report.html

topo = <lib389.topologies.TopologyMain object at 0x7f3c63750700>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_any_machine(
topo, add_user, aci_of_user
):
"""User can access the data when connecting from any machine as per the ACI.

:id: 28cbc008-7ac5-11e8-934e-8c16451d917b
:customerscenario: True
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX)\
.add("aci", f'(target ="ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{FULLDNS_KEY}" and dns = "*" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, FULLDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:253:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c6412bf40>
func = <built-in method result4 of LDAP object at 0x7f3c642334e0>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7f3c63750700>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_internal_ds_network_only(
topo, add_user, aci_of_user
):
"""User can access the data when connecting from internal ICNC network only as per the ACI.

:id: 2cac2136-7ac5-11e8-8328-8c16451d917b
:customerscenario: True
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
dns_name = socket.getfqdn()
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", [f'(target = "ldap:///{DNS_OU_KEY}")(targetattr="*")'
f'(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{SUNDNS_KEY}" and '
f'(dns = "*redhat.com" or dns = "{dns_name}");)'])

# Create a new connection for this test.
conn = UserAccount(topo.standalone, SUNDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:284:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c63b6c370>
func = <built-in method result4 of LDAP object at 0x7f3c6424b570>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7f3c63750700>
add_user = None, aci_of_user = None

def test_user_can_access_the_data_when_connecting_from_some_network_only(
topo, add_user, aci_of_user
):
"""User can access the data when connecting from some network only as per the ACI.

:id: 3098512a-7ac5-11e8-af85-8c16451d917b
:customerscenario: True
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
dns_name = socket.getfqdn()
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX)\
.add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" '
f'and dns = "{dns_name}" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, NETSCAPEDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:315:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c63b17250>
func = <built-in method result4 of LDAP object at 0x7f3c6412dc90>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7f3c63750700>
add_user = None, aci_of_user = None

def test_from_an_unauthorized_network(topo, add_user, aci_of_user):
"""User cannot access the data when connecting from an unauthorized network as per the ACI.

:id: 34cf9726-7ac5-11e8-bc12-8c16451d917b
:customerscenario: True
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" and dns != "red.iplanet.com" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, NETSCAPEDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:342:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c62705250>
func = <built-in method result4 of LDAP object at 0x7f3c640ab4b0>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7f3c63750700>
add_user = None, aci_of_user = None

def test_user_cannot_access_the_data_when_connecting_from_an_unauthorized_network_2(
topo, add_user, aci_of_user):
"""User cannot access the data when connecting from an unauthorized network as per the ACI.

:id: 396bdd44-7ac5-11e8-8014-8c16451d917b
:customerscenario: True
:setup: Standalone Server
:steps:
1. Add test entry
2. Add ACI
3. User should follow ACI role
:expectedresults:
1. Entry should be added
2. Operation should succeed
3. Operation should succeed
"""
# Add ACI
Domain(topo.standalone, DEFAULT_SUFFIX).\
add("aci", f'(target = "ldap:///{DNS_OU_KEY}")'
f'(targetattr="*")(version 3.0; aci "DNS aci"; allow(all) '
f'userdn = "ldap:///{NETSCAPEDNS_KEY}" '
f'and dnsalias != "www.redhat.com" ;)')

# Create a new connection for this test.
conn = UserAccount(topo.standalone, NETSCAPEDNS_KEY).bind(PW_DM)
# Perform Operation
> OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")

suites/acl/keywords_test.py:371:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:281: in replace
self.set(key, value, action=ldap.MOD_REPLACE)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c640d3d30>
func = <built-in method result4 of LDAP object at 0x7f3c64233d80>
args = (3, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 3, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'seeAlso' attribute of entry 'ou=dns,ou=keywords,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

topo = <lib389.topologies.TopologyMain object at 0x7f3c61f2b520>

def test_custom_path(topo):
"""Test that a custom path, backup directory, is correctly used by lib389
when the server is stopped.

:id: 8659e209-ee83-477e-8183-1d2f555669ea
:setup: Standalone Instance
:steps:
1. Get the LDIF directory
2. Change the server's backup directory to the LDIF directory
3. Stop the server, and perform a backup
4. Backup was written to LDIF directory
:expectedresults:
1. Success
2. Success
3. Success
4. Success
"""

# Get LDIF dir
ldif_dir = topo.standalone.get_ldif_dir()

# Set backup directory to LDIF directory
topo.standalone.config.replace('nsslapd-bakdir', ldif_dir)

# Stop the server and take a backup
topo.standalone.stop()
topo.standalone.db2bak(None)

# Verify backup was written to LDIF directory
backups = os.listdir(ldif_dir)
> assert len(backups)
E assert 0
E + where 0 = len([])

suites/clu/dsctl_acceptance_test.py:48: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c625780a0>
set_log_file = None

@pytest.mark.ds50545
@pytest.mark.bz1739718
@pytest.mark.skipif(ds_is_older("1.4.0"), reason="Not implemented")
def test_dsconf_replication_monitor(topology_m2, set_log_file):
"""Test replication monitor that was ported from legacy tools

:id: ce48020d-7c30-41b7-8f68-144c9cd757f6
:setup: 2 MM topology
:steps:
1. Create DS instance
2. Run replication monitor with connections option
3. Run replication monitor with aliases option
4. Run replication monitor with --json option
5. Run replication monitor with .dsrc file created
6. Run replication monitor with connections option as if using dsconf CLI
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
"""

m1 = topology_m2.ms["supplier1"]
m2 = topology_m2.ms["supplier2"]

# Enable ldapi if not already done.
for inst in [topology_m2.ms["supplier1"], topology_m2.ms["supplier2"]]:
if not inst.can_autobind():
# Update ns-slapd instance
inst.config.set('nsslapd-ldapilisten', 'on')
inst.config.set('nsslapd-ldapiautobind', 'on')
inst.restart()
# Ensure that updates have been sent both ways.
replicas = Replicas(m1)
replica = replicas.get(DEFAULT_SUFFIX)
replica.test_replication([m2])
replicas = Replicas(m2)
replica = replicas.get(DEFAULT_SUFFIX)
replica.test_replication([m1])

alias_content = ['Supplier: M1 (' + m1.host + ':' + str(m1.port) + ')',
'Supplier: M2 (' + m2.host + ':' + str(m2.port) + ')']

connection_content = 'Supplier: '+ m1.host + ':' + str(m1.port)
content_list = ['Replica Root: dc=example,dc=com',
'Replica ID: 1',
'Replica Status: Available',
'Max CSN',
'Status For Agreement: "002" ('+ m2.host + ':' + str(m2.port) + ')',
'Replica Enabled: on',
'Update In Progress: FALSE',
'Last Update Start:',
'Last Update End:',
'Number Of Changes Sent:',
'Number Of Changes Skipped: None',
'Last Update Status: Error (0) Replica acquired successfully: Incremental update succeeded',
'Last Init Start:',
'Last Init End:',
'Last Init Status:',
'Reap Active: 0',
'Replication Status: In Synchronization',
'Replication Lag Time:',
'Supplier: ',
m2.host + ':' + str(m2.port),
'Replica Root: dc=example,dc=com',
'Replica ID: 2',
'Status For Agreement: "001" (' + m1.host + ':' + str(m1.port)+')']

error_list = ['consumer (Unavailable)',
'Failed to retrieve database RUV entry from consumer']

json_list = ['type',
'list',
'items',
'name',
m1.host + ':' + str(m1.port),
'data',
'"replica_id": "1"',
'"replica_root": "dc=example,dc=com"',
'"replica_status": "Available"',
'maxcsn',
'agmts_status',
'agmt-name',
'002',
'replica',
m2.host + ':' + str(m2.port),
'replica-enabled',
'update-in-progress',
'last-update-start',
'last-update-end',
'number-changes-sent',
'number-changes-skipped',
'last-update-status',
'Error (0) Replica acquired successfully: Incremental update succeeded',
'last-init-start',
'last-init-end',
'last-init-status',
'reap-active',
'replication-status',
'In Synchronization',
'replication-lag-time',
'"replica_id": "2"',
'001',
m1.host + ':' + str(m1.port)]

connections = [m1.host + ':' + str(m1.port) + ':' + DN_DM + ':' + PW_DM,
m2.host + ':' + str(m2.port) + ':' + DN_DM + ':' + PW_DM]

args = FakeArgs()
args.connections = connections
args.aliases = None
args.json = False

log.info('Run replication monitor with connections option')
get_repl_monitor_info(m1, DEFAULT_SUFFIX, log, args)
(host_m1, host_m2) = get_hostnames_from_log(m1.port, m2.port)
> check_value_in_log_and_reset(content_list, connection_content, error_list=error_list)

suites/clu/repl_monitor_test.py:211:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

content_list = ['Replica Root: dc=example,dc=com', 'Replica ID: 1', 'Replica Status: Available', 'Max CSN', 'Status For Agreement: "002" (ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002)', 'Replica Enabled: on', ...]
second_list = 'Supplier: ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001'
single_value = None
error_list = ['consumer (Unavailable)', 'Failed to retrieve database RUV entry from consumer']

def check_value_in_log_and_reset(content_list, second_list=None, single_value=None, error_list=None):
with open(LOG_FILE, 'r+') as f:
file_content = f.read()

for item in content_list:
log.info('Check that "{}" is present'.format(item))
> assert item in file_content
E AssertionError: assert 'Replica Status: Available' in 'Run replication monitor with connections option\ndsrc path: /root/.dsrc\ndsrc container path: /data/config/container....t Init Status: unavailable\nReap Active: 0\nReplication Status: In Synchronization\nReplication Lag Time: 00:00:00\n\n'

suites/clu/repl_monitor_test.py:54: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect bf475881-67a6-41d6-931f-d50ebba33dc7 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect a2ec027a-efee-4926-824d-0bc5161cab32 / got description=bf475881-67a6-41d6-931f-d50ebba33dc7) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists
-------------------------------Captured log call--------------------------------
INFO tests.suites.clu.repl_monitor_test:repl_monitor_test.py:208 Run replication monitor with connections option DEBUG tests.suites.clu.repl_monitor_test:dsrc.py:76 dsrc path: /root/.dsrc DEBUG tests.suites.clu.repl_monitor_test:dsrc.py:77 dsrc container path: /data/config/container.inf DEBUG tests.suites.clu.repl_monitor_test:dsrc.py:85 dsrc instances: [] DEBUG tests.suites.clu.repl_monitor_test:dsrc.py:212 dsrc completed with {'connections': None, 'aliases': None} INFO tests.suites.clu.repl_monitor_test:replication.py:446 Supplier: localhost.localdomain:39001 INFO tests.suites.clu.repl_monitor_test:replication.py:450 ------------------------------------- INFO tests.suites.clu.repl_monitor_test:replication.py:464 Replica Root: dc=example,dc=com INFO tests.suites.clu.repl_monitor_test:replication.py:465 Replica ID: 1 INFO tests.suites.clu.repl_monitor_test:replication.py:466 Replica Status: Online INFO tests.suites.clu.repl_monitor_test:replication.py:467 Max CSN: 60837792000000010000 INFO tests.suites.clu.repl_monitor_test:replication.py:470 Status For Agreement: "002" (ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002) Replica Enabled: on Update In Progress: FALSE Last Update Start: 20210424014244Z Last Update End: 20210424014244Z Number Of Changes Sent: 1:2/0 Number Of Changes Skipped: None Last Update Status: Error (0) Replica acquired successfully: Incremental update succeeded Last Init Start: 19700101000000Z Last Init End: 19700101000000Z Last Init Status: unavailable Reap Active: 0 Replication Status: In Synchronization Replication Lag Time: 00:00:00 INFO tests.suites.clu.repl_monitor_test:replication.py:446 Supplier: ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO tests.suites.clu.repl_monitor_test:replication.py:450 ----------------------------------------------------------------- INFO tests.suites.clu.repl_monitor_test:replication.py:464 Replica Root: dc=example,dc=com INFO tests.suites.clu.repl_monitor_test:replication.py:465 Replica ID: 2 INFO tests.suites.clu.repl_monitor_test:replication.py:466 Replica Status: Online INFO tests.suites.clu.repl_monitor_test:replication.py:467 Max CSN: 60837794000000020000 INFO tests.suites.clu.repl_monitor_test:replication.py:470 Status For Agreement: "001" (ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001) Replica Enabled: on Update In Progress: TRUE Last Update Start: 20210424014244Z Last Update End: 19700101000000Z Number Of Changes Sent: 2:2/0 Number Of Changes Skipped: None Last Update Status: Error (0) Replica acquired successfully: Incremental update started Last Init Start: 19700101000000Z Last Init End: 19700101000000Z Last Init Status: unavailable Reap Active: 0 Replication Status: In Synchronization Replication Lag Time: 00:00:00 INFO tests.suites.clu.repl_monitor_test:repl_monitor_test.py:53 Check that "Replica Root: dc=example,dc=com" is present INFO tests.suites.clu.repl_monitor_test:repl_monitor_test.py:53 Check that "Replica ID: 1" is present INFO tests.suites.clu.repl_monitor_test:repl_monitor_test.py:53 Check that "Replica Status: Available" is present
-----------------------------Captured log teardown------------------------------
INFO tests.suites.clu.repl_monitor_test:repl_monitor_test.py:38 Delete files

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c625a1d90>

def test_acceptance(topology_m2):
"""Exercise each plugin and its main features, while
changing the configuration without restarting the server.

:id: 96136538-0151-4b09-9933-0e0cbf2c786c
:setup: 2 Supplier Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Go through all plugin basic functionality
5. Resume replication
6. Go through all plugin basic functionality again
7. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""

m1 = topology_m2.ms["supplier1"]
msg = ' (no replication)'
replication_run = False

# First part of the test should be without replication
topology_m2.pause_all_replicas()

# First enable dynamic plugins
m1.config.replace('nsslapd-dynamic-plugins', 'on')

# Test that critical plugins can be updated even though the change might not be applied
ldbm_config = LDBMConfig(m1)
ldbm_config.replace('description', 'test')

while True:
# First run the tests with replication disabled, then rerun them with replication set up

############################################################################
# Test plugin functionality
############################################################################

log.info('####################################################################')
log.info('Testing Dynamic Plugins Functionality' + msg + '...')
log.info('####################################################################\n')

> acceptance_test.check_all_plugins(topology_m2)

suites/dynamic_plugins/dynamic_plugins_test.py:121:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/plugins/acceptance_test.py:1807: in check_all_plugins
func(topo, args)
suites/plugins/acceptance_test.py:477: in test_automember
task = plugin.fixup(branch2.dn, _filter='objectclass=top')
/usr/local/lib/python3.9/site-packages/lib389/plugins.py:1087: in fixup
task.create(properties=task_properties)
/usr/local/lib/python3.9/site-packages/lib389/tasks.py:118: in create
return super(Task, self).create(rdn, properties, basedn)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:972: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:947: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:169: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:425: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c63a208b0>
func = <built-in method result4 of LDAP object at 0x7f3c64123e40>
args = (133, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect ef7b5950-753f-4f28-b28d-992948c5f8d7 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect 79b9f45c-7227-467c-a6cf-9177ebef79dc / got description=ef7b5950-753f-4f28-b28d-992948c5f8d7) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c625a1d90>

def test_memory_corruption(topology_m2):
"""Check the plugins for memory corruption issues while
dynamic plugins option is enabled

:id: 96136538-0151-4b09-9933-0e0cbf2c7862
:setup: 2 Supplier Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Restart the plugin many times in a linked list fashion
restarting previous and preprevious plugins in the list of all plugins
5. Run the functional test
6. Repeat 4 and 5 steps for all plugins
7. Resume replication
8. Go through 4-6 steps once more
9. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
"""


m1 = topology_m2.ms["supplier1"]
msg = ' (no replication)'
replication_run = False

# First part of the test should be without replication
> topology_m2.pause_all_replicas()

suites/dynamic_plugins/dynamic_plugins_test.py:179:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/topologies.py:219: in pause_all_replicas
replica = replicas.get(DEFAULT_SUFFIX)
/usr/local/lib/python3.9/site-packages/lib389/replica.py:1765: in get
replica = super(Replicas, self).get(selector, dn)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1146: in get
results = self._get_selector(selector)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1177: in _get_selector
return self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c63a208b0>
func = <built-in method search_ext of LDAP object at 0x7f3c64123e40>
args = ('cn=mapping tree,cn=config', 2, '(&(&(objectclass=nsds5Replica))(|(nsDS5ReplicaRoot=dc=example,dc=com)))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c625a1d90>

@pytest.mark.tier2
def test_stress(topology_m2):
"""Test plugins while under a big load. Perform the test 5 times

:id: 96136538-0151-4b09-9933-0e0cbf2c7863
:setup: 2 Supplier Instances
:steps:
1. Pause all replication
2. Set nsslapd-dynamic-plugins to on
3. Try to update LDBM config entry
4. Do one run through all tests
5. Enable Referential integrity and MemberOf plugins
6. Launch three new threads to add a bunch of users
7. While we are adding users restart the MemberOf and
Linked Attributes plugins many times
8. Wait for the 'adding' threads to complete
9. Now launch three threads to delete the users
10. Restart both the MemberOf, Referential integrity and
Linked Attributes plugins during these deletes
11. Wait for the 'deleting' threads to complete
12. Now make sure both the MemberOf and Referential integrity plugins still work correctly
13. Cleanup the stress tests (delete the group entry)
14. Perform 4-13 steps five times
15. Resume replication
16. Go through 4-14 steps once more
17. Check that data in sync and replication is working
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Success
15. Success
16. Success
17. Success
"""

m1 = topology_m2.ms["supplier1"]
msg = ' (no replication)'
replication_run = False
stress_max_runs = 5

# First part of the test should be without replication
> topology_m2.pause_all_replicas()

suites/dynamic_plugins/dynamic_plugins_test.py:297:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/topologies.py:219: in pause_all_replicas
replica = replicas.get(DEFAULT_SUFFIX)
/usr/local/lib/python3.9/site-packages/lib389/replica.py:1765: in get
replica = super(Replicas, self).get(selector, dn)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1146: in get
results = self._get_selector(selector)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1177: in _get_selector
return self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c63a208b0>
func = <built-in method search_ext of LDAP object at 0x7f3c64123e40>
args = ('cn=mapping tree,cn=config', 2, '(&(&(objectclass=nsds5Replica))(|(nsDS5ReplicaRoot=dc=example,dc=com)))', ['dn'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN

topology_st_gssapi = <lib389.topologies.TopologyMain object at 0x7f3c63d768e0>
testuser = <lib389.idm.user.UserAccount object at 0x7f3c63d763a0>

