sssd_test_framework.roles.samba

Samba multihost role.

Classes

Samba(*args, **kwargs)	Samba role.
SambaAutomount(role)	Samba automount management.
SambaComputer(role, name)	Samba computer management.
SambaDNSServer(role)	Samba DNS server management.
SambaDNSZone(role, name)	Samba DNS zone management.
SambaGPO(role, name)	Samba group policy object management.
SambaGroup(role, name)	Samba group management.
SambaObject(role, command, name)	Base class for Samba DC object management.
SambaOrganizationalUnit(role, name[, basedn])	Samba organizational unit management.
SambaPasswordPolicy(role)	Samba domain password policy management.
SambaSite(role, name)	Samba site management.
SambaSudoRule(role, user_cls, group_cls, name)	Samba sudo rule management.
SambaUser(role, name)	Samba user management.

class sssd_test_framework.roles.samba.Samba(*args, **kwargs)

Bases: BaseLinuxLDAPRole[SambaHost]

Samba role.

Provides unified Python API for managing objects in the Samba domain controller.

Creating user and group

@pytest.mark.topology(KnownTopology.Samba)
def test_example(samba: Samba):
    u = samba.user('tuser').add()
    g = samba.group('tgroup').add()
    g.add_member(u)

Note

The role object is instantiated automatically as a dynamic pytest fixture by the multihost plugin. You should not create the object manually.

domain: str

Samba domain name.

realm: str

Kerberos realm.

name: str

Provider name, samba is a community developed AD clone. SSSD does not have dedicated samba provider, thus uses ‘ad’.

server: str

Generic server name.

automount: SambaAutomount

Manage automount maps and keys.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example_autofs(client: Client, samba: Samba, nfs: NFS):
    nfs_export1 = nfs.export('export1').add()
    nfs_export2 = nfs.export('export2').add()
    nfs_export3 = nfs.export('sub/export3').add()

    # Create automount maps
    auto_master = samba.automount.map('auto.master').add()
    auto_home = samba.automount.map('auto.home').add()
    auto_sub = samba.automount.map('auto.sub').add()

    # Create mount points
    auto_master.key('/ehome').add(info=auto_home)
    auto_master.key('/esub/sub1/sub2').add(info=auto_sub)

    # Create mount keys
    key1 = auto_home.key('export1').add(info=nfs_export1)
    key2 = auto_home.key('export2').add(info=nfs_export2)
    key3 = auto_sub.key('export3').add(info=nfs_export3)

    # Start SSSD
    client.sssd.common.autofs()
    client.sssd.start()

    # Reload automounter in order to fetch updated maps
    client.automount.reload()

    # Check that we can mount all directories on correct locations
    assert client.automount.mount('/ehome/export1', nfs_export1)
    assert client.automount.mount('/ehome/export2', nfs_export2)
    assert client.automount.mount('/esub/sub1/sub2/export3', nfs_export3)

    # Check that the maps are correctly fetched
    assert client.automount.dumpmaps() == {
        '/ehome': {
            'map': 'auto.home',
            'keys': [str(key1), str(key2)]
        },
        '/esub/sub1/sub2': {
            'map': 'auto.sub',
            'keys': [str(key3)]
        },
    }

property password_policy: SambaPasswordPolicy

Domain password policy management.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example(client: Client, samba: Samba):
    # Enable password complexity
    samba.password_policy.complexity(enable=True)

    # Set 3 login attempts and 30 lockout duration
    samba.password_policy.lockout(attempts=3, duration=30)

property naming_context: str

Samba naming context.

Return type:

str

fqn(name: str) → str

Return fully qualified name in form name@domain.

Parameters:

name (str) – Username.

Returns:

Fully qualified name.

Return type:

str

user(name: str) → SambaUser

Get user object.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example(client: Client, samba: Samba):
    # Create user
    samba.user('user-1').add()

    # Start SSSD
    client.sssd.start()

    # Call `id user-1` and assert the result
    result = client.tools.id('user-1')
    assert result is not None
    assert result.user.name == 'user-1'
    assert result.group.name == 'domain users'

Parameters:

name (str) – Username.

Returns:

New user object.

