sssd_test_framework.roles.ldap

LDAP multihost role.

Classes

`LDAP`(args, *kwargs)	LDAP role.
`LDAPACI`(role)	LDAP ACI records management.
`LDAPAutomount`(role)	LDAP automount management.
`LDAPAutomountKey`(role, name, map, *[, schema])	LDAP automount key management.
`LDAPAutomountMap`(role, name[, basedn, schema])	LDAP automount map management.
`LDAPGroup`(role, name[, basedn, rfc2307bis])	LDAP group management.
`LDAPHosts`(role, name[, basedn, rdn_attr])	LDAP host management.
`LDAPNetgroup`(role, name[, basedn])	LDAP netgroup management.
`LDAPNetgroupMember`(*[, host, user, domain, ng])	LDAP NIS Netgroup Triple.
`LDAPNetworks`(role, name[, basedn, rdn_attr])	LDAP network management.
`LDAPObject`(role, name, rdn[, basedn, default_ou])	Base class for LDAP object management.
`LDAPOrganizationalUnit`(role, name[, basedn])	LDAP organizational unit management.
`LDAPPasswordPolicy`(role)	Password policy management.
`LDAPServices`(role, name[, basedn, rdn_attr])	LDAP service management.
`LDAPSudoRule`(role, user_cls, group_cls, name)	LDAP sudo rule management.
`LDAPUser`(role, name[, basedn, rdn_attr])	LDAP user management.

class sssd_test_framework.roles.ldap.LDAPPasswordPolicy(role: LDAP)

Bases: GenericPasswordPolicy

Password policy management.

Parameters:: role (LDAP) – LDAP role object.

complexity(enable: bool) → LDAPPasswordPolicy

Enable or disable password complexity.

Parameters:: enable (bool) – Enable or disable password complexity.
Returns:: LDAPPasswordPolicy object.
Return type:: LDAPPasswordPolicy

lockout(duration: int, attempts: int) → LDAPPasswordPolicy

Set lockout duration and login attempts.

Parameters:

duration (int) – Duration of lockout in seconds, converted to minutes.
attempts (int) – Number of login attempts.

Returns:

LDAPPasswordPolicy object.

Return type:

LDAPPasswordPolicy

class sssd_test_framework.roles.ldap.LDAP(*args, **kwargs)

Bases: BaseLinuxLDAPRole[LDAPHost]

LDAP role.

Provides unified Python API for managing objects in the LDAP server.

Creating user and group

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(ldap: LDAP):
    u = ldap.user('tuser').add()
    g = ldap.group('tgroup').add()
    g.add_member(u)

Note

The role object is instantiated automatically as a dynamic pytest fixture by the multihost plugin. You should not create the object manually.

domain: str: LDAP domain name.

realm: str: Kerberos realm.

name: str: Generic provider name.

server: str: Generic server name.

auto_uid: int: The next automatically assigned user id.

auto_gid: int: The next automatically assigned group id.

aci: LDAPACI: Manage LDAP ACI records.

automount: LDAPAutomount[LDAPHost, LDAP]

Manage automount maps and keys.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example_autofs(client: Client, ldap: LDAP, nfs: NFS):
    nfs_export1 = nfs.export('export1').add()
    nfs_export2 = nfs.export('export2').add()
    nfs_export3 = nfs.export('sub/export3').add()

    # Create automount maps
    auto_master = ldap.automount.map('auto.master').add()
    auto_home = ldap.automount.map('auto.home').add()
    auto_sub = ldap.automount.map('auto.sub').add()

    # Create mount points
    auto_master.key('/ehome').add(info=auto_home)
    auto_master.key('/esub/sub1/sub2').add(info=auto_sub)

    # Create mount keys
    key1 = auto_home.key('export1').add(info=nfs_export1)
    key2 = auto_home.key('export2').add(info=nfs_export2)
    key3 = auto_sub.key('export3').add(info=nfs_export3)

