disabled")
log.info('Sleep +9 secs to check if account {}3 is inactivated'.format(userid))
time.sleep(9)
account_status(topology_st, suffix, subtree, userid, 3, 2, "Disabled")
log.info('Add lastLoginTime attribute to all users and check if its activated')
add_time_attr(topology_st, suffix, subtree, userid, nousrs, 'lastLoginTime')
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")

suites/plugins/accpol_test.py:988:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:306: in account_status
raise e
suites/plugins/accpol_test.py:303: in account_status
topology_st.standalone.simple_bind_s(userdn, USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f720ab76cd8>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'Account inactivity limit exceeded. Contact system administrator to reset.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: CONSTRAINT_VIOLATION
------------------------------ Captured log setup ------------------------------
accpol_test.py 74 INFO Adding Local account policy plugin configuration entries------------------------------ Captured log call -------------------------------
accpol_test.py 974 INFO AccountInactivityLimit set to 10. Account will be inactivated if not accessed in 10 secs accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs accpol_test.py 976 INFO Sleep for 9 secs to check if account is not inactivated, expected value 0 accpol_test.py 978 INFO Account should not be inactivated since AccountInactivityLimit not exceeded accpol_test.py 980 INFO Sleep for 2 more secs to check if account is inactivated accpol_test.py 983 INFO Sleep +9 secs to check if account inactusr3 is inactivated accpol_test.py 986 INFO Add lastLoginTime attribute to all users and check if its activated accpol_test.py 214 INFO Enable account by replacing lastLoginTime/createTimeStamp/ModifyTimeStamp attribute accpol_test.py 305 ERROR User uid=inactusr3,ou=people,dc=example,dc=com failed to login, expected 0
Failed suites/plugins/accpol_test.py::test_locinact_modrdn 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_local = None

def test_locinact_modrdn(topology_st, accpol_local):
"""Verify if user account is inactivated when moved from ou=groups to ou=people subtree.

:id: 5f25bea3-fab0-4db4-b43d-2d47cc6e5ad1
:setup: Standalone instance, ou=people subtree configured for Local account
policy plugin configuration, set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=groups subtree in the default suffix
2. Plugin configured to ou=people subtree only.
3. Wait for few secs before it reaches accountInactivityLimit and check users.
4. Run ldapsearch as normal user, expected 0
5. Wait till accountInactivityLimit exceeded
6. Move users from ou=groups subtree to ou=people subtree
7. Check if users are inactivated, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Should return error code 0 and 19
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nolockusr"
nousrs = 1
log.info('Account should not be inactivated since the subtree is not configured')
> add_users(topology_st, suffix, subtree, userid, nousrs, 0)

suites/plugins/accpol_test.py:1021:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:278: in add_users
users.create(properties=user_properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f720ab76cd8>
args = (14, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access', 'info': "Insufficient 'add' privilege to the 'userPassword' attribute"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INSUFFICIENT_ACCESS
------------------------------ Captured log call -------------------------------
accpol_test.py 1020 INFO Account should not be inactivated since the subtree is not configured accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs
Failed suites/plugins/accpol_test.py::test_locact_modrdn 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a8f37b8>
accpol_local = None

def test_locact_modrdn(topology_st, accpol_local):
"""Verify if user account is inactivated when users moved from ou=people to ou=groups subtree.

:id: e821cbae-bfc3-40d3-947d-b228c809987f
:setup: Standalone instance, ou=people subtree configured for Local account
policy plugin configuration, set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=people subtree in the default suffix
2. Wait for few secs and check if users not inactivated, expected 0.
3. Move users from ou=people to ou=groups subtree
4. Wait till accountInactivityLimit is exceeded
5. Check if users are active in ou=groups subtree, expected 0
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=people"
userid = "lockusr"
nousrs = 1
log.info('Account should be inactivated since the subtree is configured')
> add_users(topology_st, suffix, subtree, userid, nousrs, 0)

suites/plugins/accpol_test.py:1067:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:278: in add_users
users.create(properties=user_properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:891: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:867: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720aa8bbe0>
func = <built-in method result4 of LDAP object at 0x7f720ab76cd8>
args = (15, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access', 'info': "Insufficient 'add' privilege to the 'userPassword' attribute"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INSUFFICIENT_ACCESS
------------------------------ Captured log call -------------------------------
accpol_test.py 1066 INFO Account should be inactivated since the subtree is configured accpol_test.py 266 INFO add_users: Pass all of these as parameters suffix, subtree, userid and nousrs
Failed suites/plugins/dna_test.py::test_dnatype_only_valid 0.04
topology_st = <lib389.topologies.TopologyMain object at 0x7f720a4f6208>

@pytest.mark.ds47937
def test_dnatype_only_valid(topology_st):
"""Test that DNA plugin only accepts valid attributes for "dnaType"

:id: 0878ecff-5fdc-47d7-8c8f-edf4556f9746
:setup: Standalone Instance
:steps:
1. Create a use entry
2. Create DNA shared config entry container
3. Create DNA shared config entry
4. Add DNA plugin config entry
5. Enable DNA plugin
6. Restart the instance
7. Replace dnaType with invalid value
:expectedresults:
1. Successful
2. Successful
3. Successful
4. Successful
5. Successful
6. Successful
7. Unwilling to perform exception should be raised
"""

inst = topology_st.standalone
plugin = DNAPlugin(inst)

log.info("Creating an entry...")
users = UserAccounts(inst, DEFAULT_SUFFIX)
users.create_test_user(uid=1)

log.info("Creating \"ou=ranges\"...")
ous = OrganizationalUnits(inst, DEFAULT_SUFFIX)
ou_ranges = ous.create(properties={'ou': 'ranges'})
ou_people = ous.get("People")

log.info("Creating DNA shared config entry...")
shared_configs = DNAPluginSharedConfigs(inst, ou_ranges.dn)
shared_configs.create(properties={'dnaHostName': str(inst.host),
'dnaPortNum': str(inst.port),
> 'dnaRemainingValues': '9501'})

suites/plugins/dna_test.py:63:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/plugins.py:1922: in create
return co.create(properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.plugins.DNAPluginSharedConfig object at 0x7f7208ed42b0>
properties = {'dnaHostName': 'server.example.com', 'dnaPortNum': '38901', 'dnaRemainingValues': '9501'}
basedn = 'ou=ranges,dc=example,dc=com', ensure = False

def create(self, properties=None, basedn=None, ensure=False):
"""The shared config DNA plugin entry has two RDN values
The function takes care about that special case
"""

for attr in self._must_attributes:
if properties.get(attr, None) is None:
> raise ldap.UNWILLING_TO_PERFORM('Attribute %s must not be None' % attr)
E ldap.UNWILLING_TO_PERFORM: Attribute dnaHostname must not be None

/usr/local/lib/python3.7/site-packages/lib389/plugins.py:1847: UNWILLING_TO_PERFORM
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/plugins/memberof_test.py::test_memberof_auto_add_oc 0.83
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208e30940>

def test_memberof_auto_add_oc(topology_st):
"""Test the auto add objectclass (OC) feature. The plugin should add a predefined
objectclass that will allow memberOf to be added to an entry.

:id: d222af17-17a6-48a0-8f22-a38306726a25
:setup: Standalone instance
:steps:
1. Enable dynamic plugins
2. Enable memberOf plugin
3. Test that the default add OC works.
4. Add a group that already includes one user
5. Assert memberOf on user1
6. Delete user1 and the group
7. Test invalid value (config validation)
8. Add valid objectclass
9. Add two users
10. Add a group that already includes one user
11. Add a user to the group
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
"""

# enable dynamic plugins
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.message['desc'])
assert False

# Enable the plugin
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)

# Test that the default add OC works.

try:
topology_st.standalone.add_s(Entry((USER1_DN,
{'objectclass': 'top',
'objectclass': 'person',
'objectclass': 'organizationalPerson',
'objectclass': 'inetorgperson',
'sn': 'last',
'cn': 'full',
'givenname': 'user1',
'uid': 'user1'
})))
except ldap.LDAPError as e:
log.fatal('Failed to add user1 entry, error: ' + e.message['desc'])
assert False

# Add a group(that already includes one user
try:
topology_st.standalone.add_s(Entry((GROUP_DN,
{'objectclass': 'top',
'objectclass': 'groupOfNames',
'cn': 'group',
'member': USER1_DN
})))
except ldap.LDAPError as e:
log.fatal('Failed to add group entry, error: ' + e.message['desc'])
assert False

# Assert memberOf on user1
_check_memberof(topology_st, USER1_DN, GROUP_DN)

# Reset for the next test ....
topology_st.standalone.delete_s(USER1_DN)
topology_st.standalone.delete_s(GROUP_DN)

# Test invalid value (config validation)
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
b'invalid123')])
log.fatal('Incorrectly added invalid objectclass!')
assert False
except ldap.UNWILLING_TO_PERFORM:
log.info('Correctly rejected invalid objectclass')
except ldap.LDAPError as e:
ldap.error('Unexpected error adding invalid objectclass - error: ' + e.message['desc'])
assert False


# Add valid objectclass
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
> b'inetuser')])

suites/plugins/memberof_test.py:2760:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofAutoAddOC', b'inetuser')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7ad49cf8, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7adeb558, file '/export/tests/suites/plugins/memberof_test.py', line 2763, code test_m...tion='test_memberof_auto_add_oc', code_context=[" b'inetuser')])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7208edfb38>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofAutoAddOC', b'inetuser')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofAutoAddOC', b'inetuser')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7208edfb38>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofAutoAddOC', b'inetuser')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (918,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7208edfb38>, msgid = 918, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (918, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7208edfb38>, msgid = 918, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f7208b27fd0>, 918, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7208edfb38>
func = <built-in method result4 of LDAP object at 0x7f7208b27fd0>
args = (918, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f7209edc9c8>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7208edfb38>
func = <built-in method result4 of LDAP object at 0x7f7208b27fd0>
args = (918, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f7208e30940>

def test_memberof_auto_add_oc(topology_st):
"""Test the auto add objectclass (OC) feature. The plugin should add a predefined
objectclass that will allow memberOf to be added to an entry.

:id: d222af17-17a6-48a0-8f22-a38306726a25
:setup: Standalone instance
:steps:
1. Enable dynamic plugins
2. Enable memberOf plugin
3. Test that the default add OC works.
4. Add a group that already includes one user
5. Assert memberOf on user1
6. Delete user1 and the group
7. Test invalid value (config validation)
8. Add valid objectclass
9. Add two users
10. Add a group that already includes one user
11. Add a user to the group
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
"""

# enable dynamic plugins
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.message['desc'])
assert False

# Enable the plugin
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)

# Test that the default add OC works.

try:
topology_st.standalone.add_s(Entry((USER1_DN,
{'objectclass': 'top',
'objectclass': 'person',
'objectclass': 'organizationalPerson',
'objectclass': 'inetorgperson',
'sn': 'last',
'cn': 'full',
'givenname': 'user1',
'uid': 'user1'
})))
except ldap.LDAPError as e:
log.fatal('Failed to add user1 entry, error: ' + e.message['desc'])
assert False

# Add a group(that already includes one user
try:
topology_st.standalone.add_s(Entry((GROUP_DN,
{'objectclass': 'top',
'objectclass': 'groupOfNames',
'cn': 'group',
'member': USER1_DN
})))
except ldap.LDAPError as e:
log.fatal('Failed to add group entry, error: ' + e.message['desc'])
assert False

# Assert memberOf on user1
_check_memberof(topology_st, USER1_DN, GROUP_DN)

# Reset for the next test ....
topology_st.standalone.delete_s(USER1_DN)
topology_st.standalone.delete_s(GROUP_DN)

# Test invalid value (config validation)
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
b'invalid123')])
log.fatal('Incorrectly added invalid objectclass!')
assert False
except ldap.UNWILLING_TO_PERFORM:
log.info('Correctly rejected invalid objectclass')
except ldap.LDAPError as e:
ldap.error('Unexpected error adding invalid objectclass - error: ' + e.message['desc'])
assert False


# Add valid objectclass
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
b'inetuser')])
except ldap.LDAPError as e:
> log.fatal('Failed to configure memberOf plugin: error ' + e.message['desc'])
E AttributeError: 'SERVER_DOWN' object has no attribute 'message'

suites/plugins/memberof_test.py:2762: AttributeError
------------------------------ Captured log call -------------------------------
memberof_test.py 107 INFO Lookup memberof from uid=user1,dc=example,dc=com memberof_test.py 114 INFO memberof: cn=group,dc=example,dc=com memberof_test.py 117 INFO --> membership verified memberof_test.py 2748 INFO Correctly rejected invalid objectclass
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_specific_time 0.68
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_specific_time(topology_st, rootdn_setup):
"""Test binding inside and outside of a specific time

:id: a0ef30e5-538b-46fa-9762-01a4435a15e8
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Get the current time, and bump it ahead twohours
2. Bind as Root DN
3. Set config to allow the entire day
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_specific_time...')

# Get the current time, and bump it ahead twohours
current_hour = time.strftime("%H")
if int(current_hour) > 12:
open_time = '0200'
close_time = '0400'
else:
open_time = '1600'
close_time = '1800'

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD, 'rootdn-open-time', ensure_bytes(open_time)),
> (ldap.MOD_ADD, 'rootdn-close-time', ensure_bytes(close_time))])

suites/plugins/rootdn_plugin_test.py:118:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-open-time', b'0200'), (0, 'rootdn-close-time', b'0400')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c79d66d28, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7ad48908, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 122, code te... (ldap.MOD_ADD, 'rootdn-close-time', ensure_bytes(close_time))])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(0, 'rootdn-open-time', b'0200'), (0, 'rootdn-close-time', b'0400')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-open-time', b'0200'), (0, 'rootdn-close-time', b'0400')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(0, 'rootdn-open-time', b'0200'), (0, 'rootdn-close-time', b'0400')]
serverctrls = None, clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (7,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>, msgid = 7, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (7, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>, msgid = 7, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f7208d04f30>, 7, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method result4 of LDAP object at 0x7f7208d04f30>
args = (7, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f720ad76188>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method result4 of LDAP object at 0x7f7208d04f30>
args = (7, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_specific_time(topology_st, rootdn_setup):
"""Test binding inside and outside of a specific time

:id: a0ef30e5-538b-46fa-9762-01a4435a15e8
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Get the current time, and bump it ahead twohours
2. Bind as Root DN
3. Set config to allow the entire day
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_specific_time...')

# Get the current time, and bump it ahead twohours
current_hour = time.strftime("%H")
if int(current_hour) > 12:
open_time = '0200'
close_time = '0400'
else:
open_time = '1600'
close_time = '1800'

try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD, 'rootdn-open-time', ensure_bytes(open_time)),
(ldap.MOD_ADD, 'rootdn-close-time', ensure_bytes(close_time))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_specific_time: Failed to set (blocking) open/close times: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:122: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. rootdn_plugin_test.py 43 INFO Initializing root DN test suite... rootdn_plugin_test.py 83 INFO test_rootdn_init: Initialized root DN test suite.------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 105 INFO Running test_rootdn_access_specific_time... rootdn_plugin_test.py 121 CRITICAL test_rootdn_access_specific_time: Failed to set (blocking) open/close times: error {'desc': "Can't contact LDAP server"}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_day_of_week 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_day_of_week(topology_st, rootdn_setup):
"""Test the days of week feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e1
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set the deny days
2. Bind as Root DN
3. Set the allow days
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_day_of_week...')

days = ('Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat')
day = int(time.strftime("%w", time.gmtime()))

if day == 6:
# Handle the roll over from Saturday into Sunday
deny_days = days[1] + ', ' + days[2]
allow_days = days[6] + ',' + days[0]
elif day > 3:
deny_days = days[0] + ', ' + days[1]
allow_days = days[day] + ',' + days[day - 1]
else:
deny_days = days[4] + ',' + days[5]
allow_days = days[day] + ',' + days[day + 1]

log.info('Today: ' + days[day])
log.info('Allowed days: ' + allow_days)
log.info('Deny days: ' + deny_days)

#
# Set the deny days
#
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-days-allowed',
> ensure_bytes(deny_days))])

suites/plugins/rootdn_plugin_test.py:226:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-days-allowed', b'Thu,Fri')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7adfb958, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7adeb0a8, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 230, code te..._of_week', code_context=[' ensure_bytes(deny_days))])\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-days-allowed', b'Thu,Fri')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-days-allowed', b'Thu,Fri')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-days-allowed', b'Thu,Fri')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
> msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-days-allowed', b'Thu,Fri')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-days-allowed', b'Thu,Fri')], serverctrls = None
clientctrls = None

def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None):
"""
modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
"""
if PY2:
dn = self._bytesify_input('dn', dn)
modlist = self._bytesify_modlist('modlist', modlist, with_opcode=True)
> return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method modify_ext of LDAP object at 0x7f7208d04f30>, 'cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-days-allowed', b'Thu,Fri')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f30>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-days-allowed', b'Thu,Fri')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f7208c39048>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f30>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-days-allowed', b'Thu,Fri')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_day_of_week(topology_st, rootdn_setup):
"""Test the days of week feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e1
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set the deny days
2. Bind as Root DN
3. Set the allow days
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_day_of_week...')

days = ('Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat')
day = int(time.strftime("%w", time.gmtime()))

if day == 6:
# Handle the roll over from Saturday into Sunday
deny_days = days[1] + ', ' + days[2]
allow_days = days[6] + ',' + days[0]
elif day > 3:
deny_days = days[0] + ', ' + days[1]
allow_days = days[day] + ',' + days[day - 1]
else:
deny_days = days[4] + ',' + days[5]
allow_days = days[day] + ',' + days[day + 1]

log.info('Today: ' + days[day])
log.info('Allowed days: ' + allow_days)
log.info('Deny days: ' + deny_days)

#
# Set the deny days
#
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-days-allowed',
ensure_bytes(deny_days))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_day_of_week: Failed to set the deny days: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:230: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 201 INFO Running test_rootdn_access_day_of_week... rootdn_plugin_test.py 217 INFO Today: Sun rootdn_plugin_test.py 218 INFO Allowed days: Sun,Mon rootdn_plugin_test.py 219 INFO Deny days: Thu,Fri rootdn_plugin_test.py 229 CRITICAL test_rootdn_access_day_of_week: Failed to set the deny days: error {'desc': "Can't contact LDAP server"}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_denied_ip 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_denied_ip(topology_st, rootdn_setup):
"""Test denied IP feature - we can just test denying 127.0.0.1

:id: a0ef30e5-538b-46fa-9762-01a4435a15e2
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-ip to '127.0.0.1' and '::1'
2. Bind as Root DN
3. Change the denied IP so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_ip...')
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
'rootdn-deny-ip',
b'127.0.0.1'),
(ldap.MOD_ADD,
'rootdn-deny-ip',
> b'::1')])

suites/plugins/rootdn_plugin_test.py:315:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7ac7c748, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c79c70298, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 319, code te...t_rootdn_access_denied_ip', code_context=[" b'::1')])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')]
serverctrls = None, clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
> msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')]
serverctrls = None, clientctrls = None

def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None):
"""
modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
"""
if PY2:
dn = self._bytesify_input('dn', dn)
modlist = self._bytesify_modlist('modlist', modlist, with_opcode=True)
> return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method modify_ext of LDAP object at 0x7f7208d04f30>, 'cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f30>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f7208c48c48>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f30>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-deny-ip', b'127.0.0.1'), (0, 'rootdn-deny-ip', b'::1')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_denied_ip(topology_st, rootdn_setup):
"""Test denied IP feature - we can just test denying 127.0.0.1

:id: a0ef30e5-538b-46fa-9762-01a4435a15e2
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-ip to '127.0.0.1' and '::1'
2. Bind as Root DN
3. Change the denied IP so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_ip...')
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
'rootdn-deny-ip',
b'127.0.0.1'),
(ldap.MOD_ADD,
'rootdn-deny-ip',
b'::1')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_ip: Failed to set rootDN plugin config: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:319: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 308 INFO Running test_rootdn_access_denied_ip... rootdn_plugin_test.py 318 CRITICAL test_rootdn_access_denied_ip: Failed to set rootDN plugin config: error {'desc': "Can't contact LDAP server"}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_denied_host 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_denied_host(topology_st, rootdn_setup):
"""Test denied Host feature - we can just test denying localhost

:id: a0ef30e5-538b-46fa-9762-01a4435a15e3
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-host to hostname (localhost if not accessable)
2. Bind as Root DN
3. Change the denied host so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_host...')
hostname = socket.gethostname()
localhost = DirSrvTools.getLocalhost()
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-deny-host',
> ensure_bytes(hostname))])

suites/plugins/rootdn_plugin_test.py:403:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-deny-host', b'server.example.com')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7ad5f4f8, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7aceea88, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 411, code te...nied_host', code_context=[' ensure_bytes(hostname))])\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(0, 'rootdn-deny-host', b'server.example.com')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-deny-host', b'server.example.com')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(0, 'rootdn-deny-host', b'server.example.com')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
> msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-deny-host', b'server.example.com')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(0, 'rootdn-deny-host', b'server.example.com')], serverctrls = None
clientctrls = None

def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None):
"""
modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
"""
if PY2:
dn = self._bytesify_input('dn', dn)
modlist = self._bytesify_modlist('modlist', modlist, with_opcode=True)
> return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method modify_ext of LDAP object at 0x7f7208d04f30>, 'cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-deny-host', b'server.example.com')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f30>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-deny-host', b'server.example.com')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f7208927ac8>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f30>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(0, 'rootdn-deny-host', b'server.example.com')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_denied_host(topology_st, rootdn_setup):
"""Test denied Host feature - we can just test denying localhost

:id: a0ef30e5-538b-46fa-9762-01a4435a15e3
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set rootdn-deny-host to hostname (localhost if not accessable)
2. Bind as Root DN
3. Change the denied host so root DN succeeds
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_denied_host...')
hostname = socket.gethostname()
localhost = DirSrvTools.getLocalhost()
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-deny-host',
ensure_bytes(hostname))])
if localhost != hostname:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_ADD,
'rootdn-deny-host',
ensure_bytes(localhost))])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_denied_host: Failed to set deny host: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:411: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 397 INFO Running test_rootdn_access_denied_host... rootdn_plugin_test.py 410 CRITICAL test_rootdn_access_denied_host: Failed to set deny host: error {'desc': "Can't contact LDAP server"}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_allowed_ip 2.19
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_allowed_ip(topology_st, rootdn_setup):
"""Test allowed ip feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e4
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed ip to 255.255.255.255 - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_ip...')

#
# Set allowed ip to 255.255.255.255 - blocks the Root DN
#
try:
conn = ldap.initialize('ldap://{}:{}'.format(LOCALHOST_IP, topology_st.standalone.port))
topology_st.standalone.restart()
> topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-ip', b'255.255.255.255')])

suites/plugins/rootdn_plugin_test.py:496:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-ip', b'255.255.255.255')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c79ca7f08, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7ac8b648, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 500, code te... topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-ip', b'255.255.255.255')])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-allow-ip', b'255.255.255.255')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-ip', b'255.255.255.255')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-allow-ip', b'255.255.255.255')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (2,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>, msgid = 2, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (2, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>, msgid = 2, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f7208d04f08>, 2, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method result4 of LDAP object at 0x7f7208d04f08>
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f720b02a508>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method result4 of LDAP object at 0x7f7208d04f08>
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_allowed_ip(topology_st, rootdn_setup):
"""Test allowed ip feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e4
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed ip to 255.255.255.255 - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_ip...')