@gssapi_ack
def test_gssapi_bind(topology_st_gssapi, testuser):
"""Test that we can bind with GSSAPI

:id: 894a4c27-3d4c-4ba3-aa33-2910032e3783

:setup: standalone gssapi instance

:steps:
1. Bind with sasl/gssapi
:expectedresults:
1. Bind succeeds

"""
> conn = testuser.bind_gssapi()

suites/gssapi/simple_gssapi_test.py:53:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/idm/account.py:258: in bind_gssapi
inst_clone.open(saslmethod='gssapi')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:991: in open
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:476: in sasl_interactive_bind_s
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c620cc460>
func = <built-in method sasl_interactive_bind_s of LDAP object at 0x7f3c63dae150>
args = ('', <ldap.sasl.gssapi object at 0x7f3c63a27370>, None, None, 2)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INVALID_CREDENTIALS
-----------------------------Captured stdout setup------------------------------
Kerberos primary password: 8R34NptBbDMCNY9nY4jUuqxhpo5Hdf.YVgZWYJDUqsZ3Q3yYpCcYlB.OW9L08Gync Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'HOSTED.UPSHIFT.RDU2.REDHAT.COM', master key name 'K/M@HOSTED.UPSHIFT.RDU2.REDHAT.COM' Authenticating as principal root/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM with password. Principal "ldap/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM" created. Authenticating as principal root/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM with password. K/M@HOSTED.UPSHIFT.RDU2.REDHAT.COM kadmin/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM kadmin/changepw@HOSTED.UPSHIFT.RDU2.REDHAT.COM kadmin/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM kiprop/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM krbtgt/HOSTED.UPSHIFT.RDU2.REDHAT.COM@HOSTED.UPSHIFT.RDU2.REDHAT.COM ldap/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM Authenticating as principal root/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM with password. Entry for principal ldap/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal ldap/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Authenticating as principal root/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM with password. Principal "testuser@HOSTED.UPSHIFT.RDU2.REDHAT.COM" created. Authenticating as principal root/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM with password. K/M@HOSTED.UPSHIFT.RDU2.REDHAT.COM kadmin/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM kadmin/changepw@HOSTED.UPSHIFT.RDU2.REDHAT.COM kadmin/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM kiprop/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM krbtgt/HOSTED.UPSHIFT.RDU2.REDHAT.COM@HOSTED.UPSHIFT.RDU2.REDHAT.COM ldap/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM testuser@HOSTED.UPSHIFT.RDU2.REDHAT.COM Authenticating as principal root/admin@HOSTED.UPSHIFT.RDU2.REDHAT.COM with password. Entry for principal testuser@HOSTED.UPSHIFT.RDU2.REDHAT.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/testuser.keytab. Entry for principal testuser@HOSTED.UPSHIFT.RDU2.REDHAT.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/testuser.keytab.
-----------------------------Captured stderr setup------------------------------
No policy specified for ldap/ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com@HOSTED.UPSHIFT.RDU2.REDHAT.COM; defaulting to no policy No policy specified for testuser@HOSTED.UPSHIFT.RDU2.REDHAT.COM; defaulting to no policy
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_st_gssapi = <lib389.topologies.TopologyMain object at 0x7f3c63d768e0>
testuser = <lib389.idm.user.UserAccount object at 0x7f3c63d763a0>

@gssapi_ack
def test_support_mech(topology_st_gssapi, testuser):
"""Test allowed sasl mechs works when GSSAPI is allowed

:id: 6ec80aca-00c4-4141-b96b-3ae8837fc751

:setup: standalone gssapi instance

:steps:
1. Add GSSAPI to allowed sasl mechanisms.
2. Attempt to bind
:expectedresults:
1. The allowed mechs are changed.
2. The bind succeeds.
"""
topology_st_gssapi.standalone.config.set('nsslapd-allowed-sasl-mechanisms', 'GSSAPI EXTERNAL ANONYMOUS')
> conn = testuser.bind_gssapi()

suites/gssapi/simple_gssapi_test.py:125:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/idm/account.py:258: in bind_gssapi
inst_clone.open(saslmethod='gssapi')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:991: in open
self.sasl_interactive_bind_s("", sasl_auth, escapehatch='i am sure')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:476: in sasl_interactive_bind_s
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c63c4e220>
func = <built-in method sasl_interactive_bind_s of LDAP object at 0x7f3c622f2540>
args = ('', <ldap.sasl.gssapi object at 0x7f3c622f2730>, None, None, 2)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INVALID_CREDENTIALS: {'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INVALID_CREDENTIALS

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c62334f70>

@pytest.mark.ds50873
@pytest.mark.bz1685160
@pytest.mark.xfail(ds_is_older("1.4.1"), reason="Not implemented")
def test_healthcheck_certif_expiring_within_30d(topology_st):
"""Check if HealthCheck returns DSCERTLE0001 code

:id: c2165032-88ba-4978-a4ca-2fecfd8c35d8
:setup: Standalone instance
:steps:
1. Create DS instance
2. Use libfaketime to tell the process the date is within 30 days before certificate expiration
3. Use HealthCheck without --json option
4. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Healthcheck reports DSCERTLE0001 code and related details
4. Healthcheck reports DSCERTLE0001 code and related details
"""

RET_CODE = 'DSCERTLE0001'

standalone = topology_st.standalone

standalone.enable_tls()

# Cert is valid two years from today, so we count the date that is within 30 days before certificate expiration
date_future = datetime.now() + timedelta(days=701)

with libfaketime.fake_time(date_future):
time.sleep(1)
> run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=False)

suites/healthcheck/health_security_test.py:304:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology = <lib389.topologies.TopologyMain object at 0x7f3c62334f70>
instance = <lib389.DirSrv object at 0x7f3c61e22550>
searched_code = 'DSCERTLE0001', json = False, searched_code2 = None

def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searched_code2=None):
args = FakeArgs()
args.instance = instance.serverid
args.verbose = instance.verbose
args.list_errors = False
args.list_checks = False
args.check = ['config', 'encryption', 'tls', 'fschecks']
args.dry_run = False

if json:
log.info('Use healthcheck with --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
assert topology.logcap.contains(searched_code)
log.info('Healthcheck returned searched code: %s' % searched_code)

if searched_code2 is not None:
assert topology.logcap.contains(searched_code2)
log.info('Healthcheck returned searched code: %s' % searched_code2)
else:
log.info('Use healthcheck without --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
> assert topology.logcap.contains(searched_code)
E AssertionError: assert False
E + where False = <bound method LogCapture.contains of <LogCapture (NOTSET)>>('DSCERTLE0001')
E + where <bound method LogCapture.contains of <LogCapture (NOTSET)>> = <LogCapture (NOTSET)>.contains
E + where <LogCapture (NOTSET)> = <lib389.topologies.TopologyMain object at 0x7f3c62334f70>.logcap

suites/healthcheck/health_security_test.py:67: AssertionError
-------------------------------Captured log call--------------------------------
INFO LogCapture:health.py:94 Beginning lint report, this could take a while ... INFO LogCapture:health.py:99 Checking config:hr_timestamp ... INFO LogCapture:health.py:99 Checking config:passwordscheme ... INFO LogCapture:health.py:99 Checking encryption:check_tls_version ... INFO LogCapture:health.py:99 Checking tls:certificate_expiration ... INFO LogCapture:health.py:99 Checking fschecks:file_perms ... INFO LogCapture:health.py:106 Healthcheck complete. INFO LogCapture:health.py:111 No issues found.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c62334f70>

@pytest.mark.ds50873
@pytest.mark.bz1685160
@pytest.mark.xfail(ds_is_older("1.4.1"), reason="Not implemented")
def test_healthcheck_certif_expired(topology_st):
"""Check if HealthCheck returns DSCERTLE0002 code

:id: ceff2c22-62c0-4fd9-b737-930a88458d68
:setup: Standalone instance
:steps:
1. Create DS instance
2. Use libfaketime to tell the process the date is after certificate expiration
3. Use HealthCheck without --json option
4. Use HealthCheck with --json option
:expectedresults:
1. Success
2. Success
3. Healthcheck reports DSCERTLE0002 code and related details
4. Healthcheck reports DSCERTLE0002 code and related details
"""

RET_CODE = 'DSCERTLE0002'

standalone = topology_st.standalone

standalone.enable_tls()

# Cert is valid two years from today, so we count the date that is after expiration
date_future = datetime.now() + timedelta(days=731)

with libfaketime.fake_time(date_future):
time.sleep(1)
> run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=False)

suites/healthcheck/health_security_test.py:343:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology = <lib389.topologies.TopologyMain object at 0x7f3c62334f70>
instance = <lib389.DirSrv object at 0x7f3c61e22550>
searched_code = 'DSCERTLE0002', json = False, searched_code2 = None

def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searched_code2=None):
args = FakeArgs()
args.instance = instance.serverid
args.verbose = instance.verbose
args.list_errors = False
args.list_checks = False
args.check = ['config', 'encryption', 'tls', 'fschecks']
args.dry_run = False

if json:
log.info('Use healthcheck with --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
assert topology.logcap.contains(searched_code)
log.info('Healthcheck returned searched code: %s' % searched_code)

if searched_code2 is not None:
assert topology.logcap.contains(searched_code2)
log.info('Healthcheck returned searched code: %s' % searched_code2)
else:
log.info('Use healthcheck without --json option')
args.json = json
health_check_run(instance, topology.logcap.log, args)
> assert topology.logcap.contains(searched_code)
E AssertionError: assert False
E + where False = <bound method LogCapture.contains of <LogCapture (NOTSET)>>('DSCERTLE0002')
E + where <bound method LogCapture.contains of <LogCapture (NOTSET)>> = <LogCapture (NOTSET)>.contains
E + where <LogCapture (NOTSET)> = <lib389.topologies.TopologyMain object at 0x7f3c62334f70>.logcap

suites/healthcheck/health_security_test.py:67: AssertionError
-------------------------------Captured log call--------------------------------
INFO LogCapture:health.py:94 Beginning lint report, this could take a while ... INFO LogCapture:health.py:99 Checking config:hr_timestamp ... INFO LogCapture:health.py:99 Checking config:passwordscheme ... INFO LogCapture:health.py:99 Checking encryption:check_tls_version ... INFO LogCapture:health.py:99 Checking tls:certificate_expiration ... INFO LogCapture:health.py:99 Checking fschecks:file_perms ... INFO LogCapture:health.py:106 Healthcheck complete. INFO LogCapture:health.py:119 2 Issues found! Generating report ... INFO LogCapture:health.py:45 [1] DS Lint Error: DSCERTLE0001 INFO LogCapture:health.py:46 -------------------------------------------------------------------------------- INFO LogCapture:health.py:47 Severity: MEDIUM INFO LogCapture:health.py:49 Check: tls:certificate_expiration INFO LogCapture:health.py:50 Affects: INFO LogCapture:health.py:52 -- Expiring Certificate INFO LogCapture:health.py:53 Details: INFO LogCapture:health.py:54 ----------- INFO LogCapture:health.py:55 The certificate (Self-Signed-CA) will expire in less than 30 days INFO LogCapture:health.py:56 Resolution: INFO LogCapture:health.py:57 ----------- INFO LogCapture:health.py:58 Renew the certificate before it expires to prevent disruptions with TLS connections. INFO LogCapture:health.py:45 [2] DS Lint Error: DSCERTLE0001 INFO LogCapture:health.py:46 -------------------------------------------------------------------------------- INFO LogCapture:health.py:47 Severity: MEDIUM INFO LogCapture:health.py:49 Check: tls:certificate_expiration INFO LogCapture:health.py:50 Affects: INFO LogCapture:health.py:52 -- Expiring Certificate INFO LogCapture:health.py:53 Details: INFO LogCapture:health.py:54 ----------- INFO LogCapture:health.py:55 The certificate (Server-Cert) will expire in less than 30 days INFO LogCapture:health.py:56 Resolution: INFO LogCapture:health.py:57 ----------- INFO LogCapture:health.py:58 Renew the certificate before it expires to prevent disruptions with TLS connections. INFO LogCapture:health.py:124 ===== End Of Report (2 Issues found) =====

topo = <lib389.topologies.TopologyMain object at 0x7f3c623a1850>

@pytest.mark.skipif(ds_is_older("1.4.4.4"), reason="Not implemented")
def test_reindex_task_creates_abandoned_index_file(topo):
"""
Recreating an index for the same attribute but changing
the case of for example 1 letter, results in abandoned indexfile

:id: 07ae5274-481a-4fa8-8074-e0de50d89ac6
:customerscenario: True
:setup: Standalone instance
:steps:
1. Create a user object with additional attributes:
objectClass: mozillaabpersonalpha
mozillaCustom1: xyz
2. Add an index entry mozillacustom1
3. Reindex the backend
4. Check the content of the index (after it has been flushed to disk) mozillacustom1.db
5. Remove the index
6. Notice the mozillacustom1.db is removed
7. Recreate the index but now use the exact case as mentioned in the schema
8. Reindex the backend
9. Check the content of the index (after it has been flushed to disk) mozillaCustom1.db
10. Check that an ldapsearch does not return a result (mozillacustom1=xyz)
11. Check that an ldapsearch returns the results (mozillaCustom1=xyz)
12. Restart the instance
13. Notice that an ldapsearch does not return a result(mozillacustom1=xyz)
14. Check that an ldapsearch does not return a result (mozillacustom1=xyz)
15. Check that an ldapsearch returns the results (mozillaCustom1=xyz)
16. Reindex the backend
17. Notice the second indexfile for this attribute
18. Check the content of the index (after it has been flushed to disk) no mozillacustom1.db
19. Check the content of the index (after it has been flushed to disk) mozillaCustom1.db
:expectedresults:
1. Should Success.
2. Should Success.
3. Should Success.
4. Should Success.
5. Should Success.
6. Should Success.
7. Should Success.
8. Should Success.
9. Should Success.
10. Should Success.
11. Should Success.
12. Should Success.
13. Should Success.
14. Should Success.
15. Should Success.
16. Should Success.
17. Should Success.
18. Should Success.
19. Should Success.
"""

inst = topo.standalone
attr_name = "mozillaCustom1"
attr_value = "xyz"

users = UserAccounts(inst, DEFAULT_SUFFIX)
user = users.create_test_user()
user.add("objectClass", "mozillaabpersonalpha")
user.add(attr_name, attr_value)

backends = Backends(inst)
backend = backends.get(DEFAULT_BENAME)
indexes = backend.get_indexes()
index = indexes.create(properties={
'cn': attr_name.lower(),
'nsSystemIndex': 'false',
'nsIndexType': ['eq', 'pres']
})

backend.reindex()
time.sleep(3)
> assert os.path.exists(f"{inst.ds_paths.db_home_dir}/{DEFAULT_BENAME}/{attr_name.lower()}.db")
E AssertionError: assert False
E + where False = <function exists at 0x7f3c67492160>('/var/lib/dirsrv/slapd-standalone1/db/userRoot/mozillacustom1.db')
E + where <function exists at 0x7f3c67492160> = <module 'posixpath' from '/usr/lib64/python3.9/posixpath.py'>.exists
E + where <module 'posixpath' from '/usr/lib64/python3.9/posixpath.py'> = os.path

suites/indexes/regression_test.py:157: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO lib389:tasks.py:825 Index task index_all_04232021_224053 completed successfully

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c61f9d160>
create_user = <lib389.idm.user.UserAccount object at 0x7f3c61d2c4c0>
aci_subject = 'dns = "localhost.localdomain"'

@pytest.mark.parametrize('aci_subject',
('dns = "{}"'.format(HOSTNAME),
'ip = "{}"'.format(IP_ADDRESS)),
ids=['fqdn','ip'])
def test_search_dns_ip_aci(topology_st, create_user, aci_subject):
"""Verify that after performing multiple simple paged searches
to completion on the suffix with DNS or IP based ACI

:id: bbfddc46-a8c8-49ae-8c90-7265d05b22a9
:customerscenario: True
:parametrized: yes
:setup: Standalone instance, test user for binding,
varying number of users for the search base
:steps:
1. Back up and remove all previous ACI from suffix
2. Add an anonymous ACI for DNS check
3. Bind as test user
4. Search through added users with a simple paged control
5. Perform steps 4 three times in a row
6. Return ACI to the initial state
7. Go through all steps once again, but use IP subject dn
instead of DNS
:expectedresults:
1. Operation should be successful
2. Anonymous ACI should be successfully added
3. Bind should be successful
4. No error happens, all users should be found and sorted
5. Results should remain the same
6. ACI should be successfully returned
7. Results should be the same with ACI with IP subject dn
"""

users_num = 100
page_size = 5
users_list = add_users(topology_st, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']

try:
log.info('Back up current suffix ACI')
acis_bck = topology_st.standalone.aci.list(DEFAULT_SUFFIX, ldap.SCOPE_BASE)

log.info('Add test ACI')
ACI_TARGET = '(targetattr != "userPassword")'
ACI_ALLOW = '(version 3.0;acl "Anonymous access within domain"; allow (read,compare,search)'
ACI_SUBJECT = '(userdn = "ldap:///anyone") and (%s);)' % aci_subject
ACI_BODY = ensure_bytes(ACI_TARGET + ACI_ALLOW + ACI_SUBJECT)
topology_st.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_REPLACE, 'aci', ACI_BODY)])
log.info('Set user bind')
conn = create_user.bind(TEST_USER_PWD, uri=f'ldap://{IP_ADDRESS}:{topology_st.standalone.port}')

log.info('Create simple paged results control instance')
req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]

log.info('Initiate three searches with a paged results control')
for ii in range(3):
log.info('%d search' % (ii + 1))
all_results = paged_search(conn, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
log.info('%d results' % len(all_results))
> assert len(all_results) == len(users_list)
E assert 0 == 100
E +0
E -100

suites/paged_results/paged_results_test.py:575: AssertionError
-------------------------------Captured log call--------------------------------
INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:133 Adding 100 users INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:553 Back up current suffix ACI INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:556 Add test ACI INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:562 Set user bind INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:565 Create simple paged results control instance INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:569 Initiate three searches with a paged results control INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:571 1 search INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:191 Running simple paged result search with - search suffix: dc=example,dc=com; filter: (uid=test*); attr list ['dn', 'sn']; page_size = 5; controls: [<ldap.controls.libldap.SimplePagedResultsControl object at 0x7f3c62254040>]. INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:199 Getting page 0 INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:574 0 results INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:579 Restore ACI INFO tests.suites.paged_results.paged_results_test:paged_results_test.py:155 Deleting 100 users

topo_supplier = <lib389.topologies.TopologyMain object at 0x7f3c64ea4850>

@pytest.mark.ds49789
def test_unhashed_pw_switch(topo_supplier):
"""Check that nsslapd-unhashed-pw-switch works corrently

:id: e5aba180-d174-424d-92b0-14fe7bb0b92a
:setup: Supplier Instance
:steps:
1. A Supplier is created, enable retrocl (not used here)
2. Create a set of users
3. update userpassword of user1 and check that unhashed#user#password is not logged (default)
4. udpate userpassword of user2 and check that unhashed#user#password is not logged ('nolog')
5. udpate userpassword of user3 and check that unhashed#user#password is logged ('on')
:expectedresults:
1. Success
2. Success
3. Success (unhashed#user#password is not logged in the replication changelog)
4. Success (unhashed#user#password is not logged in the replication changelog)
5. Success (unhashed#user#password is logged in the replication changelog)
"""
MAX_USERS = 10
PEOPLE_DN = ("ou=people," + DEFAULT_SUFFIX)

inst = topo_supplier.ms["supplier1"]
inst.modify_s("cn=Retro Changelog Plugin,cn=plugins,cn=config",
[(ldap.MOD_REPLACE, 'nsslapd-changelogmaxage', b'2m'),
(ldap.MOD_REPLACE, 'nsslapd-changelog-trim-interval', b"5s"),
(ldap.MOD_REPLACE, 'nsslapd-logAccess', b'on')])
inst.config.loglevel(vals=[256 + 4], service='access')
inst.restart()
# If you need any test suite initialization,
# please, write additional fixture for that (including finalizer).
# Topology for suites are predefined in lib389/topologies.py.