Return type:

SambaUser

group(name: str) → SambaGroup

Get group object.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example(client: Client, samba: Samba):
    # Create user
    user = samba.user('user-1').add()

    # Create secondary group and add user as a member
    samba.group('group-1').add().add_member(user)

    # Start SSSD
    client.sssd.start()

    # Call `id user-1` and assert the result
    result = client.tools.id('user-1')
    assert result is not None
    assert result.user.name == 'user-1'
    assert result.group.name == 'domain users'
    assert result.memberof('group-1')

Parameters:

name (str) – Group name.

Returns:

New group object.

Return type:

SambaGroup

netgroup(name: str, basedn: LDAPObject | str | None = 'ou=netgroups') → LDAPNetgroup[SambaHost, Samba, SambaUser]

Get netgroup object.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example_netgroup(client: Client, samba: Samba):
    # Create user
    user = samba.user("user-1").add()

    # Create two netgroups
    ng1 = samba.netgroup("ng-1").add()
    ng2 = samba.netgroup("ng-2").add()

    # Add user and ng2 as members to ng1
    ng1.add_member(user=user)
    ng1.add_member(ng=ng2)

    # Add host as member to ng2
    ng2.add_member(host="client")

    # Start SSSD
    client.sssd.start()

    # Call `getent netgroup ng-1` and assert the results
    result = client.tools.getent.netgroup("ng-1")
    assert result is not None
    assert result.name == "ng-1"
    assert len(result.members) == 2
    assert "(-,user-1,)" in result.members
    assert "(client,-,)" in result.members

Parameters:

• name (str) – Netgroup name.

• basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=netgroups

Returns:

New netgroup object.

Return type:

SambaNetgroup

computer(name: str) → SambaComputer

Get computer object.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example(client: Client, samba: Samba):
    # Create OU
    ou = samba.ou("test").add().dn
    # Move computer object
    samba.computer(client.host.hostname.split(".")[0]).move(ou)

    client.sssd.start()

Parameters:

name (str) – Computer name.

Returns:

New computer object.

Return type:

SambaComputer

dns() → SambaDNSServer

Get DNS server object.

Get methods use dig and is parsed by jc. The data from jc contains several nested dict, but two are returned as a tuple, answer, authority.

Example usage

# Create forward zone and add forward record
zone = samba.dns().zone("example.test").create()
zone.add_record("client", "172.16.200.15")

# Create reverse zone and add reverse record
zone = samba.dns().zone("10.0.10.in-addr.arpa").create()
zone.add_ptr_record("client.example.test", 15)

# Add forward record to default domain
samba.dns().zone(samba.domain).add_record("client", "1.2.3.4")

# Add a global forwarder
samba.dns().add_forwarder("1.1.1.1")

# Remove a global forwarder
samba.dns().remove_forwarder("1.1.1.1")

 # Clear all forwarders
 samba.dns().clear_forwarders()

gpo(name: str) → SambaGPO

Get group policy object.

Example usage

@pytest.mark.topology(KnownTopology.AD)
def test_ad__gpo_is_set_to_enforcing(client: Client, samba: Samba):
    user = ad.user("user").add()
    allow_user = ad.user("allow_user").add()
    deny_user = ad.user("deny_user").add()

    provider.gpo("test policy").add().policy(
        {
        "SeInteractiveLogonRight": [allow_user, provider.group("Domain Admins")],
        "SeRemoteInteractiveLogonRight": [allow_user, provider.group("Domain Admins")],
        "SeDenyInteractiveLogonRight": [deny_user],
        "SeDenyRemoteInteractiveLogonRight": [deny_user],
        }
    ).link()

    client.sssd.domain["ad_gpo_access_control"] = "enforcing"
    client.sssd.start()

    assert client.auth.ssh.password(username="allow_user", password="Secret123")
    assert not client.auth.ssh.password(username="user", password="Secret123")
    assert not client.auth.ssh.password(username="deny_user", password="Secret123")

Parameters:

name (str) – Name of the GPO.

Returns:

New GPO object.

Return type:

SambaGPO

ou(name: str, basedn: LDAPObject | str | None = None) → SambaOrganizationalUnit

Get organizational unit object.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example(client: Client, samba: Samba):
    # Create organizational unit for sudo rules
    ou = samba.ou('mysudoers').add()

    # Create user
    samba.user('user-1').add()

    # Create sudo rule
    samba.sudorule('testrule', basedn=ou).add(user='ALL', host='ALL', command='/bin/ls')

    client.sssd.common.sudo()
    client.sssd.start()

    # Test that user can run /bin/ls
    assert client.auth.sudo.run('user-1', 'Secret123', command='/bin/ls')

Parameters:

• name (str) – Unit name.