#
# Set allowed ip to 255.255.255.255 - blocks the Root DN
#
try:
conn = ldap.initialize('ldap://{}:{}'.format(LOCALHOST_IP, topology_st.standalone.port))
topology_st.standalone.restart()
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-ip', b'255.255.255.255')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_ip: Failed to set allowed host: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:500: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 488 INFO Running test_rootdn_access_allowed_ip... rootdn_plugin_test.py 499 CRITICAL test_rootdn_access_allowed_ip: Failed to set allowed host: error {'desc': "Can't contact LDAP server"}
Failed suites/plugins/rootdn_plugin_test.py::test_rootdn_access_allowed_host 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_allowed_host(topology_st, rootdn_setup):
"""Test allowed host feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e5
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed host to an unknown host - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_host...')

#
# Set allowed host to an unknown host - blocks the Root DN
#
try:
> topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-host', b'i.dont.exist.com')])

suites/plugins/rootdn_plugin_test.py:586:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-host', b'i.dont.exist.com')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7adf7918, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7ad2be28, file '/export/tests/suites/plugins/rootdn_plugin_test.py', line 590, code te...opology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-host', b'i.dont.exist.com')])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-allow-host', b'i.dont.exist.com')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-host', b'i.dont.exist.com')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-allow-host', b'i.dont.exist.com')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
> msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-host', b'i.dont.exist.com')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
dn = 'cn=RootDN Access Control,cn=plugins,cn=config'
modlist = [(2, 'rootdn-allow-host', b'i.dont.exist.com')], serverctrls = None
clientctrls = None

def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None):
"""
modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
"""
if PY2:
dn = self._bytesify_input('dn', dn)
modlist = self._bytesify_modlist('modlist', modlist, with_opcode=True)
> return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method modify_ext of LDAP object at 0x7f7208d04f08>, 'cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-host', b'i.dont.exist.com')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f08>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-host', b'i.dont.exist.com')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f7208817c48>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72089d4f28>
func = <built-in method modify_ext of LDAP object at 0x7f7208d04f08>
args = ('cn=RootDN Access Control,cn=plugins,cn=config', [(2, 'rootdn-allow-host', b'i.dont.exist.com')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f7208d12550>
rootdn_setup = None

def test_rootdn_access_allowed_host(topology_st, rootdn_setup):
"""Test allowed host feature

:id: a0ef30e5-538b-46fa-9762-01a4435a15e5
:setup: Standalone instance, rootdn plugin set up
:steps:
1. Set allowed host to an unknown host - blocks the Root DN
2. Bind as Root DN
3. Allow localhost
4. Bind as Root DN
5. Cleanup - undo the changes we made so the next test has a clean slate
:expectedresults:
1. Success
2. Should fail
3. Success
4. Success
5. Success
"""

log.info('Running test_rootdn_access_allowed_host...')

#
# Set allowed host to an unknown host - blocks the Root DN
#
try:
topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-host', b'i.dont.exist.com')])
except ldap.LDAPError as e:
log.fatal('test_rootdn_access_allowed_host: Failed to set allowed host: error {}'
.format(e))
> assert False
E assert False

suites/plugins/rootdn_plugin_test.py:590: AssertionError
------------------------------ Captured log call -------------------------------
rootdn_plugin_test.py 580 INFO Running test_rootdn_access_allowed_host... rootdn_plugin_test.py 589 CRITICAL test_rootdn_access_allowed_host: Failed to set allowed host: error {'desc': "Can't contact LDAP server"}
Failed suites/replication/regression_test.py::test_online_reinit_may_hang 3.00
topo_with_sigkill = <lib389.topologies.TopologyMain object at 0x7f7208c4c908>

@pytest.mark.ds49915
@pytest.mark.bz1626375
def test_online_reinit_may_hang(topo_with_sigkill):
"""Online reinitialization may hang when the first
entry of the DB is RUV entry instead of the suffix

:id: cded6afa-66c0-4c65-9651-993ba3f7a49c
:setup: 2 Master Instances
:steps:
1. Export the database
2. Move RUV entry to the top in the ldif file
3. Import the ldif file
4. Online replica initializaton
:expectedresults:
1. Ldif file should be created successfully
2. RUV entry should be on top in the ldif file
3. Import should be successful
4. Server should not hang and consume 100% CPU
"""
M1 = topo_with_sigkill.ms["master1"]
M2 = topo_with_sigkill.ms["master2"]
M1.stop()
ldif_file = '/tmp/master1.ldif'
M1.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX],
excludeSuffixes=None, repl_data=True,
outputfile=ldif_file, encrypt=False)
> _move_ruv(ldif_file)

suites/replication/regression_test.py:632:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

ldif_file = '/tmp/master1.ldif'

def _move_ruv(ldif_file):
""" Move RUV entry in an ldif file to the top"""

> with open(ldif_file) as f:
E FileNotFoundError: [Errno 2] No such file or directory: '/tmp/master1.ldif'

suites/replication/regression_test.py:80: FileNotFoundError
---------------------------- Captured stdout setup -----------------------------
Instance slapd-master1 removed. Instance slapd-master2 removed. ------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists
Failed suites/replication/ruvstore_test.py::test_ruv_entry_backup 4.72
topo = <lib389.topologies.TopologyMain object at 0x7f72089f2390>

def test_ruv_entry_backup(topo):
"""Check if db2ldif stores the RUV details in the backup file

:id: cbe2c473-8578-4caf-ac0a-841140e41e66
:setup: Replication with two masters.
:steps: 1. Add user to server.
2. Perform ldap modify, modrdn and delete operations.
3. Stop the server and backup the database using db2ldif task.
4. Start the server and check if correct RUV is stored in the backup file.
:expectedresults:
1. Add user should PASS.
2. Ldap operations should PASS.
3. Database backup using db2ldif task should PASS.
4. Backup file should contain the correct RUV details.
"""

log.info('LDAP operations add, modify, modrdn and delete')
_perform_ldap_operations(topo)

output_file = os.path.join(topo.ms['master1'].get_ldif_dir(), 'master1.ldif')
log.info('Stopping the server instance to run db2ldif task to create backup file')
topo.ms['master1'].stop()
topo.ms['master1'].db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX], excludeSuffixes=[],
encrypt=False, repl_data=True, outputfile=output_file)
log.info('Starting the server after backup')
topo.ms['master1'].start()

log.info('Checking if backup file contains RUV and required attributes')
> with open(output_file, 'r') as ldif_file:
E FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/dirsrv/slapd-master1/ldif/master1.ldif'

suites/replication/ruvstore_test.py:112: FileNotFoundError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ruvstore_test.py 100 INFO LDAP operations add, modify, modrdn and delete ruvstore_test.py 56 INFO Adding user to master1 ruvstore_test.py 59 INFO Modify RDN of user: uid=rep2lusr,ou=People,dc=example,dc=com ruvstore_test.py 66 INFO Deleting user: uid=ruvusr,ou=People,dc=example,dc=com ruvstore_test.py 104 INFO Stopping the server instance to run db2ldif task to create backup file ruvstore_test.py 108 INFO Starting the server after backup ruvstore_test.py 111 INFO Checking if backup file contains RUV and required attributes
Failed suites/sasl/regression_test.py::test_openldap_no_nss_crypto 47.37
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f7208a0c7b8>

def test_openldap_no_nss_crypto(topology_m2):
"""Check that we allow usage of OpenLDAP libraries
that don't use NSS for crypto

:id: 0a622f3d-8ba5-4df2-a1de-1fb2237da40a
:setup: Replication with two masters:
master_1 ----- startTLS -----> master_2;
master_1 <-- TLS_clientAuth -- master_2;
nsslapd-extract-pemfiles set to 'on' on both masters
without specifying cert names
:steps:
1. Add 5 users to master 1 and 2
2. Check that the users were successfully replicated
3. Relocate PEM files on master 1
4. Check PEM files in master 1 config directory
5. Add 5 users more to master 1 and 2
6. Check that the users were successfully replicated
7. Export userRoot on master 1
:expectedresults:
1. Users should be successfully added
2. Users should be successfully replicated
3. Operation should be successful
4. PEM files should be found
5. Users should be successfully added
6. Users should be successfully replicated
7. Operation should be successful
"""

log.info("Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto")

create_keys_certs(topology_m2)
> config_tls_agreements(topology_m2)

suites/sasl/regression_test.py:400:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/sasl/regression_test.py:316: in config_tls_agreements
rentry = m1.search_s(replmgr, ldap.SCOPE_BASE, 'objectclass=*')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:165: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7208fa7f28>
func = <built-in method result4 of LDAP object at 0x7f7208717d00>
args = (5, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_OBJECT
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists----------------------------- Captured stdout call -----------------------------
Is this a CA certificate [y/N]? Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? pk12util: PKCS12 EXPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL ----------------------------- Captured stderr call -----------------------------
Generating key. This may take a few moments... ------------------------------ Captured log call -------------------------------
regression_test.py 397 INFO Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto regression_test.py 127 INFO ######################### Creating SSL Keys and Certs ###################### regression_test.py 130 INFO ##### Ensure that nsslapd-extract-pemfiles is 'off' on master1 regression_test.py 132 INFO ##### restart master1 regression_test.py 130 INFO ##### Ensure that nsslapd-extract-pemfiles is 'off' on master2 regression_test.py 132 INFO ##### restart master2 regression_test.py 140 INFO ##### shutdown master1 regression_test.py 143 INFO ##### Creating a password file regression_test.py 152 INFO ##### create the pin file regression_test.py 163 INFO ##### Creating a noise file regression_test.py 172 INFO ##### Create key3.db and cert8.db database (master1): ['certutil', '-N', '-d', '/etc/dirsrv/slapd-master1', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 176 INFO ##### Creating encryption key for CA (master1): ['certutil', '-G', '-d', '/etc/dirsrv/slapd-master1', '-z', '/etc/dirsrv/slapd-master1/noise.txt', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 182 INFO ##### Creating self-signed CA certificate (master1) -- nickname CAcertificate regression_test.py 190 INFO ##### Creating Server certificate -- nickname Server-Cert1: ['certutil', '-S', '-n', 'Server-Cert1', '-s', 'CN=server.example.com,OU=389 Directory Server', '-c', 'CAcertificate', '-t', ',,', '-m', '1001', '-v', '120', '-d', '/etc/dirsrv/slapd-master1', '-z', '/etc/dirsrv/slapd-master1/noise.txt', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 198 INFO ##### Creating Server certificate -- nickname Server-Cert2: ['certutil', '-S', '-n', 'Server-Cert2', '-s', 'CN=server.example.com,OU=390 Directory Server', '-c', 'CAcertificate', '-t', ',,', '-m', '1002', '-v', '120', '-d', '/etc/dirsrv/slapd-master1', '-z', '/etc/dirsrv/slapd-master1/noise.txt', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 203 INFO ##### start master1 regression_test.py 206 INFO ##### enable SSL in master1 with all ciphers regression_test.py 46 INFO ######################### Enabling SSL LDAPSPORT 41636 ###################### regression_test.py 210 INFO ##### Check the cert db: ['certutil', '-L', '-d', '/etc/dirsrv/slapd-master1'] regression_test.py 111 INFO OUT: regression_test.py 116 INFO regression_test.py 116 INFO Certificate Nickname Trust Attributes regression_test.py 116 INFO SSL,S/MIME,JAR/XPI regression_test.py 116 INFO regression_test.py 116 INFO CAcertificate CTu,u,u regression_test.py 116 INFO Server-Cert1 u,u,u regression_test.py 116 INFO Server-Cert2 u,u,u regression_test.py 117 INFO ERR: regression_test.py 213 INFO ##### restart master1 regression_test.py 216 INFO ##### Check PEM files of master1 (before setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert1, Server-Cert1-Key) not in /etc/dirsrv/slapd-master1 ###################### regression_test.py 80 INFO /etc/dirsrv/slapd-master1/CAcertificate.pem is correctly not generated. regression_test.py 93 INFO /etc/dirsrv/slapd-master1/Server-Cert1.pem is correctly not generated. regression_test.py 106 INFO /etc/dirsrv/slapd-master1/Server-Cert1-Key.pem is correctly not generated. regression_test.py 219 INFO ##### Set on to nsslapd-extract-pemfiles regression_test.py 222 INFO ##### restart master1 regression_test.py 225 INFO ##### Check PEM files of master1 (after setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert1, Server-Cert1-Key) in /etc/dirsrv/slapd-master1 ###################### regression_test.py 71 INFO /etc/dirsrv/slapd-master1/CAcertificate.pem is successfully generated. regression_test.py 84 INFO /etc/dirsrv/slapd-master1/Server-Cert1.pem is successfully generated. regression_test.py 97 INFO /etc/dirsrv/slapd-master1/Server-Cert1-Key.pem is successfully generated. regression_test.py 232 INFO ##### Extract PK12 file for master2: pk12util -o /tmp/Server-Cert2.pk12 -n "Server-Cert2" -d /etc/dirsrv/slapd-master1 -w /etc/dirsrv/slapd-master1/pwdfile.txt -k /etc/dirsrv/slapd-master1/pwdfile.txt regression_test.py 235 INFO ##### Check PK12 files regression_test.py 237 INFO /tmp/Server-Cert2.pk12 is successfully extracted. regression_test.py 242 INFO ##### stop master2 regression_test.py 245 INFO ##### Initialize Cert DB for master2 regression_test.py 247 INFO ##### Create key3.db and cert8.db database (master2): ['certutil', '-N', '-d', '/etc/dirsrv/slapd-master2', '-f', '/etc/dirsrv/slapd-master1/pwdfile.txt'] regression_test.py 111 INFO OUT: regression_test.py 117 INFO ERR: regression_test.py 250 INFO ##### Import certs to master2 regression_test.py 251 INFO Importing CAcertificate regression_test.py 255 INFO ##### Importing Server-Cert2 to master2: pk12util -i /tmp/Server-Cert2.pk12 -n "Server-Cert2" -d /etc/dirsrv/slapd-master2 -w /etc/dirsrv/slapd-master1/pwdfile.txt -k /etc/dirsrv/slapd-master1/pwdfile.txt regression_test.py 257 INFO copy /etc/dirsrv/slapd-master1/pin.txt to /etc/dirsrv/slapd-master2/pin.txt regression_test.py 261 INFO ##### start master2 regression_test.py 264 INFO ##### enable SSL in master2 with all ciphers regression_test.py 46 INFO ######################### Enabling SSL LDAPSPORT 42636 ###################### regression_test.py 267 INFO ##### restart master2 regression_test.py 270 INFO ##### Check PEM files of master2 (before setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert2, Server-Cert2-Key) not in /etc/dirsrv/slapd-master2 ###################### regression_test.py 80 INFO /etc/dirsrv/slapd-master2/CAcertificate.pem is correctly not generated. regression_test.py 93 INFO /etc/dirsrv/slapd-master2/Server-Cert2.pem is correctly not generated. regression_test.py 106 INFO /etc/dirsrv/slapd-master2/Server-Cert2-Key.pem is correctly not generated. regression_test.py 273 INFO ##### Set on to nsslapd-extract-pemfiles regression_test.py 276 INFO ##### restart master2 regression_test.py 279 INFO ##### Check PEM files of master2 (after setting nsslapd-extract-pemfiles regression_test.py 66 INFO ######################### Check PEM files (CAcertificate, Server-Cert2, Server-Cert2-Key) in /etc/dirsrv/slapd-master2 ###################### regression_test.py 71 INFO /etc/dirsrv/slapd-master2/CAcertificate.pem is successfully generated. regression_test.py 84 INFO /etc/dirsrv/slapd-master2/Server-Cert2.pem is successfully generated. regression_test.py 97 INFO /etc/dirsrv/slapd-master2/Server-Cert2-Key.pem is successfully generated. regression_test.py 282 INFO ##### restart master1 regression_test.py 285 INFO ######################### Creating SSL Keys and Certs Done ###################### regression_test.py 289 INFO ######################### Configure SSL/TLS agreements ###################### regression_test.py 290 INFO ######################## master1 -- startTLS -> master2 ##################### regression_test.py 291 INFO ##################### master1 <- tls_clientAuth -- master2 ################## regression_test.py 293 INFO ##### Update the agreement of master1 regression_test.py 299 INFO ##### Add the cert to the repl manager on master1 regression_test.py 313 INFO ##### master2 Server Cert in base64 format: MIICxzCCAa+gAwIBAgICA+owDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAxMGQ0FjZXJ0MB4XDTE5MDQyODAwNTEzOFoXDTI5MDQyODAwNTEzOFowPDEdMBsGA1UECxMUMzkwIERpcmVjdG9yeSBTZXJ2ZXIxGzAZBgNVBAMTEnNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMewhVBdSxDqGoFBp9N/rUlvtKXzrNgE7/a63x/CpQvW2YqToBLKNjSRzznCM9uyn/Qr5I5TBEpTGt8lAUh5dvVLs6xEREEOJkXtq415jsOycqBjbq2AY3q4jYLmnIb/ko+eu8NjOVgNvsi7jb/QlGj3JIPuEBMSxwU7/NecJJ+YbtyPHL5Iqk/Jc2MIWnChGnjAMEBkniTOLWTX/CGfvGxQKlGm0UEuRN3zqc5g0oMGvmImnW0YotkcZbVBpKmmEmcRn+enZIxr0A9JQTjUsEx7wiZL9oRe5DH70JTAOtabtDPn8G0uGYdlAcjd6ayo30Ztz94R/fDXjhheCgLXHTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdGPHze1bRUjVBfhZJB6RMmFsP8vEbEB6VT9znDF7SgTfVQI5PgUUuJTAx7EO3GhDyhhu6yLa6rDpcZdLtguNUvIuSEnGUOcjb8tff9OHZJdP8fOQEscb14SD24c5PrNPTFqcJ7gtUUYcrcxLeeKUmPuNenArzMynnhOo9dqYn50FBK8PuFttGFSNL2RXKwKEU1LKZO6NC+Aq1ZOUA2ZaEE8i+q0Yi1kRMY66uEpWmMajWM99Mbv7cvmEaf6lh/eirr0c/pEYgatNQi2DbrYBFmPLbGKjBsGTMWvW6ENeq43Audp/LphDq7uOZa7l8hvU91nyqod81uzHLGeJqKcIOg==
Failed suites/setup_ds/remove_test.py::test_basic[True] 2.57
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208946518>
simple_allocate = True

@pytest.mark.parametrize("simple_allocate", (True, False))
def test_basic(topology_st, simple_allocate):
"""Check that all DS directories and systemd items were removed"""

inst = topology_st.standalone

# FreeIPA uses local_simple_allocate for the removal process
if simple_allocate:
inst = DirSrv(verbose=inst.verbose)
inst.local_simple_allocate(topology_st.standalone.serverid)

remove_ds_instance(inst)

paths = [inst.ds_paths.backup_dir,
inst.ds_paths.cert_dir,
inst.ds_paths.config_dir,
inst.ds_paths.db_dir,
inst.get_changelog_dir(),
inst.ds_paths.ldif_dir,
inst.ds_paths.lock_dir,
inst.ds_paths.log_dir,
"{}/sysconfig/dirsrv-{}".format(inst.ds_paths.sysconf_dir, inst.serverid)]
for path in paths:
> assert not os.path.exists(path)
E AssertionError: assert not True
E + where True = <function exists at 0x7f720d427510>('/etc/sysconfig/dirsrv-standalone1')
E + where <function exists at 0x7f720d427510> = <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'>.exists
E + where <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'> = os.path

suites/setup_ds/remove_test.py:56: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stderr call -----------------------------
Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@standalone1.service. ------------------------------ Captured log call -------------------------------
__init__.py 476 INFO Allocate local instance <class 'lib389.DirSrv'> with None
Failed suites/setup_ds/remove_test.py::test_basic[False] 2.60
topology_st = <lib389.topologies.TopologyMain object at 0x7f7208949a58>
simple_allocate = False

@pytest.mark.parametrize("simple_allocate", (True, False))
def test_basic(topology_st, simple_allocate):
"""Check that all DS directories and systemd items were removed"""

inst = topology_st.standalone

# FreeIPA uses local_simple_allocate for the removal process
if simple_allocate:
inst = DirSrv(verbose=inst.verbose)
inst.local_simple_allocate(topology_st.standalone.serverid)

remove_ds_instance(inst)

paths = [inst.ds_paths.backup_dir,
inst.ds_paths.cert_dir,
inst.ds_paths.config_dir,
inst.ds_paths.db_dir,
inst.get_changelog_dir(),
inst.ds_paths.ldif_dir,
inst.ds_paths.lock_dir,
inst.ds_paths.log_dir,
"{}/sysconfig/dirsrv-{}".format(inst.ds_paths.sysconf_dir, inst.serverid)]
for path in paths:
> assert not os.path.exists(path)
E AssertionError: assert not True
E + where True = <function exists at 0x7f720d427510>('/etc/sysconfig/dirsrv-standalone1')
E + where <function exists at 0x7f720d427510> = <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'>.exists
E + where <module 'posixpath' from '/usr/lib64/python3.7/posixpath.py'> = os.path

suites/setup_ds/remove_test.py:56: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed tickets/ticket47462_test.py::test_ticket47462 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f72063b9320>

def test_ticket47462(topology_m2):
"""
Test that AES properly replaces DES during an update/restart, and that
replication also works correctly.
"""