# enable dynamic plugins, memberof and retro cl plugin
#
log.info('Enable plugins...')
try:
inst.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.message['desc'])
assert False

#topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
inst.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
#topology_st.standalone.modify_s("cn=changelog,cn=ldbm database,cn=plugins,cn=config", [(ldap.MOD_REPLACE, 'nsslapd-cachememsize', str(100000))])
inst.restart()

log.info('create users and group...')
for idx in range(1, MAX_USERS):
try:
USER_DN = ("uid=member%d,%s" % (idx, PEOPLE_DN))
inst.add_s(Entry((USER_DN,
{'objectclass': 'top extensibleObject'.split(),
'uid': 'member%d' % (idx)})))
except ldap.LDAPError as e:
log.fatal('Failed to add user (%s): error %s' % (USER_DN, e.message['desc']))
assert False

# Check default is that unhashed#user#password is not logged on 1.4.1.6+
user = "uid=member1,%s" % (PEOPLE_DN)
inst.modify_s(user, [(ldap.MOD_REPLACE,
'userpassword',
PASSWORD.encode())])
inst.stop()
if ds_is_newer('1.4.1.6'):
> _check_unhashed_userpw(inst, user, is_present=False)

suites/password/regression_test.py:288:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/password/regression_test.py:48: in _check_unhashed_userpw
dbscanOut = inst.dbscan(DEFAULT_BENAME, 'replication_changelog')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:3015: in dbscan
output = subprocess.check_output(cmd)
/usr/lib64/python3.9/subprocess.py:424: in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-supplier1/db/userRoot/replication_changelog.db4'],)
kwargs = {'stdout': -1}
process = <Popen: returncode: -6 args: ['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slap...>
stdout = b'', stderr = None, retcode = -6

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not None:
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads. communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
> raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-supplier1/db/userRoot/replication_changelog.db4']' died with <Signals.SIGABRT: 6>.

/usr/lib64/python3.9/subprocess.py:528: CalledProcessError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology.
------------------------------Captured stderr call------------------------------
free(): double free detected in tcache 2
-------------------------------Captured log call--------------------------------
INFO tests.suites.password.regression_test:regression_test.py:255 Enable plugins... INFO tests.suites.password.regression_test:regression_test.py:270 create users and group... INFO lib389:__init__.py:3014 Running script: ['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-supplier1/db/userRoot/replication_changelog.db4']
-----------------------------Captured log teardown------------------------------
INFO tests.suites.password.regression_test:regression_test.py:108 Deleting user-uid=UIDpwtest1,ou=People,dc=example,dc=com INFO tests.suites.password.regression_test:regression_test.py:83 Reset pwpolicy configuration settings

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c639bef70>

def test_entryusn_after_repl_delete(topology_m2):
"""Verify that entryUSN is incremented on 1 after delete operation which creates a tombstone

:id: 1704cf65-41bc-4347-bdaf-20fc2431b218
:setup: An instance with replication, Users, USN enabled
:steps:
1. Try to delete a user
2. Check the tombstone has the incremented USN
3. Try to delete ou=People with users
4. Check the entry has a not incremented entryUSN
:expectedresults:
1. Success
2. Success
3. Should fail with Not Allowed On Non-leaf error
4. Success
"""

inst = topology_m2.ms["supplier1"]
plugin = USNPlugin(inst)
plugin.enable()
inst.restart()
users = UserAccounts(inst, DEFAULT_SUFFIX)

try:
user_1 = users.create_test_user()
user_rdn = user_1.rdn
tombstones = Tombstones(inst, DEFAULT_SUFFIX)

user_1.replace('description', 'update_ts')
user_usn = user_1.get_attr_val_int('entryusn')

user_1.delete()
time.sleep(1) # Gives a little time for tombstone creation to complete

ts = tombstones.get(user_rdn)
ts_usn = ts.get_attr_val_int('entryusn')

> assert (user_usn + 1) == ts_usn
E assert 2 == 3
E +2
E -3

suites/plugins/entryusn_test.py:221: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect 4beba940-c15c-4c47-adc7-a90ca7b36714 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect 2223c4a3-89f1-4e4d-9ca9-71348b3513e2 / got description=4beba940-c15c-4c47-adc7-a90ca7b36714) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists

topo = <lib389.topologies.TopologyMain object at 0x7f3c61d29430>
_create_inital = None

def test_mentry01(topo, _create_inital):
"""Test Managed Entries basic functionality

:id: 9b87493b-0493-46f9-8364-6099d0e5d806
:setup: Standalone Instance
:steps:
1. Check the plug-in status
2. Add Template and definition entry
3. Add our org units
4. Add users with PosixAccount ObjectClass and verify creation of User Private Group
5. Disable the plug-in and check the status
6. Enable the plug-in and check the status the plug-in is disabled and creation of UPG should fail
7. Add users with PosixAccount ObjectClass and verify creation of User Private Group
8. Add users, run ModRDN operation and check the User Private group
9. Add users, run LDAPMODIFY to change the gidNumber and check the User Private group
10. Checking whether creation of User Private group fails for existing group entry
11. Checking whether adding of posixAccount objectClass to existing user creates UPG
12. Running ModRDN operation and checking the user private groups mepManagedBy attribute
13. Deleting mepManagedBy attribute and running ModRDN operation to check if it creates a new UPG
14. Change the RDN of template entry, DSA Unwilling to perform error expected
15. Change the RDN of cn=Users to cn=TestUsers and check UPG are deleted
:expected results:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
12. Success
13. Success
14. Fail(Unwilling to perform )
15. Success
"""
# Check the plug-in status
mana = ManagedEntriesPlugin(topo.standalone)
assert mana.status()
# Add Template and definition entry
org1 = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX).create(properties={'ou': 'Users'})
org2 = OrganizationalUnit(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}')
meps = MEPTemplates(topo.standalone, DEFAULT_SUFFIX)
mep_template1 = meps.create(properties={
'cn': 'UPG Template1',
'mepRDNAttr': 'cn',
'mepStaticAttr': 'objectclass: posixGroup',
'mepMappedAttr': 'cn: $uid|gidNumber: $gidNumber|description: User private group for $uid'.split('|')})
conf_mep = MEPConfigs(topo.standalone)
mep_config = conf_mep.create(properties={
'cn': 'UPG Definition2',
'originScope': org1.dn,
'originFilter': 'objectclass=posixaccount',
'managedBase': org2.dn,
'managedTemplate': mep_template1.dn})
# Add users with PosixAccount ObjectClass and verify creation of User Private Group
user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}'
# Disable the plug-in and check the status
mana.disable()
user.delete()
topo.standalone.restart()
# Add users with PosixAccount ObjectClass when the plug-in is disabled and creation of UPG should fail
user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
assert not user.get_attr_val_utf8('mepManagedEntry')
# Enable the plug-in and check the status
mana.enable()
user.delete()
topo.standalone.restart()
# Add users with PosixAccount ObjectClass and verify creation of User Private Group
user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}'
# Add users, run ModRDN operation and check the User Private group
# Add users, run LDAPMODIFY to change the gidNumber and check the User Private group
user.rename(new_rdn='uid=UserNewRDN', newsuperior='ou=Users,dc=example,dc=com')
assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}'
user.replace('gidNumber', '20209')
entry = Account(topo.standalone, f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}')
assert entry.get_attr_val_utf8('gidNumber') == '20209'
user.replace_many(('sn', 'new_modified_sn'), ('gidNumber', '31309'))
assert entry.get_attr_val_utf8('gidNumber') == '31309'
user.delete()
# Checking whether creation of User Private group fails for existing group entry
grp = Groups(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}', rdn=None).create(properties={'cn': 'MENTRY_14'})
user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
with pytest.raises(ldap.NO_SUCH_OBJECT):
entry.status()
user.delete()
# Checking whether adding of posixAccount objectClass to existing user creates UPG
# Add Users without posixAccount objectClass
users = WithObjectClass(topo.standalone, f'uid=test_test, ou=Users,{DEFAULT_SUFFIX}')
user_properties1 = {'uid': 'test_test', 'cn': 'test', 'sn': 'test', 'mail': 'sasa@sasa.com', 'telephoneNumber': '123'}
user = users.create(properties=user_properties1)
assert not user.get_attr_val_utf8('mepManagedEntry')
# Add posixAccount objectClass
user.replace_many(('objectclass', ['top', 'person', 'inetorgperson', 'posixAccount']),
('homeDirectory', '/home/ok'),
('uidNumber', '61603'), ('gidNumber', '61603'))
assert not user.get_attr_val_utf8('mepManagedEntry')
user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
entry = Account(topo.standalone, 'cn=test_user_1000,ou=Groups,dc=example,dc=com')
# Add inetuser objectClass
user.replace_many(
('objectclass', ['top', 'account', 'posixaccount', 'inetOrgPerson',
'organizationalPerson', 'nsMemberOf', 'nsAccount',
'person', 'mepOriginEntry', 'inetuser']),
('memberOf', entry.dn))
assert entry.status()
user.delete()
user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
entry = Account(topo.standalone, 'cn=test_user_1000,ou=Groups,dc=example,dc=com')
# Add groupofNames objectClass
user.replace_many(
('objectclass', ['top', 'account', 'posixaccount', 'inetOrgPerson',
'organizationalPerson', 'nsMemberOf', 'nsAccount',
'person', 'mepOriginEntry', 'groupofNames']),
('memberOf', user.dn))
assert entry.status()
# Running ModRDN operation and checking the user private groups mepManagedBy attribute
user.replace('mepManagedEntry', f'uid=CheckModRDN,ou=Users,{DEFAULT_SUFFIX}')
> user.rename(new_rdn='uid=UserNewRDN', newsuperior='ou=Users,dc=example,dc=com')

suites/plugins/managed_entry_test.py:238:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:796: in rename
self._instance.rename_s(self._dn, new_rdn, newsuperior,
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:702: in rename_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c62276a60>
func = <built-in method result4 of LDAP object at 0x7f3c625f5120>
args = (54, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.NO_SUCH_OBJECT: {'msgtype': 109, 'msgid': 54, 'result': 32, 'desc': 'No such object', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: NO_SUCH_OBJECT

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c610aaeb0>

def test_memberof_auto_add_oc(topology_st):
"""Test the auto add objectclass (OC) feature. The plugin should add a predefined
objectclass that will allow memberOf to be added to an entry.

:id: d222af17-17a6-48a0-8f22-a38306726a25
:setup: Standalone instance
:steps:
1. Enable dynamic plugins
2. Enable memberOf plugin
3. Test that the default add OC works.
4. Add a group that already includes one user
5. Assert memberOf on user1
6. Delete user1 and the group
7. Test invalid value (config validation)
8. Add valid objectclass
9. Add two users
10. Add a group that already includes one user
11. Add a user to the group
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
"""

# enable dynamic plugins
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.message['desc'])
assert False

# Enable the plugin
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)

# Test that the default add OC works.

try:
topology_st.standalone.add_s(Entry((USER1_DN,
{'objectclass': 'top',
'objectclass': 'person',
'objectclass': 'organizationalPerson',
'objectclass': 'inetorgperson',
'sn': 'last',
'cn': 'full',
'givenname': 'user1',
'uid': 'user1'
})))
except ldap.LDAPError as e:
log.fatal('Failed to add user1 entry, error: ' + e.message['desc'])
assert False

# Add a group(that already includes one user
try:
topology_st.standalone.add_s(Entry((GROUP_DN,
{'objectclass': 'top',
'objectclass': 'groupOfNames',
'cn': 'group',
'member': USER1_DN
})))
except ldap.LDAPError as e:
log.fatal('Failed to add group entry, error: ' + e.message['desc'])
assert False

# Assert memberOf on user1
_check_memberof(topology_st, USER1_DN, GROUP_DN)

# Reset for the next test ....
topology_st.standalone.delete_s(USER1_DN)
topology_st.standalone.delete_s(GROUP_DN)

# Test invalid value (config validation)
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
b'invalid123')])
log.fatal('Incorrectly added invalid objectclass!')
assert False
except ldap.UNWILLING_TO_PERFORM:
log.info('Correctly rejected invalid objectclass')
except ldap.LDAPError as e:
ldap.error('Unexpected error adding invalid objectclass - error: ' + e.message['desc'])
assert False


# Add valid objectclass
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
> topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
b'inetuser')])

suites/plugins/memberof_test.py:2762:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofAutoAddOC', b'inetuser')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x559b3d6b1600, file '/usr/local/lib/python3.9/site-packages/lib389/__init__.py', line 173,...93, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x559b3eb469e0, file '/export/tests/suites/plugins/memberof_test.py', line 2768, code test_m...n='test_memberof_auto_add_oc', code_context=[' topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60fa0a00>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofAutoAddOC', b'inetuser')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofAutoAddOC', b'inetuser')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60fa0a00>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofAutoAddOC', b'inetuser')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (919,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60fa0a00>, msgid = 919, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
> resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
resp_ctrl_classes=resp_ctrl_classes
)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (919, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60fa0a00>, msgid = 919, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f3c61485d80>, 919, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60fa0a00>
func = <built-in method result4 of LDAP object at 0x7f3c61485d80>
args = (919, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'msgtype': 103, 'msgid': 919, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': []})
exc_traceback = <traceback object at 0x7f3c623c9f00>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/lib64/python3.9/site-packages/ldap/compat.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60fa0a00>
func = <built-in method result4 of LDAP object at 0x7f3c61485d80>
args = (919, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'msgtype': 103, 'msgid': 919, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c610aaeb0>

def test_memberof_auto_add_oc(topology_st):
"""Test the auto add objectclass (OC) feature. The plugin should add a predefined
objectclass that will allow memberOf to be added to an entry.

:id: d222af17-17a6-48a0-8f22-a38306726a25
:setup: Standalone instance
:steps:
1. Enable dynamic plugins
2. Enable memberOf plugin
3. Test that the default add OC works.
4. Add a group that already includes one user
5. Assert memberOf on user1
6. Delete user1 and the group
7. Test invalid value (config validation)
8. Add valid objectclass
9. Add two users
10. Add a group that already includes one user
11. Add a user to the group
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
8. Success
9. Success
10. Success
11. Success
"""

# enable dynamic plugins
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.message['desc'])
assert False

# Enable the plugin
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)

# Test that the default add OC works.

try:
topology_st.standalone.add_s(Entry((USER1_DN,
{'objectclass': 'top',
'objectclass': 'person',
'objectclass': 'organizationalPerson',
'objectclass': 'inetorgperson',
'sn': 'last',
'cn': 'full',
'givenname': 'user1',
'uid': 'user1'
})))
except ldap.LDAPError as e:
log.fatal('Failed to add user1 entry, error: ' + e.message['desc'])
assert False

# Add a group(that already includes one user
try:
topology_st.standalone.add_s(Entry((GROUP_DN,
{'objectclass': 'top',
'objectclass': 'groupOfNames',
'cn': 'group',
'member': USER1_DN
})))
except ldap.LDAPError as e:
log.fatal('Failed to add group entry, error: ' + e.message['desc'])
assert False

# Assert memberOf on user1
_check_memberof(topology_st, USER1_DN, GROUP_DN)

# Reset for the next test ....
topology_st.standalone.delete_s(USER1_DN)
topology_st.standalone.delete_s(GROUP_DN)

# Test invalid value (config validation)
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
b'invalid123')])
log.fatal('Incorrectly added invalid objectclass!')
assert False
except ldap.UNWILLING_TO_PERFORM:
log.info('Correctly rejected invalid objectclass')
except ldap.LDAPError as e:
ldap.error('Unexpected error adding invalid objectclass - error: ' + e.message['desc'])
assert False


# Add valid objectclass
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofAutoAddOC',
b'inetuser')])
except ldap.LDAPError as e:
> log.fatal('Failed to configure memberOf plugin: error ' + e.message['desc'])
E AttributeError: 'UNWILLING_TO_PERFORM' object has no attribute 'message'

suites/plugins/memberof_test.py:2767: AttributeError
-------------------------------Captured log call--------------------------------
INFO tests.suites.plugins.memberof_test:memberof_test.py:109 Lookup memberof from uid=user1,dc=example,dc=com INFO tests.suites.plugins.memberof_test:memberof_test.py:116 memberof: cn=group,dc=example,dc=com INFO tests.suites.plugins.memberof_test:memberof_test.py:119 --> membership verified INFO tests.suites.plugins.memberof_test:memberof_test.py:2753 Correctly rejected invalid objectclass

topology_with_tls = <lib389.topologies.TopologyMain object at 0x7f3c61d02370>

def test_algorithm_unhashed(topology_with_tls):
"""Check encryption algorithm AES
And check unhashed#user#password attribute for encryption.