    # Start SSSD
    client.sssd.common.autofs()
    client.sssd.start()

    # Reload automounter in order to fetch updated maps
    client.automount.reload()

    # Check that we can mount all directories on correct locations
    assert client.automount.mount('/ehome/export1', nfs_export1)
    assert client.automount.mount('/ehome/export2', nfs_export2)
    assert client.automount.mount('/esub/sub1/sub2/export3', nfs_export3)

    # Check that the maps are correctly fetched
    assert client.automount.dumpmaps() == {
        '/ehome': {
            'map': 'auto.home',
            'keys': [str(key1), str(key2)]
        },
        '/esub/sub1/sub2': {
            'map': 'auto.sub',
            'keys': [str(key3)]
        },
    }

property password_policy: LDAPPasswordPolicy

Domain password policy management.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):
    # Enable password complexity
    ldap.password_policy.complexity(enable=True)

    # Set 3 login attempts and 30 lockout duration
    ldap.password_policy.lockout(attempts=3, duration=30)

property naming_context: str: Naming context.

ou(name: str, basedn: LDAPObject | str | None = None) → LDAPOrganizationalUnit[LDAPHost, LDAP]

Get organizational unit object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):
    # Create user
    ou = ldap.ou('my-users').add()
    ldap.user('user-1', basedn=ou).add()

    # Start SSSD
    client.sssd.start()

    # Call `id user-1` and test that the user was found
    result = client.tools.id('user-1') is not None

Parameters:

name (str) – Unit name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to None

Returns:

New organizational unit object.

Return type:

LDAPOrganizationalUnit[LDAPHost, LDAP]

setup() → None: Add ACI granting users the access to change their passwords..

fqn(name: str) → str

Return fully qualified name in form name@domain.

Parameters:: name (str) – Username.
Returns:: Fully qualified name.
Return type:: str

user(name: str, basedn: LDAPObject | str | None = 'ou=users', rdn_attr: str | None = 'cn') → LDAPUser

Get user object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):
    # Create user
    ldap.user('user-1').add(uid=10001, gid=10001)

    # Start SSSD
    client.sssd.start()

    # Call `id user-1` and assert the result
    result = client.tools.id('user-1')
    assert result is not None
    assert result.user.name == 'user-1'
    assert result.user.id == 10001
    assert result.group.id == 10001  # primary group
    assert result.group.name is None

Parameters:

name (str) – User name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=users
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

Returns:

New user object.

Return type:

LDAPUser

group(name: str, basedn: LDAPObject | str | None = 'ou=groups', *, rfc2307bis: bool = False) → LDAPGroup

Get user object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):
    # Create user
    user = ldap.user('user-1').add(uid=10001, gid=10001)

    # Create primary group
    ldap.group('user-1').add(gid=10001)

    # Create secondary group and add user as a member
    ldap.group('group-1').add(gid=20001).add_member(user)

    # Start SSSD
    client.sssd.start()

    # Call `id user-1` and assert the result
    result = client.tools.id('user-1')
    assert result is not None
    assert result.user.name == 'user-1'
    assert result.user.id == 10001
    assert result.group.id == 10001  # primary group
    assert result.group.name == 'user-1'
    assert result.memberof('group-1')

Parameters:

name (str) – Group name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=groups
rfc2307bis (bool, optional) – If True, rfc2307bis schema is used, defaults to False

Returns:

New group object.

