report.html

Report generated on 29-Apr-2020 at 23:20:19 by pytest-html v2.1.1

Environment

389-ds-base 1.4.4.1-20200429gitc7da66e.fc31
Packages {"pluggy": "0.12.0", "py": "1.8.0", "pytest": "5.4.1"}
Platform Linux-5.5.10-200.fc31.x86_64-x86_64-with-fedora-31-Thirty_One
Plugins {"html": "2.1.1", "metadata": "1.8.0"}
Python 3.7.7
cyrus-sasl 2.1.27-2.fc31
nspr 4.25.0-1.fc31
nss 3.51.0-1.fc31
openldap 2.4.47-3.fc31

Summary

1880 tests ran in 14404.25 seconds.

1740 passed, 43 skipped, 119 failed, 51 errors, 15 expected failures, 6 unexpected passes

Results

Result Test Duration Links
Error suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[lang-ja]::setup 19.08
request = <SubRequest 'aci_with_attr_subtype' for <Function test_aci_attr_subtype_targetattr[lang-ja]>>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdc035a0650>

@pytest.fixture(params=["lang-ja", "binary", "phonetic"])
def aci_with_attr_subtype(request, topology_m2):
"""Adds and deletes an ACI in the DEFAULT_SUFFIX"""

TARGET_ATTR = 'protectedOperation'
USER_ATTR = 'allowedToPerform'
SUBTYPE = request.param
suffix = Domain(topology_m2.ms["master1"], DEFAULT_SUFFIX)

log.info("========Executing test with '%s' subtype========" % SUBTYPE)
log.info(" Add a target attribute")
add_attr(topology_m2, TARGET_ATTR)

log.info(" Add a user attribute")
add_attr(topology_m2, USER_ATTR)

ACI_TARGET = '(targetattr=%s;%s)' % (TARGET_ATTR, SUBTYPE)
ACI_ALLOW = '(version 3.0; acl "test aci for subtypes"; allow (read) '
ACI_SUBJECT = 'userattr = "%s;%s#GROUPDN";)' % (USER_ATTR, SUBTYPE)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT

log.info("Add an ACI with attribute subtype")
> suffix.add('aci', ACI_BODY)

suites/acl/acl_test.py:90:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0353cc10>
func = <built-in method result4 of LDAP object at 0x7fdc034d5870>
args = (54, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=protectedOperation;lang-ja)(version 3.0; acl \\22test aci for subtypes\\22; allow (read) userattr = \\22allowedToPerform;lang-ja#GROUPDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:139 Creating replication topology. INFO  lib389.topologies:topologies.py:153 Joining master master2 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master2 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  tests.suites.acl.acl_test:acl_test.py:77 ========Executing test with 'lang-ja' subtype======== INFO  tests.suites.acl.acl_test:acl_test.py:78 Add a target attribute INFO  tests.suites.acl.acl_test:acl_test.py:81 Add a user attribute INFO  tests.suites.acl.acl_test:acl_test.py:89 Add an ACI with attribute subtype
Error suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[binary]::setup 0.32
request = <SubRequest 'aci_with_attr_subtype' for <Function test_aci_attr_subtype_targetattr[binary]>>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdc035a0650>

@pytest.fixture(params=["lang-ja", "binary", "phonetic"])
def aci_with_attr_subtype(request, topology_m2):
"""Adds and deletes an ACI in the DEFAULT_SUFFIX"""

TARGET_ATTR = 'protectedOperation'
USER_ATTR = 'allowedToPerform'
SUBTYPE = request.param
suffix = Domain(topology_m2.ms["master1"], DEFAULT_SUFFIX)

log.info("========Executing test with '%s' subtype========" % SUBTYPE)
log.info(" Add a target attribute")
add_attr(topology_m2, TARGET_ATTR)

log.info(" Add a user attribute")
add_attr(topology_m2, USER_ATTR)

ACI_TARGET = '(targetattr=%s;%s)' % (TARGET_ATTR, SUBTYPE)
ACI_ALLOW = '(version 3.0; acl "test aci for subtypes"; allow (read) '
ACI_SUBJECT = 'userattr = "%s;%s#GROUPDN";)' % (USER_ATTR, SUBTYPE)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT

log.info("Add an ACI with attribute subtype")
> suffix.add('aci', ACI_BODY)

suites/acl/acl_test.py:90:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0353cc10>
func = <built-in method result4 of LDAP object at 0x7fdc034d5870>
args = (57, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=protectedOperation;binary)(version 3.0; acl \\22test aci for subtypes\\22; allow (read) userattr = \\22allowedToPerform;binary#GROUPDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  tests.suites.acl.acl_test:acl_test.py:77 ========Executing test with 'binary' subtype======== INFO  tests.suites.acl.acl_test:acl_test.py:78 Add a target attribute INFO  tests.suites.acl.acl_test:acl_test.py:81 Add a user attribute INFO  tests.suites.acl.acl_test:acl_test.py:89 Add an ACI with attribute subtype
Error suites/acl/acl_test.py::test_aci_attr_subtype_targetattr[phonetic]::setup 0.35
request = <SubRequest 'aci_with_attr_subtype' for <Function test_aci_attr_subtype_targetattr[phonetic]>>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdc035a0650>

@pytest.fixture(params=["lang-ja", "binary", "phonetic"])
def aci_with_attr_subtype(request, topology_m2):
"""Adds and deletes an ACI in the DEFAULT_SUFFIX"""

TARGET_ATTR = 'protectedOperation'
USER_ATTR = 'allowedToPerform'
SUBTYPE = request.param
suffix = Domain(topology_m2.ms["master1"], DEFAULT_SUFFIX)

log.info("========Executing test with '%s' subtype========" % SUBTYPE)
log.info(" Add a target attribute")
add_attr(topology_m2, TARGET_ATTR)

log.info(" Add a user attribute")
add_attr(topology_m2, USER_ATTR)

ACI_TARGET = '(targetattr=%s;%s)' % (TARGET_ATTR, SUBTYPE)
ACI_ALLOW = '(version 3.0; acl "test aci for subtypes"; allow (read) '
ACI_SUBJECT = 'userattr = "%s;%s#GROUPDN";)' % (USER_ATTR, SUBTYPE)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT

log.info("Add an ACI with attribute subtype")
> suffix.add('aci', ACI_BODY)

suites/acl/acl_test.py:90:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0353cc10>
func = <built-in method result4 of LDAP object at 0x7fdc034d5870>
args = (60, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=protectedOperation;phonetic)(version 3.0; acl \\22test aci for subtypes\\22; allow (read) userattr = \\22allowedToPerform;phonetic#GROUPDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  tests.suites.acl.acl_test:acl_test.py:77 ========Executing test with 'phonetic' subtype======== INFO  tests.suites.acl.acl_test:acl_test.py:78 Add a target attribute INFO  tests.suites.acl.acl_test:acl_test.py:81 Add a user attribute INFO  tests.suites.acl.acl_test:acl_test.py:89 Add an ACI with attribute subtype
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]::setup 4.96
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(HARRY_ROLE, NESTED_ROLE_TESTER)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(MARY_ROLE, NOT_RULE_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(STEVE_ROLE, OR_RULE_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(HARRY_ROLE, OR_RULE_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(STEVE_ROLE, ALL_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(HARRY_ROLE, ALL_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_positive[(MARY_ROLE, ALL_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_negative[(MARY_ROLE, NESTED_ROLE_TESTER)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_negative[(STEVE_ROLE, NOT_RULE_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_negative[(HARRY_ROLE, NOT_RULE_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_seealso_negative[(MARY_ROLE , OR_RULE_ACCESS)]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_anonseealso_positive[NOT_RULE_ACCESS]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_anonseealso_positive[ALL_ACCESS]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_anonseealso_negaive[NESTED_ROLE_TESTER]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/roledn_test.py::test_mod_anonseealso_negaive[OR_RULE_ACCESS]::setup 0.00
request = <SubRequest '_add_user' for <Function test_mod_seealso_positive[(STEVE_ROLE, NESTED_ROLE_TESTER)]>>
topo = <lib389.topologies.TopologyMain object at 0x7fdc01936850>

@pytest.fixture(scope="module")
def _add_user(request, topo):
"""
A Function that will create necessary users delete the created user
"""
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_ou = ous.create(properties={'ou': 'roledntest'})
ou_ou.set('aci', [f'(target="ldap:///{NESTED_ROLE_TESTER}")(targetattr="*") '
f'(version 3.0; aci "nested role aci"; allow(all)'
f'roledn = "ldap:///{ROLE2}";)',
f'(target="ldap:///{OR_RULE_ACCESS}")(targetattr="*")'
f'(version 3.0; aci "or role aci"; allow(all) '
f'roledn = "ldap:///{ROLE1} || ldap:///{ROLE21}";)',
f'(target="ldap:///{ALL_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "anyone role aci"; allow(all) '
f'roledn = "ldap:///anyone";)',
> f'(target="ldap:///{NOT_RULE_ACCESS}")(targetattr=*)'
f'(version 3.0; aci "not role aci"; allow(all)'
f'roledn != "ldap:///{ROLE1} || ldap:///{ROLE21}";)'])

suites/acl/roledn_test.py:84:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0181be90>
func = <built-in method result4 of LDAP object at 0x7fdc039859c0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=all access,ou=roledntest,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22anyone role aci\\22; allow(all) roledn = \\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(CAN,ROLEDNACCESS)]::setup 5.16
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(CAN,USERDNACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(CAN,GROUPDNACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(CAN,LDAPURLACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(CAN,ATTRNAMEACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_0, OU_2)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_1,ANCESTORS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_2,GRANDPARENTS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_4,OU_2)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_4, ANCESTORS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_4,GRANDPARENTS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_4,PARENTS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_4,CHILDREN)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(CANNOT,ROLEDNACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(CANNOT,USERDNACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(CANNOT,GROUPDNACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(CANNOT,LDAPURLACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(CANNOT,ATTRNAMEACCESS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(LEVEL_0, ANCESTORS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(LEVEL_0,GRANDPARENTS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(LEVEL_0,PARENTS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(LEVEL_0,CHILDREN)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(LEVEL_2,PARENTS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_mod_see_also_negative[(LEVEL_4,GRANDSONS)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_last_three[uid=Ananda Borah,ou=Accounting,dc=example,dc=com-uid=USERDNACCESS,ou=Accounting,dc=example,dc=com]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_last_three[uid=Ananda Borah,ou=Accounting,dc=example,dc=com-uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/acl/userattr_test.py::test_last_three[uid=Ananda Borah,ou=Accounting,dc=example,dc=com-uid=GROUPDNACCESS,ou=Accounting,dc=example,dc=com]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/password/pwdAdmin_test.py::test_pwdAdmin_bypass::setup 4.76
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf90a7110>

@pytest.fixture(scope="module")
def password_policy(topology_st):
"""Set up password policy
Create a Password Admin entry;
Set up password policy attributes in config;
Add an aci to give everyone full access;
Test that the setup works
"""

log.info('test_pwdAdmin_init: Creating Password Administrator entries...')

users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)

# Add Password Admin 1
admin1_user = users.create(properties={
'uid': 'admin1',
'cn' : 'admin1',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin1',
'userPassword': ADMIN_PWD
})

# Add Password Admin 2

admin2_user = users.create(properties={
'uid': 'admin2',
'cn' : 'admin2',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin2',
'userPassword': ADMIN_PWD
})

# Add Password Admin Group

admin_group = groups.create(properties={
'cn': 'password admin group'
})

admin_group.add_member(admin1_user.dn)
admin_group.add_member(admin2_user.dn)

# Configure password policy

log.info('test_pwdAdmin_init: Configuring password policy...')

topology_st.standalone.config.replace_many(
('nsslapd-pwpolicy-local', 'on'),
('passwordCheckSyntax', 'on'),
('passwordMinCategories', '1'),
('passwordMinTokenLength', '2'),
('passwordExp', 'on'),
('passwordMinDigits', '1'),
('passwordMinSpecials', '1')
)

#
# Add an aci to allow everyone all access (just makes things easier)
#
log.info('Add aci to allow password admin to add/update entries...')

domain = Domain(topology_st.standalone, DEFAULT_SUFFIX)

ACI_TARGET = "(target = \"ldap:///%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_ALLOW = "(version 3.0; acl \"Password Admin Access\"; allow (all) "
ACI_SUBJECT = "(userdn = \"ldap:///anyone\");)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_ALLOW + ACI_SUBJECT

> domain.add('aci', ACI_BODY)

suites/password/pwdAdmin_test.py:110:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf9081610>
func = <built-in method result4 of LDAP object at 0x7fdbf8ff54b0>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///dc=example,dc=com\\22)(targetattr = \\2a)(version 3.0; acl \\22Password Admin Access\\22; allow (all) (userdn = \\22ldap:///anyone\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. INFO  tests.suites.password.pwdAdmin_test:pwdAdmin_test.py:46 test_pwdAdmin_init: Creating Password Administrator entries... INFO  tests.suites.password.pwdAdmin_test:pwdAdmin_test.py:85 test_pwdAdmin_init: Configuring password policy... INFO  tests.suites.password.pwdAdmin_test:pwdAdmin_test.py:100 Add aci to allow password admin to add/update entries...
Error suites/password/pwdAdmin_test.py::test_pwdAdmin_no_admin::setup 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf90a7110>

@pytest.fixture(scope="module")
def password_policy(topology_st):
"""Set up password policy
Create a Password Admin entry;
Set up password policy attributes in config;
Add an aci to give everyone full access;
Test that the setup works
"""

log.info('test_pwdAdmin_init: Creating Password Administrator entries...')

users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)

# Add Password Admin 1
admin1_user = users.create(properties={
'uid': 'admin1',
'cn' : 'admin1',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin1',
'userPassword': ADMIN_PWD
})

# Add Password Admin 2

admin2_user = users.create(properties={
'uid': 'admin2',
'cn' : 'admin2',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin2',
'userPassword': ADMIN_PWD
})

# Add Password Admin Group

admin_group = groups.create(properties={
'cn': 'password admin group'
})

admin_group.add_member(admin1_user.dn)
admin_group.add_member(admin2_user.dn)

# Configure password policy

log.info('test_pwdAdmin_init: Configuring password policy...')

topology_st.standalone.config.replace_many(
('nsslapd-pwpolicy-local', 'on'),
('passwordCheckSyntax', 'on'),
('passwordMinCategories', '1'),
('passwordMinTokenLength', '2'),
('passwordExp', 'on'),
('passwordMinDigits', '1'),
('passwordMinSpecials', '1')
)

#
# Add an aci to allow everyone all access (just makes things easier)
#
log.info('Add aci to allow password admin to add/update entries...')

domain = Domain(topology_st.standalone, DEFAULT_SUFFIX)

ACI_TARGET = "(target = \"ldap:///%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_ALLOW = "(version 3.0; acl \"Password Admin Access\"; allow (all) "
ACI_SUBJECT = "(userdn = \"ldap:///anyone\");)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_ALLOW + ACI_SUBJECT

> domain.add('aci', ACI_BODY)

suites/password/pwdAdmin_test.py:110:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf9081610>
func = <built-in method result4 of LDAP object at 0x7fdbf8ff54b0>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///dc=example,dc=com\\22)(targetattr = \\2a)(version 3.0; acl \\22Password Admin Access\\22; allow (all) (userdn = \\22ldap:///anyone\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/password/pwdAdmin_test.py::test_pwdAdmin_modify::setup 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf90a7110>

@pytest.fixture(scope="module")
def password_policy(topology_st):
"""Set up password policy
Create a Password Admin entry;
Set up password policy attributes in config;
Add an aci to give everyone full access;
Test that the setup works
"""

log.info('test_pwdAdmin_init: Creating Password Administrator entries...')

users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)

# Add Password Admin 1
admin1_user = users.create(properties={
'uid': 'admin1',
'cn' : 'admin1',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin1',
'userPassword': ADMIN_PWD
})

# Add Password Admin 2

admin2_user = users.create(properties={
'uid': 'admin2',
'cn' : 'admin2',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin2',
'userPassword': ADMIN_PWD
})

# Add Password Admin Group

admin_group = groups.create(properties={
'cn': 'password admin group'
})

admin_group.add_member(admin1_user.dn)
admin_group.add_member(admin2_user.dn)

# Configure password policy

log.info('test_pwdAdmin_init: Configuring password policy...')

topology_st.standalone.config.replace_many(
('nsslapd-pwpolicy-local', 'on'),
('passwordCheckSyntax', 'on'),
('passwordMinCategories', '1'),
('passwordMinTokenLength', '2'),
('passwordExp', 'on'),
('passwordMinDigits', '1'),
('passwordMinSpecials', '1')
)

#
# Add an aci to allow everyone all access (just makes things easier)
#
log.info('Add aci to allow password admin to add/update entries...')

domain = Domain(topology_st.standalone, DEFAULT_SUFFIX)

ACI_TARGET = "(target = \"ldap:///%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_ALLOW = "(version 3.0; acl \"Password Admin Access\"; allow (all) "
ACI_SUBJECT = "(userdn = \"ldap:///anyone\");)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_ALLOW + ACI_SUBJECT

> domain.add('aci', ACI_BODY)

suites/password/pwdAdmin_test.py:110:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf9081610>
func = <built-in method result4 of LDAP object at 0x7fdbf8ff54b0>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///dc=example,dc=com\\22)(targetattr = \\2a)(version 3.0; acl \\22Password Admin Access\\22; allow (all) (userdn = \\22ldap:///anyone\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/password/pwdAdmin_test.py::test_pwdAdmin_group::setup 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf90a7110>

@pytest.fixture(scope="module")
def password_policy(topology_st):
"""Set up password policy
Create a Password Admin entry;
Set up password policy attributes in config;
Add an aci to give everyone full access;
Test that the setup works
"""

log.info('test_pwdAdmin_init: Creating Password Administrator entries...')

users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)

# Add Password Admin 1
admin1_user = users.create(properties={
'uid': 'admin1',
'cn' : 'admin1',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin1',
'userPassword': ADMIN_PWD
})

# Add Password Admin 2

admin2_user = users.create(properties={
'uid': 'admin2',
'cn' : 'admin2',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin2',
'userPassword': ADMIN_PWD
})

# Add Password Admin Group

admin_group = groups.create(properties={
'cn': 'password admin group'
})

admin_group.add_member(admin1_user.dn)
admin_group.add_member(admin2_user.dn)

# Configure password policy

log.info('test_pwdAdmin_init: Configuring password policy...')

topology_st.standalone.config.replace_many(
('nsslapd-pwpolicy-local', 'on'),
('passwordCheckSyntax', 'on'),
('passwordMinCategories', '1'),
('passwordMinTokenLength', '2'),
('passwordExp', 'on'),
('passwordMinDigits', '1'),
('passwordMinSpecials', '1')
)

#
# Add an aci to allow everyone all access (just makes things easier)
#
log.info('Add aci to allow password admin to add/update entries...')

domain = Domain(topology_st.standalone, DEFAULT_SUFFIX)

ACI_TARGET = "(target = \"ldap:///%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_ALLOW = "(version 3.0; acl \"Password Admin Access\"; allow (all) "
ACI_SUBJECT = "(userdn = \"ldap:///anyone\");)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_ALLOW + ACI_SUBJECT

> domain.add('aci', ACI_BODY)

suites/password/pwdAdmin_test.py:110:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf9081610>
func = <built-in method result4 of LDAP object at 0x7fdbf8ff54b0>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///dc=example,dc=com\\22)(targetattr = \\2a)(version 3.0; acl \\22Password Admin Access\\22; allow (all) (userdn = \\22ldap:///anyone\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Error suites/password/pwdAdmin_test.py::test_pwdAdmin_config_validation::setup 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf90a7110>

@pytest.fixture(scope="module")
def password_policy(topology_st):
"""Set up password policy
Create a Password Admin entry;
Set up password policy attributes in config;
Add an aci to give everyone full access;
Test that the setup works
"""

log.info('test_pwdAdmin_init: Creating Password Administrator entries...')

users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)

# Add Password Admin 1
admin1_user = users.create(properties={
'uid': 'admin1',
'cn' : 'admin1',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin1',
'userPassword': ADMIN_PWD
})

# Add Password Admin 2

admin2_user = users.create(properties={
'uid': 'admin2',
'cn' : 'admin2',
'sn' : 'strator',
'uidNumber' : '1000',
'gidNumber' : '2000',
'homeDirectory' : '/home/admin2',
'userPassword': ADMIN_PWD
})

# Add Password Admin Group

admin_group = groups.create(properties={
'cn': 'password admin group'
})

admin_group.add_member(admin1_user.dn)
admin_group.add_member(admin2_user.dn)

# Configure password policy

log.info('test_pwdAdmin_init: Configuring password policy...')

topology_st.standalone.config.replace_many(
('nsslapd-pwpolicy-local', 'on'),
('passwordCheckSyntax', 'on'),
('passwordMinCategories', '1'),
('passwordMinTokenLength', '2'),
('passwordExp', 'on'),
('passwordMinDigits', '1'),
('passwordMinSpecials', '1')
)

#
# Add an aci to allow everyone all access (just makes things easier)
#
log.info('Add aci to allow password admin to add/update entries...')

domain = Domain(topology_st.standalone, DEFAULT_SUFFIX)

ACI_TARGET = "(target = \"ldap:///%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_ALLOW = "(version 3.0; acl \"Password Admin Access\"; allow (all) "
ACI_SUBJECT = "(userdn = \"ldap:///anyone\");)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_ALLOW + ACI_SUBJECT

> domain.add('aci', ACI_BODY)

suites/password/pwdAdmin_test.py:110:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf9081610>
func = <built-in method result4 of LDAP object at 0x7fdbf8ff54b0>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///dc=example,dc=com\\22)(targetattr = \\2a)(version 3.0; acl \\22Password Admin Access\\22; allow (all) (userdn = \\22ldap:///anyone\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/deladd_test.py::test_allow_delete_access_to_dynamic_group 0.03
topo = <lib389.topologies.TopologyMain object at 0x7fdc03708f50>
_add_user = None, _aci_of_user = None

def test_allow_delete_access_to_dynamic_group(topo, _add_user, _aci_of_user):

"""
Test to Allow delete access to dynamic group
:id: 14ffa452-68ed-11e8-a60d-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI that Allow delete privilege to dynamic group
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should succeed
4. Delete operation for ACI should succeed
"""
# Create dynamic group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})

group.add("objectclass", "groupOfURLs")
group.add("memberURL",
f"ldap:///dc=example,dc=com??sub?(&(objectclass=person)(uid=test_user_1000))")

# Set ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target = ldap:///{DEFAULT_SUFFIX})(targetattr=*)'
f'(version 3.0; acl "$tet_thistest"; '
f'allow (delete) (groupdn = "ldap:///{group.dn}"); )')

suites/acl/deladd_test.py:364:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc028ebb10>
func = <built-in method result4 of LDAP object at 0x7fdc03ec2660>
args = (258, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22$tet_thistest\\22; allow (delete) (groupdn = \\22ldap:///cn=group1,ou=Groups,dc=example,dc=com\\22); )\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/deladd_test.py::test_allow_delete_access_to_dynamic_group_uid 0.04
topo = <lib389.topologies.TopologyMain object at 0x7fdc03708f50>
_add_user = None, _aci_of_user = None

def test_allow_delete_access_to_dynamic_group_uid(topo, _add_user, _aci_of_user):

"""
Test to Allow delete access to dynamic group
:id: 010a4f20-752a-4173-b763-f520c7a85b82
:setup: server
:steps:
1. Add test entry
2. Add ACI that Allow delete privilege to dynamic group
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should succeed
4. Delete operation for ACI should succeed
"""
# Create dynamic group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})

group.add("objectclass", "groupOfURLs")
group.add("memberURL",
f'ldap:///{DEFAULT_SUFFIX}??sub?(&(objectclass=person)(cn=test_user_1000))')

# Set ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target = ldap:///{DEFAULT_SUFFIX})'
f'(targetattr=uid)(version 3.0; acl "$tet_thistest"; '
f'allow (delete) (groupdn = "ldap:///{group.dn}"); )')

suites/acl/deladd_test.py:403:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc028ebb10>
func = <built-in method result4 of LDAP object at 0x7fdc03ec2660>
args = (293, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=uid)(version 3.0; acl \\22$tet_thistest\\22; allow (delete) (groupdn = \\22ldap:///cn=group1,ou=Groups,dc=example,dc=com\\22); )\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/deladd_test.py::test_allow_delete_access_not_to_dynamic_group 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03708f50>
_add_user = None, _aci_of_user = None

def test_allow_delete_access_not_to_dynamic_group(topo, _add_user, _aci_of_user):

"""
Test to Allow delete access to != dynamic group
:id: 9ecb139d-bca8-428e-9044-fd89db5a3d14
:setup: server
:steps:
1. Add test entry
2. Add ACI that delete access to != dynamic group
3. Delete something using test USER_DELADD
4. Remove ACI
:expectedresults:
1. Entry should be added
2. ACI should be added
3. Operation should not succeed
4. Delete operation for ACI should succeed
"""
# Create dynamic group
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})
group.add("objectclass", "groupOfURLs")
group.add("memberURL",
f'ldap:///{DEFAULT_SUFFIX}??sub?(&(objectclass=person)(cn=test_user_1000))')

# Set ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target = ldap:///{DEFAULT_SUFFIX})'
f'(targetattr=*)(version 3.0; acl "$tet_thistest"; '
f'allow (delete) (groupdn != "ldap:///{group.dn}"); )')

suites/acl/deladd_test.py:441:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc028ebb10>
func = <built-in method result4 of LDAP object at 0x7fdc03ec2660>
args = (328, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22$tet_thistest\\22; allow (delete) (groupdn != \\22ldap:///cn=group1,ou=Groups,dc=example,dc=com\\22); )\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_five 0.08
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_five(topo, test_user, aci_of_user):
"""
Aci will not allow access as Group dn is not allowed so members will not allowed access.