#
# First set config as if it's an older version. Set DES to use
# libdes-plugin, MMR to depend on DES, delete the existing AES plugin,
# and set a DES password for the replication agreement.
#
# Add an extra attribute to the DES plugin args
#
try:
topology_m2.ms["master1"].modify_s(DES_PLUGIN,
> [(ldap.MOD_REPLACE, 'nsslapd-pluginEnabled', 'on')])

tickets/ticket47462_test.py:47:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72063d3b70>
func = <built-in method modify_ext of LDAP object at 0x7f72063bcb20>
args = ('cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config', [(2, 'nsslapd-pluginEnabled', 'on')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', 'o')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists
Failed tickets/ticket47838_test.py::test_47838_init 4.61
topology_st = <lib389.topologies.TopologyMain object at 0x7f72062b37b8>

def test_47838_init(topology_st):
"""
Generate self signed cert and import it to the DS cert db.
Enable SSL
"""
_header(topology_st, 'Testing Ticket 47838 - harden the list of ciphers available by default')
onss_version = os.popen("rpm -q nss | awk -F'-' '{print $2}'", "r")
global nss_version
nss_version = onss_version.readline()
nss_ssl = NssSsl(dbpath=topology_st.standalone.get_cert_dir())
nss_ssl.reinit()
nss_ssl.create_rsa_ca()
nss_ssl.create_rsa_key_and_cert()

log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'),
(ldap.MOD_REPLACE, 'nsTLS1', b'on'),
(ldap.MOD_REPLACE, 'nsSSLClientAuth', b'allowed'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on'),
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all')])

topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', b'on'),
(ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', b'off'),
(ldap.MOD_REPLACE, 'nsslapd-secureport', ensure_bytes(MY_SECURE_PORT))])

topology_st.standalone.add_s(Entry((RSA_DN, {'objectclass': "top nsEncryptionModule".split(),
'cn': RSA,
'nsSSLPersonalitySSL': SERVERCERT,
'nsSSLToken': 'internal (software)',
> 'nsSSLActivation': 'on'})))

tickets/ticket47838_test.py:85:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:430: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:195: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206134b70>
func = <built-in method result4 of LDAP object at 0x7f7206212468>
args = (6, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket47838_test.py 48 INFO ############################################### ticket47838_test.py 49 INFO ####### ticket47838_test.py 50 INFO ####### Testing Ticket 47838 - harden the list of ciphers available by default ticket47838_test.py 51 INFO ####### ticket47838_test.py 52 INFO ############################################### ticket47838_test.py 69 INFO ######################### enable SSL in the directory server with all ciphers ######################
Failed tickets/ticket47838_test.py::test_47838_run_9 4.60
topology_st = <lib389.topologies.TopologyMain object at 0x7f72062b37b8>

def test_47838_run_9(topology_st):
"""
Check no nsSSL3Ciphers
Default ciphers are enabled.
allowWeakCipher: on
nsslapd-errorlog-level: 0
"""
_header(topology_st,
'Test Case 10 - Check no nsSSL3Ciphers (default setting) with no errorlog-level & allowWeakCipher on')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', None),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on')])
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.47838_8' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(1)
topology_st.standalone.start(timeout=120)

enabled = os.popen('egrep "SSL info:" %s | egrep \": enabled\" | wc -l' % topology_st.standalone.errlog)
disabled = os.popen('egrep "SSL info:" %s | egrep \": disabled\" | wc -l' % topology_st.standalone.errlog)
ecount = int(enabled.readline().rstrip())
dcount = int(disabled.readline().rstrip())

log.info("Enabled ciphers: %d" % ecount)
log.info("Disabled ciphers: %d" % dcount)
if nss_version >= NSS330:
> assert ecount == 33
E assert 28 == 33
E -28
E +33

tickets/ticket47838_test.py:484: AssertionError
------------------------------ Captured log call -------------------------------
ticket47838_test.py 48 INFO ############################################### ticket47838_test.py 49 INFO ####### ticket47838_test.py 50 INFO ####### Test Case 10 - Check no nsSSL3Ciphers (default setting) with no errorlog-level & allowWeakCipher on ticket47838_test.py 51 INFO ####### ticket47838_test.py 52 INFO ############################################### ticket47838_test.py 469 INFO ######################### Restarting the server ###################### ticket47838_test.py 481 INFO Enabled ciphers: 28 ticket47838_test.py 482 INFO Disabled ciphers: 0
Failed tickets/ticket47931_test.py::test_ticket47931 3.14
topology_st = <lib389.topologies.TopologyMain object at 0x7f72064075c0>

def test_ticket47931(topology_st):
"""Test Retro Changelog and MemberOf deadlock fix.
Verification steps:
- Enable retro cl and memberOf.
- Create two backends: A & B.
- Configure retrocl scoping for backend A.
- Configure memberOf plugin for uniquemember
- Create group in backend A.
- In parallel, add members to the group on A, and make modifications
to entries in backend B.
- Make sure the server does not hang during the updates to both
backends.

"""

# Enable dynamic plugins to make plugin configuration easier
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
log.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

# Enable the plugins
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)

# Create second backend
topology_st.standalone.backend.create(SECOND_SUFFIX, {BACKEND_NAME: SECOND_BACKEND})
topology_st.standalone.mappingtree.create(SECOND_SUFFIX, bename=SECOND_BACKEND)

# Create the root node of the second backend
try:
topology_st.standalone.add_s(Entry((SECOND_SUFFIX,
{'objectclass': 'top domain'.split(),
'dc': 'deadlock'})))
except ldap.LDAPError as e:
log.fatal('Failed to create suffix entry: error ' + e.args[0]['desc'])
assert False

# Configure retrocl scope
try:
topology_st.standalone.modify_s(RETROCL_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'nsslapd-include-suffix',
> ensure_bytes(DEFAULT_SUFFIX))])

tickets/ticket47931_test.py:99:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=Retro Changelog Plugin,cn=plugins,cn=config', [(2, 'nsslapd-include-suffix', b'dc=example,dc=com')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7dada8c8, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7db48528, file '/export/tests/tickets/ticket47931_test.py', line 102, code test_ticket...st_ticket47931', code_context=[' ensure_bytes(DEFAULT_SUFFIX))])\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206115ac8>
dn = 'cn=Retro Changelog Plugin,cn=plugins,cn=config'
modlist = [(2, 'nsslapd-include-suffix', b'dc=example,dc=com')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=Retro Changelog Plugin,cn=plugins,cn=config', [(2, 'nsslapd-include-suffix', b'dc=example,dc=com')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206115ac8>
dn = 'cn=Retro Changelog Plugin,cn=plugins,cn=config'
modlist = [(2, 'nsslapd-include-suffix', b'dc=example,dc=com')]
serverctrls = None, clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (15,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206115ac8>, msgid = 15, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (15, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206115ac8>, msgid = 15, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f7206100c10>, 15, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206115ac8>
func = <built-in method result4 of LDAP object at 0x7f7206100c10>
args = (15, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f720a5e8408>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206115ac8>
func = <built-in method result4 of LDAP object at 0x7f7206100c10>
args = (15, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f72064075c0>

def test_ticket47931(topology_st):
"""Test Retro Changelog and MemberOf deadlock fix.
Verification steps:
- Enable retro cl and memberOf.
- Create two backends: A & B.
- Configure retrocl scoping for backend A.
- Configure memberOf plugin for uniquemember
- Create group in backend A.
- In parallel, add members to the group on A, and make modifications
to entries in backend B.
- Make sure the server does not hang during the updates to both
backends.

"""

# Enable dynamic plugins to make plugin configuration easier
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
log.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

# Enable the plugins
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)

# Create second backend
topology_st.standalone.backend.create(SECOND_SUFFIX, {BACKEND_NAME: SECOND_BACKEND})
topology_st.standalone.mappingtree.create(SECOND_SUFFIX, bename=SECOND_BACKEND)

# Create the root node of the second backend
try:
topology_st.standalone.add_s(Entry((SECOND_SUFFIX,
{'objectclass': 'top domain'.split(),
'dc': 'deadlock'})))
except ldap.LDAPError as e:
log.fatal('Failed to create suffix entry: error ' + e.args[0]['desc'])
assert False

# Configure retrocl scope
try:
topology_st.standalone.modify_s(RETROCL_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'nsslapd-include-suffix',
ensure_bytes(DEFAULT_SUFFIX))])
except ldap.LDAPError as e:
log.error('Failed to configure retrocl plugin: ' + e.args[0]['desc'])
> assert False
E assert False

tickets/ticket47931_test.py:102: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
backend.py 76 INFO List backend with suffix=dc=deadlock backend.py 286 INFO Creating a local backend backend.py 72 INFO List backend cn=deadlock,cn=ldbm database,cn=plugins,cn=config __init__.py 1757 INFO Found entry dn: cn=deadlock,cn=ldbm database,cn=plugins,cn=config cn: deadlock nsslapd-cachememsize: 512000 nsslapd-cachesize: -1 nsslapd-directory: /var/lib/dirsrv/slapd-standalone1/db/deadlock nsslapd-dncachememsize: 16777216 nsslapd-readonly: off nsslapd-require-index: off nsslapd-suffix: dc=deadlock objectClass: top objectClass: extensibleObject objectClass: nsBackendInstance mappingTree.py 155 INFO Entry dn: cn="dc=deadlock",cn=mapping tree,cn=config cn: dc=deadlock nsslapd-backend: deadlock nsslapd-state: backend objectclass: top objectclass: extensibleObject objectclass: nsMappingTree __init__.py 1757 INFO Found entry dn: cn=dc\3Ddeadlock,cn=mapping tree,cn=config cn: dc=deadlock nsslapd-backend: deadlock nsslapd-state: backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree ticket47931_test.py 101 ERROR Failed to configure retrocl plugin: Can't contact LDAP server
Failed tickets/ticket47950_test.py::test_ticket47950 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f7206396748>

def test_ticket47950(topology_st):
"""
Testing nsslapd-plugin-binddn-tracking does not cause issues around
access control and reconfiguring replication/repl agmt.
"""

log.info('Testing Ticket 47950 - Testing nsslapd-plugin-binddn-tracking')

#
# Turn on bind dn tracking
#
try:
> topology_st.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'nsslapd-plugin-binddn-tracking', 'on')])

tickets/ticket47950_test.py:39:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f720666b828>
func = <built-in method modify_ext of LDAP object at 0x7f72060c6e40>
args = ('cn=config', [(2, 'nsslapd-plugin-binddn-tracking', 'on')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', 'o')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed tickets/ticket47966_test.py::test_ticket47966 0.01
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f7205ec0b38>

def test_ticket47966(topology_m2):
'''
Testing bulk import when the backend with VLV was recreated.
If the test passes without the server crash, 47966 is verified.
'''
log.info('Testing Ticket 47966 - [VLV] slapd crashes during Dogtag clone reinstallation')
M1 = topology_m2.ms["master1"]
M2 = topology_m2.ms["master2"]
m1_m2_agmt = M1.agreement.list(suffix=DEFAULT_SUFFIX)[0].dn

log.info('0. Create a VLV index on Master 2.')
# get the backend entry
be = M2.replica.conn.backend.list(suffix=DEFAULT_SUFFIX)
if not be:
log.fatal("ticket47966: enable to retrieve the backend for %s" % DEFAULT_SUFFIX)
raise ValueError("no backend for suffix %s" % DEFAULT_SUFFIX)
bent = be[0]
beName = bent.getValue('cn')
beDn = "cn=%s,cn=ldbm database,cn=plugins,cn=config" % beName

# generate vlvSearch entry
vlvSrchDn = "cn=vlvSrch,%s" % beDn
log.info('0-1. vlvSearch dn: %s' % vlvSrchDn)
vlvSrchEntry = Entry(vlvSrchDn)
vlvSrchEntry.setValues('objectclass', 'top', 'vlvSearch')
vlvSrchEntry.setValues('cn', 'vlvSrch')
vlvSrchEntry.setValues('vlvBase', DEFAULT_SUFFIX)
vlvSrchEntry.setValues('vlvFilter', '(|(objectclass=*)(objectclass=ldapsubentry))')
vlvSrchEntry.setValues('vlvScope', '2')
> M2.add_s(vlvSrchEntry)

tickets/ticket47966_test.py:50:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:430: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:195: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72060ca518>
func = <built-in method result4 of LDAP object at 0x7f7205eb0aa8>
args = (25, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_OBJECT
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket47966_test.py 26 INFO Testing Ticket 47966 - [VLV] slapd crashes during Dogtag clone reinstallation ticket47966_test.py 31 INFO 0. Create a VLV index on Master 2. backend.py 76 INFO List backend with suffix=dc=example,dc=com ticket47966_test.py 43 INFO 0-1. vlvSearch dn: cn=vlvSrch,cn=b'userRoot',cn=ldbm database,cn=plugins,cn=config
Failed tickets/ticket47973_test.py::test_ticket47973_case 5.06
topology_st = <lib389.topologies.TopologyMain object at 0x7f7205e6c9b0>

def test_ticket47973_case(topology_st):
log.info('Testing Ticket 47973 (case) - Test the cases in the original schema are preserved.')

log.info('case 1 - Test the cases in the original schema are preserved.')

tsfile = topology_st.standalone.schemadir + '/98test.ldif'
tsfd = open(tsfile, "w")
Mozattr0 = "MoZiLLaaTTRiBuTe"
testschema = "dn: cn=schema\nattributetypes: ( 8.9.10.11.12.13.14 NAME '" + Mozattr0 + "' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Dummy Schema' )\nobjectclasses: ( 1.2.3.4.5.6.7 NAME 'MozillaObject' SUP top MUST ( objectclass $ cn ) MAY ( " + Mozattr0 + " ) X-ORIGIN 'user defined' )"
tsfd.write(testschema)
tsfd.close()

try:
# run the schema reload task with the default schemadir
topology_st.standalone.tasks.schemaReload(schemadir=topology_st.standalone.schemadir,
args={TASK_WAIT: False})
except ValueError:
log.error('Schema Reload task failed.')
assert False

time.sleep(5)

try:
schemaentry = topology_st.standalone.search_s("cn=schema", ldap.SCOPE_BASE,
'objectclass=top',
["objectclasses"])
oclist = schemaentry[0].data.get("objectclasses")
except ldap.LDAPError as e:
log.error('Failed to get schema entry: error (%s)' % e.args[0]['desc'])
raise e

found = 0
for oc in oclist:
log.info('OC: %s' % oc)
moz = re.findall(Mozattr0, oc.decode('utf-8'))
if moz:
found = 1
log.info('case 1: %s is in the objectclasses list -- PASS' % Mozattr0)

if found == 0:
log.error('case 1: %s is not in the objectclasses list -- FAILURE' % Mozattr0)
> assert False
E assert False

tickets/ticket47973_test.py:154: AssertionError
------------------------------ Captured log call -------------------------------
tasks.py 1107 INFO Schema Reload task (task-04272019_211111) completed successfully ticket47973_test.py 153 ERROR case 1: MoZiLLaaTTRiBuTe is not in the objectclasses list -- FAILURE
Failed tickets/ticket47988_test.py::test_ticket47988_init 4.11
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720603bef0>

def test_ticket47988_init(topology_m2):
"""
It adds
- Objectclass with MAY 'member'
- an entry ('bind_entry') with which we bind to test the 'SELFDN' operation
It deletes the anonymous aci

"""

_header(topology_m2, 'test_ticket47988_init')

# enable acl error logging
mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', ensure_bytes(str(8192)))] # REPL
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

mod = [(ldap.MOD_REPLACE, 'nsslapd-accesslog-level', ensure_bytes(str(260)))] # Internal op
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

# add dummy entries
for cpt in range(MAX_OTHERS):
name = "%s%d" % (OTHER_NAME, cpt)
topology_m2.ms["master1"].add_s(Entry(("cn=%s,%s" % (name, SUFFIX), {
'objectclass': "top person".split(),
'sn': name,
'cn': name})))

# check that entry 0 is replicated before
loop = 0
entryDN = "cn=%s0,%s" % (OTHER_NAME, SUFFIX)
while loop <= 10:
try:
ent = topology_m2.ms["master2"].getEntry(entryDN, ldap.SCOPE_BASE, "(objectclass=*)", ['telephonenumber'])
break
except ldap.NO_SUCH_OBJECT:
time.sleep(1)
loop += 1
assert (loop <= 10)

topology_m2.ms["master1"].stop(timeout=10)
topology_m2.ms["master2"].stop(timeout=10)

# install the specific schema M1: ipa3.3, M2: ipa4.1
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa3.3.tar.gz")
_install_schema(topology_m2.ms["master1"], schema_file)
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa4.1.tar.gz")
_install_schema(topology_m2.ms["master2"], schema_file)

> topology_m2.ms["master1"].start(timeout=10)

/export/tests/tickets/ticket47988_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1133: in start
"dirsrv@%s" % self.serverid])
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

popenargs = (['systemctl', 'start', 'dirsrv@master1'],), kwargs = {}
retcode = 1, cmd = ['systemctl', 'start', 'dirsrv@master1']

def check_call(*popenargs, **kwargs):
"""Run command with arguments. Wait for command to complete. If
the exit code was zero then return, otherwise raise
CalledProcessError. The CalledProcessError object will have the
return code in the returncode attribute.

The arguments are the same as for the call function. Example:

check_call(["ls", "-l"])
"""
retcode = call(*popenargs, **kwargs)
if retcode:
cmd = kwargs.get("args")
if cmd is None:
cmd = popenargs[0]
> raise CalledProcessError(retcode, cmd)
E subprocess.CalledProcessError: Command '['systemctl', 'start', 'dirsrv@master1']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:347: CalledProcessError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists----------------------------- Captured stderr call -----------------------------
Job for dirsrv@master1.service failed because the control process exited with error code. See "systemctl status dirsrv@master1.service" and "journalctl -xe" for details. ------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_init ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ################################################### ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/02common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-admin.ldif ticket47988_test.py 96 INFO replace /etc/dirsrv/slapd-master1/schema/99user.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60nss-ldap.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60autofs.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-web.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60samba.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10dna-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/05rfc4523.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60basev2.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10automember-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/05rfc2927.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10mep-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60ipadns.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/10rfc2307.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-mail.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/05rfc4524.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60trust.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60ipaconfig.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-directory.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60eduperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60mozilla.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/65ipasudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60rfc3712.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60rfc2739.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-value.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60acctpolicy.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/01core389.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60sabayon.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60pam-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/00core.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/25java-object.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60sudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/70ipaotp.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60pureftpd.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/61kerberos-ipav3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60kerberos.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60basev3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/06inetorgperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/30ns-common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/28pilot.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/20subscriber.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/50ns-certificate.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master1/schema/60posix-winsync-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/02common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-admin.ldif ticket47988_test.py 96 INFO replace /etc/dirsrv/slapd-master2/schema/99user.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60nss-ldap.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60autofs.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-web.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60samba.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10dna-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/05rfc4523.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60basev2.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10automember-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/05rfc2927.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10mep-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60ipadns.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/10rfc2307.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-mail.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/05rfc4524.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60trust.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60ipaconfig.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-directory.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60eduperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60mozilla.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/65ipasudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60rfc3712.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60rfc2739.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-value.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60acctpolicy.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/01core389.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60sabayon.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60pam-plugin.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/00core.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/25java-object.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60sudo.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/70ipaotp.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60pureftpd.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/61kerberos-ipav3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60kerberos.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60basev3.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/06inetorgperson.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/30ns-common.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/28pilot.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/20subscriber.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/50ns-certificate.ldif ticket47988_test.py 100 INFO add /etc/dirsrv/slapd-master2/schema/60posix-winsync-plugin.ldif
Failed tickets/ticket47988_test.py::test_ticket47988_1 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720603bef0>

def test_ticket47988_1(topology_m2):
'''
Check that replication is working and pause replication M2->M1
'''
_header(topology_m2, 'test_ticket47988_1')

topology_m2.ms["master1"].log.debug("\n\nCheck that replication is working and pause replication M2->M1\n")
> _do_update_entry(supplier=topology_m2.ms["master2"], consumer=topology_m2.ms["master1"], attempts=5)

/export/tests/tickets/ticket47988_test.py:232:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:182: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206020f60>
func = <built-in method result4 of LDAP object at 0x7f72060895f8>
args = (27, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_1 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_2 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720603bef0>

def test_ticket47988_2(topology_m2):
'''
Update M1 schema and trigger update M1->M2
So M1 should learn new/extended definitions that are in M2 schema
'''
_header(topology_m2, 'test_ticket47988_2')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:244:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:568: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:165: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206059a90>
func = <built-in method result4 of LDAP object at 0x7f720606ff30>
args = (63, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_2 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_3 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720603bef0>

def test_ticket47988_3(topology_m2):
'''
Resume replication M2->M1 and check replication is still working
'''
_header(topology_m2, 'test_ticket47988_3')

> _resume_M2_to_M1(topology_m2)

/export/tests/tickets/ticket47988_test.py:281:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:220: in _resume_M2_to_M1
ents = topology_m2.ms["master2"].agreement.list(suffix=SUFFIX)
/usr/local/lib/python3.7/site-packages/lib389/agreement.py:873: in list
replica_entries = self.conn.replica.list(suffix)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:170: in list
ents = self.conn.search_s(base, ldap.SCOPE_SUBTREE, filtr)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206020f60>
func = <built-in method search_ext of LDAP object at 0x7f72060895f8>
args = ('cn=mapping tree,cn=config', 2, '(&(objectclass=nsds5Replica)(nsDS5ReplicaRoot=dc=example,dc=com))', None, 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_3 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ################################################### ticket47988_test.py 219 INFO ######################### resume RA M2->M1 ######################
Failed tickets/ticket47988_test.py::test_ticket47988_4 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720603bef0>

def test_ticket47988_4(topology_m2):
'''
Check schemaCSN is identical on both server
And save the nsschemaCSN to later check they do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_4')

> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:293:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:568: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206059a90>
func = <built-in method search_ext of LDAP object at 0x7f720606ff30>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_4 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_5 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720603bef0>

def test_ticket47988_5(topology_m2):
'''
Check schemaCSN do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_5')

> _do_update_entry(supplier=topology_m2.ms["master1"], consumer=topology_m2.ms["master2"], attempts=5)

/export/tests/tickets/ticket47988_test.py:311:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:182: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206059a90>
func = <built-in method modify_ext of LDAP object at 0x7f720606ff30>
args = ('cn=other_entry0,dc=example,dc=com', [(2, 'telephonenumber', b'183')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_5 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_6 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720603bef0>

def test_ticket47988_6(topology_m2):
'''
Update M1 schema and trigger update M2->M1
So M2 should learn new/extended definitions that are in M1 schema
'''

_header(topology_m2, 'test_ticket47988_6')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:334:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:568: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206059a90>
func = <built-in method search_ext of LDAP object at 0x7f720606ff30>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
------------------------------ Captured log call -------------------------------
ticket47988_test.py 62 INFO ############################################### ticket47988_test.py 63 INFO ####### ticket47988_test.py 64 INFO ####### test_ticket47988_6 ticket47988_test.py 65 INFO ####### ticket47988_test.py 66 INFO ###################################################
Failed tickets/ticket48005_test.py::test_ticket48005_usn 4.46
topology_st = <lib389.topologies.TopologyMain object at 0x7f7205ec41d0>

def test_ticket48005_usn(topology_st):
'''
Enable entryusn
Delete all user entries.
Run USN tombstone cleanup task
Shutdown the server
Check if a core file was generated or not
If no core was found, this test case was successful.
'''
log.info("Ticket 48005 usn test...")
topology_st.standalone.plugins.enable(name=PLUGIN_USN)

topology_st.standalone.restart(timeout=10)

try:
> entries = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, "(objectclass=inetorgperson)")

/export/tests/tickets/ticket48005_test.py:281:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:165: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205cc62b0>
func = <built-in method result4 of LDAP object at 0x7f7205adffa8>
args = (2, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_OBJECT
------------------------------ Captured log call -------------------------------
ticket48005_test.py 275 INFO Ticket 48005 usn test...
Failed tickets/ticket48194_test.py::test_init 3.47
topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>

def test_init(topology_st):
"""
Generate self signed cert and import it to the DS cert db.
Enable SSL
"""
_header(topology_st, 'Testing Ticket 48194 - harden the list of ciphers available by default')

nss_ssl = NssSsl(dbpath=topology_st.standalone.get_cert_dir())
nss_ssl.reinit()
nss_ssl.create_rsa_ca()
nss_ssl.create_rsa_key_and_cert()

log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'),
(ldap.MOD_REPLACE, 'nsTLS1', b'on'),
(ldap.MOD_REPLACE, 'nsSSLClientAuth', b'allowed'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on'),
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all')])

topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', b'on'),
(ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', b'off'),
(ldap.MOD_REPLACE, 'nsslapd-secureport', ensure_bytes(LDAPSPORT))])

topology_st.standalone.add_s(Entry((RSA_DN, {'objectclass': "top nsEncryptionModule".split(),
'cn': RSA,
'nsSSLPersonalitySSL': SERVERCERT,
'nsSSLToken': 'internal (software)',
> 'nsSSLActivation': 'on'})))

