Imported Upstream version 4.3.1

ipatests/test_ipaserver/test_ldap.py

@@ -25,18 +25,21 @@
 
 # The DM password needs to be set in ~/.ipa/.dmpw
 
-from __future__ import absolute_import
-
 import os
 import sys
-import unittest
 
 import pytest
+import nose
+from nose.tools import assert_raises  # pylint: disable=E0611
+import nss.nss as nss
 import six
 
+from ipaserver.plugins.ldap2 import ldap2
+from ipalib.plugins.service import service, service_show
+from ipalib.plugins.host import host
+from ipalib import api, x509, create_api, errors
+from ipapython import ipautil
 from ipaplatform.paths import paths
-from ipaserver.plugins.ldap2 import ldap2, AUTOBIND_DISABLED
-from ipalib import api, create_api, errors
 from ipapython.dn import DN
 
 if six.PY3:
@@ -44,7 +47,6 @@ if six.PY3:
 
 
 @pytest.mark.tier0
-@pytest.mark.needs_ipaapi
 class test_ldap(object):
     """
     Test various LDAP client bind methods.
@@ -52,7 +54,9 @@ class test_ldap(object):
 
     def setup(self):
         self.conn = None
-        self.ldapuri = api.env.ldap_uri
+        self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host)
+        self.ccache = paths.TMP_KRB5CC % os.getuid()
+        nss.nss_init_nodb()
         self.dn = DN(('krbprincipalname','ldap/%s@%s' % (api.env.host, api.env.realm)),
                      ('cn','services'),('cn','accounts'),api.env.basedn)
 
@@ -64,8 +68,8 @@ class test_ldap(object):
         """
         Test an anonymous LDAP bind using ldap2
         """
-        self.conn = ldap2(api)
-        self.conn.connect(autobind=AUTOBIND_DISABLED)
+        self.conn = ldap2(api, ldap_uri=self.ldapuri)
+        self.conn.connect()
         dn = api.env.basedn
         entry_attrs = self.conn.get_entry(dn, ['associateddomain'])
         domain = entry_attrs.single_value['associateddomain']
@@ -75,29 +79,34 @@ class test_ldap(object):
         """
         Test a GSSAPI LDAP bind using ldap2
         """
-        self.conn = ldap2(api)
-        self.conn.connect(autobind=AUTOBIND_DISABLED)
+        if not ipautil.file_exists(self.ccache):
+            raise nose.SkipTest('Missing ccache %s' % self.ccache)
+        self.conn = ldap2(api, ldap_uri=self.ldapuri)
+        self.conn.connect(ccache='FILE:%s' % self.ccache)
         entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
-        cert = entry_attrs.get('usercertificate')[0]
-        assert cert.serial_number is not None
+        cert = entry_attrs.get('usercertificate')
+        cert = cert[0]
+        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        assert serial is not None
 
     def test_simple(self):
         """
         Test a simple LDAP bind using ldap2
         """
         pwfile = api.env.dot_ipa + os.sep + ".dmpw"
-        if os.path.isfile(pwfile):
-            with open(pwfile, "r") as fp:
-                dm_password = fp.read().rstrip()
+        if ipautil.file_exists(pwfile):
+            fp = open(pwfile, "r")
+            dm_password = fp.read().rstrip()
+            fp.close()
         else:
-            raise unittest.SkipTest(
-                "No directory manager password in %s" % pwfile
-            )
-        self.conn = ldap2(api)
+            raise nose.SkipTest("No directory manager password in %s" % pwfile)
+        self.conn = ldap2(api, ldap_uri=self.ldapuri)
         self.conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
         entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
-        cert = entry_attrs.get('usercertificate')[0]
-        assert cert.serial_number is not None
+        cert = entry_attrs.get('usercertificate')
+        cert = cert[0]
+        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        assert serial is not None
 
     def test_Backend(self):
         """
@@ -108,40 +117,47 @@ class test_ldap(object):
         # a client-only api. Then we register in the commands and objects
         # we need for the test.
         myapi = create_api(mode=None)
-        myapi.bootstrap(context='cli', in_server=True, confdir=paths.ETC_IPA)
+        myapi.bootstrap(context='cli', in_server=True, in_tree=True)
+        myapi.add_plugin(ldap2)
+        myapi.add_plugin(host)
+        myapi.add_plugin(service)
+        myapi.add_plugin(service_show)
         myapi.finalize()
 
         pwfile = api.env.dot_ipa + os.sep + ".dmpw"
-        if os.path.isfile(pwfile):
-            with open(pwfile, "r") as fp:
-                dm_password = fp.read().rstrip()
+        if ipautil.file_exists(pwfile):
+            fp = open(pwfile, "r")
+            dm_password = fp.read().rstrip()
+            fp.close()
         else:
-            raise unittest.SkipTest(
-                "No directory manager password in %s" % pwfile
-            )
+            raise nose.SkipTest("No directory manager password in %s" % pwfile)
         myapi.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)
 
         result = myapi.Command['service_show']('ldap/%s@%s' %  (api.env.host, api.env.realm,))
         entry_attrs = result['result']
-        cert = entry_attrs.get('usercertificate')[0]
-        assert cert.serial_number is not None
+        cert = entry_attrs.get('usercertificate')
+        cert = cert[0]
+        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        assert serial is not None
 
