Merge "Fixes for Active Directory" into stable/grizzly

This commit is contained in:
Jenkins 2013-10-08 21:46:16 +00:00 committed by Gerrit Code Review
commit 9666fc0e14
3 changed files with 47 additions and 15 deletions

View File

@ -430,14 +430,15 @@ class UserApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap, ApiShimMixin):
def _ldap_res_to_model(self, res):
obj = super(UserApi, self)._ldap_res_to_model(res)
if self.enabled_mask != 0:
obj['enabled_nomask'] = obj['enabled']
obj['enabled'] = ((obj['enabled'] & self.enabled_mask) !=
enabled = int(obj.get('enabled', self.enabled_default))
obj['enabled_nomask'] = enabled
obj['enabled'] = ((enabled & self.enabled_mask) !=
self.enabled_mask)
return obj
def mask_enabled_attribute(self, values):
value = values['enabled']
values.setdefault('enabled_nomask', self.enabled_default)
values.setdefault('enabled_nomask', int(self.enabled_default))
if value != ((values['enabled_nomask'] & self.enabled_mask) !=
self.enabled_mask):
values['enabled_nomask'] ^= self.enabled_mask

View File

@ -92,9 +92,6 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
def tearDown(self):
test.TestCase.tearDown(self)
def test_user_enable_attribute_mask(self):
raise nose.exc.SkipTest('Test is for Active Directory Only')
def test_ldap_dereferencing(self):
alt_users_ldif = {'objectclass': ['top', 'organizationalUnit'],
'ou': 'alt_users'}
@ -163,3 +160,8 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
alias_dereferencing=deref)
self.assertEqual(ldap.DEREF_SEARCHING,
ldap_wrapper.conn.get_option(ldap.OPT_DEREF))
def test_user_enable_attribute_mask(self):
CONF.ldap.user_enabled_emulation = False
CONF.ldap.user_enabled_attribute = 'employeeType'
super(LiveLDAPIdentity, self).test_user_enable_attribute_mask()

View File

@ -19,7 +19,6 @@ import ldap
import uuid
import nose.exc
from keystone.common import ldap as ldap_common
from keystone.common.ldap import fakeldap
from keystone import config
from keystone import exception
@ -318,25 +317,55 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.assertNotIn('name', role_ref)
def test_user_enable_attribute_mask(self):
CONF.ldap.user_enabled_attribute = 'enabled'
CONF.ldap.user_enabled_mask = 2
CONF.ldap.user_enabled_default = 512
CONF.ldap.user_enabled_default = '512'
self.clear_database()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
ldap_ = self.identity_api.user.get_connection()
def get_enabled_vals():
user_dn = self.identity_api.user._id_to_dn_string('fake1')
enabled_attr_name = CONF.ldap.user_enabled_attribute
res = ldap_.search_s(user_dn,
ldap.SCOPE_BASE,
query='(sn=fake1)')
return res[0][1][enabled_attr_name]
user = {'id': 'fake1', 'name': 'fake1', 'enabled': True}
self.identity_api.create_user('fake1', user)
user_ref = self.identity_api.create_user('fake1', user)
self.assertEqual(user_ref['enabled'], 512)
# TODO(blk-u): 512 seems wrong, should it be True?
enabled_vals = get_enabled_vals()
self.assertEqual(enabled_vals, [512])
user_ref = self.identity_api.get_user('fake1')
self.assertEqual(user_ref['enabled'], True)
self.assertIs(user_ref['enabled'], True)
user['enabled'] = False
self.identity_api.update_user('fake1', user)
user_ref = self.identity_api.update_user('fake1', user)
self.assertIs(user_ref['enabled'], False)
enabled_vals = get_enabled_vals()
self.assertEqual(enabled_vals, [514])
user_ref = self.identity_api.get_user('fake1')
self.assertEqual(user_ref['enabled'], False)
self.assertIs(user_ref['enabled'], False)
user['enabled'] = True
self.identity_api.update_user('fake1', user)
user_ref = self.identity_api.update_user('fake1', user)
self.assertIs(user_ref['enabled'], True)
enabled_vals = get_enabled_vals()
self.assertEqual(enabled_vals, [512])
user_ref = self.identity_api.get_user('fake1')
self.assertEqual(user_ref['enabled'], True)
self.assertIs(user_ref['enabled'], True)
def test_user_api_get_connection_no_user_password(self):
"""Don't bind in case the user and password are blank"""