Return type:

LDAPGroup

netgroup(name: str, basedn: LDAPObject | str | None = 'ou=netgroups') → LDAPNetgroup

Get netgroup object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example_netgroup(client: Client, ldap: LDAP):
    # Create user
    user = ldap.user("user-1").add()

    # Create two netgroups
    ng1 = ldap.netgroup("ng-1").add()
    ng2 = ldap.netgroup("ng-2").add()

    # Add user and ng2 as members to ng1
    ng1.add_member(user=user)
    ng1.add_member(ng=ng2)

    # Add host as member to ng2
    ng2.add_member(host="client")

    # Start SSSD
    client.sssd.start()

    # Call `getent netgroup ng-1` and assert the results
    result = client.tools.getent.netgroup("ng-1")
    assert result is not None
    assert result.name == "ng-1"
    assert len(result.members) == 2
    assert "(-,user-1,)" in result.members
    assert "(client,-,)" in result.members

Parameters:

name (str) – Netgroup name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=netgroups

Returns:

New netgroup object.

Return type:

LDAPNetgroup

sudorule(name: str, basedn: LDAPObject | str | None = 'ou=sudoers') → LDAPSudoRule[LDAPHost, LDAP, LDAPUser, LDAPGroup]

Get sudo rule object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):
    user = ldap.user('user-1').add(password="Secret123")
    ldap.sudorule('testrule').add(user=user, host='ALL', command='/bin/ls')

    client.sssd.common.sudo()
    client.sssd.start()

    # Test that user can run /bin/ls
    assert client.auth.sudo.run('user-1', 'Secret123', command='/bin/ls')

Parameters:

name (str) – Rule name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=sudoers

Returns:

New sudo rule object.

Return type:

LDAPSudoRule[LDAPHost, LDAP, LDAPUser, LDAPGroup]

hosts(name: str, basedn: LDAPObject | str | None = 'ou=hosts', rdn_attr: str | None = 'cn') → LDAPHosts

Get hosts object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):

    ldap.hosts("host1").add(ip_address="192.168.1.1")

Parameters:

name (str) – Host name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=Hosts
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

Returns:

New Host object.

Return type:

LDAPHosts

networks(name: str, basedn: LDAPObject | str | None = 'ou=networks', rdn_attr: str | None = 'cn') → LDAPNetworks

Get network object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):

    ldap.networks("network1").add(ip_address="192.168.1.1")

Parameters:

name (str) – Host name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=Networks
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

Returns:

New network object.

Return type:

LDAPNetworks

services(name: str, basedn: LDAPObject | str | None = 'ou=Services', rdn_attr: str | None = 'cn') → LDAPServices

Get services object.

Example usage

@pytest.mark.topology(KnownTopology.LDAP)
def test_example(client: Client, ldap: LDAP):
    ldap.services("service1").add(protocol = "udp", port =111)

Parameters:

name (str) – Host name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=Services
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

Returns:

New services object.

Return type:

LDAPServices

class sssd_test_framework.roles.ldap.LDAPObject(role: LDAPRoleType, name: str, rdn: str, basedn: LDAPObject | str | None = None, default_ou: str | None = None)

Bases: BaseObject[HostType, LDAPRoleType]

Base class for LDAP object management.

Provides shortcuts for command execution and implementation of get() and delete() methods.

Parameters:

role (LDAPRoleType) – LDAP role object.
name (str) – Object name.
rdn (str) – Relative distinguished name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to None
default_ou (str | None, optional) – Name of default organizational unit that is automatically created if basedn is set to ou=$default_ou, defaults to None.

name: str: Object name.

rdn: str: Object relative DN.

basedn: LDAPObject | str | None: Object base DN.

dn: str: Object DN.

default_ou: str | None: Default organizational unit that usually holds this object.

delete() → None: Delete LDAP record..

get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get LDAP record attributes.

Parameters:

attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None
opattrs (bool, optional) – If True, operational attributes are returned as well, defaults to False

Raises:

ValueError – If multiple objects with the same dn exists.

Returns:

Dictionary with attribute name as a key.

Return type:

dict[str, list[str]]

class sssd_test_framework.roles.ldap.LDAPACI(role: LDAP)

Bases: object

LDAP ACI records management.

Parameters:: role (LDAP) – LDAP role object.

role: LDAP

ldap: LDAPUtils

dn: str

add(value: str)

Add new ACI record.