:id: b7a37bf8-4b2e-4dbd-9891-70117d67558c
:parametrized: yes
:setup: Replication with two suppliers and SSL configured.
:steps: 1. Enable changelog encrytion on supplier1
2. Add a user to supplier1/supplier2
3. Run dbscan -f on m1 to check unhashed#user#password
attribute is encrypted.
4. Run dbscan -f on m2 to check unhashed#user#password
attribute is in cleartext.
5. Modify password in supplier2/supplier1
6. Run dbscan -f on m1 to check unhashed#user#password
attribute is encrypted.
7. Run dbscan -f on m2 to check unhashed#user#password
attribute is in cleartext.
:expectedresults:
1. It should pass
2. It should pass
3. It should pass
4. It should pass
5. It should pass
6. It should pass
7. It should pass
"""
encryption = 'AES'
m1 = topology_with_tls.ms['supplier1']
m2 = topology_with_tls.ms['supplier2']
m1.config.set('nsslapd-unhashed-pw-switch', 'on')
m2.config.set('nsslapd-unhashed-pw-switch', 'on')
test_passw = 'm2Test199'

_enable_changelog_encryption(m1, encryption)

for inst1, inst2 in ((m1, m2), (m2, m1)):
# need to create a user specific to the encryption
# else the two runs will hit the same user
user_props={
'uid': 'testuser_%s' % encryption,
'cn' : 'testuser_%s' % encryption,
'sn' : 'user',
'uidNumber' : '1000',
'gidNumber' : '1000',
'homeDirectory' : '/home/testuser_%s' % encryption
}
user_props["userPassword"] = PASSWORD
users = UserAccounts(inst1, DEFAULT_SUFFIX)
tuser = users.create(properties=user_props)

> _check_unhashed_userpw_encrypted(m1, 'add', tuser.dn, PASSWORD, True)

suites/replication/encryption_cl5_test.py:137:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
suites/replication/encryption_cl5_test.py:65: in _check_unhashed_userpw_encrypted
dbscanOut = inst.dbscan(DEFAULT_BENAME, 'replication_changelog')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:3015: in dbscan
output = subprocess.check_output(cmd)
/usr/lib64/python3.9/subprocess.py:424: in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-supplier1/db/userRoot/replication_changelog.db4'],)
kwargs = {'stdout': -1}
process = <Popen: returncode: -6 args: ['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slap...>
stdout = b'', stderr = None, retcode = -6

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not None:
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads. communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
> raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-supplier1/db/userRoot/replication_changelog.db4']' died with <Signals.SIGABRT: 6>.

/usr/lib64/python3.9/subprocess.py:528: CalledProcessError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect 84671605-9734-49bb-8724-d03e6e70d61d / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect 0a9b5ad5-5c72-46a7-97f9-83ca48a4f959 / got description=84671605-9734-49bb-8724-d03e6e70d61d) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists INFO lib389.replica:replica.py:2498 Retry: Replication from ldaps://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:63701 to ldaps://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:63702 is NOT working (expect b74edcf9-6e39-489b-b7f9-61eb2e1d7e27 / got description=0a9b5ad5-5c72-46a7-97f9-83ca48a4f959) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldaps://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:63701 to ldaps://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:63702 is working
------------------------------Captured stderr call------------------------------
free(): double free detected in tcache 2
-------------------------------Captured log call--------------------------------
INFO tests.suites.replication.encryption_cl5_test:encryption_cl5_test.py:47 Configuring changelog encryption:supplier1 for: AES INFO tests.suites.replication.encryption_cl5_test:encryption_cl5_test.py:64 Running dbscan -f to check unhashed#user#password attr INFO lib389:__init__.py:3014 Running script: ['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-supplier1/db/userRoot/replication_changelog.db4']

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c61d02520>

def test_ticket47781(topology_st):
"""
Testing for a deadlock after doing an online import of an LDIF with
replication data. The replication agreement should be invalid.
"""

log.info('Testing Ticket 47781 - Testing for deadlock after importing LDIF with replication data')

supplier = topology_st.standalone
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.create_first_supplier(supplier)

properties = {RA_NAME: r'meTo_$host:$port',
RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
# The agreement should point to a server that does NOT exist (invalid port)
repl_agreement = supplier.agreement.create(suffix=DEFAULT_SUFFIX,
host=supplier.host,
port=5555,
properties=properties)

#
# add two entries
#
log.info('Adding two entries...')

supplier.add_s(Entry(('cn=entry1,dc=example,dc=com', {
'objectclass': 'top person'.split(),
'sn': 'user',
'cn': 'entry1'})))

supplier.add_s(Entry(('cn=entry2,dc=example,dc=com', {
'objectclass': 'top person'.split(),
'sn': 'user',
'cn': 'entry2'})))

#
# export the replication ldif
#
log.info('Exporting replication ldif...')
args = {EXPORT_REPL_INFO: True}
exportTask = Tasks(supplier)
exportTask.exportLDIF(DEFAULT_SUFFIX, None, "/tmp/export.ldif", args)

#
# Restart the server
#
log.info('Restarting server...')
supplier.stop()
supplier.start()

#
# Import the ldif
#
log.info('Import replication LDIF file...')
importTask = Tasks(supplier)
args = {TASK_WAIT: True}
> importTask.importLDIF(DEFAULT_SUFFIX, None, "/tmp/export.ldif", args)

tickets/ticket47781_test.py:85:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7f3c612b8790>
suffix = 'dc=example,dc=com', benamebase = None, input_file = '/tmp/export.ldif'
args = {'wait': True}

def importLDIF(self, suffix=None, benamebase=None, input_file=None,
args=None):
'''
Import from a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

'input_file' is the ldif input file

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param ldif_input - file that will contain the entries in LDIF format
to import
@param args - is a dictionary that contains modifier of the import task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return

@return None

@raise ValueError

'''
if self.conn.state != DIRSRV_STATE_ONLINE:
raise ValueError("Invalid Server State %s! Must be online" % self.conn.state)

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not input_file:
raise ValueError("input_file is mandatory")

if not os.path.exists(input_file):
> raise ValueError("Import file (%s) does not exist" % input_file)
E ValueError: Import file (/tmp/export.ldif) does not exist

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:487: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO lib389:tasks.py:585 Export task export_04242021_003749 for file /tmp/export.ldif completed successfully

topology_m1c1 = <lib389.topologies.TopologyMain object at 0x7f3c61327eb0>

def test_ticket47871_2(topology_m1c1):
'''
Wait until there is just a last entries
'''
MAX_TRIES = 10
TRY_NO = 1
while TRY_NO <= MAX_TRIES:
time.sleep(6) # at least 1 trimming occurred
ents = topology_m1c1.ms["supplier1"].search_s(RETROCL_SUFFIX, ldap.SCOPE_ONELEVEL, "(objectclass=*)")
assert len(ents) <= MAX_OTHERS
topology_m1c1.ms["supplier1"].log.info("\nTry no %d it remains %d entries" % (TRY_NO, len(ents)))
for ent in ents:
topology_m1c1.ms["supplier1"].log.info("%s" % ent.dn)
if len(ents) > 1:
TRY_NO += 1
else:
break
> assert TRY_NO <= MAX_TRIES
E assert 11 <= 10

tickets/ticket47871_test.py:100: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47871_test.py:93 Try no 1 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 2 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 3 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 4 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 5 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 6 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 7 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 8 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 9 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog INFO lib389:ticket47871_test.py:93 Try no 10 it remains 10 entries INFO lib389:ticket47871_test.py:95 changenumber=1,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=2,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=3,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=4,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=5,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=6,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=7,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=8,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=9,cn=changelog INFO lib389:ticket47871_test.py:95 changenumber=10,cn=changelog

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60ff2070>
log_dir = '/var/log/dirsrv/slapd-standalone1/access'

def test_ticket47910_logconv_start_end_positive(topology_st, log_dir):
'''
Execute logconv.pl with -S and -E(endtime) with random time stamp
This is execute successfully
'''
#
# Execute logconv.pl -S -E with random timestamp
#
log.info('Running test_ticket47910 - Execute logconv.pl -S -E with random values')

log.info("taking current time with offset of 2 mins and formatting it to feed -S")
start_time_stamp = (datetime.now() - timedelta(minutes=2))
formatted_start_time_stamp = format_time(start_time_stamp)

log.info("taking current time with offset of 2 mins and formatting it to feed -E")
end_time_stamp = (datetime.now() + timedelta(minutes=2))
formatted_end_time_stamp = format_time(end_time_stamp)

log.info("Executing logconv.pl with -S and -E")
result = execute_logconv(topology_st.standalone, formatted_start_time_stamp, formatted_end_time_stamp, log_dir)
> assert result == 0
E assert 2 == 0
E +2
E -0

tickets/ticket47910_test.py:91: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.utils:ticket47910_test.py:36 Diable access log buffering INFO lib389.utils:ticket47910_test.py:39 Do a ldapsearch operation INFO lib389.utils:ticket47910_test.py:42 sleep for sometime so that access log file get generated
-------------------------------Captured log call--------------------------------
INFO lib389.utils:ticket47910_test.py:79 Running test_ticket47910 - Execute logconv.pl -S -E with random values INFO lib389.utils:ticket47910_test.py:81 taking current time with offset of 2 mins and formatting it to feed -S INFO lib389.utils:ticket47910_test.py:85 taking current time with offset of 2 mins and formatting it to feed -E INFO lib389.utils:ticket47910_test.py:89 Executing logconv.pl with -S and -E INFO lib389.utils:ticket47910_test.py:61 Executing logconv.pl with -S current time and -E end time INFO lib389.utils:ticket47910_test.py:63 /usr/bin/logconv.pl -S [24/Apr/2021:00:43:38] -E [24/Apr/2021:00:47:38] /var/log/dirsrv/slapd-standalone1/access INFO lib389.utils:ticket47910_test.py:66 standard output INFO lib389.utils:ticket47910_test.py:67 standard errorsCan't locate sigtrap.pm in @INC (you may need to install the sigtrap module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/bin/logconv.pl line 23. BEGIN failed--compilation aborted at /usr/bin/logconv.pl line 23.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60ff2070>
log_dir = '/var/log/dirsrv/slapd-standalone1/access'

def test_ticket47910_logconv_start_end_negative(topology_st, log_dir):
'''
Execute logconv.pl with -S and -E(endtime) with random time stamp
This is a negative test case, where endtime will be lesser than the
starttime
This should give error message
'''

#
# Execute logconv.pl -S and -E with random timestamp
#
log.info('Running test_ticket47910 - Execute logconv.pl -S -E with starttime>endtime')

log.info("taking current time with offset of 2 mins and formatting it to feed -S")
start_time_stamp = (datetime.now() + timedelta(minutes=2))
formatted_start_time_stamp = format_time(start_time_stamp)

log.info("taking current time with offset of 2 mins and formatting it to feed -E")
end_time_stamp = (datetime.now() - timedelta(minutes=2))
formatted_end_time_stamp = format_time(end_time_stamp)

log.info("Executing logconv.pl with -S and -E")
result = execute_logconv(topology_st.standalone, formatted_start_time_stamp, formatted_end_time_stamp, log_dir)
> assert result == 1
E assert 2 == 1
E +2
E -1

tickets/ticket47910_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389.utils:ticket47910_test.py:105 Running test_ticket47910 - Execute logconv.pl -S -E with starttime>endtime INFO lib389.utils:ticket47910_test.py:107 taking current time with offset of 2 mins and formatting it to feed -S INFO lib389.utils:ticket47910_test.py:111 taking current time with offset of 2 mins and formatting it to feed -E INFO lib389.utils:ticket47910_test.py:115 Executing logconv.pl with -S and -E INFO lib389.utils:ticket47910_test.py:61 Executing logconv.pl with -S current time and -E end time INFO lib389.utils:ticket47910_test.py:63 /usr/bin/logconv.pl -S [24/Apr/2021:00:47:39] -E [24/Apr/2021:00:43:39] /var/log/dirsrv/slapd-standalone1/access INFO lib389.utils:ticket47910_test.py:66 standard output INFO lib389.utils:ticket47910_test.py:67 standard errorsCan't locate sigtrap.pm in @INC (you may need to install the sigtrap module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/bin/logconv.pl line 23. BEGIN failed--compilation aborted at /usr/bin/logconv.pl line 23.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60ff2070>
log_dir = '/var/log/dirsrv/slapd-standalone1/access'

def test_ticket47910_logconv_start_end_invalid(topology_st, log_dir):
'''
Execute logconv.pl with -S and -E(endtime) with invalid time stamp
This is a negative test case, where it should give error message
'''
#
# Execute logconv.pl -S and -E with invalid timestamp
#
log.info('Running test_ticket47910 - Execute logconv.pl -S -E with invalid timestamp')
log.info("Set start time and end time to invalid values")
start_time_stamp = "invalid"
end_time_stamp = "invalid"

log.info("Executing logconv.pl with -S and -E")
result = execute_logconv(topology_st.standalone, start_time_stamp, end_time_stamp, log_dir)
> assert result == 1
E assert 2 == 1
E +2
E -1

tickets/ticket47910_test.py:135: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389.utils:ticket47910_test.py:128 Running test_ticket47910 - Execute logconv.pl -S -E with invalid timestamp INFO lib389.utils:ticket47910_test.py:129 Set start time and end time to invalid values INFO lib389.utils:ticket47910_test.py:133 Executing logconv.pl with -S and -E INFO lib389.utils:ticket47910_test.py:61 Executing logconv.pl with -S current time and -E end time INFO lib389.utils:ticket47910_test.py:63 /usr/bin/logconv.pl -S invalid -E invalid /var/log/dirsrv/slapd-standalone1/access INFO lib389.utils:ticket47910_test.py:66 standard output INFO lib389.utils:ticket47910_test.py:67 standard errorsCan't locate sigtrap.pm in @INC (you may need to install the sigtrap module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/bin/logconv.pl line 23. BEGIN failed--compilation aborted at /usr/bin/logconv.pl line 23.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60ff2070>
log_dir = '/var/log/dirsrv/slapd-standalone1/access'

def test_ticket47910_logconv_noaccesslogs(topology_st, log_dir):
'''
Execute logconv.pl -S(starttime) without specify
access logs location
'''

#
# Execute logconv.pl -S with random timestamp and no access log location
#
log.info('Running test_ticket47910 - Execute logconv.pl without access logs')

log.info("taking current time with offset of 2 mins and formatting it to feed -S")
time_stamp = (datetime.now() - timedelta(minutes=2))
formatted_time_stamp = format_time(time_stamp)
log.info("Executing logconv.pl with -S current time")
cmd = [os.path.join(topology_st.standalone.get_bin_dir(), 'logconv.pl'), '-S', formatted_time_stamp]
log.info(" ".join(cmd))
proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = proc.communicate()
log.info("standard output" + ensure_str(stdout))
log.info("standard errors" + ensure_str(stderr))

> assert proc.returncode == 1
E assert 2 == 1
E +2
E -1

tickets/ticket47910_test.py:160: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389.utils:ticket47910_test.py:147 Running test_ticket47910 - Execute logconv.pl without access logs INFO lib389.utils:ticket47910_test.py:149 taking current time with offset of 2 mins and formatting it to feed -S INFO lib389.utils:ticket47910_test.py:152 Executing logconv.pl with -S current time INFO lib389.utils:ticket47910_test.py:154 /usr/bin/logconv.pl -S [24/Apr/2021:00:43:39] INFO lib389.utils:ticket47910_test.py:157 standard output INFO lib389.utils:ticket47910_test.py:158 standard errorsCan't locate sigtrap.pm in @INC (you may need to install the sigtrap module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/bin/logconv.pl line 23. BEGIN failed--compilation aborted at /usr/bin/logconv.pl line 23.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c614615b0>

def test_ticket47931(topology_st):
"""Test Retro Changelog and MemberOf deadlock fix.
Verification steps:
- Enable retro cl and memberOf.
- Create two backends: A & B.
- Configure retrocl scoping for backend A.
- Configure memberOf plugin for uniquemember
- Create group in backend A.
- In parallel, add members to the group on A, and make modifications
to entries in backend B.
- Make sure the server does not hang during the updates to both
backends.

"""

# Enable dynamic plugins to make plugin configuration easier
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
log.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

# Enable the plugins
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)

# Create second backend
topology_st.standalone.backend.create(SECOND_SUFFIX, {BACKEND_NAME: SECOND_BACKEND})
topology_st.standalone.mappingtree.create(SECOND_SUFFIX, bename=SECOND_BACKEND)

# Create the root node of the second backend
try:
topology_st.standalone.add_s(Entry((SECOND_SUFFIX,
{'objectclass': 'top domain'.split(),
'dc': 'deadlock'})))
except ldap.LDAPError as e:
log.fatal('Failed to create suffix entry: error ' + e.args[0]['desc'])
assert False

# Configure retrocl scope
try:
topology_st.standalone.modify_s(RETROCL_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'nsslapd-include-suffix',
ensure_bytes(DEFAULT_SUFFIX))])
except ldap.LDAPError as e:
log.error('Failed to configure retrocl plugin: ' + e.args[0]['desc'])
assert False

# Configure memberOf group attribute
try:
> topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofgroupattr',
b'uniquemember')])

tickets/ticket47931_test.py:107:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofgroupattr', b'uniquemember')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x559b3f1a2ba0, file '/usr/local/lib/python3.9/site-packages/lib389/__init__.py', line 173,...93, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x559b3f10cf30, file '/export/tests/tickets/ticket47931_test.py', line 113, code test_ticket..., function='test_ticket47931', code_context=[' topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c614612e0>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofgroupattr', b'uniquemember')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofgroupattr', b'uniquemember')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c614612e0>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofgroupattr', b'uniquemember')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (17,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c614612e0>, msgid = 17, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
> resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
resp_ctrl_classes=resp_ctrl_classes
)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (17, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c614612e0>, msgid = 17, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f3c61460360>, 17, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c614612e0>
func = <built-in method result4 of LDAP object at 0x7f3c61460360>
args = (17, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'msgtype': 103, 'msgid': 17, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': []})
exc_traceback = <traceback object at 0x7f3c611f1ec0>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/lib64/python3.9/site-packages/ldap/compat.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c614612e0>
func = <built-in method result4 of LDAP object at 0x7f3c61460360>
args = (17, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'msgtype': 103, 'msgid': 17, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c614615b0>

def test_ticket47931(topology_st):
"""Test Retro Changelog and MemberOf deadlock fix.
Verification steps:
- Enable retro cl and memberOf.
- Create two backends: A & B.
- Configure retrocl scoping for backend A.
- Configure memberOf plugin for uniquemember
- Create group in backend A.
- In parallel, add members to the group on A, and make modifications
to entries in backend B.
- Make sure the server does not hang during the updates to both
backends.

