See <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/114/display/redirect> ------------------------------------------ [...truncated 4699 lines...] '\''objectclass'\'': '\''top extensibleObject'\''.split(), '\''ou'\'': '\''level4'\'' }))) except ldap.ALREADY_EXISTS: pass except ldap.LDAPError as e: log.error('\''Failed to add ou=people: error '\'' + e.message['\''desc'\'']) assert False # # Add a user to the branch # try: topology_st.standalone.add_s(Entry((USER_DN, { '\''objectclass'\'': '\''top extensibleObject'\''.split(), '\''uid'\'': '\''user1'\'' }))) except ldap.LDAPError as e: log.error('\''Failed to add user1: error '\'' + e.message['\''desc'\'']) assert False # # Enable password policy and add the subtree policy # try: topology_st.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, '\''nsslapd-pwpolicy-local'\'', '\''on'\'')]) except ldap.LDAPError as e: log.error('\''Failed to set pwpolicy-local: error '\'' + e.message['\''desc'\'']) assert False addSubtreePwPolicy(topology_st.standalone) # # Now check the user has its expected passwordPolicy subentry # try: entries = topology_st.standalone.search_s(USER_DN, ldap.SCOPE_BASE, '\''(objectclass=top)'\'', ['\''pwdpolicysubentry'\'', '\''dn'\'']) if not entries[0].hasAttr('\''pwdpolicysubentry'\''): log.fatal('\''User does not have expected pwdpolicysubentry!'\'') > assert False E assert False tickets/ticket47981_test.py:190: AssertionError ---------------------------- Captured stdout setup ----------------------------- OK group dirsrv exists OK user dirsrv exists ---------------------------- Captured stderr setup ----------------------------- INFO:lib389.topologies:Instance with parameters {'\''ldap-port'\'': 38901, '\''suffix'\'': '\''dc=example,dc=com'\'', '\''krb5_realm'\'': None, '\''deployed-dir'\'': '\''/usr'\'', '\''inst-backupdir'\'': '\''/tmp'\'', '\''hostname'\'': '\''localhost'\'', '\''server-id'\'': '\''standalone1'\'', '\''root-pw'\'': '\''password'\'', '\''root-dn'\'': '\''cn=Directory Manager'\'', '\''group-id'\'': None, '\''InstScriptsEnabled'\'': None, '\''user-id'\'': None, '\''ldap-secureport'\'': None} was created. ----------------------------- Captured stderr call ----------------------------- INFO:dirsrvtests.tests.tickets.ticket47981_test:Testing Ticket 47981 - Test that COS def changes are correctly reflected in affected users INFO:dirsrvtests.tests.tickets.ticket47981_test:Adding second suffix that will not contain any COS entries... INFO:lib389:List backend with suffix=o=netscaperoot INFO:lib389:Creating a local backend INFO:lib389:List backend cn=netscaperoot,cn=ldbm database,cn=plugins,cn=config INFO:lib389:Found entry dn: cn=netscaperoot,cn=ldbm database,cn=plugins,cn=config cn: netscaperoot nsslapd-cachememsize: 512000 nsslapd-cachesize: -1 nsslapd-directory: /var/lib/dirsrv/slapd-standalone1/db/netscaperoot nsslapd-dncachememsize: 16777216 nsslapd-readonly: off nsslapd-require-index: off nsslapd-suffix: o=netscaperoot objectClass: top objectClass: extensibleObject objectClass: nsBackendInstance INFO:lib389:Entry dn: cn="o=netscaperoot",cn=mapping tree,cn=config cn: o=netscaperoot nsslapd-backend: netscaperoot nsslapd-state: backend objectclass: top objectclass: extensibleObject objectclass: nsMappingTree INFO:lib389:Found entry dn: cn=o\3Dnetscaperoot,cn=mapping tree,cn=config cn: o=netscaperoot nsslapd-backend: netscaperoot nsslapd-state: backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree INFO:dirsrvtests.tests.tickets.ticket47981_test:Add our test entries to the default suffix, and proceed with the test... CRITICAL:dirsrvtests.tests.tickets.ticket47981_test:User does not have expected pwdpolicysubentry! ______________________________ test_basic_feature ______________________________ topology_st = <lib389.topologies.TopologyMain object at 0x7fe081aa6710> def test_basic_feature(topology_st): """Check basic SASL functionality for PLAIN mechanism :id: 75ddc6fa-aa5a-4025-9c71-1abad20c91fc :setup: Standalone instance :steps: 1. Stop the instance 2. Clean up confdir from previous cert and key files 3. Create RSA files: CA, key and cert 4. Start the instance 5. Create RSA entry 6. Set nsslapd-secureport to 636 and nsslapd-security to '\''on'\'' 7. Restart the instance 8. Create a user 9. Check we can bind 10. Check that PLAIN is listed in supported mechs 11. Set up Plain SASL credentials 12. Try to open a connection without TLS 13. Try to open a connection with TLS 14. Try to open a connection with a wrong password :expectedresults: 1. The instance should stop 2. Confdir should be clean 3. RSA files should be created 4. The instance should start 5. RSA entry should be created 6. nsslapd-secureport and nsslapd-security should be set successfully 7. The instance should be restarted 8. User should be created 9. Bind should be successful 10. PLAIN should be listed in supported mechs 11. Plain SASL should be successfully set 12. AUTH_UNKNOWN exception should be raised 13. The connection should open 14. INVALID_CREDENTIALS exception should be raised """ standalone = topology_st.standalone # SETUP TLS standalone.stop() # Prepare SSL but don'\''t enable it. for f in ('\''key3.db'\'', '\''cert8.db'\'', '\''key4.db'\'', '\''cert9.db'\'', '\''secmod.db'\'', '\''pkcs11.txt'\''): try: os.remove("%s/%s" % (standalone.confdir, f)) except: pass assert(standalone.nss_ssl.reinit() is True) assert(standalone.nss_ssl.create_rsa_ca() is True) assert(standalone.nss_ssl.create_rsa_key_and_cert() is True) # Start again standalone.start() standalone.rsa.create() # Set the secure port and nsslapd-security # Could this fail with selinux? standalone.config.set('\''nsslapd-secureport'\'', str(DEFAULT_SECURE_PORT)) standalone.config.set('\''nsslapd-security'\'', '\''on'\'') # Do we need to restart to allow starttls? standalone.restart() # Create a user sas = ServiceAccounts(standalone, DEFAULT_SUFFIX) sas._basedn = DEFAULT_SUFFIX sa = sas.create(properties={'\''cn'\'': '\''testaccount'\'', '\''userPassword'\'': '\''password'\''}) # Check we can bind. This will raise exceptions if it fails. sa.bind('\''password'\'') # Check that PLAIN is listed in supported mechns. assert(standalone.rootdse.supports_sasl_plain()) # The sasl parameters don'\''t change, so set them up now. # Do we need the sasl map dn:? auth_tokens = PlainSASL("dn:%s" % sa.dn, '\''password'\'') # Check that it fails without TLS with pytest.raises(ldap.AUTH_UNKNOWN): standalone.openConnection(saslmethod='\''PLAIN'\'', sasltoken=auth_tokens, starttls=False, connOnly=True) # We *have* to use REQCERT NEVER here because python ldap fails cert verification for .... some reason that even # I can not solve. I think it'\''s leaking state across connections in start_tls_s? # Check that it works with TLS conn = standalone.openConnection(saslmethod='\''PLAIN'\'', sasltoken=auth_tokens, starttls=True, connOnly=True, > certdir=standalone.get_cert_dir(), reqcert=ldap.OPT_X_TLS_NEVER) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/dirsrvtests/tests/suites/sasl/plain_test.py>:106: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/src/lib389/lib389/__init__.py>:540: in openConnection server.open(*args, **kwargs) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/src/lib389/lib389/__init__.py>:1081: in open self.start_tls_s() <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/src/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:609: in start_tls_s return self._ldap_call(self._l.start_tls_s) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/src/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <lib389.DirSrv object at 0x7fe089096b50> func = <built-in method start_tls_s of LDAP object at 0x7fe08b125fd0>, args = () kwargs = {}, diagnostic_message_success = None e = CONNECT_ERROR({'\''info'\'': '\''TLS error -8174:security library: bad database.'\'', '\''desc'\'': '\''Connect error'\''},) def _ldap_call(self,func,*args,**kwargs): """ Wrapper method mainly for serializing calls into OpenLDAP libs and trace logs """ self._ldap_object_lock.acquire() if __debug__: if self._trace_level>=1: self._trace_file.write('\''*** %s %s - %s\n%s\n'\'' % ( repr(self), self._uri, '\''.'\''.join((self.__class__.__name__,func.__name__)), pprint.pformat((args,kwargs)) )) if self._trace_level>=9: traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) diagnostic_message_success = None try: try: > result = func(*args,**kwargs) E CONNECT_ERROR: {'\''info'\'': '\''TLS error -8174:security library: bad database.'\'', '\''desc'\'': '\''Connect error'\''} /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:106: CONNECT_ERROR ---------------------------- Captured stdout setup ----------------------------- OK group dirsrv exists OK user dirsrv exists ---------------------------- Captured stderr setup ----------------------------- INFO:lib389.topologies:Instance with parameters {'\''ldap-port'\'': 38901, '\''suffix'\'': '\''dc=example,dc=com'\'', '\''krb5_realm'\'': None, '\''deployed-dir'\'': '\''/usr'\'', '\''inst-backupdir'\'': '\''/tmp'\'', '\''hostname'\'': '\''localhost'\'', '\''server-id'\'': '\''standalone1'\'', '\''root-pw'\'': '\''password'\'', '\''root-dn'\'': '\''cn=Directory Manager'\'', '\''group-id'\'': None, '\''InstScriptsEnabled'\'': None, '\''user-id'\'': None, '\''ldap-secureport'\'': None} was created. ----------------------------- Captured stderr call ----------------------------- Generating key. This may take a few moments... Generating key. This may take a few moments... ============== 2 failed, 644 passed, 1 skipped in 9074.00 seconds ==============' + '[' 1 -ne 0 ']' + echo CI Tests 'FAILED!' CI Tests FAILED! + MSG=FAILED + RC=1 + sudo /usr/sbin/sendmail mreynolds@xxxxxxxxxx firstyear@xxxxxxxxxx + sudo rm -rf /var/tmp/slapd.vg.127481 /var/tmp/slapd.vg.25420 /var/tmp/slapd.vg.25531 /var/tmp/slapd.vg.43714 + exit 1 Build step 'Execute shell' marked build as failure [locks-and-latches] Releasing all the locks [locks-and-latches] All the locks released _______________________________________________ 389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
