Univention Bugzilla – Bug 31250
ucs-test permissions on slave and member server
Last modified: 2023-03-25 06:44:21 CET
ucs-test should provide a simple mechanism for getting domain admin access. Something like this: -------------------------------------------------------------------------- . "$TESTLIBPATH/base.sh" || exit 137 echo "Domainadmin account: $domainadmin" echo "Domainadmin password file: $domainadmin_pwd" echo "Domainadmin password: $(<$domainadmin_pwd)" -------------------------------------------------------------------------- The account and the password should be configurable via UCR, for example: tests/domainadmin/account=Administrator tests/domainadmin/pwdfile=/tmp/pwd If these UCR variables not set the default (Administrator|univention) should be used. A check function would be great, for example: -------------------------------------------------------------------------- . "$TESTLIBPATH/base.sh" || exit 137 check_domainadmin_access || fail_test 137 --------------------------------------------------------------------------
*** Bug 17823 has been marked as a duplicate of this bug. ***
(In reply to comment #0) > tests/domainadmin/account=Administrator > tests/domainadmin/pwdfile=/tmp/pwd We should also add the password as variable: tests/domainadmin/pwd=univention
Added three UCR variables to package ucs-test-framework: [tests/domainadmin/account], Default: uid=Administrator,cn=users,$ldap_base [tests/domainadmin/pwd], Default: univention [tests/domainadmin/pwdfile], Default: /usr/share/ucs-test/pwdfile ucs-test-framework will store a file containing "univention" to /usr/share/ucs-test/pwdfile during installation. A simple function for getting LDAP access using this variables has been added to univention/testing/ldap.py: Python 2.6.6 (r266:84292, Oct 25 2012, 14:04:12) [GCC 4.4.5] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import univention.testing.ldap as ldap >>> lo = ldap.getLdapConnection() >>> lo.search(filter=...) By default, getLdapConnection() will read from tests/domainadmin/pwd, pass "pwdfile=True" to change this behaviour.
OK: # ucr search --brief ^tests/domainadmin/ tests/domainadmin/account: uid=Administrator,cn=users,dc=autotest090,dc=local tests/domainadmin/pwd: univention tests/domainadmin/pwdfile: /usr/share/ucs-test/pwdfile OK: ldapsearch -xLLLD "$(ucr get tests/domainadmin/account)" -w "$(ucr get tests/domainadmin/pwd)" -b "$(ucr get tests/domainadmin/account)" -s base dn dn: uid=Administrator,cn=users,dc=autotest090,dc=local FAIL: ldapsearch -xLLLD "$(ucr get tests/domainadmin/account)" -y "$(ucr get tests/domainadmin/pwdfile)" -b "$(ucr get tests/domainadmin/account)" -s base dn ldap_bind: Invalid credentials (49) (In reply to Lukas Walter from comment #3) > ucs-test-framework will store a file containing "univention" to > /usr/share/ucs-test/pwdfile during installation. FAIL: The file contains a trailing newline FAIL: The UCRVs are (optionally) set using ?, but "univention" is stored unconditionally in the file: The postinst should set the vars using ?, read back the actual values and store them in files. FAIL: The file is not removed on uninstall and should not be created below /usr/, but /var/. > A simple function for getting LDAP access using this variables has been > added to univention/testing/ldap.py: FAIL: Unconditionally strips last character. OK: otherwise works.
The mentioned points have been corrected. svn 41426
(In reply to Philipp Hahn from comment #4) > OK: > ldapsearch -xLLLD "$(ucr get tests/domainadmin/account)" -y "$(ucr get > tests/domainadmin/pwdfile)" -b "$(ucr get tests/domainadmin/account)" -s > base dn > (In reply to Lukas Walter from comment #3) > > ucs-test-framework will store a file containing "univention" to > > /usr/share/ucs-test/pwdfile during installation. > > FAIL: The file contains a trailing newline OK: now fixed. > FAIL: The UCRVs are (optionally) set using ?, but "univention" is stored > unconditionally in the file: > The postinst should set the vars using ?, read back the actual values and > store them in files. OK: now fixed. > FAIL: The file is not removed on uninstall and should not be created below > /usr/, but /var/. OK: apt-get remove ucs-test-framework ; ls -l /var/lib/ucs-test/ OK: dpkg -P ucs-test-framework > > A simple function for getting LDAP access using this variables has been > > added to univention/testing/ldap.py: > > FAIL: Unconditionally strips last character. OK: now fixed
*** Bug 16500 has been marked as a duplicate of this bug. ***