ipatests: Test to check that the configured value for "nsslapd-ignore-time-skew" remains on even after a "force-sync" is done

Related: https://pagure.io/freeipa/issue/9635 Signed-off-by: Sudhir Menon <sumenon@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2025-02-25 18:55:28 -06:00 · 2024-08-13 15:06:12 +05:30
parent ed813fe6f0
commit f5c7237204
1 changed files with 66 additions and 0 deletions
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@@ -2123,3 +2123,69 @@ class TestHostnameValidator(IntegrationTest):
        assert result.returncode == 1
        assert 'hostname cannot be the same as the domain name' \
            in result.stderr_text
+
+
+class TestNsslapdIgnoreTimeSkew(IntegrationTest):
+    """
+    Test to check nsslapd-ignore-time-skew is not disabled.
+    """
+    num_replicas = 1
+    topology = 'line'
+
+    @pytest.fixture
+    def update_time_skew(self):
+        """
+        Fixture enables nsslapd-ignore-time-skew
+        parameter and reverts it back
+        """
+        ldap = self.replicas[0].ldap_connect()
+        dn = DN(
+            ("cn", "config"),
+        )
+        entry = ldap.get_entry(dn)
+        entry.single_value["nsslapd-ignore-time-skew"] = 'on'
+        ldap.update_entry(entry)
+
+        yield
+
+        entry = ldap.get_entry(dn)
+        entry.single_value["nsslapd-ignore-time-skew"] = 'off'
+        ldap.update_entry(entry)
+
+    def test_check_nsslapd_ignore_time_skew(self):
+        """
+        This testcase checks that the ignore time skew parameter
+        is set to on during the directory server replica
+        installation (replication of the suffix) and during
+        the CA replica (replication of o=ipaca).
+        It also checks that the time skew is reverted during
+        pki_tomcat setup stage.
+        """
+        DIRSRV_LOG = (
+            "ignore time skew for initial replication"
+        )
+        PKI_TOMCAT_LOG = (
+            "revert time skew after initial replication"
+        )
+        install_msg = self.replicas[0].get_file_contents(
+            paths.IPAREPLICA_INSTALL_LOG, encoding="utf-8"
+        )
+        dirsrv_msg = re.findall(DIRSRV_LOG, install_msg)
+        assert len(dirsrv_msg) == 2
+        assert PKI_TOMCAT_LOG in install_msg
+
+    def test_forcesync_does_not_overwrite_ignore_time_skew(
+            self, update_time_skew):
+        """
+        This testcase checks that calling ipa-replica-manage
+        force-sync does not overwrite the value of ignore
+        time skew
+        """
+        result = self.replicas[0].run_command(
+            ["ipa-replica-manage", "force-sync",
+             "--from", self.master.hostname,
+             "--no-lookup", "-v"])
+        assert result.returncode == 0
+        conn = self.replicas[0].ldap_connect()
+        ldap_entry = conn.get_entry(DN("cn=config"))
+        assert ldap_entry.single_value['nsslapd-ignore-time-skew'] == "on"