• basedn (LDAPObject | str | None, optional) – Base dn, defaults to None

Returns:

New organizational unit object.

Return type:

SambaOrganizationalUnit

site(name: str) → SambaSite

Get site object.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example(client: Client, samba: Samba):
    # Create New Site, this name cannot contain spaces
    site = samba.site('New-Site').add()

Parameters:

name (str, cannot contain spaces) – Site name.

Returns:

New site object.

Return type:

SambaSite

sudorule(name: str, basedn: LDAPObject | str | None = 'ou=sudoers') → SambaSudoRule

Get sudo rule object.

Example usage

@pytest.mark.topology(KnownTopology.Samba)
def test_example(client: Client, samba: Samba):
    user = samba.user('user-1').add(password="Secret123")
    samba.sudorule('testrule').add(user=user, host='ALL', command='/bin/ls')

    client.sssd.common.sudo()
    client.sssd.start()

    # Test that user can run /bin/ls
    assert client.auth.sudo.run('user-1', 'Secret123', command='/bin/ls')

Parameters:

• name (str) – Rule name.

• basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=sudoers

Returns:

New sudo rule object.

Return type:

SambaSudoRule

class sssd_test_framework.roles.samba.SambaObject(role: Samba, command: str, name: str)

Bases: BaseObject

Base class for Samba DC object management.

Provides shortcuts for command execution and implementation of get(), get_attrs(), and delete() methods.

Parameters:

• role (Samba) – Samba role object.

• command (str) – Samba command group.

• name (str) – Object name.

command: str

Samba-tool command.

name: str

Object name.

naming_context: str

Domain naming context.

delete() → None

Delete Samba object.

get_attrs(attrs: list[str] | None = None) → dict[str, list[str]]

Get Samba object attributes from LDAP.

Parameters:

attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

Returns:

Dictionary with attribute name as a key.

Return type:

dict[str, list[str]]

property dn: str

Object’s distinguished name.

property cn: str

Object’s distinguished name.

property sid: str

Object’s security identifier.

class sssd_test_framework.roles.samba.SambaComputer(role: Samba, name: str)

Bases: SambaObject, GenericComputer

Samba computer management.

SambaComputer implements GenericComputer for static typing and provider-agnostic tests.

Parameters:

• role (Samba) – Samba role object.

• name (str) – Computer name.

property name: str

Computer name.

Implements GenericComputer.name.

move(target: str) → SambaComputer

Move a computer object.

Implements GenericComputer.move().

Parameters:

target (str) – Target path.

Returns:

Self.

Return type:

SambaComputer

class sssd_test_framework.roles.samba.SambaPasswordPolicy(role: Samba)

Bases: GenericPasswordPolicy

Samba domain password policy management.

SambaPasswordPolicy implements GenericPasswordPolicy for static typing and provider-agnostic tests. Settings apply via samba-tool domain passwordsettings.

Parameters:

role (Samba) – Samba role object.

complexity(enable: bool) → SambaPasswordPolicy

Enable or disable password complexity.

Implements GenericPasswordPolicy.complexity().

Parameters:

enable (bool) – Enable or disable password complexity.

Returns:

Self.

Return type:

SambaPasswordPolicy

lockout(duration: int, attempts: int) → SambaPasswordPolicy

Set lockout duration and login attempts.

Implements GenericPasswordPolicy.lockout().

Parameters:

• duration (int) – Duration of lockout in seconds, converted to minutes.

• attempts (int) – Number of login attempts.

Returns:

Self.

Return type:

SambaPasswordPolicy

class sssd_test_framework.roles.samba.SambaUser(role: Samba, name: str)

Bases: SambaObject, GenericUser

Samba user management.

SambaUser implements GenericUser for static typing and provider-agnostic tests. Samba-specific keyword arguments on modify() are in addition to the generic API.

Parameters:

• role (Samba) – Samba role object.

• name (str) – User name.

property name: str

User name.

Implements GenericUser.name.

get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get user attributes.

