{ 'startDS' : True } '++++ Application add group entry %s' % newStaticGroup { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'DNToAdd' : newStaticGroupDn, 'listAttributes' : listAttr } '++++ Application do a search to check the entry has been created' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'dsBaseDN' : newStaticGroupDn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uniquemember' } '++++ Check the search return entry %s' % user11Dn { 'string2find' : user11Dn , 'mainString' : STAXResult[0][1] , 'nbExpected' : 1 } { 'baseDn' : user11Dn , 'string2find' : newStaticGroupDn , 'nbExpected' : 1 } '++++ Delete the group entry %s' % newStaticGroup { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : applicationDn , 'dsInstancePswd' : applicationPswd , 'dsBaseDN' : newStaticGroupDn, } '++++ Check the group entry %s no more exist' % newStaticGroup { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'dsBaseDN' : newStaticGroupDn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uniquemember', 'expectedRC' : 32 } { 'baseDn' : user11Dn , 'string2find' : newStaticGroupDn, 'nbExpected' : 0 } '++++ user %s, not member of the group, do a search, should pass' % user11 { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : user11Dn, 'dsInstancePswd' : user11Pswd, 'dsBaseDN' : user11Dn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uid', 'expectedRC' : 0 } { 'string2find' : 'uid' , 'mainString' : STAXResult[0][1], 'nbExpected' : 2 } '++++ user %s, member of the group do a search, should be denied has group have no permission' % user1 { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : user1Dn, 'dsInstancePswd' : user1Pswd, 'dsBaseDN' : user1Dn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uid', 'expectedRC' : 0 } '++++ Check the search return nothing' { 'string2find' : 'dn', 'mainString' : STAXResult[0][1], 'nbExpected' : 0 } { 'baseDn' : user1Dn , 'string2find' : staticGroup1Dn, 'nbExpected' : 1 } '++++ Application do a search on static group, should work' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'dsBaseDN' : staticGroup1Dn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uniquemember' } '++++ Check ldapsearch result return 10 entries' { 'string2find' : 'uniquemember', 'mainString' : STAXReason, 'caseSensitive' : 'false', 'nbExpected' : 10 } '++++ Application add a new user %s / %s into the static group' % (user11Dn,user11Pswd) { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'DNToModify' : staticGroup1Dn, 'changetype' : 'add', 'attributeName' : 'uniquemember', 'newAttributeValue' : user11Dn } '++++ Application search users through the static group' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : applicationDn , 'dsInstancePswd' : applicationPswd , 'dsBaseDN' : staticGroup1Dn , 'dsFilter' : 'objectclass=*' , 'dsAttributes' : 'uniquemember' } '++++ Check ldapsearch result returns the new entry uid' { 'string2find' : user11Dn , 'mainString' : ldapSearchResult , 'nbExpected' : 1 } '++++ Check added user %s has no more privileges' % user11 { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : user11Dn, 'dsInstancePswd' : user11Pswd, 'dsBaseDN' : user11Dn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uid', 'expectedRC' : 0 } '++++ Check the search returns nothing' { 'string2find' : 'dn', 'mainString' : STAXResult[0][1], 'nbExpected' : 0 } { 'baseDn' : user11Dn , 'string2find' : staticGroup1Dn , 'nbExpected' : 1 } '++++ Application delete the user entry that belong to the static group' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : applicationDn , 'dsInstancePswd' : applicationPswd , 'dsBaseDN' : user11Dn, } '++++ Application search users through the static group' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'dsBaseDN' : staticGroup1Dn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uniquemember' } '++++ Check ldapsearch result still returns the deleted entry uid as referential integrity plugin is disabled' { 'string2find' : user11Dn, 'mainString' : ldapSearchResult, 'nbExpected' : 1 } '++++ Check ldapsearch result returns 11 entries' { 'string2find' : 'uniquemember', 'mainString' : ldapSearchResult, 'caseSensitive' : 'false', 'nbExpected' : 11 } '++++ Add the deleted entry' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'DNToAdd' : user11Dn, 'listAttributes' : listAttr } { 'baseDn' : user11Dn, 'string2find' : staticGroup1Dn, 'nbExpected' : 1 } '++++ Application delete attribute uniquemember:%s from the static group' % user11 { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'DNToModify' : staticGroup1Dn, 'changetype' : 'delete', 'attributeName' : 'uniquemember', 'newAttributeValue' : user11Dn } '++++ Application search users through the static group' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'dsBaseDN' : staticGroup1Dn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uniquemember' } '++++ Check ldapsearch result should not returns the deleted group entry' { 'string2find' : user11Dn, 'mainString' : ldapSearchResult, 'nbExpected' : 0 } '++++ User %s should now be able to do search' % user11 { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : user11Dn, 'dsInstancePswd' : user11Pswd, 'dsBaseDN' : user11Dn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uid', 'expectedRC' : 0 } '++++ Check the search returns entry' { 'string2find' : 'dn', 'mainString' : STAXResult[0][1], 'nbExpected' : 1 } { 'baseDn' : user11Dn , 'string2find' : staticGroup1Dn , 'nbExpected' : 0 } '++++ Create a static group entry %s' % newStaticGroupDn { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'DNToAdd' : newStaticGroupDn, 'listAttributes' : listAttr } '++++ Delete all attributes of the group entry' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'DNToModify' : newStaticGroupDn, 'changetype' : 'delete', 'listAttributes' : listAttr } '++++ Do a search on the group, should return no user entries' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'dsBaseDN' : newStaticGroupDn, 'dsFilter' : 'objectclass=*', 'dsAttributes' : 'uniquemember' } { 'string2find' : 'uniquemember', 'mainString' : ldapSearchResult, 'caseSensitive' : 'false', 'nbExpected' : 0 } { 'baseDn' : user1Dn, 'string2find' : staticGroup1Dn, 'nbExpected' : 1 } { 'baseDn' : user1Dn, 'string2find' : newStaticGroupDn, 'nbExpected' : 0 } '++++ Delete the group entry created' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : applicationDn, 'dsInstancePswd' : applicationPswd, 'dsBaseDN' : newStaticGroupDn } { 'stopDS' : True }