|
|
|---|
| 1 |
#!/usr/share/ucs-test/runner python |
1 |
#!/usr/share/ucs-test/runner python |
| 2 |
## desc: > |
2 |
## desc: Check that all groups "Domain Users $SCHOOL" are connected to the policy "default-umc-users" |
| 3 |
## Check that all groups "Domain Users $SCHOOL" are connected to the |
3 |
## exposure: dangerous |
| 4 |
## policy "default-umc-users" |
|
|
| 5 |
## exposure: safe |
| 6 |
## bugs: [40471] |
4 |
## bugs: [40471] |
| 7 |
|
5 |
|
| 8 |
from ldap.filter import filter_format |
|
|
| 9 |
import univention.testing.utils as utils |
6 |
import univention.testing.utils as utils |
| 10 |
from sys import exit |
7 |
from univention.testing.ucr import UCSTestConfigRegistry |
|
|
8 |
from univention.testing.ucsschool import UCSTestSchool |
| 11 |
|
9 |
|
| 12 |
lo = utils.get_ldap_connection() |
|
|
| 13 |
|
10 |
|
| 14 |
# Search for policies with the name "default-umc-users". |
11 |
def main(): |
| 15 |
# There is supposed to be exactly one. |
12 |
lo = utils.get_ldap_connection() |
| 16 |
policies = lo.search(filter='(&(cn=default-umc-users)(objectClass=univentionPolicy))') |
|
|
| 17 |
if len(policies) == 0: |
| 18 |
utils.fail("There is no policy with 'cn=default-umc-users'.") |
| 19 |
elif len(policies) != 1: |
| 20 |
utils.fail("There are multiple policies with 'cn=default-umc-users'.") |
| 21 |
policyDn = policies[0][0] |
| 22 |
|
13 |
|
| 23 |
# Check that all groups "Domain Users $SCHOOL" are connected to the |
14 |
with UCSTestSchool() as env, UCSTestConfigRegistry() as ucr: |
| 24 |
# policy "default-umc-users". |
15 |
policy_dn = 'cn=default-umc-users,cn=UMC,cn=policies,%s' % (ucr.get('ldap/base'),) |
| 25 |
schools = lo.search(filter='(&(objectClass=ucsschoolOrganizationalUnit)(objectClass=organizationalUnit))') |
16 |
school = env.create_ou(name_edudc=ucr.get('hostname')) |
| 26 |
for schoolDn, schoolAttributes in schools: |
|
|
| 27 |
# Store the school's name in schoolName. |
| 28 |
schoolName = schoolAttributes['ou'][0] |
| 29 |
|
17 |
|
| 30 |
# Find the "Domain Users $SCHOOL" group for that school. |
18 |
domain_users = lo.get('cn=Domain Users %s,cn=groups,ou=testschool,%s' % (school, ucr.get('ldap/base'),)) |
| 31 |
domainUsersGroups = lo.search(filter=filter_format('(&(cn=Domain Users %s)(objectClass=univentionGroup))', (schoolName,))) |
19 |
assert policy_dn in domain_users.get('univentionPolicyReference', []), 'The policy %r is not connected to the Domain Users %s group, but should be.' % (policy_dn, school) |
| 32 |
if len(domainUsersGroups) == 0: |
|
|
| 33 |
utils.fail("The group 'Domain Users %s' is missing." % (schoolName,)) |
| 34 |
elif len(domainUsersGroups) != 1: |
| 35 |
utils.fail("There are multiple groups with cn='Domain Users %s'." % (schoolName,)) |
| 36 |
|
20 |
|
| 37 |
# Check if the "default-umc-users" policy is connected to the |
|
|
| 38 |
# "Domain Users $SCHOOL" group. |
| 39 |
domainUsersGroupDn, domainUsersGroupAttributes = domainUsersGroups[0] |
| 40 |
hasRequiredPolicy = policyDn in domainUsersGroupAttributes.get('univentionPolicyReference', []) |
| 41 |
if not hasRequiredPolicy: |
| 42 |
utils.fail("The policy %r is not connected to the group %r, but should be." % (policyDn, domainUsersGroupDn)) |
| 43 |
|
21 |
|
| 44 |
exit(0) |
22 |
if __name__ == '__main__': |
|
|
23 |
main() |