Parameters:: value (str) – ACI value

modify(old: str, new: str)

Modify existing ACI record.

Parameters:

old (str) – Old ACI value
new (str) – New ACI value

delete(value: str)

Delete existing ACI record.

Parameters:: value (str) – ACI value

class sssd_test_framework.roles.ldap.LDAPOrganizationalUnit(role: LDAPRoleType, name: str, basedn: LDAPObject | str | None = None)

Bases: LDAPObject[HostType, LDAPRoleType], GenericOrganizationalUnit

LDAP organizational unit management.

LDAPOrganizationalUnit implements GenericOrganizationalUnit for static typing and provider-agnostic tests.

Parameters:

role (LDAPRoleType) – LDAP role object.
name (str) – Unit name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to None

property name: str

OU name.

Implements GenericOrganizationalUnit.name.

add(name: str | None = None) → LDAPOrganizationalUnit

Create new LDAP organizational unit.

Implements GenericOrganizationalUnit.add(). The optional name argument is accepted for API compatibility; the OU name is taken from the provider ou() factory.

Parameters:: name (str | None) – Unused; OU name is set when the object is created.
Returns:: Self.
Return type:: LDAPOrganizationalUnit

class sssd_test_framework.roles.ldap.LDAPUser(role: LDAP, name: str, basedn: LDAPObject | str | None = 'ou=users', rdn_attr: str | None = 'cn')

Bases: LDAPObject[LDAPHost, LDAP], GenericUser

LDAP user management.

LDAPUser implements GenericUser for static typing and provider-agnostic tests. LDAP-specific keyword arguments on add() and modify() are in addition to the generic API.

Parameters:

role (LDAP) – LDAP role object.
name (str) – User name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=users
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

first_passkey_add: Whether the ‘passkeyUser’ objectClass has already been added.

property name: str

User name.

Implements GenericUser.name.

Create new LDAP user.

Implements GenericUser.add(). User and group id is assigned automatically if they are not set. Other parameters that are not set are ignored.

Parameters:

uid (int | None, optional) – User id, defaults to None
gid (int | None, optional) – Primary group id, defaults to None
password (str, optional) – Password, defaults to ‘Secret123’
home (str | None, optional) – Home directory, defaults to None
gecos (str | None, optional) – GECOS, defaults to None
shell (str | None, optional) – Login shell, defaults to None
shadowMin (int | None, optional) – shadowmin LDAP attribute, defaults to None
shadowMax (int | None, optional) – shadowmax LDAP attribute, defaults to None
shadowWarning (int | None, optional) – shadowwarning LDAP attribute, defaults to None
shadowLastChange (int | None, optional) – shadowlastchage LDAP attribute, defaults to None
sn (str | None, optional) – surname LDAP attribute, defaults to None
givenName (str | None, optional) – givenName LDAP attribute, defaults to None
mail (str | None, optional) – mail LDAP attribute, defaults to None
email – mail LDAP attribute, defaults to None

Returns:

Self.

Return type:

LDAPUser

Modify existing LDAP user.

Implements GenericUser.modify(). Parameters that are not set are ignored. If needed, you can delete an attribute by setting the value to Delete.

Parameters:

uid (int | DeleteAttribute | None, optional) – User id, defaults to None
gid (int | DeleteAttribute | None, optional) – Primary group id, defaults to None
password (str, optional) – Password, defaults to ‘Secret123’
home (str | DeleteAttribute | None, optional) – Home directory, defaults to None
gecos (str | DeleteAttribute | None, optional) – GECOS, defaults to None
shell (str | DeleteAttribute | None, optional) – Login shell, defaults to None
shadowMin (int | DeleteAttribute | None, optional) – shadowmin LDAP attribute, defaults to None
shadowMax (int | DeleteAttribute | None, optional) – shadowmax LDAP attribute, defaults to None
shadowWarning (int | DeleteAttribute | None, optional) – shadowwarning LDAP attribute, defaults to None
shadowLastChange (int | DeleteAttribute | None, optional) – shadowlastchage LDAP attribute, defaults to None
cn (str | DeleteAttribute | None, optional) – common name LDAP attribute, defaults to None
sn (str | DeleteAttribute | None, optional) – surname LDAP attribute, defaults to None
givenName (str | DeleteAttribute | None, optional) – givenName LDAP attribute, defaults to None
mail (str | DeleteAttribute | None, optional) – mail LDAP attribute, defaults to None
email – mail LDAP attribute, defaults to None