:id: 11451a96-7841-11e8-9f79-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fulfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""

> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn != "ldap:///{}\ || ldap:///{}";)'.format(ALLGROUPS_GLOBAL, GROUPF_GLOBAL))

suites/acl/globalgroup_part2_test.py:115:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (40, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn != \\22ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\ || ldap:///cn=GROUPF_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_six 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_six(topo, test_user, aci_of_user):
"""
Aci will not allow access as tested user is not a member of allowed Group dn

:id: 1904572e-7841-11e8-a9d8-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn = "ldap:///{} || ldap:///{}" ;)'.format(GROUPH_GLOBAL, ALLGROUPS_GLOBAL))

suites/acl/globalgroup_part2_test.py:143:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (46, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn = \\22ldap:///cn=GROUPH_GLOBAL,ou=nestedgroup, dc=example,dc=com || ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_seven 0.08
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_seven(topo, test_user, aci_of_user):
"""
Aci will not allow access as tested user is not a member of allowed Group dn

:id: 206b43c4-7841-11e8-b3ed-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn = "ldap:///{}\ || ldap:///{}";)'.format(ALLGROUPS_GLOBAL, GROUPH_GLOBAL))

suites/acl/globalgroup_part2_test.py:171:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (52, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn = \\22ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\ || ldap:///cn=GROUPH_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eight 0.09
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_eight(topo, test_user, aci_of_user):
"""
Aci will not allow access as Group dn is not allowed so members will not allowed access.

:id: 26ca7456-7841-11e8-801e-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn != "ldap:///{} || ldap:///{} || ldap:///{}" ;)'.format(GROUPH_GLOBAL, GROUPA_GLOBAL, ALLGROUPS_GLOBAL))

suites/acl/globalgroup_part2_test.py:199:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (58, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn != \\22ldap:///cn=GROUPH_GLOBAL,ou=nestedgroup, dc=example,dc=com || ldap:///cn=GROUPA_GLOBAL,ou=nestedgroup, dc=example,dc=com || ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_nine 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_nine(topo, test_user, aci_of_user):
"""
Aci will not allow access as Group dn is not allowed so members will not allowed access.

:id: 38c7fbb0-7841-11e8-90aa-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn != "ldap:///{}\ || ldap:///{} || ldap:///{}";)'.format(ALLGROUPS_GLOBAL, GROUPA_GLOBAL, GROUPH_GLOBAL))

suites/acl/globalgroup_part2_test.py:227:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (64, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn != \\22ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\ || ldap:///cn=GROUPA_GLOBAL,ou=nestedgroup, dc=example,dc=com || ldap:///cn=GROUPH_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_ten 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_ten(topo, test_user, aci_of_user):
"""
Test the userattr keyword to ensure that it evaluates correctly.

:id: 46c0fb72-7841-11e8-af1d-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) userattr = "description#GROUPDN";)')

suites/acl/globalgroup_part2_test.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (70, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) userattr = \\22description#GROUPDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eleven 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_eleven(topo, test_user, aci_of_user):
"""
Aci will not allow access as description is there with the user entry which is not allowed in ACI

:id: 4cfa28e2-7841-11e8-8117-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) not( userattr = "description#GROUPDN");)')

suites/acl/globalgroup_part2_test.py:284:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (76, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) not( userattr = \\22description#GROUPDN\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_twelve 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_twelve(topo, test_user, aci_of_user):
"""
Test with the parent keyord that Yields TRUE as description is present in tested entry

:id: 54f471ec-7841-11e8-8910-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) userattr = "parent[0,1].description#GROUPDN";)')

suites/acl/globalgroup_part2_test.py:315:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (82, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) userattr = \\22parent[0,1].description#GROUPDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_fourteen 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_fourteen(topo, test_user, aci_of_user):
"""
Test with parent keyword that Yields FALSE as description is not present in tested entry

:id: 5c527218-7841-11e8-8909-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) userattr = "parent[0,1].description#GROUPDN";)')

suites/acl/globalgroup_part2_test.py:344:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (88, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) userattr = \\22parent[0,1].description#GROUPDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_fifteen 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_fifteen(topo, test_user, aci_of_user):
"""
Here do the same tests for userattr with the parent keyword.

:id: 6381c070-7841-11e8-a6b6-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) userattr = "parent[0,1].description#USERDN";)')

suites/acl/globalgroup_part2_test.py:375:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (94, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) userattr = \\22parent[0,1].description#USERDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_sixteen 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_sixteen(topo, test_user, aci_of_user):
"""
Test with parent keyword with not key

:id: 69852688-7841-11e8-8db1-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
> domain.add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) not ( userattr = "parent[0,1].description#USERDN");)')

suites/acl/globalgroup_part2_test.py:402:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (100, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) not ( userattr = \\22parent[0,1].description#USERDN\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_seventeen 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_seventeen(topo, test_user, aci_of_user):
"""
Test with the parent keyord that Yields TRUE as description is present in tested entry

:id: 7054d1c0-7841-11e8-8177-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) userattr = "parent[0,1].description#GROUPDN";)')

suites/acl/globalgroup_part2_test.py:430:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (106, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) userattr = \\22parent[0,1].description#GROUPDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_part2_test.py::test_undefined_in_group_eval_eighteen 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03ca9410>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_eighteen(topo, test_user, aci_of_user):
"""
Test with parent keyword with not key

:id: 768b9ab0-7841-11e8-87c3-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) not (userattr = "parent[0,1].description#GROUPDN" );)')

suites/acl/globalgroup_part2_test.py:458:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03cd1150>
func = <built-in method result4 of LDAP object at 0x7fdc03c2a480>
args = (112, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) not (userattr = \\22parent[0,1].description#GROUPDN\\22 );)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_two 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc04882350>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_two(topo, test_user, aci_of_user):
"""
This aci will allow access

:id: fcfbcce2-7840-11e8-ba77-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn = "ldap:///{}\ || ldap:///{}";)'.format(ALLGROUPS_GLOBAL, GROUPG_GLOBAL))

suites/acl/globalgroup_test.py:364:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0338ae10>
func = <built-in method result4 of LDAP object at 0x7fdc031b1870>
args = (129, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn = \\22ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\ || ldap:///cn=GROUPG_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_three 0.13
topo = <lib389.topologies.TopologyMain object at 0x7fdc04882350>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_three(topo, test_user, aci_of_user):
"""
This aci will allow access

:id: 04943dcc-7841-11e8-8c46-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn = "ldap:///{}\ || ldap:///{}";)'.format(GROUPG_GLOBAL, ALLGROUPS_GLOBAL))

suites/acl/globalgroup_test.py:392:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0338ae10>
func = <built-in method result4 of LDAP object at 0x7fdc031b1870>
args = (135, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn = \\22ldap:///cn=GROUPG_GLOBAL,ou=nestedgroup, dc=example,dc=com\\ || ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/globalgroup_test.py::test_undefined_in_group_eval_four 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc04882350>
test_user = None, aci_of_user = None

def test_undefined_in_group_eval_four(topo, test_user, aci_of_user):
"""
This aci will not allow access

:id: 0b03d10e-7841-11e8-9341-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Take a count of users using DN_DM
3. Add test user
4. add aci
5. test should fullfil the aci rules
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(targetattr=*)(version 3.0; aci "tester"; allow(all) groupdn != "ldap:///{}\ || ldap:///{}";)'.format(ALLGROUPS_GLOBAL, GROUPG_GLOBAL))

suites/acl/globalgroup_test.py:420:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0338ae10>
func = <built-in method result4 of LDAP object at 0x7fdc031b1870>
args = (141, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22tester\\22; allow(all) groupdn != \\22ldap:///cn=ALLGROUPS_GLOBAL,ou=nestedgroup, dc=example,dc=com\\ || ldap:///cn=GROUPG_GLOBAL,ou=nestedgroup, dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_access_from_certain_network_only_ip 5.04
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_access_from_certain_network_only_ip(topo, add_user, aci_of_user):
"""
User can access the data when connecting from certain network only as per the ACI.

:id: 4ec38296-7ac5-11e8-9816-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Turn access log buffering off to make less time consuming
topo.standalone.config.set('nsslapd-accesslog-logbuffering', 'off')

# Find the ip from ds logs , as we need to know the exact ip used by ds to run the instances.
# Wait till Access Log is generated
topo.standalone.restart()

ip_ip = topo.standalone.ds_access_log.match('.* connection from ')[0].split()[-1]

# Add ACI
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
> domain.add("aci", f'(target = "ldap:///{IP_OU_KEY}")(targetattr=*)(version 3.0; aci "IP aci"; '
f'allow(all)userdn = "ldap:///{NETSCAPEIP_KEY}" and ip = "{ip_ip}" ;)')

suites/acl/keywords_part2_test.py:71:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=IP,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22IP aci\\22; allow(all)userdn = \\22ldap:///uid=NETSCAPEIP_KEY,ou=IP,ou=Keywords,dc=example,dc=com\\22 and ip = \\22127.0.0.1\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/keywords_part2_test.py::test_connectin_from_an_unauthorized_network 0.03
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_connectin_from_an_unauthorized_network(topo, add_user, aci_of_user):
"""
User cannot access the data when connectin from an unauthorized network as per the ACI.

:id: 52d1ecce-7ac5-11e8-9ad9-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Find the ip from ds logs , as we need to know the exact ip used by ds to run the instances.
ip_ip = topo.standalone.ds_access_log.match('.* connection from ')[0].split()[-1]
# Add ACI
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
> domain.add("aci", f'(target = "ldap:///{IP_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "IP aci"; '
f'allow(all) userdn = "ldap:///{NETSCAPEIP_KEY}" '
f'and ip != "{ip_ip}" ;)')

suites/acl/keywords_part2_test.py:111:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (11, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=IP,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22IP aci\\22; allow(all) userdn = \\22ldap:///uid=NETSCAPEIP_KEY,ou=IP,ou=Keywords,dc=example,dc=com\\22 and ip != \\22127.0.0.1\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_ip_keyword_test_noip_cannot 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_ip_keyword_test_noip_cannot(topo, add_user, aci_of_user):
"""
User NoIP cannot assess the data as per the ACI.

:id: 570bc7f6-7ac5-11e8-88c1-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone,
> DEFAULT_SUFFIX).add("aci", f'(target ="ldap:///{IP_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "IP aci"; allow(all) '
f'userdn = "ldap:///{FULLIP_KEY}" and ip = "*" ;)')

suites/acl/keywords_part2_test.py:150:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (17, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target =\\22ldap:///ou=IP,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22IP aci\\22; allow(all) userdn = \\22ldap:///uid=FULLIP_KEY,ou=IP,ou=Keywords,dc=example,dc=com\\22 and ip = \\22\\2a\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_user_can_access_the_data_at_any_time 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_at_any_time(topo, add_user, aci_of_user):
"""
User can access the data at any time as per the ACI.

:id: 5b4da91a-7ac5-11e8-bbda-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone,
> DEFAULT_SUFFIX).add("aci", f'(target = "ldap:///{TIMEOFDAY_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "Timeofday aci"; '
f'allow(all) userdn ="ldap:///{FULLWORKER_KEY}" and '
f'(timeofday >= "0000" and timeofday <= "2359") ;)')

suites/acl/keywords_part2_test.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (23, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Timeofday,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Timeofday aci\\22; allow(all) userdn =\\22ldap:///uid=FULLWORKER_KEY,ou=Timeofday,ou=Keywords,dc=example,dc=com\\22 and (timeofday >= \\220000\\22 and timeofday <= \\222359\\22) ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_user_can_access_the_data_only_in_the_morning 0.05
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_only_in_the_morning(topo, add_user, aci_of_user):
"""
User can access the data only in the morning as per the ACI.

:id: 5f7d380c-7ac5-11e8-8124-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone,
> DEFAULT_SUFFIX).add("aci", f'(target = "ldap:///{TIMEOFDAY_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "Timeofday aci"; '
f'allow(all) userdn = "ldap:///{DAYWORKER_KEY}" '
f'and timeofday < "1200" ;)')

suites/acl/keywords_part2_test.py:208:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (29, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Timeofday,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Timeofday aci\\22; allow(all) userdn = \\22ldap:///uid=DAYWORKER_KEY,ou=Timeofday,ou=Keywords,dc=example,dc=com\\22 and timeofday < \\221200\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_user_can_access_the_data_only_in_the_afternoon 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_only_in_the_afternoon(topo, add_user, aci_of_user):
"""
User can access the data only in the afternoon as per the ACI.

:id: 63eb5b1c-7ac5-11e8-bd46-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone,
> DEFAULT_SUFFIX).add("aci", f'(target = "ldap:///{TIMEOFDAY_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "Timeofday aci"; '
f'allow(all) userdn = "ldap:///{NIGHTWORKER_KEY}" '
f'and timeofday > \'1200\' ;)')

suites/acl/keywords_part2_test.py:241:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (35, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': "ACL Syntax Error(-5):(target = \\22ldap:///ou=Timeofday,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Timeofday aci\\22; allow(all) userdn = \\22ldap:///uid=NIGHTWORKER_KEY,ou=Timeofday,ou=Keywords,dc=example,dc=com\\22 and timeofday > '1200' ;)\n"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_timeofday_keyword 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_timeofday_keyword(topo, add_user, aci_of_user):
"""
User NOWORKER_KEY can access the data as per the ACI after removing
ACI it cant.

:id: 681dd58e-7ac5-11e8-bed1-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
now = time.strftime("%c")
now_1 = "".join(now.split()[3].split(":"))[:4]
# Add ACI
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
> domain.add("aci", f'(target = "ldap:///{TIMEOFDAY_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "Timeofday aci"; '
f'allow(all) userdn = "ldap:///{NOWORKER_KEY}" '
f'and timeofday = \'{now_1}\' ;)')

suites/acl/keywords_part2_test.py:277:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (41, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': "ACL Syntax Error(-5):(target = \\22ldap:///ou=Timeofday,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Timeofday aci\\22; allow(all) userdn = \\22ldap:///uid=NOWORKER_KEY,ou=Timeofday,ou=Keywords,dc=example,dc=com\\22 and timeofday = '1922' ;)\n"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_dayofweek_keyword_test_everyday_can_access 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_dayofweek_keyword_test_everyday_can_access(topo, add_user, aci_of_user):
"""
User can access the data EVERYDAY_KEY as per the ACI.

:id: 6c5922ca-7ac5-11e8-8f01-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone,
> DEFAULT_SUFFIX).add("aci", f'(target = "ldap:///{DAYOFWEEK_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "Dayofweek aci"; '
f'allow(all) userdn = "ldap:///{EVERYDAY_KEY}" and '
f'dayofweek = "Sun, Mon, Tue, Wed, Thu, Fri, Sat" ;)')

suites/acl/keywords_part2_test.py:314:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (47, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Dayofweek,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Dayofweek aci\\22; allow(all) userdn = \\22ldap:///uid=EVERYDAY_KEY,ou=Dayofweek,ou=Keywords,dc=example,dc=com\\22 and dayofweek = \\22Sun, Mon, Tue, Wed, Thu, Fri, Sat\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_dayofweek_keyword_today_can_access 0.03
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_dayofweek_keyword_today_can_access(topo, add_user, aci_of_user):
"""
User can access the data one day per week as per the ACI.

:id: 7131dc88-7ac5-11e8-acc2-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
today_1 = time.strftime("%c").split()[0]
# Add ACI
Domain(topo.standalone,
> DEFAULT_SUFFIX).add("aci", f'(target = "ldap:///{DAYOFWEEK_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "Dayofweek aci"; '
f'allow(all) userdn = "ldap:///{TODAY_KEY}" '
f'and dayofweek = \'{today_1}\' ;)')

suites/acl/keywords_part2_test.py:344:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (53, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': "ACL Syntax Error(-5):(target = \\22ldap:///ou=Dayofweek,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Dayofweek aci\\22; allow(all) userdn = \\22ldap:///uid=TODAY_KEY,ou=Dayofweek,ou=Keywords,dc=example,dc=com\\22 and dayofweek = 'Wed' ;)\n"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_part2_test.py::test_user_cannot_access_the_data_at_all 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc047df8d0>
add_user = None, aci_of_user = None

def test_user_cannot_access_the_data_at_all(topo, add_user, aci_of_user):
"""
User cannot access the data at all as per the ACI.

:id: 75cdac5e-7ac5-11e8-968a-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone,
> DEFAULT_SUFFIX).add("aci", f'(target = "ldap:///{DAYOFWEEK_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "Dayofweek aci"; '
f'allow(all) userdn = "ldap:///{TODAY_KEY}" '
f'and dayofweek = "$NEW_DATE" ;)')

suites/acl/keywords_part2_test.py:373:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc039e5a90>
func = <built-in method result4 of LDAP object at 0x7fdc039350f0>
args = (59, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Dayofweek,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Dayofweek aci\\22; allow(all) userdn = \\22ldap:///uid=TODAY_KEY,ou=Dayofweek,ou=Keywords,dc=example,dc=com\\22 and dayofweek = \\22$NEW_DATE\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_binds_with_a_password_and_can_access_the_data 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_user_binds_with_a_password_and_can_access_the_data(topo, add_user, aci_of_user):
"""
User binds with a password and can access the data as per the ACI.

:id: f6c4b6f0-7ac4-11e8-a517-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
> _add_aci(topo, NONE_ACI_KEY)

suites/acl/keywords_test.py:73:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/acl/keywords_test.py:54: in _add_aci
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", name)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (61, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Authmethod,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Authmethod aci\\22; allow(all) userdn = \\22ldap:///uid=NONE_1_KEY,ou=Authmethod,ou=Keywords,dc=example,dc=com\\22 and authmethod = \\22none\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/keywords_test.py::test_anonymous_user_cannot_access_the_data 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_anonymous_user_cannot_access_the_data(topo, add_user, aci_of_user):
"""
Anonymous user cannot access the data

:id: 0821a55c-7ac5-11e8-b214-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
> _add_aci(topo, NONE_ACI_KEY)

suites/acl/keywords_test.py:116:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/acl/keywords_test.py:54: in _add_aci
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", name)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (74, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Authmethod,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Authmethod aci\\22; allow(all) userdn = \\22ldap:///uid=NONE_1_KEY,ou=Authmethod,ou=Keywords,dc=example,dc=com\\22 and authmethod = \\22none\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_authenticated_but_has_no_rigth_on_the_data 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_authenticated_but_has_no_rigth_on_the_data(topo, add_user, aci_of_user):
"""
User has a password. He is authenticated but has no rigth on the data.

:id: 11be7ebe-7ac5-11e8-b754-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
> _add_aci(topo, NONE_ACI_KEY)

suites/acl/keywords_test.py:142:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/acl/keywords_test.py:54: in _add_aci
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", name)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (80, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Authmethod,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Authmethod aci\\22; allow(all) userdn = \\22ldap:///uid=NONE_1_KEY,ou=Authmethod,ou=Keywords,dc=example,dc=com\\22 and authmethod = \\22none\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_the_bind_client_is_accessing_the_directory 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_the_bind_client_is_accessing_the_directory(topo, add_user, aci_of_user):
"""
The bind rule is evaluated to be true if the client is accessing the directory as per the ACI.

:id: 1715bfb2-7ac5-11e8-8f2c-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
> _add_aci(topo, SIMPLE_ACI_KEY)

suites/acl/keywords_test.py:168:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/acl/keywords_test.py:54: in _add_aci
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", name)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (86, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Authmethod,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Authmethod aci\\22; allow(all) userdn = \\22ldap:///uid=SIMPLE_1_KEY,ou=Authmethod,ou=Keywords,dc=example,dc=com\\22 and authmethod = \\22simple\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_users_binds_with_a_password_and_can_access_the_data 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_users_binds_with_a_password_and_can_access_the_data(
topo, add_user, aci_of_user):
"""
User binds with a password and can access the data as per the ACI.

:id: 1bd01cb4-7ac5-11e8-a2f1-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
> _add_aci(topo, SIMPLE_ACI_KEY)

suites/acl/keywords_test.py:193:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/acl/keywords_test.py:54: in _add_aci
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", name)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (92, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Authmethod,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Authmethod aci\\22; allow(all) userdn = \\22ldap:///uid=SIMPLE_1_KEY,ou=Authmethod,ou=Keywords,dc=example,dc=com\\22 and authmethod = \\22simple\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_binds_without_any_password_and_cannot_access_the_data 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_user_binds_without_any_password_and_cannot_access_the_data(topo, add_user, aci_of_user):
"""
User binds without any password and cannot access the data

:id: 205777fa-7ac5-11e8-ba2f-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
> _add_aci(topo, SIMPLE_ACI_KEY)

suites/acl/keywords_test.py:217:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/acl/keywords_test.py:54: in _add_aci
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", name)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (98, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=Authmethod,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22Authmethod aci\\22; allow(all) userdn = \\22ldap:///uid=SIMPLE_1_KEY,ou=Authmethod,ou=Keywords,dc=example,dc=com\\22 and authmethod = \\22simple\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_can_access_the_data_when_connecting_from_any_machine 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_any_machine(
topo, add_user, aci_of_user
):
"""
User can access the data when connecting from any machine as per the ACI.

:id: 28cbc008-7ac5-11e8-934e-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX)\
> .add("aci", f'(target ="ldap:///{DNS_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{FULLDNS_KEY}" and dns = "*" ;)')

suites/acl/keywords_test.py:246:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (104, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target =\\22ldap:///ou=DNS,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22DNS aci\\22; allow(all) userdn = \\22ldap:///uid=FULLDNS_KEY,ou=DNS,ou=Keywords,dc=example,dc=com\\22 and dns = \\22\\2a\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_can_access_the_data_when_connecting_from_internal_ds_network_only 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_internal_ds_network_only(
topo, add_user, aci_of_user
):
"""
User can access the data when connecting from internal ICNC network only as per the ACI.
:id: 2cac2136-7ac5-11e8-8328-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
dns_name = socket.getfqdn()
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", [f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "DNS aci"; '
f'allow(all) userdn = "ldap:///{SUNDNS_KEY}" and dns = "*redhat.com" ;)',
> f'(target = "ldap:///{DNS_OU_KEY}")(targetattr=*)'
f'(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{SUNDNS_KEY}" and dns = "{dns_name}" ;)'])

suites/acl/keywords_test.py:278:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (110, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=DNS,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22DNS aci\\22; allow(all) userdn = \\22ldap:///uid=SUNDNS_KEY,ou=DNS,ou=Keywords,dc=example,dc=com\\22 and dns = \\22\\2aredhat.com\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_can_access_the_data_when_connecting_from_some_network_only 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_some_network_only(
topo, add_user, aci_of_user
):
"""
User can access the data when connecting from some network only as per the ACI.

:id: 3098512a-7ac5-11e8-af85-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
dns_name = socket.getfqdn()
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX)\
> .add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" '
f'and dns = "{dns_name}" ;)')

suites/acl/keywords_test.py:308:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (116, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=DNS,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22DNS aci\\22; allow(all) userdn = \\22ldap:///uid=NETSCAPEDNS_KEY,ou=DNS,ou=Keywords,dc=example,dc=com\\22 and dns = \\22localhost.localdomain\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_from_an_unauthorized_network 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_from_an_unauthorized_network(topo, add_user, aci_of_user):
"""
User cannot access the data when connecting from an unauthorized network as per the ACI.

:id: 34cf9726-7ac5-11e8-bc12-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" and dns != "red.iplanet.com" ;)')

suites/acl/keywords_test.py:336:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (122, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=DNS,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22DNS aci\\22; allow(all) userdn = \\22ldap:///uid=NETSCAPEDNS_KEY,ou=DNS,ou=Keywords,dc=example,dc=com\\22 and dns != \\22red.iplanet.com\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_cannot_access_the_data_when_connecting_from_an_unauthorized_network_2 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_user_cannot_access_the_data_when_connecting_from_an_unauthorized_network_2(
topo, add_user, aci_of_user):
"""
User cannot access the data when connecting from an unauthorized network as per the ACI.

