IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: Verify that SIDgen task continue even if it fails to assign sid

Browse Source 
related: https://pagure.io/freeipa/issue/9618

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Mohammad Rizwan
2024-07-11 18:14:52 +05:30
committed by Florence Blanc-Renaud
parent 81401e6c01
commit ee96c129a6
1 changed files with 71 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
ipatests/test_integration/test_commands.py
View File

@@ -1267,7 +1267,7 @@ class TestIPACommand(IntegrationTest):
def get_dirsrv_id(self):
serverid = realm_to_serverid(self.master.domain.realm)
return("dirsrv@%s.service" % serverid)
return ("dirsrv@%s.service" % serverid)
def test_ipa_nis_manage_enable(self):
"""
@@ -1769,7 +1769,7 @@ class TestIPACommandWithoutReplica(IntegrationTest):
api.bootstrap_with_global_options(context='server')
api.finalize()
api.Backend.ldap2.connect()
api.Command["group_add"]("testgroup1", external=True)
api.Command["group_add"]("testgroup2", external=False)
result1 = api.Command["group_show"]("testgroup1", all=True)["result"] # noqa: E501
@@ -1814,6 +1814,75 @@ class TestIPACommandWithoutReplica(IntegrationTest):
'/tmp/reproducer2_code.py'])
assert "missing attribute" not in result.stdout_text
def test_sidgen_task_continue_on_error(self):
"""Verify that SIDgen task continue even if it fails to assign sid
scenario:
- add a user with no uid (it will be auto-assigned inside
the range)
- add a user with uid 2000
- add a user with no uid (it will be auto-assigned inside
the range)
- edit the first and 3rd users, remove the objectclass
ipaNTUserAttrs and the attribute ipaNTSecurityIdentifier
- run the sidgen task
- verify that user1 and user3 have a ipaNTSecurityIdentifier
- verify that old error message is not seen in dirsrv error log
- verify that new error message is seen in dirsrv error log
related: https://pagure.io/freeipa/issue/9618
"""
test_user1 = 'test_user1'
test_user2 = 'test_user2'
test_user2000 = 'test_user2000'
base_dn = str(self.master.domain.basedn)
old_err_msg = 'Cannot add SID to existing entry'
new_err_msg = r'Finished with [0-9]+ failures, please check the log'
tasks.kinit_admin(self.master)
tasks.user_add(self.master, test_user1)
self.master.run_command(
['ipa', 'user-add', test_user2000,
'--first', 'test', '--last', 'user',
'--uid', '2000']
)
tasks.user_add(self.master, test_user2)
for user in (test_user1, test_user2):
entry_ldif = textwrap.dedent("""
dn: uid={user},cn=users,cn=accounts,{base_dn}
changetype: modify
delete: ipaNTSecurityIdentifier
-
delete: objectclass
objectclass: ipaNTUserAttrs
""").format(
user=user,
base_dn=base_dn)
tasks.ldapmodify_dm(self.master, entry_ldif)
# run sidgen task
self.master.run_command(
['ipa', 'config-mod', '--add-sids', '--enable-sid']
)
# ensure that sidgen have added the attr removed above
for user in (test_user1, test_user2):
result = tasks.ldapsearch_dm(
self.master,
'uid={user},cn=users,cn=accounts,{base_dn}'.format(
user=user, base_dn=base_dn),
['ipaNTSecurityIdentifier']
)
assert 'ipaNTSecurityIdentifier' in result.stdout_text
dashed_domain = self.master.domain.realm.replace(".", '-')
dirsrv_error_log = self.master.get_file_contents(
paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % (dashed_domain),
encoding='utf-8'
)
assert old_err_msg not in dirsrv_error_log
assert re.search(new_err_msg, dirsrv_error_log)
class TestIPAautomount(IntegrationTest):
@classmethod