Implements GenericUser.get(). Use SambaObject.get_attrs() when a non-optional attribute dictionary is required. LDAP opattrs is ignored.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – Ignored (LDAP-only); present for GenericUser API compatibility.

Returns:

Dictionary with attribute name as a key.

Return type:

dict[str, list[str]] | None

add(*, uid: int | None = None, gid: int | None = None, password: str = 'Secret123', home: str | None = None, gecos: str | None = None, shell: str | None = None, email: str | None = None) → SambaUser

Create new Samba user.

Parameters that are not set are ignored.

Parameters:

• uid (int | None, optional) – User id, defaults to None

• gid (int | None, optional) – Primary group id, defaults to None

• password (str, optional) – Password, defaults to ‘Secret123’

• home (str | None, optional) – Home directory, defaults to None

• gecos (str | None, optional) – GECOS, defaults to None

• shell (str | None, optional) – Login shell, defaults to None

• email (str | None, optional) – Email, defaults to None (= user@domain)

Returns:

Self.

Return type:

SambaUser

modify(*, uid: int | DeleteAttribute | None = None, gid: int | DeleteAttribute | None = None, password: str | DeleteAttribute | None = None, home: str | DeleteAttribute | None = None, gecos: str | DeleteAttribute | None = None, shell: str | DeleteAttribute | None = None, email: str | DeleteAttribute | None = None) → SambaUser

Modify existing Samba user.

Implements GenericUser.modify(). Parameters that are not set are ignored. If needed, you can delete an attribute by setting the value to Delete.

Parameters:

• uid (int | DeleteAttribute | None, optional) – User id, defaults to None

• gid (int | DeleteAttribute | None, optional) – Primary group id, defaults to None

• password (str | DeleteAttribute | None, optional) – Password, defaults to None

• home (str | DeleteAttribute | None, optional) – Home directory, defaults to None

• gecos (str | DeleteAttribute | None, optional) – GECOS, defaults to None

• shell (str | DeleteAttribute | None, optional) – Login shell, defaults to None

• email (str | DeleteAttribute | None, optional) – Email, defaults to None

Returns:

Self.

Return type:

SambaUser

reset(password: str | None = 'Secret123') → SambaUser

Reset user password.

Implements GenericUser.reset().

Parameters:

password (str | None, optional) – Password, defaults to ‘Secret123’

Returns:

Self.

Return type:

SambaUser

expire(expiration: str | None = '19700101000000') → SambaUser

Set user password expiration date and time.

Implements GenericUser.expire().

Parameters:

expiration (str | None, optional) – Date and time for user password expiration, defaults to 19700101000000

Returns:

Self.

Return type:

SambaUser

password_change_at_logon(**kwargs) → SambaUser

Force user to change password next logon.

Implements GenericUser.password_change_at_logon().

Returns:

Self.

Return type:

SambaUser

passkey_add(passkey_mapping: str) → SambaUser

Add passkey mapping to the user.

Implements GenericUser.passkey_add().

Parameters:

passkey_mapping (str) – Passkey mapping generated by sssctl passkey-register

Returns:

Self.

Return type:

SambaUser

passkey_remove(passkey_mapping: str) → SambaUser

Remove passkey mapping from the user.

Implements GenericUser.passkey_remove().

Parameters:

passkey_mapping (str) – Passkey mapping generated by sssctl passkey-register

Returns:

Self.

Return type:

SambaUser

class sssd_test_framework.roles.samba.SambaGroup(role: Samba, name: str)

Bases: SambaObject, GenericGroup

Samba group management.

SambaGroup implements GenericGroup for static typing and provider-agnostic tests. Samba-specific keyword arguments on add() are in addition to the generic API.

Parameters:

• role (Samba) – Samba role object.

• name (str) – Group name.

property name: str

Group name.

Implements GenericGroup.name.

get(attrs: list[str] | None = None, *, opattrs: bool = False) → dict[str, list[str]] | None

Get group attributes.

Implements GenericGroup.get(). Use SambaObject.get_attrs() when a non-optional attribute dictionary is required. LDAP opattrs is ignored.

Parameters:

• attrs (list[str] | None, optional) – If set, only requested attributes are returned, defaults to None

• opattrs (bool, optional) – Ignored (LDAP-only); present for GenericGroup API compatibility.

