report.html

topo = <lib389.topologies.TopologyMain object at 0x7fc113810610>
add_user = None, aci_of_user = None

def test_access_from_certain_network_only_ip(topo, add_user, aci_of_user):
"""
User can access the data when connecting from certain network only as per the ACI.

:id: 4ec38296-7ac5-11e8-9816-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Turn access log buffering off to make less time consuming
topo.standalone.config.set('nsslapd-accesslog-logbuffering', 'off')

# Find the ip from ds logs , as we need to know the exact ip used by ds to run the instances.
# Wait till Access Log is generated
topo.standalone.restart()

# Add ACI
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
domain.add("aci", f'(target = "ldap:///{IP_OU_KEY}")(targetattr=\"*\")(version 3.0; aci "IP aci"; '
f'allow(all)userdn = "ldap:///{NETSCAPEIP_KEY}" and ip = "::1" ;)')

# create a new connection for the test
conn = UserAccount(topo.standalone, NETSCAPEIP_KEY).bind(PW_DM)
# Perform Operation
org = OrganizationalUnit(conn, IP_OU_KEY)
> org.replace("seeAlso", "cn=1")

suites/acl/keywords_part2_test.py:76:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113810eb0>
func = <built-in method result4 of LDAP object at 0x7fc11383c4b0>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=ip,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topo = <lib389.topologies.TopologyMain object at 0x7fc113810610>
add_user = None, aci_of_user = None

def test_connectin_from_an_unauthorized_network(topo, add_user, aci_of_user):
"""
User cannot access the data when connectin from an unauthorized network as per the ACI.

:id: 52d1ecce-7ac5-11e8-9ad9-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""

# Add ACI
domain = Domain(topo.standalone, DEFAULT_SUFFIX)
domain.add("aci", f'(target = "ldap:///{IP_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "IP aci"; '
f'allow(all) userdn = "ldap:///{NETSCAPEIP_KEY}" '
f'and ip != "::1" ;)')

# create a new connection for the test
conn = UserAccount(topo.standalone, NETSCAPEIP_KEY).bind(PW_DM)
# Perform Operation
org = OrganizationalUnit(conn, IP_OU_KEY)
with pytest.raises(ldap.INSUFFICIENT_ACCESS):
> org.replace("seeAlso", "cn=1")
E Failed: DID NOT RAISE <class 'ldap.INSUFFICIENT_ACCESS'>

suites/acl/keywords_part2_test.py:119: Failed

topo = <lib389.topologies.TopologyMain object at 0x7fc113810970>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_any_machine(
topo, add_user, aci_of_user
):
"""User can access the data when connecting from any machine as per the ACI.

:id: 28cbc008-7ac5-11e8-934e-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX)\
.add("aci", f'(target ="ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{FULLDNS_KEY}" and dns = "*" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, FULLDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:245:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113444100>
func = <built-in method result4 of LDAP object at 0x7fc1138ec840>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7fc113810970>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_internal_ds_network_only(
topo, add_user, aci_of_user
):
"""User can access the data when connecting from internal ICNC network only as per the ACI.

:id: 2cac2136-7ac5-11e8-8328-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
dns_name = socket.getfqdn()
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", [f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; '
f'allow(all) userdn = "ldap:///{SUNDNS_KEY}" and dns = "*redhat.com" ;)',
f'(target = "ldap:///{DNS_OU_KEY}")(targetattr="*")'
f'(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{SUNDNS_KEY}" and dns = "{dns_name}" ;)'])

# Create a new connection for this test.
conn = UserAccount(topo.standalone, SUNDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:277:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc11354c940>
func = <built-in method result4 of LDAP object at 0x7fc1138b21b0>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7fc113810970>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_some_network_only(
topo, add_user, aci_of_user
):
"""User can access the data when connecting from some network only as per the ACI.

:id: 3098512a-7ac5-11e8-af85-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
dns_name = socket.getfqdn()
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX)\
.add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" '
f'and dns = "{dns_name}" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, NETSCAPEDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:307:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113a226d0>
func = <built-in method result4 of LDAP object at 0x7fc113859ed0>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7fc113810970>
add_user = None, aci_of_user = None

def test_from_an_unauthorized_network(topo, add_user, aci_of_user):
"""User cannot access the data when connecting from an unauthorized network as per the ACI.

:id: 34cf9726-7ac5-11e8-bc12-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" and dns != "red.iplanet.com" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, NETSCAPEDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:333:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1139758e0>
func = <built-in method result4 of LDAP object at 0x7fc1138ec9c0>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7fc113810970>
add_user = None, aci_of_user = None

def test_user_cannot_access_the_data_when_connecting_from_an_unauthorized_network_2(
topo, add_user, aci_of_user):
"""User cannot access the data when connecting from an unauthorized network as per the ACI.

:id: 396bdd44-7ac5-11e8-8014-8c16451d917b
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" '
f'and dnsalias != "www.redhat.com" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, NETSCAPEDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:361:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1138e6bb0>
func = <built-in method result4 of LDAP object at 0x7fc113668a80>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7fc11383f3a0>

@pytest.mark.bz1851967
@pytest.mark.ds4112
@pytest.mark.skipif(ds_is_older('1.4.1'), reason="Not implemented")
def test_db_home_dir_online_backup(topo):
"""Test that if the dbhome directory is set causing an online backup to fail,
the dblayer_backup function should go to error processing section.

:id: cfc495d6-2a58-4e4e-aa40-39a15c71f973
:setup: Standalone Instance
:steps:
1. Change the dbhome to directory to eg-/tmp/test
2. Perform an online back-up
3. Check for the correct errors in the log
:expectedresults:
1. Success
2. Failure
3. Success
"""
bdb_ldbmconfig = BDB_LDBMConfig(topo.standalone)
dseldif = DSEldif(topo.standalone)
topo.standalone.stop()
with tempfile.TemporaryDirectory() as backup_dir:
dseldif.replace(bdb_ldbmconfig.dn, 'nsslapd-db-home-directory', f'{backup_dir}')
topo.standalone.start()
> topo.standalone.tasks.db2bak(backup_dir=f'{backup_dir}', args={TASK_WAIT: True})

suites/backups/backup_test.py:97:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc114340040>
backup_dir = '/tmp/tmpquvjhrp_', args = {'wait': True}

def db2bak(self, backup_dir=None, args=None):
'''
Perform a backup by creating a db2bak task

@param backup_dir - backup directory
@param args - is a dictionary that contains modifier of the task
wait: True/[False] - If True, waits for the completion of the
task before to return

@return exit code

@raise ValueError: if bename name does not exist
'''

# Checking the parameters
if not backup_dir:
raise ValueError("You must specify a backup directory.")

# build the task entry
cn = "backup_" + time.strftime("%m%d%Y_%H%M%S", time.localtime())
dn = "cn=%s,%s" % (cn, DN_BACKUP_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsArchiveDir': backup_dir,
'nsDatabaseType': 'ldbm database'
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the backup task (%s)", dn)
return -1

exitCode = 0
if args and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:630: ValueError

topology_st = <lib389.topologies.TopologyMain object at 0x7fc113ad04f0>
import_example_ldif = None

def test_basic_backup(topology_st, import_example_ldif):
"""Tests online and offline backup and restore

:id: 0e9d91f8-8748-40b6-ab03-fbd1998eb985

:setup: Standalone instance and import example.ldif

:steps:
1. Test online backup using db2bak.
2. Test online restore using bak2db.
3. Test offline backup using db2bak.
4. Test offline restore using bak2db.

:expectedresults:
1. Online backup should PASS.
2. Online restore should PASS.
3. Offline backup should PASS.
4. Offline restore should PASS.
"""

log.info('Running test_basic_backup...')

backup_dir = topology_st.standalone.get_bak_dir() + '/backup_test'

# Test online backup
try:
> topology_st.standalone.tasks.db2bak(backup_dir=backup_dir,
args={TASK_WAIT: True})

suites/basic/basic_test.py:356:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc1138e63a0>
backup_dir = '/var/lib/dirsrv/slapd-standalone1/bak/backup_test'
args = {'wait': True}

def db2bak(self, backup_dir=None, args=None):
'''
Perform a backup by creating a db2bak task

@param backup_dir - backup directory
@param args - is a dictionary that contains modifier of the task
wait: True/[False] - If True, waits for the completion of the
task before to return

@return exit code

@raise ValueError: if bename name does not exist
'''

# Checking the parameters
if not backup_dir:
raise ValueError("You must specify a backup directory.")

# build the task entry
cn = "backup_" + time.strftime("%m%d%Y_%H%M%S", time.localtime())
dn = "cn=%s,%s" % (cn, DN_BACKUP_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsArchiveDir': backup_dir,
'nsDatabaseType': 'ldbm database'
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the backup task (%s)", dn)
return -1

exitCode = 0
if args and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:630: ValueError

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7fc113ad04f0>
import_example_ldif = None

def test_basic_backup(topology_st, import_example_ldif):
"""Tests online and offline backup and restore

:id: 0e9d91f8-8748-40b6-ab03-fbd1998eb985

:setup: Standalone instance and import example.ldif

:steps:
1. Test online backup using db2bak.
2. Test online restore using bak2db.
3. Test offline backup using db2bak.
4. Test offline restore using bak2db.

:expectedresults:
1. Online backup should PASS.
2. Online restore should PASS.
3. Offline backup should PASS.
4. Offline restore should PASS.
"""

log.info('Running test_basic_backup...')

backup_dir = topology_st.standalone.get_bak_dir() + '/backup_test'

# Test online backup
try:
topology_st.standalone.tasks.db2bak(backup_dir=backup_dir,
args={TASK_WAIT: True})
except ValueError:
log.fatal('test_basic_backup: Online backup failed')
> assert False
E assert False

suites/basic/basic_test.py:360: AssertionError
-------------------------------Captured log call--------------------------------
CRITICAL tests.suites.basic.basic_test:basic_test.py:359 test_basic_backup: Online backup failed

topology_st = <lib389.topologies.TopologyMain object at 0x7fc113ad04f0>

def test_bind_invalid_entry(topology_st):
"""Test the failing bind does not return information about the entry

:id: 5cd9b083-eea6-426b-84ca-83c26fc49a6f

:setup: Standalone instance

:steps:
1: bind as non existing entry
2: check that bind info does not report 'No such entry'

:expectedresults:
1: pass
2: pass
"""

> topology_st.standalone.restart()

suites/basic/basic_test.py:1496:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1222: in restart
self.start(timeout, post_open)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1081: in start
subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT)
/usr/lib64/python3.9/subprocess.py:420: in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['systemctl', 'start', 'dirsrv@standalone1'],)
kwargs = {'stderr': -2, 'stdout': -1}
process = <Popen: returncode: 1 args: ['systemctl', 'start', 'dirsrv@standalone1']>
stdout = b'Job for dirsrv@standalone1.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@standalone1.service" and "journalctl -xe" for details.\n'
stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not None:
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads. communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
> raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['systemctl', 'start', 'dirsrv@standalone1']' returned non-zero exit status 1.

/usr/lib64/python3.9/subprocess.py:524: CalledProcessError

topo = <lib389.topologies.TopologyMain object at 0x7fc11354ef70>

def test_origins_with_extra_parenthesis(topo):
"""Test the custom schema with extra parenthesis in X-ORIGIN can be parsed
into JSON

:id: 4230f83b-0dc3-4bc4-a7a8-5ab0826a4f05
:setup: Standalone Instance
:steps:
1. Add attribute with X-ORIGIN that contains extra parenthesis
2. Querying for that attribute with JSON flag
:expectedresults:
1. Success
2. Success
"""

ATTR_NAME = 'testAttribute'
X_ORG_VAL = 'test (TEST)'
schema = Schema(topo.standalone)

# Add new attribute
parameters = {
'names': [ATTR_NAME],
'oid': '1.1.1.1.1.1.1.22222',
'desc': 'Test extra parenthesis in X-ORIGIN',
'x_origin': X_ORG_VAL,
'syntax': '1.3.6.1.4.1.1466.115.121.1.15',
'syntax_len': None,
'x_ordered': None,
'collective': None,
'obsolete': None,
'single_value': None,
'no_user_mod': None,
'equality': None,
'substr': None,
'ordering': None,
'usage': None,
'sup': None
}
> schema.add_attributetype(parameters)

suites/clu/schema_test.py:49:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/schema.py:321: in add_attributetype
return self._add_schema_object(parameters, AttributeType)
/usr/local/lib/python3.9/site-packages/lib389/schema.py:215: in _add_schema_object
return self.add(attr_name, str(schema_object))
/usr/lib64/python3.9/site-packages/ldap/schema/models.py:320: in __str__
result.append(self.key_list('X-ORIGIN',self.x_origin,quoted=1))
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <ldap.schema.models.AttributeType object at 0x7fc11502c4c0>
key = 'X-ORIGIN', values = 'test (TEST)', sep = ' ', quoted = 1

def key_list(self,key,values,sep=' ',quoted=0):
> assert type(values)==tuple,TypeError("values has to be a tuple, was %r" % values)
E AssertionError: values has to be a tuple, was 'test (TEST)'

/usr/lib64/python3.9/site-packages/ldap/schema/models.py:79: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topo = <lib389.topologies.TopologyMain object at 0x7fc1133880a0>, setup = None
reset_logs = None

@disk_monitoring_ack
def test_enable_external_libs_debug_log(topo, setup, reset_logs):
"""Check that OpenLDAP logs are successfully enabled and disabled when
disk threshold is reached

:id: 121b2b24-ecba-48e2-9ee2-312d929dc8c6
:setup: Standalone instance
:steps: 1. Set nsslapd-external-libs-debug-enabled to "on"
2. Go straight below 1/2 of the threshold
3. Verify that the external libs debug setting is disabled
4. Go back above 1/2 of the threshold
5. Verify that the external libs debug setting is enabled back
:expectedresults: 1. Success
2. Success
3. Success
4. Success
5. Success
"""
try:
# Verify that verbose logging was set to default level
assert topo.standalone.config.set('nsslapd-disk-monitoring', 'on')
assert topo.standalone.config.set('nsslapd-disk-monitoring-logging-critical', 'off')
> assert topo.standalone.config.set('nsslapd-external-libs-debug-enabled', 'on')

suites/disk_monitoring/disk_monitoring_test.py:162:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.config.Config object at 0x7fc114f7d9d0>
key = 'nsslapd-external-libs-debug-enabled', value = [b'on'], action = 2

def set(self, key, value, action=ldap.MOD_REPLACE):
"""Perform a specified action on a key with value

:param key: an attribute name
:type key: str
:param value: an attribute value
:type value: str
:param action: - ldap.MOD_REPLACE - by default
- ldap.MOD_ADD
- ldap.MOD_DELETE
:type action: int

:returns: result of modify_s operation
:raises: ValueError - if instance is not online
"""

if action == ldap.MOD_ADD:
action_txt = "ADD"
elif action == ldap.MOD_REPLACE:
action_txt = "REPLACE"
elif action == ldap.MOD_DELETE:
action_txt = "DELETE"
else:
# This should never happen (bug!)
action_txt = "UNKNOWN"

if value is None or len(value) < 512:
self._log.debug("%s set %s: (%r, %r)" % (self._dn, action_txt, key, display_log_value(key, value)))
else:
self._log.debug("%s set %s: (%r, value too large)" % (self._dn, action_txt, key))
if self._instance.state != DIRSRV_STATE_ONLINE:
raise ValueError("Invalid state. Cannot set properties on instance that is not ONLINE.")

if isinstance(value, list):
# value = map(lambda x: ensure_bytes(x), value)
value = ensure_list_bytes(value)
elif value is not None:
value = [ensure_bytes(value)]

> return self._instance.modify_ext_s(self._dn, [(action, key, value)],
serverctrls=self._server_controls, clientctrls=self._client_controls,
escapehatch='i am sure')

/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=config', [(2, 'nsslapd-external-libs-debug-enabled', [b'on'])])
kwargs = {'clientctrls': None, 'serverctrls': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113388550>, dn = 'cn=config'
modlist = [(2, 'nsslapd-external-libs-debug-enabled', [b'on'])]
serverctrls = None, clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (5,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113388550>, msgid = 5, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
> resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
resp_ctrl_classes=resp_ctrl_classes
)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (5, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113388550>, msgid = 5, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7fc113388030>, 5, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113388550>
func = <built-in method result4 of LDAP object at 0x7fc113388030>
args = (5, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'msgtype': 103, 'msgid': 5, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': [], 'info': 'Unknown attribute nsslapd-external-libs-debug-enabled will be ignored'})
exc_traceback = <traceback object at 0x7fc113ab7f80>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/lib64/python3.9/site-packages/ldap/compat.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113388550>
func = <built-in method result4 of LDAP object at 0x7fc113388030>
args = (5, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'msgtype': 103, 'msgid': 5, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': [], 'info': 'Unknown attribute nsslapd-external-libs-debug-enabled will be ignored'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topo = <lib389.topologies.TopologyMain object at 0x7fc1133880a0>, setup = None
reset_logs = None

@disk_monitoring_ack
def test_enable_external_libs_debug_log(topo, setup, reset_logs):
"""Check that OpenLDAP logs are successfully enabled and disabled when
disk threshold is reached

:id: 121b2b24-ecba-48e2-9ee2-312d929dc8c6
:setup: Standalone instance
:steps: 1. Set nsslapd-external-libs-debug-enabled to "on"
2. Go straight below 1/2 of the threshold
3. Verify that the external libs debug setting is disabled
4. Go back above 1/2 of the threshold
5. Verify that the external libs debug setting is enabled back
:expectedresults: 1. Success
2. Success
3. Success
4. Success
5. Success
"""
try:
# Verify that verbose logging was set to default level
assert topo.standalone.config.set('nsslapd-disk-monitoring', 'on')
assert topo.standalone.config.set('nsslapd-disk-monitoring-logging-critical', 'off')
assert topo.standalone.config.set('nsslapd-external-libs-debug-enabled', 'on')
assert topo.standalone.config.set('nsslapd-errorlog-level', '8')
topo.standalone.restart()
subprocess.call(['dd', 'if=/dev/zero', 'of={}/foo'.format(topo.standalone.ds_paths.log_dir), 'bs=1M', 'count={}'.format(HALF_THR_FILL_SIZE)])
# Verify that logging is disabled
_withouterrorlog(topo, "topo.standalone.config.get_attr_val_utf8('nsslapd-external-libs-debug-enabled') != 'off'", 31)
finally:
> os.remove('{}/foo'.format(topo.standalone.ds_paths.log_dir))
E FileNotFoundError: [Errno 2] No such file or directory: '/var/log/dirsrv/slapd-standalone1/foo'

suites/disk_monitoring/disk_monitoring_test.py:169: FileNotFoundError

topology_st = <lib389.topologies.TopologyMain object at 0x7fc113cdb460>

def test_enable_external_libs_debug_log(topology_st):
"""Check that OpenLDAP logs are successfully enabled and disabled

:id: b04646e3-9a5e-45ae-ad81-2882c1daf23e
:setup: Standalone instance
:steps: 1. Create a user to bind on
2. Set nsslapd-external-libs-debug-enabled to "on"
3. Clean the error log
4. Bind as the user to generate OpenLDAP output
5. Restart the servers to flush the logs
6. Check the error log for OpenLDAP debug log
7. Set nsslapd-external-libs-debug-enabled to "on"
8. Clean the error log
9. Bind as the user to generate OpenLDAP output
10. Restart the servers to flush the logs
11. Check the error log for OpenLDAP debug log
:expectedresults: 1. Success
2. Success
3. Success
4. Success
5. Success
6. Logs are present
7. Success
8. Success
9. Success
10. Success
11. No logs are present
"""

standalone = topology_st.standalone

log.info('Create a user to bind on')
users = UserAccounts(standalone, DEFAULT_SUFFIX)
user = users.ensure_state(properties={
'uid': 'test_audit_log',
'cn': 'test',
'sn': 'user',
'uidNumber': '1000',
'gidNumber': '1000',
'homeDirectory': '/home/test',
'userPassword': PASSWORD
})

log.info('Set nsslapd-external-libs-debug-enabled to "on"')
> standalone.config.set('nsslapd-external-libs-debug-enabled', 'on')

suites/ds_logs/ds_logs_test.py:1084:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc113cdba90>
func = <built-in method result4 of LDAP object at 0x7fc113529d80>
args = (7, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'msgtype': 103, 'msgid': 7, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': [], 'info': 'Unknown attribute nsslapd-external-libs-debug-enabled will be ignored'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: UNWILLING_TO_PERFORM
-------------------------------Captured log call--------------------------------
INFO tests.suites.ds_logs.ds_logs_test:ds_logs_test.py:1071 Create a user to bind on INFO tests.suites.ds_logs.ds_logs_test:ds_logs_test.py:1083 Set nsslapd-external-libs-debug-enabled to "on"

topo_m4 = <lib389.topologies.TopologyMain object at 0x7fc114905100>

def test_replicated_multivalued_entries(topo_m4):
"""Replicated multivalued entries are ordered the same way on all consumers