"""

# Enable dynamic plugins to make plugin configuration easier
try:
topology_st.standalone.modify_s(DN_CONFIG,
[(ldap.MOD_REPLACE,
'nsslapd-dynamic-plugins',
b'on')])
except ldap.LDAPError as e:
log.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

# Enable the plugins
topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)

# Create second backend
topology_st.standalone.backend.create(SECOND_SUFFIX, {BACKEND_NAME: SECOND_BACKEND})
topology_st.standalone.mappingtree.create(SECOND_SUFFIX, bename=SECOND_BACKEND)

# Create the root node of the second backend
try:
topology_st.standalone.add_s(Entry((SECOND_SUFFIX,
{'objectclass': 'top domain'.split(),
'dc': 'deadlock'})))
except ldap.LDAPError as e:
log.fatal('Failed to create suffix entry: error ' + e.args[0]['desc'])
assert False

# Configure retrocl scope
try:
topology_st.standalone.modify_s(RETROCL_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'nsslapd-include-suffix',
ensure_bytes(DEFAULT_SUFFIX))])
except ldap.LDAPError as e:
log.error('Failed to configure retrocl plugin: ' + e.args[0]['desc'])
assert False

# Configure memberOf group attribute
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofgroupattr',
b'uniquemember')])
except ldap.LDAPError as e:
log.fatal('Failed to configure memberOf plugin: error ' + e.args[0]['desc'])
> assert False
E assert False

tickets/ticket47931_test.py:113: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO lib389:backend.py:80 List backend with suffix=dc=deadlock INFO lib389:backend.py:290 Creating a local backend INFO lib389:backend.py:76 List backend cn=deadlock,cn=ldbm database,cn=plugins,cn=config INFO lib389:__init__.py:1710 Found entry dn: cn=deadlock,cn=ldbm database,cn=plugins,cn=config cn: deadlock nsslapd-cachememsize: 512000 nsslapd-cachesize: -1 nsslapd-directory: /var/lib/dirsrv/slapd-standalone1/db/deadlock nsslapd-dncachememsize: 16777216 nsslapd-readonly: off nsslapd-require-index: off nsslapd-require-internalop-index: off nsslapd-suffix: dc=deadlock objectClass: top objectClass: extensibleObject objectClass: nsBackendInstance INFO lib389:mappingTree.py:153 Entry dn: cn="dc=deadlock",cn=mapping tree,cn=config cn: dc=deadlock nsslapd-backend: deadlock nsslapd-state: backend objectclass: top objectclass: extensibleObject objectclass: nsMappingTree INFO lib389:__init__.py:1710 Found entry dn: cn=dc\3Ddeadlock,cn=mapping tree,cn=config cn: dc=deadlock nsslapd-backend: deadlock nsslapd-state: backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree CRITICAL tests.tickets.ticket47931_test:ticket47931_test.py:112 Failed to configure memberOf plugin: error Server is unwilling to perform

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c613d4430>

def test_ticket47988_init(topology_m2):
"""
It adds
- Objectclass with MAY 'member'
- an entry ('bind_entry') with which we bind to test the 'SELFDN' operation
It deletes the anonymous aci

"""

_header(topology_m2, 'test_ticket47988_init')

# enable acl error logging
mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', ensure_bytes(str(8192)))] # REPL
topology_m2.ms["supplier1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["supplier2"].modify_s(DN_CONFIG, mod)

mod = [(ldap.MOD_REPLACE, 'nsslapd-accesslog-level', ensure_bytes(str(260)))] # Internal op
topology_m2.ms["supplier1"].modify_s(DN_CONFIG, mod)
topology_m2.ms["supplier2"].modify_s(DN_CONFIG, mod)

# add dummy entries
for cpt in range(MAX_OTHERS):
name = "%s%d" % (OTHER_NAME, cpt)
topology_m2.ms["supplier1"].add_s(Entry(("cn=%s,%s" % (name, SUFFIX), {
'objectclass': "top person".split(),
'sn': name,
'cn': name})))

# check that entry 0 is replicated before
loop = 0
entryDN = "cn=%s0,%s" % (OTHER_NAME, SUFFIX)
while loop <= 10:
try:
ent = topology_m2.ms["supplier2"].getEntry(entryDN, ldap.SCOPE_BASE, "(objectclass=*)", ['telephonenumber'])
break
except ldap.NO_SUCH_OBJECT:
time.sleep(1)
loop += 1
assert (loop <= 10)

topology_m2.ms["supplier1"].stop(timeout=10)
topology_m2.ms["supplier2"].stop(timeout=10)

# install the specific schema M1: ipa3.3, M2: ipa4.1
schema_file = os.path.join(topology_m2.ms["supplier1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa3.3.tar.gz")
_install_schema(topology_m2.ms["supplier1"], schema_file)
schema_file = os.path.join(topology_m2.ms["supplier1"].getDir(__file__, DATA_DIR), "ticket47988/schema_ipa4.1.tar.gz")
_install_schema(topology_m2.ms["supplier2"], schema_file)

> topology_m2.ms["supplier1"].start(timeout=10)

/export/tests/tickets/ticket47988_test.py:157:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:1075: in start
subprocess.check_output(["systemctl", "start", "dirsrv@%s" % self.serverid], stderr=subprocess.STDOUT)
/usr/lib64/python3.9/subprocess.py:424: in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['systemctl', 'start', 'dirsrv@supplier1'],)
kwargs = {'stderr': -2, 'stdout': -1}
process = <Popen: returncode: 1 args: ['systemctl', 'start', 'dirsrv@supplier1']>
stdout = b'Job for dirsrv@supplier1.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@supplier1.service" and "journalctl -xe" for details.\n'
stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not None:
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads. communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
> raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['systemctl', 'start', 'dirsrv@supplier1']' returned non-zero exit status 1.

/usr/lib64/python3.9/subprocess.py:528: CalledProcessError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect 79567780-a3b7-4def-9d27-4afd0469fb78 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect 4809748d-f062-4cf2-8a47-d76f9b5105a6 / got description=79567780-a3b7-4def-9d27-4afd0469fb78) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_init INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ################################################### INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/02common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/50ns-admin.ldif INFO lib389:ticket47988_test.py:98 replace /etc/dirsrv/slapd-supplier1/schema/99user.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60nss-ldap.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60autofs.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/50ns-web.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60samba.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/10dna-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/05rfc4523.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60basev2.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/10automember-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/05rfc2927.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/10mep-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60ipadns.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/10rfc2307.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/50ns-mail.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/05rfc4524.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60trust.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60ipaconfig.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/50ns-directory.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60eduperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60mozilla.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/65ipasudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60rfc3712.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60rfc2739.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/50ns-value.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60acctpolicy.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/01core389.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60sabayon.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60pam-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/00core.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/25java-object.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60sudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/70ipaotp.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60pureftpd.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/61kerberos-ipav3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60kerberos.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60basev3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/06inetorgperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/30ns-common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/28pilot.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/20subscriber.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/50ns-certificate.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier1/schema/60posix-winsync-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/02common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/50ns-admin.ldif INFO lib389:ticket47988_test.py:98 replace /etc/dirsrv/slapd-supplier2/schema/99user.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60nss-ldap.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60autofs.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/50ns-web.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60samba.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/10dna-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/05rfc4523.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60basev2.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/10automember-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/05rfc2927.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/10mep-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60ipadns.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/10rfc2307.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/50ns-mail.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/05rfc4524.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60trust.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60ipaconfig.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/50ns-directory.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60eduperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60mozilla.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/65ipasudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60rfc3712.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60rfc2739.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/50ns-value.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60acctpolicy.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/01core389.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60sabayon.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60pam-plugin.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/00core.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/25java-object.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60sudo.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/70ipaotp.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60pureftpd.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/61kerberos-ipav3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60kerberos.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60basev3.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/06inetorgperson.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/30ns-common.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/28pilot.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/20subscriber.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/50ns-certificate.ldif INFO lib389:ticket47988_test.py:102 add /etc/dirsrv/slapd-supplier2/schema/60posix-winsync-plugin.ldif

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c613d4430>

def test_ticket47988_1(topology_m2):
'''
Check that replication is working and pause replication M2->M1
'''
_header(topology_m2, 'test_ticket47988_1')

topology_m2.ms["supplier1"].log.debug("\n\nCheck that replication is working and pause replication M2->M1\n")
> _do_update_entry(supplier=topology_m2.ms["supplier2"], consumer=topology_m2.ms["supplier1"], attempts=5)

/export/tests/tickets/ticket47988_test.py:234:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:184: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c61464370>
func = <built-in method result4 of LDAP object at 0x7f3c613d4d50>
args = (26, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_1 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c613d4430>

def test_ticket47988_2(topology_m2):
'''
Update M1 schema and trigger update M1->M2
So M1 should learn new/extended definitions that are in M2 schema
'''
_header(topology_m2, 'test_ticket47988_2')

topology_m2.ms["supplier1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> supplier1_schema_csn = topology_m2.ms["supplier1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:246:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/schema.py:614: in get_schema_csn
ents = self.conn.search_s(DN_SCHEMA, ldap.SCOPE_BASE,
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:864: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:141: in inner
objtype, data = f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:756: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:760: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c6145edc0>
func = <built-in method result4 of LDAP object at 0x7f3c624cb8a0>
args = (62, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_2 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c613d4430>

def test_ticket47988_3(topology_m2):
'''
Resume replication M2->M1 and check replication is still working
'''
_header(topology_m2, 'test_ticket47988_3')

> _resume_M2_to_M1(topology_m2)

/export/tests/tickets/ticket47988_test.py:283:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:222: in _resume_M2_to_M1
ents = topology_m2.ms["supplier2"].agreement.list(suffix=SUFFIX)
/usr/local/lib/python3.9/site-packages/lib389/agreement.py:904: in list
replica_entries = self.conn.replica.list(suffix)
/usr/local/lib/python3.9/site-packages/lib389/replica.py:178: in list
ents = self.conn.search_s(base, ldap.SCOPE_SUBTREE, filtr)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c61464370>
func = <built-in method search_ext of LDAP object at 0x7f3c613d4d50>
args = ('cn=mapping tree,cn=config', 2, '(&(objectclass=nsds5Replica)(nsDS5ReplicaRoot=dc=example,dc=com))', None, 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_3 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ################################################### INFO lib389:ticket47988_test.py:221 ######################### resume RA M2->M1 ######################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c613d4430>

def test_ticket47988_4(topology_m2):
'''
Check schemaCSN is identical on both server
And save the nsschemaCSN to later check they do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_4')

> supplier1_schema_csn = topology_m2.ms["supplier1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:295:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/schema.py:614: in get_schema_csn
ents = self.conn.search_s(DN_SCHEMA, ldap.SCOPE_BASE,
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c6145edc0>
func = <built-in method search_ext of LDAP object at 0x7f3c624cb8a0>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_4 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c613d4430>

def test_ticket47988_5(topology_m2):
'''
Check schemaCSN do not change unexpectedly
'''
_header(topology_m2, 'test_ticket47988_5')

> _do_update_entry(supplier=topology_m2.ms["supplier1"], consumer=topology_m2.ms["supplier2"], attempts=5)

/export/tests/tickets/ticket47988_test.py:313:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket47988_test.py:184: in _do_update_entry
supplier.modify_s(entryDN, mod)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640: in modify_s
return self.modify_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:612: in modify_ext_s
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:609: in modify_ext
return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c6145edc0>
func = <built-in method modify_ext of LDAP object at 0x7f3c624cb8a0>
args = ('cn=other_entry0,dc=example,dc=com', [(2, 'telephonenumber', b'132')], None, None)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_5 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c613d4430>

def test_ticket47988_6(topology_m2):
'''
Update M1 schema and trigger update M2->M1
So M2 should learn new/extended definitions that are in M1 schema
'''

_header(topology_m2, 'test_ticket47988_6')

topology_m2.ms["supplier1"].log.debug("\n\nUpdate M1 schema and an entry on M1\n")
> supplier1_schema_csn = topology_m2.ms["supplier1"].schema.get_schema_csn()

/export/tests/tickets/ticket47988_test.py:336:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/schema.py:614: in get_schema_csn
ents = self.conn.search_s(DN_SCHEMA, ldap.SCOPE_BASE,
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:870: in search_s
return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:863: in search_ext_s
msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:853: in search_ext
return self._ldap_call(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c6145edc0>
func = <built-in method search_ext of LDAP object at 0x7f3c624cb8a0>
args = ('cn=schema', 0, 'objectclass=*', ['nsSchemaCSN'], 0, None, ...)
kwargs = {}, diagnostic_message_success = None, exc_type = None
exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log call--------------------------------
INFO lib389:ticket47988_test.py:64 ############################################### INFO lib389:ticket47988_test.py:65 ####### INFO lib389:ticket47988_test.py:66 ####### test_ticket47988_6 INFO lib389:ticket47988_test.py:67 ####### INFO lib389:ticket47988_test.py:68 ###################################################

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c610a5bb0>

def test_ticket48005_setup(topology_st):
'''
allow dump core
generate a test ldif file using dbgen.pl
import the ldif
'''
log.info("Ticket 48005 setup...")
if hasattr(topology_st.standalone, 'prefix'):
prefix = topology_st.standalone.prefix
else:
prefix = None
sysconfig_dirsrv = os.path.join(topology_st.standalone.get_initconfig_dir(), 'dirsrv')
cmdline = 'egrep "ulimit -c unlimited" %s' % sysconfig_dirsrv
p = os.popen(cmdline, "r")
ulimitc = p.readline()
if ulimitc == "":
log.info('No ulimit -c in %s' % sysconfig_dirsrv)
log.info('Adding it')
cmdline = 'echo "ulimit -c unlimited" >> %s' % sysconfig_dirsrv

sysconfig_dirsrv_systemd = sysconfig_dirsrv + ".systemd"
cmdline = 'egrep LimitCORE=infinity %s' % sysconfig_dirsrv_systemd
p = os.popen(cmdline, "r")
lcore = p.readline()
if lcore == "":
log.info('No LimitCORE in %s' % sysconfig_dirsrv_systemd)
log.info('Adding it')
cmdline = 'echo LimitCORE=infinity >> %s' % sysconfig_dirsrv_systemd

topology_st.standalone.restart(timeout=10)

ldif_file = topology_st.standalone.get_ldif_dir() + "/ticket48005.ldif"
os.system('ls %s' % ldif_file)
os.system('rm -f %s' % ldif_file)
if hasattr(topology_st.standalone, 'prefix'):
prefix = topology_st.standalone.prefix
else:
prefix = ""
dbgen_prog = prefix + '/bin/dbgen.pl'
log.info('dbgen_prog: %s' % dbgen_prog)
os.system('%s -s %s -o %s -u -n 10000' % (dbgen_prog, SUFFIX, ldif_file))
cmdline = 'egrep dn: %s | wc -l' % ldif_file
p = os.popen(cmdline, "r")
dnnumstr = p.readline()
num = int(dnnumstr)
log.info("We have %d entries.\n", num)

importTask = Tasks(topology_st.standalone)
args = {TASK_WAIT: True}
> importTask.importLDIF(SUFFIX, None, ldif_file, args)

/export/tests/tickets/ticket48005_test.py:74:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.tasks.Tasks object at 0x7f3c605770a0>
suffix = 'dc=example,dc=com', benamebase = None
input_file = '/var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif'
args = {'wait': True}

def importLDIF(self, suffix=None, benamebase=None, input_file=None,
args=None):
'''
Import from a LDIF format a given 'suffix' (or 'benamebase' that stores
that suffix). It uses an internal task to acheive this request.