Returns:

Dictionary with attribute name as a key.

Return type:

dict[str, list[str]] | None

add(*, gid: int | None = None, description: str | None = None, scope: str = 'Global', category: str = 'Security') → SambaGroup

Create new Samba group.

Implements GenericGroup.add(); scope and category are Samba-specific.

Parameters:

• gid (int | None, optional) – Group id, defaults to None

• description (str | None, optional) – Description, defaults to None

• scope (str, optional) – Scope (‘Global’, ‘Universal’, ‘DomainLocal’), defaults to ‘Global’

• category (str, optional) – Category (‘Distribution’, ‘Security’), defaults to ‘Security’

Returns:

Self.

Return type:

SambaGroup

modify(*, gid: int | DeleteAttribute | None = None, description: str | DeleteAttribute | None = None) → SambaGroup

Modify existing Samba group.

Implements GenericGroup.modify(). Parameters that are not set are ignored. If needed, you can delete an attribute by setting the value to Delete.

Parameters:

• gid (int | DeleteAttribute | None, optional) – Group id, defaults to None

• description (str | DeleteAttribute | None, optional) – Description, defaults to None

Returns:

Self.

Return type:

SambaGroup

add_member(member: GenericUser | GenericGroup | str) → SambaGroup

Add group member.

Implements GenericGroup.add_member().

Parameters:

member (GroupMemberField) – User or group to add as a member.

Returns:

Self.

Return type:

SambaGroup

add_members(members: list[GenericUser | GenericGroup | str]) → SambaGroup

Add multiple group members.

Implements GenericGroup.add_members().

Parameters:

members (list[GroupMemberField]) – List of users or groups to add as members.

Returns:

Self.

Return type:

SambaGroup

remove_member(member: GenericUser | GenericGroup | str) → SambaGroup

Remove group member.

Implements GenericGroup.remove_member().

Parameters:

member (GroupMemberField) – User or group to remove from the group.

Returns:

Self.

Return type:

SambaGroup

remove_members(members: list[GenericUser | GenericGroup | str]) → SambaGroup

Remove multiple group members.

Implements GenericGroup.remove_members().

Parameters:

members (list[GroupMemberField]) – List of users or groups to remove from the group.

Returns:

Self.

Return type:

SambaGroup

class sssd_test_framework.roles.samba.SambaOrganizationalUnit(role: LDAPRoleType, name: str, basedn: LDAPObject | str | None = None)

Bases: LDAPOrganizationalUnit[SambaHost, Samba], GenericOrganizationalUnit

Samba organizational unit management.

SambaOrganizationalUnit implements GenericOrganizationalUnit for static typing and provider-agnostic tests.

Parameters:

• role (LDAPRoleType) – LDAP role object.

• name (str) – Unit name.

• basedn (LDAPObject | str | None, optional) – Base dn, defaults to None

property name: str

OU name.

Implements GenericOrganizationalUnit.name.

add(name: str | None = None) → SambaOrganizationalUnit

Create new Samba organizational unit.

Implements GenericOrganizationalUnit.add(). The optional name argument is accepted for API compatibility; the OU name is taken from Samba.ou().

Parameters:

name (str | None) – Unused; OU name is set when the object is created.

Returns:

Self.

Return type:

SambaOrganizationalUnit

class sssd_test_framework.roles.samba.SambaAutomount(role: LDAPRoleType)

Bases: LDAPAutomount[SambaHost, Samba], GenericAutomount

Samba automount management.

SambaAutomount implements GenericAutomount for static typing and provider-agnostic tests. The optional basedn argument on map() is Samba-specific and is not part of the generic API.

Parameters:

role (LDAPRoleType) – LDAP role object.

map(name: str, basedn: LDAPObject | str | None = 'ou=autofs') → LDAPAutomountMap[SambaHost, Samba]

Get automount map object.

Implements GenericAutomount.map(); basedn selects the LDAP container for the map (defaults to ou=autofs).

Parameters:

• name (str) – Automount map name.

• basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=autofs

Returns:

New automount map object.

Return type:

LDAPAutomountMap[SambaHost, Samba]

key(name: str, map: GenericAutomountMap) → LDAPAutomountKey[SambaHost, Samba]

Get automount key object.

Implements GenericAutomount.key().