:id: 396bdd44-7ac5-11e8-8014-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr=*)(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" '
f'and dnsalias != "www.redhat.com" ;)')

suites/acl/keywords_test.py:364:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (128, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=DNS,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22DNS aci\\22; allow(all) userdn = \\22ldap:///uid=NETSCAPEDNS_KEY,ou=DNS,ou=Keywords,dc=example,dc=com\\22 and dnsalias != \\22www.redhat.com\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_cannot_access_the_data_if_not_from_a_certain_domain 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_user_cannot_access_the_data_if_not_from_a_certain_domain(topo, add_user, aci_of_user):
"""
User cannot access the data if not from a certain domain as per the ACI.
:id: 3d658972-7ac5-11e8-930f-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target = "ldap:///{DNS_OU_KEY}")(targetattr=*)'
f'(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NODNS_KEY}" '
f'and dns = "RAP.rock.SALSA.house.COM" ;)')

suites/acl/keywords_test.py:391:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (134, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=DNS,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22DNS aci\\22; allow(all) userdn = \\22ldap:///uid=NODNS_KEY,ou=DNS,ou=Keywords,dc=example,dc=com\\22 and dns = \\22RAP.rock.SALSA.house.COM\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_dnsalias_keyword_test_nodns_cannot 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None

def test_dnsalias_keyword_test_nodns_cannot(topo, add_user, aci_of_user):
"""
Dnsalias Keyword NODNS_KEY cannot assess data as per the ACI.

:id: 41b467be-7ac5-11e8-89a3-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target = "ldap:///{DNS_OU_KEY}")(targetattr=*)'
f'(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NODNS_KEY}" and '
f'dnsalias = "RAP.rock.SALSA.house.COM" ;)')

suites/acl/keywords_test.py:421:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (140, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///ou=DNS,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22DNS aci\\22; allow(all) userdn = \\22ldap:///uid=NODNS_KEY,ou=DNS,ou=Keywords,dc=example,dc=com\\22 and dnsalias = \\22RAP.rock.SALSA.house.COM\\22 ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_can_access_from_ipv4_or_ipv6_address[127.0.0.1] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None, ip_addr = '127.0.0.1'

@pytest.mark.ds50378
@pytest.mark.bz1710848
@pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"])
def test_user_can_access_from_ipv4_or_ipv6_address(topo, add_user, aci_of_user, ip_addr):
"""
User can modify the data when accessing the server from the allowed IPv4 and IPv6 addresses

:id: 461e761e-7ac5-11e8-9ae4-8c16451d917b
:parametrized: yes
:setup: Standalone Server
:steps:
1. Add ACI that has both IPv4 and IPv6
2. Connect from one of the IPs allowed in ACI
3. Modify an attribute
:expectedresults:
1. ACI should be added
2. Conection should be successful
3. Operation should be successful
"""
# Add ACI that contains both IPv4 and IPv6
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*) '
f'(version 3.0; aci "IP aci"; allow(all) '
f'userdn = "ldap:///{FULLIP_KEY}" and (ip = "127.0.0.1" or ip = "::1");)')

suites/acl/keywords_test.py:454:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (146, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target =\\22ldap:///ou=IP,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a) (version 3.0; aci \\22IP aci\\22; allow(all) userdn = \\22ldap:///uid=FULLIP_KEY,ou=IP,ou=Keywords,dc=example,dc=com\\22 and (ip = \\22127.0.0.1\\22 or ip = \\22::1\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/keywords_test.py::test_user_can_access_from_ipv4_or_ipv6_address[[::1]] 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0338c210>
add_user = None, aci_of_user = None, ip_addr = '[::1]'

@pytest.mark.ds50378
@pytest.mark.bz1710848
@pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"])
def test_user_can_access_from_ipv4_or_ipv6_address(topo, add_user, aci_of_user, ip_addr):
"""
User can modify the data when accessing the server from the allowed IPv4 and IPv6 addresses

:id: 461e761e-7ac5-11e8-9ae4-8c16451d917b
:parametrized: yes
:setup: Standalone Server
:steps:
1. Add ACI that has both IPv4 and IPv6
2. Connect from one of the IPs allowed in ACI
3. Modify an attribute
:expectedresults:
1. ACI should be added
2. Conection should be successful
3. Operation should be successful
"""
# Add ACI that contains both IPv4 and IPv6
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*) '
f'(version 3.0; aci "IP aci"; allow(all) '
f'userdn = "ldap:///{FULLIP_KEY}" and (ip = "127.0.0.1" or ip = "::1");)')

suites/acl/keywords_test.py:454:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc03b805d0>
func = <built-in method result4 of LDAP object at 0x7fdc036c39c0>
args = (152, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target =\\22ldap:///ou=IP,ou=Keywords,dc=example,dc=com\\22)(targetattr=\\2a) (version 3.0; aci \\22IP aci\\22; allow(all) userdn = \\22ldap:///uid=FULLIP_KEY,ou=IP,ou=Keywords,dc=example,dc=com\\22 and (ip = \\22127.0.0.1\\22 or ip = \\22::1\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/misc_test.py::test_accept_aci_in_addition_to_acl 0.14
topo = <lib389.topologies.TopologyMain object at 0x7fdc04789310>, clean = None
aci_of_user = None

def test_accept_aci_in_addition_to_acl(topo, clean, aci_of_user):
"""
Misc Test 2 accept aci in addition to acl
:id: 8e9408fa-7db8-11e8-adaa-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn='ou=product development')
user = uas.create_test_user()
for i in [('mail', 'anujborah@okok.com'), ('givenname', 'Anuj'), ('userPassword', PW_DM)]:
user.set(i[0], i[1])

aci_target = "(targetattr=givenname)"
aci_allow = ('(version 3.0; acl "Name of the ACI"; deny (read, search, compare, write)')
aci_subject = 'userdn="ldap:///anyone";)'
> Domain(topo.standalone, CONTAINER_1_DELADD).add("aci", aci_target + aci_allow + aci_subject)

suites/acl/misc_test.py:102:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc036c8510>
func = <built-in method result4 of LDAP object at 0x7fdc019c4840>
args = (12, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=givenname)(version 3.0; acl \\22Name of the ACI\\22; deny (read, search, compare, write)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/misc_test.py::test_only_allow_some_targetattr 0.11
topo = <lib389.topologies.TopologyMain object at 0x7fdc04789310>, clean = None
aci_of_user = None

def test_only_allow_some_targetattr(topo, clean, aci_of_user):
"""
Misc Test 5 only allow some targetattr (1/2)
:id: 9d27f048-7db8-11e8-a71c-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""

uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
for i in range(1, 3):
user = uas.create_test_user(uid=i, gid=i)
user.replace_many(('cn', 'Anuj1'), ('mail', 'annandaBorah@anuj.com'))

Domain(topo.standalone, DEFAULT_SUFFIX).\
replace("aci", '(target="ldap:///{}")(targetattr="mail||objectClass")'
'(version 3.0; acl "Test";allow (read,search,compare) '
'(userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX))

conn = Anonymous(topo.standalone).bind()
accounts = Accounts(conn, DEFAULT_SUFFIX)

# aci will allow only mail targetattr
> assert len(accounts.filter('(mail=*)')) == 2
E assert 3 == 2
E +3
E -2

suites/acl/misc_test.py:212: AssertionError
-------------------------------Captured log setup-------------------------------
INFO  lib389:misc_test.py:65 Exception (expected): ALREADY_EXISTS
Failed suites/acl/misc_test.py::test_only_allow_some_targetattr_two 0.19
topo = <lib389.topologies.TopologyMain object at 0x7fdc04789310>, clean = None
aci_of_user = None

def test_only_allow_some_targetattr_two(topo, clean, aci_of_user):
"""
Misc Test 6 only allow some targetattr (2/2)"
:id: a188239c-7db8-11e8-903e-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
for i in range(5):
> user = uas.create_test_user(uid=i, gid=i)

suites/acl/misc_test.py:238:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/idm/user.py:230: in create_test_user
return super(UserAccounts, self).create(rdn, properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1197: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:971: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:946: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:176: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc036c8510>
func = <built-in method result4 of LDAP object at 0x7fdc019c4840>
args = (102, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
-------------------------------Captured log setup-------------------------------
INFO  lib389:misc_test.py:65 Exception (expected): ALREADY_EXISTS
Failed suites/acl/misc_test.py::test_memberurl_needs_to_be_normalized 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc04789310>, clean = None
aci_of_user = None

@pytest.mark.bz326000
def test_memberurl_needs_to_be_normalized(topo, clean, aci_of_user):
"""
Non-regression test for BUG 326000: MemberURL needs to be normalized
:id: a5d172e6-7db8-11e8-aca7-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
ou_ou = OrganizationalUnit(topo.standalone, "ou=PEOPLE,{}".format(DEFAULT_SUFFIX))
ou_ou.set('aci', '(targetattr= *)'
'(version 3.0; acl "tester"; allow(all) '
> 'groupdn = "ldap:///cn =DYNGROUP,ou=PEOPLE, {}";)'.format(DEFAULT_SUFFIX))

suites/acl/misc_test.py:296:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc036c8510>
func = <built-in method result4 of LDAP object at 0x7fdc019c4840>
args = (109, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr= \\2a)(version 3.0; acl \\22tester\\22; allow(all) groupdn = \\22ldap:///cn =DYNGROUP,ou=PEOPLE, dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389:misc_test.py:65 Exception (expected): ALREADY_EXISTS
Failed suites/acl/modify_test.py::test_allow_write_access_to_target_with_wildcards 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0187dad0>
aci_of_user = None, cleanup_tree = None

def test_allow_write_access_to_target_with_wildcards(topo, aci_of_user, cleanup_tree):
"""
Modify Test 6 Allow write access to target with wildcards
:id: 825fe884-7abf-11e8-8541-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
ACI_BODY = '(target = ldap:///{})(targetattr = "*")(version 3.0; acl "ACI NAME"; allow (write) (userdn = "ldap:///anyone") ;)'.format(DEFAULT_SUFFIX)
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/modify_test.py:282:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc017fd0d0>
func = <built-in method result4 of LDAP object at 0x7fdc036ab0c0>
args = (164, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr = \\22\\2a\\22)(version 3.0; acl \\22ACI NAME\\22; allow (write) (userdn = \\22ldap:///anyone\\22) ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/modify_test.py::test_allow_write_access_to_userdnattr 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0187dad0>
aci_of_user = None, cleanup_tree = None

def test_allow_write_access_to_userdnattr(topo, aci_of_user, cleanup_tree):
"""
Modify Test 7 Allow write access to userdnattr
:id: 86b418f6-7abf-11e8-ae28-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
ACI_BODY = '(target = ldap:///{})(targetattr=*)(version 3.0; acl "$tet_thistest";allow (write) (userdn = "ldap:///anyone"); )'.format(DEFAULT_SUFFIX)
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/modify_test.py:328:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc017fd0d0>
func = <built-in method result4 of LDAP object at 0x7fdc036ab0c0>
args = (188, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22$tet_thistest\\22;allow (write) (userdn = \\22ldap:///anyone\\22); )\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/modify_test.py::test_allow_selfwrite_access_to_anyone 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0187dad0>
aci_of_user = None, cleanup_tree = None

def test_allow_selfwrite_access_to_anyone(topo, aci_of_user, cleanup_tree):
"""
Modify Test 8 Allow selfwrite access to anyone
:id: 8b3becf0-7abf-11e8-ac34-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
"description": "testgroup"})

ACI_BODY = '(target = ldap:///cn=group1,ou=Groups,{})(targetattr = "member")(version 3.0; acl "ACI NAME"; allow (selfwrite) (userdn = "ldap:///anyone") ;)'.format(DEFAULT_SUFFIX)
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/modify_test.py:376:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc017fd0d0>
func = <built-in method result4 of LDAP object at 0x7fdc036ab0c0>
args = (213, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///cn=group1,ou=Groups,dc=example,dc=com)(targetattr = \\22member\\22)(version 3.0; acl \\22ACI NAME\\22; allow (selfwrite) (userdn = \\22ldap:///anyone\\22) ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/modrdn_test.py::test_allow_write_privilege_to_anyone 0.40
topo = <lib389.topologies.TopologyMain object at 0x7fdc03a36750>
_add_user = None, aci_of_user = None

def test_allow_write_privilege_to_anyone(topo, _add_user, aci_of_user):
"""
Modrdn Test 1 Allow write privilege to anyone
:id: 4406f12e-7932-11e8-9dea-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",
'(target ="ldap:///{}")(targetattr=*)(version 3.0;acl "$tet_thistest";allow '
> '(write) (userdn = "ldap:///anyone");)'.format(DEFAULT_SUFFIX))

suites/acl/modrdn_test.py:106:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0399d7d0>
func = <built-in method result4 of LDAP object at 0x7fdc032b3300>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target =\\22ldap:///dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0;acl \\22$tet_thistest\\22;allow (write) (userdn = \\22ldap:///anyone\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/modrdn_test.py::test_allow_write_privilege_to_dynamic_group_with_scope_set_to_base_in_ldap_url 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc03a36750>
_add_user = None, aci_of_user = None

def test_allow_write_privilege_to_dynamic_group_with_scope_set_to_base_in_ldap_url(
topo, _add_user, aci_of_user
):
"""
Modrdn Test 2 Allow write privilege to DYNAMIC_MODRDN group with scope set to base in LDAP URL
:id: 4c0f8c00-7932-11e8-8398-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(target = ldap:///{})(targetattr=*)(version 3.0; acl "$tet_thistest"; allow(all)(groupdn = "ldap:///{}"); )'.format(DEFAULT_SUFFIX, DYNAMIC_MODRDN))

suites/acl/modrdn_test.py:133:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0399d7d0>
func = <built-in method result4 of LDAP object at 0x7fdc032b3300>
args = (43, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22$tet_thistest\\22; allow(all)(groupdn = \\22ldap:///cn=Test DYNAMIC_MODRDN Group 70, dc=example,dc=com\\22); )\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/modrdn_test.py::test_renaming_target_entry 0.07
topo = <lib389.topologies.TopologyMain object at 0x7fdc03a36750>
_add_user = None, aci_of_user = None

def test_renaming_target_entry(topo, _add_user, aci_of_user):
"""
Test for renaming target entry
:id: 6be1d33a-7932-11e8-9115-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Create a test user entry
3.Create a new ou entry with an aci
4. Make sure uid=$MYUID has the access
5. Rename ou=OU0 to ou=OU1
6. Create another ou=OU2
7. Move ou=OU1 under ou=OU2
8. Make sure uid=$MYUID still has the access
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
4. Operation should succeed
5. Operation should succeed
6. Operation should succeed
7. Operation should succeed
8. Operation should succeed
"""
properties = {
'uid': 'TRAC340_MODRDN',
'cn': 'TRAC340_MODRDN',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'TRAC340_MODRDN'
}
user = UserAccount(topo.standalone, 'cn=TRAC340_MODRDN,{}'.format(DEFAULT_SUFFIX))
user.create(properties=properties)
user.set("userPassword", "password")
ou = OrganizationalUnit(topo.standalone, 'ou=OU0,{}'.format(DEFAULT_SUFFIX))
ou.create(properties={'ou': 'OU0'})
> ou.set('aci', '(targetattr=*)(version 3.0; acl "$MYUID";allow(read, search, compare) userdn = "ldap:///{}";)'.format(TRAC340_MODRDN))

suites/acl/modrdn_test.py:284:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0399d7d0>
func = <built-in method result4 of LDAP object at 0x7fdc032b3300>
args = (195, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; acl \\22$MYUID\\22;allow(read, search, compare) userdn = \\22ldap:///cn=TRAC340_MODRDN,dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_non_leaf 0.03
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with__target_set_on_non_leaf(topo, test_uer, aci_of_user):
"""Search Test 11 Deny all access with != target set on non-leaf
:id: f1c5d72a-6e11-11e8-aa9d-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target != ldap:///{})(targetattr=*)".format(CONTAINER_2_DELADD)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:90:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target != ldap:///ou=Accounting,dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_wildcard_non_leaf 0.03
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with__target_set_on_wildcard_non_leaf(
topo, test_uer, aci_of_user
):
"""Search Test 12 Deny all access with != target set on wildcard non-leaf
:id: 02f34640-6e12-11e8-a382-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target != ldap:///ou=Product*,{})(targetattr=*)".format(
DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:125:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (19, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target != ldap:///ou=Product\\2a,dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with__target_set_on_wildcard_leaf 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with__target_set_on_wildcard_leaf(
topo, test_uer, aci_of_user
):
"""Search Test 13 Deny all access with != target set on wildcard leaf
:id: 16c54d76-6e12-11e8-b5ba-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target != ldap:///uid=Anuj*, ou=*,{})(targetattr=*)".format(
DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:160:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (25, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target != ldap:///uid=Anuj\\2a, ou=\\2a,dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_equality_search 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_targetfilter_using_equality_search(
topo, test_uer, aci_of_user
):
"""Search Test 14 Deny all access with targetfilter using equality search
:id: 27255e04-6e12-11e8-8e35-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = '(targetfilter ="(uid=Anuj Borah)")(target = ldap:///{})(targetattr=*)'.format(
DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:195:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (31, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetfilter =\\22(uid=Anuj Borah)\\22)(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_equality_search_two 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_targetfilter_using_equality_search_two(
topo, test_uer, aci_of_user
):
"""Test that Search Test 15 Deny all access with targetfilter using != equality search
:id: 3966bcd4-6e12-11e8-83ce-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = '(targetfilter !="(uid=Anuj Borah)")(target = ldap:///{})(targetattr=*)'.format(
DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:230:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (37, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetfilter !=\\22(uid=Anuj Borah)\\22)(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_substring_search 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_targetfilter_using_substring_search(
topo, test_uer, aci_of_user
):
"""Test that Search Test 16 Deny all access with targetfilter using substring search
:id: 44d7b4ba-6e12-11e8-b420-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = '(targetfilter ="(uid=Anu*)")(target = ldap:///{})(targetattr=*)'.format(
DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (43, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetfilter =\\22(uid=Anu\\2a)\\22)(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_substring_search_two 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_targetfilter_using_substring_search_two(
topo, test_uer, aci_of_user
):
"""Test that Search Test 17 Deny all access with targetfilter using != substring search
:id: 55b12d98-6e12-11e8-8cf4-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = '(targetfilter !="(uid=Anu*)")(target = ldap:///{})(targetattr=*)'.format(
DEFAULT_SUFFIX
)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:301:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (49, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetfilter !=\\22(uid=Anu\\2a)\\22)(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_boolean_or_of_two_equality_search 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_targetfilter_using_boolean_or_of_two_equality_search(
topo, test_uer, aci_of_user
):
"""Search Test 18 Deny all access with targetfilter using boolean OR of two equality search
:id: 29cc35fa-793f-11e8-988f-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
Domain(topo.standalone, DEFAULT_SUFFIX).add("aci",'(target = ldap:///{})(targetattr = "*")'
'(targetfilter = (|(cn=scarter)(cn=jvaughan)))(version 3.0; acl "$tet_thistest"; '
> 'deny absolute (all) (userdn = "ldap:///anyone") ;)'.format(DEFAULT_SUFFIX))

suites/acl/search_real_part2_test.py:333:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (55, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr = \\22\\2a\\22)(targetfilter = (|(cn=scarter)(cn=jvaughan)))(version 3.0; acl \\22$tet_thistest\\22; deny absolute (all) (userdn = \\22ldap:///anyone\\22) ;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_to__userdn_two 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_to__userdn_two(topo, test_uer, aci_of_user):
"""Search Test 19 Deny all access to != userdn
:id: 693496c0-6e12-11e8-80dc-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn!="ldap:///{}";)'.format(USER_ANANDA)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:372:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (61, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn!=\\22ldap:///uid=Ananda Borah,ou=Accounting,dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with_userdn 0.03
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_userdn(topo, test_uer, aci_of_user):
"""
Search Test 20 Deny all access with userdn
:id: 75aada86-6e12-11e8-bd34-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///{}";)'.format(USER_ANANDA)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:405:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (67, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///uid=Ananda Borah,ou=Accounting,dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part2_test.py::test_deny_all_access_with_targetfilter_using_presence_search 0.09
topo = <lib389.topologies.TopologyMain object at 0x7fdc0141a210>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_targetfilter_using_presence_search(
topo, test_uer, aci_of_user
):
"""
Search Test 21 Deny all access with targetfilter using presence search
:id: 85244a42-6e12-11e8-9480-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
user = UserAccounts(topo.standalone, DEFAULT_SUFFIX).create_test_user()
user.set('userPassword', PW_DM)

ACI_TARGET = '(targetfilter ="(cn=*)")(target = ldap:///{})(targetattr=*)'.format(
DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part2_test.py:444:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc0466bf10>
func = <built-in method result4 of LDAP object at 0x7fdc043c3210>
args = (77, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetfilter =\\22(cn=\\2a)\\22)(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url 0.16
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_search_access_to_userdn_with_ldap_url(topo, test_uer, aci_of_user):
"""
Search Test 23 Deny search access to userdn with LDAP URL
:id: 94f082d8-6e12-11e8-be72-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny (search)'
ACI_SUBJECT = (
'userdn="ldap:///%s";)' % "{}??sub?(&(roomnumber=3445))".format(DEFAULT_SUFFIX)
)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part3_test.py:95:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny (search)userdn=\\22ldap:///dc=example,dc=com??sub?(&(roomnumber=3445))\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url_two 0.26
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_search_access_to_userdn_with_ldap_url_two(topo, test_uer, aci_of_user):
"""
Search Test 24 Deny search access to != userdn with LDAP URL
:id: a1ee05d2-6e12-11e8-8260-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny (search)'
ACI_SUBJECT = (
'userdn != "ldap:///%s";)' % "{}??sub?(&(roomnumber=3445))".format(DEFAULT_SUFFIX)
)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part3_test.py:131:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (19, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny (search)userdn != \\22ldap:///dc=example,dc=com??sub?(&(roomnumber=3445))\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part3_test.py::test_deny_search_access_to_userdn_with_ldap_url_matching_all_users 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_search_access_to_userdn_with_ldap_url_matching_all_users(
topo, test_uer, aci_of_user
):
"""
Search Test 25 Deny search access to userdn with LDAP URL matching all users
:id: b37f72ae-6e12-11e8-9c98-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny (search)'
ACI_SUBJECT = 'userdn = "ldap:///%s";)' % "{}??sub?(&(cn=*))".format(DEFAULT_SUFFIX)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part3_test.py:167:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (25, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny (search)userdn = \\22ldap:///dc=example,dc=com??sub?(&(cn=\\2a))\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part3_test.py::test_deny_read_access_to_a_dynamic_group 0.31
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_read_access_to_a_dynamic_group(topo, test_uer, aci_of_user):
"""
Search Test 26 Deny read access to a dynamic group
:id: c0c5290e-6e12-11e8-a900-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group_properties = {"cn": "group1", "description": "testgroup"}
group = groups.create(properties=group_properties)
group.add('objectClass', 'groupOfURLS')
group.set('memberURL', "ldap:///{}??sub?(&(ou=Accounting)(cn=Sam*))".format(DEFAULT_SUFFIX))
group.add_member(USER_ANANDA)

ACI_TARGET = '(target = ldap:///{})(targetattr = "*")'.format(DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "All rights for %s"; deny(read)' % "Unknown"
ACI_SUBJECT = 'groupdn = "ldap:///cn=group1,ou=Groups,{}";)'.format(DEFAULT_SUFFIX)
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_part3_test.py:207:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (35, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr = \\22\\2a\\22)(version 3.0; acl \\22All rights for Unknown\\22; deny(read)groupdn = \\22ldap:///cn=group1,ou=Groups,dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_with_host_port_set_on_ldap_url 0.09
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_read_access_to_dynamic_group_with_host_port_set_on_ldap_url(
topo, test_uer, aci_of_user
):
"""
Search Test 27 Deny read access to dynamic group with host:port set on LDAP URL
:id: ceb62158-6e12-11e8-8c36-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
> "description": "testgroup"
})

suites/acl/search_real_part3_test.py:239:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1197: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:971: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:946: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:176: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (41, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_with_scope_set_to_one_in_ldap_url 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_read_access_to_dynamic_group_with_scope_set_to_one_in_ldap_url(
topo, test_uer, aci_of_user
):
"""
Search Test 28 Deny read access to dynamic group with scope set to "one" in LDAP URL
:id: ddb30432-6e12-11e8-94db-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group = groups.create(properties={"cn": "group1",
> "description": "testgroup"
})

suites/acl/search_real_part3_test.py:280:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1197: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:971: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:946: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:176: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (47, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/acl/search_real_part3_test.py::test_deny_read_access_to_dynamic_group_two 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_read_access_to_dynamic_group_two(topo, test_uer, aci_of_user):
"""
Search Test 29 Deny read access to != dynamic group
:id: eae2a6c6-6e12-11e8-80f3-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
groups = Groups(topo.standalone, DEFAULT_SUFFIX)
group_properties = {"cn": "group1",
"description": "testgroup"
}
> group = groups.create(properties=group_properties)

suites/acl/search_real_part3_test.py:322:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1197: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:971: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:946: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:176: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (53, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
Failed suites/acl/search_real_part3_test.py::test_deny_access_to_group_should_deny_access_to_all_uniquemember 0.05
topo = <lib389.topologies.TopologyMain object at 0x7fdc016edd90>
test_uer = None, aci_of_user = None

def test_deny_access_to_group_should_deny_access_to_all_uniquemember(
topo, test_uer, aci_of_user
):
"""
Search Test 38 Deny access to group should deny access to all uniquemember (including chain group)
:id: 56b470e4-7941-11e8-912b-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""

grp = UniqueGroup(topo.standalone, 'cn=Nested Group 1,' + DEFAULT_SUFFIX)
grp.create(properties={
'cn': 'Nested Group 1',
'ou': 'groups',
'uniquemember': "cn=Nested Group 2, {}".format(DEFAULT_SUFFIX)
})

grp = UniqueGroup(topo.standalone, 'cn=Nested Group 2,' + DEFAULT_SUFFIX)
grp.create(properties={
'cn': 'Nested Group 2',
'ou': 'groups',
'uniquemember': "cn=Nested Group 3, {}".format(DEFAULT_SUFFIX)
})

grp = UniqueGroup(topo.standalone, 'cn=Nested Group 3,' + DEFAULT_SUFFIX)
grp.create(properties={
'cn': 'Nested Group 3',
'ou': 'groups',
'uniquemember': [USER_ANANDA, USER_ANUJ]
})

Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", '(target = ldap:///{})(targetattr=*)'
> '(version 3.0; acl "$tet_thistest"; deny(read)(groupdn = "ldap:///cn=Nested Group 1, {}"); )'.format(DEFAULT_SUFFIX, DEFAULT_SUFFIX))

suites/acl/search_real_part3_test.py:385:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc016cc290>
func = <built-in method result4 of LDAP object at 0x7fdc014d42d0>
args = (62, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22$tet_thistest\\22; deny(read)(groupdn = \\22ldap:///cn=Nested Group 1, dc=example,dc=com\\22); )\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_test.py::test_deny_all_access_with_target_set 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0196d9d0>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_target_set(topo, test_uer, aci_of_user):
"""Test that Deny all access with target set
:id: 0550e680-6e0e-11e8-82f4-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(USER_ANANDA)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_test.py:91:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01528750>
func = <built-in method result4 of LDAP object at 0x7fdc019099f0>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///uid=Ananda Borah,ou=Accounting,dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed suites/acl/search_real_test.py::test_deny_all_access_to_a_target_with_wild_card 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0196d9d0>
test_uer = None, aci_of_user = None

def test_deny_all_access_to_a_target_with_wild_card(topo, test_uer, aci_of_user):
"""Search Test 2 Deny all access to a target with wild card
:id: 1c370f98-6e11-11e8-9f10-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///uid=Ananda*, ou=*,{})(targetattr=*)".format(
DEFAULT_SUFFIX
)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_test.py:125:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01528750>
func = <built-in method result4 of LDAP object at 0x7fdc019099f0>
args = (19, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///uid=Ananda\\2a, ou=\\2a,dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_test.py::test_deny_all_access_without_a_target_set 0.07
topo = <lib389.topologies.TopologyMain object at 0x7fdc0196d9d0>
test_uer = None, aci_of_user = None

def test_deny_all_access_without_a_target_set(topo, test_uer, aci_of_user):
"""Search Test 3 Deny all access without a target set
:id: 2dbeb36a-6e11-11e8-ab9f-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(targetattr=*)"
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_test.py:157:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01528750>
func = <built-in method result4 of LDAP object at 0x7fdc019099f0>
args = (25, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_test.py::test_deny_read_search_and_compare_access_with_target_and_targetattr_set 0.02
topo = <lib389.topologies.TopologyMain object at 0x7fdc0196d9d0>
test_uer = None, aci_of_user = None

def test_deny_read_search_and_compare_access_with_target_and_targetattr_set(
topo, test_uer, aci_of_user
):
"""Search Test 4 Deny read, search and compare access with target and targetattr set
:id: 3f4a87e4-6e11-11e8-a09f-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(CONTAINER_2_DELADD)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_test.py:191:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01528750>
func = <built-in method result4 of LDAP object at 0x7fdc019099f0>
args = (31, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///ou=Accounting,dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_test.py::test_deny_all_access_to_userdnattr 0.03
topo = <lib389.topologies.TopologyMain object at 0x7fdc0196d9d0>
test_uer = None, aci_of_user = None

def test_deny_all_access_to_userdnattr(topo, test_uer, aci_of_user):
"""Search Test 7 Deny all access to userdnattr"
:id: ae482494-6e11-11e8-ae33-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
UserAccount(topo.standalone, USER_ANUJ).add('manager', USER_ANANDA)
ACI_TARGET = "(target = ldap:///{})(targetattr=*)".format(DEFAULT_SUFFIX)
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdnattr="manager";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_test.py:274:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01528750>
func = <built-in method result4 of LDAP object at 0x7fdc019099f0>
args = (59, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = ldap:///dc=example,dc=com)(targetattr=\\2a)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdnattr=\\22manager\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_test.py::test_deny_all_access_with__targetattr_set 0.06
topo = <lib389.topologies.TopologyMain object at 0x7fdc0196d9d0>
test_uer = None, aci_of_user = None

def test_deny_all_access_with__targetattr_set(topo, test_uer, aci_of_user):
"""Search Test 9 Deny all access with != targetattr set
:id: d2d73b2e-6e11-11e8-ad3d-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
testusers = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
user = testusers.create(properties={
'uid': 'Anuj',
'cn': 'Anuj',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'Anuj',
'userPassword': PW_DM
})

ACI_TARGET = "(targetattr != uid||Objectclass)"
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_test.py:347:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01528750>
func = <built-in method result4 of LDAP object at 0x7fdc019099f0>
args = (79, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr != uid||Objectclass)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/search_real_test.py::test_deny_all_access_with_targetattr_set 0.04
topo = <lib389.topologies.TopologyMain object at 0x7fdc0196d9d0>
test_uer = None, aci_of_user = None

def test_deny_all_access_with_targetattr_set(topo, test_uer, aci_of_user):
"""Search Test 10 Deny all access with targetattr set
:id: e1602ff2-6e11-11e8-8e55-8c16451d917b
:setup: Standalone Instance
:steps:
1. Add Entry
2. Add ACI
3. Bind with test USER_ANUJ
4. Try search
5. Delete Entry,test USER_ANUJ, ACI
:expectedresults:
1. Operation should success
2. Operation should success
3. Operation should success
4. Operation should Fail
5. Operation should success
"""
testuser = UserAccount(topo.standalone, "cn=Anuj12,ou=People,{}".format(DEFAULT_SUFFIX))
testuser.create(properties={
'uid': 'Anuj12',
'cn': 'Anuj12',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'Anuj12'
})

ACI_TARGET = "(targetattr = uid)"
ACI_ALLOW = '(version 3.0; acl "Name of the ACI"; deny absolute (all)'
ACI_SUBJECT = 'userdn="ldap:///anyone";)'
ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
> Domain(topo.standalone, DEFAULT_SUFFIX).add("aci", ACI_BODY)

suites/acl/search_real_test.py:396:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01528750>
func = <built-in method result4 of LDAP object at 0x7fdc019099f0>
args = (88, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr = uid)(version 3.0; acl \\22Name of the ACI\\22; deny absolute (all)userdn=\\22ldap:///anyone\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_search 0.28
topology_st = <lib389.topologies.TopologyMain object at 0x7fdc01980dd0>
allow_user_init = None

@pytest.mark.ds47653
def test_selfdn_permission_search(topology_st, allow_user_init):
"""Check search operation with and without SelfDN aci

:id: 06d51ef9-c675-4583-99b2-4852dbda190e
:setup: Standalone instance, add a entry which is used to bind,
enable acl error logging by setting 'nsslapd-errorlog-level' to '128',
remove aci's to start with a clean slate, and add dummy entries
:steps:
1. Check we can not search an entry without the proper SELFDN aci
2. Add proper ACI
3. Check we can search with the proper ACI
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
"""
topology_st.standalone.log.info("\n\n######################### SEARCH ######################\n")
# bind as bind_entry
topology_st.standalone.log.info("Bind as %s" % BIND_DN)
topology_st.standalone.simple_bind_s(BIND_DN, BIND_PW)

# entry to search WITH member being BIND_DN but WITHOUT the ACI -> no entry returned
topology_st.standalone.log.info("Try to search %s (aci is missing)" % ENTRY_DN)
ents = topology_st.standalone.search_s(ENTRY_DN, ldap.SCOPE_BASE, 'objectclass=*')
assert len(ents) == 0

# Ok Now add the proper ACI
topology_st.standalone.log.info("Bind as %s and add the READ/SEARCH SELFDN aci" % DN_DM)
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

ACI_TARGET = "(target = \"ldap:///cn=*,%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_TARGETFILTER = "(targetfilter =\"(objectClass=%s)\")" % OC_NAME
ACI_ALLOW = "(version 3.0; acl \"SelfDN search-read\"; allow (read, search, compare)"
ACI_SUBJECT = " userattr = \"member#selfDN\";)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_TARGETFILTER + ACI_ALLOW + ACI_SUBJECT
mod = [(ldap.MOD_ADD, 'aci', ensure_bytes(ACI_BODY))]
> topology_st.standalone.modify_s(SUFFIX, mod)

suites/acl/selfdn_permissions_test.py:226:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc035a1ad0>
func = <built-in method result4 of LDAP object at 0x7fdc01a99ba0>
args = (28, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///cn=\\2a,dc=example,dc=com\\22)(targetattr = \\2a)(targetfilter =\\22(objectClass=OCticket47653)\\22)(version 3.0; acl \\22SelfDN search-read\\22; allow (read, search, compare) userattr = \\22member#selfDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log call--------------------------------
INFO  lib389:selfdn_permissions_test.py:205 ######################### SEARCH ###################### INFO  lib389:selfdn_permissions_test.py:207 Bind as cn=bind_entry, dc=example,dc=com INFO  lib389:selfdn_permissions_test.py:211 Try to search cn=test_entry, dc=example,dc=com (aci is missing) INFO  lib389:selfdn_permissions_test.py:216 Bind as cn=Directory Manager and add the READ/SEARCH SELFDN aci
Failed suites/acl/selfdn_permissions_test.py::test_selfdn_permission_modify 0.39
topology_st = <lib389.topologies.TopologyMain object at 0x7fdc01980dd0>
allow_user_init = None

@pytest.mark.ds47653
def test_selfdn_permission_modify(topology_st, allow_user_init):
"""Check modify operation with and without SelfDN aci

:id: 97a58844-095f-44b0-9029-dd29a7d83d68
:setup: Standalone instance, add a entry which is used to bind,
enable acl error logging by setting 'nsslapd-errorlog-level' to '128',
remove aci's to start with a clean slate, and add dummy entries
:steps:
1. Check we can not modify an entry without the proper SELFDN aci
2. Add proper ACI
3. Modify the entry and check the modified value
:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
"""
# bind as bind_entry
topology_st.standalone.log.info("Bind as %s" % BIND_DN)
topology_st.standalone.simple_bind_s(BIND_DN, BIND_PW)

topology_st.standalone.log.info("\n\n######################### MODIFY ######################\n")

# entry to modify WITH member being BIND_DN but WITHOUT the ACI -> ldap.INSUFFICIENT_ACCESS
try:
topology_st.standalone.log.info("Try to modify %s (aci is missing)" % ENTRY_DN)
mod = [(ldap.MOD_REPLACE, 'postalCode', b'9876')]
topology_st.standalone.modify_s(ENTRY_DN, mod)
except Exception as e:
topology_st.standalone.log.info("Exception (expected): %s" % type(e).__name__)
assert isinstance(e, ldap.INSUFFICIENT_ACCESS)

# Ok Now add the proper ACI
topology_st.standalone.log.info("Bind as %s and add the WRITE SELFDN aci" % DN_DM)
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

ACI_TARGET = "(target = \"ldap:///cn=*,%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_TARGETFILTER = "(targetfilter =\"(objectClass=%s)\")" % OC_NAME
ACI_ALLOW = "(version 3.0; acl \"SelfDN write\"; allow (write)"
ACI_SUBJECT = " userattr = \"member#selfDN\";)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_TARGETFILTER + ACI_ALLOW + ACI_SUBJECT
mod = [(ldap.MOD_ADD, 'aci', ensure_bytes(ACI_BODY))]
> topology_st.standalone.modify_s(SUFFIX, mod)

suites/acl/selfdn_permissions_test.py:281:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc035a1ad0>
func = <built-in method result4 of LDAP object at 0x7fdc01a99ba0>
args = (32, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///cn=\\2a,dc=example,dc=com\\22)(targetattr = \\2a)(targetfilter =\\22(objectClass=OCticket47653)\\22)(version 3.0; acl \\22SelfDN write\\22; allow (write) userattr = \\22member#selfDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log call--------------------------------
INFO  lib389:selfdn_permissions_test.py:256 Bind as cn=bind_entry, dc=example,dc=com INFO  lib389:selfdn_permissions_test.py:259 ######################### MODIFY ###################### INFO  lib389:selfdn_permissions_test.py:263 Try to modify cn=test_entry, dc=example,dc=com (aci is missing) INFO  lib389:selfdn_permissions_test.py:267 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:selfdn_permissions_test.py:271 Bind as cn=Directory Manager and add the WRITE SELFDN aci
Failed suites/plugins/accpol_test.py::test_glnologin_attr 26.91
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_global = None

def test_glnologin_attr(topology_st, accpol_global):
"""Verify if user account is inactivated based on createTimeStamp attribute, no lastLoginTime attribute present

:id: 3032f670-705d-4f69-96f5-d75445cffcfb
:setup: Standalone instance, Local account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with createTimestamp as stateattrname
2. lastLoginTime attribute will not be effective.
3. Add few users to ou=groups subtree in the default suffix
4. Wait for 10 secs and check if account is not inactivated, expected 0
5. Modify AccountInactivityLimit to 20 secs
6. Wait for +9 secs and check if account is not inactivated, expected 0
7. Wait for +3 secs and check if account is inactivated, error 19
8. Modify accountInactivityLimit to 3 secs
9. Add few users to ou=groups subtree in the default suffix
10. Wait for 3 secs and check if account is inactivated, error 19
11. Modify accountInactivityLimit to 30 secs
12. Add few users to ou=groups subtree in the default suffix
13. Wait for 90 secs and check if account is not inactivated, expected 0
14. Wait for +28 secs and check if account is not inactivated, expected 0
15. Wait for +2 secs and check if account is inactivated, error 19
16. Replace the lastLoginTime attribute and check if account is activated
17. Modify accountInactivityLimit to 12 secs, which is the default
18. Run ldapsearch as normal user, expected 0.
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
18. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nologinusr"
nousrs = 3

log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
log.info('Set attribute StateAttrName to createTimestamp, loginTime attr wont be considered')
modify_attr(topology_st, ACCP_CONF, 'stateattrname', 'createTimestamp')
topology_st.standalone.restart(timeout=10)
add_users(topology_st, suffix, subtree, userid, nousrs, 2)
log.info('Sleep for 9 secs to check if account is not inactivated, expected 0')
time.sleep(9)
account_status(topology_st, suffix, subtree, userid, nousrs, 2, "Enabled")

modify_attr(topology_st, ACCP_CONF, 'accountInactivityLimit', '20')
time.sleep(9)
> account_status(topology_st, suffix, subtree, userid, nousrs, 2, "Enabled")

suites/plugins/accpol_test.py:586:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:311: in account_status
raise e
suites/plugins/accpol_test.py:308: in account_status
user.bind(USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:207: in bind
inst_clone.open(*args, **kwargs)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1079: in open
raise e
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1072: in open
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf89015d0>
func = <built-in method result4 of LDAP object at 0x7fdbf8daa510>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'Account inactivity limit exceeded. Contact system administrator to reset.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: CONSTRAINT_VIOLATION
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:575 AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs INFO  lib389.utils:accpol_test.py:576 Set attribute StateAttrName to createTimestamp, loginTime attr wont be considered INFO  lib389.utils:accpol_test.py:189 Modify attribute value for a given DN INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:580 Sleep for 9 secs to check if account is not inactivated, expected 0 INFO  lib389.utils:accpol_test.py:189 Modify attribute value for a given DN ERROR  lib389.utils:accpol_test.py:310 User uid=nologinusr3,ou=groups,dc=example,dc=com failed to login, expected 0
Failed suites/plugins/accpol_test.py::test_glnoalt_stattr 5.83
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_global = None

def test_glnoalt_stattr(topology_st, accpol_global):
"""Verify if user account can be inactivated based on lastLoginTime attribute, altstateattrname set to 1.1

:id: 8dcc3540-578f-422a-bb44-28c2cf20dbcd
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with altstateattrname to 1.1
2. Add few users to ou=groups subtree in the default suffix
3. Wait till it reaches accountInactivityLimit
4. Remove lastLoginTime attribute from the user entry
5. Run ldapsearch as normal user, expected 0. no lastLoginTime attribute present
6. Wait till it reaches accountInactivityLimit and check users, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nologinusr"
nousrs = 3
log.info('Set attribute altStateAttrName to 1.1')
modify_attr(topology_st, ACCP_CONF, 'altstateattrname', '1.1')
topology_st.standalone.restart(timeout=10)
> add_users(topology_st, suffix, subtree, userid, nousrs, 0)

suites/plugins/accpol_test.py:643:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:283: in add_users
users.create(properties=user_properties)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1197: in create
return co.create(rdn, properties, self._basedn)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:971: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:946: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:176: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:416: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf8d9d410>
func = <built-in method result4 of LDAP object at 0x7fdbf8dbb960>
args = (5, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ALREADY_EXISTS: {'desc': 'Already exists'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: ALREADY_EXISTS
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:640 Set attribute altStateAttrName to 1.1 INFO  lib389.utils:accpol_test.py:189 Modify attribute value for a given DN INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs
Failed suites/plugins/accpol_test.py::test_glattr_modtime 17.50
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_global = None

def test_glattr_modtime(topology_st, accpol_global):
"""Verify if user account can be inactivated based on modifyTimeStamp attribute

:id: 67380839-2966-45dc-848a-167a954153e1
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with altstateattrname to modifyTimestamp
2. Add few users to ou=groups subtree in the default suffix
3. Wait till the accountInactivityLimit exceeded and check users, expected error 19
4. Modify cn attribute for user, ModifyTimeStamp is updated.
5. Check if user is activated based on ModifyTimeStamp attribute, expected 0
6. Change the plugin to use createTimeStamp and remove lastLoginTime attribute
7. Check if account is inactivated, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "modtimeusr"
nousrs = 3
log.info('Set attribute altStateAttrName to modifyTimestamp')
modify_attr(topology_st, ACCP_CONF, 'altstateattrname', 'modifyTimestamp')
topology_st.standalone.restart(timeout=10)
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 13 secs to check if account is inactivated, expected 0')
time.sleep(13)
check_attr(topology_st, suffix, subtree, userid, nousrs, "modifyTimeStamp=*")
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")

suites/plugins/accpol_test.py:694:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
suffix = 'dc=example,dc=com', subtree = 'ou=groups', userid = 'modtimeusr'
nousrs = 3, ulimit = 0, tochck = 'Disabled'

def account_status(topology_st, suffix, subtree, userid, nousrs, ulimit, tochck):
"""Check account status for the given suffix, subtree, userid and nousrs"""

while (nousrs > ulimit):
usrrdn = '{}{}'.format(userid, nousrs)
userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
user = UserAccount(topology_st.standalone, dn=userdn)
if (tochck == "Enabled"):
try:
user.bind(USER_PASW)
except ldap.LDAPError as e:
log.error('User {} failed to login, expected 0'.format(userdn))
raise e
elif (tochck == "Expired"):
with pytest.raises(ldap.INVALID_CREDENTIALS):
user.bind(USER_PASW)
log.error('User {} password not expired , expected error 49'.format(userdn))
elif (tochck == "Disabled"):
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
user.bind(USER_PASW)
> log.error('User {} is not inactivated, expected error 19'.format(userdn))
E Failed: DID NOT RAISE <class 'ldap.CONSTRAINT_VIOLATION'>

suites/plugins/accpol_test.py:319: Failed
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:687 Set attribute altStateAttrName to modifyTimestamp INFO  lib389.utils:accpol_test.py:189 Modify attribute value for a given DN INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:691 Sleep for 13 secs to check if account is inactivated, expected 0 INFO  lib389.utils:accpol_test.py:202 Check ModifyTimeStamp attribute present for user ERROR  lib389.utils:accpol_test.py:319 User uid=modtimeusr3,ou=groups,dc=example,dc=com is not inactivated, expected error 19
Failed suites/plugins/accpol_test.py::test_glnoalt_nologin 28.28
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_global = None

def test_glnoalt_nologin(topology_st, accpol_global):
"""Verify if account policy plugin works if we set altstateattrname set to 1.1 and alwaysrecordlogin to NO

:id: 49eda7db-84de-47ba-8f81-ac5e4de3a500
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin with altstateattrname to 1.1
2. Set alwaysrecordlogin to NO.
3. Add few users to ou=groups subtree in the default suffix
4. Wait till accountInactivityLimit exceeded and check users, expected 0
5. Check for lastLoginTime attribute, it should not be present
6. Wait for few more secs and check if account is not inactivated, expected 0
7. Run ldapsearch as normal user, expected 0. no lastLoginTime attribute present
8. Set altstateattrname to createTimeStamp
9. Check if user account is inactivated based on createTimeStamp attribute.
10. Account should be inactivated, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "norecrodlogusr"
nousrs = 3
log.info('Set attribute altStateAttrName to 1.1')
modify_attr(topology_st, ACCP_CONF, 'altstateattrname', '1.1')
log.info('Set attribute alwaysrecordlogin to No')
modify_attr(topology_st, ACCP_CONF, 'alwaysrecordlogin', 'no')
topology_st.standalone.restart(timeout=10)
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 13 secs to check if account is not inactivated, expected 0')
time.sleep(13)
account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")
time.sleep(3)
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")

suites/plugins/accpol_test.py:752:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:311: in account_status
raise e
suites/plugins/accpol_test.py:308: in account_status
user.bind(USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:207: in bind
inst_clone.open(*args, **kwargs)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1079: in open
raise e
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1072: in open
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf98bdc10>
func = <built-in method result4 of LDAP object at 0x7fdbf899f270>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'Account inactivity limit exceeded. Contact system administrator to reset.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: CONSTRAINT_VIOLATION
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:742 Set attribute altStateAttrName to 1.1 INFO  lib389.utils:accpol_test.py:189 Modify attribute value for a given DN INFO  lib389.utils:accpol_test.py:744 Set attribute alwaysrecordlogin to No INFO  lib389.utils:accpol_test.py:189 Modify attribute value for a given DN INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:748 Sleep for 13 secs to check if account is not inactivated, expected 0 ERROR  lib389.utils:accpol_test.py:310 User uid=norecrodlogusr1,ou=groups,dc=example,dc=com failed to login, expected 0
Failed suites/plugins/accpol_test.py::test_glinact_nsact 15.95
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_global = None

def test_glinact_nsact(topology_st, accpol_global):
"""Verify if user account can be activated using ns-activate.pl script.

:id: 876a7a7c-0b3f-4cd2-9b45-1dc80846e334
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Configure Global account policy plugin
2. Add few users to ou=groups subtree in the default suffix
3. Wait for few secs and inactivate user using ns-inactivate.pl
4. Wait till accountInactivityLimit exceeded.
5. Run ldapsearch as normal user, expected error 19.
6. Activate user using ns-activate.pl script
7. Check if account is activated, expected error 19
8. Replace the lastLoginTime attribute and check if account is activated
9. Run ldapsearch as normal user, expected 0.
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nsactusr"
nousrs = 1
log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 3 secs to check if account is not inactivated, expected value 0')
time.sleep(3)
nsact_inact(topology_st, suffix, subtree, userid, nousrs, "ns-activate.pl", "")
log.info('Sleep for 10 secs to check if account is inactivated, expected value 19')
time.sleep(10)
nsact_inact(topology_st, suffix, subtree, userid, nousrs, "ns-activate.pl", "")
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")

suites/plugins/accpol_test.py:806:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
suffix = 'dc=example,dc=com', subtree = 'ou=groups', userid = 'nsactusr'
nousrs = 1, ulimit = 0, tochck = 'Disabled'

def account_status(topology_st, suffix, subtree, userid, nousrs, ulimit, tochck):
"""Check account status for the given suffix, subtree, userid and nousrs"""

while (nousrs > ulimit):
usrrdn = '{}{}'.format(userid, nousrs)
userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
user = UserAccount(topology_st.standalone, dn=userdn)
if (tochck == "Enabled"):
try:
user.bind(USER_PASW)
except ldap.LDAPError as e:
log.error('User {} failed to login, expected 0'.format(userdn))
raise e
elif (tochck == "Expired"):
with pytest.raises(ldap.INVALID_CREDENTIALS):
user.bind(USER_PASW)
log.error('User {} password not expired , expected error 49'.format(userdn))
elif (tochck == "Disabled"):
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
user.bind(USER_PASW)
> log.error('User {} is not inactivated, expected error 19'.format(userdn))
E Failed: DID NOT RAISE <class 'ldap.CONSTRAINT_VIOLATION'>

suites/plugins/accpol_test.py:319: Failed
------------------------------Captured stderr call------------------------------
Additional information: Invalid attribute in filter - results may not be complete. Additional information: Invalid attribute in filter - results may not be complete.
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:798 AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:800 Sleep for 3 secs to check if account is not inactivated, expected value 0 INFO  lib389.utils:accpol_test.py:162 Account activate/in-activate/status using ns-activate/inactivate/accountstatus.pl INFO  lib389.utils:accpol_test.py:166 Running ns-activate.pl for user uid=nsactusr1,ou=groups,dc=example,dc=com INFO  lib389.utils:accpol_test.py:180 output: b'uid=nsactusr1,ou=groups,dc=example,dc=com already activated.\n' INFO  lib389.utils:accpol_test.py:803 Sleep for 10 secs to check if account is inactivated, expected value 19 INFO  lib389.utils:accpol_test.py:162 Account activate/in-activate/status using ns-activate/inactivate/accountstatus.pl INFO  lib389.utils:accpol_test.py:166 Running ns-activate.pl for user uid=nsactusr1,ou=groups,dc=example,dc=com INFO  lib389.utils:accpol_test.py:180 output: b'uid=nsactusr1,ou=groups,dc=example,dc=com already activated.\n' ERROR  lib389.utils:accpol_test.py:319 User uid=nsactusr1,ou=groups,dc=example,dc=com is not inactivated, expected error 19
Failed suites/plugins/accpol_test.py::test_glinact_acclock 14.17
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_global = None

def test_glinact_acclock(topology_st, accpol_global):
"""Verify if user account is activated when account is unlocked by passwordlockoutduration.