:id: 7bf9a34c-e764-11e8-928c-8c16451d917b
:setup: 4 Instances with replication
:steps:
1. Replicated multivalued entries are ordered the same way on all consumers
:expected results:
1. Should success
"""
# This test case checks that replicated multivalued entries are
# ordered the same way on all consumers
users = UserAccounts(topo_m4.ms["master1"], DEFAULT_SUFFIX)
repl = ReplicationManager(DEFAULT_SUFFIX)
user_properties = {
"uid": "test_replicated_multivalued_entries",
"cn": "test_replicated_multivalued_entries",
"sn": "test_replicated_multivalued_entries",
"userpassword": "test_replicated_multivalued_entries",
"uidNumber": "1001",
"gidNumber": "2002",
"homeDirectory": "/home/{}".format("test_replicated_multivalued_entries"),
}
users.create(properties=user_properties)
testuser = users.get("test_replicated_multivalued_entries")
testuser.set("mail", ["test1", "test2", "test3"])
# Now we check the entry on each consumer, making sure the order of the
# multi-valued mail attribute is the same on all server instances
repl.wait_for_replication(topo_m4.ms["master4"], topo_m4.ms["master1"])
> assert topo_m4.ms["master1"].search_s("uid=test_replicated_multivalued_entries,ou=People,dc=example,dc=com",
ldap.SCOPE_SUBTREE, '(objectclass=*)', ['mail']) == topo_m4.ms[
"master2"].search_s("uid=test_replicated_multivalued_entries,ou=People,dc=example,dc=com",
ldap.SCOPE_SUBTREE, '(objectclass=*)', ['mail']) == topo_m4.ms["master3"].search_s(
"uid=test_replicated_multivalued_entries,ou=People,dc=example,dc=com", ldap.SCOPE_SUBTREE, '(objectclass=*)',
['mail']) == topo_m4.ms["master4"].search_s(
"uid=test_replicated_multivalued_entries,ou=People,dc=example,dc=com", ldap.SCOPE_SUBTREE, '(objectclass=*)',
['mail'])

suites/fourwaymmr/fourwaymmr_test.py:177:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:864: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:147: in inner
objtype, data = f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:756: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:760: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1030b3d90>
func = <built-in method result4 of LDAP object at 0x7fc102d39d20>
args = (45, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'msgtype': 101, 'msgid': 45, 'result': 32, 'desc': 'No such object', 'ctrls': [], 'matched': 'ou=People,dc=example,dc=com'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: NO_SUCH_OBJECT
-------------------------------Captured log call--------------------------------
INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39004 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is NOT working (expect 2b50841b-4c0b-4add-9223-cfdf2e036e6f / got description=8b67f421-d5a1-4507-8e80-27ad731e977c) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39004 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is working

topology_st = <lib389.topologies.TopologyMain object at 0x7fc1024b7100>

@pytest.mark.ds50873
@pytest.mark.bz1685160
@pytest.mark.xfail(ds_is_older("1.4.1"), reason="Not implemented")
def test_healthcheck_certif_expiring_within_30d(topology_st):
"""Check if HealthCheck returns DSCERTLE0001 code

:id: c2165032-88ba-4978-a4ca-2fecfd8c35d8
:setup: Standalone instance
:steps:
1. Create DS instance
2. Use libfaketime to tell the process the date is within 30 days before certificate expiration
3. Use HealthCheck without --json option
4. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Healthcheck reports DSCERTLE0001 code and related details
4. Healthcheck reports DSCERTLE0001 code and related details
"""

RET_CODE = 'DSCERTLE0001'

standalone = topology_st.standalone

standalone.enable_tls()

# Cert is valid two years from today, so we count the date that is within 30 days before certificate expiration
date_future = datetime.now() + timedelta(days=701)

with libfaketime.fake_time(date_future):
time.sleep(1)
> run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=False)

suites/healthcheck/health_security_test.py:304:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology = <lib389.topologies.TopologyMain object at 0x7fc1024b7100>
instance = <lib389.DirSrv object at 0x7fc1024b7340>
searched_code = 'DSCERTLE0001', json = False, searched_code2 = None

def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searched_code2=None):
args = FakeArgs()
args.instance = instance.serverid
args.verbose = instance.verbose
args.list_errors = False
args.list_checks = False
args.check = ['config', 'encryption', 'tls', 'fschecks']
args.dry_run = False

if json:
log.info('Use healthcheck with --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
assert topology.logcap.contains(searched_code)
log.info('Healthcheck returned searched code: %s' % searched_code)

if searched_code2 is not None:
assert topology.logcap.contains(searched_code2)
log.info('Healthcheck returned searched code: %s' % searched_code2)
else:
log.info('Use healthcheck without --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
> assert topology.logcap.contains(searched_code)
E AssertionError: assert False
E + where False = <bound method LogCapture.contains of <LogCapture (NOTSET)>>('DSCERTLE0001')
E + where <bound method LogCapture.contains of <LogCapture (NOTSET)>> = <LogCapture (NOTSET)>.contains
E + where <LogCapture (NOTSET)> = <lib389.topologies.TopologyMain object at 0x7fc1024b7100>.logcap

suites/healthcheck/health_security_test.py:67: AssertionError
-------------------------------Captured log call--------------------------------
INFO LogCapture:health.py:94 Beginning lint report, this could take a while ... INFO LogCapture:health.py:99 Checking config:hr_timestamp ... INFO LogCapture:health.py:99 Checking config:passwordscheme ... INFO LogCapture:health.py:99 Checking encryption:check_tls_version ... INFO LogCapture:health.py:99 Checking tls:certificate_expiration ... INFO LogCapture:health.py:99 Checking fschecks:file_perms ... INFO LogCapture:health.py:106 Healthcheck complete. INFO LogCapture:health.py:111 No issues found.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc1024b7100>

@pytest.mark.ds50873
@pytest.mark.bz1685160
@pytest.mark.xfail(ds_is_older("1.4.1"), reason="Not implemented")
def test_healthcheck_certif_expired(topology_st):
"""Check if HealthCheck returns DSCERTLE0002 code

:id: ceff2c22-62c0-4fd9-b737-930a88458d68
:setup: Standalone instance
:steps:
1. Create DS instance
2. Use libfaketime to tell the process the date is after certificate expiration
3. Use HealthCheck without --json option
4. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Healthcheck reports DSCERTLE0002 code and related details
4. Healthcheck reports DSCERTLE0002 code and related details
"""

RET_CODE = 'DSCERTLE0002'

standalone = topology_st.standalone

standalone.enable_tls()

# Cert is valid two years from today, so we count the date that is after expiration
date_future = datetime.now() + timedelta(days=731)

with libfaketime.fake_time(date_future):
time.sleep(1)
> run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=False)

suites/healthcheck/health_security_test.py:343:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology = <lib389.topologies.TopologyMain object at 0x7fc1024b7100>
instance = <lib389.DirSrv object at 0x7fc1024b7340>
searched_code = 'DSCERTLE0002', json = False, searched_code2 = None

def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searched_code2=None):
args = FakeArgs()
args.instance = instance.serverid
args.verbose = instance.verbose
args.list_errors = False
args.list_checks = False
args.check = ['config', 'encryption', 'tls', 'fschecks']
args.dry_run = False

if json:
log.info('Use healthcheck with --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
assert topology.logcap.contains(searched_code)
log.info('Healthcheck returned searched code: %s' % searched_code)

if searched_code2 is not None:
assert topology.logcap.contains(searched_code2)
log.info('Healthcheck returned searched code: %s' % searched_code2)
else:
log.info('Use healthcheck without --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
> assert topology.logcap.contains(searched_code)
E AssertionError: assert False
E + where False = <bound method LogCapture.contains of <LogCapture (NOTSET)>>('DSCERTLE0002')
E + where <bound method LogCapture.contains of <LogCapture (NOTSET)>> = <LogCapture (NOTSET)>.contains
E + where <LogCapture (NOTSET)> = <lib389.topologies.TopologyMain object at 0x7fc1024b7100>.logcap

suites/healthcheck/health_security_test.py:67: AssertionError
-------------------------------Captured log call--------------------------------
INFO LogCapture:health.py:94 Beginning lint report, this could take a while ... INFO LogCapture:health.py:99 Checking config:hr_timestamp ... INFO LogCapture:health.py:99 Checking config:passwordscheme ... INFO LogCapture:health.py:99 Checking encryption:check_tls_version ... INFO LogCapture:health.py:99 Checking tls:certificate_expiration ... INFO LogCapture:health.py:99 Checking fschecks:file_perms ... INFO LogCapture:health.py:106 Healthcheck complete. INFO LogCapture:health.py:119 2 Issues found! Generating report ... INFO LogCapture:health.py:45 [1] DS Lint Error: DSCERTLE0001 INFO LogCapture:health.py:46 -------------------------------------------------------------------------------- INFO LogCapture:health.py:47 Severity: MEDIUM INFO LogCapture:health.py:49 Check: tls:certificate_expiration INFO LogCapture:health.py:50 Affects: INFO LogCapture:health.py:52 -- Expiring Certificate INFO LogCapture:health.py:53 Details: INFO LogCapture:health.py:54 ----------- INFO LogCapture:health.py:55 The certificate (Self-Signed-CA) will expire in less than 30 days INFO LogCapture:health.py:56 Resolution: INFO LogCapture:health.py:57 ----------- INFO LogCapture:health.py:58 Renew the certificate before it expires to prevent disruptions with TLS connections. INFO LogCapture:health.py:45 [2] DS Lint Error: DSCERTLE0001 INFO LogCapture:health.py:46 -------------------------------------------------------------------------------- INFO LogCapture:health.py:47 Severity: MEDIUM INFO LogCapture:health.py:49 Check: tls:certificate_expiration INFO LogCapture:health.py:50 Affects: INFO LogCapture:health.py:52 -- Expiring Certificate INFO LogCapture:health.py:53 Details: INFO LogCapture:health.py:54 ----------- INFO LogCapture:health.py:55 The certificate (Server-Cert) will expire in less than 30 days INFO LogCapture:health.py:56 Resolution: INFO LogCapture:health.py:57 ----------- INFO LogCapture:health.py:58 Renew the certificate before it expires to prevent disruptions with TLS connections. INFO LogCapture:health.py:124 ===== End Of Report (2 Issues found) =====

topo = <lib389.topologies.TopologyMain object at 0x7fc1025a1eb0>
_import_clean = None

def test_online_import_with_warning(topo, _import_clean):
"""
Import an ldif file with syntax errors, verify skipped entry warning code

:id: 5bf75c47-a283-430e-a65c-3c5fd8dbadb8
:setup: Standalone Instance
:steps:
1. Create standalone Instance
2. Create an ldif file with an entry that violates syntax check (empty givenname)
3. Online import of troublesome ldif file
:expected results:
1. Successful import with skipped entry warning
"""
topo.standalone.restart()

import_task = ImportTask(topo.standalone)
import_ldif1 = _create_syntax_err_ldif(topo)

# Importing the offending ldif file - online
import_task.import_suffix_from_ldif(ldiffile=import_ldif1, suffix=DEFAULT_SUFFIX)

# There is just a single entry in this ldif
import_task.wait(5)

# Check for the task nsTaskWarning attr, make sure its set to skipped entry code
> assert import_task.present('nstaskwarning')
E AssertionError: assert False
E + where False = <bound method DSLdapObject.present of <lib389.tasks.ImportTask object at 0x7fc10263edf0>>('nstaskwarning')
E + where <bound method DSLdapObject.present of <lib389.tasks.ImportTask object at 0x7fc10263edf0>> = <lib389.tasks.ImportTask object at 0x7fc10263edf0>.present

suites/import/import_test.py:237: AssertionError

topo = <lib389.topologies.TopologyMain object at 0x7fc1025a1eb0>
_import_clean = None

def test_ldif2db_syntax_check(topo, _import_clean):
"""ldif2db should return a warning when a skipped entry has occured.
:id: 85e75670-42c5-4062-9edc-7f117c97a06f
:setup:
1. Standalone Instance
2. Ldif entry that violates syntax check rule (empty givenname)
:steps:
1. Create an ldif file which violates the syntax checking rule
2. Stop the server and import ldif file with ldif2db
:expected results:
1. ldif2db import returns a warning to signify skipped entries
"""
import_ldif1 = _create_syntax_err_ldif(topo)
# Import the offending LDIF data - offline
topo.standalone.stop()
ret = topo.standalone.ldif2db('userRoot', None, None, None, import_ldif1)
> assert ret == TaskWarning.WARN_SKIPPED_IMPORT_ENTRY
E assert True == <TaskWarning....PORT_ENTRY: 8>
E +True
E -<TaskWarning.WARN_SKIPPED_IMPORT_ENTRY: 8>

suites/import/import_test.py:301: AssertionErrordef finofaci():
accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
> for i in accounts.filter('(uid=*)'):

suites/import/import_test.py:64:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1249: in filter
results = self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:864: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:147: in inner
objtype, data = f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:756: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:760: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1025a1e20>
func = <built-in method result4 of LDAP object at 0x7fc102fd7180>
args = (6, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN

topo = <lib389.topologies.TopologyMain object at 0x7fc1025a1eb0>
_import_clean = None

def test_issue_a_warning_if_the_cache_size_is_smaller(topo, _import_clean):
"""Report during startup if nsslapd-cachememsize is too small

:id: 1aa8cbda-9c0e-11ea-9297-8c16451d917b
:setup: Standalone Instance
:steps:
1. Set nsslapd-cache-autosize to 0
2. Change cachememsize
3. Check that cachememsize is sufficiently small
4. Import some users to make id2entry.db big
5. Warning message should be there in error logs
:expected results:
1. Operation successful
2. Operation successful
3. Operation successful
4. Operation successful
5. Operation successful
"""
config = LDBMConfig(topo.standalone)
> backend = Backends(topo.standalone).list()[0]

suites/import/import_test.py:324:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1094: in list
results = self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1025a1e20>
func = <built-in method search_ext of LDAP object at 0x7fc102fd7180>
args = ('cn=ldbm database,cn=plugins,cn=config', 2, '(&(objectclass=nsBackendInstance))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWNdef finofaci():
accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
> for i in accounts.filter('(uid=*)'):

suites/import/import_test.py:64:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1249: in filter
results = self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1025a1e20>
func = <built-in method search_ext of LDAP object at 0x7fc102fd7180>
args = ('dc=example,dc=com', 2, '(&(|(objectclass=nsAccount)(objectclass=nsPerson)(objectclass=simpleSecurityObject)(objectcl...Account)(objectclass=shadowAccount)(objectclass=posixGroup)(objectclass=mailRecipient))(uid=*))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN

topo = <lib389.topologies.TopologyMain object at 0x7fc1025a1eb0>
_import_clean = None

@pytest.mark.bz175063
def test_entry_with_escaped_characters_fails_to_import_and_index(topo, _import_clean):
"""If missing entry_id is found, skip it and continue reading the primary db to be re indexed.

:id: 358c938c-9c0e-11ea-adbc-8c16451d917b
:setup: Standalone Instance
:steps:
1. Import the example data from ldif.
2. Remove some of the other entries that were successfully imported.
3. Now re-index the database.
4. Should not return error.
:expected results:
1. Operation successful
2. Operation successful
3. Operation successful
4. Operation successful
"""
# Import the example data from ldif
> _import_offline(topo, 10)

suites/import/import_test.py:430:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/import/import_test.py:82: in _import_offline
_check_users_before_test(topo, no_no)
suites/import/import_test.py:49: in _check_users_before_test
assert len(accounts.filter('(uid=*)')) < no_no
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1249: in filter
results = self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1025a1e20>
func = <built-in method search_ext of LDAP object at 0x7fc102fd7180>
args = ('dc=example,dc=com', 2, '(&(|(objectclass=nsAccount)(objectclass=nsPerson)(objectclass=simpleSecurityObject)(objectcl...Account)(objectclass=shadowAccount)(objectclass=posixGroup)(objectclass=mailRecipient))(uid=*))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWNdef finofaci():
accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
> for i in accounts.filter('(uid=*)'):

suites/import/import_test.py:64:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1249: in filter
results = self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1025a1e20>
func = <built-in method search_ext of LDAP object at 0x7fc102fd7180>
args = ('dc=example,dc=com', 2, '(&(|(objectclass=nsAccount)(objectclass=nsPerson)(objectclass=simpleSecurityObject)(objectcl...Account)(objectclass=shadowAccount)(objectclass=posixGroup)(objectclass=mailRecipient))(uid=*))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN

topo = <lib389.topologies.TopologyMain object at 0x7fc1025a1eb0>

def test_import_perf_after_failure(topo):
"""Make an import fail by specifying the wrong LDIF file name, then
try the import with the correct name. Make sure the import performance
is what we expect.

:id: d21dc67f-475e-402a-be9e-3eeb9181c156
:setup: Standalone Instance
:steps:
1. Build LDIF file
2. Import invalid LDIF filename
3. Import valid LDIF filename
4. Import completes in a timely manner
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""

ldif_dir = topo.standalone.get_ldif_dir()
import_ldif = ldif_dir + '/perf_import.ldif'
bad_import_ldif = ldif_dir + '/perf_import_typo.ldif'

# Build LDIF file
dbgen_users(topo.standalone, 30000, import_ldif, DEFAULT_SUFFIX)

# Online import which fails
import_task = ImportTask(topo.standalone)
> import_task.import_suffix_from_ldif(ldiffile=bad_import_ldif, suffix=DEFAULT_SUFFIX)

suites/import/import_test.py:474:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/tasks.py:351: in import_suffix_from_ldif
self.create(properties=_properties)
/usr/local/lib/python3.9/site-packages/lib389/tasks.py:118: in create
return super(Task, self).create(rdn, properties, basedn)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:972: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:947: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:175: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:424: in add_ext_s
msgid = self.add_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:177: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:421: in add_ext
return self._ldap_call(self._l.add_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1025a1e20>
func = <built-in method add_ext of LDAP object at 0x7fc102fd7180>
args = ('cn=import_2020-12-28T20:18:16.803784,cn=import,cn=tasks,cn=config', [('objectclass', [b'top', b'extensibleObject']),...ludeSuffix', [b'dc=example,dc=com']), ('ttl', [b'86400']), ('cn', [b'import_2020-12-28T20:18:16.803784'])], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN

topo = <lib389.topologies.TopologyMain object at 0x7fc1024b7790>

def test_invalid_mt(topo):
"""Test that you can not add a new suffix/mapping tree
that does not already have the backend entry created.

