sssd_test_framework.hosts.ad

Active Directory multihost host.

Classes

ADHost(*args, **kwargs)

Active Directory host object.

class sssd_test_framework.hosts.ad.ADHost(*args, **kwargs)

Bases: BaseDomainHost

Active Directory host object.

Provides features specific to Active Directory domain controller.

Warning

Backup and restore functionality of a domain controller is quite limited when compared to other backends. Unfortunately, a full backup and restore of a domain controller is not possible without a complete system backup and reboot which takes too long time and is not suitable for setting an exact state for each test. Therefore a limited backup and restore is provided which only deletes all added objects. It works well if a test does not modify any existing data but only uses new objects like newly added users and groups.

If the test modifies existing data, it needs to make sure to revert the modifications manually.

Parameters:

auto_start – Automatically start service before taking the first backup.
auto_restore (bool, optional) – If True, the host is automatically restored to the backup state when a test is finished in teardown(), defaults to True

adminpw: str: Password of the Administrator user, defaults to Secret123.

adminuser: str: Administrator user, defaults to administrator.

property features: dict[str, bool]: Features supported by the host.

property naming_context: str

Default naming context.

Raises:: ValueError – If default naming context can not be obtained.
Return type:: str

disconnect() → None

start() → None

Start required services.

Raises:: NotImplementedError – If start operation is not supported.

stop() → None

Stop required services.

Raises:: NotImplementedError – If stop operation is not supported.

backup() → Any

Perform limited backup of the domain controller data. Users, groups, sites, dns zones, dns records, groupPolicyContainer and computer objects are explicitly exported so the setup can be undone. Most of these operations are done using LDAP, DNS changes are reverted using powershell. These operations are usually very fast.

Returns:: Backup data.
Return type:: Any

restore(backup_data: Any | None) → None

Perform limited restoration of the domain controller state.

This is done by removing all records under $default_naming_context and that are not present in the original state.

If GPOs are found, some additional steps are performed. The policy directory located at ‘C:WindowsSYSVOLdomainPolicies{{GUID}}’ is deleted. Before removing the GPO, the GPO needs to be unlinked from the target object. There is logic to run through the GPOs that were not present, unlink them and then removed.

The client computer object may move to a different location during a test. There is a check to ensure that the object is in ‘cn=computers’ otherwise the object will be deleted when attempting to restore the computer state.

Returns:: Backup data.
Return type:: Any