If 'suffix' and 'benamebase' are specified, it uses 'benamebase' first
else 'suffix'.
If both 'suffix' and 'benamebase' are missing it raise ValueError

'input_file' is the ldif input file

@param suffix - suffix of the backend
@param benamebase - 'commonname'/'cn' of the backend (e.g. 'userRoot')
@param ldif_input - file that will contain the entries in LDIF format
to import
@param args - is a dictionary that contains modifier of the import task
wait: True/[False] - If True, 'export' waits for the completion
of the task before to return

@return None

@raise ValueError

'''
if self.conn.state != DIRSRV_STATE_ONLINE:
raise ValueError("Invalid Server State %s! Must be online" % self.conn.state)

# Checking the parameters
if not benamebase and not suffix:
raise ValueError("Specify either bename or suffix")

if not input_file:
raise ValueError("input_file is mandatory")

if not os.path.exists(input_file):
> raise ValueError("Import file (%s) does not exist" % input_file)
E ValueError: Import file (/var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif) does not exist

/usr/local/lib/python3.9/site-packages/lib389/tasks.py:487: ValueError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
------------------------------Captured stderr call------------------------------
grep: /etc/sysconfig/dirsrv: No such file or directory grep: /etc/sysconfig/dirsrv.systemd: No such file or directory ls: cannot access '/var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif': No such file or directory sh: /bin/dbgen.pl: No such file or directory grep: /var/lib/dirsrv/slapd-standalone1/ldif/ticket48005.ldif: No such file or directory
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48005_test:ticket48005_test.py:31 Ticket 48005 setup... INFO tests.tickets.ticket48005_test:ticket48005_test.py:41 No ulimit -c in /etc/sysconfig/dirsrv INFO tests.tickets.ticket48005_test:ticket48005_test.py:42 Adding it INFO tests.tickets.ticket48005_test:ticket48005_test.py:50 No LimitCORE in /etc/sysconfig/dirsrv.systemd INFO tests.tickets.ticket48005_test:ticket48005_test.py:51 Adding it INFO tests.tickets.ticket48005_test:ticket48005_test.py:64 dbgen_prog: /bin/dbgen.pl INFO tests.tickets.ticket48005_test:ticket48005_test.py:70 We have 0 entries.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c6031a7c0>

def test_ticket48013(topology_st):
'''
Content Synchonization: Test that invalid cookies are caught
'''

cookies = ('#', '##', 'a#a#a', 'a#a#1')

# Enable dynamic plugins
try:
topology_st.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'on')])
except ldap.LDAPError as e:
log.error('Failed to enable dynamic plugin! {}'.format(e.args[0]['desc']))
assert False

# Enable retro changelog
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)

# Enbale content sync plugin
> topology_st.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)

/export/tests/tickets/ticket48013_test.py:61:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/plugins.py:2105: in enable
plugin.enable()
/usr/local/lib/python3.9/site-packages/lib389/plugins.py:58: in enable
self.set('nsslapd-pluginEnabled', 'on')
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:447: in set
return self._instance.modify_ext_s(self._dn, [(action, key, value)],
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613: in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60577d00>
func = <built-in method result4 of LDAP object at 0x7f3c6217cb40>
args = (7, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>

def test_run_1(topology_st):
"""
Check nsSSL3Ciphers: +all
All ciphers are enabled except null.
Note: default allowWeakCipher (i.e., off) for +all
"""
_header(topology_st, 'Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'64')])
# Make sure allowWeakCipher is not set.
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'allowWeakCipher', None)])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_0' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:158:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:151 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>

def test_run_2(topology_st):
"""
Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+rsa_aes_128_sha,+rsa_aes_256_sha')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_1' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)
connectWithOpenssl(topology_st, 'AES256-SHA256', False)
> connectWithOpenssl(topology_st, 'AES128-SHA', True)

/export/tests/tickets/ticket48194_test.py:184:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>
cipher = 'AES128-SHA', expect = True

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:108: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:175 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n' INFO lib389.utils:ticket48194_test.py:86 Testing AES256-SHA256 -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES256-SHA256 INFO lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n' INFO lib389.utils:ticket48194_test.py:86 Testing AES128-SHA -- expect to handshake successfully INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher AES128-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, (NONE), Cipher is (NONE)\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>

def test_run_4(topology_st):
"""
Check no nsSSL3Ciphers
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', b'-all')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_3' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:228:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:221 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>

def test_run_5(topology_st):
"""
Check nsSSL3Ciphers: default
Default ciphers are enabled.
default allowWeakCipher
"""
_header(topology_st, 'Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_4' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:250:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 6 - Check default nsSSL3Ciphers (default setting) with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:243 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>

def test_run_6(topology_st):
"""
Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256
All ciphers are disabled.
default allowWeakCipher
"""
_header(topology_st,
'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN,
[(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_5' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:274:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:267 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>

def test_run_8(topology_st):
"""
Check nsSSL3Ciphers: default + allowWeakCipher: off
Strong Default ciphers are enabled.
"""
_header(topology_st, 'Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off)')

topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'default'),
(ldap.MOD_REPLACE, 'allowWeakCipher', b'off')])

log.info("\n######################### Restarting the server ######################\n")
topology_st.standalone.stop(timeout=10)
os.system('mv %s %s.48194_7' % (topology_st.standalone.errlog, topology_st.standalone.errlog))
os.system('touch %s' % (topology_st.standalone.errlog))
time.sleep(2)
topology_st.standalone.start(timeout=120)

> connectWithOpenssl(topology_st, 'DES-CBC3-SHA', False)

/export/tests/tickets/ticket48194_test.py:297:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c620870a0>
cipher = 'DES-CBC3-SHA', expect = False

def connectWithOpenssl(topology_st, cipher, expect):
"""
Connect with the given cipher
Condition:
If expect is True, the handshake should be successful.
If expect is False, the handshake should be refused with
access log: "Cannot communicate securely with peer:
no common encryption algorithm(s)."
"""
log.info("Testing %s -- expect to handshake %s", cipher, "successfully" if expect else "failed")

myurl = 'localhost:%s' % LDAPSPORT
cmdline = ['/usr/bin/openssl', 's_client', '-connect', myurl, '-cipher', cipher]

strcmdline = " ".join(cmdline)
log.info("Running cmdline: %s", strcmdline)

try:
proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
except ValueError:
log.info("%s failed: %s", cmdline, ValueError)
proc.kill()

while True:
l = proc.stdout.readline()
if l == b"":
break
if b'Cipher is' in l:
log.info("Found: %s", l)
if expect:
if b'(NONE)' in l:
assert False
else:
proc.stdin.close()
assert True
else:
if b'(NONE)' in l:
assert True
else:
proc.stdin.close()
> assert False
E assert False

/export/tests/tickets/ticket48194_test.py:117: AssertionError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48194_test.py:40 ############################################### INFO lib389:ticket48194_test.py:41 ####### Test Case 9 - Check default nsSSL3Ciphers (default setting + allowWeakCipher: off) INFO lib389:ticket48194_test.py:42 ############################################### INFO lib389.utils:ticket48194_test.py:290 ######################### Restarting the server ###################### INFO lib389.utils:ticket48194_test.py:86 Testing DES-CBC3-SHA -- expect to handshake failed INFO lib389.utils:ticket48194_test.py:92 Running cmdline: /usr/bin/openssl s_client -connect localhost:63601 -cipher DES-CBC3-SHA INFO lib389.utils:ticket48194_test.py:105 Found: b'New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256\n'

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c613de520>
user = 'uid=user1,dc=example,dc=com', passwd = 'password', times = 6

def update_passwd(topology_st, user, passwd, times):
# Set the default value
cpw = passwd
for i in range(times):
log.info(" Bind as {%s,%s}" % (user, cpw))
topology_st.standalone.simple_bind_s(user, cpw)
# Now update the value for this iter.
cpw = 'password%d' % i
try:
> topology_st.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw.encode())])

/export/tests/tickets/ticket48228_test.py:136:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('uid=user1,dc=example,dc=com', [(2, 'userpassword', b'password0')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x559b3f27c260, file '/usr/local/lib/python3.9/site-packages/lib389/__init__.py', line 173,...mbda>', code_context=[' self._inner_hookexec = lambda hook, methods, kwargs: hook.multicall(\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x559b3f00ec60, file '/export/tests/tickets/ticket48228_test.py', line 141, code update_pass...t=[" topology_st.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw.encode())])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c613de850>
dn = 'uid=user1,dc=example,dc=com'
modlist = [(2, 'userpassword', b'password0')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('uid=user1,dc=example,dc=com', [(2, 'userpassword', b'password0')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c613de850>
dn = 'uid=user1,dc=example,dc=com'
modlist = [(2, 'userpassword', b'password0')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (10,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c613de850>, msgid = 10, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
> resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
resp_ctrl_classes=resp_ctrl_classes
)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (10, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c613de850>, msgid = 10, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f3c60650ed0>, 10, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c613de850>
func = <built-in method result4 of LDAP object at 0x7f3c60650ed0>
args = (10, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.INSUFFICIENT_ACCESS'>
exc_value = INSUFFICIENT_ACCESS({'msgtype': 103, 'msgid': 10, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=user1,dc=example,dc=com'.\n"})
exc_traceback = <traceback object at 0x7f3c60058100>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/lib64/python3.9/site-packages/ldap/compat.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c613de850>
func = <built-in method result4 of LDAP object at 0x7f3c60650ed0>
args = (10, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 10, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=user1,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c613de520>

def test_ticket48228_test_global_policy(topology_st):
"""
Check global password policy
"""
log.info(' Set inhistory = 6')
set_global_pwpolicy(topology_st, 6)

log.info(' Bind as directory manager')
log.info("Bind as %s" % DN_DM)
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)

log.info(' Add an entry' + USER1_DN)
try:
topology_st.standalone.add_s(
Entry((USER1_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
'sn': '1',
'cn': 'user 1',
'uid': 'user1',
'givenname': 'user',
'mail': 'user1@example.com',
'userpassword': 'password'})))
except ldap.LDAPError as e:
log.fatal('test_ticket48228: Failed to add user' + USER1_DN + ': error ' + e.message['desc'])
assert False

log.info(' Update the password of ' + USER1_DN + ' 6 times')
> update_passwd(topology_st, USER1_DN, 'password', 6)

/export/tests/tickets/ticket48228_test.py:174:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c613de520>
user = 'uid=user1,dc=example,dc=com', passwd = 'password', times = 6

def update_passwd(topology_st, user, passwd, times):
# Set the default value
cpw = passwd
for i in range(times):
log.info(" Bind as {%s,%s}" % (user, cpw))
topology_st.standalone.simple_bind_s(user, cpw)
# Now update the value for this iter.
cpw = 'password%d' % i
try:
topology_st.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw.encode())])
except ldap.LDAPError as e:
log.fatal(
> 'test_ticket48228: Failed to update the password ' + cpw + ' of user ' + user + ': error ' + e.message[
'desc'])
E AttributeError: 'INSUFFICIENT_ACCESS' object has no attribute 'message'

/export/tests/tickets/ticket48228_test.py:139: AttributeError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60342a30>

def test_ticket48252_run_0(topology_st):
"""
Delete an entry cn=test_entry0
Check it is not in the 'cn' index file
"""
log.info("Case 1 - Check deleted entry is not in the 'cn' index file")
uas = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
del_rdn = "uid=%s0" % TEST_USER
del_entry = uas.get('%s0' % TEST_USER)
log.info(" Deleting a test entry %s..." % del_entry)
del_entry.delete()

> assert in_index_file(topology_st, 0, 'cn') is False

/export/tests/tickets/ticket48252_test.py:80:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket48252_test.py:57: in in_index_file
dbscanOut = topology_st.standalone.dbscan(DEFAULT_BENAME, index)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:3015: in dbscan
output = subprocess.check_output(cmd)
/usr/lib64/python3.9/subprocess.py:424: in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = (['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-standalone1/db/userRoot/cn.db4'],)
kwargs = {'stdout': -1}
process = <Popen: returncode: -6 args: ['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slap...>
stdout = b'*%20us \n*389 \n*89_ ...9_ds_system \n=demo%20user \n=demo_group '
stderr = None, retcode = -6

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not None:
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads. communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
> raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command '['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-standalone1/db/userRoot/cn.db4']' died with <Signals.SIGABRT: 6>.

/usr/lib64/python3.9/subprocess.py:528: CalledProcessError
------------------------------Captured stderr call------------------------------
free(): double free detected in tcache 2
-------------------------------Captured log call--------------------------------
INFO lib389:__init__.py:3014 Running script: ['/usr/bin/dbscan', '-f', '/var/lib/dirsrv/slapd-standalone1/db/userRoot/cn.db4']

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60342a30>

def test_ticket48252_run_1(topology_st):
"""
Delete an entry cn=test_entry1
Check it is in the 'objectclass' index file as a tombstone entry
"""
log.info("Case 2 - Check deleted entry is in the 'objectclass' index file as a tombstone entry")
uas = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
del_rdn = "uid=%s1" % TEST_USER
> del_entry = uas.get('%s1' % TEST_USER)

/export/tests/tickets/ticket48252_test.py:98:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1146: in get
results = self._get_selector(selector)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:1177: in _get_selector
return self._instance.search_ext_s(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:864: in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:141: in inner
objtype, data = f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:756: in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:760: in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60342550>
func = <built-in method result4 of LDAP object at 0x7f3c6117ede0>
args = (40, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: SERVER_DOWN

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c61460fd0>
entries = None

def test_ticket48266_count_csn_evaluation(topology_m2, entries):
ents = topology_m2.ms["supplier1"].agreement.list(suffix=SUFFIX)
assert len(ents) == 1
> first_csn = _get_first_not_replicated_csn(topology_m2)

/export/tests/tickets/ticket48266_test.py:176:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c61460fd0>

def _get_first_not_replicated_csn(topology_m2):
name = "cn=%s2,%s" % (NEW_ACCOUNT, SUFFIX)

# read the first CSN that will not be replicated
mod = [(ldap.MOD_REPLACE, 'telephonenumber', ensure_bytes('123456'))]
topology_m2.ms["supplier1"].modify_s(name, mod)
msgid = topology_m2.ms["supplier1"].search_ext(name, ldap.SCOPE_SUBTREE, 'objectclass=*', ['nscpentrywsi'])
rtype, rdata, rmsgid = topology_m2.ms["supplier1"].result2(msgid)
attrs = None
for dn, raw_attrs in rdata:
topology_m2.ms["supplier1"].log.info("dn: %s" % dn)
if 'nscpentrywsi' in raw_attrs:
attrs = raw_attrs['nscpentrywsi']
assert attrs
for attr in attrs:
if ensure_str(attr.lower()).startswith('telephonenumber'):
break
assert attr

log.info("############# %s " % name)
# now retrieve the CSN of the operation we are looking for
csn = None
found_ops = topology_m2.ms['supplier1'].ds_access_log.match(".*MOD dn=\"%s\".*" % name)
assert(len(found_ops) > 0)
found_op = topology_m2.ms['supplier1'].ds_access_log.parse_line(found_ops[-1])
log.info(found_op)

# Now look for the related CSN
found_csns = topology_m2.ms['supplier1'].ds_access_log.match(".*conn=%s op=%s RESULT.*" % (found_op['conn'], found_op['op']))
assert(len(found_csns) > 0)
found_csn = topology_m2.ms['supplier1'].ds_access_log.parse_line(found_csns[-1])
log.info(found_csn)
> return found_csn['csn']
E KeyError: 'csn'

/export/tests/tickets/ticket48266_test.py:147: KeyError
-------------------------------Captured log call--------------------------------
INFO lib389:ticket48266_test.py:125 dn: cn=new_account2,dc=example,dc=com INFO tests.tickets.ticket48266_test:ticket48266_test.py:134 ############# cn=new_account2,dc=example,dc=com INFO tests.tickets.ticket48266_test:ticket48266_test.py:140 {'action': 'MOD', 'timestamp': '[24/Apr/2021:00:54:42.496918059 -0400]', 'conn': '1', 'op': '12', 'rem': 'dn="cn=new_account2,dc=example,dc=com"', 'datetime': datetime.datetime(2021, 4, 24, 0, 0, 0, 496918, tzinfo=tzoffset(None, -14400))} INFO tests.tickets.ticket48266_test:ticket48266_test.py:146 {'action': 'RESULT', 'timestamp': '[24/Apr/2021:00:54:42.548602875 -0400]', 'conn': '1', 'op': '12', 'rem': 'err=0 tag=103 nentries=0 wtime=0.000163926 optime=0.051704217 etime=0.051862879 csn=6083a492000000010000', 'datetime': datetime.datetime(2021, 4, 24, 0, 0, 0, 548602, tzinfo=tzoffset(None, -14400))}

topology_m1h1c1 = <lib389.topologies.TopologyMain object at 0x7f3c60329970>

def test_ticket48325(topology_m1h1c1):
"""
Test that the RUV element order is correctly maintained when promoting
a hub or consumer.
"""

#
# Promote consumer to supplier
#
C1 = topology_m1h1c1.cs["consumer1"]
M1 = topology_m1h1c1.ms["supplier1"]
H1 = topology_m1h1c1.hs["hub1"]
repl = ReplicationManager(DEFAULT_SUFFIX)
> repl._ensure_changelog(C1)

/export/tests/tickets/ticket48325_test.py:53:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/replica.py:1928: in _ensure_changelog
cl.create(properties={
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:972: in create
return self._create(rdn, properties, basedn, ensure=False)
/usr/local/lib/python3.9/site-packages/lib389/_mapped_object.py:947: in _create
self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:169: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:425: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c603299d0>
func = <built-in method result4 of LDAP object at 0x7f3c63ea4810>
args = (15, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'msgtype': 105, 'msgid': 15, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': [], 'info': 'Changelog configuration is part of the backend configuration'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: UNWILLING_TO_PERFORM
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for hub1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39101, 'ldap-secureport': 63801, 'server-id': 'hub1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for consumer1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39201, 'ldap-secureport': 63901, 'server-id': 'consumer1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:524 Creating replication topology. INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39101 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39101 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39101 is NOT working (expect 833ffcf8-d6ab-407a-8605-d6d364f9a67e / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39101 is working INFO lib389.replica:replica.py:2211 SUCCESS: joined consumer from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39101 INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39201 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39101 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39201 is was created INFO lib389.replica:replica.py:2268 SUCCESS: joined consumer from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39101 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39201 INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39201 is NOT working (expect a91eda4b-9c16-45e7-8684-3f4dc06c5c26 / got description=833ffcf8-d6ab-407a-8605-d6d364f9a67e) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39201 is working

topology_m3 = <lib389.topologies.TopologyMain object at 0x7f3c601451c0>

def test_ticket4026(topology_m3):
"""Write your replication testcase here.

To access each DirSrv instance use: topology_m3.ms["supplier1"], topology_m3.ms["supplier2"],
..., topology_m3.hub1, ..., topology_m3.consumer1, ...