:id: caabd407-f541-4695-b13f-8f92af1112a0
:setup: Standalone Instance
:steps:
1. Create a new suffix that specifies an existing backend which has a
different suffix.
2. Create a suffix that has no backend entry at all.
:expectedresults:
1. Should fail with UNWILLING_TO_PERFORM
1. Should fail with UNWILLING_TO_PERFORM
"""

bad_suffix = 'dc=does,dc=not,dc=exist'
mts = MappingTrees(topo.standalone)

properties = {
'cn': bad_suffix,
'nsslapd-state': 'backend',
'nsslapd-backend': 'userroot',
}
with pytest.raises(ldap.UNWILLING_TO_PERFORM):
> mts.create(properties=properties)
E Failed: DID NOT RAISE <class 'ldap.UNWILLING_TO_PERFORM'>

suites/mapping_tree/acceptance_test.py:51: Failed
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc102bfb700>

@pytest.mark.skipif(ds_is_older('1.4.3'), reason="Not implemented")
def test_migrate_openldap_slapdd(topology_st):
"""

:id: e9748040-90a0-4d69-bdde-007104f75cc5
:setup: Data directory with an openldap config directory.
:steps:
1. Parse the configuration
2. Execute a full migration plan

:expectedresults:
1. Success
2. Success
"""

inst = topology_st.standalone
config_path = os.path.join(DATADIR1, 'slapd.d')
config = olConfig(config_path)
ldifs = {
"dc=example,dc=com": os.path.join(DATADIR1, 'example_com.slapcat.ldif'),
"dc=example,dc=net": os.path.join(DATADIR1, 'example_net.slapcat.ldif'),
}

migration = Migration(config, inst, ldifs)

print("==== migration plan ====")
print(migration.__unicode__())
print("==== end migration plan ====")

> migration.execute_plan()

suites/openldap_2_389/migrate_test.py:76:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/migrate/plan.py:662: in execute_plan
item.post(self.inst)
/usr/local/lib/python3.9/site-packages/lib389/migrate/plan.py:92: in post
be.reindex(wait=True)
/usr/local/lib/python3.9/site-packages/lib389/backend.py:753: in reindex
reindex_task.reindex(benamebase=bename, attrname=attrs, args=args)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc1031cee80>
suffix = 'dc=example,dc=com', benamebase = 'userRoot', attrname = None
args = {'wait': True}, vlv = False

def reindex(self, suffix=None, benamebase=None, attrname=None, args=None, vlv=False):
'''
Reindex a 'suffix' (or 'benamebase' that stores that suffix) for a
given 'attrname'. It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

:param suffix - suffix of the backend
:param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
:param attrname - attribute name
:param args - is a dictionary that contains modifier of the reindex
task
wait: True/[False] - If True, 'index' waits for the completion
of the task before to return
:param vlv - this task is to reindex a VLV index

:return None

:raise ValueError - if invalid missing benamebase and suffix or invalid
benamebase
:raise LDAPError if unable to search for index names

'''
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

# If backend name was provided, retrieve the suffix
if benamebase:
ents = self.conn.mappingtree.list(bename=benamebase)
if len(ents) != 1:
raise ValueError("invalid backend name: %s" % benamebase)

attr_suffix = MT_PROPNAME_TO_ATTRNAME[MT_SUFFIX]
if not ents[0].hasAttr(attr_suffix):
raise ValueError(
"invalid backend name: %s, or entry without %s" %
(benamebase, attr_suffix))

suffix = ensure_str(ents[0].getValue(attr_suffix))

backend = None
entries_backend = self.conn.backends.list()
for be in entries_backend:
be_suffix = ensure_str(be.get_attr_val_utf8_l('nsslapd-suffix')).lower()
if be_suffix == suffix.lower():
backend = be.get_attr_val_utf8_l('cn')
if backend is None:
raise ValueError("Failed to find backaned matching the suffix")

attrs = []
if vlv:
# We are indexing a VLV index/sort.
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)
cn = "index_vlv_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexVLVAttribute': attrs,
'nsInstance': backend
})
else:
if attrname is None:
#
# Reindex all attributes - gather them first...
#
cn = "index_all_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = ('cn=%s,cn=ldbm database,cn=plugins,cn=config' % backend)
try:
indexes = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, '(objectclass=nsIndex)')
for index in indexes:
attrs.append(ensure_str(index.getValue('cn')))
except ldap.LDAPError as e:
raise e
else:
#
# Reindex specific attributes
#
cn = "index_attrs_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)

dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexAttribute': attrs,
'nsInstance': backend
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the index task for %s", attrname)
return -1

exitCode = 0
if args is not None and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:809: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
------------------------------Captured stdout call------------------------------
==== migration plan ==== SchemaAttributeCreate -> ('pseudonym',) SchemaAttributeCreate -> ('email', 'emailAddress', 'pkcs9email') SchemaAttributeCreate -> ('textEncodedORAddress',) SchemaAttributeUnsupported -> ('otherMailbox',) SchemaAttributeCreate -> ('aRecord',) SchemaAttributeCreate -> ('mDRecord',) SchemaAttributeCreate -> ('mXRecord',) SchemaAttributeCreate -> ('nSRecord',) SchemaAttributeCreate -> ('sOARecord',) SchemaAttributeCreate -> ('cNAMERecord',) SchemaAttributeCreate -> ('janetMailbox',) SchemaAttributeCreate -> ('mailPreferenceOption',) SchemaAttributeUnsupported -> ('dSAQuality',) SchemaAttributeUnsupported -> ('singleLevelQuality',) SchemaAttributeUnsupported -> ('subtreeMinimumQuality',) SchemaAttributeUnsupported -> ('subtreeMaximumQuality',) SchemaAttributeCreate -> ('personalSignature',) SchemaAttributeCreate -> ('suseDefaultBase',) SchemaAttributeCreate -> ('suseNextUniqueId',) SchemaAttributeCreate -> ('suseMinUniqueId',) SchemaAttributeCreate -> ('suseMaxUniqueId',) SchemaAttributeCreate -> ('suseDefaultTemplate',) SchemaAttributeCreate -> ('suseSearchFilter',) SchemaAttributeCreate -> ('suseDefaultValue',) SchemaAttributeCreate -> ('suseNamingAttribute',) SchemaAttributeCreate -> ('suseSecondaryGroup',) SchemaAttributeCreate -> ('suseMinPasswordLength',) SchemaAttributeCreate -> ('suseMaxPasswordLength',) SchemaAttributeCreate -> ('susePasswordHash',) SchemaAttributeCreate -> ('suseSkelDir',) SchemaAttributeCreate -> ('susePlugin',) SchemaAttributeCreate -> ('suseMapAttribute',) SchemaAttributeCreate -> ('suseImapServer',) SchemaAttributeCreate -> ('suseImapAdmin',) SchemaAttributeCreate -> ('suseImapDefaultQuota',) SchemaAttributeCreate -> ('suseImapUseSsl',) SchemaClassUnsupported -> 0.9.2342.19200300.100.4.4 ('pilotPerson', 'newPilotPerson') may -> ('userid', 'textEncodedORAddress', 'rfc822Mailbox', 'favouriteDrink', 'roomNumber', 'userClass', 'homeTelephoneNumber', 'homePostalAddress', 'secretary', 'personalTitle', 'preferredDeliveryMethod', 'businessCategory', 'janetMailbox', 'otherMailbox', 'mobileTelephoneNumber', 'pagerTelephoneNumber', 'organizationalStatus', 'mailPreferenceOption', 'personalSignature') must -> () sup -> ('person',) SchemaClassCreate -> 0.9.2342.19200300.100.4.15 ('dNSDomain',) may -> ('ARecord', 'MDRecord', 'MXRecord', 'NSRecord', 'SOARecord', 'CNAMERecord') must -> () sup -> ('domain',) SchemaClassCreate -> 0.9.2342.19200300.100.4.20 ('pilotOrganization',) may -> ('buildingName',) must -> () sup -> ('organization', 'organizationalUnit') SchemaClassUnsupported -> 0.9.2342.19200300.100.4.21 ('pilotDSA',) may -> ('dSAQuality',) must -> () sup -> ('dsa',) SchemaClassUnsupported -> 0.9.2342.19200300.100.4.22 ('qualityLabelledData',) may -> ('subtreeMinimumQuality', 'subtreeMaximumQuality') must -> ('dsaQuality',) sup -> ('top',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:2 ('suseModuleConfiguration',) may -> ('suseDefaultBase',) must -> ('cn',) sup -> ('top',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:3 ('suseUserConfiguration',) may -> ('suseMinPasswordLength', 'suseMaxPasswordLength', 'susePasswordHash', 'suseSkelDir', 'suseNextUniqueId', 'suseMinUniqueId', 'suseMaxUniqueId', 'suseDefaultTemplate', 'suseSearchFilter', 'suseMapAttribute') must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:4 ('suseObjectTemplate',) may -> ('susePlugin', 'suseDefaultValue', 'suseNamingAttribute') must -> ('cn',) sup -> ('top',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:5 ('suseUserTemplate',) may -> ('suseSecondaryGroup',) must -> ('cn',) sup -> ('suseObjectTemplate',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:6 ('suseGroupTemplate',) may -> () must -> ('cn',) sup -> ('suseObjectTemplate',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:7 ('suseGroupConfiguration',) may -> ('suseNextUniqueId', 'suseMinUniqueId', 'suseMaxUniqueId', 'suseDefaultTemplate', 'suseSearchFilter', 'suseMapAttribute') must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:8 ('suseCaConfiguration',) may -> () must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:9 ('suseDnsConfiguration',) may -> () must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:10 ('suseDhcpConfiguration',) may -> () must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:11 ('suseMailConfiguration',) may -> () must -> ('suseImapServer', 'suseImapAdmin', 'suseImapDefaultQuota', 'suseImapUseSsl') sup -> ('suseModuleConfiguration',) DatabaseReindex -> dc=example,dc=com PluginMemberOfEnable PluginMemberOfScope -> dc=example,dc=com PluginMemberOfFixup -> dc=example,dc=com PluginRefintEnable PluginRefintAttributes -> member PluginRefintAttributes -> memberOf PluginRefintScope -> dc=example,dc=com PluginUniqueConfigure -> dc=example,dc=com, mail 401a528e-eaf5-1039-8667-dbfbf2f5e6dd PluginUniqueConfigure -> dc=example,dc=com, uid 401a528e-eaf5-1039-8667-dbfbf2f5e6dd DatabaseCreate -> dc=example,dc=net, 401a7084-eaf5-1039-866c-dbfbf2f5e6dd DatabaseIndexCreate -> objectClass eq, dc=example,dc=net DatabaseReindex -> dc=example,dc=net PluginMemberOfEnable PluginMemberOfScope -> dc=example,dc=net PluginMemberOfFixup -> dc=example,dc=net PluginUniqueConfigure -> dc=example,dc=net, mail 401a7084-eaf5-1039-866c-dbfbf2f5e6dd PluginUniqueConfigure -> dc=example,dc=net, uid 401a7084-eaf5-1039-866c-dbfbf2f5e6dd DatabaseLdifImport -> dc=example,dc=com /export/tests/suites/openldap_2_389/../../data/openldap_2_389/1/example_com.slapcat.ldif DatabaseLdifImport -> dc=example,dc=net /export/tests/suites/openldap_2_389/../../data/openldap_2_389/1/example_net.slapcat.ldif ==== end migration plan ====
-------------------------------Captured log call--------------------------------
INFO lib389.migrate.openldap.config:config.py:264 Examining OpenLDAP Configuration ... INFO lib389.migrate.openldap.config:config.py:285 Completed OpenLDAP Configuration Parsing. INFO lib389.migrate.plan:plan.py:656 migration: 1 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 2 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 3 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 4 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 5 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 6 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 7 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 8 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 9 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 10 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 11 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 12 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 13 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 14 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 15 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 16 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 17 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 18 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 19 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 20 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 21 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 22 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 23 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 24 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 25 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 26 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 27 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 28 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 29 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 30 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 31 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 32 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 33 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 34 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 35 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 36 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 37 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 38 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 39 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 40 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 41 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 42 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 43 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 44 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 45 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 46 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 47 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 48 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 49 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 50 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 51 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 52 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 53 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 54 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 55 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 56 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 57 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 58 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 59 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 60 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 61 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 62 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 63 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 64 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 65 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 66 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 67 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 68 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 69 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 70 / 71 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 71 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 1 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 2 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 3 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 4 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 5 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 6 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 7 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 8 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 9 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 10 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 11 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 12 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 13 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 14 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 15 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 16 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 17 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 18 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 19 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 20 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 21 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 22 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 23 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 24 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 25 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 26 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 27 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 28 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 29 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 30 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 31 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 32 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 33 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 34 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 35 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 36 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 37 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 38 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 39 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 40 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 41 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 42 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 43 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 44 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 45 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 46 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 47 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 48 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 49 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 50 / 71 complete ... INFO lib389.migrate.plan:plan.py:663 post: 51 / 71 complete ...

topology_st = <lib389.topologies.TopologyMain object at 0x7fc102bfb700>

@pytest.mark.skipif(ds_is_older('1.4.3'), reason="Not implemented")
def test_migrate_openldap_slapdd_skip_elements(topology_st):
"""

:id: d5e16aeb-6810-423b-b5e0-f89e0596292e
:setup: Data directory with an openldap config directory.
:steps:
1. Parse the configuration
2. Execute a migration with skipped elements

:expectedresults:
1. Success
2. Success
"""

inst = topology_st.standalone
config_path = os.path.join(DATADIR1, 'slapd.d')
config = olConfig(config_path)
ldifs = {
"dc=example,dc=com": os.path.join(DATADIR1, 'example_com.slapcat.ldif'),
}

# 1.3.6.1.4.1.5322.13.1.1 is namedObject, so check that isn't there

migration = Migration(config, inst, ldifs,
skip_schema_oids=['1.3.6.1.4.1.5322.13.1.1'],
skip_overlays=[olOverlayType.UNIQUE],
)

print("==== migration plan ====")
print(migration.__unicode__())
print("==== end migration plan ====")

> migration.execute_plan()

suites/openldap_2_389/migrate_test.py:117:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/migrate/plan.py:662: in execute_plan
item.post(self.inst)
/usr/local/lib/python3.9/site-packages/lib389/migrate/plan.py:92: in post
be.reindex(wait=True)
/usr/local/lib/python3.9/site-packages/lib389/backend.py:753: in reindex
reindex_task.reindex(benamebase=bename, attrname=attrs, args=args)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc1024ac0d0>
suffix = 'dc=example,dc=com', benamebase = 'userRoot', attrname = None
args = {'wait': True}, vlv = False

def reindex(self, suffix=None, benamebase=None, attrname=None, args=None, vlv=False):
'''
Reindex a 'suffix' (or 'benamebase' that stores that suffix) for a
given 'attrname'. It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

:param suffix - suffix of the backend
:param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
:param attrname - attribute name
:param args - is a dictionary that contains modifier of the reindex
task
wait: True/[False] - If True, 'index' waits for the completion
of the task before to return
:param vlv - this task is to reindex a VLV index

:return None

:raise ValueError - if invalid missing benamebase and suffix or invalid
benamebase
:raise LDAPError if unable to search for index names

'''
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

# If backend name was provided, retrieve the suffix
if benamebase:
ents = self.conn.mappingtree.list(bename=benamebase)
if len(ents) != 1:
raise ValueError("invalid backend name: %s" % benamebase)

attr_suffix = MT_PROPNAME_TO_ATTRNAME[MT_SUFFIX]
if not ents[0].hasAttr(attr_suffix):
raise ValueError(
"invalid backend name: %s, or entry without %s" %
(benamebase, attr_suffix))

suffix = ensure_str(ents[0].getValue(attr_suffix))

backend = None
entries_backend = self.conn.backends.list()
for be in entries_backend:
be_suffix = ensure_str(be.get_attr_val_utf8_l('nsslapd-suffix')).lower()
if be_suffix == suffix.lower():
backend = be.get_attr_val_utf8_l('cn')
if backend is None:
raise ValueError("Failed to find backaned matching the suffix")

attrs = []
if vlv:
# We are indexing a VLV index/sort.
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)
cn = "index_vlv_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexVLVAttribute': attrs,
'nsInstance': backend
})
else:
if attrname is None:
#
# Reindex all attributes - gather them first...
#
cn = "index_all_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = ('cn=%s,cn=ldbm database,cn=plugins,cn=config' % backend)
try:
indexes = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, '(objectclass=nsIndex)')
for index in indexes:
attrs.append(ensure_str(index.getValue('cn')))
except ldap.LDAPError as e:
raise e
else:
#
# Reindex specific attributes
#
cn = "index_attrs_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)

dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexAttribute': attrs,
'nsInstance': backend
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the index task for %s", attrname)
return -1

exitCode = 0
if args is not None and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:809: ValueError
------------------------------Captured stdout call------------------------------
==== migration plan ==== SchemaAttributeUnsupported -> ('otherMailbox',) SchemaAttributeUnsupported -> ('dSAQuality',) SchemaAttributeUnsupported -> ('singleLevelQuality',) SchemaAttributeUnsupported -> ('subtreeMinimumQuality',) SchemaAttributeUnsupported -> ('subtreeMaximumQuality',) SchemaAttributeCreate -> ('suseDefaultBase',) SchemaAttributeCreate -> ('suseNextUniqueId',) SchemaAttributeCreate -> ('suseMinUniqueId',) SchemaAttributeCreate -> ('suseMaxUniqueId',) SchemaAttributeCreate -> ('suseDefaultTemplate',) SchemaAttributeCreate -> ('suseSearchFilter',) SchemaAttributeCreate -> ('suseDefaultValue',) SchemaAttributeCreate -> ('suseNamingAttribute',) SchemaAttributeCreate -> ('suseSecondaryGroup',) SchemaAttributeCreate -> ('suseMinPasswordLength',) SchemaAttributeCreate -> ('suseMaxPasswordLength',) SchemaAttributeCreate -> ('susePasswordHash',) SchemaAttributeCreate -> ('suseSkelDir',) SchemaAttributeCreate -> ('susePlugin',) SchemaAttributeCreate -> ('suseMapAttribute',) SchemaAttributeCreate -> ('suseImapServer',) SchemaAttributeCreate -> ('suseImapAdmin',) SchemaAttributeCreate -> ('suseImapDefaultQuota',) SchemaAttributeCreate -> ('suseImapUseSsl',) SchemaClassUnsupported -> 0.9.2342.19200300.100.4.4 ('pilotPerson', 'newPilotPerson') may -> ('userid', 'textEncodedORAddress', 'rfc822Mailbox', 'favouriteDrink', 'roomNumber', 'userClass', 'homeTelephoneNumber', 'homePostalAddress', 'secretary', 'personalTitle', 'preferredDeliveryMethod', 'businessCategory', 'janetMailbox', 'otherMailbox', 'mobileTelephoneNumber', 'pagerTelephoneNumber', 'organizationalStatus', 'mailPreferenceOption', 'personalSignature') must -> () sup -> ('person',) SchemaClassInconsistent -> ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SUP organization STRUCTURAL MAY buildingName X-ORIGIN 'user defined' ) to 0.9.2342.19200300.100.4.20 ('pilotOrganization',) may -> ('buildingName',) must -> () sup -> ('organization', 'organizationalUnit') SchemaClassUnsupported -> 0.9.2342.19200300.100.4.21 ('pilotDSA',) may -> ('dSAQuality',) must -> () sup -> ('dsa',) SchemaClassUnsupported -> 0.9.2342.19200300.100.4.22 ('qualityLabelledData',) may -> ('subtreeMinimumQuality', 'subtreeMaximumQuality') must -> ('dsaQuality',) sup -> ('top',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:2 ('suseModuleConfiguration',) may -> ('suseDefaultBase',) must -> ('cn',) sup -> ('top',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:3 ('suseUserConfiguration',) may -> ('suseMinPasswordLength', 'suseMaxPasswordLength', 'susePasswordHash', 'suseSkelDir', 'suseNextUniqueId', 'suseMinUniqueId', 'suseMaxUniqueId', 'suseDefaultTemplate', 'suseSearchFilter', 'suseMapAttribute') must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:4 ('suseObjectTemplate',) may -> ('susePlugin', 'suseDefaultValue', 'suseNamingAttribute') must -> ('cn',) sup -> ('top',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:5 ('suseUserTemplate',) may -> ('suseSecondaryGroup',) must -> ('cn',) sup -> ('suseObjectTemplate',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:6 ('suseGroupTemplate',) may -> () must -> ('cn',) sup -> ('suseObjectTemplate',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:7 ('suseGroupConfiguration',) may -> ('suseNextUniqueId', 'suseMinUniqueId', 'suseMaxUniqueId', 'suseDefaultTemplate', 'suseSearchFilter', 'suseMapAttribute') must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:8 ('suseCaConfiguration',) may -> () must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:9 ('suseDnsConfiguration',) may -> () must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:10 ('suseDhcpConfiguration',) may -> () must -> () sup -> ('suseModuleConfiguration',) SchemaClassCreate -> SUSE.YaST.ModuleConfig.OC:11 ('suseMailConfiguration',) may -> () must -> ('suseImapServer', 'suseImapAdmin', 'suseImapDefaultQuota', 'suseImapUseSsl') sup -> ('suseModuleConfiguration',) DatabaseReindex -> dc=example,dc=com PluginMemberOfEnable PluginMemberOfScope -> dc=example,dc=com PluginMemberOfFixup -> dc=example,dc=com PluginRefintEnable PluginRefintAttributes -> member PluginRefintAttributes -> memberOf PluginRefintScope -> dc=example,dc=com PluginUniqueConfigure -> dc=example,dc=com, mail 401a528e-eaf5-1039-8667-dbfbf2f5e6dd PluginUniqueConfigure -> dc=example,dc=com, uid 401a528e-eaf5-1039-8667-dbfbf2f5e6dd DatabaseReindex -> dc=example,dc=net PluginMemberOfEnable PluginMemberOfScope -> dc=example,dc=net PluginMemberOfFixup -> dc=example,dc=net PluginUniqueConfigure -> dc=example,dc=net, mail 401a7084-eaf5-1039-866c-dbfbf2f5e6dd PluginUniqueConfigure -> dc=example,dc=net, uid 401a7084-eaf5-1039-866c-dbfbf2f5e6dd DatabaseLdifImport -> dc=example,dc=com /export/tests/suites/openldap_2_389/../../data/openldap_2_389/1/example_com.slapcat.ldif ==== end migration plan ====
-------------------------------Captured log call--------------------------------
INFO lib389.migrate.openldap.config:config.py:264 Examining OpenLDAP Configuration ... INFO lib389.migrate.openldap.config:config.py:285 Completed OpenLDAP Configuration Parsing. INFO lib389.migrate.plan:plan.py:656 migration: 1 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 2 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 3 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 4 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 5 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 6 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 7 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 8 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 9 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 10 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 11 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 12 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 13 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 14 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 15 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 16 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 17 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 18 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 19 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 20 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 21 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 22 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 23 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 24 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 25 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 26 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 27 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 28 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 29 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 30 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 31 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 32 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 33 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 34 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 35 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 36 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 37 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 38 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 39 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 40 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 41 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 42 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 43 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 44 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 45 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 46 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 47 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 48 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 49 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 50 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 51 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 52 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 53 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 54 / 55 complete ... INFO lib389.migrate.plan:plan.py:656 migration: 55 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 1 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 2 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 3 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 4 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 5 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 6 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 7 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 8 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 9 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 10 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 11 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 12 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 13 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 14 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 15 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 16 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 17 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 18 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 19 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 20 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 21 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 22 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 23 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 24 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 25 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 26 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 27 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 28 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 29 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 30 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 31 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 32 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 33 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 34 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 35 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 36 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 37 / 55 complete ... INFO lib389.migrate.plan:plan.py:663 post: 38 / 55 complete ...

