Merge "Fixes for Active Directory" into stable/grizzly
This commit is contained in:
commit
9666fc0e14
@ -430,14 +430,15 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap, ApiShimMixin):
|
|||||||
def _ldap_res_to_model(self, res):
|
def _ldap_res_to_model(self, res):
|
||||||
obj = super(UserApi, self)._ldap_res_to_model(res)
|
obj = super(UserApi, self)._ldap_res_to_model(res)
|
||||||
if self.enabled_mask != 0:
|
if self.enabled_mask != 0:
|
||||||
obj['enabled_nomask'] = obj['enabled']
|
enabled = int(obj.get('enabled', self.enabled_default))
|
||||||
obj['enabled'] = ((obj['enabled'] & self.enabled_mask) !=
|
obj['enabled_nomask'] = enabled
|
||||||
|
obj['enabled'] = ((enabled & self.enabled_mask) !=
|
||||||
self.enabled_mask)
|
self.enabled_mask)
|
||||||
return obj
|
return obj
|
||||||
|
|
||||||
def mask_enabled_attribute(self, values):
|
def mask_enabled_attribute(self, values):
|
||||||
value = values['enabled']
|
value = values['enabled']
|
||||||
values.setdefault('enabled_nomask', self.enabled_default)
|
values.setdefault('enabled_nomask', int(self.enabled_default))
|
||||||
if value != ((values['enabled_nomask'] & self.enabled_mask) !=
|
if value != ((values['enabled_nomask'] & self.enabled_mask) !=
|
||||||
self.enabled_mask):
|
self.enabled_mask):
|
||||||
values['enabled_nomask'] ^= self.enabled_mask
|
values['enabled_nomask'] ^= self.enabled_mask
|
||||||
|
@ -92,9 +92,6 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
|
|||||||
def tearDown(self):
|
def tearDown(self):
|
||||||
test.TestCase.tearDown(self)
|
test.TestCase.tearDown(self)
|
||||||
|
|
||||||
def test_user_enable_attribute_mask(self):
|
|
||||||
raise nose.exc.SkipTest('Test is for Active Directory Only')
|
|
||||||
|
|
||||||
def test_ldap_dereferencing(self):
|
def test_ldap_dereferencing(self):
|
||||||
alt_users_ldif = {'objectclass': ['top', 'organizationalUnit'],
|
alt_users_ldif = {'objectclass': ['top', 'organizationalUnit'],
|
||||||
'ou': 'alt_users'}
|
'ou': 'alt_users'}
|
||||||
@ -163,3 +160,8 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
|
|||||||
alias_dereferencing=deref)
|
alias_dereferencing=deref)
|
||||||
self.assertEqual(ldap.DEREF_SEARCHING,
|
self.assertEqual(ldap.DEREF_SEARCHING,
|
||||||
ldap_wrapper.conn.get_option(ldap.OPT_DEREF))
|
ldap_wrapper.conn.get_option(ldap.OPT_DEREF))
|
||||||
|
|
||||||
|
def test_user_enable_attribute_mask(self):
|
||||||
|
CONF.ldap.user_enabled_emulation = False
|
||||||
|
CONF.ldap.user_enabled_attribute = 'employeeType'
|
||||||
|
super(LiveLDAPIdentity, self).test_user_enable_attribute_mask()
|
||||||
|
@ -19,7 +19,6 @@ import ldap
|
|||||||
import uuid
|
import uuid
|
||||||
import nose.exc
|
import nose.exc
|
||||||
|
|
||||||
from keystone.common import ldap as ldap_common
|
|
||||||
from keystone.common.ldap import fakeldap
|
from keystone.common.ldap import fakeldap
|
||||||
from keystone import config
|
from keystone import config
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
@ -318,25 +317,55 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
|
|||||||
self.assertNotIn('name', role_ref)