/export/tests/tickets/ticket48194_test.py:72:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:193: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:430: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:195: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7206059208>
func = <built-in method result4 of LDAP object at 0x7f72059c8788>
args = (6, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Testing Ticket 48194 - harden the list of ciphers available by default ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 56 INFO ######################### enable SSL in the directory server with all ciphers ######################
Failed tickets/ticket48194_test.py::test_run_1 5.60
topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>

def test_run_1(topology_st):
"""
Check nsSSL3Ciphers: +all
All ciphers are enabled except null.
Note: default allowWeakCipher (i.e., off) for +all
"""
_header(topology_st, 'Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])
# Make sure allowWeakCipher is not set.
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'allowWeakCipher', None)])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_0' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:156:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 149 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_2 5.66
topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>

def test_run_2(topology_st):
"""
Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+rsa_aes_128_sha,+rsa_aes_256_sha')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_1' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)
connectWithOpenssl(topology_st, 'AES256-SHA256', False)
> connectWithOpenssl(topology_st, 'AES128-SHA', True)

/export/tests/tickets/ticket48194_test.py:182:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>
cipher = 'AES128-SHA', expect = True

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:106: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 173 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, (NONE), Cipher is (NONE)\n' ticket48194_test.py 84 INFO Testing AES256-SHA256 -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES256-SHA256 ticket48194_test.py 103 INFO Found: b'New, (NONE), Cipher is (NONE)\n' ticket48194_test.py 84 INFO Testing AES128-SHA -- expect to handshake successfully ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES128-SHA ticket48194_test.py 103 INFO Found: b'New, (NONE), Cipher is (NONE)\n'
Failed tickets/ticket48194_test.py::test_run_4 5.68
topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>

def test_run_4(topology_st):
"""
Check no nsSSL3Ciphers
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', b'-all')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_3' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:226:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 219 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_5 5.67
topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>

def test_run_5(topology_st):
"""
Check nsSSL3Ciphers: default
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_4' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:248:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 241 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_6 5.62
topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>

def test_run_6(topology_st):
"""
Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256
All ciphers are disabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_5' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:272:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 265 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48194_test.py::test_run_8 5.52
topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>

def test_run_8(topology_st):
"""
Check nsSSL3Ciphers: default + allowWeakCipher: off
Strong Default ciphers are enabled.
"""
_header(topology_st, 'Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off)')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'off')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_7' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:295:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f720603d0f0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = '/usr/bin/openssl s_client -connect localhost:%s -cipher %s' % (LDAPSPORT, cipher)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:115: AssertionError
------------------------------ Captured log call -------------------------------
ticket48194_test.py 39 INFO ############################################### ticket48194_test.py 40 INFO ####### Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off) ticket48194_test.py 41 INFO ############################################### ticket48194_test.py 288 INFO ######################### Restarting the server ###################### ticket48194_test.py 84 INFO Testing DES-CBC3-SHA -- expect to handshake failed ticket48194_test.py 90 INFO Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA ticket48194_test.py 103 INFO Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'
Failed tickets/ticket48226_test.py::test_ticket48226_set_purgedelay 0.01
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f72060ca160>

def test_ticket48226_set_purgedelay(topology_m2):
args = {REPLICA_PURGE_DELAY: '5',
REPLICA_PURGE_INTERVAL: '5'}
try:
> topology_m2.ms["master1"].replica.setProperties(DEFAULT_SUFFIX, None, None, args)

/export/tests/tickets/ticket48226_test.py:25:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.replica.ReplicaLegacy object at 0x7f7205cc1128>
suffix = 'dc=example,dc=com', replica_dn = None, replica_entry = None
properties = {'ReplicaPurgeDelay': '5', 'ReplicaTombstonePurgeInterval': '5'}

def setProperties(self, suffix=None, replica_dn=None, replica_entry=None,
properties=None):
'''
Set the properties of the replica. If an 'replica_entry' (Entry) is
provided, it updates the entry, else it updates the entry on the
server. If the 'replica_dn' is provided it retrieves the entry
using it, else it retrieve the replica using the 'suffix'.

@param suffix : suffix stored in that replica (online update)
@param replica_dn: DN of the replica (online update)
@param replica_entry: Entry of a replica (offline update)
@param properties: dictionary of properties
Supported properties are:
REPLICA_SUFFIX
REPLICA_ID
REPLICA_TYPE
REPLICA_BINDDN
REPLICA_PURGE_DELAY
REPLICA_PRECISE_PURGING
REPLICA_REFERRAL
REPLICA_FLAGS

@return None

@raise ValueError: if unknown properties
ValueError: if invalid replica_entry
ValueError: if replica_dn or suffix are not associated to
a replica

'''

# No properties provided
if len(properties) == 0:
return

# check that the given properties are valid
for prop in properties:
# skip the prefix to add/del value
if not inProperties(prop, REPLICA_PROPNAME_TO_ATTRNAME):
raise ValueError("unknown property: %s" % prop)
else:
self.log.debug("setProperties: %s:%s",
prop, properties[prop])

# At least we need to have suffix/replica_dn/replica_entry
if not suffix and not replica_dn and not replica_entry:
raise InvalidArgumentError("suffix and replica_dn and replica_" +
"entry are missing")

# the caller provides a set of properties to set into a replica entry
if replica_entry:
if not isinstance(replica_entry, Entry):
raise ValueError("invalid instance of the replica_entry")

# that is fine, now set the values
for prop in properties:
val = rawProperty(prop)

# for Entry update it is a replace
replica_entry.update({REPLICA_PROPNAME_TO_ATTRNAME[val]:
properties[prop]})

return

# If it provides the suffix or the replicaDN, replica.list will
# return the appropriate entry
ents = self.conn.replica.list(suffix=suffix, replica_dn=replica_dn)
if len(ents) != 1:
if replica_dn:
raise ValueError("invalid replica DN: %s" % replica_dn)
else:
raise ValueError("invalid suffix: %s" % suffix)

# build the MODS
mods = []
for prop in properties:
# take the operation type from the property name
val = rawProperty(prop)
if str(prop).startswith('+'):
op = ldap.MOD_ADD
elif str(prop).startswith('-'):
op = ldap.MOD_DELETE
else:
op = ldap.MOD_REPLACE

mods.append((op, REPLICA_PROPNAME_TO_ATTRNAME[val],
properties[prop]))

# that is fine now to apply the MOD
> self.conn.modify_s(ents[0].dn, mods)

/usr/local/lib/python3.7/site-packages/lib389/replica.py:262:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7af9dee8, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,..., code_context=[' firstresult=hook.spec.opts.get("firstresult") if hook.spec else False,\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7afacdb8, file '/usr/local/lib/python3.7/site-packages/lib389/replica.py', line 262, c...ca.py', lineno=262, function='setProperties', code_context=[' self.conn.modify_s(ents[0].dn, mods)\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205cb0978>
dn = 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config'
modlist = [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205cb0978>
dn = 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config'
modlist = [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')]
serverctrls = None, clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
> msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205cb0978>
dn = 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config'
modlist = [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')]
serverctrls = None, clientctrls = None

def modify_ext(self,dn,modlist,serverctrls=None,clientctrls=None):
"""
modify_ext(dn, modlist[,serverctrls=None[,clientctrls=None]]) -> int
"""
if PY2:
dn = self._bytesify_input('dn', dn)
modlist = self._bytesify_modlist('modlist', modlist, with_opcode=True)
> return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method modify_ext of LDAP object at 0x7f7206005968>, 'cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205cb0978>
func = <built-in method modify_ext of LDAP object at 0x7f7206005968>
args = ('cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsds5ReplicaPurgeDelay', '5'), (2, 'nsds5ReplicaTombstonePurgeInterval', '5')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '5')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError

During handling of the above exception, another exception occurred:

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f72060ca160>

def test_ticket48226_set_purgedelay(topology_m2):
args = {REPLICA_PURGE_DELAY: '5',
REPLICA_PURGE_INTERVAL: '5'}
try:
topology_m2.ms["master1"].replica.setProperties(DEFAULT_SUFFIX, None, None, args)
except:
log.fatal('Failed to configure replica')
> assert False
E assert False

/export/tests/tickets/ticket48226_test.py:28: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket48226_test.py 27 CRITICAL Failed to configure replica
Failed tickets/ticket48226_test.py::test_ticket48226_1 0.02
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f72060ca160>

def test_ticket48226_1(topology_m2):
name = 'test_entry'
dn = "cn=%s,%s" % (name, SUFFIX)

topology_m2.ms["master1"].add_s(Entry((dn, {'objectclass': "top person".split(),
'sn': name,
'cn': name})))

# First do an update that is replicated
mods = [(ldap.MOD_ADD, 'description', '5')]
> topology_m2.ms["master1"].modify_s(dn, mods)

/export/tests/tickets/ticket48226_test.py:50:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205cb0978>
func = <built-in method modify_ext of LDAP object at 0x7f7206005968>
args = ('cn=test_entry,dc=example,dc=com', [(0, 'description', '5')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '5')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
Failed tickets/ticket48383_test.py::test_ticket48383 31.75
topology_st = <lib389.topologies.TopologyMain object at 0x7f7205a8ce48>

def test_ticket48383(topology_st):
"""
This test case will check that we re-alloc buffer sizes on import.c

We achieve this by setting the servers dbcachesize to a stupid small value
and adding huge objects to ds.

Then when we run db2index, either:
* If we are not using the re-alloc code, it will FAIL (Bad)
* If we re-alloc properly, it all works regardless.
"""

topology_st.standalone.config.set('nsslapd-maxbersize', '200000000')
topology_st.standalone.restart()

# Create some stupid huge objects / attributes in DS.
# seeAlso is indexed by default. Lets do that!
# This will take a while ...
data = [random.choice(string.ascii_letters) for x in range(10000000)]
s = "".join(data)

# This was here for an iteration test.
i = 1
USER_DN = 'uid=user%s,ou=people,%s' % (i, DEFAULT_SUFFIX)
padding = ['%s' % n for n in range(400)]

user = Entry((USER_DN, {
'objectclass': 'top posixAccount person extensibleObject'.split(),
'uid': 'user%s' % (i),
'cn': 'user%s' % (i),
'uidNumber': '%s' % (i),
'gidNumber': '%s' % (i),
'homeDirectory': '/home/user%s' % (i),
'description': 'user description',
'sn': s,
'padding': padding,
}))

topology_st.standalone.add_s(user)

# Set the dbsize really low.
try:
topology_st.standalone.modify_s(DEFAULT_BENAME, [(ldap.MOD_REPLACE,
'nsslapd-cachememsize', b'1')])
except ldap.LDAPError as e:
log.fatal('Failed to change nsslapd-cachememsize {}'.format(e.args[0]['desc']))

## Does ds try and set a minimum possible value for this?
## Yes: [16/Feb/2016:16:39:18 +1000] - WARNING: cache too small, increasing to 500K bytes
# Given the formula, by default, this means DS will make the buffsize 400k
# So an object with a 1MB attribute should break indexing

ldifpath = os.path.join(topology_st.standalone.get_ldif_dir(), "%s.ldif" % SERVERID_STANDALONE)

# stop the server
topology_st.standalone.stop()
# Now export and import the DB. It's easier than db2index ...
topology_st.standalone.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX], excludeSuffixes=[],
encrypt=False, repl_data=True, outputfile=ldifpath)

result = topology_st.standalone.ldif2db(DEFAULT_BENAME, None, None, False, ldifpath)

> assert (result)
E assert False

/export/tests/tickets/ticket48383_test.py:77: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket48383_test.py 60 CRITICAL Failed to change nsslapd-cachememsize No such object __init__.py 2691 ERROR ldif2db: Can't find file: /var/lib/dirsrv/slapd-standalone1/ldif/standalone1.ldif
Failed tickets/ticket48637_test.py::test_ticket48637 4.47
topology_st = <lib389.topologies.TopologyMain object at 0x7f7205687278>

def test_ticket48637(topology_st):
"""Test for entry cache corruption

This requires automember and managed entry plugins to be configured.

Then remove the group that automember would use to trigger a failure when
adding a new entry. Automember fails, and then managed entry also fails.

Make sure a base search on the entry returns error 32
"""

if DEBUGGING:
# Add debugging steps(if any)...
pass

#
# Add our setup entries
#
try:
topology_st.standalone.add_s(Entry((PEOPLE_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'people'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add people ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((GROUP_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'groups'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add groups ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_OU, {
'objectclass': 'top extensibleObject'.split(),
'ou': 'mep'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_TEMPLATE, {
'objectclass': 'top mepTemplateEntry'.split(),
'cn': 'mep template',
'mepRDNAttr': 'cn',
'mepStaticAttr': 'objectclass: groupofuniquenames',
'mepMappedAttr': 'cn: $uid'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

#
# Configure automember
#
try:
topology_st.standalone.add_s(Entry((AUTO_DN, {
'cn': 'All Users',
'objectclass': ['top', 'autoMemberDefinition'],
'autoMemberScope': 'dc=example,dc=com',
'autoMemberFilter': 'objectclass=person',
'autoMemberDefaultGroup': GROUP_DN,
'autoMemberGroupingAttr': 'uniquemember:dn'})))
except ldap.LDAPError as e:
log.fatal('Failed to configure automember plugin : ' + str(e))
assert False

#
# Configure managed entry plugin
#
try:
topology_st.standalone.add_s(Entry((MEP_DN, {
'cn': 'MEP Definition',
'objectclass': ['top', 'extensibleObject'],
'originScope': 'ou=people,dc=example,dc=com',
'originFilter': 'objectclass=person',
'managedBase': 'ou=groups,dc=example,dc=com',
'managedTemplate': MEP_TEMPLATE})))
except ldap.LDAPError as e:
log.fatal('Failed to configure managed entry plugin : ' + str(e))
assert False

#
# Restart DS
#
topology_st.standalone.restart(timeout=30)

#
# Add entry that should fail since the automember group does not exist
#
try:
topology_st.standalone.add_s(Entry((USER_DN, {
'uid': 'test',
'objectclass': ['top', 'person', 'extensibleObject'],
'sn': 'test',
'cn': 'test'})))
except ldap.LDAPError as e:
pass

#
# Search for the entry - it should not be returned
#
try:
entry = topology_st.standalone.search_s(USER_DN, ldap.SCOPE_SUBTREE,
'objectclass=*')
if entry:
log.fatal('Entry was incorrectly returned')
> assert False
E assert False

/export/tests/tickets/ticket48637_test.py:137: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket48637_test.py 136 CRITICAL Entry was incorrectly returned
Failed tickets/ticket48755_test.py::test_ticket48755 0.00
Fixture "add_ou_entry" called directly. Fixtures are not meant to be called directly,
but are created automatically when test functions request them as parameters.
See https://docs.pytest.org/en/latest/fixture.html for more information about fixtures, and
https://docs.pytest.org/en/latest/deprecations.html#calling-fixtures-directly about how to update your code.
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket48755_test.py 82 INFO Ticket 48755 - moving an entry could make the online init fail ticket48755_test.py 87 INFO Generating DIT_0
Failed tickets/ticket48759_test.py::test_ticket48759 1.16
topology_st = <lib389.topologies.TopologyMain object at 0x7f72059c4e80>

def test_ticket48759(topology_st):
"""
The fix for ticket 48759 has to prevent plugin calls for tombstone purging

The test uses the memberof and retrocl plugins to verify this.
In tombstone purging without the fix the mmeberof plugin is called,
if the tombstone entry is a group,
it modifies the user entries for the group
and if retrocl is enabled this mod is written to the retrocl

The test sequence is:
- enable replication
- enable memberof and retro cl plugin
- add user entries
- add a group and add the users as members
- verify memberof is set to users
- delete the group
- verify memberof is removed from users
- add group again
- verify memberof is set to users
- get number of changes in retro cl for one user
- configure tombstone purging
- wait for purge interval to pass
- add a dummy entry to increase maxcsn
- wait for purge interval to pass two times
- get number of changes in retro cl for user again
- assert there was no additional change
"""

log.info('Testing Ticket 48759 - no plugin calls for tombstone purging')

#
# Setup Replication
#
log.info('Setting up replication...')
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.create_first_master(topology_st.standalone)
#
# enable dynamic plugins, memberof and retro cl plugin
#
log.info('Enable plugins...')
try:
topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
# Configure memberOf group attribute
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofgroupattr',
> b'member')])

/export/tests/tickets/ticket48759_test.py:129:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofgroupattr', b'member')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x555c7db1a158, file '/usr/local/lib/python3.7/site-packages/lib389/__init__.py', line 197,...68, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x555c7db83468, file '/export/tests/tickets/ticket48759_test.py', line 132, code test_ticket...o=129, function='test_ticket48759', code_context=[" b'member')])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205d0f470>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofgroupattr', b'member')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofgroupattr', b'member')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205d0f470>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofgroupattr', b'member')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (21,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205d0f470>, msgid = 21, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
> resp_ctrl_classes=resp_ctrl_classes
)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (21, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205d0f470>, msgid = 21, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f7205b49eb8>, 21, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205d0f470>
func = <built-in method result4 of LDAP object at 0x7f7205b49eb8>
args = (21, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.SERVER_DOWN'>
exc_value = SERVER_DOWN({'desc': "Can't contact LDAP server"})
exc_traceback = <traceback object at 0x7f72059b3188>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f7205d0f470>
func = <built-in method result4 of LDAP object at 0x7f7205b49eb8>
args = (21, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f72059c4e80>

def test_ticket48759(topology_st):
"""
The fix for ticket 48759 has to prevent plugin calls for tombstone purging

The test uses the memberof and retrocl plugins to verify this.
In tombstone purging without the fix the mmeberof plugin is called,
if the tombstone entry is a group,
it modifies the user entries for the group
and if retrocl is enabled this mod is written to the retrocl

The test sequence is:
- enable replication
- enable memberof and retro cl plugin
- add user entries
- add a group and add the users as members
- verify memberof is set to users
- delete the group
- verify memberof is removed from users
- add group again
- verify memberof is set to users
- get number of changes in retro cl for one user
- configure tombstone purging
- wait for purge interval to pass
- add a dummy entry to increase maxcsn
- wait for purge interval to pass two times
- get number of changes in retro cl for user again
- assert there was no additional change
"""

log.info('Testing Ticket 48759 - no plugin calls for tombstone purging')

#
# Setup Replication
#
log.info('Setting up replication...')
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.create_first_master(topology_st.standalone)
#
# enable dynamic plugins, memberof and retro cl plugin
#
log.info('Enable plugins...')
try:
topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
# Configure memberOf group attribute
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofgroupattr',
b'member')])
except ldap.LDAPError as e:
log.fatal('Failed to configure memberOf plugin: error ' + e.args[0]['desc'])
> assert False
E assert False

/export/tests/tickets/ticket48759_test.py:132: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket48759_test.py 131 CRITICAL Failed to configure memberOf plugin: error Can't contact LDAP server
Failed tickets/ticket48784_test.py::test_ticket48784 31.00
Fixture "add_entry" called directly. Fixtures are not meant to be called directly,
but are created automatically when test functions request them as parameters.
See https://docs.pytest.org/en/latest/fixture.html for more information about fixtures, and
https://docs.pytest.org/en/latest/deprecations.html#calling-fixtures-directly about how to update your code.
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket48784_test.py 88 INFO Ticket 48784 - Allow usage of OpenLDAP libraries that don't use NSS for crypto ticket48784_test.py 48 INFO ######################### Configure SSL/TLS agreements ###################### ticket48784_test.py 49 INFO ######################## master1 <-- startTLS -> master2 ##################### ticket48784_test.py 51 INFO ##### Update the agreement of master1 ticket48784_test.py 56 INFO ##### Update the agreement of master2 ticket48784_test.py 66 INFO ######################### Configure SSL/TLS agreements Done ######################
Failed tickets/ticket48798_test.py::test_ticket48798 9.62
topology_st = <lib389.topologies.TopologyMain object at 0x7f7205a42748>

def test_ticket48798(topology_st):
"""
Test DH param sizes offered by DS.