:id: 43601a61-065c-4c80-a7c2-e4f6ae17beb8
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=groups subtree in the default suffix
2. Wait for few secs and attempt invalid binds for user
3. User account should be locked based on Account Lockout policy.
4. Wait till accountInactivityLimit exceeded and check users, expected error 19
5. Wait for passwordlockoutduration and check if account is active
6. Check if account is unlocked, expected error 19, since account is inactivated
7. Replace the lastLoginTime attribute and check users, expected 0
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "pwlockusr"
nousrs = 1
log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 3 secs and try invalid binds to lockout the user')
time.sleep(3)

pwacc_lock(topology_st, suffix, subtree, userid, nousrs)
log.info('Sleep for 10 secs to check if account is inactivated, expected value 19')
time.sleep(10)
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")

suites/plugins/accpol_test.py:851:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
suffix = 'dc=example,dc=com', subtree = 'ou=groups', userid = 'pwlockusr'
nousrs = 1, ulimit = 0, tochck = 'Disabled'

def account_status(topology_st, suffix, subtree, userid, nousrs, ulimit, tochck):
"""Check account status for the given suffix, subtree, userid and nousrs"""

while (nousrs > ulimit):
usrrdn = '{}{}'.format(userid, nousrs)
userdn = 'uid={},{},{}'.format(usrrdn, subtree, suffix)
user = UserAccount(topology_st.standalone, dn=userdn)
if (tochck == "Enabled"):
try:
user.bind(USER_PASW)
except ldap.LDAPError as e:
log.error('User {} failed to login, expected 0'.format(userdn))
raise e
elif (tochck == "Expired"):
with pytest.raises(ldap.INVALID_CREDENTIALS):
user.bind(USER_PASW)
log.error('User {} password not expired , expected error 49'.format(userdn))
elif (tochck == "Disabled"):
with pytest.raises(ldap.CONSTRAINT_VIOLATION):
user.bind(USER_PASW)
> log.error('User {} is not inactivated, expected error 19'.format(userdn))
E Failed: DID NOT RAISE <class 'ldap.CONSTRAINT_VIOLATION'>

suites/plugins/accpol_test.py:319: Failed
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:843 AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:845 Sleep for 3 secs and try invalid binds to lockout the user INFO  lib389.utils:accpol_test.py:118 Lockout user account by attempting invalid password binds INFO  lib389.utils:accpol_test.py:849 Sleep for 10 secs to check if account is inactivated, expected value 19 ERROR  lib389.utils:accpol_test.py:319 User uid=pwlockusr1,ou=groups,dc=example,dc=com is not inactivated, expected error 19
Failed suites/plugins/accpol_test.py::test_glnact_pwexp 14.15
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_global = None

def test_glnact_pwexp(topology_st, accpol_global):
"""Verify if user account is activated when password is reset after password is expired

:id: 3bb97992-101a-4e5a-b60a-4cc21adcc76e
:setup: Standalone instance, Global account policy plugin configuration,
set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=groups subtree in the default suffix
2. Set passwordmaxage to few secs
3. Wait for passwordmaxage to reach and check if password expired
4. Run ldapsearch as normal user, expected error 19.
5. Reset the password for user account
6. Wait till accountInactivityLimit exceeded and check users
7. Run ldapsearch as normal user, expected error 19.
8. Replace the lastLoginTime attribute and check if account is activated
9. Run ldapsearch as normal user, expected 0.
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "pwexpusr"
nousrs = 1
try:
topology_st.standalone.config.set('passwordmaxage', '9')
except ldap.LDAPError as e:
log.error('Failed to change the value of passwordmaxage to 9')
raise e
log.info('AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs')
log.info('Passwordmaxage is set to 9. Password will expire in 9 secs')
add_users(topology_st, suffix, subtree, userid, nousrs, 0)

log.info('Sleep for 9 secs and check if password expired')
time.sleep(9)
account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Expired")
time.sleep(4) # Passed inactivity
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")

suites/plugins/accpol_test.py:916:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:318: in account_status
user.bind(USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:207: in bind
inst_clone.open(*args, **kwargs)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1079: in open
raise e
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1072: in open
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf8e3e650>
func = <built-in method result4 of LDAP object at 0x7fdbf88fd030>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials', 'info': 'password expired!'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_CREDENTIALS
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:908 AccountInactivityLimit set to 12. Account will be inactivated if not accessed in 12 secs INFO  lib389.utils:accpol_test.py:909 Passwordmaxage is set to 9. Password will expire in 9 secs INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:912 Sleep for 9 secs and check if password expired
Failed suites/plugins/accpol_test.py::test_locact_inact 28.41
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_local = None

def test_locact_inact(topology_st, accpol_local):
"""Verify if user account is inactivated when accountInactivityLimit is exceeded.

:id: 02140e36-79eb-4d88-ba28-66478689289b
:setup: Standalone instance, ou=people subtree configured for Local account
policy plugin configuration, set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=people subtree in the default suffix
2. Wait for few secs before it reaches accountInactivityLimit and check users.
3. Run ldapsearch as normal user, expected 0
4. Wait till accountInactivityLimit is exceeded
5. Run ldapsearch as normal user and check if its inactivated, expected error 19.
6. Replace user's lastLoginTime attribute and check if its activated, expected 0
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Should return error code 19
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=people"
userid = "inactusr"
nousrs = 3
log.info('AccountInactivityLimit set to 10. Account will be inactivated if not accessed in 10 secs')
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 9 secs to check if account is not inactivated, expected value 0')
time.sleep(9)
log.info('Account should not be inactivated since AccountInactivityLimit not exceeded')
account_status(topology_st, suffix, subtree, userid, 3, 2, "Enabled")
log.info('Sleep for 2 more secs to check if account is inactivated')
time.sleep(2)
account_status(topology_st, suffix, subtree, userid, 2, 0, "Disabled")
log.info('Sleep +9 secs to check if account {}3 is inactivated'.format(userid))
time.sleep(9)
account_status(topology_st, suffix, subtree, userid, 3, 2, "Disabled")
log.info('Add lastLoginTime attribute to all users and check if its activated')
add_time_attr(topology_st, suffix, subtree, userid, nousrs, 'lastLoginTime')
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")

suites/plugins/accpol_test.py:994:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:311: in account_status
raise e
suites/plugins/accpol_test.py:308: in account_status
user.bind(USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:207: in bind
inst_clone.open(*args, **kwargs)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1079: in open
raise e
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1072: in open
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf9135f90>
func = <built-in method result4 of LDAP object at 0x7fdbf899f360>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'Account inactivity limit exceeded. Contact system administrator to reset.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: CONSTRAINT_VIOLATION
-------------------------------Captured log setup-------------------------------
INFO  lib389.utils:accpol_test.py:80 Adding Local account policy plugin configuration entries
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:980 AccountInactivityLimit set to 10. Account will be inactivated if not accessed in 10 secs INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:982 Sleep for 9 secs to check if account is not inactivated, expected value 0 INFO  lib389.utils:accpol_test.py:984 Account should not be inactivated since AccountInactivityLimit not exceeded INFO  lib389.utils:accpol_test.py:986 Sleep for 2 more secs to check if account is inactivated INFO  lib389.utils:accpol_test.py:989 Sleep +9 secs to check if account inactusr3 is inactivated INFO  lib389.utils:accpol_test.py:992 Add lastLoginTime attribute to all users and check if its activated INFO  lib389.utils:accpol_test.py:219 Enable account by replacing lastLoginTime/createTimeStamp/ModifyTimeStamp attribute ERROR  lib389.utils:accpol_test.py:310 User uid=inactusr3,ou=people,dc=example,dc=com failed to login, expected 0
Failed suites/plugins/accpol_test.py::test_locinact_modrdn 26.11
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8e3d7d0>
accpol_local = None

def test_locinact_modrdn(topology_st, accpol_local):
"""Verify if user account is inactivated when moved from ou=groups to ou=people subtree.

:id: 5f25bea3-fab0-4db4-b43d-2d47cc6e5ad1
:setup: Standalone instance, ou=people subtree configured for Local account
policy plugin configuration, set accountInactivityLimit to few secs.
:steps:
1. Add few users to ou=groups subtree in the default suffix
2. Plugin configured to ou=people subtree only.
3. Wait for few secs before it reaches accountInactivityLimit and check users.
4. Run ldapsearch as normal user, expected 0
5. Wait till accountInactivityLimit exceeded
6. Move users from ou=groups subtree to ou=people subtree
7. Check if users are inactivated, expected error 19
:assert:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Should return error code 0 and 19
"""

suffix = DEFAULT_SUFFIX
subtree = "ou=groups"
userid = "nolockusr"
nousrs = 1
log.info('Account should not be inactivated since the subtree is not configured')
add_users(topology_st, suffix, subtree, userid, nousrs, 0)
log.info('Sleep for 11 secs to check if account is not inactivated, expected value 0')
time.sleep(11)
account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")
log.info('Moving users from ou=groups to ou=people subtree')
user = UserAccount(topology_st.standalone, dn='uid=nolockusr1,ou=groups,dc=example,dc=com')
try:
user.rename('uid=nolockusr1', newsuperior='ou=people,dc=example,dc=com')
except ldap.LDAPError as e:
log.error('Failed to move user uid=nolockusr1 from ou=groups to ou=people')
raise e
subtree = "ou=people"
log.info('Then wait for 11 secs and check if entries are inactivated')
time.sleep(11)
account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Disabled")
add_time_attr(topology_st, suffix, subtree, userid, nousrs, 'lastLoginTime')
> account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")

suites/plugins/accpol_test.py:1043:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/accpol_test.py:311: in account_status
raise e
suites/plugins/accpol_test.py:308: in account_status
user.bind(USER_PASW)
/usr/local/lib/python3.7/site-packages/lib389/idm/account.py:207: in bind
inst_clone.open(*args, **kwargs)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1079: in open
raise e
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1072: in open
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:446: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf8a4f6d0>
func = <built-in method result4 of LDAP object at 0x7fdbf8ec6660>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'Account inactivity limit exceeded. Contact system administrator to reset.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: CONSTRAINT_VIOLATION
-------------------------------Captured log call--------------------------------
INFO  lib389.utils:accpol_test.py:1026 Account should not be inactivated since the subtree is not configured INFO  lib389.utils:accpol_test.py:271 add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO  lib389.utils:accpol_test.py:1028 Sleep for 11 secs to check if account is not inactivated, expected value 0 INFO  lib389.utils:accpol_test.py:1031 Moving users from ou=groups to ou=people subtree INFO  lib389.utils:accpol_test.py:1039 Then wait for 11 secs and check if entries are inactivated INFO  lib389.utils:accpol_test.py:219 Enable account by replacing lastLoginTime/createTimeStamp/ModifyTimeStamp attribute ERROR  lib389.utils:accpol_test.py:310 User uid=nolockusr1,ou=people,dc=example,dc=com failed to login, expected 0
Failed suites/replication/changelog_test.py::test_verify_changelog_online_backup 7.14
topo = <lib389.topologies.TopologyMain object at 0x7fdbf8bec9d0>

def test_verify_changelog_online_backup(topo):
"""Check ldap operations in changelog dump file after online backup

:id: 4001c34f-35b4-439e-8c2d-fa7e30375219
:setup: Replication with two masters.
:steps: 1. Add user to server.
2. Take online backup using db2bak task.
3. Restore the database using bak2db task.
4. Perform ldap modify, modrdn and delete operations.
5. Dump the changelog to a file using nsds5task.
6. Check if changelog is updated with ldap operations.
:expectedresults:
1. Add user should PASS.
2. Backup of database should PASS.
3. Restore of database should PASS.
4. Ldap operations should PASS.
5. Changelog should be dumped successfully.
6. Changelog dump file should contain ldap operations
"""

backup_dir = os.path.join(topo.ms['master1'].get_bak_dir(), 'online_backup')
log.info('Run db2bak script to take database backup')
try:
topo.ms['master1'].tasks.db2bak(backup_dir=backup_dir, args={TASK_WAIT: True})
except ValueError:
log.fatal('test_changelog5: Online backup failed')
assert False

backup_checkdir = os.path.join(backup_dir, '.repl_changelog_backup', DEFAULT_CHANGELOG_DB)
if os.path.exists(backup_checkdir):
log.info('Database backup is created successfully')
else:
log.fatal('test_changelog5: backup directory does not exist : {}'.format(backup_checkdir))
assert False

log.info('Run bak2db to restore directory server')
try:
topo.ms['master1'].tasks.bak2db(backup_dir=backup_dir, args={TASK_WAIT: True})
except ValueError:
log.fatal('test_changelog5: Online restore failed')
assert False

log.info('LDAP operations add, modify, modrdn and delete')
_perform_ldap_operations(topo)
> changelog_ldif = _create_changelog_dump(topo)

suites/replication/changelog_test.py:485:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/replication/changelog_test.py:93: in _create_changelog_dump
replica.begin_task_cl2ldif()
/usr/local/lib/python3.7/site-packages/lib389/replica.py:1596: in begin_task_cl2ldif
self.replace('nsds5task', 'cl2ldif')
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:280: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf8bfda90>
func = <built-in method result4 of LDAP object at 0x7fdbf8bc25a0>
args = (111, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_ATTRIBUTE: {'desc': 'No such attribute'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_ATTRIBUTE
-------------------------------Captured log call--------------------------------
INFO  tests.suites.replication.changelog_test:changelog_test.py:462 Run db2bak script to take database backup INFO  lib389:tasks.py:602 Backup task backup_04292020_210056 completed successfully INFO  tests.suites.replication.changelog_test:changelog_test.py:471 Database backup is created successfully INFO  tests.suites.replication.changelog_test:changelog_test.py:476 Run bak2db to restore directory server INFO  lib389:tasks.py:656 Restore task restore_04292020_210058 completed successfully INFO  tests.suites.replication.changelog_test:changelog_test.py:483 LDAP operations add, modify, modrdn and delete INFO  tests.suites.replication.changelog_test:changelog_test.py:48 Adding user replusr INFO  tests.suites.replication.changelog_test:changelog_test.py:61 Modify RDN of user uid=replusr,ou=People,dc=example,dc=com INFO  tests.suites.replication.changelog_test:changelog_test.py:68 Deleting user: uid=cl5usr,ou=People,dc=example,dc=com INFO  tests.suites.replication.changelog_test:changelog_test.py:75 Dump changelog using nss5task and check if ldap operations are logged INFO  tests.suites.replication.changelog_test:changelog_test.py:79 Remove ldif files, if present in: /var/lib/dirsrv/slapd-master1/changelogdb INFO  tests.suites.replication.changelog_test:changelog_test.py:90 No existing changelog ldif files present INFO  tests.suites.replication.changelog_test:changelog_test.py:92 Running nsds5task to dump changelog database to a file
Failed suites/rewriters/basic_test.py::test_foo_filter_rewriter 4.52
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf89fb510>

def test_foo_filter_rewriter(topology_st):
"""
Test that example filter rewriter 'foo' is register and search use it
"""

libslapd = os.path.join( topology_st.standalone.ds_paths.lib_dir, 'dirsrv/libslapd.so')
# register foo filter rewriters
topology_st.standalone.add_s(Entry((
"cn=foo_filter,cn=rewriters,cn=config", {
"objectClass": "top",
"objectClass": "extensibleObject",
"cn": "foo_filter",
"nsslapd-libpath": libslapd,
"nsslapd-filterrewriter": "example_foo2cn_filter_rewriter",
}
)))


topology_st.standalone.restart(60)

# Check that the filter 'foo=foo' is rewritten into 'cn=foo'
ents = topology_st.standalone.search_s(rewriters_container, ldap.SCOPE_SUBTREE, '(foo=foo_filter)')
> assert len(ents) > 0
E assert 0 > 0
E + where 0 = len([])

suites/rewriters/basic_test.py:50: AssertionError
Failed suites/roles/basic_test.py::test_managedrole 0.11
topo = <lib389.topologies.TopologyMain object at 0x7fdbf89fb090>

def test_managedrole(topo):
'''
:id: d52a9c00-3bf6-11e9-9b7b-8c16451d917b
:setup: server
:steps:
1. Add test entry
2. Add ACI
3. Search managed role entries
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
'''
# Create Managed role entry
roles = ManagedRoles(topo.standalone, DEFAULT_SUFFIX)
role = roles.create(properties={"cn": 'ROLE1'})

# Create user and Assign the role to the entry
uas = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
uas.create(properties={
'uid': 'Fail',
'cn': 'Fail',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'Fail',
'nsRoleDN': role.dn,
'userPassword': PW_DM
})

# Create user and do not Assign any role to the entry
uas.create(
properties={
'uid': 'Success',
'cn': 'Success',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '2000',
'homeDirectory': '/home/' + 'Success',
'userPassword': PW_DM
})

# Assert that Manage role entry is created and its searchable
assert ManagedRoles(topo.standalone, DEFAULT_SUFFIX).list()[0].dn \
== 'cn=ROLE1,dc=example,dc=com'

# Set an aci that will deny ROLE1 manage role
Domain(topo.standalone, DEFAULT_SUFFIX).\
add('aci', '(targetattr=*)(version 3.0; aci "role aci";'
> ' deny(all) roledn="ldap:///{}";)'.format(role.dn),)

suites/roles/basic_test.py:188:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf8d91f10>
func = <built-in method result4 of LDAP object at 0x7fdbf89c22d0>
args = (67, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; deny(all) roledn=\\22ldap:///cn=ROLE1,dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/roles/basic_test.py::test_nestedrole 0.17
topo = <lib389.topologies.TopologyMain object at 0x7fdbf89fb090>, _final = None

def test_nestedrole(topo, _final):
"""
:id: 867b40c0-7fcf-4332-afc7-bd01025b77f2
:setup: Standalone server
:steps:
1. Add test entry
2. Add ACI
3. Search managed role entries
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Create Managed role entry
managed_roles = ManagedRoles(topo.standalone, DEFAULT_SUFFIX)
managed_role1 = managed_roles.create(properties={"cn": 'managed_role1'})
managed_role2 = managed_roles.create(properties={"cn": 'managed_role2'})

# Create nested role entry
nested_roles = NestedRoles(topo.standalone, DEFAULT_SUFFIX)
nested_role = nested_roles.create(properties={"cn": 'nested_role',
"nsRoleDN": [managed_role1.dn, managed_role2.dn]})

# Create user and assign managed role to it
users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
user1 = users.create_test_user(uid=1, gid=1)
user1.set('nsRoleDN', managed_role1.dn)
user1.set('userPassword', PW_DM)

# Create another user and assign managed role to it
user2 = users.create_test_user(uid=2, gid=2)
user2.set('nsRoleDN', managed_role2.dn)
user2.set('userPassword', PW_DM)

# Create another user and do not assign any role to it
user3 = users.create_test_user(uid=3, gid=3)
user3.set('userPassword', PW_DM)

# Create a ACI with deny access to nested role entry
Domain(topo.standalone, DEFAULT_SUFFIX).\
> add('aci', f'(targetattr=*)(version 3.0; aci '
f'"role aci"; deny(all) roledn="ldap:///{nested_role.dn}";)')

suites/roles/basic_test.py:274:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:269: in add
self.set(key, value, action=ldap.MOD_ADD)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf8d91f10>
func = <built-in method result4 of LDAP object at 0x7fdbf89c22d0>
args = (86, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; deny(all) roledn=\\22ldap:///cn=nested_role,dc=example,dc=com\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
Failed suites/sasl/regression_test.py::test_openldap_no_nss_crypto 31.66
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf8f554d0>

@pytest.mark.ds47536
def test_openldap_no_nss_crypto(topology_m2):
"""Check that we allow usage of OpenLDAP libraries
that don't use NSS for crypto

:id: 0a622f3d-8ba5-4df2-a1de-1fb2237da40a
:setup: Replication with two masters:
master_1 ----- startTLS -----> master_2;
master_1 <-- TLS_clientAuth -- master_2;
nsslapd-extract-pemfiles set to 'on' on both masters
without specifying cert names
:steps:
1. Add 5 users to master 1 and 2
2. Check that the users were successfully replicated
3. Relocate PEM files on master 1
4. Check PEM files in master 1 config directory
5. Add 5 users more to master 1 and 2
6. Check that the users were successfully replicated
7. Export userRoot on master 1
:expectedresults:
1. Users should be successfully added
2. Users should be successfully replicated
3. Operation should be successful
4. PEM files should be found
5. Users should be successfully added
6. Users should be successfully replicated
7. Operation should be successful
"""

log.info("Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto")

m1 = topology_m2.ms["master1"]
m2 = topology_m2.ms["master2"]
[i.enable_tls() for i in topology_m2]
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.test_replication(m1, m2)

add_entry(m1, 'master1', 'uid=m1user', 0, 5)
add_entry(m2, 'master2', 'uid=m2user', 0, 5)
repl.wait_for_replication(m1, m2)
repl.wait_for_replication(m2, m1)

log.info('##### Searching for entries on master1...')
entries = m1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
assert 10 == len(entries)

log.info('##### Searching for entries on master2...')
entries = m2.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
assert 10 == len(entries)

> relocate_pem_files(topology_m2)

suites/sasl/regression_test.py:155:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/sasl/regression_test.py:103: in relocate_pem_files
check_pems(m1confdir, mycacert, myservercert, myserverkey, "")
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

confdir = '/etc/dirsrv/slapd-master1', mycacert = 'MyCA'
myservercert = 'MyServerCert1', myserverkey = 'MyServerKey1', notexist = ''

def check_pems(confdir, mycacert, myservercert, myserverkey, notexist):
log.info("\n######################### Check PEM files (%s, %s, %s)%s in %s ######################\n"
% (mycacert, myservercert, myserverkey, notexist, confdir))
global cacert
cacert = '%s/%s.pem' % (confdir, mycacert)
if os.path.isfile(cacert):
if notexist == "":
log.info('%s is successfully generated.' % cacert)
else:
log.info('%s is incorrecly generated.' % cacert)
assert False
else:
if notexist == "":
log.fatal('%s is not generated.' % cacert)
> assert False
E assert False

suites/sasl/regression_test.py:61: AssertionError
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:139 Creating replication topology. INFO  lib389.topologies:topologies.py:153 Joining master master2 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master2 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists
-------------------------------Captured log call--------------------------------
INFO  tests.suites.sasl.regression_test:regression_test.py:134 Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldaps://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:63701 to ldaps://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:63702 is working INFO  tests.suites.sasl.regression_test:regression_test.py:36 ######################### Adding 5 entries to master1 ###################### INFO  tests.suites.sasl.regression_test:regression_test.py:36 ######################### Adding 5 entries to master2 ###################### INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldaps://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:63701 to ldaps://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:63702 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldaps://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:63702 to ldaps://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:63701 is working INFO  tests.suites.sasl.regression_test:regression_test.py:147 ##### Searching for entries on master1... INFO  tests.suites.sasl.regression_test:regression_test.py:151 ##### Searching for entries on master2... INFO  tests.suites.sasl.regression_test:regression_test.py:93 ######################### Relocate PEM files on master1 ###################### INFO  tests.suites.sasl.regression_test:regression_test.py:100 ##### restart master1 INFO  tests.suites.sasl.regression_test:regression_test.py:49 ######################### Check PEM files (MyCA, MyServerCert1, MyServerKey1) in /etc/dirsrv/slapd-master1 ###################### CRITICAL tests.suites.sasl.regression_test:regression_test.py:60 /etc/dirsrv/slapd-master1/MyCA.pem is not generated.
Failed tickets/ticket47653MMR_test.py::test_ticket47653_modify 0.28
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf8850410>

def test_ticket47653_modify(topology_m2):
'''
This test MOD an entry on MASTER1 where 47653 is fixed. Then it checks that update is replicated
on MASTER2 (even if on MASTER2 47653 is NOT fixed). Then update on MASTER2 (bound as BIND_DN).
This update may fail whether or not 47653 is fixed on MASTER2