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101f82160>

@pytest.mark.skipif(ds_is_older('1.4.3'), reason="Not implemented")
def test_migrate_openldap_password_hash(topology_st):
"""Test import of an openldap password value into the directory and assert
it can bind.

:id: e4898e0d-5d18-4765-9249-84bcbf862fde
:setup: Standalone Instance
:steps:
1. Import a hash
2. Attempt a bind
3. Goto 1

:expectedresults:
1. Success
2. Success
3. Success
"""
inst = topology_st.standalone
inst.config.set('nsslapd-allow-hashed-passwords', 'on')

# You generate these with:
# slappasswd -s password -o module-load=/usr/lib64/openldap/pw-argon2.so -h {ARGON2}
pwds = [
'{CRYPT}ZZKRwXSu3tt8s',
'{SSHA}jdALDtX0+MVMkRsX0ilHz0O6Uos95D4s',
'{MD5}X03MO1qnZdYdgyfeuILPmQ==',
'{SMD5}RnexgcsjdBHMQ1yhB7+sD+a+qDI=',
'{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=',
'{SHA256}XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=',
'{SSHA256}covFryM35UrKB3gMYxtYpQYTHbTn5kFphjcNHewfj581SLJwjA9jew==',
'{SHA384}qLZLq9CsqRpZvbt3YbQh1PK7OCgNOnW6DyHyvrxFWD1EbFmGYMlM5oDEfRnDB4On',
'{SSHA384}kNjTWdmyy2G1IgJF8WrOpq0N//Yc2Ec5TIQYceuiuHQXRXpC1bfnMqyOx0NxrSREjBWDwUpqXjo=',
'{SHA512}sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg==',
'{SSHA512}+7A8kA32q4mCBao4Cbatdyzl5imVwJ62ZAE7UOTP4pfrF90E9R2LabOfJFzx6guaYhTmUEVK2wRKC8bToqspdeTluX2d1BX2',
# Need to check --
'{PBKDF2}10000$IlfapjA351LuDSwYC0IQ8Q$saHqQTuYnjJN/tmAndT.8mJt.6w',
'{PBKDF2-SHA1}10000$ZBEH6B07rgQpJSikyvMU2w$TAA03a5IYkz1QlPsbJKvUsTqNV',
'{PBKDF2-SHA256}10000$henZGfPWw79Cs8ORDeVNrQ$1dTJy73v6n3bnTmTZFghxHXHLsAzKaAy8SksDfZBPIw',
'{PBKDF2-SHA512}10000$Je1Uw19Bfv5lArzZ6V3EPw$g4T/1sqBUYWl9o93MVnyQ/8zKGSkPbKaXXsT8WmysXQJhWy8MRP2JFudSL.N9RklQYgDPxPjnfum/F2f/TrppA',
# '{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$IyTQMsvzB2JHDiWx8fq7Ew$VhYOA7AL0kbRXI5g2kOyyp8St1epkNj7WZyUY4pAIQQ',
]

accounts = nsUserAccounts(inst, basedn=DEFAULT_SUFFIX)
account = accounts.create(properties={
'uid': 'pw_migrate_test_user',
'cn': 'pw_migrate_test_user',
'displayName': 'pw_migrate_test_user',
'uidNumber': '12345',
'gidNumber': '12345',
'homeDirectory': '/var/empty',
})

for pwhash in pwds:
inst.log.debug(f"Attempting -> {pwhash}")
account.set('userPassword', pwhash)
> nconn = account.bind('password')

suites/openldap_2_389/password_migrate_test.py:73:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/idm/account.py:212: in bind
inst_clone.open(*args, **kwargs)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1027: in open
raise e
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1020: in open
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:455: in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1024ac880>
func = <built-in method result4 of LDAP object at 0x7fc1026ce930>
args = (1, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': [], 'info': 'Invalid credentials'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INVALID_CREDENTIALS
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101fb02b0>
create_user = <lib389.idm.user.UserAccount object at 0x7fc101fb0d90>
aci_subject = 'dns = "localhost.localdomain"'

@pytest.mark.parametrize('aci_subject',
('dns = "{}"'.format(HOSTNAME),
'ip = "{}"'.format(IP_ADDRESS)),
ids=['fqdn','ip'])
def test_search_dns_ip_aci(topology_st, create_user, aci_subject):
"""Verify that after performing multiple simple paged searches
to completion on the suffix with DNS or IP based ACI

:id: bbfddc46-a8c8-49ae-8c90-7265d05b22a9
:parametrized: yes
:setup: Standalone instance, test user for binding,
varying number of users for the search base
:steps:
1. Back up and remove all previous ACI from suffix
2. Add an anonymous ACI for DNS check
3. Bind as test user
4. Search through added users with a simple paged control
5. Perform steps 4 three times in a row
6. Return ACI to the initial state
7. Go through all steps once again, but use IP subject dn
instead of DNS
:expectedresults:
1. Operation should be successful
2. Anonymous ACI should be successfully added
3. Bind should be successful
4. No error happens, all users should be found and sorted
5. Results should remain the same
6. ACI should be successfully returned
7. Results should be the same with ACI with IP subject dn
"""

users_num = 100
page_size = 5
users_list = add_users(topology_st, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']

try:
log.info('Back up current suffix ACI')
acis_bck = topology_st.standalone.aci.list(DEFAULT_SUFFIX, ldap.SCOPE_BASE)

log.info('Add test ACI')
ACI_TARGET = '(targetattr != "userPassword")'
ACI_ALLOW = '(version 3.0;acl "Anonymous access within domain"; allow (read,compare,search)'
ACI_SUBJECT = '(userdn = "ldap:///anyone") and (%s);)' % aci_subject
ACI_BODY = ensure_bytes(ACI_TARGET + ACI_ALLOW + ACI_SUBJECT)
topology_st.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_REPLACE, 'aci', ACI_BODY)])
log.info('Set user bind')
conn = create_user.bind(TEST_USER_PWD, uri=f'ldap://{IP_ADDRESS}:{topology_st.standalone.port}')

log.info('Create simple paged results control instance')
req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]

log.info('Initiate three searches with a paged results control')
for ii in range(3):
log.info('%d search' % (ii + 1))
all_results = paged_search(conn, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
log.info('%d results' % len(all_results))
> assert len(all_results) == len(users_list)
E assert 0 == 100
E +0
E -100

suites/paged_results/paged_results_test.py:569: AssertionError
-------------------------------Captured log call--------------------------------
INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:133 Adding 100 users INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:547 Back up current suffix ACI INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:550 Add test ACI INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:556 Set user bind INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:559 Create simple paged results control instance INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:563 Initiate three searches with a paged results control INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:565 1 search INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:191 Running simple paged result search with - search suffix: dc=example,dc=com; filter: (uid=test*); attr list ['dn', 'sn']; page_size = 5; controls: [<ldap.controls.libldap.SimplePagedResultsControl object at 0x7fc1026c1700>]. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 0 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:568 0 results INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:573 Restore ACI INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:155 Deleting 100 users

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101fb02b0>
create_user = <lib389.idm.user.UserAccount object at 0x7fc101fb0d90>
conf_attr_values = ('5000', '120', '122'), expected_rs = 'PASS'

@pytest.mark.parametrize('conf_attr_values,expected_rs',
((('5000', '100', '100'), ldap.ADMINLIMIT_EXCEEDED),
(('5000', '120', '122'), 'PASS')))
def test_search_paged_limits(topology_st, create_user, conf_attr_values, expected_rs):
"""Verify that nsslapd-idlistscanlimit and
nsslapd-lookthroughlimit can limit the administrator
search abilities.

:id: e0f8b916-7276-4bd3-9e73-8696a4468811
:parametrized: yes
:setup: Standalone instance, test user for binding,
10 users for the search base
:steps:
1. Set nsslapd-sizelimit and nsslapd-pagedsizelimit to 5000
2. Set nsslapd-idlistscanlimit: 120
3. Set nsslapd-lookthroughlimit: 122
4. Bind as test user
5. Search through added users with a simple paged control
using page_size = 10
6. Bind as Directory Manager
7. Set nsslapd-idlistscanlimit: 100
8. Set nsslapd-lookthroughlimit: 100
9. Bind as test user
10. Search through added users with a simple paged control
using page_size = 10
:expectedresults:
1. nsslapd-sizelimit and nsslapd-pagedsizelimit
should be successfully set
2. nsslapd-idlistscanlimit should be successfully set
3. nsslapd-lookthroughlimit should be successfully set
4. Bind should be successful
5. No error happens, all users should be found
6. Bind should be successful
7. nsslapd-idlistscanlimit should be successfully set
8. nsslapd-lookthroughlimit should be successfully set
9. Bind should be successful
10. It should throw ADMINLIMIT_EXCEEDED exception
"""

users_num = 101
page_size = 10
users_list = add_users(topology_st, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
size_attr_bck = change_conf_attr(topology_st, DN_CONFIG, 'nsslapd-sizelimit', conf_attr_values[0])
pagedsize_attr_bck = change_conf_attr(topology_st, DN_CONFIG, 'nsslapd-pagedsizelimit', conf_attr_values[0])
idlistscan_attr_bck = change_conf_attr(topology_st, 'cn=config,%s' % DN_LDBM, 'nsslapd-idlistscanlimit', conf_attr_values[1])
lookthrough_attr_bck = change_conf_attr(topology_st, 'cn=config,%s' % DN_LDBM, 'nsslapd-lookthroughlimit', conf_attr_values[2])

try:
log.info('Set user bind')
conn = create_user.bind(TEST_USER_PWD)

req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]

if expected_rs == ldap.ADMINLIMIT_EXCEEDED:
log.info('Expect to fail with ADMINLIMIT_EXCEEDED')
with pytest.raises(expected_rs):
all_results = paged_search(conn, DEFAULT_SUFFIX, controls, search_flt, searchreq_attrlist)
elif expected_rs == 'PASS':
log.info('Expect to pass')
> all_results = paged_search(conn, DEFAULT_SUFFIX, controls, search_flt, searchreq_attrlist)

suites/paged_results/paged_results_test.py:901:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/paged_results/paged_results_test.py:200: in paged_search
rtype, rdata, rmsgid, rctrls = conn.result3(msgid)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc102a2ea00>
func = <built-in method result4 of LDAP object at 0x7fc10259e120>
args = (12, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ADMINLIMIT_EXCEEDED: {'msgtype': 100, 'msgid': 12, 'result': 11, 'desc': 'Administrative limit exceeded', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: ADMINLIMIT_EXCEEDED
-------------------------------Captured log call--------------------------------
INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:133 Adding 101 users INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-sizelimit to 5000. Previous value - b'2000'. Modified suffix - cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-pagedsizelimit to 5000. Previous value - b'0'. Modified suffix - cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-idlistscanlimit to 120. Previous value - b'4000'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-lookthroughlimit to 122. Previous value - b'5000'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:889 Set user bind INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:900 Expect to pass INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:191 Running simple paged result search with - search suffix: dc=example,dc=com; filter: (uid=test*); attr list ['dn', 'sn']; page_size = 10; controls: [<ldap.controls.libldap.SimplePagedResultsControl object at 0x7fc102987430>]. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 0 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 1 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 2 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 3 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 4 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 5 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 6 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 7 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 8 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 9 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:155 Deleting 101 users INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-sizelimit to b'2000'. Previous value - b'5000'. Modified suffix - cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-pagedsizelimit to b'0'. Previous value - b'5000'. Modified suffix - cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-lookthroughlimit to b'5000'. Previous value - b'122'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-idlistscanlimit to b'4000'. Previous value - b'120'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101fb02b0>
create_user = <lib389.idm.user.UserAccount object at 0x7fc101fb0d90>
conf_attr_values = ('1000', '120', '122'), expected_rs = 'PASS'

@pytest.mark.parametrize('conf_attr_values,expected_rs',
((('1000', '100', '100'), ldap.ADMINLIMIT_EXCEEDED),
(('1000', '120', '122'), 'PASS')))
def test_search_paged_user_limits(topology_st, create_user, conf_attr_values, expected_rs):
"""Verify that nsPagedIDListScanLimit and nsPagedLookthroughLimit
override nsslapd-idlistscanlimit and nsslapd-lookthroughlimit
while performing search with the simple paged results control.

:id: 69e393e9-1ab8-4f4e-b4a1-06ca63dc7b1b
:parametrized: yes
:setup: Standalone instance, test user for binding,
10 users for the search base
:steps:
1. Set nsslapd-idlistscanlimit: 1000
2. Set nsslapd-lookthroughlimit: 1000
3. Set nsPagedIDListScanLimit: 120
4. Set nsPagedLookthroughLimit: 122
5. Bind as test user
6. Search through added users with a simple paged control
using page_size = 10
7. Bind as Directory Manager
8. Set nsPagedIDListScanLimit: 100
9. Set nsPagedLookthroughLimit: 100
10. Bind as test user
11. Search through added users with a simple paged control
using page_size = 10
:expectedresults:
1. nsslapd-idlistscanlimit should be successfully set
2. nsslapd-lookthroughlimit should be successfully set
3. nsPagedIDListScanLimit should be successfully set
4. nsPagedLookthroughLimit should be successfully set
5. Bind should be successful
6. No error happens, all users should be found
7. Bind should be successful
8. nsPagedIDListScanLimit should be successfully set
9. nsPagedLookthroughLimit should be successfully set
10. Bind should be successful
11. It should throw ADMINLIMIT_EXCEEDED exception
"""

users_num = 101
page_size = 10
users_list = add_users(topology_st, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
lookthrough_attr_bck = change_conf_attr(topology_st, 'cn=config,%s' % DN_LDBM, 'nsslapd-lookthroughlimit', conf_attr_values[0])
idlistscan_attr_bck = change_conf_attr(topology_st, 'cn=config,%s' % DN_LDBM, 'nsslapd-idlistscanlimit', conf_attr_values[0])
user_idlistscan_attr_bck = change_conf_attr(topology_st, create_user.dn, 'nsPagedIDListScanLimit', conf_attr_values[1])
user_lookthrough_attr_bck = change_conf_attr(topology_st, create_user.dn, 'nsPagedLookthroughLimit', conf_attr_values[2])

try:
log.info('Set user bind')
conn = create_user.bind(TEST_USER_PWD)

req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]

if expected_rs == ldap.ADMINLIMIT_EXCEEDED:
log.info('Expect to fail with ADMINLIMIT_EXCEEDED')
with pytest.raises(expected_rs):
all_results = paged_search(conn, DEFAULT_SUFFIX, controls, search_flt, searchreq_attrlist)
elif expected_rs == 'PASS':
log.info('Expect to pass')
> all_results = paged_search(conn, DEFAULT_SUFFIX, controls, search_flt, searchreq_attrlist)

suites/paged_results/paged_results_test.py:975:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/paged_results/paged_results_test.py:200: in paged_search
rtype, rdata, rmsgid, rctrls = conn.result3(msgid)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc102d326a0>
func = <built-in method result4 of LDAP object at 0x7fc1020aee40>
args = (12, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.ADMINLIMIT_EXCEEDED: {'msgtype': 100, 'msgid': 12, 'result': 11, 'desc': 'Administrative limit exceeded', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: ADMINLIMIT_EXCEEDED
-------------------------------Captured log call--------------------------------
INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:133 Adding 101 users INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-lookthroughlimit to 1000. Previous value - b'5000'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-idlistscanlimit to 1000. Previous value - b'4000'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsPagedIDListScanLimit to 120. Previous value - None. Modified suffix - uid=simplepaged_test,ou=People,dc=example,dc=com. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsPagedLookthroughLimit to 122. Previous value - None. Modified suffix - uid=simplepaged_test,ou=People,dc=example,dc=com. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:963 Set user bind INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:974 Expect to pass INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:191 Running simple paged result search with - search suffix: dc=example,dc=com; filter: (uid=test*); attr list ['dn', 'sn']; page_size = 10; controls: [<ldap.controls.libldap.SimplePagedResultsControl object at 0x7fc10263a4c0>]. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 0 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 1 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 2 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 3 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 4 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 5 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 6 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 7 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 8 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 9 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:155 Deleting 101 users INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-lookthroughlimit to b'5000'. Previous value - b'1000'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsslapd-idlistscanlimit to b'4000'. Previous value - b'1000'. Modified suffix - cn=config,cn=ldbm database,cn=plugins,cn=config. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsPagedIDListScanLimit to None. Previous value - b'120'. Modified suffix - uid=simplepaged_test,ou=People,dc=example,dc=com. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:169 Set nsPagedLookthroughLimit to None. Previous value - b'122'. Modified suffix - uid=simplepaged_test,ou=People,dc=example,dc=com.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc102c727f0>
algo = 'GOST_YESCRYPT'

@pytest.mark.parametrize("algo", ALGO_SET)
def test_pwd_algo_test(topology_st, algo):
"""Assert that all of our password algorithms correctly PASS and FAIL varying
password conditions.