Returns:

Self.

Return type:

LDAPUser

reset(password: str | None = 'Secret123') → LDAPUser

Reset user password.

Implements GenericUser.reset().

Parameters:: password (str, optional) – Password, defaults to ‘Secret123’
Returns:: Self.
Return type:: LDAPUser

expire(expiration: str | None = '19700101000000') → LDAPUser

Set user password expiration date and time.

Parameters:: expiration (str | None, optional) – Date and time for user password expiration, defaults to 19700101000000
Returns:: Self.
Return type:: LDAPUser

password_change_at_logon(**kwargs) → LDAPUser

Force user to change password next logon.

Implements GenericUser.password_change_at_logon().

Returns:: Self.
Return type:: LDAPUser

passkey_add(passkey_mapping: str) → LDAPUser

Add passkey mapping to the user.

Implements GenericUser.passkey_add().

Parameters:: passkey_mapping (str) – Passkey mapping generated by sssctl passkey-register
Returns:: Self.
Return type:: LDAPUser

passkey_remove(passkey_mapping: str) → LDAPUser

Remove passkey mapping from the user.

Implements GenericUser.passkey_remove().

Parameters:: passkey_mapping (str) – Passkey mapping generated by sssctl passkey-register
Returns:: Self.
Return type:: LDAPUser

class sssd_test_framework.roles.ldap.LDAPGroup(role: LDAP, name: str, basedn: LDAPObject | str | None = 'ou=groups', *, rfc2307bis: bool = False)

Bases: LDAPObject[LDAPHost, LDAP], GenericGroup

LDAP group management.

LDAPGroup implements GenericGroup for static typing and provider-agnostic tests. LDAP-specific keyword arguments on add() and modify() are in addition to the generic API.

Parameters:

role (LDAP) – LDAP role object.
name (str) – Group name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=groups
rfc2307bis (bool, optional) – If True, rfc2307bis schema is used, defaults to False

rfc2307bis: bool: True if rfc2307bis schema should be used.

property name: str

Group name.

Implements GenericGroup.name.

Create new LDAP group.

Implements GenericGroup.add(). Group id is assigned automatically if it is not set. Other parameters that are not set are ignored.

Parameters:

gid (int | None, optional) – Group id, defaults to None
members (list[GroupMemberField] | None, optional) – List of group members, defaults to None
password (str | None, optional) – Group password, defaults to None
description (str | None, optional) – Description, defaults to None

Returns:

Self.

Return type:

LDAPGroup

Modify existing LDAP group.

Implements GenericGroup.modify(). Parameters that are not set are ignored. If needed, you can delete an attribute by setting the value to Delete.

Parameters:

gid (int | DeleteAttribute | None, optional) – Group id, defaults to None
members (list[GroupMemberField] | DeleteAttribute | None, optional) – List of group members, defaults to None
password (str | DeleteAttribute | None, optional) – Group password, defaults to None
description (str | DeleteAttribute | None, optional) – Description, defaults to None

Returns:

Self.

Return type:

LDAPGroup

add_member(member: GenericUser | GenericGroup | str) → LDAPGroup

Add group member.

Implements GenericGroup.add_member().