It checks that, bound as bind_entry,
- we can not modify an entry without the proper SELFDN aci.
- adding the ACI, we can modify the entry
'''
# bind as bind_entry
topology_m2.ms["master1"].log.info("Bind as %s" % BIND_DN)
topology_m2.ms["master1"].simple_bind_s(BIND_DN, BIND_PW)

topology_m2.ms["master1"].log.info("\n\n######################### MODIFY ######################\n")

# entry to modify WITH member being BIND_DN but WITHOUT the ACI -> ldap.INSUFFICIENT_ACCESS
try:
topology_m2.ms["master1"].log.info("Try to modify %s (aci is missing)" % ENTRY_DN)
mod = [(ldap.MOD_REPLACE, 'postalCode', b'9876')]
topology_m2.ms["master1"].modify_s(ENTRY_DN, mod)
except Exception as e:
topology_m2.ms["master1"].log.info("Exception (expected): %s" % type(e).__name__)
assert isinstance(e, ldap.INSUFFICIENT_ACCESS)

# Ok Now add the proper ACI
topology_m2.ms["master1"].log.info("Bind as %s and add the WRITE SELFDN aci" % DN_DM)
topology_m2.ms["master1"].simple_bind_s(DN_DM, PASSWORD)

ACI_TARGET = "(target = \"ldap:///cn=*,%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_TARGETFILTER = "(targetfilter =\"(objectClass=%s)\")" % OC_NAME
ACI_ALLOW = "(version 3.0; acl \"SelfDN write\"; allow (write)"
ACI_SUBJECT = " userattr = \"member#selfDN\";)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_TARGETFILTER + ACI_ALLOW + ACI_SUBJECT
mod = [(ldap.MOD_ADD, 'aci', ensure_bytes(ACI_BODY))]
> topology_m2.ms["master1"].modify_s(SUFFIX, mod)

tickets/ticket47653MMR_test.py:273:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf88603d0>
func = <built-in method result4 of LDAP object at 0x7fdbf8852c00>
args = (78, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///cn=\\2a,dc=example,dc=com\\22)(targetattr = \\2a)(targetfilter =\\22(objectClass=OCticket47653)\\22)(version 3.0; acl \\22SelfDN write\\22; allow (write) userattr = \\22member#selfDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47653MMR_test.py:248 Bind as cn=bind_entry, dc=example,dc=com INFO  lib389:ticket47653MMR_test.py:251 ######################### MODIFY ###################### INFO  lib389:ticket47653MMR_test.py:255 Try to modify cn=test_entry, dc=example,dc=com (aci is missing) INFO  lib389:ticket47653MMR_test.py:259 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:ticket47653MMR_test.py:263 Bind as cn=Directory Manager and add the WRITE SELFDN aci
Failed tickets/ticket47781_test.py::test_ticket47781 4.08
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf857b290>

def test_ticket47781(topology_st):
"""
Testing for a deadlock after doing an online import of an LDIF with
replication data. The replication agreement should be invalid.
"""

log.info('Testing Ticket 47781 - Testing for deadlock after importing LDIF with replication data')

master = topology_st.standalone
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.create_first_master(master)

properties = {RA_NAME: r'meTo_$host:$port',
RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
# The agreement should point to a server that does NOT exist (invalid port)
repl_agreement = master.agreement.create(suffix=DEFAULT_SUFFIX,
host=master.host,
port=5555,
properties=properties)

#
# add two entries
#
log.info('Adding two entries...')

master.add_s(Entry(('cn=entry1,dc=example,dc=com', {
'objectclass': 'top person'.split(),
'sn': 'user',
'cn': 'entry1'})))

master.add_s(Entry(('cn=entry2,dc=example,dc=com', {
'objectclass': 'top person'.split(),
'sn': 'user',
'cn': 'entry2'})))

#
# export the replication ldif
#
log.info('Exporting replication ldif...')
args = {EXPORT_REPL_INFO: True}
exportTask = Tasks(master)
exportTask.exportLDIF(DEFAULT_SUFFIX, None, "/tmp/export.ldif", args)

#
# Restart the server
#
log.info('Restarting server...')
master.stop()
master.start()

#
# Import the ldif
#
log.info('Import replication LDIF file...')
importTask = Tasks(master)
args = {TASK_WAIT: True}
> importTask.importLDIF(DEFAULT_SUFFIX, None, "/tmp/export.ldif", args)

tickets/ticket47781_test.py:85:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fdbf8705e90>
suffix = 'dc=example,dc=com', benamebase = None, input_file = '/tmp/export.ldif'
args = {'wait': True}

def importLDIF(self, suffix=None, benamebase=None, input_file=None,
args=None):
'''
Import from a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

'input_file' is the ldif input file

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param ldif_input - file that will contain the entries in LDIF format
to import
@param args - is a dictionary that contains modifier of the import task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return

@return None

@raise ValueError

'''
if self.conn.state != DIRSRV_STATE_ONLINE:
raise ValueError("Invalid Server State %s! Must be online" % self.conn.state)

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not input_file:
raise ValueError("input_file is mandatory")

if not os.path.exists(input_file):
> raise ValueError("Import file (%s) does not exist" % input_file)
E ValueError: Import file (/tmp/export.ldif) does not exist

/usr/local/lib/python3.7/site-packages/lib389/tasks.py:456: ValueError
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO  lib389:tasks.py:551 Export task export_04292020_215449 for file /tmp/export.ldif completed successfully
Failed tickets/ticket47900_test.py::test_ticket47900 0.10
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8503dd0>

def test_ticket47900(topology_st):
"""
Test that password administrators/root DN can
bypass password syntax/policy.

We need to test how passwords are modified in
existing entries, and when adding new entries.

Create the Password Admin entry, but do not set
it as an admin yet. Use the entry to verify invalid
passwords are caught. Then activate the password
admin and make sure it can bypass password policy.
"""

# Prepare the Password Administator
entry = Entry(ADMIN_DN)
entry.setValues('objectclass', 'top', 'person')
entry.setValues('sn', ADMIN_NAME)
entry.setValues('cn', ADMIN_NAME)
entry.setValues('userpassword', ADMIN_PWD)

topology_st.standalone.log.info("Creating Password Administator entry %s..." % ADMIN_DN)
try:
topology_st.standalone.add_s(entry)
except ldap.LDAPError as e:
topology_st.standalone.log.error('Unexpected result ' + e.args[0]['desc'])
assert False
topology_st.standalone.log.error("Failed to add Password Administator %s, error: %s "
% (ADMIN_DN, e.args[0]['desc']))
assert False

topology_st.standalone.log.info("Configuring password policy...")
topology_st.standalone.config.replace_many(('nsslapd-pwpolicy-local', 'on'),
('passwordCheckSyntax', 'on'),
('passwordMinCategories', '1'),
('passwordMinTokenLength', '1'),
('passwordExp', 'on'),
('passwordMinDigits', '1'),
('passwordMinSpecials', '1'))

#
# Add an aci to allow everyone all access (just makes things easier)
#
topology_st.standalone.log.info("Add aci to allow password admin to add/update entries...")

ACI_TARGET = "(target = \"ldap:///%s\")" % SUFFIX
ACI_TARGETATTR = "(targetattr = *)"
ACI_ALLOW = "(version 3.0; acl \"Password Admin Access\"; allow (all) "
ACI_SUBJECT = "(userdn = \"ldap:///anyone\");)"
ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_ALLOW + ACI_SUBJECT
mod = [(ldap.MOD_ADD, 'aci', ensure_bytes(ACI_BODY))]
> topology_st.standalone.modify_s(SUFFIX, mod)

tickets/ticket47900_test.py:82:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf84d77d0>
func = <built-in method result4 of LDAP object at 0x7fdbf834f750>
args = (5, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target = \\22ldap:///dc=example,dc=com\\22)(targetattr = \\2a)(version 3.0; acl \\22Password Admin Access\\22; allow (all) (userdn = \\22ldap:///anyone\\22);)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47900_test.py:52 Creating Password Administator entry cn=passwd_admin,dc=example,dc=com... INFO  lib389:ticket47900_test.py:62 Configuring password policy... INFO  lib389:ticket47900_test.py:74 Add aci to allow password admin to add/update entries...
Failed tickets/ticket47973_test.py::test_ticket47973_case 5.09
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf9050990>

def test_ticket47973_case(topology_st):
log.info('Testing Ticket 47973 (case) - Test the cases in the original schema are preserved.')

log.info('case 1 - Test the cases in the original schema are preserved.')

tsfile = topology_st.standalone.schemadir + '/98test.ldif'
tsfd = open(tsfile, "w")
Mozattr0 = "MoZiLLaaTTRiBuTe"
testschema = "dn: cn=schema\nattributetypes: ( 8.9.10.11.12.13.14 NAME '" + Mozattr0 + "' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Dummy Schema' )\nobjectclasses: ( 1.2.3.4.5.6.7 NAME 'MozillaObject' SUP top MUST ( objectclass $ cn ) MAY ( " + Mozattr0 + " ) X-ORIGIN 'user defined' )"
tsfd.write(testschema)
tsfd.close()

try:
# run the schema reload task with the default schemadir
topology_st.standalone.tasks.schemaReload(schemadir=topology_st.standalone.schemadir,
args={TASK_WAIT: False})
except ValueError:
log.error('Schema Reload task failed.')
assert False

time.sleep(5)

try:
schemaentry = topology_st.standalone.search_s("cn=schema", ldap.SCOPE_BASE,
'objectclass=top',
["objectclasses"])
oclist = schemaentry[0].data.get("objectclasses")
except ldap.LDAPError as e:
log.error('Failed to get schema entry: error (%s)' % e.args[0]['desc'])
raise e

found = 0
for oc in oclist:
log.info('OC: %s' % oc)
moz = re.findall(Mozattr0, oc.decode('utf-8'))
if moz:
found = 1
log.info('case 1: %s is in the objectclasses list -- PASS' % Mozattr0)

if found == 0:
log.error('case 1: %s is not in the objectclasses list -- FAILURE' % Mozattr0)
> assert False
E assert False

tickets/ticket47973_test.py:156: AssertionError
-------------------------------Captured log call--------------------------------
INFO  lib389:tasks.py:1152 Schema Reload task (task-04292020_220345) completed successfully ERROR  tests.tickets.ticket47973_test:ticket47973_test.py:155 case 1: MoZiLLaaTTRiBuTe is not in the objectclasses list -- FAILURE
Failed tickets/ticket47988_test.py::test_ticket47988_init 5.91
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf3562b50>

def test_ticket47988_init(topology_m2):
"""
It adds
- Objectclass with MAY 'member'
- an entry ('bind_entry') with which we bind to test the 'SELFDN' operation
It deletes the anonymous aci

"""

_header(topology_m2, 'test_ticket47988_init')

# enable acl error logging
mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', ensure_bytes(str(8192)))] # REPL
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

mod = [(ldap.MOD_REPLACE, 'nsslapd-accesslog-level', ensure_bytes(str(260)))] # Internal op
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

# add dummy entries
for cpt in range(MAX_OTHERS):
name = "%s%d" % (OTHER_NAME, cpt)
topology_m2.ms["master1"].add_s(Entry(("cn=%s,%s" % (name, SUFFIX), {
'objectclass': "top person".split(),
'sn': name,
'cn': name})))

# check that entry 0 is replicated before
loop = 0
entryDN = "cn=%s0,%s" % (OTHER_NAME, SUFFIX)
while loop <= 10:
try:
ent = topology_m2.ms["master2"].getEntry(entryDN, ldap.SCOPE_BASE, "(objectclass=*)", ['telephonenumber'])
break
except ldap.NO_SUCH_OBJECT:
time.sleep(1)
loop += 1
assert (loop <= 10)

topology_m2.ms["master1"].stop(timeout=10)
topology_m2.ms["master2"].stop(timeout=10)

# install the specific schema M1: ipa3.3, M2: ipa4.1
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa3.3.tar.gz")
_install_schema(topology_m2.ms["master1"], schema_file)
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa4.1.tar.gz")
_install_schema(topology_m2.ms["master2"], schema_file)

> topology_m2.ms["master1"].start(timeout=10)

/export/tests/tickets/ticket47988_test.py:157:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:1135: in start
"dirsrv@%s" % self.serverid])
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

popenargs = (['systemctl', 'start', 'dirsrv@master1'],), kwargs = {}
retcode = 1, cmd = ['systemctl', 'start', 'dirsrv@master1']

def check_call(*popenargs, **kwargs):
"""Run command with arguments. Wait for command to complete. If
the exit code was zero then return, otherwise raise
CalledProcessError. The CalledProcessError object will have the
return code in the returncode attribute.

The arguments are the same as for the call function. Example:

check_call(["ls", "-l"])
"""
retcode = call(*popenargs, **kwargs)
if retcode:
cmd = kwargs.get("args")
if cmd is None:
cmd = popenargs[0]
> raise CalledProcessError(retcode, cmd)
E subprocess.CalledProcessError: Command '['systemctl', 'start', 'dirsrv@master1']' returned non-zero exit status 1.

/usr/lib64/python3.7/subprocess.py:363: CalledProcessError
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:139 Creating replication topology. INFO  lib389.topologies:topologies.py:153 Joining master master2 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master2 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists
------------------------------Captured stderr call------------------------------
Job for dirsrv@master1.service failed because the control process exited with error code. See "systemctl status dirsrv@master1.service" and "journalctl -xe" for details.
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47988_test.py:64 ############################################### INFO  lib389:ticket47988_test.py:65 ####### INFO  lib389:ticket47988_test.py:66 ####### test_ticket47988_init INFO  lib389:ticket47988_test.py:67 ####### INFO  lib389:ticket47988_test.py:68 ################################################### INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/02common.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-admin.ldif INFO  lib389:ticket47988_test.py:98 replace /etc/dirsrv/slapd-master1/schema/99user.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60nss-ldap.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60autofs.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-web.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60samba.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10dna-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/05rfc4523.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60basev2.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10automember-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/05rfc2927.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10mep-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60ipadns.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10rfc2307.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-mail.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/05rfc4524.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60trust.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60ipaconfig.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-directory.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60eduperson.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60mozilla.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/65ipasudo.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60rfc3712.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60rfc2739.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-value.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60acctpolicy.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/01core389.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60sabayon.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60pam-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/00core.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/25java-object.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60sudo.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/70ipaotp.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60pureftpd.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/61kerberos-ipav3.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60kerberos.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60basev3.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/06inetorgperson.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/30ns-common.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/28pilot.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/20subscriber.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-certificate.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60posix-winsync-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/02common.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-admin.ldif INFO  lib389:ticket47988_test.py:98 replace /etc/dirsrv/slapd-master2/schema/99user.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60nss-ldap.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60autofs.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-web.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60samba.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10dna-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/05rfc4523.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60basev2.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10automember-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/05rfc2927.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10mep-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60ipadns.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10rfc2307.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-mail.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/05rfc4524.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60trust.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60ipaconfig.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-directory.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60eduperson.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60mozilla.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/65ipasudo.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60rfc3712.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60rfc2739.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-value.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60acctpolicy.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/01core389.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60sabayon.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60pam-plugin.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/00core.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/25java-object.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60sudo.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/70ipaotp.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60pureftpd.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/61kerberos-ipav3.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60kerberos.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60basev3.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/06inetorgperson.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/30ns-common.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/28pilot.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/20subscriber.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-certificate.ldif INFO  lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60posix-winsync-plugin.ldif
Failed tickets/ticket47988_test.py::test_ticket47988_1 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf3562b50>

def test_ticket47988_1(topology_m2):
'''
Check that replication is working and pause replication M2->M1
'''
_header(topology_m2, 'test_ticket47988_1')

topology_m2.ms["master1"].log.debug("\n\nCheck that replication is working and pause replication M2->M1\n")
> _do_update_entry(supplier=topology_m2.ms["master2"], consumer=topology_m2.ms["master1"], attempts=5)

/export/tests/tickets/ticket47988_test.py:234:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:184: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf35f0a50>
func = <built-in method result4 of LDAP object at 0x7fdbf3557540>
args = (28, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47988_test.py:64 ############################################### INFO  lib389:ticket47988_test.py:65 ####### INFO  lib389:ticket47988_test.py:66 ####### test_ticket47988_1 INFO  lib389:ticket47988_test.py:67 ####### INFO  lib389:ticket47988_test.py:68 ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_2 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf3562b50>

def test_ticket47988_2(topology_m2):
'''
Update M1 schema and trigger update M1->M2
So M1 should learn new/extended definitions that are in M2 schema
'''
_header(topology_m2, 'test_ticket47988_2')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:246:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:605: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:148: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf35f5050>
func = <built-in method result4 of LDAP object at 0x7fdbf35f6390>
args = (64, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47988_test.py:64 ############################################### INFO  lib389:ticket47988_test.py:65 ####### INFO  lib389:ticket47988_test.py:66 ####### test_ticket47988_2 INFO  lib389:ticket47988_test.py:67 ####### INFO  lib389:ticket47988_test.py:68 ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_3 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf3562b50>

def test_ticket47988_3(topology_m2):
'''
Resume replication M2->M1 and check replication is still working
'''
_header(topology_m2, 'test_ticket47988_3')

> _resume_M2_to_M1(topology_m2)

/export/tests/tickets/ticket47988_test.py:283:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:222: in _resume_M2_to_M1
ents = topology_m2.ms["master2"].agreement.list(suffix=SUFFIX)
/usr/local/lib/python3.7/site-packages/lib389/agreement.py:899: in list
replica_entries = self.conn.replica.list(suffix)
/usr/local/lib/python3.7/site-packages/lib389/replica.py:177: in list
ents = self.conn.search_s(base, ldap.SCOPE_SUBTREE, filtr)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf35f0a50>
func = <built-in method search_ext of LDAP object at 0x7fdbf3557540>
args = ('cn=mapping tree,cn=config', 2, '(&(objectclass=nsds5Replica)(nsDS5ReplicaRoot=dc=example,dc=com))', None, 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47988_test.py:64 ############################################### INFO  lib389:ticket47988_test.py:65 ####### INFO  lib389:ticket47988_test.py:66 ####### test_ticket47988_3 INFO  lib389:ticket47988_test.py:67 ####### INFO  lib389:ticket47988_test.py:68 ################################################### INFO  lib389:ticket47988_test.py:221 ######################### resume RA M2->M1 ######################
Failed tickets/ticket47988_test.py::test_ticket47988_4 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf3562b50>

def test_ticket47988_4(topology_m2):
'''
Check schemaCSN is identical on both server
And save the nsschemaCSN to later check they do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_4')

> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:295:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:605: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf35f5050>
func = <built-in method search_ext of LDAP object at 0x7fdbf35f6390>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47988_test.py:64 ############################################### INFO  lib389:ticket47988_test.py:65 ####### INFO  lib389:ticket47988_test.py:66 ####### test_ticket47988_4 INFO  lib389:ticket47988_test.py:67 ####### INFO  lib389:ticket47988_test.py:68 ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_5 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf3562b50>

def test_ticket47988_5(topology_m2):
'''
Check schemaCSN do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_5')

> _do_update_entry(supplier=topology_m2.ms["master1"], consumer=topology_m2.ms["master2"], attempts=5)

/export/tests/tickets/ticket47988_test.py:313:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:184: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf35f5050>
func = <built-in method modify_ext of LDAP object at 0x7fdbf35f6390>
args = ('cn=other_entry0,dc=example,dc=com', [(2, 'telephonenumber', b'150')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47988_test.py:64 ############################################### INFO  lib389:ticket47988_test.py:65 ####### INFO  lib389:ticket47988_test.py:66 ####### test_ticket47988_5 INFO  lib389:ticket47988_test.py:67 ####### INFO  lib389:ticket47988_test.py:68 ###################################################
Failed tickets/ticket47988_test.py::test_ticket47988_6 0.00
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf3562b50>

def test_ticket47988_6(topology_m2):
'''
Update M1 schema and trigger update M2->M1
So M2 should learn new/extended definitions that are in M1 schema
'''

_header(topology_m2, 'test_ticket47988_6')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:336:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/schema.py:605: in get_schema_csn
"objectclass=*", ['nsSchemaCSN'])
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:847: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:843: in search_ext
timeout,sizelimit,
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf35f5050>
func = <built-in method search_ext of LDAP object at 0x7fdbf35f6390>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket47988_test.py:64 ############################################### INFO  lib389:ticket47988_test.py:65 ####### INFO  lib389:ticket47988_test.py:66 ####### test_ticket47988_6 INFO  lib389:ticket47988_test.py:67 ####### INFO  lib389:ticket47988_test.py:68 ###################################################
Failed tickets/ticket48005_test.py::test_ticket48005_usn 4.69
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf8c9f490>

def test_ticket48005_usn(topology_st):
'''
Enable entryusn
Delete all user entries.
Run USN tombstone cleanup task
Shutdown the server
Check if a core file was generated or not
If no core was found, this test case was successful.
'''
log.info("Ticket 48005 usn test...")
topology_st.standalone.plugins.enable(name=PLUGIN_USN)

topology_st.standalone.restart(timeout=10)

try:
> entries = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, "(objectclass=inetorgperson)")

/export/tests/tickets/ticket48005_test.py:283:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:854: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:848: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:148: in inner
objtype, data = f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:740: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:744: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf8894490>
func = <built-in method result4 of LDAP object at 0x7fdbf35397b0>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'desc': 'No such object'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: NO_SUCH_OBJECT
-------------------------------Captured log call--------------------------------
INFO  tests.tickets.ticket48005_test:ticket48005_test.py:277 Ticket 48005 usn test...
Failed tickets/ticket48194_test.py::test_run_0 5.45
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf35dc7d0>

def test_run_0(topology_st):
"""
Check nsSSL3Ciphers: +all
All ciphers are enabled except null.
Note: allowWeakCipher: on
"""
_header(topology_st, 'Test Case 1 - Check the ciphers availability for "+all"; allowWeakCipher: on')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.restart(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', True)

/export/tests/tickets/ticket48194_test.py:134:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf35dc7d0>
cipher = 'DES-CBC3-SHA', expect = True

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:108: AssertionError
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket48194_test.py:40 ############################################### INFO  lib389:ticket48194_test.py:41 ####### Test Case 1 - Check the ciphers availability for "+all"; allowWeakCipher: on INFO  lib389:ticket48194_test.py:42 ############################################### INFO  lib389.utils:ticket48194_test.py:131 ######################### Restarting the server ###################### INFO  lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake successfully INFO  lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO  lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n'
Failed tickets/ticket48194_test.py::test_run_2 6.84
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf35dc7d0>

def test_run_2(topology_st):
"""
Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+rsa_aes_128_sha,+rsa_aes_256_sha')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_1' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)
connectWithOpenssl(topology_st, 'AES256-SHA256', False)
> connectWithOpenssl(topology_st, 'AES128-SHA', True)

/export/tests/tickets/ticket48194_test.py:184:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf35dc7d0>
cipher = 'AES128-SHA', expect = True

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:108: AssertionError
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket48194_test.py:40 ############################################### INFO  lib389:ticket48194_test.py:41 ####### Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher INFO  lib389:ticket48194_test.py:42 ############################################### INFO  lib389.utils:ticket48194_test.py:175 ######################### Restarting the server ###################### INFO  lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO  lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO  lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n' INFO  lib389.utils:ticket48194_test.py:86 Testing AES256-SHA256 -- expect to handshake failed INFO  lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES256-SHA256 INFO  lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n' INFO  lib389.utils:ticket48194_test.py:86 Testing AES128-SHA -- expect to handshake successfully INFO  lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES128-SHA INFO  lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n'
Failed tickets/ticket48194_test.py::test_run_9 6.91
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf35dc7d0>

def test_run_9(topology_st):
"""
Check no nsSSL3Ciphers
Default ciphers are enabled.
allowWeakCipher: on
nsslapd-errorlog-level: 0
"""
_header(topology_st,
'Test Case 10 - Check no nsSSL3Ciphers (default setting) with no errorlog-level & allowWeakCipher on')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', None),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'on')])
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_8' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', True)

/export/tests/tickets/ticket48194_test.py:323:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf35dc7d0>
cipher = 'DES-CBC3-SHA', expect = True

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:108: AssertionError
-------------------------------Captured log call--------------------------------
INFO  lib389:ticket48194_test.py:40 ############################################### INFO  lib389:ticket48194_test.py:41 ####### Test Case 10 - Check no nsSSL3Ciphers (default setting) with no errorlog-level & allowWeakCipher on INFO  lib389:ticket48194_test.py:42 ############################################### INFO  lib389.utils:ticket48194_test.py:316 ######################### Restarting the server ###################### INFO  lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake successfully INFO  lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO  lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n'
Failed tickets/ticket48637_test.py::test_ticket48637 5.02
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf320e2d0>

def test_ticket48637(topology_st):
"""Test for entry cache corruption

This requires automember and managed entry plugins to be configured.

Then remove the group that automember would use to trigger a failure when
adding a new entry. Automember fails, and then managed entry also fails.