:id: fbb308a8-8374-4abd-b786-1f88e56f7650
:parametrized: yes
"""
if algo == 'DEFAULT':
if ds_is_older('1.4.0'):
pytest.skip("Not implemented")
> _test_algo(topology_st.standalone, algo)

suites/password/pwd_algo_test.py:150:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/password/pwd_algo_test.py:39: in _test_algo
inst.config.set('passwordStorageScheme', algo_name)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc102c72190>
func = <built-in method result4 of LDAP object at 0x7fc10259e4b0>
args = (105, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.OPERATIONS_ERROR: {'msgtype': 103, 'msgid': 105, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': 'passwordStorageScheme: invalid scheme - GOST_YESCRYPT. Valid schemes are: CLEAR, CRYPT, CRYPT-MD5, CRYPT-SHA256, CRYPT-SHA512, MD5, PBKDF2_SHA256, SHA, SHA256, SHA384, SHA512, SMD5, SSHA, SSHA256, SSHA384, SSHA512'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: OPERATIONS_ERROR

topo = <lib389.topologies.TopologyMain object at 0x7fc102d1ab80>

def test_verify_changelog_online_backup(topo):
"""Check ldap operations in changelog dump file after online backup

:id: 4001c34f-35b4-439e-8c2d-fa7e30375219
:setup: Replication with two masters.
:steps: 1. Add user to server.
2. Take online backup using db2bak task.
3. Restore the database using bak2db task.
4. Perform ldap modify, modrdn and delete operations.
5. Dump the changelog to a file using nsds5task.
6. Check if changelog is updated with ldap operations.
:expectedresults:
1. Add user should PASS.
2. Backup of database should PASS.
3. Restore of database should PASS.
4. Ldap operations should PASS.
5. Changelog should be dumped successfully.
6. Changelog dump file should contain ldap operations
"""

backup_dir = os.path.join(topo.ms['master1'].get_bak_dir(), 'online_backup')
log.info('Run db2bak script to take database backup')
try:
> topo.ms['master1'].tasks.db2bak(backup_dir=backup_dir, args={TASK_WAIT: True})

suites/replication/changelog_test.py:483:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc102beb2b0>
backup_dir = '/var/lib/dirsrv/slapd-master1/bak/online_backup'
args = {'wait': True}

def db2bak(self, backup_dir=None, args=None):
'''
Perform a backup by creating a db2bak task

@param backup_dir - backup directory
@param args - is a dictionary that contains modifier of the task
wait: True/[False] - If True, waits for the completion of the
task before to return

@return exit code

@raise ValueError: if bename name does not exist
'''

# Checking the parameters
if not backup_dir:
raise ValueError("You must specify a backup directory.")

# build the task entry
cn = "backup_" + time.strftime("%m%d%Y_%H%M%S", time.localtime())
dn = "cn=%s,%s" % (cn, DN_BACKUP_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsArchiveDir': backup_dir,
'nsDatabaseType': 'ldbm database'
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the backup task (%s)", dn)
return -1

exitCode = 0
if args and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:630: ValueError

During handling of the above exception, another exception occurred:

topo = <lib389.topologies.TopologyMain object at 0x7fc102d1ab80>

def test_verify_changelog_online_backup(topo):
"""Check ldap operations in changelog dump file after online backup

:id: 4001c34f-35b4-439e-8c2d-fa7e30375219
:setup: Replication with two masters.
:steps: 1. Add user to server.
2. Take online backup using db2bak task.
3. Restore the database using bak2db task.
4. Perform ldap modify, modrdn and delete operations.
5. Dump the changelog to a file using nsds5task.
6. Check if changelog is updated with ldap operations.
:expectedresults:
1. Add user should PASS.
2. Backup of database should PASS.
3. Restore of database should PASS.
4. Ldap operations should PASS.
5. Changelog should be dumped successfully.
6. Changelog dump file should contain ldap operations
"""

backup_dir = os.path.join(topo.ms['master1'].get_bak_dir(), 'online_backup')
log.info('Run db2bak script to take database backup')
try:
topo.ms['master1'].tasks.db2bak(backup_dir=backup_dir, args={TASK_WAIT: True})
except ValueError:
log.fatal('test_changelog5: Online backup failed')
> assert False
E assert False

suites/replication/changelog_test.py:486: AssertionError
-------------------------------Captured log call--------------------------------
INFO tests.suites.replication.changelog_test:changelog_test.py:481 Run db2bak script to take database backup CRITICAL tests.suites.replication.changelog_test:changelog_test.py:485 test_changelog5: Online backup failed

topo_m2 = <lib389.topologies.TopologyMain object at 0x7fc1021ddbb0>

def test_online_init_should_create_keepalive_entries(topo_m2):
"""Check that keep alive entries are created when initializinf a master from another one

:id: d5940e71-d18a-4b71-aaf7-b9185361fffe
:setup: Two masters replication setup
:steps:
1. Generate ldif without replication data
2 Init both masters from that ldif
3 Check that keep alive entries does not exists
4 Perform on line init of master2 from master1
5 Check that keep alive entries exists
:expectedresults:
1. No error while generating ldif
2. No error while importing the ldif file
3. No keepalive entrie should exists on any masters
4. No error while initializing master2
5. All keepalive entries should exist on every masters

"""

repl = ReplicationManager(DEFAULT_SUFFIX)
m1 = topo_m2.ms["master1"]
m2 = topo_m2.ms["master2"]
# Step 1: Generate ldif without replication data
m1.stop()
m2.stop()
ldif_file = '%s/norepl.ldif' % m1.get_ldif_dir()
m1.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX],
excludeSuffixes=None, repl_data=False,
outputfile=ldif_file, encrypt=False)
# Remove replication metadata that are still in the ldif
> _remove_replication_data(ldif_file)

suites/replication/regression_test.py:1025:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

ldif_file = '/var/lib/dirsrv/slapd-master1/ldif/norepl.ldif'

def _remove_replication_data(ldif_file):
""" Remove the replication data from ldif file:
db2lif without -r includes some of the replica data like
- nsUniqueId
- keepalive entries
This function filters the ldif fil to remove these data
"""

> with open(ldif_file) as f:
E FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/dirsrv/slapd-master1/ldif/norepl.ldif'

suites/replication/regression_test.py:122: FileNotFoundError
------------------------------Captured stderr call------------------------------
[28/Dec/2020:22:02:14.219273289 -0500] - INFO - dse_check_file - The config /etc/dirsrv/slapd-master1/dse.ldif can not be accessed. Attempting restore ... (reason: 0) [28/Dec/2020:22:02:14.219347722 -0500] - INFO - dse_check_file - The backup /etc/dirsrv/slapd-master1/dse.ldif.bak can not be accessed. Check it exists and permissions. [28/Dec/2020:22:02:14.219352407 -0500] - ERR - slapd_bootstrap_config - No valid configurations can be accessed! You must restore /etc/dirsrv/slapd-master1/dse.ldif from backup! [28/Dec/2020:22:02:14.219355964 -0500] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-master1 could not be read or were not found. Please refer to the error log or output for more information.

topo_m2 = <lib389.topologies.TopologyMain object at 0x7fc102aed100>

def test_rfc2307compat(topo_m2):
""" Test to verify if 10rfc2307compat.ldif does not prevent replication of schema
- Create 2 masters and a test entry
- Move 10rfc2307compat.ldif to be private to M1
- Move 10rfc2307.ldif to be private to M2
- Add 'objectCategory' to the schema of M1
- Force a replication session
- Check 'objectCategory' on M1 and M2
"""
m1 = topo_m2.ms["master1"]
m2 = topo_m2.ms["master2"]

m1.config.loglevel(vals=(ErrorLog.DEFAULT, ErrorLog.REPLICA))
m2.config.loglevel(vals=(ErrorLog.DEFAULT, ErrorLog.REPLICA))

m1.add_s(Entry((
TEST_ENTRY_DN, {
"objectClass": "top",
"objectClass": "extensibleObject",
'uid': TEST_ENTRY_NAME,
'cn': TEST_ENTRY_NAME,
'sn': TEST_ENTRY_NAME,
}
)))

entries = get_repl_entries(topo_m2, TEST_ENTRY_NAME, ["uid"])
assert all(entries), "Entry {} wasn't replicated successfully".format(TEST_ENTRY_DN)

# Clean the old locations (if any)
m1_temp_schema = os.path.join(m1.get_config_dir(), 'schema')
m2_temp_schema = os.path.join(m2.get_config_dir(), 'schema')
m1_schema = os.path.join(m1.get_data_dir(), 'dirsrv/schema')
m1_opt_schema = os.path.join(m1.get_data_dir(), 'dirsrv/data')
m1_temp_backup = os.path.join(m1.get_tmp_dir(), 'schema')

# Does the system schema exist?
if os.path.islink(m1_schema):
# Then we need to put the m1 schema back.
os.unlink(m1_schema)
shutil.copytree(m1_temp_backup, m1_schema)
if not os.path.exists(m1_temp_backup):
shutil.copytree(m1_schema, m1_temp_backup)

shutil.rmtree(m1_temp_schema, ignore_errors=True)
shutil.rmtree(m2_temp_schema, ignore_errors=True)

# Build a new copy
shutil.copytree(m1_schema, m1_temp_schema)
shutil.copytree(m1_schema, m2_temp_schema)
# Ensure 99user.ldif exists
with open(os.path.join(m1_temp_schema, '99user.ldif'), 'w') as f:
f.write('dn: cn=schema')

with open(os.path.join(m2_temp_schema, '99user.ldif'), 'w') as f:
f.write('dn: cn=schema')

# m1 has compat, m2 has legacy.
os.unlink(os.path.join(m2_temp_schema, '10rfc2307compat.ldif'))
> shutil.copy(os.path.join(m1_opt_schema, '10rfc2307.ldif'), m2_temp_schema)

suites/replication/rfc2307compat_test.py:94:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib64/python3.9/shutil.py:418: in copy
copyfile(src, dst, follow_symlinks=follow_symlinks)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

src = '/usr/share/dirsrv/data/10rfc2307.ldif'
dst = '/etc/dirsrv/slapd-master2/schema/10rfc2307.ldif'

def copyfile(src, dst, *, follow_symlinks=True):
"""Copy data from src to dst in the most efficient way possible.

If follow_symlinks is not set and src is a symbolic link, a new
symlink will be created instead of copying the file it points to.

"""
sys.audit("shutil.copyfile", src, dst)

if _samefile(src, dst):
raise SameFileError("{!r} and {!r} are the same file".format(src, dst))

file_size = 0
for i, fn in enumerate([src, dst]):
try:
st = _stat(fn)
except OSError:
# File most likely does not exist
pass
else:
# XXX What about other special files? (sockets, devices...)
if stat.S_ISFIFO(st.st_mode):
fn = fn.path if isinstance(fn, os.DirEntry) else fn
raise SpecialFileError("`%s` is a named pipe" % fn)
if _WINDOWS and i == 0:
file_size = st.st_size

if not follow_symlinks and _islink(src):
os.symlink(os.readlink(src), dst)
else:
> with open(src, 'rb') as fsrc, open(dst, 'wb') as fdst:
E FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/dirsrv/data/10rfc2307.ldif'

/usr/lib64/python3.9/shutil.py:264: FileNotFoundError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for master1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for master2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining master master2 to master1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is NOT working (expect d44c6f2f-039c-4747-8e0f-0391c517e89b / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is NOT working (expect cf34d0ba-31e6-4f68-812c-07ecf5589e5d / got description=d44c6f2f-039c-4747-8e0f-0391c517e89b) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined master from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 INFO lib389.topologies:topologies.py:164 Ensuring master master1 to master2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring master master2 to master1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 already exists

topology_m1 = <lib389.topologies.TopologyMain object at 0x7fc101f82df0>

def test_precise_tombstone_purging(topology_m1):
""" Test precise tombstone purging

:id: adb86f50-ae76-4ed6-82b4-3cdc30ccab79
:setup: master1 instance
:steps:
1. Create and Delete entry to create a tombstone
2. export ldif, edit, and import ldif
3. Check tombstones do not contain nsTombstoneCSN
4. Run fixup task, and verify tombstones now have nsTombstone CSN
5. Configure tombstone purging
6. Verify tombstones are purged
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
"""

m1 = topology_m1.ms['master1']
m1_tasks = Tasks(m1)

# Create tombstone entry
users = UserAccounts(m1, DEFAULT_SUFFIX)
user = users.create_test_user(uid=1001)
user.delete()

# Verify tombstone was created
tombstones = Tombstones(m1, DEFAULT_SUFFIX)
assert len(tombstones.list()) == 1

# Export db, strip nsTombstoneCSN, and import it
ldif_file = "{}/export.ldif".format(m1.get_ldif_dir())
args = {EXPORT_REPL_INFO: True,
TASK_WAIT: True}
> m1_tasks.exportLDIF(DEFAULT_SUFFIX, None, ldif_file, args)

suites/replication/tombstone_fixup_test.py:60:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc101f7fa90>
suffix = 'dc=example,dc=com', benamebase = None
output_file = '/var/lib/dirsrv/slapd-master1/ldif/export.ldif'
args = {'repl-info': True, 'wait': True}

def exportLDIF(self, suffix=None, benamebase=None, output_file=None,
args=None):
'''
Export in a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raises ValueError

'output_file' is the output file of the export

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param output_file - file that will contain the exported suffix in LDIF
format
@param args - is a dictionary that contains modifier of the export task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return
repl-info: True/[False] - If True, it adds the replication meta
data (state information, tombstones
and RUV) in the exported file

@return None

@raise ValueError

'''

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not output_file:
raise ValueError("output_file is mandatory")

# Prepare the task entry
cn = "export_" + time.strftime("%m%d%Y_%H%M%S", time.localtime())
dn = "cn=%s,%s" % (cn, DN_EXPORT_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsFilename': output_file
})
if benamebase:
entry.setValues('nsInstance', benamebase)
else:
entry.setValues('nsIncludeSuffix', suffix)

if args.get(EXPORT_REPL_INFO, False):
entry.setValues('nsExportReplica', 'true')

# start the task and possibly wait for task completion
self.conn.add_s(entry)
exitCode = 0
if args and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:578: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for master1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology.

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc102d1a880>

@pytest.mark.ds47536
def test_openldap_no_nss_crypto(topology_m2):
"""Check that we allow usage of OpenLDAP libraries
that don't use NSS for crypto

:id: 0a622f3d-8ba5-4df2-a1de-1fb2237da40a
:setup: Replication with two masters:
master_1 ----- startTLS -----> master_2;
master_1 <-- TLS_clientAuth -- master_2;
nsslapd-extract-pemfiles set to 'on' on both masters
without specifying cert names
:steps:
1. Add 5 users to master 1 and 2
2. Check that the users were successfully replicated
3. Relocate PEM files on master 1
4. Check PEM files in master 1 config directory
5. Add 5 users more to master 1 and 2
6. Check that the users were successfully replicated
7. Export userRoot on master 1
:expectedresults:
1. Users should be successfully added
2. Users should be successfully replicated
3. Operation should be successful
4. PEM files should be found
5. Users should be successfully added
6. Users should be successfully replicated
7. Operation should be successful
"""

log.info("Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto")

m1 = topology_m2.ms["master1"]
m2 = topology_m2.ms["master2"]
[i.enable_tls() for i in topology_m2]
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.test_replication(m1, m2)

add_entry(m1, 'master1', 'uid=m1user', 0, 5)
add_entry(m2, 'master2', 'uid=m2user', 0, 5)
repl.wait_for_replication(m1, m2)
repl.wait_for_replication(m2, m1)

log.info('##### Searching for entries on master1...')
entries = m1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
assert 11 == len(entries)

log.info('##### Searching for entries on master2...')
entries = m2.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
assert 11 == len(entries)

relocate_pem_files(topology_m2)

add_entry(m1, 'master1', 'uid=m1user', 10, 5)
add_entry(m2, 'master2', 'uid=m2user', 10, 5)

repl.wait_for_replication(m1, m2)
repl.wait_for_replication(m2, m1)

log.info('##### Searching for entries on master1...')
entries = m1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
assert 21 == len(entries)

log.info('##### Searching for entries on master2...')
entries = m2.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
assert 21 == len(entries)

output_file = os.path.join(m1.get_ldif_dir(), "master1.ldif")
> m1.tasks.exportLDIF(benamebase='userRoot', output_file=output_file, args={'wait': True})

suites/sasl/regression_test.py:171:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc10217e400>, suffix = None
benamebase = 'userRoot'
output_file = '/var/lib/dirsrv/slapd-master1/ldif/master1.ldif'
args = {'wait': True}

def exportLDIF(self, suffix=None, benamebase=None, output_file=None,
args=None):
'''
Export in a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raises ValueError

'output_file' is the output file of the export

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param output_file - file that will contain the exported suffix in LDIF
format
@param args - is a dictionary that contains modifier of the export task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return
repl-info: True/[False] - If True, it adds the replication meta
data (state information, tombstones
and RUV) in the exported file

@return None

@raise ValueError

'''

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not output_file:
raise ValueError("output_file is mandatory")

# Prepare the task entry
cn = "export_" + time.strftime("%m%d%Y_%H%M%S", time.localtime())
dn = "cn=%s,%s" % (cn, DN_EXPORT_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsFilename': output_file
})
if benamebase:
entry.setValues('nsInstance', benamebase)
else:
entry.setValues('nsIncludeSuffix', suffix)

if args.get(EXPORT_REPL_INFO, False):
entry.setValues('nsExportReplica', 'true')

# start the task and possibly wait for task completion
self.conn.add_s(entry)
exitCode = 0
if args and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:578: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for master1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for master2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining master master2 to master1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is NOT working (expect 35f8cb16-3e96-482f-83a5-272e4c3c6c07 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is NOT working (expect 637cefd8-c706-4b9f-87f8-2a44e8a6e148 / got description=35f8cb16-3e96-482f-83a5-272e4c3c6c07) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined master from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 INFO lib389.topologies:topologies.py:164 Ensuring master master1 to master2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring master master2 to master1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 already exists
-------------------------------Captured log call--------------------------------
INFO tests.suites.sasl.regression_test:regression_test.py:133 Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto INFO lib389.replica:replica.py:2498 Retry: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 is NOT working (expect abba6df0-f73c-4b62-9b0c-20b001c0acf4 / got description=637cefd8-c706-4b9f-87f8-2a44e8a6e148) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 is working INFO tests.suites.sasl.regression_test:regression_test.py:35 ######################### Adding 5 entries to master1 ###################### INFO tests.suites.sasl.regression_test:regression_test.py:35 ######################### Adding 5 entries to master2 ###################### INFO lib389.replica:replica.py:2498 Retry: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 is NOT working (expect 683c8d75-1090-4fd2-8390-69e5ff0ecfd1 / got description=abba6df0-f73c-4b62-9b0c-20b001c0acf4) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 is NOT working (expect c7cff426-f728-40ed-8d6b-d8889cd6f5b8 / got description=683c8d75-1090-4fd2-8390-69e5ff0ecfd1) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 is working INFO tests.suites.sasl.regression_test:regression_test.py:146 ##### Searching for entries on master1... INFO tests.suites.sasl.regression_test:regression_test.py:150 ##### Searching for entries on master2... INFO tests.suites.sasl.regression_test:regression_test.py:92 ######################### Relocate PEM files on master1 ###################### INFO tests.suites.sasl.regression_test:regression_test.py:100 ##### restart master1 INFO tests.suites.sasl.regression_test:regression_test.py:47 ######################### Check PEM files (/dev/shm/MyCA, /dev/shm/MyServerCert1, /dev/shm/MyServerKey1) in /dev/shm ###################### INFO tests.suites.sasl.regression_test:regression_test.py:53 /dev/shm/MyCA.pem is successfully generated. INFO tests.suites.sasl.regression_test:regression_test.py:66 /dev/shm/MyServerCert1.pem is successfully generated. INFO tests.suites.sasl.regression_test:regression_test.py:79 /dev/shm/MyServerKey1.pem is successfully generated. INFO tests.suites.sasl.regression_test:regression_test.py:35 ######################### Adding 5 entries to master1 ###################### INFO tests.suites.sasl.regression_test:regression_test.py:35 ######################### Adding 5 entries to master2 ###################### INFO lib389.replica:replica.py:2498 Retry: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 is NOT working (expect 7a7dbc58-c9f2-44a9-8021-5cac19b73b3c / got description=c7cff426-f728-40ed-8d6b-d8889cd6f5b8) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 is NOT working (expect a86a8b8b-1355-4f4c-a198-b3301ea6d597 / got description=7a7dbc58-c9f2-44a9-8021-5cac19b73b3c) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63702 to ldaps://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:63701 is working INFO tests.suites.sasl.regression_test:regression_test.py:162 ##### Searching for entries on master1... INFO tests.suites.sasl.regression_test:regression_test.py:166 ##### Searching for entries on master2...

topo = <lib389.topologies.TopologyMain object at 0x7fc102288460>

def test_schema_operation(topo):
"""Test that the cases in original schema are preserved.
Test that duplicated schema except cases are not loaded
Test to use a custom schema

:id: e7448863-ac62-4b49-b013-4efa412c0455
:setup: Standalone instance
:steps:
1. Create a test schema with cases
2. Run a schema_reload task
3. Check the attribute is present
4. Case 2: Check duplicated schema except cases are not loaded
5. Case 2-1: Use the custom schema

:expectedresults:
1. Operation should be successful
2. Operation should be successful
3. Operation should be successful
4. Operation should be successful
5. Operation should be successful
"""

log.info('case 1: Test the cases in the original schema are preserved.')

schema_filename = topo.standalone.schemadir + '/98test.ldif'
try:
with open(schema_filename, "w") as schema_file:
schema_file.write("dn: cn=schema\n")
schema_file.write("attributetypes: ( 8.9.10.11.12.13.14 NAME " +
"'MoZiLLaaTTRiBuTe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " +
" X-ORIGIN 'Mozilla Dummy Schema' )\n")
schema_file.write("objectclasses: ( 1.2.3.4.5.6.7 NAME 'MozillaObject' " +
"SUP top MUST ( objectclass $ cn ) MAY ( MoZiLLaaTTRiBuTe )" +
" X-ORIGIN 'user defined' )')\n")

except OSError as e:
log.fatal("Failed to create schema file: " +
"{} Error: {}".format(schema_filename, str(e)))


# run the schema reload task with the default schemadir
schema = Schema(topo.standalone)
task = schema.reload(schema_dir=topo.standalone.schemadir)
task.wait()

subschema = topo.standalone.schema.get_subschema()
at_obj = subschema.get_obj(ldap.schema.AttributeType, 'MoZiLLaaTTRiBuTe')

> assert at_obj is not None, "The attribute was not found on server"
E AssertionError: The attribute was not found on server
E assert None is not None

suites/schema/schema_reload_test.py:120: AssertionError
-------------------------------Captured log call--------------------------------
INFO tests.suites.schema.schema_reload_test:schema_reload_test.py:94 case 1: Test the cases in the original schema are preserved.

topo = <lib389.topologies.TopologyMain object at 0x7fc102288460>

def test_valid_schema(topo):
"""Test schema-reload task with valid schema

:id: 2ab304c0-3e58-4d34-b23b-a14b5997c7a8
:setup: Standalone instance
:steps:
1. Create schema file with valid schema
2. Run schema-reload.pl script
3. Run ldapsearch and check if schema was added
:expectedresults:
1. File creation should work
2. The schema reload task should be successful
3. Searching the server should return the new schema
"""

log.info("Test schema-reload task with valid schema")

# Step 1 - Create schema file
log.info("Create valid schema file (99user.ldif)...")
schema_filename = (topo.standalone.schemadir + "/99user.ldif")
try:
with open(schema_filename, 'w') as schema_file:
schema_file.write("dn: cn=schema\n")
schema_file.write("attributetypes: ( 8.9.10.11.12.13.13 NAME " +
"'ValidAttribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15" +
" X-ORIGIN 'Mozilla Dummy Schema' )\n")
schema_file.write("objectclasses: ( 1.2.3.4.5.6.7.8 NAME 'TestObject' " +
"SUP top MUST ( objectclass $ cn ) MAY ( givenName $ " +
"sn $ ValidAttribute ) X-ORIGIN 'user defined' )')\n")
except OSError as e:
log.fatal("Failed to create schema file: " +
"{} Error: {}".format(schema_filename, str(e)))

# Step 2 - Run the schema-reload task
log.info("Run the schema-reload task...")
schema = Schema(topo.standalone)
task = schema.reload(schema_dir=topo.standalone.schemadir)
task.wait()
> assert task.get_exit_code() == 0, "The schema reload task failed"
E AssertionError: The schema reload task failed
E assert 65 == 0
E +65
E -0

suites/schema/schema_reload_test.py:207: AssertionError
-------------------------------Captured log call--------------------------------
INFO tests.suites.schema.schema_reload_test:schema_reload_test.py:184 Test schema-reload task with valid schema INFO tests.suites.schema.schema_reload_test:schema_reload_test.py:187 Create valid schema file (99user.ldif)... INFO tests.suites.schema.schema_reload_test:schema_reload_test.py:203 Run the schema-reload task...

topology = <lib389.topologies.TopologyMain object at 0x7fc101e49400>

@pytest.mark.skipif(ldap.__version__ < '3.3.1',
reason="python ldap versions less that 3.3.1 have bugs in sync repl that will cause this to fail!")
def test_syncrepl_basic(topology):
""" Test basic functionality of the SyncRepl interface

:id: f9fea826-8ae2-412a-8e88-b8e0ba939b06

:setup: Standalone instance

:steps:
1. Enable Retro Changelog
2. Enable Syncrepl
3. Run the syncstate test to check refresh, add, delete, mod.