Parameters:: member (GroupMemberField) – User or group (on rfc2307bis schema) to add as a member.
Returns:: Self.
Return type:: LDAPGroup

add_members(members: list[GenericUser | GenericGroup | str]) → LDAPGroup

Add multiple group members.

Implements GenericGroup.add_members().

Parameters:: members (list[GroupMemberField]) – Users or groups (on rfc2307bis schema) to add as members.
Returns:: Self.
Return type:: LDAPGroup

remove_member(member: GenericUser | GenericGroup | str) → LDAPGroup

Remove group member.

Implements GenericGroup.remove_member().

Parameters:: member (GroupMemberField) – User or group (on rfc2307bis schema) to remove from the group.
Returns:: Self.
Return type:: LDAPGroup

remove_members(members: list[GenericUser | GenericGroup | str]) → LDAPGroup

Remove multiple group members.

Implements GenericGroup.remove_members().

Parameters:: members (list[GroupMemberField]) – Users or groups (on rfc2307bis schema) to remove from the group.
Returns:: Self.
Return type:: LDAPGroup

class sssd_test_framework.roles.ldap.LDAPSudoRule(role: LDAPRoleType, user_cls: type[LDAPUserType], group_cls: type[LDAPGroupType], name: str, basedn: LDAPObject | str | None = 'ou=sudoers')

Bases: Generic[HostType, LDAPRoleType, LDAPUserType, LDAPGroupType], LDAPObject[HostType, LDAPRoleType], GenericSudoRule

LDAP sudo rule management.

LDAPSudoRule implements GenericSudoRule for static typing and provider-agnostic tests. int values (SID fragments as #N), notbefore / notafter, and DeleteAttribute on modify() are in addition to the generic API.

Parameters:

role (LDAPRoleType) – LDAP role object.
user_cls (type[LDAPUserType]) – User class.
group_cls (type[LDAPGroupType]) – Group class-
name (str) – Sudo rule name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=sudoers

user_cls: type[LDAPUserType]: User class.

group_cls: type[LDAPGroupType]: Group class.

property name: str

Sudo rule name.

Implements GenericSudoRule.name.

Create new sudo rule.

Implements GenericSudoRule.add(). notbefore and notafter are LDAP-specific and are not part of the generic API.

Parameters:

user (int | str | LDAPUserType | LDAPGroupType | list[int | str | LDAPUserType | LDAPGroupType], optional) – sudoUser attribute, defaults to None
host (str | list[str], optional) – sudoHost attribute, defaults to None
command (str | list[str], optional) – sudoCommand attribute, defaults to None
option (str | list[str] | None, optional) – sudoOption attribute, defaults to None
runasuser (int | str | LDAPUserType | LDAPGroupType | list[int | str | LDAPUserType | LDAPGroupType] | None, optional) – sudoRunAsUser attribute, defaults to None
runasgroup (int | str | LDAPGroupType | list[int | str | LDAPGroupType] | None, optional) – sudoRunAsGroup attribute, defaults to None
notbefore (str | list[str] | None, optional) – sudoNotBefore attribute, defaults to None
notafter (str | list[str] | None, optional) – sudoNotAfter attribute, defaults to None
order (int | list[int] | None, optional) – sudoOrder attribute, defaults to None
nopasswd (bool | None, optional) – If true, no authentication is required (NOPASSWD), defaults to None (no change)

Returns:

Self.

Return type:

LDAPSudoRule

Modify existing sudo rule.

Implements GenericSudoRule.modify(). Parameters that are not set are ignored. If needed, you can delete an attribute by setting the value to Delete.