"""
topology_st.standalone.enable_tls()

# Confirm that we have a connection, and that it has DH

# Open a socket to the port.
# Check the security settings.
> size = check_socket_dh_param_size(topology_st.standalone.host, topology_st.standalone.sslport)

/export/tests/tickets/ticket48798_test.py:44:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket48798_test.py:21: in check_socket_dh_param_size
output = check_output(cmd, shell=True)
/usr/lib64/python3.7/subprocess.py:395: in check_output
**kwargs).stdout
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = ('echo quit | openssl s_client -connect server.example.com:63601 -msg -cipher DH | grep -A 1 ServerKeyExchange',)
kwargs = {'shell': True, 'stdout': -1}
process = <subprocess.Popen object at 0x7f7205a42630>, stdout = b''
stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if 'stdin' in kwargs:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if ('stdout' in kwargs) or ('stderr' in kwargs):
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired:
process.kill()
stdout, stderr = process.communicate()
raise TimeoutExpired(process.args, timeout, output=stdout,
stderr=stderr)
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
raise CalledProcessError(retcode, process.args,
> output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command 'echo quit | openssl s_client -connect server.example.com:63601 -msg -cipher DH | grep -A 1 ServerKeyExchange' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:487: CalledProcessError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stderr call -----------------------------
depth=1 C = AU, ST = Queensland, L = 389ds, O = testing, CN = ssca.389ds.example.com verify error:num=19:self signed certificate in certificate chain verify return:1 depth=1 C = AU, ST = Queensland, L = 389ds, O = testing, CN = ssca.389ds.example.com verify return:1 depth=0 C = AU, ST = Queensland, L = 389ds, O = testing, GN = 5c38cc9c-b12b-4bdc-bacd-42be9beb9b81, CN = server.example.com verify return:1 DONE
Failed tickets/ticket48961_test.py::test_ticket48961_storagescheme 0.01
topology_st = <lib389.topologies.TopologyMain object at 0x7f7205ab9978>

def test_ticket48961_storagescheme(topology_st):
"""
Test deleting of the storage scheme.
"""

default = topology_st.standalone.config.get_attr_val('passwordStorageScheme')
# Change it
topology_st.standalone.config.set('passwordStorageScheme', 'CLEAR')
# Now delete it
> topology_st.standalone.config.remove('passwordStorageScheme', None)

/export/tests/tickets/ticket48961_test.py:27:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:304: in remove
self.set(key, value, action=ldap.MOD_DELETE)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:387: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72057484e0>
func = <built-in method result4 of LDAP object at 0x7f72057447d8>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.OPERATIONS_ERROR: {'desc': 'Operations error', 'info': 'passwordStorageScheme: deleting the value is not allowed.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: OPERATIONS_ERROR
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed tickets/ticket48961_test.py::test_ticket48961_deleteall 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7f7205ab9978>

def test_ticket48961_deleteall(topology_st):
"""
Test that we can delete all valid attrs, and that a few are rejected.
"""
attr_to_test = {
'nsslapd-listenhost': 'localhost',
'nsslapd-securelistenhost': 'localhost',
'nsslapd-allowed-sasl-mechanisms': 'GSSAPI',
'nsslapd-svrtab': 'Some bogus data', # This one could reset?
}
attr_to_fail = {
# These are the values that should always be dn dse.ldif too
'nsslapd-localuser': 'dirsrv',
'nsslapd-defaultnamingcontext': 'dc=example,dc=com', # Can't delete
'nsslapd-accesslog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/access',
'nsslapd-auditlog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/audit',
'nsslapd-errorlog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/errors',
'nsslapd-tmpdir': '/tmp',
'nsslapd-rundir': '/opt/dirsrv/var/run/dirsrv',
'nsslapd-bakdir': '/opt/dirsrv/var/lib/dirsrv/slapd-standalone/bak',
'nsslapd-certdir': '/opt/dirsrv/etc/dirsrv/slapd-standalone',
'nsslapd-instancedir': '/opt/dirsrv/lib/dirsrv/slapd-standalone',
'nsslapd-ldifdir': '/opt/dirsrv/var/lib/dirsrv/slapd-standalone/ldif',
'nsslapd-lockdir': '/opt/dirsrv/var/lock/dirsrv/slapd-standalone',
'nsslapd-schemadir': '/opt/dirsrv/etc/dirsrv/slapd-standalone/schema',
'nsslapd-workingdir': '/opt/dirsrv/var/log/dirsrv/slapd-standalone',
'nsslapd-localhost': 'localhost.localdomain',
# These can't be reset, but might be in dse.ldif. Probably in libglobs.
'nsslapd-certmap-basedn': 'cn=certmap,cn=config',
'nsslapd-port': '38931', # Can't delete
'nsslapd-secureport': '636', # Can't delete
'nsslapd-conntablesize': '1048576',
'nsslapd-rootpw': '{SSHA512}...',
# These are hardcoded server magic.
'nsslapd-hash-filters': 'off', # Can't delete
'nsslapd-requiresrestart': 'cn=config:nsslapd-port', # Can't change
'nsslapd-plugin': 'cn=case ignore string syntax,cn=plugins,cn=config', # Can't change
'nsslapd-privatenamespaces': 'cn=schema', # Can't change
'nsslapd-allowed-to-delete-attrs': 'None', # Can't delete
'nsslapd-accesslog-list': 'List!', # Can't delete
'nsslapd-auditfaillog-list': 'List!',
'nsslapd-auditlog-list': 'List!',
'nsslapd-errorlog-list': 'List!',
'nsslapd-config': 'cn=config',
'nsslapd-versionstring': '389-Directory/1.3.6.0',
'objectclass': '',
'cn': '',
# These are the odd values
'nsslapd-backendconfig': 'cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config', # Doesn't exist?
'nsslapd-betype': 'ldbm database', # Doesn't exist?
'nsslapd-connection-buffer': 1, # Has an ldap problem
'nsslapd-malloc-mmap-threshold': '-10', # Defunct anyway
'nsslapd-malloc-mxfast': '-10',
'nsslapd-malloc-trim-threshold': '-10',
'nsslapd-referralmode': '',
'nsslapd-saslpath': '',
'passwordadmindn': '',
}

> config_entry = topology_st.standalone.config.raw_entry()
E TypeError: 'NoneType' object is not callable

/export/tests/tickets/ticket48961_test.py:100: TypeError
Failed tickets/ticket49071_test.py::test_ticket49071 7.04
topo = <lib389.topologies.TopologyMain object at 0x7f72058bbac8>

def test_ticket49071(topo):
"""Verify- Import ldif with duplicate DNs, should not log error "unable to flush"

:id: dce2b898-119d-42b8-a236-1130f58bff17
:feature: It is to verify bug:1406101, ticket:49071
:setup: Standalone instance, ldif file with duplicate entries
:steps: 1. Create a ldif file with duplicate entries
2. Import ldif file to DS
3. Check error log file, it should not log "unable to flush"
4. Check error log file, it should log "Duplicated DN detected"
:expectedresults: Error log should not contain "unable to flush" error
"""

log.info('ticket 49071: Create import file')
l = """dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example

dn: ou=myDups00001,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: myDups00001

dn: ou=myDups00001,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: myDups00001
"""

ldif_dir = topo.standalone.get_ldif_dir()
ldif_file = os.path.join(ldif_dir, 'data.ldif')
with open(ldif_file, "w") as fd:
fd.write(l)
fd.close()

log.info('ticket 49071: Import ldif having duplicate entry')
try:
topo.standalone.tasks.importLDIF(suffix=DEFAULT_SUFFIX,
input_file=ldif_file,
args={TASK_WAIT: True})
except ValueError:
log.fatal('ticket 49104: Online import failed')
raise

log.info('ticket 49071: Error log should not have - unable to flush')
assert not topo.standalone.ds_error_log.match('.*unable to flush.*')

log.info('ticket 49071: Error log should have - Duplicated DN detected')
> assert topo.standalone.ds_error_log.match('.*Duplicated DN detected.*')
E AssertionError: assert []
E + where [] = <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f7205718ac8>>('.*Duplicated DN detected.*')
E + where <bound method DirsrvLog.match of <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f7205718ac8>> = <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f7205718ac8>.match
E + where <lib389.dirsrv_log.DirsrvErrorLog object at 0x7f7205718ac8> = <lib389.DirSrv object at 0x7f72057aad30>.ds_error_log
E + where <lib389.DirSrv object at 0x7f72057aad30> = <lib389.topologies.TopologyMain object at 0x7f72058bbac8>.standalone

/export/tests/tickets/ticket49071_test.py:64: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket49071_test.py 28 INFO ticket 49071: Create import file ticket49071_test.py 51 INFO ticket 49071: Import ldif having duplicate entry tasks.py 434 ERROR Error: import task import_04272019_213651 for file /var/lib/dirsrv/slapd-standalone1/ldif/data.ldif exited with -23 ticket49071_test.py 60 INFO ticket 49071: Error log should not have - unable to flush ticket49071_test.py 63 INFO ticket 49071: Error log should have - Duplicated DN detected
Failed tickets/ticket49073_test.py::test_ticket49073 8.23
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f720588c4e0>

def test_ticket49073(topology_m2):
"""Write your replication test here.

To access each DirSrv instance use: topology_m2.ms["master1"], topology_m2.ms["master2"],
..., topology_m2.hub1, ..., topology_m2.consumer1,...

Also, if you need any testcase initialization,
please, write additional fixture for that(include finalizer).
"""
topology_m2.ms["master1"].plugins.enable(name=PLUGIN_MEMBER_OF)
topology_m2.ms["master1"].restart(timeout=10)
topology_m2.ms["master2"].plugins.enable(name=PLUGIN_MEMBER_OF)
topology_m2.ms["master2"].restart(timeout=10)

# Configure fractional to prevent total init to send memberof
ents = topology_m2.ms["master1"].agreement.list(suffix=SUFFIX)
assert len(ents) == 1
log.info('update %s to add nsDS5ReplicatedAttributeListTotal' % ents[0].dn)
topology_m2.ms["master1"].modify_s(ents[0].dn,
[(ldap.MOD_REPLACE,
'nsDS5ReplicatedAttributeListTotal',
'(objectclass=*) $ EXCLUDE '),
(ldap.MOD_REPLACE,
'nsDS5ReplicatedAttributeList',
> '(objectclass=*) $ EXCLUDE memberOf')])

/export/tests/tickets/ticket49073_test.py:102:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:197: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f72057d1470>
func = <built-in method modify_ext of LDAP object at 0x7f7205868fa8>
args = ('cn=002,cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsDS5ReplicatedAttributeListTotal', '(objectclass=*) $ EXCLUDE '), (2, 'nsDS5ReplicatedAttributeList', '(objectclass=*) $ EXCLUDE memberOf')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '(')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists------------------------------ Captured log call -------------------------------
ticket49073_test.py 95 INFO update cn=002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config to add nsDS5ReplicatedAttributeListTotal
Failed tickets/ticket49192_test.py::test_ticket49192 0.00
topo = <lib389.topologies.TopologyMain object at 0x7f72057a5e10>

def test_ticket49192(topo):
"""Trigger deadlock when removing suffix
"""

#
# Create a second suffix/backend
#
log.info('Creating second backend...')
topo.standalone.backends.create(None, properties={
BACKEND_NAME: "Second_Backend",
> 'suffix': "o=hang.com",
})

/export/tests/tickets/ticket49192_test.py:35:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1117: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7f7205c34080>, dn = None
properties = {'name': 'Second_Backend', 'suffix': 'o=hang.com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:489: KeyError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket49192_test.py 32 INFO Creating second backend...
Failed tickets/ticket49303_test.py::test_ticket49303 11.93
topo = <lib389.topologies.TopologyMain object at 0x7f720570fcc0>

def test_ticket49303(topo):
"""
Test the nsTLSAllowClientRenegotiation setting.
"""
sslport = SECUREPORT_STANDALONE1

log.info("Ticket 49303 - Allow disabling of SSL renegotiation")

# No value set, defaults to reneg allowed
enable_ssl(topo.standalone, sslport)
> assert try_reneg(HOST_STANDALONE1, sslport) is True
E AssertionError: assert False is True
E + where False = try_reneg('localhost', 63601)

/export/tests/tickets/ticket49303_test.py:86: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ticket49303_test.py 82 INFO Ticket 49303 - Allow disabling of SSL renegotiation
Failed tickets/ticket49463_test.py::test_ticket_49463 179.87
topo = <lib389.topologies.TopologyMain object at 0x7f720570f748>

def test_ticket_49463(topo):
"""Specify a test case purpose or name here

:id: d1aa2e8b-e6ab-4fc6-9c63-c6f622544f2d
:setup: Fill in set up configuration here
:steps:
1. Enable fractional replication
2. Enable replication logging
3. Check that replication is working fine
4. Generate skipped updates to create keep alive entries
5. Remove M3 from the topology
6. issue cleanAllRuv FORCE that will run on M1 then propagated M2 and M4
7. Check that Number DEL keep alive '3' is <= 1
8. Check M1 is the originator of cleanAllRuv and M2/M4 the propagated ones
9. Check replication M1,M2 and M4 can recover
10. Remove M4 from the topology
11. Issue cleanAllRuv not force while M2 is stopped (that hangs the cleanAllRuv)
12. Check that nsds5ReplicaCleanRUV is correctly encoded on M1 (last value: 1)
13. Check that nsds5ReplicaCleanRUV encoding survives M1 restart
14. Check that nsds5ReplicaCleanRUV encoding is valid on M2 (last value: 0)
15. Check that (for M4 cleanAllRUV) M1 is Originator and M2 propagation
:expectedresults:
1. No report of failure when the RUV is updated
"""

# Step 1 - Configure fractional (skip telephonenumber) replication
M1 = topo.ms["master1"]
M2 = topo.ms["master2"]
M3 = topo.ms["master3"]
M4 = topo.ms["master4"]
repl = ReplicationManager(DEFAULT_SUFFIX)
fractional_server_to_replica(M1, M2)
fractional_server_to_replica(M1, M3)
fractional_server_to_replica(M1, M4)

fractional_server_to_replica(M2, M1)
fractional_server_to_replica(M2, M3)
fractional_server_to_replica(M2, M4)

fractional_server_to_replica(M3, M1)
fractional_server_to_replica(M3, M2)
fractional_server_to_replica(M3, M4)

fractional_server_to_replica(M4, M1)
fractional_server_to_replica(M4, M2)
fractional_server_to_replica(M4, M3)

# Step 2 - enable internal op logging and replication debug
for i in (M1, M2, M3, M4):
i.config.loglevel(vals=[256 + 4], service='access')
i.config.loglevel(vals=[LOG_REPLICA, LOG_DEFAULT], service='error')

# Step 3 - Check that replication is working fine
add_user(M1, 11, desc="add to M1")
add_user(M2, 21, desc="add to M2")
add_user(M3, 31, desc="add to M3")
add_user(M4, 41, desc="add to M4")

for i in (M1, M2, M3, M4):
for j in (M1, M2, M3, M4):
if i == j:
continue
repl.wait_for_replication(i, j)

# Step 4 - Generate skipped updates to create keep alive entries
for i in (M1, M2, M3, M4):
cn = '%s_%d' % (USER_CN, 11)
dn = 'uid=%s,ou=People,%s' % (cn, SUFFIX)
users = UserAccount(i, dn)
for j in range(110):
users.set('telephoneNumber', str(j))

# Step 5 - Remove M3 from the topology
M3.stop()
M1.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
M2.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
M4.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)

# Step 6 - Then issue cleanAllRuv FORCE that will run on M1, M2 and M4
M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='3',
force=True, args={TASK_WAIT: True})

# Step 7 - Count the number of received DEL of the keep alive 3
for i in (M1, M2, M4):
i.restart()
regex = re.compile(".*DEL dn=.cn=repl keep alive 3.*")
for i in (M1, M2, M4):
count = count_pattern_accesslog(M1, regex)
log.debug("count on %s = %d" % (i, count))

# check that DEL is replicated once (If DEL is kept in the fix)
# check that DEL is is not replicated (If DEL is finally no long done in the fix)
assert ((count == 1) or (count == 0))

# Step 8 - Check that M1 is Originator of cleanAllRuv and M2, M4 propagation
regex = re.compile(".*Original task deletes Keep alive entry .3.*")
assert pattern_errorlog(M1, regex)

regex = re.compile(".*Propagated task does not delete Keep alive entry .3.*")
assert pattern_errorlog(M2, regex)
assert pattern_errorlog(M4, regex)

# Step 9 - Check replication M1,M2 and M4 can recover
add_user(M1, 12, desc="add to M1")
add_user(M2, 22, desc="add to M2")
for i in (M1, M2, M4):
for j in (M1, M2, M4):
if i == j:
continue
repl.wait_for_replication(i, j)

# Step 10 - Remove M4 from the topology
M4.stop()
M1.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)
M2.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)

# Step 11 - Issue cleanAllRuv not force while M2 is stopped (that hangs the cleanAllRuv)
M2.stop()
M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='4',
force=False, args={TASK_WAIT: False})

# Step 12
# CleanAllRuv is hanging waiting for M2 to restart
# Check that nsds5ReplicaCleanRUV is correctly encoded on M1
replicas = Replicas(M1)
replica = replicas.list()[0]
time.sleep(0.5)
replica.present('nsds5ReplicaCleanRUV')
log.info("M1: nsds5ReplicaCleanRUV=%s" % replica.get_attr_val_utf8('nsds5replicacleanruv'))
regex = re.compile("^4:.*:no:1$")
> assert regex.match(replica.get_attr_val_utf8('nsds5replicacleanruv'))
E AssertionError: assert None
E + where None = <built-in method match of re.Pattern object at 0x7f7205a3c2b8>('4:no:1:dc=example,dc=com')
E + where <built-in method match of re.Pattern object at 0x7f7205a3c2b8> = re.compile('^4:.*:no:1$').match
E + and '4:no:1:dc=example,dc=com' = <bound method DSLdapObject.get_attr_val_utf8 of <lib389.replica.Replica object at 0x7f720555b128>>('nsds5replicacleanruv')
E + where <bound method DSLdapObject.get_attr_val_utf8 of <lib389.replica.Replica object at 0x7f720555b128>> = <lib389.replica.Replica object at 0x7f720555b128>.get_attr_val_utf8

/export/tests/tickets/ticket49463_test.py:187: AssertionError
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39003, 'ldap-secureport': 63703, 'server-id': 'master3', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39004, 'ldap-secureport': 63704, 'server-id': 'master4', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 153 INFO Joining master master3 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39003 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39003 topologies.py 153 INFO Joining master master4 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39004 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39004 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39004 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master1 to master3 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 already exists topologies.py 161 INFO Ensuring master master1 to master4 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39004 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master2 to master3 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39003 is was created topologies.py 161 INFO Ensuring master master2 to master4 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39004 is was created topologies.py 161 INFO Ensuring master master3 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master3 to master2 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39002 is was created topologies.py 161 INFO Ensuring master master3 to master4 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39004 is was created topologies.py 161 INFO Ensuring master master4 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master4 to master2 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39002 is was created topologies.py 161 INFO Ensuring master master4 to master3 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39003 is was created------------------------------ Captured log call -------------------------------
replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39004 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39003 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39004 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39002 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39004 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39001 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39002 already exists replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39004 to ldap://server.example.com:39003 already exists replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39003 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39004 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39001 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39003 is working agreement.py 1063 INFO Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed agreement.py 1063 INFO Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed agreement.py 1063 INFO Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed tasks.py 1338 INFO cleanAllRUV task (task-04272019_215336) completed successfully replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39004 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39004 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39001 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39004 to ldap://server.example.com:39002 is working agreement.py 1063 INFO Agreement (cn=004,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed agreement.py 1063 INFO Agreement (cn=004,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed tasks.py 1338 INFO cleanAllRUV task (task-04272019_215421) completed successfully ticket49463_test.py 185 INFO M1: nsds5ReplicaCleanRUV=4:no:1:dc=example,dc=com
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_targattrfilters_18] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f720a0d7da0>
real_value = '(target = ldap:///cn=Jeff Vedder,ou=Product Development,dc=example,dc=com)(targetattr=*)(version 3.0; acl "Name of th...3123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_targattrfilters_20] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f720a0d7da0>
real_value = '(target = ldap:///cn=Jeff Vedder,ou=Product Development,dc=example,dc=com)(targetattr=*)(version 3.0; acl "Name of the ACI"; deny(write)userdns="ldap:///anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_bind_rule_set_with_more_than_three] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f720a0d7da0>
real_value = '(target = ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "Name of the ACI"; deny absolute (all)userdn="ldap:////////anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_Use_double_equal_instead_of_equal_in_the_targetattr] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f720a0d7da0>
real_value = '(target = ldap:///dc=example,dc=com)(targetattr==*)(version 3.0; acl "Name of the ACI"; deny absolute (all)userdn="ldap:///anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/acl/syntax_test.py::test_aci_invalid_syntax_fail[test_Use_double_equal_instead_of_equal_in_the_targetfilter] 0.01
topo = <lib389.topologies.TopologyMain object at 0x7f720a0d7da0>
real_value = '(target = ldap:///dc=example,dc=com)(targetfilter==*)(version 3.0; acl "Name of the ACI"; deny absolute (all)userdn="ldap:///anyone";)'

@pytest.mark.xfail(reason='https://bugzilla.redhat.com/show_bug.cgi?id=1691473')
@pytest.mark.parametrize("real_value", [a[1] for a in FAILED],
ids=[a[0] for a in FAILED])
def test_aci_invalid_syntax_fail(topo, real_value):
"""

Try to set wrong ACI syntax.

:id: d544d09a-6ed1-11e8-8872-8c16451d917b
:setup: Standalone Instance
:steps:
1. Create ACI
2. Try to setup the ACI with Instance
:expectedresults:
1. It should pass
2. It should not pass
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
with pytest.raises(ldap.INVALID_SYNTAX):
> domain.add("aci", real_value)
E Failed: DID NOT RAISE <class 'ldap.INVALID_SYNTAX'>

suites/acl/syntax_test.py:212: Failed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_memberof_groups 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7f720880f048>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f7208819da0>
base_m2 = <lib389.idm.nscontainer.nsContainer object at 0x7f7208822e48>

def test_memberof_groups(self, topology_m2, base_m2):
"""Check that conflict properly resolved for operations
with memberOf and groups

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb3
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Enable memberOf plugin
2. Add 30 users to m1 and wait for replication to happen
3. Pause replication
4. Create a group on m1 and m2
5. Create a group on m1 and m2, delete from m1
6. Create a group on m1, delete from m1, and create on m2,
7. Create a group on m2 and m1, delete from m1
8. Create two different groups on m2
9. Resume replication
10. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
9. It should pass
10. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:399: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_managed_entries 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7f7208728908>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f7208819da0>

def test_managed_entries(self, topology_m2):
"""Check that conflict properly resolved for operations
with managed entries

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb4
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Create ou=managed_users and ou=managed_groups under test container
2. Configure managed entries plugin and add a template to test container
3. Add a user to m1 and wait for replication to happen
4. Pause replication
5. Create a user on m1 and m2 with a same group ID on both master
6. Create a user on m1 and m2 with a different group ID on both master
7. Resume replication
8. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:490: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_nested_entries_with_children 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7f720880fac8>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7f7208819da0>
base_m2 = <lib389.idm.nscontainer.nsContainer object at 0x7f720880f668>

def test_nested_entries_with_children(self, topology_m2, base_m2):
"""Check that conflict properly resolved for operations
with nested entries with children

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb5
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Add 15 containers to m1 and wait for replication to happen
2. Pause replication
3. Create parent-child on master2 and master1
4. Create parent-child on master1 and master2
5. Create parent-child on master1 and master2 different child rdn
6. Create parent-child on master1 and delete parent on master2
7. Create parent on master1, delete it and parent-child on master2, delete them
8. Create parent on master1, delete it and parent-two children on master2
9. Create parent-two children on master1 and parent-child on master2, delete them
10. Create three subsets inside existing container entry, applying only part of changes on m2
11. Create more combinations of the subset with parent-child on m1 and parent on m2
12. Delete container on m1, modify user1 on m1, create parent on m2 and modify user2 on m2
13. Resume replication
14. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
9. It should pass
10. It should pass
11. It should pass
12. It should pass
13. It should pass
14. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:581: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestThreeMasters::test_nested_entries 0.00
self = <tests.suites.replication.conflict_resolve_test.TestThreeMasters object at 0x7f7208aa7048>
topology_m3 = <lib389.topologies.TopologyMain object at 0x7f7208fe1748>
base_m3 = <lib389.idm.nscontainer.nsContainer object at 0x7f7208c9ef28>

def test_nested_entries(self, topology_m3, base_m3):
"""Check that conflict properly resolved for operations
with nested entries with children

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb6
:setup: Three master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Add 15 containers to m1 and wait for replication to happen
2. Pause replication
3. Create two child entries under each of two entries
4. Create three child entries under each of three entries
5. Create two parents on m1 and m2, then on m1 - create a child and delete one parent,
on m2 - delete one parent and create a child
6. Test a few more parent-child combinations with three instances
7. Resume replication
8. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:794: XFailed
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39003, 'ldap-secureport': 63703, 'server-id': 'master3', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 153 INFO Joining master master3 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39003 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39003 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39003 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39003 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master1 to master3 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39003 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master2 to master3 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39003 is was created topologies.py 161 INFO Ensuring master master3 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39001 already exists topologies.py 161 INFO Ensuring master master3 to master2 ... replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39003 to ldap://server.example.com:39002 is was created
XFailed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaPort-0-65535-9999999999999999999999999999999999999999999999999999999999999999999-invalid-389] 0.04
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaPort', too_small = '0', too_big = '65535'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '389'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_add(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf94
:setup: standalone instance
:steps:
1. Use a value that is too small
2. Use a value that is too big
3. Use a value that overflows the int
4. Use a value with character value (not a number)
5. Use a valid value
:expectedresults:
1. Add is rejected
2. Add is rejected
3. Add is rejected
4. Add is rejected
5. Add is allowed
"""

agmt_reset(topo)
replica = replica_setup(topo)

agmts = Agreements(topo.standalone, basedn=replica.dn)

