tests

__NOTOC__

Test managed permissions

Implemented in ipatests.test_xmlrpc.test_permission_plugin.test_managed_permissions

Like other tests in the test_xmlrpc suite, these tests should run on a clean IPA installation, or possibly after other similar tests.

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: permission

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: permission

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermExcludedAttr: cn

ipaPermIncludedAttr: dc

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: permission

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermExcludedAttr: cn

ipaPermIncludedAttr: cn

ipaPermIncludedAttr: sn

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: permission

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermExcludedAttr: cn

ipaPermIncludedAttr: cn

ipaPermIncludedAttr: o

ipaPermIncludedAttr: sn

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: permission

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermExcludedAttr: cn

ipaPermExcludedAttr: sn

ipaPermIncludedAttr: cn

ipaPermIncludedAttr: o

ipaPermIncludedAttr: sn

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: all

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermExcludedAttr: cn

ipaPermExcludedAttr: sn

ipaPermIncludedAttr: cn

ipaPermIncludedAttr: o

ipaPermIncludedAttr: sn

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: all

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermExcludedAttr: cn

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: all

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermExcludedAttr: cn

ipaPermIncludedAttr: sn

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Note: the permission entry will look like this:

dn: cn=testperm,cn=permissions,cn=pbac,$SUFFIX

cn: testperm

ipaPermBindRuleType: all

ipaPermDefaultAttr: cn

ipaPermDefaultAttr: l

ipaPermDefaultAttr: o

ipaPermIncludedAttr: sn

ipaPermLocation: cn=users,cn=accounts,$SUFFIX

ipaPermRight: write

ipaPermTarget: uid=*,cn=users,cn=accounts,$SUFFIX

ipaPermissionType: MANAGED

ipaPermissionType: SYSTEM

ipaPermissionType: V2

objectClass: groupofnames

objectClass: ipapermission

objectClass: ipapermissionv2

objectClass: top

Cleanup

ipa permission_del testperm --force

ipa permission_del testperm2 --force