Parameters:

user (int | str | LDAPUserType | LDAPGroupType | list[int | str | LDAPUserType | LDAPGroupType] | DeleteAttribute | None, optional) – sudoUser attribute, defaults to None
host (str | list[str] | DeleteAttribute | None, optional) – sudoHost attribute, defaults to None
command (str | list[str] | DeleteAttribute | None, optional) – sudoCommand attribute, defaults to None
option (str | list[str] | DeleteAttribute | None, optional) – sudoOption attribute, defaults to None
runasuser (int | str | LDAPUserType | LDAPGroupType | list[int | str | LDAPUserType | LDAPGroupType] | DeleteAttribute | None, optional) – sudoRunAsUser attribute, defaults to None
runasgroup (int | str | LDAPGroupType | list[int | str | LDAPGroupType] | DeleteAttribute | None, optional) – sudoRunAsGroup attribute, defaults to None
notbefore (str | list[str] | DeleteAttribute | None, optional) – sudoNotBefore attribute, defaults to None
notafter (str | list[str] | DeleteAttribute | None, optional) – sudoNotAfter attribute, defaults to None
order (int | list[int] | DeleteAttribute | None, optional) – sudoOrder attribute, defaults to None
nopasswd (bool | None, optional) – If true, no authentication is required (NOPASSWD), defaults to None (no change)

Returns:

Self.

Return type:

LDAPSudoRule

class sssd_test_framework.roles.ldap.LDAPHosts(role: LDAP, name: str, basedn: LDAPObject | str | None = 'ou=Hosts', rdn_attr: str | None = 'cn')

Bases: LDAPObject[LDAPHost, LDAP]

LDAP host management.

Parameters:

role (LDAP) – LDAP role object.
name (str) – Host name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=Hosts
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

add(*, ip_address: str | list[str], aliases: list[str] | None = None) → LDAPHosts

Create new LDAP Host.

Parameters:

ip_address (str | list[str]) – Host number.
aliases (list[str] | None) – Host aliases.

Returns:

Self.

Return type:

LDAPHosts

class sssd_test_framework.roles.ldap.LDAPNetworks(role: LDAP, name: str, basedn: LDAPObject | str | None = 'ou=Networks', rdn_attr: str | None = 'cn')

Bases: LDAPObject[LDAPHost, LDAP]

LDAP network management.

Parameters:

role (LDAP) – LDAP role object.
name (str) – Network name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=Networks
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

add(*, ip_address: str | list[str], aliases: list[str] | None = None) → LDAPNetworks

Create new LDAP Networks.

Parameters:

ip_address (str | list[str]) – Network address.
aliases (list[str] | None) – Network aliases.

Returns:

Self.

Return type:

LDAPNetworks

class sssd_test_framework.roles.ldap.LDAPServices(role: LDAP, name: str, basedn: LDAPObject | str | None = 'ou=Services', rdn_attr: str | None = 'cn')

Bases: LDAPObject[LDAPHost, LDAP]

LDAP service management.

Parameters:

role (LDAP) – LDAP role object.
name (str) – Service name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=Services
rdn_attr (str, defaults to 'cn') – RDN Attribute (uid, cn, etc)

add(*, protocol: str, port: int, aliases: list[str] | None = None) → LDAPServices

Create new LDAP Networks.

Parameters:

protocol (str) – Service protocol.
port (int) – Service port.
aliases (list[str] | None) – Aliases. Service aliases.

Returns:

Self.

Return type:

LDAPServices

class sssd_test_framework.roles.ldap.LDAPAutomount(role: LDAPRoleType)

Bases: Generic[HostType, LDAPRoleType], GenericAutomount

LDAP automount management.

LDAPAutomount implements GenericAutomount for static typing and provider-agnostic tests. The optional basedn argument on map() is LDAP-specific and is not part of the generic API.

Parameters:: role (LDAPRoleType) – LDAP role object.

class Schema(value)

Bases: Enum

LDAP automount schema.

RFC2307 = ('rfc2307',)

RFC2307bis = ('rfc2307bis',)

AD = ('ad',)

map(name: str, basedn: LDAPObject | str | None = 'ou=autofs') → LDAPAutomountMap[HostType, LDAPRoleType]

Get automount map object.

Implements GenericAutomount.map(); basedn selects the LDAP container for the map (defaults to ou=autofs).