# Test too small
perform_invalid_create(agmts, agmt_dict, attr, too_small)
# Test too big
> perform_invalid_create(agmts, agmt_dict, attr, too_big)

suites/replication/replica_config_test.py:210:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

many = <lib389.agreement.Agreements object at 0x7f7208fc3cf8>
properties = {'cn': 'test_agreement', 'nsDS5ReplicaBindDN': 'uid=tester', 'nsDS5ReplicaBindMethod': 'SIMPLE', 'nsDS5ReplicaHost': 'localhost.localdomain', ...}
attr = 'nsds5ReplicaPort', value = '65535'

def perform_invalid_create(many, properties, attr, value):
my_properties = copy.deepcopy(properties)
my_properties[attr] = value
with pytest.raises(ldap.LDAPError):
> many.create(properties=my_properties)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:106: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaPort-0-65535-9999999999999999999999999999999999999999999999999999999999999999999-invalid-389] 0.13
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaPort', too_small = '0', too_big = '65535'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '389'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
> perform_invalid_modify(agmt, attr, too_small)

suites/replication/replica_config_test.py:245:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f7208fe8eb8>
attr = 'nsds5ReplicaPort', value = '0'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaTimeout', too_small = '-1', too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f7208fb3550>
attr = 'nsds5ReplicaTimeout', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaBusyWaitTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.39
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaBusyWaitTime', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f720890af60>
attr = 'nsds5ReplicaBusyWaitTime', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaSessionPauseTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaSessionPauseTime', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f7208d12470>
attr = 'nsds5ReplicaSessionPauseTime', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaFlowControlWindow--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaFlowControlWindow', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f7208d564a8>
attr = 'nsds5ReplicaFlowControlWindow', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaFlowControlPause--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaFlowControlPause', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f7208a17588>
attr = 'nsds5ReplicaFlowControlPause', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaProtocolTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7f7208c2e240>
attr = 'nsds5ReplicaProtocolTimeout', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:247:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7f72088ec400>
attr = 'nsds5ReplicaProtocolTimeout', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError):
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:110: Failed
XFailed suites/replication/ruvstore_test.py::test_memoryruv_sync_with_databaseruv 0.03
topo = <lib389.topologies.TopologyMain object at 0x7f72089f2390>

@pytest.mark.xfail(reason="No method to safety access DB ruv currently exists online.")
def test_memoryruv_sync_with_databaseruv(topo):
"""Check if memory ruv and database ruv are synced

:id: 5f38ac5f-6353-460d-bf60-49cafffda5b3
:setup: Replication with two masters.
:steps: 1. Add user to server and compare memory ruv and database ruv.
2. Modify description of user and compare memory ruv and database ruv.
3. Modrdn of user and compare memory ruv and database ruv.
4. Delete user and compare memory ruv and database ruv.
:expectedresults:
1. For add user, the memory ruv and database ruv should be the same.
2. For modify operation, the memory ruv and database ruv should be the same.
3. For modrdn operation, the memory ruv and database ruv should be the same.
4. For delete operation, the memory ruv and database ruv should be the same.
"""

log.info('Adding user: {} to master1'.format(TEST_ENTRY_NAME))
users = UserAccounts(topo.ms['master1'], DEFAULT_SUFFIX)
tuser = users.create(properties=USER_PROPERTIES)
> _compare_memoryruv_and_databaseruv(topo, 'add')

suites/replication/ruvstore_test.py:137:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topo = <lib389.topologies.TopologyMain object at 0x7f72089f2390>
operation_type = 'add'

def _compare_memoryruv_and_databaseruv(topo, operation_type):
"""Compare the memoryruv and databaseruv for ldap operations"""

log.info('Checking memory ruv for ldap: {} operation'.format(operation_type))
replicas = Replicas(topo.ms['master1'])
replica = replicas.list()[0]
memory_ruv = replica.get_attr_val_utf8('nsds50ruv')

log.info('Checking database ruv for ldap: {} operation'.format(operation_type))
> entry = replicas.get_ruv_entry(DEFAULT_SUFFIX)
E AttributeError: 'Replicas' object has no attribute 'get_ruv_entry'

