tests#
__NOTOC__
Test managed permissions
Implemented in
ipatests.test_xmlrpc.test_permission_plugin.test_managed_permissions
Like other tests in the test_xmlrpc suite, these tests should run on a clean IPA installation, or possibly after other similar tests.
Note: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: permissionipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: permissionipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermExcludedAttr: cnipaPermIncludedAttr: dcipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: permissionipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermExcludedAttr: cnipaPermIncludedAttr: cnipaPermIncludedAttr: snipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: permissionipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermExcludedAttr: cnipaPermIncludedAttr: cnipaPermIncludedAttr: oipaPermIncludedAttr: snipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: permissionipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermExcludedAttr: cnipaPermExcludedAttr: snipaPermIncludedAttr: cnipaPermIncludedAttr: oipaPermIncludedAttr: snipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: allipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermExcludedAttr: cnipaPermExcludedAttr: snipaPermIncludedAttr: cnipaPermIncludedAttr: oipaPermIncludedAttr: snipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: allipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermExcludedAttr: cnipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: allipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermExcludedAttr: cnipaPermIncludedAttr: snipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topNote: the permission entry will look like this:
dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIXcn: testpermipaPermBindRuleType: allipaPermDefaultAttr: cnipaPermDefaultAttr: lipaPermDefaultAttr: oipaPermIncludedAttr: snipaPermLocation: cn=users,cn=accounts,$SUFFIXipaPermRight: writeipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIXipaPermissionType: MANAGEDipaPermissionType: SYSTEMipaPermissionType: V2objectClass: groupofnamesobjectClass: ipapermissionobjectClass: ipapermissionv2objectClass: topCleanup
ipa permission_del testperm --forceipa permission_del testperm2 --force