Parameters:

name (str) – Automount map name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=autofs

Returns:

New automount map object.

Return type:

LDAPAutomountMap[HostType, LDAPRoleType]

key(name: str, map: GenericAutomountMap) → LDAPAutomountKey[HostType, LDAPRoleType]

Get automount key object.

Implements GenericAutomount.key().

Parameters:

name (str) – Automount key name.
map (GenericAutomountMap) – Automount map that is a parent to this key.

Returns:

New automount key object.

Return type:

LDAPAutomountKey[HostType, LDAPRoleType]

set_schema(schema: Schema)

Set automount LDAP schema.

Parameters:: schema (LDAPAutomount.Schema) – LDAP Schema.

class sssd_test_framework.roles.ldap.LDAPAutomountMap(role: LDAPRoleType, name: str, basedn: LDAPObject | str | None = 'ou=autofs', *, schema: Schema = Schema.RFC2307)

Bases: LDAPObject[HostType, LDAPRoleType], GenericAutomountMap

LDAP automount map management.

LDAPAutomountMap implements GenericAutomountMap for static typing and provider-agnostic tests. The schema argument on construction is LDAP-specific and is not part of the generic API.

Parameters:

role (LDAP) – LDAP role object.
name (str) – Automount map name.
basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=autofs
schema (LDAPAutomount.Schema) – LDAP Automount schema, defaults to LDAPAutomount.Schema.RFC2307

property name: str

Automount map name.

Implements GenericAutomountMap.name.

add() → LDAPAutomountMap

Create new LDAP automount map.

Implements GenericAutomountMap.add().

Returns:: Self.
Return type:: LDAPAutomountMap

key(name: str) → LDAPAutomountKey[HostType, LDAPRoleType]

Get automount key object for this map.

Implements GenericAutomountMap.key().

Parameters:: name (str) – Automount key name.
Returns:: New automount key object.
Return type:: LDAPAutomountKey[HostType, LDAPRoleType]

class sssd_test_framework.roles.ldap.LDAPAutomountKey(role: LDAPRoleType, name: str, map: LDAPAutomountMap, *, schema: Schema = Schema.RFC2307)

Bases: LDAPObject[HostType, LDAPRoleType], GenericAutomountKey

LDAP automount key management.

LDAPAutomountKey implements GenericAutomountKey for static typing and provider-agnostic tests. The schema argument on construction is LDAP-specific and is not part of the generic API.

Parameters:

role (LDAPRoleType) – LDAP role object.
name (str) – Automount key name.
map (LDAPAutomountMap) – Automount map that is a parent to this key.
schema (LDAPAutomount.Schema) – LDAP Automount schema, defaults to LDAPAutomount.Schema.RFC2307

map: LDAPAutomountMap

info: str

property name: str

Automount key name.

Implements GenericAutomountKey.name.

add(*, info: str | NFSExport | GenericAutomountMap) → LDAPAutomountKey

Create new LDAP automount key.

Implements GenericAutomountKey.add().

Parameters:: info (str | NFSExport | GenericAutomountMap) – Automount information.
Returns:: Self.
Return type:: LDAPAutomountKey

modify(*, info: str | NFSExport | GenericAutomountMap | DeleteAttribute | None = None) → LDAPAutomountKey

Modify existing LDAP automount key.

Implements GenericAutomountKey.modify(). DeleteAttribute is LDAP-specific and is not part of the generic API.

Parameters:: info (str | NFSExport | GenericAutomountMap | DeleteAttribute | None) – Automount information, defaults to None
Returns:: Self.
Return type:: LDAPAutomountKey

dump() → str

Dump the key in the automount -m format.

export1 | -fstype=nfs,rw,sync,no_root_squash nfs.test:/dev/shm/exports/export1

You can also call str(key) instead of key.dump().

Returns:: Key information in automount -m format.
Return type:: str