suites/replication/ruvstore_test.py:79: AttributeError
------------------------------ Captured log call -------------------------------
ruvstore_test.py 134 INFO Adding user: rep2lusr to master1 ruvstore_test.py 73 INFO Checking memory ruv for ldap: add operation ruvstore_test.py 78 INFO Checking database ruv for ldap: add operation
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.16
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaBusyWaitTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.16
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaSessionPauseTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaFlowControlWindow--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.17
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaFlowControlPause--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaProtocolTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
No log output captured.
Skipped suites/config/regression_test.py::test_set_cachememsize_to_custom_value::setup 0.00
('suites/config/regression_test.py', 31, 'Skipped: available memory is too low')
Skipped suites/memory_leaks/range_search_test.py::test_range_search::setup 0.00
('suites/memory_leaks/range_search_test.py', 21, "Skipped: Don't run if ASAN is not enabled")
Skipped tickets/ticket47815_test.py::test_ticket47815::setup 0.00
('tickets/ticket47815_test.py', 23, 'Skipped: Not implemented, or invalid by nsMemberOf')
Skipped tickets/ticket49121_test.py::test_ticket49121::setup 0.00
('tickets/ticket49121_test.py', 30, "Skipped: Don't run if ASAN is not enabled")
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_EQ_ACI)] 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, ROLE_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, ROLE_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, LDAPURL_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, REAL_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_OU, REAL_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, REAL_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_PRES_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_EQ_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_PRES_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_SUB_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(SALES_UESER, SALES_MANAGER, LDAPURL_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, ENG_MANAGER, ROLE_EQ_ACI)] 0.04
No log output captured.
Passed suites/acl/acl_deny_test.py::test_multi_deny_aci 11.46
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. acl_deny_test.py 37 INFO Add uid=tuser1,ou=People,dc=example,dc=com acl_deny_test.py 48 INFO Add uid=tuser,ou=People,dc=example,dc=com------------------------------ Captured log call -------------------------------
acl_deny_test.py 80 INFO Pass 1 acl_deny_test.py 83 INFO Testing two searches behave the same... acl_deny_test.py 126 INFO Testing search does not return any entries... acl_deny_test.py 80 INFO Pass 2 acl_deny_test.py 83 INFO Testing two searches behave the same... acl_deny_test.py 126 INFO Testing search does not return any entries... acl_deny_test.py 190 INFO Test PASSED
Passed suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[lang-ja] 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists acl_test.py 75 INFO ========Executing test with 'lang-ja' subtype======== acl_test.py 76 INFO Add a target attribute acl_test.py 79 INFO Add a user attribute acl_test.py 87 INFO Add an ACI with attribute subtype------------------------------ Captured log call -------------------------------
acl_test.py 116 INFO Search for the added attribute acl_test.py 123 INFO The added attribute was found
Passed suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[binary] 0.00
------------------------------ Captured log setup ------------------------------
acl_test.py 75 INFO ========Executing test with 'binary' subtype======== acl_test.py 76 INFO Add a target attribute acl_test.py 79 INFO Add a user attribute acl_test.py 87 INFO Add an ACI with attribute subtype------------------------------ Captured log call -------------------------------
acl_test.py 116 INFO Search for the added attribute acl_test.py 123 INFO The added attribute was found
Passed suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[phonetic] 0.00
------------------------------ Captured log setup ------------------------------
acl_test.py 75 INFO ========Executing test with 'phonetic' subtype======== acl_test.py 76 INFO Add a target attribute acl_test.py 79 INFO Add a user attribute acl_test.py 87 INFO Add an ACI with attribute subtype------------------------------ Captured log call -------------------------------
acl_test.py 116 INFO Search for the added attribute acl_test.py 123 INFO The added attribute was found
Passed suites/acl/acl_test.py::test_mode_default_add_deny 0.04
------------------------------ Captured log setup ------------------------------
acl_test.py 231 INFO ######## INITIALIZATION ######## acl_test.py 234 INFO Add uid=bind_entry,dc=example,dc=com acl_test.py 244 INFO Add cn=staged user,dc=example,dc=com acl_test.py 248 INFO Add cn=accounts,dc=example,dc=com acl_test.py 252 INFO Add cn=excepts,cn=accounts,dc=example,dc=com------------------------------ Captured log call -------------------------------
acl_test.py 284 INFO ######## mode moddn_aci : ADD (should fail) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 292 INFO Try to add cn=accounts,dc=example,dc=com acl_test.py 301 INFO Exception (expected): INSUFFICIENT_ACCESS
Passed suites/acl/acl_test.py::test_mode_default_delete_deny 0.04
------------------------------ Captured log call -------------------------------
acl_test.py 319 INFO ######## DELETE (should fail) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 326 INFO Try to delete cn=staged user,dc=example,dc=com acl_test.py 331 INFO Exception (expected): INSUFFICIENT_ACCESS
Passed suites/acl/acl_test.py::test_moddn_staging_prod[0-cn=staged user,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.32
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (0) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account0,cn=staged user,dc=example,dc=com -> uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account0,cn=staged user,dc=example,dc=com -> uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[1-cn=staged user,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (1) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account1,cn=staged user,dc=example,dc=com -> uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account1,cn=staged user,dc=example,dc=com -> uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[2-cn=staged user,dc=example,dc=com-cn=bad*,dc=example,dc=com-True] 0.30
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (2) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account2,cn=staged user,dc=example,dc=com -> uid=new_account2,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account2,cn=staged user,dc=example,dc=com -> uid=new_account2,cn=accounts,dc=example,dc=com acl_test.py 398 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[3-cn=st*,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (3) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account3,cn=staged user,dc=example,dc=com -> uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account3,cn=staged user,dc=example,dc=com -> uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[4-cn=bad*,dc=example,dc=com-cn=accounts,dc=example,dc=com-True] 0.30
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (4) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account4,cn=staged user,dc=example,dc=com -> uid=new_account4,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account4,cn=staged user,dc=example,dc=com -> uid=new_account4,cn=accounts,dc=example,dc=com acl_test.py 398 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[5-cn=st*,dc=example,dc=com-cn=ac*,dc=example,dc=com-False] 0.30
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (5) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account5,cn=staged user,dc=example,dc=com -> uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account5,cn=staged user,dc=example,dc=com -> uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[6-None-cn=ac*,dc=example,dc=com-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (6) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account6,cn=staged user,dc=example,dc=com -> uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account6,cn=staged user,dc=example,dc=com -> uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[7-cn=st*,dc=example,dc=com-None-False] 0.29
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (7) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account7,cn=staged user,dc=example,dc=com -> uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account7,cn=staged user,dc=example,dc=com -> uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[8-None-None-False] 0.30
------------------------------ Captured log call -------------------------------
acl_test.py 365 INFO ######## MOVE staging -> Prod (8) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 377 INFO Try to MODDN uid=new_account8,cn=staged user,dc=example,dc=com -> uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 384 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 388 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 395 INFO Try to MODDN uid=new_account8,cn=staged user,dc=example,dc=com -> uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod_9 1.30
------------------------------ Captured log call -------------------------------
acl_test.py 441 INFO ######## MOVE staging -> Prod (9) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 454 INFO Try to MODDN uid=new_account9,cn=staged user,dc=example,dc=com -> uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 461 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 467 INFO Disable the moddn right acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 472 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 480 INFO Try to MODDN uid=new_account9,cn=staged user,dc=example,dc=com -> uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 487 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 509 INFO Try to MODDN uid=new_account9,cn=staged user,dc=example,dc=com -> uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 520 INFO Enable the moddn right acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 524 INFO ######## MOVE staging -> Prod (10) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 536 INFO Try to MODDN uid=new_account10,cn=staged user,dc=example,dc=com -> uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 543 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 560 INFO Try to MODDN uid=new_account10,cn=staged user,dc=example,dc=com -> uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 567 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 576 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 582 INFO Try to MODDN uid=new_account10,cn=staged user,dc=example,dc=com -> uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_prod_staging 0.54
------------------------------ Captured log call -------------------------------
acl_test.py 611 INFO ######## MOVE staging -> Prod (11) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 624 INFO Try to MODDN uid=new_account11,cn=staged user,dc=example,dc=com -> uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 631 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 635 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 641 INFO Try to MODDN uid=new_account11,cn=staged user,dc=example,dc=com -> uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 656 INFO Try to move back MODDN uid=new_account11,cn=accounts,dc=example,dc=com -> uid=new_account11,cn=staged user,dc=example,dc=com acl_test.py 663 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_check_repl_M2_to_M1 1.11
------------------------------ Captured log call -------------------------------
acl_test.py 693 INFO Bind as cn=Directory Manager (M2) acl_test.py 713 INFO Update (M2) uid=new_account12,cn=staged user,dc=example,dc=com (description) acl_test.py 726 INFO Update uid=new_account12,cn=staged user,dc=example,dc=com (description) replicated on M1
Passed suites/acl/acl_test.py::test_moddn_staging_prod_except 0.31
------------------------------ Captured log call -------------------------------
acl_test.py 751 INFO ######## MOVE staging -> Prod (13) ######## acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 763 INFO Try to MODDN uid=new_account13,cn=staged user,dc=example,dc=com -> uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 770 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 774 INFO ######## MOVE to and from equality filter ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 158 INFO Add a DENY aci under cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 781 INFO Try to MODDN uid=new_account13,cn=staged user,dc=example,dc=com -> uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 787 INFO ######## MOVE staging -> Prod/Except (14) ######## acl_test.py 793 INFO Try to MODDN uid=new_account14,cn=staged user,dc=example,dc=com -> uid=new_account14,cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 800 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 158 INFO Add a DENY aci under cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_mode_default_ger_no_moddn 0.00
------------------------------ Captured log call -------------------------------
acl_test.py 827 INFO ######## mode moddn_aci : GER no moddn ######## acl_test.py 838 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 838 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 841 INFO ######## entryLevelRights: b'v'
Passed suites/acl/acl_test.py::test_mode_default_ger_with_moddn 0.27
------------------------------ Captured log call -------------------------------
acl_test.py 865 INFO ######## mode moddn_aci: GER with moddn ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 883 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 883 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 886 INFO ######## entryLevelRights: b'vn' acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_mode_legacy_ger_no_moddn1 0.11
------------------------------ Captured log call -------------------------------
acl_test.py 916 INFO ######## Disable the moddn aci mod ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 920 INFO ######## mode legacy 1: GER no moddn ######## acl_test.py 930 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 930 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 933 INFO ######## entryLevelRights: b'v'
Passed suites/acl/acl_test.py::test_mode_legacy_ger_no_moddn2 0.36
------------------------------ Captured log call -------------------------------
acl_test.py 959 INFO ######## Disable the moddn aci mod ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 963 INFO ######## mode legacy 2: GER no moddn ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 980 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 980 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 983 INFO ######## entryLevelRights: b'v' acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_mode_legacy_ger_with_moddn 0.33
------------------------------ Captured log call -------------------------------
acl_test.py 1019 INFO ######## Disable the moddn aci mod ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 1023 INFO ######## mode legacy : GER with moddn ######## acl_test.py 131 INFO Bind as cn=Directory Manager acl_test.py 137 INFO Bind as uid=bind_entry,dc=example,dc=com acl_test.py 1045 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 1045 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 1048 INFO ######## entryLevelRights: b'vn' acl_test.py 131 INFO Bind as cn=Directory Manager
Passed suites/acl/acl_test.py::test_rdn_write_get_ger 0.01
------------------------------ Captured log setup ------------------------------
acl_test.py 1059 INFO ######## Add entry tuser ########------------------------------ Captured log call -------------------------------
acl_test.py 1083 INFO ######## GER rights for anonymous ######## acl_test.py 1093 INFO dn: dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=Directory Administrators,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=People,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=Special Users,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=Accounting Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=HR Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=QA Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=PD Managers,ou=Groups,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=replication_managers,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: ou=Services,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=server.example.com:63701,ou=Services,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=server.example.com:63702,ou=Services,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=bind_entry,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=excepts,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account0,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account1,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account2,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account3,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account4,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account5,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account6,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account7,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account8,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account9,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account10,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account11,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account12,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account13,cn=accounts,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account14,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account15,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account16,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account17,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account18,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: uid=new_account19,cn=staged user,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v' acl_test.py 1093 INFO dn: cn=tuser,dc=example,dc=com acl_test.py 1095 INFO ######## entryLevelRights: b'v'
Passed suites/acl/acl_test.py::test_rdn_write_modrdn_anonymous 0.10
------------------------------ Captured log call -------------------------------
acl_test.py 1122 INFO dn: acl_test.py 1124 INFO ######## 'objectClass': [b'top'] acl_test.py 1124 INFO ######## 'defaultnamingcontext': [b'dc=example,dc=com'] acl_test.py 1124 INFO ######## 'dataversion': [b'020190427232020'] acl_test.py 1124 INFO ######## 'netscapemdsuffix': [b'cn=ldap://dc=server,dc=example,dc=com:39001'] acl_test.py 1129 INFO Exception (expected): INSUFFICIENT_ACCESS acl_test.py 1136 INFO The entry was not renamed (expected) acl_test.py 131 INFO Bind as cn=Directory Manager
Passed suites/acl/deladd_test.py::test_allow_delete_access_to_groupdn 0.07
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/deladd_test.py::test_allow_add_access_to_anyone 0.04
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_delete_access_to_anyone 0.04
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_delete_access_not_to_userdn 0.04
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_delete_access_not_to_group 0.05
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_add_access_to_parent 0.05
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_delete_access_to_parent 0.05
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_delete_access_to_dynamic_group 0.04
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_delete_access_to_dynamic_group_uid 0.04
No log output captured.
Passed suites/acl/deladd_test.py::test_allow_delete_access_not_to_dynamic_group 0.04
No log output captured.
Passed suites/acl/enhanced_aci_modrnd_test.py::test_enhanced_aci_modrnd 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. enhanced_aci_modrnd_test.py 30 INFO Add a container: ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 37 INFO Add a container: ou=test_ou_2,dc=example,dc=com enhanced_aci_modrnd_test.py 44 INFO Add a user: cn=test_user,ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 59 INFO Add an ACI 'allow (all)' by cn=test_user,ou=test_ou_1,dc=example,dc=com to the ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 63 INFO Add an ACI 'allow (all)' by cn=test_user,ou=test_ou_1,dc=example,dc=com to the ou=test_ou_2,dc=example,dc=com------------------------------ Captured log call -------------------------------
enhanced_aci_modrnd_test.py 93 INFO Bind as cn=test_user,ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 98 INFO User MODRDN operation from ou=test_ou_1,dc=example,dc=com to ou=test_ou_2,dc=example,dc=com enhanced_aci_modrnd_test.py 103 INFO Check there is no user in ou=test_ou_1,dc=example,dc=com enhanced_aci_modrnd_test.py 109 INFO Check there is our user in ou=test_ou_2,dc=example,dc=com
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_five 0.04
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_six 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_seven 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eight 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_nine 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_ten 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eleven 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_twelve 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_fourteen 0.06
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_fifteen 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_sixteen 0.04
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_seventeen 0.44
No log output captured.
Passed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eighteen 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_caching_changes 0.05
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/globalgroup_test.py::test_deny_group_member_all_rights_to_user 0.05
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deny_group_member_all_rights_to_group_members 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_denial 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_denial_two 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_allow 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_deeply_nested_groups_aci_allow_two 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_two 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_three 0.04
No log output captured.
Passed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_four 0.04
No log output captured.
Passed suites/acl/misc_test.py::test_accept_aci_in_addition_to_acl 0.09
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/misc_test.py::test_more_then_40_acl_will_crash_slapd 0.25
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_search_access_should_not_include_read_access 0.03
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_only_allow_some_targetattr 0.04
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_only_allow_some_targetattr_two 0.68
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_memberurl_needs_to_be_normalized 0.12
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_greater_than_200_acls_can_be_created 3.55
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_server_bahaves_properly_with_very_long_attribute_names 0.06
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/misc_test.py::test_do_bind_as_201_distinct_users 12.46
------------------------------ Captured log setup ------------------------------
misc_test.py 64 INFO Exception (expected): ALREADY_EXISTS
Passed suites/acl/modify_test.py::test_allow_write_access_to_targetattr_with_a_single_attribute 0.07
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/modify_test.py::test_allow_write_access_to_targetattr_with_multiple_attibutes 0.06
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdn_all 0.11
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdn_with_wildcards_in_dn 0.07
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdn_with_multiple_dns 0.16
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_target_with_wildcards 0.39
No log output captured.
Passed suites/acl/modify_test.py::test_allow_write_access_to_userdnattr 0.10
No log output captured.
Passed suites/acl/modify_test.py::test_allow_selfwrite_access_to_anyone 0.08
No log output captured.
Passed suites/acl/modify_test.py::test_uniquemember_should_also_be_the_owner 0.17
No log output captured.
Passed suites/acl/modify_test.py::test_aci_with_both_allow_and_deny 0.13
No log output captured.
Passed suites/acl/modify_test.py::test_allow_owner_to_modify_entry 0.12
No log output captured.
Passed suites/acl/modrdn_test.py::test_allow_write_privilege_to_anyone 0.02
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/modrdn_test.py::test_allow_write_privilege_to_dynamic_group_with_scope_set_to_base_in_ldap_url 0.05
No log output captured.
Passed suites/acl/modrdn_test.py::test_write_access_to_naming_atributes 0.04
No log output captured.
Passed suites/acl/modrdn_test.py::test_write_access_to_naming_atributes_two 0.07
No log output captured.
Passed suites/acl/modrdn_test.py::test_access_aci_list_contains_any_deny_rule 0.10
No log output captured.
Passed suites/acl/modrdn_test.py::test_renaming_target_entry 0.08
No log output captured.
Passed suites/acl/repeated_ldap_add_test.py::test_repeated_ldap_add 32.68
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stdout call -----------------------------
uid=buser123,ou=BOU,dc=example,dc=com inactivated. ------------------------------ Captured log call -------------------------------
repeated_ldap_add_test.py 182 INFO Testing Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc. repeated_ldap_add_test.py 184 INFO Disabling accesslog logbuffering repeated_ldap_add_test.py 187 INFO Bind as {cn=Directory Manager,password} repeated_ldap_add_test.py 190 INFO Adding ou=BOU a bind user belongs to. repeated_ldap_add_test.py 195 INFO Adding a bind user. repeated_ldap_add_test.py 202 INFO Adding a test user. repeated_ldap_add_test.py 209 INFO Deleting aci in dc=example,dc=com. repeated_ldap_add_test.py 212 INFO While binding as DM, acquire an access log path and instance dir repeated_ldap_add_test.py 218 INFO Bind case 1. the bind user has no rights to read the entry itself, bind should be successful. repeated_ldap_add_test.py 219 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123} who has no access rights. repeated_ldap_add_test.py 227 INFO Access log path: /var/log/dirsrv/slapd-standalone1/access repeated_ldap_add_test.py 230 INFO Bind case 2-1. the bind user does not exist, bind should fail with error INVALID_CREDENTIALS repeated_ldap_add_test.py 231 INFO Bind as {uid=bogus,dc=example,dc=com,bogus} who does not exist. repeated_ldap_add_test.py 235 INFO Exception (expected): INVALID_CREDENTIALS repeated_ldap_add_test.py 236 INFO Desc Invalid credentials repeated_ldap_add_test.py 244 INFO Cause found - [27/Apr/2019:19:22:02.396637656 -0400] conn=1 op=10 RESULT err=49 tag=97 nentries=0 etime=0.0004179356 - No such entry repeated_ldap_add_test.py 248 INFO Bind case 2-2. the bind user's suffix does not exist, bind should fail with error INVALID_CREDENTIALS repeated_ldap_add_test.py 249 INFO Bind as {uid=bogus,ou=people,dc=bogus,bogus} who does not exist. repeated_ldap_add_test.py 258 INFO Cause found - [27/Apr/2019:19:22:03.403689215 -0400] conn=1 op=11 RESULT err=49 tag=97 nentries=0 etime=0.0003545109 - No suffix for bind dn found repeated_ldap_add_test.py 262 INFO Bind case 2-3. the bind user's password is wrong, bind should fail with error INVALID_CREDENTIALS repeated_ldap_add_test.py 263 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,bogus} who does not exist. repeated_ldap_add_test.py 267 INFO Exception (expected): INVALID_CREDENTIALS repeated_ldap_add_test.py 268 INFO Desc Invalid credentials repeated_ldap_add_test.py 276 INFO Cause found - [27/Apr/2019:19:22:04.433395371 -0400] conn=1 op=12 RESULT err=49 tag=97 nentries=0 etime=0.0026783260 - Invalid credentials repeated_ldap_add_test.py 279 INFO Adding aci for uid=buser123,ou=BOU,dc=example,dc=com to ou=BOU,dc=example,dc=com. repeated_ldap_add_test.py 281 INFO aci: (targetattr="*")(version 3.0; acl "buser123"; allow(all) userdn = "ldap:///uid=buser123,ou=BOU,dc=example,dc=com";) repeated_ldap_add_test.py 282 INFO Bind as {cn=Directory Manager,password} repeated_ldap_add_test.py 287 INFO Bind case 3. the bind user has the right to read the entry itself, bind should be successful. repeated_ldap_add_test.py 288 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123} which should be ok. repeated_ldap_add_test.py 291 INFO The following operations are against the subtree the bind user uid=buser123,ou=BOU,dc=example,dc=com has no rights. repeated_ldap_add_test.py 296 INFO Search case 1. the bind user has no rights to read the search entry, it should return no search results with <class 'ldap.SUCCESS'> repeated_ldap_add_test.py 106 INFO Searching existing entry uid=tuser0,ou=people,dc=example,dc=com, which should be ok. repeated_ldap_add_test.py 139 INFO Search should return none repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 302 INFO Search case 2-1. the search entry does not exist, the search should return no search results with SUCCESS repeated_ldap_add_test.py 106 INFO Searching non-existing entry uid=bogus,dc=example,dc=com, which should be ok. repeated_ldap_add_test.py 139 INFO Search should return none repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 308 INFO Search case 2-2. the search entry does not exist, the search should return no search results with SUCCESS repeated_ldap_add_test.py 106 INFO Searching non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should be ok. repeated_ldap_add_test.py 139 INFO Search should return none repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 315 INFO Add case 1. the bind user has no rights AND the adding entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Adding existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 321 INFO Add case 2-1. the bind user has no rights AND the adding entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Adding non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 327 INFO Add case 2-2. the bind user has no rights AND the adding entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Adding non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 334 INFO Modify case 1. the bind user has no rights AND the modifying entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Modifying existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 340 INFO Modify case 2-1. the bind user has no rights AND the modifying entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Modifying non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 346 INFO Modify case 2-2. the bind user has no rights AND the modifying entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Modifying non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 353 INFO Modrdn case 1. the bind user has no rights AND the renaming entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Renaming existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 359 INFO Modrdn case 2-1. the bind user has no rights AND the renaming entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Renaming non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 365 INFO Modrdn case 2-2. the bind user has no rights AND the renaming entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Renaming non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 371 INFO Modrdn case 3. the bind user has no rights AND the node moving an entry to exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Moving to existing superior ou=groups,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 377 INFO Modrdn case 4-1. the bind user has no rights AND the node moving an entry to does not, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Moving to non-existing superior ou=OU,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 383 INFO Modrdn case 4-2. the bind user has no rights AND the node moving an entry to does not, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Moving to non-existing superior ou=OU,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 390 INFO Delete case 1. the bind user has no rights AND the deleting entry exists, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Deleting existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 396 INFO Delete case 2-1. the bind user has no rights AND the deleting entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Deleting non-existing entry uid=bogus,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 402 INFO Delete case 2-2. the bind user has no rights AND the deleting entry does not exist, it should fail with INSUFFICIENT_ACCESS repeated_ldap_add_test.py 106 INFO Deleting non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with INSUFFICIENT_ACCESS. repeated_ldap_add_test.py 129 INFO Exception (expected): INSUFFICIENT_ACCESS repeated_ldap_add_test.py 130 INFO Desc Insufficient access repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 405 INFO EXTRA: Check no regressions repeated_ldap_add_test.py 406 INFO Adding aci for uid=buser123,ou=BOU,dc=example,dc=com to dc=example,dc=com. repeated_ldap_add_test.py 408 INFO Bind as {cn=Directory Manager,password} repeated_ldap_add_test.py 413 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123}. repeated_ldap_add_test.py 423 INFO Search case. the search entry does not exist, the search should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Searching non-existing entry uid=bogus,ou=people,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 429 INFO Add case. the adding entry already exists, it should fail with ALREADY_EXISTS repeated_ldap_add_test.py 106 INFO Adding existing entry uid=tuser0,ou=people,dc=example,dc=com, which should fail with ALREADY_EXISTS. repeated_ldap_add_test.py 129 INFO Exception (expected): ALREADY_EXISTS repeated_ldap_add_test.py 130 INFO Desc Already exists repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 434 INFO Modify case. the modifying entry does not exist, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Modifying non-existing entry uid=bogus,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 439 INFO Modrdn case 1. the renaming entry does not exist, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Renaming non-existing entry uid=bogus,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 444 INFO Modrdn case 2. the node moving an entry to does not, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Moving to non-existing superior ou=OU,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 449 INFO Delete case. the deleting entry does not exist, it should fail with NO_SUCH_OBJECT repeated_ldap_add_test.py 106 INFO Deleting non-existing entry uid=bogus,dc=example,dc=com, which should fail with NO_SUCH_OBJECT. repeated_ldap_add_test.py 129 INFO Exception (expected): NO_SUCH_OBJECT repeated_ldap_add_test.py 130 INFO Desc No such object repeated_ldap_add_test.py 146 INFO PASSED repeated_ldap_add_test.py 452 INFO Inactivate uid=buser123,ou=BOU,dc=example,dc=com repeated_ldap_add_test.py 459 INFO ['/usr/sbin/ns-inactivate.pl', '-Z', 'standalone1', '-D', 'cn=Directory Manager', '-w', 'password', '-I', 'uid=buser123,ou=BOU,dc=example,dc=com'] repeated_ldap_add_test.py 463 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,buser123} which should fail with UNWILLING_TO_PERFORM. repeated_ldap_add_test.py 467 INFO Exception (expected): UNWILLING_TO_PERFORM repeated_ldap_add_test.py 468 INFO Desc Server is unwilling to perform repeated_ldap_add_test.py 471 INFO Bind as {uid=buser123,ou=BOU,dc=example,dc=com,bogus} which should fail with UNWILLING_TO_PERFORM. repeated_ldap_add_test.py 475 INFO Exception (expected): UNWILLING_TO_PERFORM repeated_ldap_add_test.py 476 INFO Desc Server is unwilling to perform repeated_ldap_add_test.py 479 INFO SUCCESS
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_non_leaf 0.73
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_wildcard_non_leaf 0.67
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_wildcard_leaf 0.81
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_equality_search 0.60
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_equality_search_two 0.75
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_substring_search 0.55
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_substring_search_two 0.72
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_boolean_or_of_two_equality_search 0.08
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_to__userdn_two 0.63
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_userdn 0.65
No log output captured.
Passed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_presence_search 0.09
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url 0.62
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url_two 0.54
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url_matching_all_users 0.85
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_a_dynamic_group 0.49
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_with_host_port_set_on_ldap_url 0.38
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_with_scope_set_to_one_in_ldap_url 0.43
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_two 0.63
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_deny_access_to_group_should_deny_access_to_all_uniquemember 0.57
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_entry_with_lots_100_attributes 6.73
No log output captured.
Passed suites/acl/search_real_part3_test.py::test_groupdnattr_value_is_another_group 0.11
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with_target_set 0.61
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/search_real_test.py::test_deny_all_access_to_a_target_with_wild_card 0.54
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_without_a_target_set 0.78
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_read_search_and_compare_access_with_target_and_targetattr_set 0.60
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_read_access_to_multiple_groupdns 0.80
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_to_userdnattr 0.57
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with__target_set 0.69
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with__targetattr_set 1.03
No log output captured.
Passed suites/acl/search_real_test.py::test_deny_all_access_with_targetattr_set 0.50
No log output captured.
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_add 0.48
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. selfdn_permissions_test.py 57 INFO Add OCticket47653 that allows 'member' attribute selfdn_permissions_test.py 62 INFO Add cn=bind_entry, dc=example,dc=com------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 105 INFO ######################### ADD ###################### selfdn_permissions_test.py 108 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 138 INFO Try to add Add cn=test_entry, dc=example,dc=com (aci is missing): dn: cn=test_entry, dc=example,dc=com cn: test_entry member: cn=bind_entry, dc=example,dc=com objectclass: top objectclass: person objectclass: OCticket47653 postalAddress: here postalCode: 1234 sn: test_entry selfdn_permissions_test.py 142 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 146 INFO Bind as cn=Directory Manager and add the ADD SELFDN aci selfdn_permissions_test.py 158 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 163 INFO Try to add Add cn=test_entry, dc=example,dc=com (member is missing) selfdn_permissions_test.py 171 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 177 INFO Try to add Add cn=test_entry, dc=example,dc=com (with several member values) selfdn_permissions_test.py 180 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 183 INFO Try to add Add cn=test_entry, dc=example,dc=com should be successful
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_search 0.31
------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 204 INFO ######################### SEARCH ###################### selfdn_permissions_test.py 206 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 210 INFO Try to search cn=test_entry, dc=example,dc=com (aci is missing) selfdn_permissions_test.py 215 INFO Bind as cn=Directory Manager and add the READ/SEARCH SELFDN aci selfdn_permissions_test.py 228 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 232 INFO Try to search cn=test_entry, dc=example,dc=com should be successful
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_modify 0.44
------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 255 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 258 INFO ######################### MODIFY ###################### selfdn_permissions_test.py 262 INFO Try to modify cn=test_entry, dc=example,dc=com (aci is missing) selfdn_permissions_test.py 266 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 270 INFO Bind as cn=Directory Manager and add the WRITE SELFDN aci selfdn_permissions_test.py 283 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 287 INFO Try to modify cn=test_entry, dc=example,dc=com. It should succeeds
Passed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_delete 0.27
------------------------------ Captured log call -------------------------------
selfdn_permissions_test.py 312 INFO ######################### DELETE ###################### selfdn_permissions_test.py 315 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 320 INFO Try to delete cn=test_entry, dc=example,dc=com (aci is missing) selfdn_permissions_test.py 323 INFO Exception (expected): INSUFFICIENT_ACCESS selfdn_permissions_test.py 327 INFO Bind as cn=Directory Manager and add the READ/SEARCH SELFDN aci selfdn_permissions_test.py 339 INFO Bind as cn=bind_entry, dc=example,dc=com selfdn_permissions_test.py 343 INFO Try to delete cn=test_entry, dc=example,dc=com should be successful
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_1] 0.02