Make sure a base search on the entry returns error 32
"""

if DEBUGGING:
# Add debugging steps(if any)...
pass

#
# Add our setup entries
#
try:
topology_st.standalone.add_s(Entry((PEOPLE_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'people'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add people ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((GROUP_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'groups'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add groups ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_OU, {
'objectclass': 'top extensibleObject'.split(),
'ou': 'mep'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_TEMPLATE, {
'objectclass': 'top mepTemplateEntry'.split(),
'cn': 'mep template',
'mepRDNAttr': 'cn',
'mepStaticAttr': 'objectclass: groupofuniquenames',
'mepMappedAttr': 'cn: $uid'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

#
# Configure automember
#
try:
topology_st.standalone.add_s(Entry((AUTO_DN, {
'cn': 'All Users',
'objectclass': ['top', 'autoMemberDefinition'],
'autoMemberScope': 'dc=example,dc=com',
'autoMemberFilter': 'objectclass=person',
'autoMemberDefaultGroup': GROUP_DN,
'autoMemberGroupingAttr': 'uniquemember:dn'})))
except ldap.LDAPError as e:
log.fatal('Failed to configure automember plugin : ' + str(e))
assert False

#
# Configure managed entry plugin
#
try:
topology_st.standalone.add_s(Entry((MEP_DN, {
'cn': 'MEP Definition',
'objectclass': ['top', 'extensibleObject'],
'originScope': 'ou=people,dc=example,dc=com',
'originFilter': 'objectclass=person',
'managedBase': 'ou=groups,dc=example,dc=com',
'managedTemplate': MEP_TEMPLATE})))
except ldap.LDAPError as e:
log.fatal('Failed to configure managed entry plugin : ' + str(e))
assert False

#
# Restart DS
#
topology_st.standalone.restart(timeout=30)

#
# Add entry that should fail since the automember group does not exist
#
try:
topology_st.standalone.add_s(Entry((USER_DN, {
'uid': 'test',
'objectclass': ['top', 'person', 'extensibleObject'],
'sn': 'test',
'cn': 'test'})))
except ldap.LDAPError as e:
pass

#
# Search for the entry - it should not be returned
#
try:
entry = topology_st.standalone.search_s(USER_DN, ldap.SCOPE_SUBTREE,
'objectclass=*')
if entry:
log.fatal('Entry was incorrectly returned')
> assert False
E assert False

/export/tests/tickets/ticket48637_test.py:139: AssertionError
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
CRITICAL tests.tickets.ticket48637_test:ticket48637_test.py:138 Entry was incorrectly returned
Failed tickets/ticket48784_test.py::test_ticket48784 38.42
Fixture "add_entry" called directly. Fixtures are not meant to be called directly,
but are created automatically when test functions request them as parameters.
See https://docs.pytest.org/en/latest/fixture.html for more information about fixtures, and
https://docs.pytest.org/en/latest/deprecations.html#calling-fixtures-directly about how to update your code.
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:139 Creating replication topology. INFO  lib389.topologies:topologies.py:153 Joining master master2 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master2 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists
-------------------------------Captured log call--------------------------------
INFO  tests.tickets.ticket48784_test:ticket48784_test.py:90 Ticket 48784 - Allow usage of OpenLDAP libraries that don't use NSS for crypto INFO  tests.tickets.ticket48784_test:ticket48784_test.py:50 ######################### Configure SSL/TLS agreements ###################### INFO  tests.tickets.ticket48784_test:ticket48784_test.py:51 ######################## master1 <-- startTLS -> master2 ##################### INFO  tests.tickets.ticket48784_test:ticket48784_test.py:53 ##### Update the agreement of master1 INFO  tests.tickets.ticket48784_test:ticket48784_test.py:58 ##### Update the agreement of master2 INFO  tests.tickets.ticket48784_test:ticket48784_test.py:68 ######################### Configure SSL/TLS agreements Done ######################
Failed tickets/ticket48961_test.py::test_ticket48961_storagescheme 0.26
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf3567c90>

def test_ticket48961_storagescheme(topology_st):
"""
Test deleting of the storage scheme.
"""

default = topology_st.standalone.config.get_attr_val('passwordStorageScheme')
# Change it
topology_st.standalone.config.set('passwordStorageScheme', 'CLEAR')
# Now delete it
> topology_st.standalone.config.remove('passwordStorageScheme', None)

/export/tests/tickets/ticket48961_test.py:28:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:316: in remove
self.set(key, value, action=ldap.MOD_DELETE)
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf2ed9d90>
func = <built-in method result4 of LDAP object at 0x7fdbf2eae300>
args = (5, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.OPERATIONS_ERROR: {'desc': 'Operations error', 'info': 'passwordStorageScheme: deleting the value is not allowed.'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: OPERATIONS_ERROR
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Failed tickets/ticket48961_test.py::test_ticket48961_deleteall 0.00
topology_st = <lib389.topologies.TopologyMain object at 0x7fdbf3567c90>

def test_ticket48961_deleteall(topology_st):
"""
Test that we can delete all valid attrs, and that a few are rejected.
"""
attr_to_test = {
'nsslapd-listenhost': 'localhost',
'nsslapd-securelistenhost': 'localhost',
'nsslapd-allowed-sasl-mechanisms': 'GSSAPI',
'nsslapd-svrtab': 'Some bogus data', # This one could reset?
}
attr_to_fail = {
# These are the values that should always be dn dse.ldif too
'nsslapd-localuser': 'dirsrv',
'nsslapd-defaultnamingcontext': 'dc=example,dc=com', # Can't delete
'nsslapd-accesslog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/access',
'nsslapd-auditlog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/audit',
'nsslapd-errorlog': '/opt/dirsrv/var/log/dirsrv/slapd-standalone/errors',
'nsslapd-tmpdir': '/tmp',
'nsslapd-rundir': '/opt/dirsrv/var/run/dirsrv',
'nsslapd-bakdir': '/opt/dirsrv/var/lib/dirsrv/slapd-standalone/bak',
'nsslapd-certdir': '/opt/dirsrv/etc/dirsrv/slapd-standalone',
'nsslapd-instancedir': '/opt/dirsrv/lib/dirsrv/slapd-standalone',
'nsslapd-ldifdir': '/opt/dirsrv/var/lib/dirsrv/slapd-standalone/ldif',
'nsslapd-lockdir': '/opt/dirsrv/var/lock/dirsrv/slapd-standalone',
'nsslapd-schemadir': '/opt/dirsrv/etc/dirsrv/slapd-standalone/schema',
'nsslapd-workingdir': '/opt/dirsrv/var/log/dirsrv/slapd-standalone',
'nsslapd-localhost': 'localhost.localdomain',
# These can't be reset, but might be in dse.ldif. Probably in libglobs.
'nsslapd-certmap-basedn': 'cn=certmap,cn=config',
'nsslapd-port': '38931', # Can't delete
'nsslapd-secureport': '636', # Can't delete
'nsslapd-conntablesize': '1048576',
'nsslapd-rootpw': '{SSHA512}...',
# These are hardcoded server magic.
'nsslapd-hash-filters': 'off', # Can't delete
'nsslapd-requiresrestart': 'cn=config:nsslapd-port', # Can't change
'nsslapd-plugin': 'cn=case ignore string syntax,cn=plugins,cn=config', # Can't change
'nsslapd-privatenamespaces': 'cn=schema', # Can't change
'nsslapd-allowed-to-delete-attrs': 'None', # Can't delete
'nsslapd-accesslog-list': 'List!', # Can't delete
'nsslapd-auditfaillog-list': 'List!',
'nsslapd-auditlog-list': 'List!',
'nsslapd-errorlog-list': 'List!',
'nsslapd-config': 'cn=config',
'nsslapd-versionstring': '389-Directory/1.3.6.0',
'objectclass': '',
'cn': '',
# These are the odd values
'nsslapd-backendconfig': 'cn=config,cn=userRoot,cn=ldbm database,cn=plugins,cn=config', # Doesn't exist?
'nsslapd-betype': 'ldbm database', # Doesn't exist?
'nsslapd-connection-buffer': 1, # Has an ldap problem
'nsslapd-malloc-mmap-threshold': '-10', # Defunct anyway
'nsslapd-malloc-mxfast': '-10',
'nsslapd-malloc-trim-threshold': '-10',
'nsslapd-referralmode': '',
'nsslapd-saslpath': '',
'passwordadmindn': '',
}

> config_entry = topology_st.standalone.config.raw_entry()

/export/tests/tickets/ticket48961_test.py:101:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.config.Config object at 0x7fdbf33e1190>, name = 'raw_entry'

def __getattr__(self, name):
"""This enables a bit of magic to allow us to wrap any function ending with
_json to it's form without json, then transformed. It means your function
*must* return it's values as a dict of:

{ attr : [val, val, ...], attr : [], ... }
to be supported.
"""

if (name.endswith('_json')):
int_name = name.replace('_json', '')
pfunc = partial(self._jsonify, getattr(self, int_name))
return pfunc
else:
> raise AttributeError("'%s' object has no attribute '%s'" % (self.__class__.__name__, name))
E AttributeError: 'Config' object has no attribute 'raw_entry'

/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:199: AttributeError
Failed tickets/ticket48973_test.py::test_ticket48973_homeDirectory_indexing 10.05
topology = <tests.tickets.ticket48973_test.TopologyStandalone object at 0x7fdbf32dba50>

def test_ticket48973_homeDirectory_indexing(topology):
"""
Check that homedirectory is indexed with syntax (ces)
- triggers index
- no failure on index
- do a search indexed with exact value (ces) and no default_mr_indexer_create warning
- do a search indexed with uppercase value (ces) and no default_mr_indexer_create warning
"""
entry_ext = 1

try:
ent = topology.standalone.getEntry(HOMEDIRECTORY_INDEX, ldap.SCOPE_BASE)
except ldap.NO_SUCH_OBJECT:
topology.standalone.add_s(Entry((HOMEDIRECTORY_INDEX, {
'objectclass': "top nsIndex".split(),
'cn': HOMEDIRECTORY_CN,
'nsSystemIndex': 'false',
'nsIndexType': 'eq'})))

args = {TASK_WAIT: True}
topology.standalone.tasks.reindex(suffix=SUFFIX, attrname='homeDirectory', args=args)

log.info("Check indexing succeeded with no specified matching rule")
assert not _find_first_indexing_failure(topology, "unknown or invalid matching rule")
assert not _find_first_indexing_failure(topology, "default_mr_indexer_create: warning")
assert not _find_first_indexing_failure(topology, "default_mr_indexer_create - Plugin .* does not handle")

_check_entry(topology, filterHead="homeDirectory", filterValueUpper=False, entry_ext=entry_ext,found=True, indexed=True)

> _check_entry(topology, filterHead="homeDirectory:caseExactIA5Match:", filterValueUpper=False, entry_ext=entry_ext, found=True, indexed=False)

/export/tests/tickets/ticket48973_test.py:251:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology = <tests.tickets.ticket48973_test.TopologyStandalone object at 0x7fdbf32dba50>
filterHead = 'homeDirectory:caseExactIA5Match:', filterValueUpper = False
entry_ext = 1, found = True, indexed = False

def _check_entry(topology, filterHead=None, filterValueUpper=False, entry_ext=None, found=False, indexed=False):
# Search with CES with exact value -> find an entry + indexed
if filterValueUpper:
homehead = HOMEHEAD.upper()
else:
homehead = HOMEHEAD
searchedHome = "%s%d" % (homehead, entry_ext)
Filter = "(%s=%s)" % (filterHead, searchedHome)
log.info("Search %s" % Filter)
ents = topology.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, Filter)
if found:
assert len(ents) == 1
assert ents[0].hasAttr('homedirectory')
valueHome = ensure_bytes("%s%d" % (HOMEHEAD, entry_ext))
assert valueHome in ents[0].getValues('homedirectory')
else:
assert len(ents) == 0

result = _find_next_notes(topology, Filter)
log.info("result=%s" % result)
if indexed:
assert not "notes=U" in result
else:
> assert "notes=U" in result
E AssertionError: assert 'notes=U' in '[29/Apr/2020:22:28:36.453072442 -0400] conn=1 op=2 RESULT err=0 tag=101 nentries=1 etime=0.005970486\n'

/export/tests/tickets/ticket48973_test.py:188: AssertionError
-------------------------------Captured log call--------------------------------
INFO  lib389:tasks.py:781 Index task index_attrs_04292020_222830 completed successfully INFO  tests.tickets.ticket48973_test:ticket48973_test.py:244 Check indexing succeeded with no specified matching rule INFO  tests.tickets.ticket48973_test:ticket48973_test.py:173 Search (homeDirectory=/home/xyz_1) INFO  tests.tickets.ticket48973_test:ticket48973_test.py:184 result=[29/Apr/2020:22:28:32.701978336 -0400] conn=1 op=10 RESULT err=0 tag=101 nentries=1 etime=0.000695763 INFO  tests.tickets.ticket48973_test:ticket48973_test.py:173 Search (homeDirectory:caseExactIA5Match:=/home/xyz_1) INFO  tests.tickets.ticket48973_test:ticket48973_test.py:184 result=[29/Apr/2020:22:28:36.453072442 -0400] conn=1 op=2 RESULT err=0 tag=101 nentries=1 etime=0.005970486
Failed tickets/ticket49073_test.py::test_ticket49073 8.07
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf315e410>

def test_ticket49073(topology_m2):
"""Write your replication test here.

To access each DirSrv instance use: topology_m2.ms["master1"], topology_m2.ms["master2"],
..., topology_m2.hub1, ..., topology_m2.consumer1,...

Also, if you need any testcase initialization,
please, write additional fixture for that(include finalizer).
"""
topology_m2.ms["master1"].plugins.enable(name=PLUGIN_MEMBER_OF)
topology_m2.ms["master1"].restart(timeout=10)
topology_m2.ms["master2"].plugins.enable(name=PLUGIN_MEMBER_OF)
topology_m2.ms["master2"].restart(timeout=10)

# Configure fractional to prevent total init to send memberof
ents = topology_m2.ms["master1"].agreement.list(suffix=SUFFIX)
assert len(ents) == 1
log.info('update %s to add nsDS5ReplicatedAttributeListTotal' % ents[0].dn)
topology_m2.ms["master1"].modify_s(ents[0].dn,
[(ldap.MOD_REPLACE,
'nsDS5ReplicatedAttributeListTotal',
'(objectclass=*) $ EXCLUDE '),
(ldap.MOD_REPLACE,
'nsDS5ReplicatedAttributeList',
> '(objectclass=*) $ EXCLUDE memberOf')])

/export/tests/tickets/ticket49073_test.py:103:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:631: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:603: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:600: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdbf82983d0>
func = <built-in method modify_ext of LDAP object at 0x7fdbf31b7690>
args = ('cn=002,cn=replica,cn=dc\\3Dexample\\2Cdc\\3Dcom,cn=mapping tree,cn=config', [(2, 'nsDS5ReplicatedAttributeListTotal', '(objectclass=*) $ EXCLUDE '), (2, 'nsDS5ReplicatedAttributeList', '(objectclass=*) $ EXCLUDE memberOf')], None, None)
kwargs = {}, diagnostic_message_success = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', '(')

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: TypeError
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:139 Creating replication topology. INFO  lib389.topologies:topologies.py:153 Joining master master2 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master2 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists
-------------------------------Captured log call--------------------------------
INFO  tests.tickets.ticket49073_test:ticket49073_test.py:96 update cn=002,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config to add nsDS5ReplicatedAttributeListTotal
Failed tickets/ticket49192_test.py::test_ticket49192 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdbf2c92050>

def test_ticket49192(topo):
"""Trigger deadlock when removing suffix
"""

#
# Create a second suffix/backend
#
log.info('Creating second backend...')
topo.standalone.backends.create(None, properties={
BACKEND_NAME: "Second_Backend",
> 'suffix': "o=hang.com",
})

/export/tests/tickets/ticket49192_test.py:37:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:1197: in create
return co.create(rdn, properties, self._basedn)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.backend.Backend object at 0x7fdbf30c8a90>, dn = None
properties = {'name': 'Second_Backend', 'suffix': 'o=hang.com'}
basedn = 'cn=ldbm database,cn=plugins,cn=config'

def create(self, dn=None, properties=None, basedn=DN_LDBM):
"""Add a new backend entry, create mapping tree,
and, if requested, sample entries

:param dn: DN of the new entry
:type dn: str
:param properties: Attributes and parameters for the new entry
:type properties: dict
:param basedn: Base DN of the new entry
:type basedn: str

:returns: DSLdapObject of the created entry
"""

sample_entries = False
parent_suffix = False

# normalize suffix (remove spaces between comps)
if dn is not None:
dn_comps = ldap.dn.explode_dn(dn.lower())
dn = ",".join(dn_comps)

if properties is not None:
> suffix_dn = properties['nsslapd-suffix'].lower()
E KeyError: 'nsslapd-suffix'

/usr/local/lib/python3.7/site-packages/lib389/backend.py:580: KeyError
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO  tests.tickets.ticket49192_test:ticket49192_test.py:34 Creating second backend...
Failed tickets/ticket49463_test.py::test_ticket_49463 309.36
topo = <lib389.topologies.TopologyMain object at 0x7fdbf857fa10>

def test_ticket_49463(topo):
"""Specify a test case purpose or name here

:id: 2a68e8be-387d-4ac7-9452-1439e8483c13
:setup: Fill in set up configuration here
:steps:
1. Enable fractional replication
2. Enable replication logging
3. Check that replication is working fine
4. Generate skipped updates to create keep alive entries
5. Remove M3 from the topology
6. issue cleanAllRuv FORCE that will run on M1 then propagated M2 and M4
7. Check that Number DEL keep alive '3' is <= 1
8. Check M1 is the originator of cleanAllRuv and M2/M4 the propagated ones
9. Check replication M1,M2 and M4 can recover
10. Remove M4 from the topology
11. Issue cleanAllRuv not force while M2 is stopped (that hangs the cleanAllRuv)
12. Check that nsds5ReplicaCleanRUV is correctly encoded on M1 (last value: 1)
13. Check that nsds5ReplicaCleanRUV encoding survives M1 restart
14. Check that nsds5ReplicaCleanRUV encoding is valid on M2 (last value: 0)
15. Check that (for M4 cleanAllRUV) M1 is Originator and M2 propagation
:expectedresults:
1. No report of failure when the RUV is updated
"""

# Step 1 - Configure fractional (skip telephonenumber) replication
M1 = topo.ms["master1"]
M2 = topo.ms["master2"]
M3 = topo.ms["master3"]
M4 = topo.ms["master4"]
repl = ReplicationManager(DEFAULT_SUFFIX)
fractional_server_to_replica(M1, M2)
fractional_server_to_replica(M1, M3)
fractional_server_to_replica(M1, M4)

fractional_server_to_replica(M2, M1)
fractional_server_to_replica(M2, M3)
fractional_server_to_replica(M2, M4)

fractional_server_to_replica(M3, M1)
fractional_server_to_replica(M3, M2)
fractional_server_to_replica(M3, M4)

fractional_server_to_replica(M4, M1)
fractional_server_to_replica(M4, M2)
fractional_server_to_replica(M4, M3)

# Step 2 - enable internal op logging and replication debug
for i in (M1, M2, M3, M4):
i.config.loglevel(vals=[256 + 4], service='access')
i.config.loglevel(vals=[LOG_REPLICA, LOG_DEFAULT], service='error')

# Step 3 - Check that replication is working fine
add_user(M1, 11, desc="add to M1")
add_user(M2, 21, desc="add to M2")
add_user(M3, 31, desc="add to M3")
add_user(M4, 41, desc="add to M4")

for i in (M1, M2, M3, M4):
for j in (M1, M2, M3, M4):
if i == j:
continue
repl.wait_for_replication(i, j)

# Step 4 - Generate skipped updates to create keep alive entries
for i in (M1, M2, M3, M4):
cn = '%s_%d' % (USER_CN, 11)
dn = 'uid=%s,ou=People,%s' % (cn, SUFFIX)
users = UserAccount(i, dn)
for j in range(110):
users.set('telephoneNumber', str(j))

# Step 5 - Remove M3 from the topology
M3.stop()
M1.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
M2.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)
M4.agreement.delete(suffix=SUFFIX, consumer_host=M3.host, consumer_port=M3.port)

# Step 6 - Then issue cleanAllRuv FORCE that will run on M1, M2 and M4
M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='3',
force=True, args={TASK_WAIT: True})

# Step 7 - Count the number of received DEL of the keep alive 3
for i in (M1, M2, M4):
i.restart()
regex = re.compile(".*DEL dn=.cn=repl keep alive 3.*")
for i in (M1, M2, M4):
count = count_pattern_accesslog(M1, regex)
log.debug("count on %s = %d" % (i, count))

# check that DEL is replicated once (If DEL is kept in the fix)
# check that DEL is is not replicated (If DEL is finally no long done in the fix)
assert ((count == 1) or (count == 0))

# Step 8 - Check that M1 is Originator of cleanAllRuv and M2, M4 propagation
regex = re.compile(".*Original task deletes Keep alive entry .3.*")
assert pattern_errorlog(M1, regex)

regex = re.compile(".*Propagated task does not delete Keep alive entry .3.*")
assert pattern_errorlog(M2, regex)
assert pattern_errorlog(M4, regex)

# Step 9 - Check replication M1,M2 and M4 can recover
add_user(M1, 12, desc="add to M1")
add_user(M2, 22, desc="add to M2")
for i in (M1, M2, M4):
for j in (M1, M2, M4):
if i == j:
continue
repl.wait_for_replication(i, j)

# Step 10 - Remove M4 from the topology
M4.stop()
M1.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)
M2.agreement.delete(suffix=SUFFIX, consumer_host=M4.host, consumer_port=M4.port)

# Step 11 - Issue cleanAllRuv not force while M2 is stopped (that hangs the cleanAllRuv)
M2.stop()
M1.tasks.cleanAllRUV(suffix=SUFFIX, replicaid='4',
force=False, args={TASK_WAIT: False})

# Step 12
# CleanAllRuv is hanging waiting for M2 to restart
# Check that nsds5ReplicaCleanRUV is correctly encoded on M1
replicas = Replicas(M1)
replica = replicas.list()[0]
time.sleep(0.5)
replica.present('nsds5ReplicaCleanRUV')
log.info("M1: nsds5ReplicaCleanRUV=%s" % replica.get_attr_val_utf8('nsds5replicacleanruv'))
regex = re.compile("^4:.*:no:1$")
> assert regex.match(replica.get_attr_val_utf8('nsds5replicacleanruv'))
E AssertionError: assert None
E + where None = <built-in method match of re.Pattern object at 0x7fdbf358f570>('4:no:1:dc=example,dc=com')
E + where <built-in method match of re.Pattern object at 0x7fdbf358f570> = re.compile('^4:.*:no:1$').match
E + and '4:no:1:dc=example,dc=com' = <bound method DSLdapObject.get_attr_val_utf8 of <lib389.replica.Replica object at 0x7fdbf2d71e50>>('nsds5replicacleanruv')
E + where <bound method DSLdapObject.get_attr_val_utf8 of <lib389.replica.Replica object at 0x7fdbf2d71e50>> = <lib389.replica.Replica object at 0x7fdbf2d71e50>.get_attr_val_utf8

/export/tests/tickets/ticket49463_test.py:188: AssertionError
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39003, 'ldap-secureport': 63703, 'server-id': 'master3', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39004, 'ldap-secureport': 63704, 'server-id': 'master4', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:139 Creating replication topology. INFO  lib389.topologies:topologies.py:153 Joining master master2 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 INFO  lib389.topologies:topologies.py:153 Joining master master3 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 INFO  lib389.topologies:topologies.py:153 Joining master master4 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master2 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master3 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master4 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master3 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is was created INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master4 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is was created INFO  lib389.topologies:topologies.py:161 Ensuring master master3 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master3 to master2 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.topologies:topologies.py:161 Ensuring master master3 to master4 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is was created INFO  lib389.topologies:topologies.py:161 Ensuring master master4 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master4 to master2 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.topologies:topologies.py:161 Ensuring master master4 to master3 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is was created
-------------------------------Captured log call--------------------------------
INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 already exists INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is working INFO  lib389:agreement.py:1089 Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed INFO  lib389:agreement.py:1089 Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed INFO  lib389:agreement.py:1089 Agreement (cn=003,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed INFO  lib389:tasks.py:1383 cleanAllRUV task (task-04292020_225431) completed successfully INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39004 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389:agreement.py:1089 Agreement (cn=004,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed INFO  lib389:agreement.py:1089 Agreement (cn=004,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config) was successfully removed INFO  lib389:tasks.py:1383 cleanAllRUV task (task-04292020_225521) completed successfully INFO  lib389.utils:ticket49463_test.py:186 M1: nsds5ReplicaCleanRUV=4:no:1:dc=example,dc=com
XFailed suites/acl/userattr_test.py::test_mod_see_also_positive[(LEVEL_3, CHILDREN)]::setup 0.00
topo = <lib389.topologies.TopologyMain object at 0x7fdc01839bd0>

@pytest.fixture(scope="module")
def _add_user(topo):
"""
This function will create user for the test and in the end entries will be deleted .
"""
role_aci_body = '(targetattr=*)(version 3.0; aci "role aci"; allow(all)'
# Creating OUs
ous = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX)
ou_accounting = ous.create(properties={'ou': 'Accounting'})
ou_accounting.set('aci', [f'(target="ldap:///{ROLEDNACCESS}"){role_aci_body} '
f'userattr = "Description#ROLEDN";)',
f'(target="ldap:///{USERDNACCESS}"){role_aci_body} '
f'userattr = "Description#USERDN";)',
f'(target="ldap:///{GROUPDNACCESS}"){role_aci_body} '
f'userattr = "Description#GROUPDN";)',
f'(target="ldap:///{LDAPURLACCESS}"){role_aci_body} '
f'userattr = "Description#LDAPURL";)',
> f'(target="ldap:///{ATTRNAMEACCESS}"){role_aci_body} '
f'userattr = "Description#4612";)'])

suites/acl/userattr_test.py:70:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.7/site-packages/lib389/_mapped_object.py:448: in set
escapehatch='i am sure')
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:604: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:751: in result3
resp_ctrl_classes=resp_ctrl_classes
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:758: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.7/site-packages/lib389/__init__.py:180: in inner
return f(*args, **kwargs)
/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:331: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/local/lib64/python3.7/site-packages/ldap/compat.py:44: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fdc01646850>
func = <built-in method result4 of LDAP object at 0x7fdc019cd150>
args = (4, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_SYNTAX: {'desc': 'Invalid syntax', 'info': 'ACL Syntax Error(-5):(target=\\22ldap:///uid=ROLEDNACCESS,ou=Accounting,dc=example,dc=com\\22)(targetattr=\\2a)(version 3.0; aci \\22role aci\\22; allow(all) userattr = \\22Description#ROLEDN\\22;)\n'}

/usr/local/lib64/python3.7/site-packages/ldap/ldapobject.py:315: INVALID_SYNTAX
XFailed suites/config/config_test.py::test_defaultnamingcontext_1 0.27
topo = <lib389.topologies.TopologyMain object at 0x7fdc00fe9750>

@pytest.mark.xfail(reason="This may fail due to bug 1610234")
def test_defaultnamingcontext_1(topo):
"""This test case should be part of function test_defaultnamingcontext
Please move it back after we have a fix for bug 1610234
"""
log.info("Remove the original suffix which is currently nsslapd-defaultnamingcontext"
"and check nsslapd-defaultnamingcontext become empty.")

