|
1 |
#!/usr/share/ucs-test/runner python |
1 |
#!/usr/share/ucs-test/runner python |
2 |
## desc: > |
2 |
## desc: Check that all groups "Domain Users $SCHOOL" are connected to the policy "default-umc-users" |
3 |
## Check that all groups "Domain Users $SCHOOL" are connected to the |
3 |
## exposure: dangerous |
4 |
## policy "default-umc-users" |
|
|
5 |
## exposure: safe |
6 |
## bugs: [40471] |
4 |
## bugs: [40471] |
7 |
|
5 |
|
8 |
from ldap.filter import filter_format |
|
|
9 |
import univention.testing.utils as utils |
6 |
import univention.testing.utils as utils |
10 |
from sys import exit |
7 |
from univention.testing.ucr import UCSTestConfigRegistry |
|
|
8 |
from univention.testing.ucsschool import UCSTestSchool |
11 |
|
9 |
|
12 |
lo = utils.get_ldap_connection() |
|
|
13 |
|
10 |
|
14 |
# Search for policies with the name "default-umc-users". |
11 |
def main(): |
15 |
# There is supposed to be exactly one. |
12 |
lo = utils.get_ldap_connection() |
16 |
policies = lo.search(filter='(&(cn=default-umc-users)(objectClass=univentionPolicy))') |
|
|
17 |
if len(policies) == 0: |
18 |
utils.fail("There is no policy with 'cn=default-umc-users'.") |
19 |
elif len(policies) != 1: |
20 |
utils.fail("There are multiple policies with 'cn=default-umc-users'.") |
21 |
policyDn = policies[0][0] |
22 |
|
13 |
|
23 |
# Check that all groups "Domain Users $SCHOOL" are connected to the |
14 |
with UCSTestSchool() as env, UCSTestConfigRegistry() as ucr: |
24 |
# policy "default-umc-users". |
15 |
policy_dn = 'cn=default-umc-users,cn=UMC,cn=policies,%s' % (ucr.get('ldap/base'),) |
25 |
schools = lo.search(filter='(&(objectClass=ucsschoolOrganizationalUnit)(objectClass=organizationalUnit))') |
16 |
school = env.create_ou(name_edudc=ucr.get('hostname')) |
26 |
for schoolDn, schoolAttributes in schools: |
|
|
27 |
# Store the school's name in schoolName. |
28 |
schoolName = schoolAttributes['ou'][0] |
29 |
|
17 |
|
30 |
# Find the "Domain Users $SCHOOL" group for that school. |
18 |
domain_users = lo.get('cn=Domain Users %s,cn=groups,ou=testschool,%s' % (school, ucr.get('ldap/base'),)) |
31 |
domainUsersGroups = lo.search(filter=filter_format('(&(cn=Domain Users %s)(objectClass=univentionGroup))', (schoolName,))) |
19 |
assert policy_dn in domain_users.get('univentionPolicyReference', []), 'The policy %r is not connected to the Domain Users %s group, but should be.' % (policy_dn, school) |
32 |
if len(domainUsersGroups) == 0: |
|
|
33 |
utils.fail("The group 'Domain Users %s' is missing." % (schoolName,)) |
34 |
elif len(domainUsersGroups) != 1: |
35 |
utils.fail("There are multiple groups with cn='Domain Users %s'." % (schoolName,)) |
36 |
|
20 |
|
37 |
# Check if the "default-umc-users" policy is connected to the |
|
|
38 |
# "Domain Users $SCHOOL" group. |
39 |
domainUsersGroupDn, domainUsersGroupAttributes = domainUsersGroups[0] |
40 |
hasRequiredPolicy = policyDn in domainUsersGroupAttributes.get('univentionPolicyReference', []) |
41 |
if not hasRequiredPolicy: |
42 |
utils.fail("The policy %r is not connected to the group %r, but should be." % (policyDn, domainUsersGroupDn)) |
43 |
|
21 |
|
44 |
exit(0) |
22 |
if __name__ == '__main__': |
|
|
23 |
main() |