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_2] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_3] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_4] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_5] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_6] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_7] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_8] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_9] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_10] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_11] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_12] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_13] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_14] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_15] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_16] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_17] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_19] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_21] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_22] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_targattrfilters_23] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Missing_acl_mispel] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Missing_acl_string] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Wrong_version_string] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Missing_version_string] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Authenticate_statement] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Multiple_targets] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Target_set_to_self] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_target_set_with_ldap_instead_of_ldap] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_target_set_with_more_than_three] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_target_set_with_less_than_three] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_bind_rule_set_with_less_than_three] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_semicolon_instead_of_comma_in_permission] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_double_equal_instead_of_equal_in_the_target] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_use_double_equal_instead_of_equal_in_user_and_group_access] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_donot_cote_the_name_of_the_aci] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_extra_parentheses_case_1] 0.21
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_extra_parentheses_case_2] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_extra_parentheses_case_3] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_no_semicolon_at_the_end_of_the_aci] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_a_character_different_of_a_semicolon_at_the_end_of_the_aci] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_bad_filter] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_double_equal_instead_of_equal_in_the_targattrfilters] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_aci_invalid_syntax[test_Use_double_equal_instead_of_equal_inside_the_targattrfilters] 0.01
No log output captured.
Passed suites/acl/syntax_test.py::test_target_set_above_the_entry_test 0.01
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_we_can_search_as_expected 0.01
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/valueacl_part2_test.py::test_we_can_mod_title_as_expected 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_modify_with_multiple_filters 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_denied_by_multiple_filters 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_allowed_add_one_attribute 0.04
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_cannot_add_an_entry_with_attribute_values_we_are_not_allowed_add 0.05
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_on_modrdn 0.03
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_on_modrdn_allow 0.05
No log output captured.
Passed suites/acl/valueacl_part2_test.py::test_targattrfilters_keyword 0.10
No log output captured.
Passed suites/acl/valueacl_test.py::test_delete_an_attribute_value_we_are_not_allowed_to_delete 0.05
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/valueacl_test.py::test_donot_allow_write_access_to_title_if_value_is_not_architect 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_delete_an_attribute_value_we_are_allowed_to_delete 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_delete_an_attribute_value_we_are_not_allowed_to_deleted 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_modify_replace 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_modify_delete 0.08
No log output captured.
Passed suites/acl/valueacl_test.py::test_replace_an_attribute_if_we_lack 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_remove_an_attribute_if_we_have_del_rights_to_all_attr_value 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_remove_an_attribute_if_we_donot_have_del_rights_to_all_attr_value 0.06
No log output captured.
Passed suites/acl/valueacl_test.py::test_remove_an_attribute_if_we_have_del_rights_to_all_attr_values 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_cantnot_delete_an_entry_with_attribute_values_we_are_not_allowed_delete 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_we_can_add_and_delete_an_entry_with_attribute_values_we_are_allowed_add_and_delete 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_title 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_allow_to_modify 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_selfwrite_does_not_confer_write_on_a_targattrfilters_atribute 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_selfwrite_continues_to_give_rights_to_attr_in_targetattr_list 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_add_an_attribute_value_we_are_allowed_to_add_with_ldapanyone 0.04
No log output captured.
Passed suites/acl/valueacl_test.py::test_hierarchy 0.05
No log output captured.
Passed suites/acl/valueacl_test.py::test_targattrfilters_and_search_permissions_and_that_ldapmodify_works_as_expected 0.03
No log output captured.
Passed suites/acl/valueacl_test.py::test_targattrfilters_and_search_permissions_and_that_ldapmodify_works_as_expected_two 0.01
No log output captured.
Passed suites/automember_plugin/automember_mod_test.py::test_mods 10.91
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
automember_mod_test.py 134 INFO Test PASSED
Passed suites/automember_plugin/automember_test.py::test_automemberscope 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/automember_plugin/automember_test.py::test_automemberfilter 0.01
No log output captured.
Passed suites/automember_plugin/automember_test.py::test_adduser 0.24
No log output captured.
Passed suites/automember_plugin/automember_test.py::test_delete_default_group 4.19
No log output captured.
Passed suites/automember_plugin/automember_test.py::test_delete_target_group 4.54
No log output captured.
Passed suites/basic/basic_test.py::test_basic_ops 0.13
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/basic/basic_test.py::test_basic_import_export 38.19
----------------------------- Captured stderr call -----------------------------
ldiffile: /var/lib/dirsrv/slapd-standalone1/ldif/export.ldif
Passed suites/basic/basic_test.py::test_basic_backup 9.47
------------------------------ Captured log call -------------------------------
tasks.py 557 INFO Backup task backup_04272019_192539 completed successfully tasks.py 611 INFO Restore task restore_04272019_192541 completed successfully
Passed suites/basic/basic_test.py::test_basic_db2index 5.28
----------------------------- Captured stderr call -----------------------------
[27/Apr/2019:19:25:51.818680217 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [27/Apr/2019:19:25:51.824654312 -0400] - INFO - check_and_set_import_cache - pagesize: 4096, available bytes 7784542208, process usage 22740992 [27/Apr/2019:19:25:51.827411971 -0400] - INFO - check_and_set_import_cache - Import allocates 3040836KB import cache. [27/Apr/2019:19:25:51.830375139 -0400] - INFO - dblayer_copy_directory - Backing up file 0 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/objectclass.db) [27/Apr/2019:19:25:51.832792470 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/objectclass.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/objectclass.db [27/Apr/2019:19:25:51.835242301 -0400] - INFO - dblayer_copy_directory - Backing up file 1 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/entryrdn.db) [27/Apr/2019:19:25:51.837364854 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/entryrdn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/entryrdn.db [27/Apr/2019:19:25:51.839892572 -0400] - INFO - dblayer_copy_directory - Backing up file 2 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/nsuniqueid.db) [27/Apr/2019:19:25:51.842614705 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/nsuniqueid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/nsuniqueid.db [27/Apr/2019:19:25:51.845507645 -0400] - INFO - dblayer_copy_directory - Backing up file 3 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/numsubordinates.db) [27/Apr/2019:19:25:51.847867772 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/numsubordinates.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/numsubordinates.db [27/Apr/2019:19:25:51.850959945 -0400] - INFO - dblayer_copy_directory - Backing up file 4 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/cn.db) [27/Apr/2019:19:25:51.854490536 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/cn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/cn.db [27/Apr/2019:19:25:51.856819409 -0400] - INFO - dblayer_copy_directory - Backing up file 5 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/uid.db) [27/Apr/2019:19:25:51.859036488 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/uid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/uid.db [27/Apr/2019:19:25:51.861316572 -0400] - INFO - dblayer_copy_directory - Backing up file 6 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/mail.db) [27/Apr/2019:19:25:51.863512341 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/mail.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/mail.db [27/Apr/2019:19:25:51.865902502 -0400] - INFO - dblayer_copy_directory - Backing up file 7 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/DBVERSION) [27/Apr/2019:19:25:51.868363536 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/DBVERSION to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/DBVERSION [27/Apr/2019:19:25:51.870631778 -0400] - INFO - dblayer_copy_directory - Backing up file 8 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/uniquemember.db) [27/Apr/2019:19:25:51.873108101 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/uniquemember.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/uniquemember.db [27/Apr/2019:19:25:51.875936553 -0400] - INFO - dblayer_copy_directory - Backing up file 9 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/entryusn.db) [27/Apr/2019:19:25:51.878432959 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/entryusn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/entryusn.db [27/Apr/2019:19:25:51.880991559 -0400] - INFO - dblayer_copy_directory - Backing up file 10 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/telephoneNumber.db) [27/Apr/2019:19:25:51.883602579 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/telephoneNumber.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/telephoneNumber.db [27/Apr/2019:19:25:51.885933041 -0400] - INFO - dblayer_copy_directory - Backing up file 11 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/aci.db) [27/Apr/2019:19:25:51.888151958 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/aci.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/aci.db [27/Apr/2019:19:25:51.890460142 -0400] - INFO - dblayer_copy_directory - Backing up file 12 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/sn.db) [27/Apr/2019:19:25:51.892869689 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/sn.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/sn.db [27/Apr/2019:19:25:51.895293753 -0400] - INFO - dblayer_copy_directory - Backing up file 13 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/id2entry.db) [27/Apr/2019:19:25:51.897677387 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/id2entry.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/id2entry.db [27/Apr/2019:19:25:51.900090791 -0400] - INFO - dblayer_copy_directory - Backing up file 14 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/givenName.db) [27/Apr/2019:19:25:51.902394686 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/givenName.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/givenName.db [27/Apr/2019:19:25:51.904566979 -0400] - INFO - dblayer_copy_directory - Backing up file 15 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/parentid.db) [27/Apr/2019:19:25:51.906810606 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/parentid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/parentid.db [27/Apr/2019:19:25:51.909030903 -0400] - INFO - dblayer_copy_directory - Backing up file 16 (/var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/ancestorid.db) [27/Apr/2019:19:25:51.911327434 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/userRoot/ancestorid.db to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/userRoot/ancestorid.db [27/Apr/2019:19:25:51.913933727 -0400] - INFO - upgradedb_core - userRoot: Start upgradedb. [27/Apr/2019:19:25:51.916213200 -0400] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [27/Apr/2019:19:25:52.116614682 -0400] - INFO - import_main_offline - reindex userRoot: Index buffering enabled with bucket size 100 [27/Apr/2019:19:25:52.823011606 -0400] - INFO - import_monitor_threads - reindex userRoot: Workers finished; cleaning up... [27/Apr/2019:19:25:53.029226209 -0400] - INFO - import_monitor_threads - reindex userRoot: Workers cleaned up. [27/Apr/2019:19:25:53.033874736 -0400] - INFO - import_main_offline - reindex userRoot: Cleaning up producer thread... [27/Apr/2019:19:25:53.036487145 -0400] - INFO - import_main_offline - reindex userRoot: Indexing complete. Post-processing... [27/Apr/2019:19:25:53.038841701 -0400] - INFO - import_main_offline - reindex userRoot: Generating numsubordinates (this may take several minutes to complete)... [27/Apr/2019:19:25:53.041155473 -0400] - INFO - import_main_offline - reindex userRoot: Generating numSubordinates complete. [27/Apr/2019:19:25:53.043871819 -0400] - INFO - ldbm_get_nonleaf_ids - reindex userRoot: Gathering ancestorid non-leaf IDs... [27/Apr/2019:19:25:53.046279285 -0400] - INFO - ldbm_get_nonleaf_ids - reindex userRoot: Finished gathering ancestorid non-leaf IDs. [27/Apr/2019:19:25:53.051412810 -0400] - INFO - ldbm_ancestorid_new_idl_create_index - reindex userRoot: Creating ancestorid index (new idl)... [27/Apr/2019:19:25:53.054964309 -0400] - INFO - ldbm_ancestorid_new_idl_create_index - reindex userRoot: Created ancestorid index (new idl). [27/Apr/2019:19:25:53.057958132 -0400] - INFO - import_main_offline - reindex userRoot: Flushing caches... [27/Apr/2019:19:25:53.060909884 -0400] - INFO - import_main_offline - reindex userRoot: Closing files... [27/Apr/2019:19:25:53.127690708 -0400] - INFO - dblayer_pre_close - All database threads now stopped [27/Apr/2019:19:25:53.130484518 -0400] - INFO - import_main_offline - reindex userRoot: Reindexing complete. Processed 160 entries in 1 seconds. (160.00 entries/sec) [27/Apr/2019:19:25:53.133756405 -0400] - INFO - dblayer_copyfile - Copying /var/lib/dirsrv/slapd-standalone1/db/log.0000000001 to /var/lib/dirsrv/slapd-standalone1/bak/reindex_2019-04-27T19:25:51.719778/log.0000000001 [27/Apr/2019:19:25:53.144683267 -0400] - WARN - dblayer_get_home_dir - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file. [27/Apr/2019:19:25:53.147274338 -0400] - ERR - dblayer_copyfile - Failed to open source file (null)/DBVERSION by "No such file or directory" [27/Apr/2019:19:25:53.149803162 -0400] - INFO - dblayer_pre_close - All database threads now stopped [27/Apr/2019:19:25:53.277111317 -0400] - INFO - slapd_exemode_db2index - Backend Instance: userRoot [27/Apr/2019:19:25:53.284258197 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [27/Apr/2019:19:25:53.294070218 -0400] - INFO - dblayer_instance_start - Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [27/Apr/2019:19:25:53.296895498 -0400] - INFO - check_and_set_import_cache - pagesize: 4096, available bytes 7784906752, process usage 22835200 [27/Apr/2019:19:25:53.298940815 -0400] - INFO - check_and_set_import_cache - Import allocates 3040979KB import cache. [27/Apr/2019:19:25:53.419705037 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Indexing attribute: uid [27/Apr/2019:19:25:53.431156836 -0400] - INFO - ldbm_back_ldbm2index - userRoot: Finished indexing. [27/Apr/2019:19:25:53.449613541 -0400] - INFO - dblayer_pre_close - All database threads now stopped
Passed suites/basic/basic_test.py::test_basic_acl 0.25
No log output captured.
Passed suites/basic/basic_test.py::test_basic_searches 0.07
No log output captured.
Passed suites/basic/basic_test.py::test_basic_referrals 4.05
No log output captured.
Passed suites/basic/basic_test.py::test_basic_systemctl 11.93
----------------------------- Captured stderr call -----------------------------
Job for dirsrv@standalone1.service failed because the control process exited with error code. See "systemctl status dirsrv@standalone1.service" and "journalctl -xe" for details.
Passed suites/basic/basic_test.py::test_basic_ldapagent 5.02
No log output captured.
Passed suites/basic/basic_test.py::test_basic_dse_survives_kill9 11.22
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[namingContexts] 0.02
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedLDAPVersion] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedControl] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedExtension] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[supportedSASLMechanisms] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[vendorName] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_def_rootdse_attr[vendorVersion] 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[namingContexts] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedLDAPVersion] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedControl] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedExtension] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[supportedSASLMechanisms] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[vendorName] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_mod_def_rootdse_attr[vendorVersion] 0.00
No log output captured.
Passed suites/basic/basic_test.py::test_basic_anonymous_search 0.02
No log output captured.
Passed suites/basic/basic_test.py::test_search_original_type 0.02
No log output captured.
Passed suites/basic/basic_test.py::test_search_ou 0.01
No log output captured.
Passed suites/basic/basic_test.py::test_connection_buffer_size 0.02
No log output captured.
Passed suites/basic/basic_test.py::test_critical_msg_on_empty_range_idl 4.79
No log output captured.
Passed suites/basic/basic_test.py::test_ldbm_modification_audit_log 11.42
No log output captured.
Passed suites/basic/basic_test.py::test_dscreate 10.17
----------------------------- Captured stdout call -----------------------------
Starting installation... Completed installation for test_dscreate
Passed suites/betxns/betxn_test.py::test_betxt_7bit 4.44
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
betxn_test.py 48 INFO Running test_betxt_7bit... betxn_test.py 74 INFO test_betxt_7bit: PASSED
Passed suites/betxns/betxn_test.py::test_betxn_attr_uniqueness 4.41
------------------------------ Captured log call -------------------------------
betxn_test.py 125 INFO test_betxn_attr_uniqueness: PASSED
Passed suites/betxns/betxn_test.py::test_betxn_memberof 4.48
------------------------------ Captured log call -------------------------------
betxn_test.py 171 INFO test_betxn_memberof: PASSED
Passed suites/betxns/betxn_test.py::test_betxn_modrdn_memberof_cache_corruption 4.48
------------------------------ Captured log call -------------------------------
betxn_test.py 225 INFO test_betxn_modrdn_memberof: PASSED
Passed suites/clu/clu_test.py::test_clu_pwdhash 0.03
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
clu_test.py 38 INFO Running test_clu_pwdhash... clu_test.py 52 INFO pwdhash generated: {SSHA}QhtwisHojMjHypqEWC29efM8CqWltlAheCZQhg== clu_test.py 53 INFO test_clu_pwdhash: PASSED
Passed suites/clu/clu_test.py::test_clu_pwdhash_mod 0.04
------------------------------ Captured log call -------------------------------
clu_test.py 76 INFO Running test_clu_pwdhash_mod... clu_test.py 85 INFO pwdhash generated: {SSHA256}oH7BgITNsJZMCceQl6OBHV266B4+DlNrDWFg4OsS99K40fNJ89Vd0g== clu_test.py 86 INFO returned the hashed string using the algorithm set in nsslapd-rootpwstoragescheme
Passed suites/config/autotuning_test.py::test_threads_basic 0.02
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
autotuning_test.py 37 INFO Set nsslapd-threadnumber: -1 to enable autotuning autotuning_test.py 40 INFO Assert nsslapd-threadnumber is equal to the documented expected value
Passed suites/config/autotuning_test.py::test_threads_invalid_value[-2] 0.00
------------------------------ Captured log call -------------------------------
autotuning_test.py 56 INFO Set nsslapd-threadnumber: -2. Operation should fail
Passed suites/config/autotuning_test.py::test_threads_invalid_value[0] 0.00
------------------------------ Captured log call -------------------------------
autotuning_test.py 56 INFO Set nsslapd-threadnumber: 0. Operation should fail
Passed suites/config/autotuning_test.py::test_threads_invalid_value[invalid] 0.00
------------------------------ Captured log call -------------------------------
autotuning_test.py 56 INFO Set nsslapd-threadnumber: invalid. Operation should fail
Passed suites/config/autotuning_test.py::test_threads_back_from_manual_value 0.04
------------------------------ Captured log call -------------------------------
autotuning_test.py 78 INFO Set nsslapd-threadnumber: -1 to enable autotuning and save the new value autotuning_test.py 82 INFO Set nsslapd-threadnumber to the autotuned value decreased by 2 autotuning_test.py 87 INFO Set nsslapd-threadnumber: -1 to enable autotuning autotuning_test.py 90 INFO Assert nsslapd-threadnumber is back to the autotuned value
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[-] 4.01
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 141 INFO Delete nsslapd-cache-autosize autotuning_test.py 151 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'25'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[-0] 4.43
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 141 INFO Delete nsslapd-cache-autosize autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'0'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-400] 4.52
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 173 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[-40] 4.42
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 132 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 141 INFO Delete nsslapd-cache-autosize autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 173 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-] 4.51
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 132 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 151 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'25'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-401] 6.08
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 132 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 173 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_non_zero[10-0] 4.55
------------------------------ Captured log call -------------------------------
autotuning_test.py 130 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 131 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 132 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 133 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 134 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 135 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 138 INFO Set nsslapd-cache-autosize to 10 autotuning_test.py 148 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 157 INFO Trying to set nsslapd-cachememsize to 33333333 autotuning_test.py 160 INFO Trying to set nsslapd-dbcachesize to 33333333 autotuning_test.py 171 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 172 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 173 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 174 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 175 INFO nsslapd-cache-autosize == b'10' autotuning_test.py 176 INFO nsslapd-cache-autosize-split == b'0'
Passed suites/config/autotuning_test.py::test_cache_autosize_basic_sane[0] 8.95
------------------------------ Captured log call -------------------------------
autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 222 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 0 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 0 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 250 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 222 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 0 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 33333333 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 33333333 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 250 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'0'
Passed suites/config/autotuning_test.py::test_cache_autosize_basic_sane[] 9.14
------------------------------ Captured log call -------------------------------
autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 222 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'0' autotuning_test.py 230 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 0 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 0 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 250 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'167226163' autotuning_test.py 222 INFO nsslapd-cachememsize == b'603979776' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 230 INFO Delete nsslapd-cache-autosize-split autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 33333333 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 33333333 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 250 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'25'
Passed suites/config/autotuning_test.py::test_cache_autosize_basic_sane[40] 9.08
------------------------------ Captured log call -------------------------------
autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 222 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'25' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 0 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 0 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 250 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 220 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize before the test autotuning_test.py 221 INFO nsslapd-dbcachesize == b'267561860' autotuning_test.py 222 INFO nsslapd-cachememsize == b'469762048' autotuning_test.py 223 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 224 INFO nsslapd-cache-autosize-split == b'40' autotuning_test.py 227 INFO Set nsslapd-cache-autosize-split to 40 autotuning_test.py 236 INFO Set nsslapd-dbcachesize to 33333333 autotuning_test.py 238 INFO Set nsslapd-cachememsize to 33333333 autotuning_test.py 248 INFO Check nsslapd-dbcachesize and nsslapd-cachememsize in the appropriate range. autotuning_test.py 249 INFO nsslapd-dbcachesize == b'33333333' autotuning_test.py 250 INFO nsslapd-cachememsize == b'33333333' autotuning_test.py 251 INFO nsslapd-dncachememsize == b'67108864' autotuning_test.py 252 INFO nsslapd-cache-autosize == b'0' autotuning_test.py 253 INFO nsslapd-cache-autosize-split == b'40'
Passed suites/config/autotuning_test.py::test_cache_autosize_invalid_values[-2] 0.02
------------------------------ Captured log call -------------------------------
autotuning_test.py 281 INFO Set nsslapd-cache-autosize-split to -2 autotuning_test.py 287 INFO Set nsslapd-cache-autosize to -2
Passed suites/config/autotuning_test.py::test_cache_autosize_invalid_values[102] 0.02
------------------------------ Captured log call -------------------------------
autotuning_test.py 281 INFO Set nsslapd-cache-autosize-split to 102 autotuning_test.py 287 INFO Set nsslapd-cache-autosize to 102
Passed suites/config/autotuning_test.py::test_cache_autosize_invalid_values[invalid] 0.02
------------------------------ Captured log call -------------------------------
autotuning_test.py 281 INFO Set nsslapd-cache-autosize-split to invalid autotuning_test.py 287 INFO Set nsslapd-cache-autosize to invalid
Passed suites/config/regression_test.py::test_maxbersize_repl 6.87
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
regression_test.py 98 INFO Set nsslapd-errorlog-maxlogsize before nsslapd-errorlog-logmaxdiskspace regression_test.py 102 INFO Assert no init_dse_file errors in the error log regression_test.py 106 INFO Set nsslapd-errorlog-maxlogsize after nsslapd-errorlog-logmaxdiskspace regression_test.py 110 INFO Assert no init_dse_file errors in the error log
Passed suites/config/removed_config_49298_test.py::test_restore_config 3.39
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
removed_config_49298_test.py 41 INFO /etc/dirsrv/slapd-standalone1
Passed suites/config/removed_config_49298_test.py::test_removed_config 2.40
----------------------------- Captured stderr call -----------------------------
Job for dirsrv@standalone1.service failed because the control process exited with error code. See "systemctl status dirsrv@standalone1.service" and "journalctl -xe" for details. ------------------------------ Captured log call -------------------------------
removed_config_49298_test.py 70 INFO /etc/dirsrv/slapd-standalone1
Passed suites/cos/cos_test.py::test_positive 0.71
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/cos/indirect_cos_test.py::test_indirect_cos 1.32
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. indirect_cos_test.py 106 INFO Add custom schema... indirect_cos_test.py 119 INFO Add test user... indirect_cos_test.py 136 INFO Setup indirect COS...------------------------------ Captured log call -------------------------------
indirect_cos_test.py 156 INFO Checking user... indirect_cos_test.py 55 INFO Create password policy for subtree ou=people,dc=example,dc=com indirect_cos_test.py 163 INFO Checking user...
Passed suites/disk_monitoring/disk_monitoring_test.py::test_verify_operation_when_disk_monitoring_is_off 4.43
---------------------------- Captured stdout setup -----------------------------
Relabeled /var/log/dirsrv/slapd-standalone1 from unconfined_u:object_r:user_tmp_t:s0 to system_u:object_r:dirsrv_var_log_t:s0 ---------------------------- Captured stderr setup -----------------------------
chown: cannot access '/var/log/dirsrv/slapd-standalone1/*': No such file or directory ------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.----------------------------- Captured stderr call -----------------------------
25+0 records in 25+0 records out 26214400 bytes (26 MB, 25 MiB) copied, 0.0107509 s, 2.4 GB/s dd: error writing '/var/log/dirsrv/slapd-standalone1/foo1': No space left on device 10+0 records in 9+0 records out 10465280 bytes (10 MB, 10 MiB) copied, 0.00434708 s, 2.4 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_free_up_the_disk_space_and_change_ds_config 4.34
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_verify_operation_with_nsslapd_disk_monitoring_logging_critical_off 34.48
----------------------------- Captured stderr call -----------------------------
10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.00483957 s, 2.2 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_on_below_half_of_the_threshold 25.42
----------------------------- Captured stderr call -----------------------------
31+0 records in 31+0 records out 32505856 bytes (33 MB, 31 MiB) copied, 0.0343037 s, 948 MB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_setting_nsslapd_disk_monitoring_logging_critical_to_off 3.37
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_off 69.12
----------------------------- Captured stderr call -----------------------------
10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.0109749 s, 955 MB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_off_below_half_of_the_threshold 147.48
----------------------------- Captured stderr call -----------------------------
30+0 records in 30+0 records out 31457280 bytes (31 MB, 30 MiB) copied, 0.0209318 s, 1.5 GB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_go_straight_below_half_of_the_threshold 111.30
----------------------------- Captured stderr call -----------------------------
31+0 records in 31+0 records out 32505856 bytes (33 MB, 31 MiB) copied, 0.0360423 s, 902 MB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_go_straight_below_4kb 17.86
----------------------------- Captured stderr call -----------------------------
25+0 records in 25+0 records out 26214400 bytes (26 MB, 25 MiB) copied, 0.0125401 s, 2.1 GB/s dd: error writing '/var/log/dirsrv/slapd-standalone1/foo1': No space left on device 10+0 records in 9+0 records out 10366976 bytes (10 MB, 9.9 MiB) copied, 0.0122062 s, 849 MB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_threshold_to_overflow_value 0.02
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_threshold_is_reached_to_half 14.35
----------------------------- Captured stderr call -----------------------------
10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0.0109219 s, 960 MB/s
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold--2] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-9223372036854775808] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-2047] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-0] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold--1294967296] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-invalid] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-invalid] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-1] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-00] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-525 948] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period--10] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-logging-critical-oninvalid] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period--11] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-01] 0.00
No log output captured.
Passed suites/disk_monitoring/disk_monitoring_test.py::test_valid_operations_are_permitted 3.72
No log output captured.
Passed suites/ds_logs/ds_logs_test.py::test_check_default 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
ds_logs_test.py 159 DEBUG on
Passed suites/ds_logs/ds_logs_test.py::test_plugin_set_invalid 0.00
------------------------------ Captured log call -------------------------------
ds_logs_test.py 178 INFO test_plugin_set_invalid - Expect to fail with junk value
Passed suites/ds_logs/ds_logs_test.py::test_log_plugin_on 4.34
------------------------------ Captured log call -------------------------------
ds_logs_test.py 205 INFO Bug 1273549 - Check access logs for millisecond, when attribute is ON ds_logs_test.py 206 INFO perform any ldap operation, which will trigger the logs ds_logs_test.py 31 INFO Adding 10 users ds_logs_test.py 210 INFO Restart the server to flush the logs ds_logs_test.py 213 INFO parse the access logs
Passed suites/ds_logs/ds_logs_test.py::test_log_plugin_off 13.75
------------------------------ Captured log call -------------------------------
ds_logs_test.py 245 INFO Bug 1273549 - Check access logs for missing millisecond, when attribute is OFF ds_logs_test.py 247 INFO test_log_plugin_off - set the configuration attribute to OFF ds_logs_test.py 250 INFO Restart the server to flush the logs ds_logs_test.py 253 INFO test_log_plugin_off - delete the previous access logs ds_logs_test.py 259 INFO Restart the server to flush the logs ds_logs_test.py 262 INFO check access log that microseconds are not present
Passed suites/ds_logs/ds_logs_test.py::test_internal_log_server_level_0 7.91
------------------------------ Captured log call -------------------------------
ds_logs_test.py 286 INFO Delete the previous access logs ds_logs_test.py 289 INFO Set nsslapd-plugin-logging to on ds_logs_test.py 292 INFO Configure access log level to 0 ds_logs_test.py 296 INFO Restart the server to flush the logs ds_logs_test.py 300 INFO Check if access log does not contain internal log of MOD operation ds_logs_test.py 306 INFO Check if the other internal operations are not present
Passed suites/ds_logs/ds_logs_test.py::test_internal_log_server_level_4 11.43
------------------------------ Captured log call -------------------------------
ds_logs_test.py 333 INFO Delete the previous access logs for the next test ds_logs_test.py 336 INFO Set nsslapd-plugin-logging to on ds_logs_test.py 339 INFO Configure access log level to 4 ds_logs_test.py 343 INFO Restart the server to flush the logs ds_logs_test.py 347 INFO Check if access log contains internal MOD operation in correct format ds_logs_test.py 353 INFO Check if the other internal operations have the correct format ds_logs_test.py 357 INFO Delete the previous access logs for the next test
Passed suites/ds_logs/regression_test.py::test_default_loglevel_stripped[24576] 0.01
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/ds_logs/regression_test.py::test_default_loglevel_stripped[16512] 0.02
No log output captured.
Passed suites/ds_logs/regression_test.py::test_default_loglevel_stripped[16385] 0.77
No log output captured.
Passed suites/ds_logs/regression_test.py::test_dse_config_loglevel_error 171.91
No log output captured.
Passed suites/ds_tools/logpipe_test.py::test_user_permissions 0.03
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. logpipe_test.py 30 INFO Add system test user - dirsrv_testuser------------------------------ Captured log call -------------------------------
logpipe_test.py 66 INFO Try to create a logpipe in the log directory with "-u" option specifying the user
Passed suites/ds_tools/replcheck_test.py::test_state 0.38
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. topologies.py 106 INFO Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. topologies.py 139 INFO Creating replication topology. topologies.py 153 INFO Joining master master2 to master1 ... replica.py 1535 INFO SUCCESS: bootstrap to ldap://server.example.com:39002 completed replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 is was created replica.py 1816 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 is was created replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39001 to ldap://server.example.com:39002 is working replica.py 1947 INFO SUCCESS: Replication from ldap://server.example.com:39002 to ldap://server.example.com:39001 is working replica.py 1604 INFO SUCCESS: joined master from ldap://server.example.com:39001 to ldap://server.example.com:39002 topologies.py 161 INFO Ensuring master master1 to master2 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39001 to ldap://server.example.com:39002 already exists topologies.py 161 INFO Ensuring master master2 to master1 ... replica.py 1789 INFO SUCCESS: Agreement from ldap://server.example.com:39002 to ldap://server.example.com:39001 already exists replica.py 1947 INFO SUCCESS: Replication from ldaps://server.example.com:63701 to ldaps://server.example.com:63702 is working replcheck_test.py 99 INFO Export LDAPTLS_CACERTDIR env variable for ds-replcheck replica.py 1947 INFO SUCCESS: Replication from ldaps://server.example.com:63701 to ldaps://server.example.com:63702 is working replica.py 1947 INFO SUCCESS: Replication from ldaps://server.example.com:63702 to ldaps://server.example.com:63701 is working
Passed suites/filter/basic_filter_test.py::test_search_attr 0.07
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(sn=last1)(givenname=first1))-1] 0.00
------------------------------ Captured log setup ------------------------------
topologies.py 106 INFO Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(sn=last1)(givenname=first1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(sn=last1)(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(sn=last1)(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(&(&(sn=last1))(&(givenname=first1))))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(&(&(sn=last1))(&(givenname=first1))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=*)(sn=last3)(givenname=*))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=*)(sn=last3)(givenname=*))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=*)(&(sn=last3)(givenname=*)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=*)(&(sn=last3)(givenname=*)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid5)(&(&(sn=*))(&(givenname=*))))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid5)(&(&(sn=*))(&(givenname=*))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(objectclass=*)(uid=*)(sn=last*))-5] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(objectclass=*)(uid=*)(sn=last*))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(objectclass=*)(uid=*)(sn=last1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(objectclass=*)(uid=*)(sn=last1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=uid1)(sn=last1)(givenname=first1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=uid1)(sn=last1)(givenname=first1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=uid1)(|(sn=last1)(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=uid1)(|(sn=last1)(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(uid=uid1)(|(|(sn=last1))(|(givenname=first1))))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(uid=uid1)(|(|(sn=last1))(|(givenname=first1))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(objectclass=*)(sn=last1)(|(givenname=first1)))-14] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(objectclass=*)(sn=last1)(|(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(objectclass=*)(sn=last1))(|(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(objectclass=*)(sn=last1))(|(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(objectclass=*)(sn=last))(|(givenname=first1)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(objectclass=*)(sn=last))(|(givenname=first1)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=uid1)(!(cn=NULL)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=uid1)(!(cn=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(!(cn=NULL))(uid=uid1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(!(cn=NULL))(uid=uid1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(uid=*)(&(!(uid=1))(!(givenname=first1))))-4] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(uid=*)(&(!(uid=1))(!(givenname=first1))))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(|(uid=uid1)(uid=NULL))(sn=last1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(|(uid=uid1)(uid=NULL))(sn=last1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(|(uid=uid1)(uid=NULL))(!(sn=NULL)))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(|(uid=uid1)(uid=NULL))(!(sn=NULL)))"...
Passed suites/filter/complex_filters_test.py::test_filters[(&(|(uid=uid1)(sn=last2))(givenname=first1))-1] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(&(|(uid=uid1)(sn=last2))(givenname=first1))"...
Passed suites/filter/complex_filters_test.py::test_filters[(|(&(uid=uid1)(!(uid=NULL)))(sn=last2))-2] 0.00
------------------------------ Captured log call -------------------------------
complex_filters_test.py 119 INFO Testing filter "(|(&(uid=uid1)(!(uid=NULL)))(sn=last2))"...
Passed suites/filter/complex_filters_test.py::test_f