:expectedresults:
1. Success
1. Success
1. Success
"""
st = topology.standalone
# Enable RetroChangelog.
rcl = RetroChangelogPlugin(st)
rcl.enable()
# Set the default targetid
rcl.replace('nsslapd-attribute', 'nsuniqueid:targetUniqueId')
# Enable sync repl
csp = ContentSyncPlugin(st)
csp.enable()
# Restart DS
st.restart()
# Setup the syncer
sync = ISyncRepl(st)
# Run the checks
> syncstate_assert(st, sync)

suites/syncrepl_plugin/basic_test.py:145:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

st = <lib389.DirSrv object at 0x7fc101e49730>
sync = <tests.suites.syncrepl_plugin.ISyncRepl object at 0x7fc102572850>

def syncstate_assert(st, sync):
# How many entries do we have?
# We setup sync under ou=people so we can modrdn out of the scope.
r = st.search_ext_s(
base=OU_PEOPLE,
scope=ldap.SCOPE_SUBTREE,
filterstr='(objectClass=*)',
attrsonly=1,
escapehatch='i am sure'
)

# Initial sync
log.debug("*test* initial")
sync.syncrepl_search(base=OU_PEOPLE)
sync.syncrepl_complete()
# check we caught them all
assert len(r) == len(sync.entries.keys())
assert len(r) == len(sync.present)
assert 0 == len(sync.delete)
if sync.openldap:
assert True == sync.refdel
else:
assert False == sync.refdel

# Add a new entry
account = nsUserAccounts(st, DEFAULT_SUFFIX).create_test_user()

# Find the primary uuid we expect to see in syncrepl.
# This will be None if not present.
acc_uuid = account.get_attr_val_utf8('entryuuid')
if not sync.openldap:
nsid = account.get_attr_val_utf8('nsuniqueid')
# nsunique has a diff format, so we change it up.
# 431cf081-b44311ea-83fdb082-f24d490e
# Add a hyphen V
# 431cf081-b443-11ea-83fdb082-f24d490e
nsid_a = nsid[:13] + '-' + nsid[13:]
# Add a hyphen V
# 431cf081-b443-11ea-83fd-b082-f24d490e
nsid_b = nsid_a[:23] + '-' + nsid_a[23:]
# Remove a hyphen V
# 431cf081-b443-11ea-83fd-b082-f24d490e
acc_uuid = nsid_b[:28] + nsid_b[29:]
# Tada!
# 431cf081-b443-11ea-83fd-b082f24d490e
log.debug(f"--> expected sync uuid (from nsuniqueid): {acc_uuid}")
else:
log.debug(f"--> expected sync uuid (from entryuuid): {acc_uuid}")

# Check
log.debug("*test* add")
sync.syncrepl_search(base=OU_PEOPLE)
sync.syncrepl_complete()
sync.check_cookie()
log.debug(f"sd: {sync.delete}, sp: {sync.present} sek: {sync.entries.keys()}")

assert 1 == len(sync.entries.keys())
assert 1 == len(sync.present)
####################################
assert sync.present == [acc_uuid]
assert 0 == len(sync.delete)
if sync.openldap:
assert True == sync.refdel
else:
assert False == sync.refdel

# Mod
account.replace('description', 'change')
# Check
log.debug("*test* mod")
sync.syncrepl_search(base=OU_PEOPLE)
sync.syncrepl_complete()
sync.check_cookie()
log.debug(f"sd: {sync.delete}, sp: {sync.present} sek: {sync.entries.keys()}")
assert 1 == len(sync.entries.keys())
assert 1 == len(sync.present)
####################################
assert sync.present == [acc_uuid]
assert 0 == len(sync.delete)
if sync.openldap:
assert True == sync.refdel
else:
assert False == sync.refdel

## ModRdn (remain in scope)
account.rename('uid=test1_modrdn')
# newsuperior=None
# Check
log.debug("*test* modrdn (in scope)")
sync.syncrepl_search(base=OU_PEOPLE)
sync.syncrepl_complete()
sync.check_cookie()
log.debug(f"sd: {sync.delete}, sp: {sync.present} sek: {sync.entries.keys()}")
assert 1 == len(sync.entries.keys())
assert 1 == len(sync.present)
####################################
assert sync.present == [acc_uuid]
assert 0 == len(sync.delete)
if sync.openldap:
assert True == sync.refdel
else:
assert False == sync.refdel

# import time
# print("attach now ....")
# time.sleep(45)

## Modrdn (out of scope, then back into scope)
account.rename('uid=test1_modrdn', newsuperior=DEFAULT_SUFFIX)

# Check it's gone.
log.debug("*test* modrdn (move out of scope)")
sync.syncrepl_search(base=OU_PEOPLE)
sync.syncrepl_complete()
sync.check_cookie()
log.debug(f"sd: {sync.delete}, sp: {sync.present} sek: {sync.entries.keys()}")
assert 0 == len(sync.entries.keys())
assert 0 == len(sync.present)
## WARNING: This test MAY FAIL here if you do not have a new enough python-ldap
# due to an ASN.1 parsing bug. You require at least python-ldap 3.3.1
assert 1 == len(sync.delete)
assert sync.delete == [acc_uuid]
if sync.openldap:
assert True == sync.refdel
else:
assert False == sync.refdel

# Put it back
account.rename('uid=test1_modrdn', newsuperior=OU_PEOPLE)
log.debug("*test* modrdn (move in to scope)")
sync.syncrepl_search(base=OU_PEOPLE)
sync.syncrepl_complete()
sync.check_cookie()
log.debug(f"sd: {sync.delete}, sp: {sync.present} sek: {sync.entries.keys()}")
assert 1 == len(sync.entries.keys())
assert 1 == len(sync.present)
####################################
assert sync.present == [acc_uuid]
> assert 0 == len(sync.delete)
E AssertionError

suites/syncrepl_plugin/__init__.py:255: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topo = <lib389.topologies.TopologyMain object at 0x7fc1023d0100>

def test_ssl_version_range(topo):
"""Specify a test case purpose or name here

:id: bc400f54-3966-49c8-b640-abbf4fb2377e
1. Get current default range
2. Set sslVersionMin and verify it is applied after a restart
3. Set sslVersionMax and verify it is applied after a restart
4. Sanity test all the min/max versions
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""

topo.standalone.enable_tls()
enc = Encryption(topo.standalone)
default_min = enc.get_attr_val_utf8('sslVersionMin')
default_max = enc.get_attr_val_utf8('sslVersionMax')
log.info(f"default min: {default_min} max: {default_max}")
if DEBUGGING:
topo.standalone.config.set('nsslapd-auditlog-logging-enabled', 'on')

# Test that setting the min version is applied after a restart
enc.replace('sslVersionMin', default_max)
enc.replace('sslVersionMax', default_max)
topo.standalone.restart()
min = enc.get_attr_val_utf8('sslVersionMin')
assert min == default_max

# Test that setting the max version is applied after a restart
enc.replace('sslVersionMin', default_min)
enc.replace('sslVersionMax', default_min)
topo.standalone.restart()
max = enc.get_attr_val_utf8('sslVersionMax')
assert max == default_min

# Sanity test all the min/max versions
for attr, versions in [('sslVersionMin', ['TLS1.0', 'TLS1.1', 'TLS1.2', 'TLS1.0']),
('sslVersionMax', ['TLS1.0', 'TLS1.1', 'TLS1.2'])]:
for version in versions:
# Test that the setting is correctly applied after a restart
enc.replace(attr, version)
> topo.standalone.restart()

suites/tls/ssl_version_test.py:60:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1222: in restart
self.start(timeout, post_open)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1125: in start
self.open()
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1024: in open
raise e
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1020: in open
self.simple_bind_s(ensure_str(self.binddn), self.bindpw, escapehatch='i am sure')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:454: in simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:448: in simple_bind
return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc1023d0b80>
func = <built-in method simple_bind of LDAP object at 0x7fc1025e58d0>
args = ('cn=Directory Manager', 'password', None, None), kwargs = {}
diagnostic_message_success = None, exc_type = None, exc_value = None
exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO tests.suites.tls.ssl_version_test:ssl_version_test.py:36 default min: TLS1.2 max: TLS1.3

topology_st = <lib389.topologies.TopologyMain object at 0x7fc1021c7d30>

def test_ticket47560(topology_st):
"""
This test case does the following:
SETUP
- Create entry cn=group,SUFFIX
- Create entry cn=member,SUFFIX
- Update 'cn=member,SUFFIX' to add "memberOf: cn=group,SUFFIX"
- Enable Memberof Plugins

# Here the cn=member entry has a 'memberOf' but
# cn=group entry does not contain 'cn=member' in its member

TEST CASE
- start the fixupmemberof task
- read the cn=member entry
- check 'memberOf is now empty

TEARDOWN
- Delete entry cn=group,SUFFIX
- Delete entry cn=member,SUFFIX
- Disable Memberof Plugins
"""

def _enable_disable_mbo(value):
"""
Enable or disable mbo plugin depending on 'value' ('on'/'off')
"""
# enable/disable the mbo plugin
if value == 'on':
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
else:
topology_st.standalone.plugins.disable(name=PLUGIN_MEMBER_OF)

log.debug("-------------> _enable_disable_mbo(%s)" % value)

topology_st.standalone.stop(timeout=120)
time.sleep(1)
topology_st.standalone.start(timeout=120)
time.sleep(3)

# need to reopen a connection toward the instance
topology_st.standalone.open()

def _test_ticket47560_setup():
"""
- Create entry cn=group,SUFFIX
- Create entry cn=member,SUFFIX
- Update 'cn=member,SUFFIX' to add "memberOf: cn=group,SUFFIX"
- Enable Memberof Plugins
"""
log.debug("-------- > _test_ticket47560_setup\n")

#
# By default the memberof plugin is disabled create
# - create a group entry
# - create a member entry
# - set the member entry as memberof the group entry
#
entry = Entry(group_DN)
entry.setValues('objectclass', 'top', 'groupOfNames', 'inetUser')
entry.setValues('cn', 'group')
try:
topology_st.standalone.add_s(entry)
except ldap.ALREADY_EXISTS:
log.debug("Entry %s already exists" % (group_DN))

entry = Entry(member_DN)
entry.setValues('objectclass', 'top', 'person', 'organizationalPerson', 'inetorgperson', 'inetUser')
entry.setValues('uid', 'member')
entry.setValues('cn', 'member')
entry.setValues('sn', 'member')
try:
topology_st.standalone.add_s(entry)
except ldap.ALREADY_EXISTS:
log.debug("Entry %s already exists" % (member_DN))

replace = [(ldap.MOD_REPLACE, 'memberof', ensure_bytes(group_DN))]
topology_st.standalone.modify_s(member_DN, replace)

#
# enable the memberof plugin and restart the instance
#
_enable_disable_mbo('on')

#
# check memberof attribute is still present
#
filt = 'uid=member'
ents = topology_st.standalone.search_s(member_DN, ldap.SCOPE_BASE, filt)
assert len(ents) == 1
ent = ents[0]
# print ent
value = ensure_str(ent.getValue('memberof'))
# print "memberof: %s" % (value)
assert value == group_DN

def _test_ticket47560_teardown():
"""
- Delete entry cn=group,SUFFIX
- Delete entry cn=member,SUFFIX
- Disable Memberof Plugins
"""
log.debug("-------- > _test_ticket47560_teardown\n")
# remove the entries group_DN and member_DN
try:
topology_st.standalone.delete_s(group_DN)
except:
log.warning("Entry %s fail to delete" % (group_DN))
try:
topology_st.standalone.delete_s(member_DN)
except:
log.warning("Entry %s fail to delete" % (member_DN))
#
# disable the memberof plugin and restart the instance
#
_enable_disable_mbo('off')

group_DN = "cn=group,%s" % (SUFFIX)
member_DN = "uid=member,%s" % (SUFFIX)

#
# Initialize the test case
#
_test_ticket47560_setup()

#
# start the test
# - start the fixup task
# - check the entry is fixed (no longer memberof the group)
#
log.debug("-------- > Start ticket tests\n")

filt = 'uid=member'
ents = topology_st.standalone.search_s(member_DN, ldap.SCOPE_BASE, filt)
assert len(ents) == 1
ent = ents[0]
log.debug("Unfixed entry %r\n" % ent)

# run the fixup task
> topology_st.standalone.tasks.fixupMemberOf(suffix=SUFFIX, args={TASK_WAIT: True})

tickets/ticket47560_test.py:164:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc101cc2cd0>
suffix = 'dc=example,dc=com', benamebase = None, filt = None
args = {'wait': True}

def fixupMemberOf(self, suffix=None, benamebase=None, filt=None,
args=None):
'''
Trigger a fixup task on 'suffix' (or 'benamebase' that stores that
suffix) related to the entries 'memberof' of groups. It uses an
internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase'
first else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

'filt' is a filter that will select all the entries (under
'suffix') that we need to evaluate/fix. If missing, the default
value is "(|(objectclass=inetuser)(objectclass=inetadmin))"

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend
(e.g. 'userRoot')
@param args - is a dictionary that contains modifier of the
fixupMemberOf task
wait: True/[False] - If True, waits for the completion of the
task before to return

@return exit code

@raise ValueError: if benamebase and suffix are specified, or can
not retrieve the suffix from the mapping tree
entry
'''
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

# If backend name was provided, retrieve the suffix
if benamebase:
ents = self.conn.mappingtree.list(bename=benamebase)
if len(ents) != 1:
raise ValueError("invalid backend name: %s" % benamebase)

attr = MT_PROPNAME_TO_ATTRNAME[MT_SUFFIX]
if not ents[0].hasAttr(attr):
raise ValueError(
"invalid backend name: %s, or entry without %s" %
(benamebase, attr))

suffix = ents[0].getValue(attr)

cn = "fixupmemberof_" + time.strftime("%m%d%Y_%H%M%S",
time.localtime())
dn = "cn=%s,%s" % (cn, DN_MBO_TASK)
entry = Entry(dn)
entry.setValues('objectclass', 'top', 'extensibleObject')
entry.setValues('cn', cn)
entry.setValues('basedn', suffix)
if filt:
entry.setValues('filter', filt)

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the memberOf fixup task")
return -1

exitCode = 0
if args and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:887: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_m1c1 = <lib389.topologies.TopologyMain object at 0x7fc101f20070>

def test_ticket47619_reindex(topology_m1c1):
'''
Reindex all the attributes in ATTRIBUTES
'''
args = {TASK_WAIT: True}
for attr in ATTRIBUTES:
> rc = topology_m1c1.ms["master1"].tasks.reindex(suffix=RETROCL_SUFFIX, attrname=attr, args=args)

tickets/ticket47619_test.py:83:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc101f20160>, suffix = 'cn=changelog'
benamebase = None, attrname = 'street', args = {'wait': True}, vlv = False

def reindex(self, suffix=None, benamebase=None, attrname=None, args=None, vlv=False):
'''
Reindex a 'suffix' (or 'benamebase' that stores that suffix) for a
given 'attrname'. It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

:param suffix - suffix of the backend
:param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
:param attrname - attribute name
:param args - is a dictionary that contains modifier of the reindex
task
wait: True/[False] - If True, 'index' waits for the completion
of the task before to return
:param vlv - this task is to reindex a VLV index

:return None

:raise ValueError - if invalid missing benamebase and suffix or invalid
benamebase
:raise LDAPError if unable to search for index names

'''
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

# If backend name was provided, retrieve the suffix
if benamebase:
ents = self.conn.mappingtree.list(bename=benamebase)
if len(ents) != 1:
raise ValueError("invalid backend name: %s" % benamebase)

attr_suffix = MT_PROPNAME_TO_ATTRNAME[MT_SUFFIX]
if not ents[0].hasAttr(attr_suffix):
raise ValueError(
"invalid backend name: %s, or entry without %s" %
(benamebase, attr_suffix))

suffix = ensure_str(ents[0].getValue(attr_suffix))

backend = None
entries_backend = self.conn.backends.list()
for be in entries_backend:
be_suffix = ensure_str(be.get_attr_val_utf8_l('nsslapd-suffix')).lower()
if be_suffix == suffix.lower():
backend = be.get_attr_val_utf8_l('cn')
if backend is None:
raise ValueError("Failed to find backaned matching the suffix")

attrs = []
if vlv:
# We are indexing a VLV index/sort.
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)
cn = "index_vlv_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexVLVAttribute': attrs,
'nsInstance': backend
})
else:
if attrname is None:
#
# Reindex all attributes - gather them first...
#
cn = "index_all_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = ('cn=%s,cn=ldbm database,cn=plugins,cn=config' % backend)
try:
indexes = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, '(objectclass=nsIndex)')
for index in indexes:
attrs.append(ensure_str(index.getValue('cn')))
except ldap.LDAPError as e:
raise e
else:
#
# Reindex specific attributes
#
cn = "index_attrs_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)

dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexAttribute': attrs,
'nsInstance': backend
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the index task for %s", attrname)
return -1

exitCode = 0
if args is not None and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:809: ValueError

topology_st = <lib389.topologies.TopologyMain object at 0x7fc1024b9250>

def test_ticket47781(topology_st):
"""
Testing for a deadlock after doing an online import of an LDIF with
replication data. The replication agreement should be invalid.
"""

log.info('Testing Ticket 47781 - Testing for deadlock after importing LDIF with replication data')

master = topology_st.standalone
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.create_first_master(master)

properties = {RA_NAME: r'meTo_$host:$port',
RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
# The agreement should point to a server that does NOT exist (invalid port)
repl_agreement = master.agreement.create(suffix=DEFAULT_SUFFIX,
host=master.host,
port=5555,
properties=properties)

#
# add two entries
#
log.info('Adding two entries...')

master.add_s(Entry(('cn=entry1,dc=example,dc=com', {
'objectclass': 'top person'.split(),
'sn': 'user',
'cn': 'entry1'})))

master.add_s(Entry(('cn=entry2,dc=example,dc=com', {
'objectclass': 'top person'.split(),
'sn': 'user',
'cn': 'entry2'})))

#
# export the replication ldif
#
log.info('Exporting replication ldif...')
args = {EXPORT_REPL_INFO: True}
exportTask = Tasks(master)
exportTask.exportLDIF(DEFAULT_SUFFIX, None, "/tmp/export.ldif", args)

#
# Restart the server
#
log.info('Restarting server...')
master.stop()
master.start()

#
# Import the ldif
#
log.info('Import replication LDIF file...')
importTask = Tasks(master)
args = {TASK_WAIT: True}
> importTask.importLDIF(DEFAULT_SUFFIX, None, "/tmp/export.ldif", args)

tickets/ticket47781_test.py:85:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc101f826d0>
suffix = 'dc=example,dc=com', benamebase = None, input_file = '/tmp/export.ldif'
args = {'wait': True}

def importLDIF(self, suffix=None, benamebase=None, input_file=None,
args=None):
'''
Import from a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

