Test coverage plugin for pytest
by Simon Pichugin
Hi team,
we need some module that will show us how much lines of code
is covered by tests. We can use pytest-cov plugin for this.
For starters, it works only on lib389 repo. But we need to figure out
the way to measure a coverage for our 389-ds the C code base too.
To get it work we need:
1) install python-pytest-cov package from Fedora or EPEL repos
or
1) install pytest-cov from pip
2) add "--cov-config .coveragerc --cov=lib389" to py.test command to
execute tests with coverage plugin
We shouldn't measure coverage for lib389/tests directory while executing
tests.
I've already merged the patch that creates .coveragerc config file
to omit this directory.
https://fedorahosted.org/389/ticket/48407
Also, here you can find an example of pytest-cov output.
https://fedorahosted.org/389/ticket/48407#comment:5
Kind regards,
Simon
8 years, 2 months
SASL/EXTERNAL bind mech issue
by Simon Pichugin
Hi team,
I am trying to set up SASL/EXTERNAL binding mechanism.
I perform all actions from our docs (Administration guide)
First, I've set up SSL/TLS on the clean instance:
1) Cert was created and imported
2) Trusted CA cert was imported too
3) cert8.db, key3.db, secmod.db were copied to /etc/openldap/certs/
4) Config was changed to accept SSL/TLS
5) Setup was tested and everything worked perfectly
Then client certificate was created and approved by our CA.
openssl x509 -in client_ds.crt -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 16371655739931625967 (0xe333ce279b9c09ef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CZ, ST=Moravia, L=Brno, O=Default Company Ltd, OU=Dev, CN=Simon
Validity
Not Before: Feb 12 13:51:50 2016 GMT
Not After : Oct 21 13:51:50 2029 GMT
Subject: C=CZ, L=Default City, O=example.com, CN=simon pichugin/emailAddress=spichugi(a)redhat.com
After that certificate was imported to "userCertificate" attr of
our user (I've cut the attr output):
# spichugin, People, example.com
dn: uid=spichugin,ou=People,dc=example,dc=com
mail: spichugi(a)redhat.com
uid: spichugin
givenName: simon
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: pichugin
cn: simon pichugin
userPassword:: e1NTSEF9OVJhbUdER3prOE1JdENObnFJb3
userCertificate:: LS0tLS1CRUdJTiBDRVJUSUZJQ0FU
Next, /etc/dirsrv/slapd-stal/certmap.conf was modified with this contents:
certmap Example o=example.com
Example:DNComps
Example:FilterComps mail,cn
Also tried with this:
certmap Example cn=simon pichugin
Example:DNComps
Example:FilterComps mail,cn
Also I have added "olcTLSVerifyClient: demand" to /etc/openldap/slapd.d/cn\=config.ldif
/etc/openldap/ldap.conf contains only "TLS_CACERTDIR /etc/openldap/certs/", the rest options is by default
Then I've tested setup with this command:
[spichugi@rhel-ws ~]$ ldapsearch -H ldaps://rhel-ws.brq.redhat.com:636 -b "dc=example,dc=com" \
-Y EXTERNAL -U "dn:uid=spichugin,ou=People,dc=example,dc=com" -w Secret123 -d 1
ldap_url_parse_ext(ldaps://rhel-ws.brq.redhat.com:636)
ldap_create
ldap_url_parse_ext(ldaps://rhel-ws.brq.redhat.com:636/??base)
ldap_sasl_interactive_bind: user selected: EXTERNAL
ldap_int_sasl_bind: EXTERNAL
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP rhel-ws.brq.redhat.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS: certdb config: configDir='/etc/openldap/certs/' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: using moznss security dir /etc/openldap/certs/ prefix .
TLS: certificate [CN=rhel-ws.brq.redhat.com,OU=sdfsd,O=qwedasdf,L=VCrno,ST=Alabama,C=US] is valid
TLS certificate verification: subject: CN=rhel-ws.brq.redhat.com,OU=sdfsd,O=qwedasdf,L=VCrno,ST=Alabama,C=US, issuer: CN=Simon,OU=Dev,O=Default Company Ltd,L=Brno,ST=Moravia,C=CZ, cipher: AES-256, security level: high, secret key bits: 256, total key bits: 256, cache hits: 0, cache misses: 0, cache not reusable: 0
ldap_int_sasl_open: host=rhel-ws.brq.redhat.com
SASL/EXTERNAL authentication started
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed
Please, if someone has an idea what can be wrong, share it. :)
Thanks,
Simon
8 years, 2 months