Also, if you need any testcase initialization,
please, write additional fixture for that(include finalizer).
"""

try:
topology_m3.ms["supplier1"].add_s(Entry((PEOPLE_DN, {
'objectclass': "top extensibleObject".split(),
'ou': 'people'})))
except ldap.ALREADY_EXISTS:
pass

topology_m3.ms["supplier1"].add_s(Entry(('ou=ranges,' + SUFFIX, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'ranges'
})))
for cpt in range(MAX_ACCOUNTS):
name = "user%d" % (cpt)
topology_m3.ms["supplier1"].add_s(Entry(("uid=%s,%s" % (name, PEOPLE_DN), {
'objectclass': 'top posixAccount extensibleObject'.split(),
'uid': name,
'cn': name,
'uidNumber': '1',
'gidNumber': '1',
'homeDirectory': '/home/%s' % name
})))

# make supplier3 having more free slots that supplier2
# so supplier1 will contact supplier3
_dna_config(topology_m3.ms["supplier1"], nextValue=100, maxValue=10)
_dna_config(topology_m3.ms["supplier2"], nextValue=200, maxValue=10)
_dna_config(topology_m3.ms["supplier3"], nextValue=300, maxValue=3000)

# Turn on lots of error logging now.

mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', b'16384')]
# mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '1')]
topology_m3.ms["supplier1"].modify_s('cn=config', mod)
topology_m3.ms["supplier2"].modify_s('cn=config', mod)
topology_m3.ms["supplier3"].modify_s('cn=config', mod)

# We need to wait for the event in dna.c to fire to start the servers
# see dna.c line 899
time.sleep(60)

# add on supplier1 users with description DNA
for cpt in range(10):
name = "user_with_desc1_%d" % (cpt)
topology_m3.ms["supplier1"].add_s(Entry(("uid=%s,%s" % (name, PEOPLE_DN), {
'objectclass': 'top posixAccount extensibleObject'.split(),
'uid': name,
'cn': name,
'description': '-1',
'uidNumber': '1',
'gidNumber': '1',
'homeDirectory': '/home/%s' % name
})))
# give time to negociate supplier1 <--> supplier3
time.sleep(10)
# add on supplier1 users with description DNA
for cpt in range(11, 20):
name = "user_with_desc1_%d" % (cpt)
> topology_m3.ms["supplier1"].add_s(Entry(("uid=%s,%s" % (name, PEOPLE_DN), {
'objectclass': 'top posixAccount extensibleObject'.split(),
'uid': name,
'cn': name,
'description': '-1',
'uidNumber': '1',
'gidNumber': '1',
'homeDirectory': '/home/%s' % name
})))

/export/tests/tickets/ticket48342_test.py:118:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:169: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:439: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:171: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:425: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60145340>
func = <built-in method result4 of LDAP object at 0x7f3c611bd270>
args = (15, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.OPERATIONS_ERROR: {'msgtype': 105, 'msgid': 15, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': 'Allocation of a new value for range cn=dna config,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: OPERATIONS_ERROR
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier3 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39003, 'ldap-secureport': 63703, 'server-id': 'supplier3', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect 424e0fc8-0be5-44a0-bc18-e1d97eb86ae2 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect c83270a6-ab9a-4160-934e-98970472dc5b / got description=424e0fc8-0be5-44a0-bc18-e1d97eb86ae2) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:156 Joining supplier supplier3 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 is NOT working (expect b56daa9f-83cd-4cec-b635-146af70dce71 / got description=c83270a6-ab9a-4160-934e-98970472dc5b) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect cf01cfe5-413e-4740-b299-b02c13d91107 / got description=b56daa9f-83cd-4cec-b635-146af70dce71) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier3 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier3 ... INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 is was created INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier3 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier3 to supplier2 ... INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48342_test:ticket48342_test.py:19 Add dna plugin config entry...ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 INFO tests.tickets.ticket48342_test:ticket48342_test.py:37 Enable the DNA plugin... INFO tests.tickets.ticket48342_test:ticket48342_test.py:44 Restarting the server... INFO tests.tickets.ticket48342_test:ticket48342_test.py:19 Add dna plugin config entry...ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO tests.tickets.ticket48342_test:ticket48342_test.py:37 Enable the DNA plugin... INFO tests.tickets.ticket48342_test:ticket48342_test.py:44 Restarting the server... INFO tests.tickets.ticket48342_test:ticket48342_test.py:19 Add dna plugin config entry...ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39003 INFO tests.tickets.ticket48342_test:ticket48342_test.py:37 Enable the DNA plugin... INFO tests.tickets.ticket48342_test:ticket48342_test.py:44 Restarting the server...

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c611efd60>

def test_ticket48637(topology_st):
"""Test for entry cache corruption

This requires automember and managed entry plugins to be configured.

Then remove the group that automember would use to trigger a failure when
adding a new entry. Automember fails, and then managed entry also fails.

Make sure a base search on the entry returns error 32
"""

if DEBUGGING:
# Add debugging steps(if any)...
pass

#
# Add our setup entries
#
try:
topology_st.standalone.add_s(Entry((PEOPLE_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'people'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add people ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((GROUP_OU, {
'objectclass': 'top organizationalunit'.split(),
'ou': 'groups'})))
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.fatal('Failed to add groups ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_OU, {
'objectclass': 'top extensibleObject'.split(),
'ou': 'mep'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

try:
topology_st.standalone.add_s(Entry((MEP_TEMPLATE, {
'objectclass': 'top mepTemplateEntry'.split(),
'cn': 'mep template',
'mepRDNAttr': 'cn',
'mepStaticAttr': 'objectclass: groupofuniquenames',
'mepMappedAttr': 'cn: $uid'})))
except ldap.LDAPError as e:
log.fatal('Failed to add MEP ou: ' + str(e))
assert False

#
# Configure automember
#
try:
topology_st.standalone.add_s(Entry((AUTO_DN, {
'cn': 'All Users',
'objectclass': ['top', 'autoMemberDefinition'],
'autoMemberScope': 'dc=example,dc=com',
'autoMemberFilter': 'objectclass=person',
'autoMemberDefaultGroup': GROUP_DN,
'autoMemberGroupingAttr': 'uniquemember:dn'})))
except ldap.LDAPError as e:
log.fatal('Failed to configure automember plugin : ' + str(e))
assert False

#
# Configure managed entry plugin
#
try:
topology_st.standalone.add_s(Entry((MEP_DN, {
'cn': 'MEP Definition',
'objectclass': ['top', 'extensibleObject'],
'originScope': 'ou=people,dc=example,dc=com',
'originFilter': 'objectclass=person',
'managedBase': 'ou=groups,dc=example,dc=com',
'managedTemplate': MEP_TEMPLATE})))
except ldap.LDAPError as e:
log.fatal('Failed to configure managed entry plugin : ' + str(e))
assert False

#
# Restart DS
#
topology_st.standalone.restart(timeout=30)

#
# Add entry that should fail since the automember group does not exist
#
try:
topology_st.standalone.add_s(Entry((USER_DN, {
'uid': 'test',
'objectclass': ['top', 'person', 'extensibleObject'],
'sn': 'test',
'cn': 'test'})))
except ldap.LDAPError as e:
pass

#
# Search for the entry - it should not be returned
#
try:
entry = topology_st.standalone.search_s(USER_DN, ldap.SCOPE_SUBTREE,
'objectclass=*')
if entry:
log.fatal('Entry was incorrectly returned')
> assert False
E assert False

/export/tests/tickets/ticket48637_test.py:139: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
CRITICAL tests.tickets.ticket48637_test:ticket48637_test.py:138 Entry was incorrectly returned

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c611ccf70>

def test_ticket48759(topology_st):
"""
The fix for ticket 48759 has to prevent plugin calls for tombstone purging

The test uses the memberof and retrocl plugins to verify this.
In tombstone purging without the fix the mmeberof plugin is called,
if the tombstone entry is a group,
it modifies the user entries for the group
and if retrocl is enabled this mod is written to the retrocl

The test sequence is:
- enable replication
- enable memberof and retro cl plugin
- add user entries
- add a group and add the users as members
- verify memberof is set to users
- delete the group
- verify memberof is removed from users
- add group again
- verify memberof is set to users
- get number of changes in retro cl for one user
- configure tombstone purging
- wait for purge interval to pass
- add a dummy entry to increase maxcsn
- wait for purge interval to pass two times
- get number of changes in retro cl for user again
- assert there was no additional change
"""

log.info('Testing Ticket 48759 - no plugin calls for tombstone purging')

#
# Setup Replication
#
log.info('Setting up replication...')
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.create_first_supplier(topology_st.standalone)
#
# enable dynamic plugins, memberof and retro cl plugin
#
log.info('Enable plugins...')
try:
topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
# Configure memberOf group attribute
try:
> topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofgroupattr',
b'member')])

/export/tests/tickets/ticket48759_test.py:128:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofgroupattr', b'member')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x559b3f173b60, file '/usr/local/lib/python3.9/site-packages/lib389/__init__.py', line 173,...93, function='_hookexec', code_context=[' return self._inner_hookexec(hook, methods, kwargs)\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x559b3f01f4c0, file '/export/tests/tickets/ticket48759_test.py', line 134, code test_ticket..., function='test_ticket48759', code_context=[' topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,\n'], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c611cc640>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofgroupattr', b'member')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('cn=MemberOf Plugin,cn=plugins,cn=config', [(2, 'memberofgroupattr', b'member')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c611cc640>
dn = 'cn=MemberOf Plugin,cn=plugins,cn=config'
modlist = [(2, 'memberofgroupattr', b'member')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (20,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c611cc640>, msgid = 20, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
> resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
resp_ctrl_classes=resp_ctrl_classes
)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (20, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c611cc640>, msgid = 20, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f3c603079f0>, 20, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c611cc640>
func = <built-in method result4 of LDAP object at 0x7f3c603079f0>
args = (20, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.UNWILLING_TO_PERFORM'>
exc_value = UNWILLING_TO_PERFORM({'msgtype': 103, 'msgid': 20, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': []})
exc_traceback = <traceback object at 0x7f3c61336140>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/lib64/python3.9/site-packages/ldap/compat.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c611cc640>
func = <built-in method result4 of LDAP object at 0x7f3c603079f0>
args = (20, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.UNWILLING_TO_PERFORM: {'msgtype': 103, 'msgid': 20, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': []}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: UNWILLING_TO_PERFORM

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c611ccf70>

def test_ticket48759(topology_st):
"""
The fix for ticket 48759 has to prevent plugin calls for tombstone purging

The test uses the memberof and retrocl plugins to verify this.
In tombstone purging without the fix the mmeberof plugin is called,
if the tombstone entry is a group,
it modifies the user entries for the group
and if retrocl is enabled this mod is written to the retrocl

The test sequence is:
- enable replication
- enable memberof and retro cl plugin
- add user entries
- add a group and add the users as members
- verify memberof is set to users
- delete the group
- verify memberof is removed from users
- add group again
- verify memberof is set to users
- get number of changes in retro cl for one user
- configure tombstone purging
- wait for purge interval to pass
- add a dummy entry to increase maxcsn
- wait for purge interval to pass two times
- get number of changes in retro cl for user again
- assert there was no additional change
"""

log.info('Testing Ticket 48759 - no plugin calls for tombstone purging')

#
# Setup Replication
#
log.info('Setting up replication...')
repl = ReplicationManager(DEFAULT_SUFFIX)
repl.create_first_supplier(topology_st.standalone)
#
# enable dynamic plugins, memberof and retro cl plugin
#
log.info('Enable plugins...')
try:
topology_st.standalone.config.set('nsslapd-dynamic-plugins', 'on')
except ldap.LDAPError as e:
ldap.error('Failed to enable dynamic plugins! ' + e.args[0]['desc'])
assert False

topology_st.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
topology_st.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
# Configure memberOf group attribute
try:
topology_st.standalone.modify_s(MEMBEROF_PLUGIN_DN,
[(ldap.MOD_REPLACE,
'memberofgroupattr',
b'member')])
except ldap.LDAPError as e:
log.fatal('Failed to configure memberOf plugin: error ' + e.args[0]['desc'])
> assert False
E assert False

/export/tests/tickets/ticket48759_test.py:134: AssertionError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
CRITICAL tests.tickets.ticket48759_test:ticket48759_test.py:133 Failed to configure memberOf plugin: error Server is unwilling to perform

Fixture "add_entry" called directly. Fixtures are not meant to be called directly,
but are created automatically when test functions request them as parameters.
See https://docs.pytest.org/en/latest/fixture.html for more information about fixtures, and
https://docs.pytest.org/en/latest/deprecations.html#calling-fixtures-directly about how to update your code.
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect 40d1d5f5-eaaf-405d-92a5-c96a3146ea94 / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect fdae86c3-2bac-40de-9524-72daa975477a / got description=40d1d5f5-eaaf-405d-92a5-c96a3146ea94) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48784_test:ticket48784_test.py:90 Ticket 48784 - Allow usage of OpenLDAP libraries that don't use NSS for crypto INFO tests.tickets.ticket48784_test:ticket48784_test.py:50 ######################### Configure SSL/TLS agreements ###################### INFO tests.tickets.ticket48784_test:ticket48784_test.py:51 ######################## supplier1 <-- startTLS -> supplier2 ##################### INFO tests.tickets.ticket48784_test:ticket48784_test.py:53 ##### Update the agreement of supplier1 INFO tests.tickets.ticket48784_test:ticket48784_test.py:58 ##### Update the agreement of supplier2 INFO tests.tickets.ticket48784_test:ticket48784_test.py:68 ######################### Configure SSL/TLS agreements Done ######################

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c6119b520>

def test_ticket48798(topology_st):
"""
Test DH param sizes offered by DS.

"""
topology_st.standalone.enable_tls()

# Confirm that we have a connection, and that it has DH

# Open a socket to the port.
# Check the security settings.
> size = check_socket_dh_param_size(topology_st.standalone.host, topology_st.standalone.sslport)

/export/tests/tickets/ticket48798_test.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket48798_test.py:23: in check_socket_dh_param_size
output = check_output(cmd, shell=True)
/usr/lib64/python3.9/subprocess.py:424: in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

input = None, capture_output = False, timeout = None, check = True
popenargs = ('echo quit | openssl s_client -connect ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:63601 -msg -cipher DH | grep -A 1 ServerKeyExchange',)
kwargs = {'shell': True, 'stdout': -1}
process = <Popen: returncode: 1 args: ['e', 'c', 'h', 'o', ' ', 'q', 'u', 'i', 't', ' ...>
stdout = b'', stderr = None, retcode = 1

def run(*popenargs,
input=None, capture_output=False, timeout=None, check=False, **kwargs):
"""Run command with arguments and return a CompletedProcess instance.

The returned instance will have attributes args, returncode, stdout and
stderr. By default, stdout and stderr are not captured, and those attributes
will be None. Pass stdout=PIPE and/or stderr=PIPE in order to capture them.

If check is True and the exit code was non-zero, it raises a
CalledProcessError. The CalledProcessError object will have the return code
in the returncode attribute, and output & stderr attributes if those streams
were captured.

If timeout is given, and the process takes too long, a TimeoutExpired
exception will be raised.

There is an optional argument "input", allowing you to
pass bytes or a string to the subprocess's stdin. If you use this argument
you may not also use the Popen constructor's "stdin" argument, as
it will be used internally.

By default, all communication is in bytes, and therefore any "input" should
be bytes, and the stdout and stderr will be bytes. If in text mode, any
"input" should be a string, and stdout and stderr will be strings decoded
according to locale encoding, or by "encoding" if set. Text mode is
triggered by setting any of text, encoding, errors or universal_newlines.

The other arguments are the same as for the Popen constructor.
"""
if input is not None:
if kwargs.get('stdin') is not None:
raise ValueError('stdin and input arguments may not both be used.')
kwargs['stdin'] = PIPE

if capture_output:
if kwargs.get('stdout') is not None or kwargs.get('stderr') is not None:
raise ValueError('stdout and stderr arguments may not be used '
'with capture_output.')
kwargs['stdout'] = PIPE
kwargs['stderr'] = PIPE

with Popen(*popenargs, **kwargs) as process:
try:
stdout, stderr = process.communicate(input, timeout=timeout)
except TimeoutExpired as exc:
process.kill()
if _mswindows:
# Windows accumulates the output in a single blocking
# read() call run on child threads, with the timeout
# being done in a join() on those threads. communicate()
# _after_ kill() is required to collect that and add it
# to the exception.
exc.stdout, exc.stderr = process.communicate()
else:
# POSIX _communicate already populated the output so
# far into the TimeoutExpired exception.
process.wait()
raise
except: # Including KeyboardInterrupt, communicate handled that.
process.kill()
# We don't call process.wait() as .__exit__ does that for us.
raise
retcode = process.poll()
if check and retcode:
> raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
E subprocess.CalledProcessError: Command 'echo quit | openssl s_client -connect ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:63601 -msg -cipher DH | grep -A 1 ServerKeyExchange' returned non-zero exit status 1.

/usr/lib64/python3.9/subprocess.py:528: CalledProcessError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
------------------------------Captured stderr call------------------------------
depth=1 C = AU, ST = Queensland, L = 389ds, O = testing, CN = ssca.389ds.example.com verify return:1 depth=0 C = AU, ST = Queensland, L = 389ds, O = testing, GN = ccb935d4-c99d-45d8-94a8-f220ff5d3a4d, CN = ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com verify return:1 DONE

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60481be0>
create_user = None

def test_ticket48808(topology_st, create_user):
log.info('Run multiple paging controls on a single connection')
users_num = 100
page_size = 30
users_list = add_users(topology_st, users_num)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']

log.info('Set user bind')
topology_st.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)

log.info('Create simple paged results control instance')
req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]

for ii in range(3):
log.info('Iteration %d' % ii)
msgid = topology_st.standalone.search_ext(DEFAULT_SUFFIX,
ldap.SCOPE_SUBTREE,
search_flt,
searchreq_attrlist,
serverctrls=controls)
rtype, rdata, rmsgid, rctrls = topology_st.standalone.result3(msgid)
pctrls = [
c
for c in rctrls
if c.controlType == SimplePagedResultsControl.controlType
]

req_ctrl.cookie = pctrls[0].cookie
msgid = topology_st.standalone.search_ext(DEFAULT_SUFFIX,
ldap.SCOPE_SUBTREE,
search_flt,
searchreq_attrlist,
serverctrls=controls)
log.info('Set Directory Manager bind back')
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
del_users(topology_st, users_list)

log.info('Abandon the search')
users_num = 10
page_size = 0
users_list = add_users(topology_st, users_num)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']

log.info('Set user bind')
topology_st.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)

log.info('Create simple paged results control instance')
req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]

msgid = topology_st.standalone.search_ext(DEFAULT_SUFFIX,
ldap.SCOPE_SUBTREE,
search_flt,
searchreq_attrlist,
serverctrls=controls)
rtype, rdata, rmsgid, rctrls = topology_st.standalone.result3(msgid)
pctrls = [
c
for c in rctrls
if c.controlType == SimplePagedResultsControl.controlType
]
assert not pctrls[0].cookie

log.info('Set Directory Manager bind back')
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
del_users(topology_st, users_list)

log.info("Search should fail with 'nsPagedSizeLimit = 5'"
"and 'nsslapd-pagedsizelimit = 15' with 10 users")
conf_attr = b'15'
user_attr = b'5'
expected_rs = ldap.SIZELIMIT_EXCEEDED
users_num = 10
page_size = 10
users_list = add_users(topology_st, users_num)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
conf_attr_bck = change_conf_attr(topology_st, DN_CONFIG,
'nsslapd-pagedsizelimit', conf_attr)
user_attr_bck = change_conf_attr(topology_st, TEST_USER_DN,
'nsPagedSizeLimit', user_attr)

log.info('Set user bind')
topology_st.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)

log.info('Create simple paged results control instance')
req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]

log.info('Expect to fail with SIZELIMIT_EXCEEDED')
with pytest.raises(expected_rs):
> all_results = paged_search(topology_st, controls,
search_flt, searchreq_attrlist)
E Failed: DID NOT RAISE <class 'ldap.SIZELIMIT_EXCEEDED'>