'input_file' is the ldif input file

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param ldif_input - file that will contain the entries in LDIF format
to import
@param args - is a dictionary that contains modifier of the import task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return

@return None

@raise ValueError

'''
if self.conn.state != DIRSRV_STATE_ONLINE:
raise ValueError("Invalid Server State %s! Must be online" % self.conn.state)

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not input_file:
raise ValueError("input_file is mandatory")

if not os.path.exists(input_file):
> raise ValueError("Import file (%s) does not exist" % input_file)
E ValueError: Import file (/tmp/export.ldif) does not exist

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:487: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO lib389:tasks.py:584 Export task export_12282020_223045 for file /tmp/export.ldif completed successfully

topology_m1c1 = <lib389.topologies.TopologyMain object at 0x7fc1024a5220>

def test_ticket47871_2(topology_m1c1):
'''
Wait until there is just a last entries
'''
MAX_TRIES = 10
TRY_NO = 1
while TRY_NO <= MAX_TRIES:
time.sleep(6) # at least 1 trimming occurred
ents = topology_m1c1.ms["master1"].search_s(RETROCL_SUFFIX, ldap.SCOPE_ONELEVEL, "(objectclass=*)")
assert len(ents) <= MAX_OTHERS
topology_m1c1.ms["master1"].log.info("\nTry no %d it remains %d entries" % (TRY_NO, len(ents)))
for ent in ents:
topology_m1c1.ms["master1"].log.info("%s" % ent.dn)
if len(ents) > 1:
TRY_NO += 1
else:
break
> assert TRY_NO <= MAX_TRIES
E assert 11 <= 10

tickets/ticket47871_test.py:100: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47871_test.py:93 Try no 1 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 2 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 3 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 4 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 5 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 6 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 7 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 8 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 9 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 10 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog

topology_st = <lib389.topologies.TopologyMain object at 0x7fc10256f9a0>

def test_ticket47976_2(topology_st):
"""It reimports the database with a very large page size
so all the entries (user and its private group).
"""

log.info('Test complete')
mod = [(ldap.MOD_REPLACE, 'nsslapd-db-page-size', ensure_bytes(str(128 * 1024)))]
topology_st.standalone.modify_s(DN_LDBM, mod)

# Get the the full path and name for our LDIF we will be exporting
log.info('Export LDIF file...')
ldif_dir = topology_st.standalone.get_ldif_dir()
ldif_file = ldif_dir + "/export.ldif"
args = {EXPORT_REPL_INFO: False,
TASK_WAIT: True}
exportTask = Tasks(topology_st.standalone)
try:
> exportTask.exportLDIF(DEFAULT_SUFFIX, None, ldif_file, args)

tickets/ticket47976_test.py:111:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc101f20eb0>
suffix = 'dc=example,dc=com', benamebase = None
output_file = '/var/lib/dirsrv/slapd-standalone1/ldif/export.ldif'
args = {'repl-info': False, 'wait': True}

def exportLDIF(self, suffix=None, benamebase=None, output_file=None,
args=None):
'''
Export in a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raises ValueError

'output_file' is the output file of the export

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param output_file - file that will contain the exported suffix in LDIF
format
@param args - is a dictionary that contains modifier of the export task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return
repl-info: True/[False] - If True, it adds the replication meta
data (state information, tombstones
and RUV) in the exported file

@return None

@raise ValueError

'''

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not output_file:
raise ValueError("output_file is mandatory")

# Prepare the task entry
cn = "export_" + time.strftime("%m%d%Y_%H%M%S", time.localtime())
dn = "cn=%s,%s" % (cn, DN_EXPORT_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsFilename': output_file
})
if benamebase:
entry.setValues('nsInstance', benamebase)
else:
entry.setValues('nsIncludeSuffix', suffix)

if args.get(EXPORT_REPL_INFO, False):
entry.setValues('nsExportReplica', 'true')

# start the task and possibly wait for task completion
self.conn.add_s(entry)
exitCode = 0
if args and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:578: ValueError

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7fc10256f9a0>

def test_ticket47976_2(topology_st):
"""It reimports the database with a very large page size
so all the entries (user and its private group).
"""

log.info('Test complete')
mod = [(ldap.MOD_REPLACE, 'nsslapd-db-page-size', ensure_bytes(str(128 * 1024)))]
topology_st.standalone.modify_s(DN_LDBM, mod)

# Get the the full path and name for our LDIF we will be exporting
log.info('Export LDIF file...')
ldif_dir = topology_st.standalone.get_ldif_dir()
ldif_file = ldif_dir + "/export.ldif"
args = {EXPORT_REPL_INFO: False,
TASK_WAIT: True}
exportTask = Tasks(topology_st.standalone)
try:
exportTask.exportLDIF(DEFAULT_SUFFIX, None, ldif_file, args)
except ValueError:
> assert False
E assert False

tickets/ticket47976_test.py:113: AssertionError
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket47976_test:ticket47976_test.py:99 Test complete INFO tests.tickets.ticket47976_test:ticket47976_test.py:104 Export LDIF file...

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101d3f250>

def test_ticket47988_init(topology_m2):
"""
It adds
- Objectclass with MAY 'member'
- an entry ('bind_entry') with which we bind to test the 'SELFDN' operation
It deletes the anonymous aci

"""

_header(topology_m2, 'test_ticket47988_init')

# enable acl error logging
mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', ensure_bytes(str(8192)))] # REPL
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

mod = [(ldap.MOD_REPLACE, 'nsslapd-accesslog-level', ensure_bytes(str(260)))] # Internal op
topology_m2.ms["master1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["master2"].modify_s(DN_CONFIG, mod)

# add dummy entries
for cpt in range(MAX_OTHERS):
name = "%s%d" % (OTHER_NAME, cpt)
topology_m2.ms["master1"].add_s(Entry(("cn=%s,%s" % (name, SUFFIX), {
'objectclass': "top person".split(),
'sn': name,
'cn': name})))

# check that entry 0 is replicated before
loop = 0
entryDN = "cn=%s0,%s" % (OTHER_NAME, SUFFIX)
while loop <= 10:
try:
ent = topology_m2.ms["master2"].getEntry(entryDN, ldap.SCOPE_BASE, "(objectclass=*)", ['telephonenumber'])
break
except ldap.NO_SUCH_OBJECT:
time.sleep(1)
loop += 1
assert (loop <= 10)

topology_m2.ms["master1"].stop(timeout=10)
topology_m2.ms["master2"].stop(timeout=10)

# install the specific schema M1: ipa3.3, M2: ipa4.1
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa3.3.tar.gz")
_install_schema(topology_m2.ms["master1"], schema_file)
schema_file = os.path.join(topology_m2.ms["master1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa4.1.tar.gz")
_install_schema(topology_m2.ms["master2"], schema_file)

> topology_m2.ms["master1"].start(timeout=10)

/export/tests/tickets/ticket47988_test.py:157:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1081: in start
subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT)
/usr/lib64/python3.9/subprocess.py:420: in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['systemctl', 'start', 'dirsrv@master1'],)
kwargs = {'stderr': -2, 'stdout': -1}
process = <Popen: returncode: 1 args: ['systemctl', 'start', 'dirsrv@master1']>
stdout = b'Job for dirsrv@master1.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@master1.service" and "journalctl -xe" for details.\n'
stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not None:
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads. communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
> raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['systemctl', 'start', 'dirsrv@master1']' returned non-zero exit status 1.

/usr/lib64/python3.9/subprocess.py:524: CalledProcessError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for master1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'master1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for master2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'master2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining master master2 to master1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is NOT working (expect 5776b5e1-4d44-465e-8553-aa0e6b409401 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is NOT working (expect 338ff610-c220-4976-bbfc-09c836448084 / got description=5776b5e1-4d44-465e-8553-aa0e6b409401) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined master from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 INFO lib389.topologies:topologies.py:164 Ensuring master master1 to master2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring master master2 to master1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39002 to ldap://vashirov-1mt-fedora-33-3198363-2020-12-29-00-00:39001 already exists
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_init INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ################################################### INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/02common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-admin.ldif INFO lib389:ticket47988_test.py:98 replace /etc/dirsrv/slapd-master1/schema/99user.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60nss-ldap.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60autofs.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-web.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60samba.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10dna-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/05rfc4523.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60basev2.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10automember-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/05rfc2927.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10mep-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60ipadns.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/10rfc2307.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-mail.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/05rfc4524.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60trust.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60ipaconfig.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-directory.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60eduperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60mozilla.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/65ipasudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60rfc3712.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60rfc2739.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-value.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60acctpolicy.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/01core389.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60sabayon.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60pam-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/00core.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/25java-object.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60sudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/70ipaotp.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60pureftpd.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/61kerberos-ipav3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60kerberos.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60basev3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/06inetorgperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/30ns-common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/28pilot.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/20subscriber.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/50ns-certificate.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master1/schema/60posix-winsync-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/02common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-admin.ldif INFO lib389:ticket47988_test.py:98 replace /etc/dirsrv/slapd-master2/schema/99user.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60nss-ldap.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60autofs.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-web.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60samba.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10dna-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/05rfc4523.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60basev2.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10automember-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/05rfc2927.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10mep-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60ipadns.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/10rfc2307.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-mail.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/05rfc4524.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60trust.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60ipaconfig.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-directory.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60eduperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60mozilla.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/65ipasudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60rfc3712.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60rfc2739.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-value.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60acctpolicy.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/01core389.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60sabayon.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60pam-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/00core.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/25java-object.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60sudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/70ipaotp.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60pureftpd.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/61kerberos-ipav3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60kerberos.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60basev3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/06inetorgperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/30ns-common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/28pilot.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/20subscriber.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/50ns-certificate.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-master2/schema/60posix-winsync-plugin.ldif

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101d3f250>

def test_ticket47988_1(topology_m2):
'''
Check that replication is working and pause replication M2->M1
'''
_header(topology_m2, 'test_ticket47988_1')

topology_m2.ms["master1"].log.debug("\n\nCheck that replication is working and pause replication M2->M1\n")
> _do_update_entry(supplier=topology_m2.ms["master2"], consumer=topology_m2.ms["master1"], attempts=5)

/export/tests/tickets/ticket47988_test.py:234:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:184: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc101f25220>
func = <built-in method result4 of LDAP object at 0x7fc102fd61e0>
args = (26, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_1 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101d3f250>

def test_ticket47988_2(topology_m2):
'''
Update M1 schema and trigger update M1->M2
So M1 should learn new/extended definitions that are in M2 schema
'''
_header(topology_m2, 'test_ticket47988_2')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:246:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/schema.py:604: in get_schema_csn
ents = self.conn.search_s(DN_SCHEMA, ldap.SCOPE_BASE,
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:864: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:147: in inner
objtype, data = f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:756: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:760: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc101d3f580>
func = <built-in method result4 of LDAP object at 0x7fc114736de0>
args = (62, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_2 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101d3f250>

def test_ticket47988_3(topology_m2):
'''
Resume replication M2->M1 and check replication is still working
'''
_header(topology_m2, 'test_ticket47988_3')

> _resume_M2_to_M1(topology_m2)

/export/tests/tickets/ticket47988_test.py:283:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:222: in _resume_M2_to_M1
ents = topology_m2.ms["master2"].agreement.list(suffix=SUFFIX)
/usr/local/lib/python3.9/site-packages/lib389/agreement.py:904: in list
replica_entries = self.conn.replica.list(suffix)
/usr/local/lib/python3.9/site-packages/lib389/replica.py:178: in list
ents = self.conn.search_s(base, ldap.SCOPE_SUBTREE, filtr)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc101f25220>
func = <built-in method search_ext of LDAP object at 0x7fc102fd61e0>
args = ('cn=mapping tree,cn=config', 2, '(&(objectclass=nsds5Replica)(nsDS5ReplicaRoot=dc=example,dc=com))', None, 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_3 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ################################################### INFO lib389:ticket47988_test.py:221 ######################### resume RA M2->M1 ######################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101d3f250>

def test_ticket47988_4(topology_m2):
'''
Check schemaCSN is identical on both server
And save the nsschemaCSN to later check they do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_4')

> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:295:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/schema.py:604: in get_schema_csn
ents = self.conn.search_s(DN_SCHEMA, ldap.SCOPE_BASE,
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc101d3f580>
func = <built-in method search_ext of LDAP object at 0x7fc114736de0>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_4 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101d3f250>

def test_ticket47988_5(topology_m2):
'''
Check schemaCSN do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_5')

> _do_update_entry(supplier=topology_m2.ms["master1"], consumer=topology_m2.ms["master2"], attempts=5)

/export/tests/tickets/ticket47988_test.py:313:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:184: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:612: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:609: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc101d3f580>
func = <built-in method modify_ext of LDAP object at 0x7fc114736de0>
args = ('cn=other_entry0,dc=example,dc=com', [(2, 'telephonenumber', b'155')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_5 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101d3f250>

def test_ticket47988_6(topology_m2):
'''
Update M1 schema and trigger update M2->M1
So M2 should learn new/extended definitions that are in M1 schema
'''

_header(topology_m2, 'test_ticket47988_6')

topology_m2.ms["master1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> master1_schema_csn = topology_m2.ms["master1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:336:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/schema.py:604: in get_schema_csn
ents = self.conn.search_s(DN_SCHEMA, ldap.SCOPE_BASE,
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc101d3f580>
func = <built-in method search_ext of LDAP object at 0x7fc114736de0>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_6 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101f7f1f0>

def test_ticket48005_setup(topology_st):
'''
allow dump core
generate a test ldif file using dbgen.pl
import the ldif
'''
log.info("Ticket 48005 setup...")
if hasattr(topology_st.standalone, 'prefix'):
prefix = topology_st.standalone.prefix
else:
prefix = None
sysconfig_dirsrv = os.path.join(topology_st.standalone.get_initconfig_dir(), 'dirsrv')
cmdline = 'egrep "ulimit -c unlimited" %s' % sysconfig_dirsrv
p = os.popen(cmdline, "r")
ulimitc = p.readline()
if ulimitc == "":
log.info('No ulimit -c in %s' % sysconfig_dirsrv)
log.info('Adding it')
cmdline = 'echo "ulimit -c unlimited" >> %s' % sysconfig_dirsrv

sysconfig_dirsrv_systemd = sysconfig_dirsrv + ".systemd"
cmdline = 'egrep LimitCORE=infinity %s' % sysconfig_dirsrv_systemd
p = os.popen(cmdline, "r")
lcore = p.readline()
if lcore == "":
log.info('No LimitCORE in %s' % sysconfig_dirsrv_systemd)
log.info('Adding it')
cmdline = 'echo LimitCORE=infinity >> %s' % sysconfig_dirsrv_systemd

topology_st.standalone.restart(timeout=10)

ldif_file = topology_st.standalone.get_ldif_dir() + "/ticket48005.ldif"
os.system('ls %s' % ldif_file)
os.system('rm -f %s' % ldif_file)
if hasattr(topology_st.standalone, 'prefix'):
prefix = topology_st.standalone.prefix
else:
prefix = ""
dbgen_prog = prefix + '/bin/dbgen.pl'
log.info('dbgen_prog: %s' % dbgen_prog)
os.system('%s -s %s -o %s -u -n 10000' % (dbgen_prog, SUFFIX, ldif_file))
cmdline = 'egrep dn: %s | wc -l' % ldif_file
p = os.popen(cmdline, "r")
dnnumstr = p.readline()
num = int(dnnumstr)
log.info("We have %d entries.\n", num)

importTask = Tasks(topology_st.standalone)
args = {TASK_WAIT: True}
> importTask.importLDIF(SUFFIX, None, ldif_file, args)

/export/tests/tickets/ticket48005_test.py:74:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc100f80070>
suffix = 'dc=example,dc=com', benamebase = None
input_file = '/var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif'
args = {'wait': True}

def importLDIF(self, suffix=None, benamebase=None, input_file=None,
args=None):
'''
Import from a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

'input_file' is the ldif input file

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param ldif_input - file that will contain the entries in LDIF format
to import
@param args - is a dictionary that contains modifier of the import task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return

@return None

@raise ValueError

'''
if self.conn.state != DIRSRV_STATE_ONLINE:
raise ValueError("Invalid Server State %s! Must be online" % self.conn.state)

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not input_file:
raise ValueError("input_file is mandatory")

if not os.path.exists(input_file):
> raise ValueError("Import file (%s) does not exist" % input_file)
E ValueError: Import file (/var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif) does not exist

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:487: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
------------------------------Captured stderr call------------------------------
grep: /etc/sysconfig/dirsrv: No such file or directory grep: /etc/sysconfig/dirsrv.systemd: No such file or directory ls: cannot access '/var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif': No such file or directory sh: /bin/dbgen.pl: No such file or directory grep: /var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif: No such file or directory
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48005_test:ticket48005_test.py:31 Ticket 48005 setup... INFO tests.tickets.ticket48005_test:ticket48005_test.py:41 No ulimit -c in /etc/sysconfig/dirsrv INFO tests.tickets.ticket48005_test:ticket48005_test.py:42 Adding it INFO tests.tickets.ticket48005_test:ticket48005_test.py:50 No LimitCORE in /etc/sysconfig/dirsrv.systemd INFO tests.tickets.ticket48005_test:ticket48005_test.py:51 Adding it INFO tests.tickets.ticket48005_test:ticket48005_test.py:64 dbgen_prog: /bin/dbgen.pl INFO tests.tickets.ticket48005_test:ticket48005_test.py:70 We have 0 entries.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc10125ae80>

def test_ticket48013(topology_st):
'''
Content Synchonization: Test that invalid cookies are caught
'''

cookies = ('#', '##', 'a#a#a', 'a#a#1')

# Enable dynamic plugins
try:
topology_st.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'on')])
except ldap.LDAPError as e:
log.error('Failed to enable dynamic plugin! {}'.format(e.args[0]['desc']))
assert False

# Enable retro changelog
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)

# Enbale content sync plugin
> topology_st.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)

/export/tests/tickets/ticket48013_test.py:61:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/plugins.py:2105: in enable
plugin.enable()
/usr/local/lib/python3.9/site-packages/lib389/plugins.py:58: in enable
self.set('nsslapd-pluginEnabled', 'on')
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc10125aee0>
func = <built-in method result4 of LDAP object at 0x7fc102638cc0>
args = (7, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>

def test_run_1(topology_st):
"""
Check nsSSL3Ciphers: +all
All ciphers are enabled except null.
Note: default allowWeakCipher (i.e., off) for +all
"""
_header(topology_st, 'Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])
# Make sure allowWeakCipher is not set.
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'allowWeakCipher', None)])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_0' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:158:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:151 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>

def test_run_2(topology_st):
"""
Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+rsa_aes_128_sha,+rsa_aes_256_sha')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_1' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)
connectWithOpenssl(topology_st, 'AES256-SHA256', False)
> connectWithOpenssl(topology_st, 'AES128-SHA', True)

/export/tests/tickets/ticket48194_test.py:184:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>
cipher = 'AES128-SHA', expect = True

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:108: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:175 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n' INFO lib389.utils:ticket48194_test.py:86 Testing AES256-SHA256 -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES256-SHA256 INFO lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n' INFO lib389.utils:ticket48194_test.py:86 Testing AES128-SHA -- expect to handshake successfully INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES128-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>

def test_run_4(topology_st):
"""
Check no nsSSL3Ciphers
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', b'-all')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_3' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:228:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:221 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>

def test_run_5(topology_st):
"""
Check nsSSL3Ciphers: default
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_4' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:250:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:243 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>

def test_run_6(topology_st):
"""
Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256
All ciphers are disabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_5' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:274:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:267 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>

def test_run_8(topology_st):
"""
Check nsSSL3Ciphers: default + allowWeakCipher: off
Strong Default ciphers are enabled.
"""
_header(topology_st, 'Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off)')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'off')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_7' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:297:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100afec70>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off) INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:290 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101e541c0>

def reindexUidNumber(topology_st):
topology_st.standalone.log.info("\n\n +++++ reindex uidnumber +++++\n")
try:
args = {TASK_WAIT: True}
> topology_st.standalone.tasks.reindex(suffix=MYSUFFIX, attrname='uidNumber', args=args)

/export/tests/tickets/ticket48212_test.py:50:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc100f201f0>
suffix = 'dc=example,dc=com', benamebase = None, attrname = 'uidNumber'
args = {'wait': True}, vlv = False

def reindex(self, suffix=None, benamebase=None, attrname=None, args=None, vlv=False):
'''
Reindex a 'suffix' (or 'benamebase' that stores that suffix) for a
given 'attrname'. It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

:param suffix - suffix of the backend
:param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
:param attrname - attribute name
:param args - is a dictionary that contains modifier of the reindex
task
wait: True/[False] - If True, 'index' waits for the completion
of the task before to return
:param vlv - this task is to reindex a VLV index

:return None

:raise ValueError - if invalid missing benamebase and suffix or invalid
benamebase
:raise LDAPError if unable to search for index names

'''
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

# If backend name was provided, retrieve the suffix
if benamebase:
ents = self.conn.mappingtree.list(bename=benamebase)
if len(ents) != 1:
raise ValueError("invalid backend name: %s" % benamebase)

attr_suffix = MT_PROPNAME_TO_ATTRNAME[MT_SUFFIX]
if not ents[0].hasAttr(attr_suffix):
raise ValueError(
"invalid backend name: %s, or entry without %s" %
(benamebase, attr_suffix))

suffix = ensure_str(ents[0].getValue(attr_suffix))

backend = None
entries_backend = self.conn.backends.list()
for be in entries_backend:
be_suffix = ensure_str(be.get_attr_val_utf8_l('nsslapd-suffix')).lower()
if be_suffix == suffix.lower():
backend = be.get_attr_val_utf8_l('cn')
if backend is None:
raise ValueError("Failed to find backaned matching the suffix")

attrs = []
if vlv:
# We are indexing a VLV index/sort.
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)
cn = "index_vlv_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexVLVAttribute': attrs,
'nsInstance': backend
})
else:
if attrname is None:
#
# Reindex all attributes - gather them first...
#
cn = "index_all_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = ('cn=%s,cn=ldbm database,cn=plugins,cn=config' % backend)
try:
indexes = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, '(objectclass=nsIndex)')
for index in indexes:
attrs.append(ensure_str(index.getValue('cn')))
except ldap.LDAPError as e:
raise e
else:
#
# Reindex specific attributes
#
cn = "index_attrs_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)

dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexAttribute': attrs,
'nsInstance': backend
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the index task for %s", attrname)
return -1

exitCode = 0
if args is not None and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:809: ValueError

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101e541c0>

def test_ticket48212(topology_st):
"""
Import posixAccount entries.
Index uidNumber
add nsMatchingRule: integerOrderingMatch
run dbverify to see if it reports the db corruption or not
delete nsMatchingRule: integerOrderingMatch
run dbverify to see if it reports the db corruption or not
if no corruption is reported, the bug fix was verified.
"""
log.info(
'Testing Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfo thus following reindexing, as well.')

