From 61d82ef842e0e4e013937bf05d7f640be2d2fc09 Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Wed, 16 Dec 2020 16:30:28 +0100
Subject: [PATCH 5/6] Issue 4480 - Unexpected info returned to ldap request
 (#4491)

Bug description:
	If the bind entry does not exist, the bind result info
        reports that 'No such entry'. It should not give any
        information if the target entry exists or not

Fix description:
	Does not return any additional information during a bind

relates: https://github.com/389ds/389-ds-base/issues/4480

Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)

Platforms tested:  F31
---
 dirsrvtests/tests/suites/basic/basic_test.py | 112 +++++++++++++++++++
 1 file changed, 112 insertions(+)

diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
index 1ae82dcdd..02b73ee85 100644
--- a/dirsrvtests/tests/suites/basic/basic_test.py
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -1400,6 +1400,118 @@ def test_dscreate_multiple_dashes_name(dscreate_long_instance):
     assert not dscreate_long_instance.exists()
 
 
+@pytest.fixture(scope="module", params=('c=uk', 'cn=test_user', 'dc=example,dc=com', 'o=south', 'ou=sales', 'wrong=some_value'))
+def dscreate_test_rdn_value(request):
+    template_file = "/tmp/dssetup.inf"
+    template_text = f"""[general]
+config_version = 2
+# This invalid hostname ...
+full_machine_name = localhost.localdomain
+# Means we absolutely require this.
+strict_host_checking = False
+# In tests, we can be run in containers, NEVER trust
+# that systemd is there, or functional in any capacity
+systemd = False
+
+[slapd]
+instance_name = test_different_rdn
+root_dn = cn=directory manager
+root_password = someLongPassword_123
+# We do not have access to high ports in containers,
+# so default to something higher.
+port = 38999
+secure_port = 63699
+
+[backend-userroot]
+create_suffix_entry = True
+suffix = {request.param}
+"""
+
+    with open(template_file, "w") as template_fd:
+        template_fd.write(template_text)
+
+    # Unset PYTHONPATH to avoid mixing old CLI tools and new lib389
+    tmp_env = os.environ
+    if "PYTHONPATH" in tmp_env:
+        del tmp_env["PYTHONPATH"]
+
+    def fin():
+        os.remove(template_file)
+        if request.param != "wrong=some_value":
+            try:
+                subprocess.check_call(['dsctl', 'test_different_rdn', 'remove', '--do-it'])
+            except subprocess.CalledProcessError as e:
+                log.fatal(f"Failed to remove test instance  Error ({e.returncode}) {e.output}")
+        else:
+            log.info("Wrong RDN is passed, instance not created")
+    request.addfinalizer(fin)
+    return template_file, tmp_env, request.param,
+
+
+@pytest.mark.skipif(not get_user_is_root() or ds_is_older('1.4.0.0'),
+                    reason="This test is only required with new admin cli, and requires root.")
+@pytest.mark.bz1807419
+@pytest.mark.ds50928
+def test_dscreate_with_different_rdn(dscreate_test_rdn_value):
+    """Test that dscreate works with different RDN attributes as suffix
+
+    :id: 77ed6300-6a2f-4e79-a862-1f1105f1e3ef
+    :parametrized: yes
+    :setup: None
+    :steps:
+        1. Create template file for dscreate with different RDN attributes as suffix
+        2. Create instance using template file
+        3. Create instance with 'wrong=some_value' as suffix's RDN attribute
+    :expectedresults:
+        1. Should succeeds
+        2. Should succeeds
+        3. Should fail
+    """
+    try:
+        subprocess.check_call([
+            'dscreate',
+            'from-file',
+            dscreate_test_rdn_value[0]
+        ], env=dscreate_test_rdn_value[1])
+    except subprocess.CalledProcessError as e:
+        log.fatal(f"dscreate failed!  Error ({e.returncode}) {e.output}")
+        if  dscreate_test_rdn_value[2] != "wrong=some_value":
+            assert False
+        else:
+            assert True
+
+def test_bind_invalid_entry(topology_st):
+    """Test the failing bind does not return information about the entry
+
+    :id: 5cd9b083-eea6-426b-84ca-83c26fc49a6f
+
+    :setup: Standalone instance
+
+    :steps:
+    1: bind as non existing entry
+    2: check that bind info does not report 'No such entry'
+
+    :expectedresults:
+    1: pass
+    2: pass
+    """
+
+    topology_st.standalone.restart()
+    INVALID_ENTRY="cn=foooo,%s" % DEFAULT_SUFFIX
+    try:
+        topology_st.standalone.simple_bind_s(INVALID_ENTRY, PASSWORD)
+    except ldap.LDAPError as e:
+        log.info('test_bind_invalid_entry: Failed to bind as %s (expected)' % INVALID_ENTRY)
+        log.info('exception description: ' + e.args[0]['desc'])
+        if 'info' in e.args[0]:
+            log.info('exception info: ' + e.args[0]['info'])
+        assert e.args[0]['desc'] == 'Invalid credentials'
+        assert 'info' not in e.args[0]
+        pass
+
+    log.info('test_bind_invalid_entry: PASSED')
+
+
 if __name__ == '__main__':
     # Run isolated
     # -s for DEBUG mode
-- 
2.26.2