Parameters:

• name (str) – Automount key name.

• map (GenericAutomountMap) – Automount map that is a parent to this key.

Returns:

New automount key object.

Return type:

LDAPAutomountKey[SambaHost, Samba]

class sssd_test_framework.roles.samba.SambaSudoRule(role: LDAPRoleType, user_cls: type[LDAPUserType], group_cls: type[LDAPGroupType], name: str, basedn: LDAPObject | str | None = 'ou=sudoers')

Bases: LDAPSudoRule[SambaHost, Samba, SambaUser, SambaGroup], GenericSudoRule

Samba sudo rule management.

SambaSudoRule implements GenericSudoRule for static typing and provider-agnostic tests. int values (SID fragments as #N), notbefore / notafter, and DeleteAttribute on modify() are in addition to the generic API.

Parameters:

• role (LDAPRoleType) – LDAP role object.

• user_cls (type[LDAPUserType]) – User class.

• group_cls (type[LDAPGroupType]) – Group class-

• name (str) – Sudo rule name.

• basedn (LDAPObject | str | None, optional) – Base dn, defaults to ou=sudoers

property name: str

Sudo rule name.

Implements GenericSudoRule.name.

add(*, user: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int | list[str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int] = None, host: str | ProtocolName | list[str | ProtocolName] | None = None, command: str | ProtocolName | list[str | ProtocolName] | None = None, option: str | list[str] | None = None, runasuser: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int | list[str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int] = None, runasgroup: str | GenericGroup | ProtocolName | list[str | GenericGroup | ProtocolName] | None | int | list[str | GenericGroup | ProtocolName | list[str | GenericGroup | ProtocolName] | None | int] = None, notbefore: str | list[str] | None = None, notafter: str | list[str] | None = None, order: int | list[int] | None = None, nopasswd: bool | None = None) → SambaSudoRule

Create new sudo rule.

Implements GenericSudoRule.add(). notbefore and notafter are LDAP-specific and are not part of the generic API.

Returns:

Self.

Return type:

SambaSudoRule

modify(*, user: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int | list[str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int] | DeleteAttribute = None, host: str | ProtocolName | list[str | ProtocolName] | None | DeleteAttribute = None, command: str | ProtocolName | list[str | ProtocolName] | None | DeleteAttribute = None, option: str | list[str] | DeleteAttribute | None = None, runasuser: str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int | list[str | GenericUser | GenericGroup | ProtocolName | list[str | GenericUser | GenericGroup | ProtocolName] | None | int] | DeleteAttribute = None, runasgroup: str | GenericGroup | ProtocolName | list[str | GenericGroup | ProtocolName] | None | int | list[str | GenericGroup | ProtocolName | list[str | GenericGroup | ProtocolName] | None | int] | DeleteAttribute = None, notbefore: str | list[str] | DeleteAttribute | None = None, notafter: str | list[str] | DeleteAttribute | None = None, order: int | list[int] | DeleteAttribute | None = None, nopasswd: bool | None = None) → SambaSudoRule

Modify existing sudo rule.

Implements GenericSudoRule.modify(). notbefore and notafter are LDAP-specific and are not part of the generic API.

Returns:

Self.

Return type:

SambaSudoRule

class sssd_test_framework.roles.samba.SambaGPO(role: Samba, name: str)

Bases: SambaObject, GenericGPO

Samba group policy object management.

SambaGPO implements GenericGPO for static typing and provider-agnostic tests.

Parameters:

• role (Samba) – Samba role object.

• name (str) – GPO display name.

target: str | None

Group policy target.

search_base: str

Group policy search base.

credentials: str

Credentials to manage GPOs.

property name: str

GPO display name.

Implements GenericGPO.name.

get(key: str) → str | None

Get GPO attribute value.

Implements GenericGPO.get().

Parameters:

key (str) – LDAP attribute name.

Returns:

Attribute value.

Return type:

str | None

add() → SambaGPO

Add a group policy object.

Implements GenericGPO.add().

Returns:

Self.

Return type:

SambaGPO

delete() → None

Delete group policy object.

Implements GenericGPO.delete().

link(target: str | None = None, enforced: bool | None = False, disabled: bool | None = False) → SambaGPO

Link the group policy to the target object inside the directory, a site, domain or an ou.

