From 76d8b45b71563d6158464f7a34bcb57d470993dc Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Fri, 21 Jun 2019 16:41:34 +0200 Subject: [PATCH 03/12] Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients Description: Add a new test case for #50378 instead of the older one that was testing an unsupported corner case (ip=*). Relates: https://pagure.io/389-ds-base/issue/50378 Reviewed by: mreynolds (Thanks!) --- dirsrvtests/tests/suites/acl/keywords_test.py | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/dirsrvtests/tests/suites/acl/keywords_test.py b/dirsrvtests/tests/suites/acl/keywords_test.py index c8c19127b..6a494a4b6 100644 --- a/dirsrvtests/tests/suites/acl/keywords_test.py +++ b/dirsrvtests/tests/suites/acl/keywords_test.py @@ -430,30 +430,33 @@ def test_dnsalias_keyword_test_nodns_cannot(topo, add_user, aci_of_user): with pytest.raises(ldap.INSUFFICIENT_ACCESS): org.replace("seeAlso", "cn=1") - -def test_user_can_access_the_data_when_connecting_from_any_machine_2(topo, add_user, aci_of_user): +@pytest.mark.ds50378 +@pytest.mark.bz1710848 +@pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"]) +def test_user_can_access_from_ipv4_or_ipv6_address(topo, add_user, aci_of_user, ip_addr): """ - User can access the data when connecting from any machine as per the ACI. + User can modify the data when accessing the server from the allowed IPv4 and IPv6 addresses :id:461e761e-7ac5-11e8-9ae4-8c16451d917b :setup: Standalone Server :steps: - 1. Add test entry - 2. Add ACI - 3. User should follow ACI role + 1. Add ACI that has both IPv4 and IPv6 + 2. Connect from one of the IPs allowed in ACI + 3. Modify an attribute :expectedresults: - 1. Entry should be added - 2. Operation should succeed - 3. Operation should succeed + 1. ACI should be added + 2. Conection should be successful + 3. Operation should be successful """ - # Add ACI + # Add ACI that contains both IPv4 and IPv6 Domain(topo.standalone, DEFAULT_SUFFIX).\ - add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*)' + add("aci", f'(target ="ldap:///{IP_OU_KEY}")(targetattr=*) ' f'(version 3.0; aci "IP aci"; allow(all) ' - f'userdn = "ldap:///{FULLIP_KEY}" and ip = "*" ;)') + f'userdn = "ldap:///{FULLIP_KEY}" and (ip = "127.0.0.1" or ip = "::1");)') # Create a new connection for this test. - conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM) + conn = UserAccount(topo.standalone, FULLIP_KEY).bind(PW_DM, uri=f'ldap://{ip_addr}:{topo.standalone.port}') + # Perform Operation OrganizationalUnit(conn, IP_OU_KEY).replace("seeAlso", "cn=1") -- 2.21.0