     def test_autobind(self):
         """
         Test an autobind LDAP bind using ldap2
         """
-        self.conn = ldap2(api)
+        ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % api.env.realm.replace('.','-')
+        self.conn = ldap2(api, ldap_uri=ldapuri)
         try:
             self.conn.connect(autobind=True)
         except errors.ACIError:
-            raise unittest.SkipTest("Only executed as root")
+            raise nose.SkipTest("Only executed as root")
         entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
-        cert = entry_attrs.get('usercertificate')[0]
-        assert cert.serial_number is not None
+        cert = entry_attrs.get('usercertificate')
+        cert = cert[0]
+        serial = unicode(x509.get_serial_number(cert, x509.DER))
+        assert serial is not None
 
 
 @pytest.mark.tier0
-@pytest.mark.needs_ipaapi
 class test_LDAPEntry(object):
     """
     Test the LDAPEntry class
@@ -152,9 +168,9 @@ class test_LDAPEntry(object):
     dn2 = DN(('cn', cn2[0]))
 
     def setup(self):
-        self.ldapuri = api.env.ldap_uri
-        self.conn = ldap2(api)
-        self.conn.connect(autobind=AUTOBIND_DISABLED)
+        self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host)
+        self.conn = ldap2(api, ldap_uri=self.ldapuri)
+        self.conn.connect()
 
         self.entry = self.conn.make_entry(self.dn1, cn=self.cn1)
 
@@ -168,15 +184,9 @@ class test_LDAPEntry(object):
         assert u'cn' in e
         assert u'cn' in e.keys()
         assert 'CN' in e
-        if six.PY2:
-            assert 'CN' not in e.keys()
-        else:
-            assert 'CN' in e.keys()
+        assert 'CN' not in e.keys()
         assert 'commonName' in e
-        if six.PY2:
-            assert 'commonName' not in e.keys()
-        else:
-            assert 'commonName' in e.keys()
+        assert 'commonName' not in e.keys()
         assert e['CN'] is self.cn1
         assert e['CN'] is e[u'cn']
 
@@ -189,15 +199,9 @@ class test_LDAPEntry(object):
         assert u'cn' in e
         assert u'cn' in e.keys()
         assert 'CN' in e
-        if six.PY2:
-            assert 'CN' not in e.keys()
-        else:
-            assert 'CN' in e.keys()
+        assert 'CN' not in e.keys()
         assert 'commonName' in e
-        if six.PY2:
-            assert 'commonName' not in e.keys()
-        else:
-            assert 'commonName' in e.keys()
+        assert 'commonName' not in e.keys()
         assert e['CN'] is self.cn2
         assert e['CN'] is e[u'cn']
 
@@ -214,7 +218,7 @@ class test_LDAPEntry(object):
     def test_popitem(self):
         e = self.entry
         assert e.popitem() == ('cn', self.cn1)
-        assert list(e) == []
+        list(e) == []
 
     def test_setdefault(self):
         e = self.entry
@@ -234,7 +238,7 @@ class test_LDAPEntry(object):
         assert e.pop('cn') == self.cn1
         assert 'cn' not in e
         assert e.pop('cn', 'default') is 'default'
-        with pytest.raises(KeyError):
+        with assert_raises(KeyError):
             e.pop('cn')
 
     def test_clear(self):
@@ -277,33 +281,33 @@ class test_LDAPEntry(object):
         assert e['test'] is nice
 
         raw = e.raw['test']
-        assert raw == [b'1', b'2', b'3']
+        assert raw == ['1', '2', '3']
 
         nice.remove(1)
         assert e.raw['test'] is raw
-        assert raw == [b'2', b'3']
+        assert raw == ['2', '3']
 
-        raw.append(b'4')
+        raw.append('4')
         assert e['test'] is nice
         assert nice == [2, 3, u'4']
 
         nice.remove(2)
-        raw.append(b'5')
+        raw.append('5')
         assert nice == [3, u'4']
-        assert raw == [b'2', b'3', b'4', b'5']
+        assert raw == ['2', '3', '4', '5']
         assert e['test'] is nice
         assert e.raw['test'] is raw
         assert nice == [3, u'4', u'5']
-        assert raw == [b'3', b'4', b'5']
+        assert raw == ['3', '4', '5']
 
         nice.insert(0, 2)
-        raw.remove(b'4')
+        raw.remove('4')
         assert nice == [2, 3, u'4', u'5']
-        assert raw == [b'3', b'5']
+        assert raw == ['3', '5']
         assert e.raw['test'] is raw
         assert e['test'] is nice
         assert nice == [2, 3, u'5']
-        assert raw == [b'3', b'5', b'2']
+        assert raw == ['3', '5', '2']
 
         raw = [b'a', b'b']
         e.raw['test'] = raw
@@ -315,5 +319,5 @@ class test_LDAPEntry(object):
         assert e['test'] is nice
         assert e.raw['test'] == [b'not list']
 
-        e.raw['test'].append(b'second')
+        e.raw['test'].append('second')
         assert e['test'] == ['not list', u'second']