Implements GenericGPO.link().

Parameters:

• target (str, optional) – Group policy target, defaults to ‘Default-First-Site-Name’

• enforced (bool, optional) – Enforced the policy

• disabled (bool, optional) – Disable the policy

Returns:

Samba group policy object

Return type:

SambaGPO

unlink() → None

Unlink the group policy from the target.

Implements GenericGPO.unlink().

permissions(target: str, permission_level: str, target_type: str | None = 'Group') → SambaGPO

Configure GPO permissions.

Implements GenericGPO.permissions().

Raises:

NotImplementedError – Samba GPO permission management is not implemented.

policy(logon_rights: dict[str, list[Any]], cfg: dict[str, Any] | None = None) → SambaGPO

Group policy configuration.

Implements GenericGPO.policy().

This method does the remaining configuration of the group policy. It updates ‘GptTmpl.inf’ with security logon right keys with the SIDs of users and groups objects. The Remote keys can be omitted, in which the interactive key’s value will then be used.

To add users and groups to the policy, the SID must be used for the values. The values need to be prefixed with an ‘*’ and use a comma for a de-limiter, i.e. *SID1-2-3-4,*SID-5-6-7-8

Additionally, gPCMachineExtensionNames need to be updated in the directory so the GPO is readable to the client. The value is a list of Client Side Extensions (CSEs), that is an index of what part of the policy is pushed and processed by the client.

Parameters:

• logon_rights (dict[str, list[Any]]) – List of logon rights.

• cfg (dict[str, Any] | None, optional) – Extra configuration for GptTmpl.inf file, defaults to None

Returns:

Samba Group policy object

Return type:

SambaGPO

class sssd_test_framework.roles.samba.SambaDNSServer(role: Samba)

Bases: GenericDNSServer

Samba DNS server management.

SambaDNSServer implements GenericDNSServer for static typing and provider-agnostic tests.

Parameters:

role (Samba) – Samba role object.

domain: str

Domain name.

server: str

Server name.

naming_context: str

Naming context.

credentials: str

Credentials to manage GPOs.

smb_conf: str

zone(name: str) → SambaDNSZone

Get DNS zone object.

Implements GenericDNSServer.zone().

Parameters:

name (str) – Zone name.

Returns:

DNS zone object.

Return type:

SambaDNSZone

get_forwarders() → list[str]

Get DNS global forwarders.

Global forwarders are configured in /etc/samba/smb.conf.

Returns:

List of forwarder IP addresses (empty if none are configured).

Return type:

list[str]

add_forwarder(ip_address: str) → SambaDNSServer

Add a DNS server forwarder.

Parameters:

ip_address (str) – IP address.

Returns:

Self.

Return type:

SambaDNSServer

remove_forwarder(ip_address: str) → None

Remove a DNS server forwarder.

Parameters:

ip_address (str) – IP address.

clear_forwarders() → None

Clear all DNS server forwarders.

Samba has one global forwarder enabled by default.

list_zones() → list[str]

List zones.

Returns:

List of zones.

Return type:

list[str]

class sssd_test_framework.roles.samba.SambaDNSZone(role: Samba, name: str)

Bases: SambaDNSServer, GenericDNSZone

Samba DNS zone management.

SambaDNSZone implements GenericDNSZone for static typing and provider-agnostic tests.

Parameters:

• role (Samba) – Samba role object.

• name (str) – DNS zone name.

zone_name: str

Zone name.

create() → SambaDNSZone

Create new zone.

Implements GenericDNSZone.create().

Returns:

Self.

Return type:

SambaDNSZone

delete() → None

Delete zone.

Implements GenericDNSZone.delete().

add_record(name: str, data: str | int) → SambaDNSZone

Add DNS record.

Implements GenericDNSZone.add_record().

If data is a str, a forward record will be added. If an integer a reverse record will be added.

Parameters:

• name (str) – Record name.

• data (str | int) – Record data.

Returns:

Self.

Return type:

SambaDNSZone

delete_record(name: str) → None

Delete DNS record, both forward and reverse records are deleted.

Implements GenericDNSZone.delete_record().

Parameters:

name (str) – Name of the record.

print() → str

Print all DNS records in a zone as text.

Implements GenericDNSZone.print().

Returns:

Zone data as text.

Return type:

str