# bind as directory manager
topology_st.standalone.log.info("Bind as %s" % DN_DM)
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

data_dir_path = topology_st.standalone.getDir(__file__, DATA_DIR)
ldif_file = f"{data_dir_path}ticket48212/{_MYLDIF}"
try:
ldif_dir = topology_st.standalone.get_ldif_dir()
shutil.copy(ldif_file, ldif_dir)
ldif_file = ldif_dir + '/' + _MYLDIF
except:
log.fatal('Failed to copy ldif to instance ldif dir')
assert False

topology_st.standalone.log.info(
"\n\n######################### Import Test data (%s) ######################\n" % ldif_file)
args = {TASK_WAIT: True}
importTask = Tasks(topology_st.standalone)
importTask.importLDIF(MYSUFFIX, MYSUFFIXBE, ldif_file, args)
args = {TASK_WAIT: True}

runDbVerify(topology_st)

topology_st.standalone.log.info("\n\n######################### Add index by uidnumber ######################\n")
try:
topology_st.standalone.add_s(Entry((UIDNUMBERDN, {'objectclass': "top nsIndex".split(),
'cn': 'uidnumber',
'nsSystemIndex': 'false',
'nsIndexType': "pres eq".split()})))
except ValueError:
topology_st.standalone.log.fatal("add_s failed: %s", ValueError)

topology_st.standalone.log.info("\n\n######################### reindexing... ######################\n")
> reindexUidNumber(topology_st)

/export/tests/tickets/ticket48212_test.py:102:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc101e541c0>

def reindexUidNumber(topology_st):
topology_st.standalone.log.info("\n\n +++++ reindex uidnumber +++++\n")
try:
args = {TASK_WAIT: True}
topology_st.standalone.tasks.reindex(suffix=MYSUFFIX, attrname='uidNumber', args=args)
except:
topology_st.standalone.log.fatal("Reindexing failed")
> assert False
E assert False

/export/tests/tickets/ticket48212_test.py:53: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
------------------------------Captured stderr call------------------------------
/bin/sh: /usr/sbin/dbverify: No such file or directory
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48212_test.py:70 Bind as cn=Directory Manager INFO lib389:ticket48212_test.py:83 ######################### Import Test data (/var/lib/dirsrv/slapd-standalone1/ldif/example1k_posix.ldif) ###################### INFO lib389:tasks.py:513 Import task import_12282020_224552 for file /var/lib/dirsrv/slapd-standalone1/ldif/example1k_posix.ldif completed successfully INFO lib389:ticket48212_test.py:19 +++++ dbverify +++++ INFO lib389:ticket48212_test.py:23 Running /usr/sbin/dbverify -Z standalone1 -V INFO lib389:ticket48212_test.py:43 dbverify passed INFO lib389:ticket48212_test.py:92 ######################### Add index by uidnumber ###################### INFO lib389:ticket48212_test.py:101 ######################### reindexing... ###################### INFO lib389:ticket48212_test.py:47 +++++ reindex uidnumber +++++ CRITICAL lib389:ticket48212_test.py:52 Reindexing failed

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100fa2cd0>
user = 'uid=user1,dc=example,dc=com', passwd = 'password', times = 6

def update_passwd(topology_st, user, passwd, times):
# Set the default value
cpw = passwd
for i in range(times):
log.info(" Bind as {%s,%s}" % (user, cpw))
topology_st.standalone.simple_bind_s(user, cpw)
# Now update the value for this iter.
cpw = 'password%d' % i
try:
> topology_st.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw.encode())])

/export/tests/tickets/ticket48228_test.py:136:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('uid=user1,dc=example,dc=com', [(2, 'userpassword', b'password0')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x7fc100f7b640, file '/usr/local/lib/python3.9/site-packages/lib389/__init__.py', line 179,...mbda>', code_context=[' self._inner_hookexec = lambda hook, methods, kwargs: hook.multicall(\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x55fd4dcfb840, file '/export/tests/tickets/ticket48228_test.py', line 141, code update_pass...t=[" topology_st.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw.encode())])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc100fa2610>
dn = 'uid=user1,dc=example,dc=com'
modlist = [(2, 'userpassword', b'password0')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('uid=user1,dc=example,dc=com', [(2, 'userpassword', b'password0')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc100fa2610>
dn = 'uid=user1,dc=example,dc=com'
modlist = [(2, 'userpassword', b'password0')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (10,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc100fa2610>, msgid = 10, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
> resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
resp_ctrl_classes=resp_ctrl_classes
)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (10, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc100fa2610>, msgid = 10, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7fc101022780>, 10, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc100fa2610>
func = <built-in method result4 of LDAP object at 0x7fc101022780>
args = (10, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.INSUFFICIENT_ACCESS'>
exc_value = INSUFFICIENT_ACCESS({'msgtype': 103, 'msgid': 10, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=user1,dc=example,dc=com'.\n"})
exc_traceback = <traceback object at 0x7fc1023456c0>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/lib64/python3.9/site-packages/ldap/compat.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7fc100fa2610>
func = <built-in method result4 of LDAP object at 0x7fc101022780>
args = (10, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 10, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=user1,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100fa2cd0>

def test_ticket48228_test_global_policy(topology_st):
"""
Check global password policy
"""
log.info(' Set inhistory = 6')
set_global_pwpolicy(topology_st, 6)

log.info(' Bind as directory manager')
log.info("Bind as %s" % DN_DM)
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

log.info(' Add an entry' + USER1_DN)
try:
topology_st.standalone.add_s(
Entry((USER1_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
'sn': '1',
'cn': 'user 1',
'uid': 'user1',
'givenname': 'user',
'mail': 'user1@example.com',
'userpassword': 'password'})))
except ldap.LDAPError as e:
log.fatal('test_ticket48228: Failed to add user' + USER1_DN + ': error ' + e.message['desc'])
assert False

log.info(' Update the password of ' + USER1_DN + ' 6 times')
> update_passwd(topology_st, USER1_DN, 'password', 6)

/export/tests/tickets/ticket48228_test.py:174:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100fa2cd0>
user = 'uid=user1,dc=example,dc=com', passwd = 'password', times = 6

def update_passwd(topology_st, user, passwd, times):
# Set the default value
cpw = passwd
for i in range(times):
log.info(" Bind as {%s,%s}" % (user, cpw))
topology_st.standalone.simple_bind_s(user, cpw)
# Now update the value for this iter.
cpw = 'password%d' % i
try:
topology_st.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw.encode())])
except ldap.LDAPError as e:
log.fatal(
> 'test_ticket48228: Failed to update the password ' + cpw + ' of user ' + user + ': error ' + e.message[
'desc'])
E AttributeError: 'INSUFFICIENT_ACCESS' object has no attribute 'message'

/export/tests/tickets/ticket48228_test.py:139: AttributeError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_st = <lib389.topologies.TopologyMain object at 0x7fc100b9ecd0>

def test_ticket48234(topology_st):
"""
Test aci which contains an extensible filter.
shutdown
"""

log.info('Bind as root DN')
try:
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
except ldap.LDAPError as e:
topology_st.standalone.log.error('Root DN failed to authenticate: ' + e.args[0]['desc'])
assert False

ouname = 'outest'
username = 'admin'
passwd = 'Password'
deniedattr = 'telephonenumber'
log.info('Add aci which contains extensible filter.')
aci_text = ('(targetattr = "%s")' % (deniedattr) +
'(target = "ldap:///%s")' % (DEFAULT_SUFFIX) +
'(version 3.0;acl "admin-tel-matching-rule-outest";deny (all)' +
'(userdn = "ldap:///%s??sub?(&(cn=%s)(ou:dn:=%s))");)' % (DEFAULT_SUFFIX, username, ouname))

try:
topology_st.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', ensure_bytes(aci_text))])
except ldap.LDAPError as e:
log.error('Failed to add aci: (%s) error %s' % (aci_text, e.args[0]['desc']))
assert False

log.info('Add entries ...')
for idx in range(0, 2):
ou0 = 'OU%d' % idx
log.info('adding %s under %s...' % (ou0, DEFAULT_SUFFIX))
add_ou_entry(topology_st.standalone, ou0, DEFAULT_SUFFIX)
parent = 'ou=%s,%s' % (ou0, DEFAULT_SUFFIX)
log.info('adding %s under %s...' % (ouname, parent))
add_ou_entry(topology_st.standalone, ouname, parent)

for idx in range(0, 2):
parent = 'ou=%s,ou=OU%d,%s' % (ouname, idx, DEFAULT_SUFFIX)
log.info('adding %s under %s...' % (username, parent))
add_user_entry(topology_st.standalone, username, passwd, parent)

binddn = 'cn=%s,%s' % (username, parent)
log.info('Bind as user %s' % binddn)
try:
topology_st.standalone.simple_bind_s(binddn, passwd)
except ldap.LDAPError as e:
topology_st.standalone.log.error(bindn + ' failed to authenticate: ' + e.args[0]['desc'])
assert False

filter = '(cn=%s)' % username
try:
entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, filter, [deniedattr, 'dn'])
> assert 2 == len(entries)
E assert 2 == 0
E +2
E -0

/export/tests/tickets/ticket48234_test.py:83: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48234_test:ticket48234_test.py:35 Bind as root DN INFO tests.tickets.ticket48234_test:ticket48234_test.py:46 Add aci which contains extensible filter. INFO tests.tickets.ticket48234_test:ticket48234_test.py:58 Add entries ... INFO tests.tickets.ticket48234_test:ticket48234_test.py:61 adding OU0 under dc=example,dc=com... INFO tests.tickets.ticket48234_test:ticket48234_test.py:64 adding outest under ou=OU0,dc=example,dc=com... INFO tests.tickets.ticket48234_test:ticket48234_test.py:61 adding OU1 under dc=example,dc=com... INFO tests.tickets.ticket48234_test:ticket48234_test.py:64 adding outest under ou=OU1,dc=example,dc=com... INFO tests.tickets.ticket48234_test:ticket48234_test.py:69 adding admin under ou=outest,ou=OU0,dc=example,dc=com... INFO tests.tickets.ticket48234_test:ticket48234_test.py:69 adding admin under ou=outest,ou=OU1,dc=example,dc=com... INFO tests.tickets.ticket48234_test:ticket48234_test.py:73 Bind as user cn=admin,ou=outest,ou=OU1,dc=example,dc=com

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101cdf3d0>
entries = None

def test_ticket48266_count_csn_evaluation(topology_m2, entries):
ents = topology_m2.ms["master1"].agreement.list(suffix=SUFFIX)
assert len(ents) == 1
> first_csn = _get_first_not_replicated_csn(topology_m2)

/export/tests/tickets/ticket48266_test.py:176:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_m2 = <lib389.topologies.TopologyMain object at 0x7fc101cdf3d0>

def _get_first_not_replicated_csn(topology_m2):
name = "cn=%s2,%s" % (NEW_ACCOUNT, SUFFIX)

# read the first CSN that will not be replicated
mod = [(ldap.MOD_REPLACE, 'telephonenumber', ensure_bytes('123456'))]
topology_m2.ms["master1"].modify_s(name, mod)
msgid = topology_m2.ms["master1"].search_ext(name, ldap.SCOPE_SUBTREE, 'objectclass=*', ['nscpentrywsi'])
rtype, rdata, rmsgid = topology_m2.ms["master1"].result2(msgid)
attrs = None
for dn, raw_attrs in rdata:
topology_m2.ms["master1"].log.info("dn: %s" % dn)
if 'nscpentrywsi' in raw_attrs:
attrs = raw_attrs['nscpentrywsi']
assert attrs
for attr in attrs:
if ensure_str(attr.lower()).startswith('telephonenumber'):
break
assert attr

log.info("############# %s " % name)
# now retrieve the CSN of the operation we are looking for
csn = None
found_ops = topology_m2.ms['master1'].ds_access_log.match(".*MOD dn=\"%s\".*" % name)
assert(len(found_ops) > 0)
found_op = topology_m2.ms['master1'].ds_access_log.parse_line(found_ops[-1])
log.info(found_op)

# Now look for the related CSN
found_csns = topology_m2.ms['master1'].ds_access_log.match(".*conn=%s op=%s RESULT.*" % (found_op['conn'], found_op['op']))
assert(len(found_csns) > 0)
found_csn = topology_m2.ms['master1'].ds_access_log.parse_line(found_csns[-1])
log.info(found_csn)
> return found_csn['csn']
E KeyError: 'csn'

/export/tests/tickets/ticket48266_test.py:147: KeyError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48266_test.py:125 dn: cn=new_account2,dc=example,dc=com INFO tests.tickets.ticket48266_test:ticket48266_test.py:134 ############# cn=new_account2,dc=example,dc=com INFO tests.tickets.ticket48266_test:ticket48266_test.py:140 {'action': 'MOD', 'timestamp': '[28/Dec/2020:22:48:05.622945643 -0500]', 'conn': '1', 'op': '11', 'rem': 'dn="cn=new_account2,dc=example,dc=com"', 'datetime': datetime.datetime(2020, 12, 28, 22, 0, 0, 622945, tzinfo=tzoffset(None, -18000))} INFO tests.tickets.ticket48266_test:ticket48266_test.py:146 {'action': 'RESULT', 'timestamp': '[28/Dec/2020:22:48:05.667268406 -0500]', 'conn': '1', 'op': '11', 'rem': 'err=0 tag=103 nentries=0 wtime=0.000154091 optime=0.044333293 etime=0.044483347 csn=5feaa6f5000000010000', 'datetime': datetime.datetime(2020, 12, 28, 22, 0, 0, 667268, tzinfo=tzoffset(None, -18000))}

topology_st = <lib389.topologies.TopologyMain object at 0x7fc102288610>

def test_ticket48270_homeDirectory_indexed_cis(topology_st):
log.info("\n\nindex homeDirectory in caseIgnoreIA5Match and caseExactIA5Match")
try:
ent = topology_st.standalone.getEntry(HOMEDIRECTORY_INDEX, ldap.SCOPE_BASE)
except ldap.NO_SUCH_OBJECT:
topology_st.standalone.add_s(Entry((HOMEDIRECTORY_INDEX, {
'objectclass': "top nsIndex".split(),
'cn': HOMEDIRECTORY_CN,
'nsSystemIndex': 'false',
'nsIndexType': 'eq'})))
# log.info("attach debugger")
# time.sleep(60)

IGNORE_MR_NAME = b'caseIgnoreIA5Match'
EXACT_MR_NAME = b'caseExactIA5Match'
mod = [(ldap.MOD_REPLACE, MATCHINGRULE, (IGNORE_MR_NAME, EXACT_MR_NAME))]
topology_st.standalone.modify_s(HOMEDIRECTORY_INDEX, mod)

# topology_st.standalone.stop(timeout=10)
log.info("successfully checked that filter with exact mr , a filter with lowercase eq is failing")
# assert topology_st.standalone.db2index(bename=DEFAULT_BENAME, suffixes=None, attrs=['homeDirectory'])
# topology_st.standalone.start(timeout=10)
args = {TASK_WAIT: True}
> topology_st.standalone.tasks.reindex(suffix=SUFFIX, attrname='homeDirectory', args=args)

/export/tests/tickets/ticket48270_test.py:61:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7fc11491a670>
suffix = 'dc=example,dc=com', benamebase = None, attrname = 'homeDirectory'
args = {'wait': True}, vlv = False

def reindex(self, suffix=None, benamebase=None, attrname=None, args=None, vlv=False):
'''
Reindex a 'suffix' (or 'benamebase' that stores that suffix) for a
given 'attrname'. It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

:param suffix - suffix of the backend
:param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
:param attrname - attribute name
:param args - is a dictionary that contains modifier of the reindex
task
wait: True/[False] - If True, 'index' waits for the completion
of the task before to return
:param vlv - this task is to reindex a VLV index

:return None

:raise ValueError - if invalid missing benamebase and suffix or invalid
benamebase
:raise LDAPError if unable to search for index names

'''
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

# If backend name was provided, retrieve the suffix
if benamebase:
ents = self.conn.mappingtree.list(bename=benamebase)
if len(ents) != 1:
raise ValueError("invalid backend name: %s" % benamebase)

attr_suffix = MT_PROPNAME_TO_ATTRNAME[MT_SUFFIX]
if not ents[0].hasAttr(attr_suffix):
raise ValueError(
"invalid backend name: %s, or entry without %s" %
(benamebase, attr_suffix))

suffix = ensure_str(ents[0].getValue(attr_suffix))

backend = None
entries_backend = self.conn.backends.list()
for be in entries_backend:
be_suffix = ensure_str(be.get_attr_val_utf8_l('nsslapd-suffix')).lower()
if be_suffix == suffix.lower():
backend = be.get_attr_val_utf8_l('cn')
if backend is None:
raise ValueError("Failed to find backaned matching the suffix")

attrs = []
if vlv:
# We are indexing a VLV index/sort.
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)
cn = "index_vlv_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexVLVAttribute': attrs,
'nsInstance': backend
})
else:
if attrname is None:
#
# Reindex all attributes - gather them first...
#
cn = "index_all_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
dn = ('cn=%s,cn=ldbm database,cn=plugins,cn=config' % backend)
try:
indexes = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, '(objectclass=nsIndex)')
for index in indexes:
attrs.append(ensure_str(index.getValue('cn')))
except ldap.LDAPError as e:
raise e
else:
#
# Reindex specific attributes
#
cn = "index_attrs_%s" % (time.strftime("%m%d%Y_%H%M%S", time.localtime()))
if isinstance(attrname, (tuple, list)):
# Need to guarantee this is a list (and not a tuple)
for attr in attrname:
attrs.append(attr)
else:
attrs.append(attrname)

dn = "cn=%s,%s" % (cn, DN_INDEX_TASK)
entry = Entry(dn)
entry.update({
'objectclass': ['top', 'extensibleObject'],
'cn': cn,
'nsIndexAttribute': attrs,
'nsInstance': backend
})

# start the task and possibly wait for task completion
try:
self.conn.add_s(entry)
except ldap.ALREADY_EXISTS:
self.log.error("Fail to add the index task for %s", attrname)
return -1

exitCode = 0
if args is not None and args.get(TASK_WAIT, False):
> (done, exitCode) = self.conn.tasks.checkTask(entry, True)
E ValueError: too many values to unpack (expected 2)

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:809: ValueError
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48270_test:ticket48270_test.py:39 index homeDirectory in caseIgnoreIA5Match and caseExactIA5Match INFO tests.tickets.ticket48270_test:ticket48270_test.py:57 successfully checked that filter with exact mr , a filter with lowercase eq is failing