""" Please remove these declarations after moving the test
to function test_defaultnamingcontext
"""
backends = Backends(topo.standalone)
test_db2 = 'test2_db'
test_suffix2 = 'dc=test2,dc=com'
b2 = backends.create(properties={'cn': test_db2,
'nsslapd-suffix': test_suffix2})
b2.delete()
> assert topo.standalone.config.get_attr_val_utf8('nsslapd-defaultnamingcontext') == ' '
E AssertionError: assert 'dc=example,dc=com' == ' '
E Strings contain only whitespace, escaping them using repr()
E - ' '
E + 'dc=example,dc=com'

suites/config/config_test.py:278: AssertionError
-------------------------------Captured log call--------------------------------
INFO  tests.suites.config.config_test:config_test.py:266 Remove the original suffix which is currently nsslapd-defaultnamingcontextand check nsslapd-defaultnamingcontext become empty.
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_memberof_groups 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7fdc0326e610>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf98bc7d0>
base_m2 = <lib389.idm.nscontainer.nsContainer object at 0x7fdbf8c50bd0>

def test_memberof_groups(self, topology_m2, base_m2):
"""Check that conflict properly resolved for operations
with memberOf and groups

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb3
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Enable memberOf plugin
2. Add 30 users to m1 and wait for replication to happen
3. Pause replication
4. Create a group on m1 and m2
5. Create a group on m1 and m2, delete from m1
6. Create a group on m1, delete from m1, and create on m2,
7. Create a group on m2 and m1, delete from m1
8. Create two different groups on m2
9. Resume replication
10. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
9. It should pass
10. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:401: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_managed_entries 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7fdbf8c37590>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf98bc7d0>

def test_managed_entries(self, topology_m2):
"""Check that conflict properly resolved for operations
with managed entries

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb4
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Create ou=managed_users and ou=managed_groups under test container
2. Configure managed entries plugin and add a template to test container
3. Add a user to m1 and wait for replication to happen
4. Pause replication
5. Create a user on m1 and m2 with a same group ID on both master
6. Create a user on m1 and m2 with a different group ID on both master
7. Resume replication
8. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:492: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestTwoMasters::test_nested_entries_with_children 0.00
self = <tests.suites.replication.conflict_resolve_test.TestTwoMasters object at 0x7fdbf8f5be50>
topology_m2 = <lib389.topologies.TopologyMain object at 0x7fdbf98bc7d0>
base_m2 = <lib389.idm.nscontainer.nsContainer object at 0x7fdbf8bfd450>

def test_nested_entries_with_children(self, topology_m2, base_m2):
"""Check that conflict properly resolved for operations
with nested entries with children

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb5
:setup: Two master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Add 15 containers to m1 and wait for replication to happen
2. Pause replication
3. Create parent-child on master2 and master1
4. Create parent-child on master1 and master2
5. Create parent-child on master1 and master2 different child rdn
6. Create parent-child on master1 and delete parent on master2
7. Create parent on master1, delete it and parent-child on master2, delete them
8. Create parent on master1, delete it and parent-two children on master2
9. Create parent-two children on master1 and parent-child on master2, delete them
10. Create three subsets inside existing container entry, applying only part of changes on m2
11. Create more combinations of the subset with parent-child on m1 and parent on m2
12. Delete container on m1, modify user1 on m1, create parent on m2 and modify user2 on m2
13. Resume replication
14. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
9. It should pass
10. It should pass
11. It should pass
12. It should pass
13. It should pass
14. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:583: XFailed
XFailed suites/replication/conflict_resolve_test.py::TestThreeMasters::test_nested_entries 0.00
self = <tests.suites.replication.conflict_resolve_test.TestThreeMasters object at 0x7fdbf8c2f210>
topology_m3 = <lib389.topologies.TopologyMain object at 0x7fdbf8c54ad0>
base_m3 = <lib389.idm.nscontainer.nsContainer object at 0x7fdbf8b79310>

def test_nested_entries(self, topology_m3, base_m3):
"""Check that conflict properly resolved for operations
with nested entries with children

:id: 77f09b18-03d1-45da-940b-1ad2c2908eb6
:setup: Three master replication, test container for entries, enable plugin logging,
audit log, error log for replica and access log for internal
:steps:
1. Add 15 containers to m1 and wait for replication to happen
2. Pause replication
3. Create two child entries under each of two entries
4. Create three child entries under each of three entries
5. Create two parents on m1 and m2, then on m1 - create a child and delete one parent,
on m2 - delete one parent and create a child
6. Test a few more parent-child combinations with three instances
7. Resume replication
8. Check that the entries on both masters are the same and replication is working
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
8. It should pass
"""

> pytest.xfail("Issue 49591 - work in progress")
E _pytest.outcomes.XFailed: Issue 49591 - work in progress

suites/replication/conflict_resolve_test.py:796: XFailed
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 39003, 'ldap-secureport': 63703, 'server-id': 'master3', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389.topologies:topologies.py:139 Creating replication topology. INFO  lib389.topologies:topologies.py:153 Joining master master2 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 INFO  lib389.topologies:topologies.py:153 Joining master master3 to master1 ... INFO  lib389.replica:replica.py:1997 SUCCESS: bootstrap to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 completed INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is was created INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is was created INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is working INFO  lib389.replica:replica.py:2409 SUCCESS: Replication from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 is working INFO  lib389.replica:replica.py:2066 SUCCESS: joined master from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master2 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master1 to master3 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master2 to master3 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 is was created INFO  lib389.topologies:topologies.py:161 Ensuring master master3 to master1 ... INFO  lib389.replica:replica.py:2251 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39001 already exists INFO  lib389.topologies:topologies.py:161 Ensuring master master3 to master2 ... INFO  lib389.replica:replica.py:2278 SUCCESS: Agreement from ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-136-183.hosted.upshift.rdu2.redhat.com:39002 is was created
XFailed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaPort-0-65535-9999999999999999999999999999999999999999999999999999999999999999999-invalid-389] 0.05
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaPort', too_small = '0', too_big = '65535'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '389'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_add(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf94
:parametrized: yes
:setup: standalone instance
:steps:
1. Use a value that is too small
2. Use a value that is too big
3. Use a value that overflows the int
4. Use a value with character value (not a number)
5. Use a valid value
:expectedresults:
1. Add is rejected
2. Add is rejected
3. Add is rejected
4. Add is rejected
5. Add is allowed
"""

agmt_reset(topo)
replica = replica_setup(topo)

agmts = Agreements(topo.standalone, basedn=replica.dn)

# Test too small
perform_invalid_create(agmts, agmt_dict, attr, too_small)
# Test too big
> perform_invalid_create(agmts, agmt_dict, attr, too_big)

suites/replication/replica_config_test.py:217:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

many = <lib389.agreement.Agreements object at 0x7fdbf8ffc390>
properties = {'cn': 'test_agreement', 'nsDS5ReplicaBindDN': 'uid=tester', 'nsDS5ReplicaBindMethod': 'SIMPLE', 'nsDS5ReplicaHost': 'localhost.localdomain', ...}
attr = 'nsds5ReplicaPort', value = '65535'

def perform_invalid_create(many, properties, attr, value):
my_properties = copy.deepcopy(properties)
my_properties[attr] = value
with pytest.raises(ldap.LDAPError) as ei:
> many.create(properties=my_properties)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:108: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaPort-0-65535-9999999999999999999999999999999999999999999999999999999999999999999-invalid-389] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaPort', too_small = '0', too_big = '65535'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '389'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:parametrized: yes
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
> perform_invalid_modify(agmt, attr, too_small)

suites/replication/replica_config_test.py:253:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7fdbf8a4fc90>
attr = 'nsds5ReplicaPort', value = '0'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError) as ei:
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:113: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.14
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaTimeout', too_small = '-1', too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:parametrized: yes
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7fdbf8c8b590>
attr = 'nsds5ReplicaTimeout', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError) as ei:
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:113: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaBusyWaitTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.16
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaBusyWaitTime', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:parametrized: yes
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7fdbf9485ad0>
attr = 'nsds5ReplicaBusyWaitTime', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError) as ei:
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:113: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaSessionPauseTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaSessionPauseTime', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:parametrized: yes
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7fdbf8f97410>
attr = 'nsds5ReplicaSessionPauseTime', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError) as ei:
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:113: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaFlowControlWindow--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaFlowControlWindow', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:parametrized: yes
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7fdbf927c2d0>
attr = 'nsds5ReplicaFlowControlWindow', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError) as ei:
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:113: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaFlowControlPause--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaFlowControlPause', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:parametrized: yes
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7fdbf8e787d0>
attr = 'nsds5ReplicaFlowControlPause', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError) as ei:
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:113: Failed
XFailed suites/replication/replica_config_test.py::test_agmt_num_modify[nsds5ReplicaProtocolTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.15
topo = <lib389.topologies.TopologyMain object at 0x7fdbf9673950>
attr = 'nsds5ReplicaProtocolTimeout', too_small = '-1'
too_big = '9223372036854775807'
overflow = '9999999999999999999999999999999999999999999999999999999999999999999'
notnum = 'invalid', valid = '6'

@pytest.mark.xfail(reason="Agreement validation current does not work.")
@pytest.mark.parametrize("attr, too_small, too_big, overflow, notnum, valid", agmt_attrs)
def test_agmt_num_modify(topo, attr, too_small, too_big, overflow, notnum, valid):
"""Test all the number values you can set for a replica config entry

:id: a8b47d4a-a089-4d70-8070-e6181209bf95
:parametrized: yes
:setup: standalone instance
:steps:
1. Replace a value that is too small
2. Replace a value that is too big
3. Replace a value that overflows the int
4. Replace a value with character value (not a number)
5. Replace a vlue with a valid value
:expectedresults:
1. Value is rejected
2. Value is rejected
3. Value is rejected
4. Value is rejected
5. Value is allowed
"""

agmt = agmt_setup(topo)

# Value too small
perform_invalid_modify(agmt, attr, too_small)
# Value too big
> perform_invalid_modify(agmt, attr, too_big)

suites/replication/replica_config_test.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

o = <lib389.agreement.Agreement object at 0x7fdbf8cc6350>
attr = 'nsds5ReplicaProtocolTimeout', value = '9223372036854775807'

def perform_invalid_modify(o, attr, value):
with pytest.raises(ldap.LDAPError) as ei:
> o.replace(attr, value)
E Failed: DID NOT RAISE <class 'ldap.LDAPError'>

suites/replication/replica_config_test.py:113: Failed
XFailed suites/replication/ruvstore_test.py::test_memoryruv_sync_with_databaseruv 0.54
topo = <lib389.topologies.TopologyMain object at 0x7fdbf85c9250>

@pytest.mark.xfail(reason="No method to safety access DB ruv currently exists online.")
def test_memoryruv_sync_with_databaseruv(topo):
"""Check if memory ruv and database ruv are synced

:id: 5f38ac5f-6353-460d-bf60-49cafffda5b3
:setup: Replication with two masters.
:steps: 1. Add user to server and compare memory ruv and database ruv.
2. Modify description of user and compare memory ruv and database ruv.
3. Modrdn of user and compare memory ruv and database ruv.
4. Delete user and compare memory ruv and database ruv.
:expectedresults:
1. For add user, the memory ruv and database ruv should be the same.
2. For modify operation, the memory ruv and database ruv should be the same.
3. For modrdn operation, the memory ruv and database ruv should be the same.
4. For delete operation, the memory ruv and database ruv should be the same.
"""

log.info('Adding user: {} to master1'.format(TEST_ENTRY_NAME))
users = UserAccounts(topo.ms['master1'], DEFAULT_SUFFIX)
tuser = users.create(properties=USER_PROPERTIES)
> _compare_memoryruv_and_databaseruv(topo, 'add')

suites/replication/ruvstore_test.py:139:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topo = <lib389.topologies.TopologyMain object at 0x7fdbf85c9250>
operation_type = 'add'

def _compare_memoryruv_and_databaseruv(topo, operation_type):
"""Compare the memoryruv and databaseruv for ldap operations"""

log.info('Checking memory ruv for ldap: {} operation'.format(operation_type))
replicas = Replicas(topo.ms['master1'])
replica = replicas.list()[0]
memory_ruv = replica.get_attr_val_utf8('nsds50ruv')

log.info('Checking database ruv for ldap: {} operation'.format(operation_type))
> entry = replicas.get_ruv_entry(DEFAULT_SUFFIX)
E AttributeError: 'Replicas' object has no attribute 'get_ruv_entry'

suites/replication/ruvstore_test.py:81: AttributeError
-------------------------------Captured log call--------------------------------
INFO  tests.suites.replication.ruvstore_test:ruvstore_test.py:136 Adding user: rep2lusr to master1 INFO  tests.suites.replication.ruvstore_test:ruvstore_test.py:75 Checking memory ruv for ldap: add operation INFO  tests.suites.replication.ruvstore_test:ruvstore_test.py:80 Checking database ruv for ldap: add operation
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.18
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaBusyWaitTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.19
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaSessionPauseTime--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.17
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaFlowControlWindow--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.18
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaFlowControlPause--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.17
No log output captured.
XPassed suites/replication/replica_config_test.py::test_agmt_num_add[nsds5ReplicaProtocolTimeout--1-9223372036854775807-9999999999999999999999999999999999999999999999999999999999999999999-invalid-6] 0.18
No log output captured.
Skipped suites/auth_token/basic_auth_test.py::test_ldap_auth_token_config::setup 0.00
('suites/auth_token/basic_auth_test.py', 28, 'Skipped: Auth tokens are not available in older versions')
Skipped suites/auth_token/basic_auth_test.py::test_ldap_auth_token_nsuser::setup 0.00
('suites/auth_token/basic_auth_test.py', 75, 'Skipped: Auth tokens are not available in older versions')
Skipped suites/auth_token/basic_auth_test.py::test_ldap_auth_token_disabled::setup 0.00
('suites/auth_token/basic_auth_test.py', 144, 'Skipped: Auth tokens are not available in older versions')
Skipped suites/auth_token/basic_auth_test.py::test_ldap_auth_token_directory_manager::setup 0.00
('suites/auth_token/basic_auth_test.py', 194, 'Skipped: Auth tokens are not available in older versions')
Skipped suites/auth_token/basic_auth_test.py::test_ldap_auth_token_anonymous::setup 0.00
('suites/auth_token/basic_auth_test.py', 217, 'Skipped: Auth tokens are not available in older versions')
Skipped suites/config/regression_test.py::test_set_cachememsize_to_custom_value::setup 0.00
('suites/config/regression_test.py', 34, 'Skipped: available memory is too low')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_verify_operation_when_disk_monitoring_is_off::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 109, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_free_up_the_disk_space_and_change_ds_config::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 140, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_verify_operation_with_nsslapd_disk_monitoring_logging_critical_off::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 171, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_on_below_half_of_the_threshold::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 211, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_setting_nsslapd_disk_monitoring_logging_critical_to_off::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 240, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_off::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 258, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_operation_with_nsslapd_disk_monitoring_logging_critical_off_below_half_of_the_threshold::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 326, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_go_straight_below_half_of_the_threshold::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 402, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_readonly_on_threshold::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 457, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_readonly_on_threshold_below_half_of_the_threshold::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 500, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_below_half_of_the_threshold_not_starting_after_shutdown::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 551, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_go_straight_below_4kb::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 592, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_threshold_to_overflow_value::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 616, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_threshold_is_reached_to_half::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 636, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold--2]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-9223372036854775808]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-2047]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-0]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold--1294967296]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-threshold-invalid]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-invalid]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-1]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-00]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-525 948]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period--10]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-logging-critical-oninvalid]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period--11]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_negagtive_parameterize[nsslapd-disk-monitoring-grace-period-01]::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 662, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/disk_monitoring/disk_monitoring_test.py::test_valid_operations_are_permitted::setup 0.00
('suites/disk_monitoring/disk_monitoring_test.py', 695, 'Skipped: GSSAPI tests may damage system configuration.')
Skipped suites/filter/filterscanlimit_test.py::test_invalid_configuration::setup 0.00
('suites/filter/filterscanlimit_test.py', 172, 'Skipped: https://pagure.io/389-ds-base/issue/50201')
Skipped suites/memory_leaks/MMR_double_free_test.py::test_MMR_double_free::setup 0.00
('suites/memory_leaks/MMR_double_free_test.py', 67, "Skipped: Don't run if ASAN is not enabled")
Skipped suites/memory_leaks/range_search_test.py::test_range_search::setup 0.00
('suites/memory_leaks/range_search_test.py', 24, "Skipped: Don't run if ASAN is not enabled")
Skipped suites/migration/export_data_test.py::test_export_data_from_source_host::setup 0.00
('suites/migration/export_data_test.py', 24, 'Skipped: This test is meant to execute in specific test environment')
Skipped suites/migration/import_data_test.py::test_import_data_to_target_host::setup 0.00
('suites/migration/import_data_test.py', 24, 'Skipped: This test is meant to execute in specific test environment')
Skipped tickets/ticket47462_test.py::test_ticket47462::setup 0.00
('tickets/ticket47462_test.py', 39, 'Skipped: Upgrade scripts are supported only on versions < 1.4.x')
Skipped tickets/ticket47815_test.py::test_ticket47815::setup 0.00
('tickets/ticket47815_test.py', 26, 'Skipped: Not implemented, or invalid by nsMemberOf')
Skipped tickets/ticket49121_test.py::test_ticket49121::setup 0.00
('tickets/ticket49121_test.py', 32, "Skipped: Don't run if ASAN is not enabled")
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_EQ_ACI)] 0.05
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_PRES_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, REAL_SUB_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, ROLE_PRES_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, ROLE_SUB_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_EQ_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_PRES_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, COS_SUB_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_positive[(ENG_USER, ENG_MANAGER, LDAPURL_ACI)] 0.04
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, REAL_EQ_ACI)] 0.06
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_OU, REAL_PRES_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, REAL_SUB_ACI)] 0.06
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_EQ_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_PRES_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, ROLE_SUB_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_EQ_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_PRES_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, SALES_MANAGER, COS_SUB_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(SALES_UESER, SALES_MANAGER, LDAPURL_ACI)] 0.05
No log output captured.
Passed suites/acl/acivattr_test.py::test_negative[(ENG_USER, ENG_MANAGER, ROLE_EQ_ACI)] 0.05
No log output captured.
Passed suites/acl/acl_deny_test.py::test_multi_deny_aci 12.18
-------------------------------Captured log setup-------------------------------
INFO  lib389.topologies:topologies.py:106 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. INFO  lib389:acl_deny_test.py:39 Add uid=tuser1,ou=People,dc=example,dc=com INFO  lib389:acl_deny_test.py:50 Add uid=tuser,ou=People,dc=example,dc=com
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_deny_test.py:82 Pass 1 INFO  lib389:acl_deny_test.py:85 Testing two searches behave the same... INFO  lib389:acl_deny_test.py:128 Testing search does not return any entries... INFO  lib389:acl_deny_test.py:82 Pass 2 INFO  lib389:acl_deny_test.py:85 Testing two searches behave the same... INFO  lib389:acl_deny_test.py:128 Testing search does not return any entries... INFO  lib389:acl_deny_test.py:192 Test PASSED
Passed suites/acl/acl_test.py::test_mode_default_add_deny 0.01
-------------------------------Captured log setup-------------------------------
INFO  lib389:acl_test.py:234 ######## INITIALIZATION ######## INFO  lib389:acl_test.py:237 Add uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:247 Add cn=staged user,dc=example,dc=com INFO  lib389:acl_test.py:251 Add cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:255 Add cn=excepts,cn=accounts,dc=example,dc=com
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:287 ######## mode moddn_aci : ADD (should fail) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:295 Try to add cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:304 Exception (expected): INSUFFICIENT_ACCESS
Passed suites/acl/acl_test.py::test_mode_default_delete_deny 0.01
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:322 ######## DELETE (should fail) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:329 Try to delete cn=staged user,dc=example,dc=com INFO  lib389:acl_test.py:334 Exception (expected): INSUFFICIENT_ACCESS
Passed suites/acl/acl_test.py::test_moddn_staging_prod[0-cn=staged user,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.39
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (0) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account0,cn=staged user,dc=example,dc=com -> uid=new_account0,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account0,cn=staged user,dc=example,dc=com -> uid=new_account0,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[1-cn=staged user,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.49
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (1) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account1,cn=staged user,dc=example,dc=com -> uid=new_account1,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account1,cn=staged user,dc=example,dc=com -> uid=new_account1,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[2-cn=staged user,dc=example,dc=com-cn=bad*,dc=example,dc=com-True] 0.40
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (2) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account2,cn=staged user,dc=example,dc=com -> uid=new_account2,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account2,cn=staged user,dc=example,dc=com -> uid=new_account2,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:402 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[3-cn=st*,dc=example,dc=com-cn=accounts,dc=example,dc=com-False] 0.44
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (3) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account3,cn=staged user,dc=example,dc=com -> uid=new_account3,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account3,cn=staged user,dc=example,dc=com -> uid=new_account3,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[4-cn=bad*,dc=example,dc=com-cn=accounts,dc=example,dc=com-True] 0.40
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (4) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account4,cn=staged user,dc=example,dc=com -> uid=new_account4,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account4,cn=staged user,dc=example,dc=com -> uid=new_account4,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:402 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[5-cn=st*,dc=example,dc=com-cn=ac*,dc=example,dc=com-False] 0.37
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (5) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account5,cn=staged user,dc=example,dc=com -> uid=new_account5,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account5,cn=staged user,dc=example,dc=com -> uid=new_account5,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[6-None-cn=ac*,dc=example,dc=com-False] 0.36
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (6) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account6,cn=staged user,dc=example,dc=com -> uid=new_account6,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account6,cn=staged user,dc=example,dc=com -> uid=new_account6,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[7-cn=st*,dc=example,dc=com-None-False] 0.36
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369 ######## MOVE staging -> Prod (7) ######## INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:381 Try to MODDN uid=new_account7,cn=staged user,dc=example,dc=com -> uid=new_account7,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:388 Exception (expected): INSUFFICIENT_ACCESS INFO  lib389:acl_test.py:392 ######## MOVE to and from equality filter ######## INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com INFO  lib389:acl_test.py:399 Try to MODDN uid=new_account7,cn=staged user,dc=example,dc=com -> uid=new_account7,cn=accounts,dc=example,dc=com INFO  lib389:acl_test.py:134 Bind as cn=Directory Manager INFO  lib389:acl_test.py:140 Bind as uid=bind_entry,dc=example,dc=com
Passed suites/acl/acl_test.py::test_moddn_staging_prod[8-None-None-False] 0.40
-------------------------------Captured log call--------------------------------
INFO  lib389:acl_test.py:369