|
self.assertNotIn('name', role_ref)
|
||||||
|
|
||||||
def test_user_enable_attribute_mask(self):
|
def test_user_enable_attribute_mask(self):
|
||||||
CONF.ldap.user_enabled_attribute = 'enabled'
|
|
||||||
CONF.ldap.user_enabled_mask = 2
|
CONF.ldap.user_enabled_mask = 2
|
||||||
CONF.ldap.user_enabled_default = 512
|
CONF.ldap.user_enabled_default = '512'
|
||||||
self.clear_database()
|
self.clear_database()
|
||||||
self.identity_api = identity.backends.ldap.Identity()
|
self.identity_api = identity.backends.ldap.Identity()
|
||||||
|
self.load_fixtures(default_fixtures)
|
||||||
|
|
||||||
|
ldap_ = self.identity_api.user.get_connection()
|
||||||
|
|
||||||
|
def get_enabled_vals():
|
||||||
|
user_dn = self.identity_api.user._id_to_dn_string('fake1')
|
||||||
|
enabled_attr_name = CONF.ldap.user_enabled_attribute
|
||||||
|
|
||||||
|
res = ldap_.search_s(user_dn,
|
||||||
|
ldap.SCOPE_BASE,
|
||||||
|
query='(sn=fake1)')
|
||||||
|
return res[0][1][enabled_attr_name]
|
||||||
|
|
||||||
user = {'id': 'fake1', 'name': 'fake1', 'enabled': True}
|
user = {'id': 'fake1', 'name': 'fake1', 'enabled': True}
|
||||||
self.identity_api.create_user('fake1', user)
|
|
||||||
|
user_ref = self.identity_api.create_user('fake1', user)
|
||||||
|
|
||||||
|
self.assertEqual(user_ref['enabled'], 512)
|
||||||
|
# TODO(blk-u): 512 seems wrong, should it be True?
|
||||||
|
|
||||||
|
enabled_vals = get_enabled_vals()
|
||||||
|
self.assertEqual(enabled_vals, [512])
|
||||||
|
|
||||||
user_ref = self.identity_api.get_user('fake1')
|
user_ref = self.identity_api.get_user('fake1')
|
||||||
self.assertEqual(user_ref['enabled'], True)
|
self.assertIs(user_ref['enabled'], True)
|
||||||
|
|
||||||
user['enabled'] = False
|
user['enabled'] = False
|
||||||
self.identity_api.update_user('fake1', user)
|
user_ref = self.identity_api.update_user('fake1', user)
|
||||||
|
self.assertIs(user_ref['enabled'], False)
|
||||||
|
|
||||||
|
enabled_vals = get_enabled_vals()
|
||||||
|
self.assertEqual(enabled_vals, [514])
|
||||||
|
|
||||||
user_ref = self.identity_api.get_user('fake1')
|
user_ref = self.identity_api.get_user('fake1')
|
||||||
self.assertEqual(user_ref['enabled'], False)
|
self.assertIs(user_ref['enabled'], False)
|
||||||
|
|
||||||
user['enabled'] = True
|
user['enabled'] = True
|
||||||
self.identity_api.update_user('fake1', user)
|
user_ref = self.identity_api.update_user('fake1', user)
|
||||||
|
self.assertIs(user_ref['enabled'], True)
|
||||||
|
|
||||||
|
enabled_vals = get_enabled_vals()
|
||||||
|
self.assertEqual(enabled_vals, [512])
|
||||||
|
|
||||||
user_ref = self.identity_api.get_user('fake1')
|
user_ref = self.identity_api.get_user('fake1')
|
||||||
self.assertEqual(user_ref['enabled'], True)
|
self.assertIs(user_ref['enabled'], True)
|
||||||
|
|
||||||
def test_user_api_get_connection_no_user_password(self):
|
def test_user_api_get_connection_no_user_password(self):
|
||||||
"""Don't bind in case the user and password are blank"""
|
"""Don't bind in case the user and password are blank"""
|
||||||
|
Loading…
Reference in New Issue
Block a user