/export/tests/tickets/ticket48808_test.py:252: Failed
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48808_test:ticket48808_test.py:159 Run multiple paging controls on a single connection INFO tests.tickets.ticket48808_test:ticket48808_test.py:48 Adding 100 users INFO tests.tickets.ticket48808_test:ticket48808_test.py:166 Set user bind INFO tests.tickets.ticket48808_test:ticket48808_test.py:169 Create simple paged results control instance INFO tests.tickets.ticket48808_test:ticket48808_test.py:174 Iteration 0 INFO tests.tickets.ticket48808_test:ticket48808_test.py:174 Iteration 1 INFO tests.tickets.ticket48808_test:ticket48808_test.py:174 Iteration 2 INFO tests.tickets.ticket48808_test:ticket48808_test.py:193 Set Directory Manager bind back INFO tests.tickets.ticket48808_test:ticket48808_test.py:75 Deleting 100 users INFO tests.tickets.ticket48808_test:ticket48808_test.py:197 Abandon the search INFO tests.tickets.ticket48808_test:ticket48808_test.py:48 Adding 10 users INFO tests.tickets.ticket48808_test:ticket48808_test.py:204 Set user bind INFO tests.tickets.ticket48808_test:ticket48808_test.py:207 Create simple paged results control instance INFO tests.tickets.ticket48808_test:ticket48808_test.py:224 Set Directory Manager bind back INFO tests.tickets.ticket48808_test:ticket48808_test.py:75 Deleting 10 users INFO tests.tickets.ticket48808_test:ticket48808_test.py:228 Search should fail with 'nsPagedSizeLimit = 5'and 'nsslapd-pagedsizelimit = 15' with 10 users INFO tests.tickets.ticket48808_test:ticket48808_test.py:48 Adding 10 users INFO tests.tickets.ticket48808_test:ticket48808_test.py:95 Set nsslapd-pagedsizelimit to b'15'. Previous value - [b'0']. Modified suffix - cn=config. INFO tests.tickets.ticket48808_test:ticket48808_test.py:95 Set nsPagedSizeLimit to b'5'. Previous value - None. Modified suffix - uid=simplepaged_test,dc=example,dc=com. INFO tests.tickets.ticket48808_test:ticket48808_test.py:243 Set user bind INFO tests.tickets.ticket48808_test:ticket48808_test.py:246 Create simple paged results control instance INFO tests.tickets.ticket48808_test:ticket48808_test.py:250 Expect to fail with SIZELIMIT_EXCEEDED INFO tests.tickets.ticket48808_test:ticket48808_test.py:130 Getting page 0

server = <lib389.DirSrv object at 0x7f3c60060760>, curpw = 'password'
newpw = 'Abcd012+', expstr = 'be ok', rc = 0

def replace_pw(server, curpw, newpw, expstr, rc):
log.info('Binding as {%s, %s}' % (TESTDN, curpw))
server.simple_bind_s(TESTDN, curpw)

hit = 0
log.info('Replacing password: %s -> %s, which should %s' % (curpw, newpw, expstr))
try:
> server.modify_s(TESTDN, [(ldap.MOD_REPLACE, 'userPassword', ensure_bytes(newpw))])

/export/tests/tickets/ticket48896_test.py:53:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('uid=buser123,dc=example,dc=com', [(2, 'userPassword', b'Abcd012+')])
kwargs = {}
c_stack = [FrameInfo(frame=<frame at 0x7f3c612e8040, file '/usr/local/lib/python3.9/site-packages/lib389/__init__.py', line 173,...mbda>', code_context=[' self._inner_hookexec = lambda hook, methods, kwargs: hook.multicall(\n'], index=0), ...]
frame = FrameInfo(frame=<frame at 0x559b3f2aaae0, file '/export/tests/tickets/ticket48896_test.py', line 57, code replace_pw>,...code_context=[" server.modify_s(TESTDN, [(ldap.MOD_REPLACE, 'userPassword', ensure_bytes(newpw))])\n"], index=0)

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60060760>
dn = 'uid=buser123,dc=example,dc=com'
modlist = [(2, 'userPassword', b'Abcd012+')]

def modify_s(self,dn,modlist):
> return self.modify_ext_s(dn,modlist,None,None)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:640:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = ('uid=buser123,dc=example,dc=com', [(2, 'userPassword', b'Abcd012+')], None, None)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60060760>
dn = 'uid=buser123,dc=example,dc=com'
modlist = [(2, 'userPassword', b'Abcd012+')], serverctrls = None
clientctrls = None

def modify_ext_s(self,dn,modlist,serverctrls=None,clientctrls=None):
msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:613:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (8,), kwargs = {'all': 1, 'timeout': -1}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60060760>, msgid = 8, all = 1
timeout = -1, resp_ctrl_classes = None

def result3(self,msgid=ldap.RES_ANY,all=1,timeout=None,resp_ctrl_classes=None):
> resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
msgid,all,timeout,
add_ctrls=0,add_intermediates=0,add_extop=0,
resp_ctrl_classes=resp_ctrl_classes
)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (8, 1, -1)
kwargs = {'add_ctrls': 0, 'add_extop': 0, 'add_intermediates': 0, 'resp_ctrl_classes': None}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60060760>, msgid = 8, all = 1
timeout = -1, add_ctrls = 0, add_intermediates = 0, add_extop = 0
resp_ctrl_classes = None

def result4(self,msgid=ldap.RES_ANY,all=1,timeout=None,add_ctrls=0,add_intermediates=0,add_extop=0,resp_ctrl_classes=None):
if timeout is None:
timeout = self.timeout
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

args = (<built-in method result4 of LDAP object at 0x7f3c60f4ac30>, 8, 1, -1, 0, 0, ...)
kwargs = {}

def inner(*args, **kwargs):
if name in [
'add_s',
'bind_s',
'delete_s',
'modify_s',
'modrdn_s',
'rename_s',
'sasl_interactive_bind_s',
'search_s',
'search_ext_s',
'simple_bind_s',
'unbind_s',
'getEntry',
] and not ('escapehatch' in kwargs and kwargs['escapehatch'] == 'i am sure'):
c_stack = inspect.stack()
frame = c_stack[1]

warnings.warn(DeprecationWarning("Use of raw ldap function %s. This will be removed in a future release. "
"Found in: %s:%s" % (name, frame.filename, frame.lineno)))
# Later, we will add a sleep here to make it even more painful.
# Finally, it will raise an exception.
elif 'escapehatch' in kwargs:
kwargs.pop('escapehatch')

if name == 'result':
objtype, data = f(*args, **kwargs)
# data is either a 2-tuple or a list of 2-tuples
# print data
if data:
if isinstance(data, tuple):
return objtype, Entry(data)
elif isinstance(data, list):
# AD sends back these search references
# if objtype == ldap.RES_SEARCH_RESULT and \
# isinstance(data[-1],tuple) and \
# not data[-1][0]:
# print "Received search reference: "
# pprint.pprint(data[-1][1])
# data.pop() # remove the last non-entry element

return objtype, [Entry(x) for x in data]
else:
raise TypeError("unknown data type %s returned by result" %
type(data))
else:
return objtype, data
elif name.startswith('add'):
# the first arg is self
# the second and third arg are the dn and the data to send
# We need to convert the Entry into the format used by
# python-ldap
ent = args[0]
if isinstance(ent, Entry):
return f(ent.dn, ent.toTupleList(), *args[2:])
else:
return f(*args, **kwargs)
else:
> return f(*args, **kwargs)

/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60060760>
func = <built-in method result4 of LDAP object at 0x7f3c60f4ac30>
args = (8, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
result = func(*args,**kwargs)
if __debug__ and self._trace_level>=2:
if func.__name__!="unbind_ext":
diagnostic_message_success = self._l.get_option(ldap.OPT_DIAGNOSTIC_MESSAGE)
finally:
self._ldap_object_lock.release()
except LDAPError as e:
exc_type,exc_value,exc_traceback = sys.exc_info()
try:
if 'info' not in e.args[0] and 'errno' in e.args[0]:
e.args[0]['info'] = strerror(e.args[0]['errno'])
except IndexError:
pass
if __debug__ and self._trace_level>=2:
self._trace_file.write('=> LDAPError - %s: %s\n' % (e.__class__.__name__,str(e)))
try:
> reraise(exc_type, exc_value, exc_traceback)

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

exc_type = <class 'ldap.INSUFFICIENT_ACCESS'>
exc_value = INSUFFICIENT_ACCESS({'msgtype': 103, 'msgid': 8, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=buser123,dc=example,dc=com'.\n"})
exc_traceback = <traceback object at 0x7f3c612b60c0>

def reraise(exc_type, exc_value, exc_traceback):
"""Re-raise an exception given information from sys.exc_info()

Note that unlike six.reraise, this does not support replacing the
traceback. All arguments must come from a single sys.exc_info() call.
"""
# In Python 3, all exception info is contained in one object.
> raise exc_value

/usr/lib64/python3.9/site-packages/ldap/compat.py:46:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c60060760>
func = <built-in method result4 of LDAP object at 0x7f3c60f4ac30>
args = (8, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.INSUFFICIENT_ACCESS: {'msgtype': 103, 'msgid': 8, 'result': 50, 'desc': 'Insufficient access', 'ctrls': [], 'info': "Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=buser123,dc=example,dc=com'.\n"}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: INSUFFICIENT_ACCESS

During handling of the above exception, another exception occurred:

topology_st = <lib389.topologies.TopologyMain object at 0x7f3c60f43070>

def test_ticket48896(topology_st):
"""
"""
log.info('Testing Ticket 48896 - Default Setting for passwordMinTokenLength does not work')

log.info("Setting global password policy with password syntax.")
topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'passwordCheckSyntax', b'on'),
(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', b'on')])

config = topology_st.standalone.search_s(CONFIG_DN, ldap.SCOPE_BASE, 'cn=*')
mintokenlen = config[0].getValue('passwordMinTokenLength')
history = config[0].getValue('passwordInHistory')

log.info('Default passwordMinTokenLength == %s' % mintokenlen)
log.info('Default passwordInHistory == %s' % history)

log.info('Adding a user.')
curpw = 'password'
topology_st.standalone.add_s(Entry((TESTDN,
{'objectclass': "top person organizationalPerson inetOrgPerson".split(),
'cn': 'test user',
'sn': 'user',
'userPassword': curpw})))

newpw = 'Abcd012+'
exp = 'be ok'
rc = 0
> replace_pw(topology_st.standalone, curpw, newpw, exp, rc)

/export/tests/tickets/ticket48896_test.py:94:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

server = <lib389.DirSrv object at 0x7f3c60060760>, curpw = 'password'
newpw = 'Abcd012+', expstr = 'be ok', rc = 0

def replace_pw(server, curpw, newpw, expstr, rc):
log.info('Binding as {%s, %s}' % (TESTDN, curpw))
server.simple_bind_s(TESTDN, curpw)

hit = 0
log.info('Replacing password: %s -> %s, which should %s' % (curpw, newpw, expstr))
try:
server.modify_s(TESTDN, [(ldap.MOD_REPLACE, 'userPassword', ensure_bytes(newpw))])
except Exception as e:
log.info("Exception (expected): %s" % type(e).__name__)
hit = 1
> assert isinstance(e, rc)
E TypeError: isinstance() arg 2 must be a type or tuple of types

/export/tests/tickets/ticket48896_test.py:57: TypeError
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for standalone1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 38901, 'ldap-secureport': 63601, 'server-id': 'standalone1', 'suffix': 'dc=example,dc=com'} was created.
-------------------------------Captured log call--------------------------------
INFO tests.tickets.ticket48896_test:ticket48896_test.py:69 Testing Ticket 48896 - Default Setting for passwordMinTokenLength does not work INFO tests.tickets.ticket48896_test:ticket48896_test.py:71 Setting global password policy with password syntax. INFO tests.tickets.ticket48896_test:ticket48896_test.py:80 Default passwordMinTokenLength == b'3' INFO tests.tickets.ticket48896_test:ticket48896_test.py:81 Default passwordInHistory == b'6' INFO tests.tickets.ticket48896_test:ticket48896_test.py:83 Adding a user. INFO tests.tickets.ticket48896_test:ticket48896_test.py:47 Binding as {uid=buser123,dc=example,dc=com, password} INFO tests.tickets.ticket48896_test:ticket48896_test.py:51 Replacing password: password -> Abcd012+, which should be ok INFO tests.tickets.ticket48896_test:ticket48896_test.py:55 Exception (expected): INSUFFICIENT_ACCESS

topology_m2 = <lib389.topologies.TopologyMain object at 0x7f3c60648a60>

def test_ticket48916(topology_m2):
"""
https://bugzilla.redhat.com/show_bug.cgi?id=1353629

This is an issue with ID exhaustion in DNA causing a crash.

To access each DirSrv instance use: topology_m2.ms["supplier1"], topology_m2.ms["supplier2"],
..., topology_m2.hub1, ..., topology_m2.consumer1,...


"""

if DEBUGGING:
# Add debugging steps(if any)...
pass

# Enable the plugin on both servers

dna_m1 = topology_m2.ms["supplier1"].plugins.get('Distributed Numeric Assignment Plugin')
dna_m2 = topology_m2.ms["supplier2"].plugins.get('Distributed Numeric Assignment Plugin')

# Configure it
# Create the container for the ranges to go into.

topology_m2.ms["supplier1"].add_s(Entry(
('ou=Ranges,%s' % DEFAULT_SUFFIX, {
'objectClass': 'top organizationalUnit'.split(' '),
'ou': 'Ranges',
})
))

# Create the dnaAdmin?

# For now we just pinch the dn from the dna_m* types, and add the relevant child config
# but in the future, this could be a better plugin template type from lib389

config_dn = dna_m1.dn

topology_m2.ms["supplier1"].add_s(Entry(
('cn=uids,%s' % config_dn, {
'objectClass': 'top dnaPluginConfig'.split(' '),
'cn': 'uids',
'dnatype': 'uidNumber gidNumber'.split(' '),
'dnafilter': '(objectclass=posixAccount)',
'dnascope': '%s' % DEFAULT_SUFFIX,
'dnaNextValue': '1',
'dnaMaxValue': '50',
'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX,
'dnaThreshold': '0',
'dnaRangeRequestTimeout': '60',
'dnaMagicRegen': '-1',
'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX,
'dnaRemoteBindCred': 'secret123',
'dnaNextRange': '80-90'
})
))

topology_m2.ms["supplier2"].add_s(Entry(
('cn=uids,%s' % config_dn, {
'objectClass': 'top dnaPluginConfig'.split(' '),
'cn': 'uids',
'dnatype': 'uidNumber gidNumber'.split(' '),
'dnafilter': '(objectclass=posixAccount)',
'dnascope': '%s' % DEFAULT_SUFFIX,
'dnaNextValue': '61',
'dnaMaxValue': '70',
'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX,
'dnaThreshold': '2',
'dnaRangeRequestTimeout': '60',
'dnaMagicRegen': '-1',
'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX,
'dnaRemoteBindCred': 'secret123',
})
))

# Enable the plugins
dna_m1.enable()
dna_m2.enable()

# Restart the instances
topology_m2.ms["supplier1"].restart(60)
topology_m2.ms["supplier2"].restart(60)

# Wait for a replication .....
time.sleep(40)

# Allocate the 10 members to exhaust

for i in range(1, 11):
_create_user(topology_m2.ms["supplier2"], i)

# Allocate the 11th
> _create_user(topology_m2.ms["supplier2"], 11)

/export/tests/tickets/ticket48916_test.py:126:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/export/tests/tickets/ticket48916_test.py:21: in _create_user
inst.add_s(Entry(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:169: in inner
return f(ent.dn, ent.toTupleList(), *args[2:])
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:439: in add_s
return self.add_ext_s(dn,modlist,None,None)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:171: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:425: in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:764: in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:774: in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
/usr/local/lib/python3.9/site-packages/lib389/__init__.py:173: in inner
return f(*args, **kwargs)
/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:340: in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
/usr/lib64/python3.9/site-packages/ldap/compat.py:46: in reraise
raise exc_value
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <lib389.DirSrv object at 0x7f3c606869d0>
func = <built-in method result4 of LDAP object at 0x7f3c6145a840>
args = (13, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None
exc_type = None, exc_value = None, exc_traceback = None

def _ldap_call(self,func,*args,**kwargs):
"""
Wrapper method mainly for serializing calls into OpenLDAP libs
and trace logs
"""
self._ldap_object_lock.acquire()
if __debug__:
if self._trace_level>=1:
self._trace_file.write('*** %s %s - %s\n%s\n' % (
repr(self),
self._uri,
'.'.join((self.__class__.__name__,func.__name__)),
pprint.pformat((args,kwargs))
))
if self._trace_level>=9:
traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file)
diagnostic_message_success = None
try:
try:
> result = func(*args,**kwargs)
E ldap.OPERATIONS_ERROR: {'msgtype': 105, 'msgid': 13, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': 'Allocation of a new value for range cn=uids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.'}

/usr/lib64/python3.9/site-packages/ldap/ldapobject.py:324: OPERATIONS_ERROR
-------------------------------Captured log setup-------------------------------
INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier1 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39001, 'ldap-secureport': 63701, 'server-id': 'supplier1', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.SetupDs:setup.py:658 Starting installation... INFO lib389.SetupDs:setup.py:686 Completed installation for supplier2 INFO lib389.topologies:topologies.py:109 Instance with parameters {'ldap-port': 39002, 'ldap-secureport': 63702, 'server-id': 'supplier2', 'suffix': 'dc=example,dc=com'} was created. INFO lib389.topologies:topologies.py:142 Creating replication topology. INFO lib389.topologies:topologies.py:156 Joining supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2084 SUCCESS: bootstrap to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 completed INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is was created INFO lib389.replica:replica.py:2365 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is was created INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is NOT working (expect 06ff1d2c-bb8b-409c-9b50-770f14816b3f / got description=None) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 is working INFO lib389.replica:replica.py:2498 Retry: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is NOT working (expect 9cc138c4-46c5-4701-b397-d6bc37406819 / got description=06ff1d2c-bb8b-409c-9b50-770f14816b3f) INFO lib389.replica:replica.py:2496 SUCCESS: Replication from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 is working INFO lib389.replica:replica.py:2153 SUCCESS: joined supplier from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier1 to supplier2 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 already exists INFO lib389.topologies:topologies.py:164 Ensuring supplier supplier2 to supplier1 ... INFO lib389.replica:replica.py:2338 SUCCESS: Agreement from ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39002 to ldap://ci-vm-10-0-137-248.hosted.upshift.rdu2.redhat.com:39001 already exists