Issue 49761 - Fix more CI test issues

Description: Mark conflict resolution test cases as 'xfail' (ds49591).
Fix SASL test. Fix Python 3 bytes issues in ds-replcheck tool.
Roll back a part of the PBKDF2_SHA256 schema fix because upgrade fails
without this part of the code.

https://pagure.io/389-ds-base/issue/49761

Reviewed by: vashirov, mreynolds (Thanks!)

dirsrvtests/tests/suites/replication/conflict_resolve_test.py

@@ -396,6 +396,8 @@ class TestTwoMasters:
             10. It should pass
         """
 
+        pytest.xfail("Issue 49591 - work in progress")
+
         M1 = topology_m2.ms["master1"]
         M2 = topology_m2.ms["master2"]
         test_users_m1 = UserAccounts(M1, test_base.dn, rdn=None)
@@ -485,6 +487,8 @@ class TestTwoMasters:
             8. It should pass
         """
 
+        pytest.xfail("Issue 49591 - work in progress")
+
         M1 = topology_m2.ms["master1"]
         M2 = topology_m2.ms["master2"]
         repl = ReplicationManager(SUFFIX)
@@ -574,6 +578,8 @@ class TestTwoMasters:
             14. It should pass
         """
 
+        pytest.xfail("Issue 49591 - work in progress")
+
         M1 = topology_m2.ms["master1"]
         M2 = topology_m2.ms["master2"]
         repl = ReplicationManager(SUFFIX)
@@ -785,6 +791,8 @@ class TestThreeMasters:
             8. It should pass
         """
 
+        pytest.xfail("Issue 49591 - work in progress")
+
         M1 = topology_m3.ms["master1"]
         M2 = topology_m3.ms["master2"]
         M3 = topology_m3.ms["master3"]

dirsrvtests/tests/suites/sasl/regression_test.py

@@ -54,11 +54,11 @@ def enable_ssl(server, ldapsport, mycert):
                               (ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', 'off'),
                               (ldap.MOD_REPLACE, 'nsslapd-secureport', ldapsport)])
 
-    server.rsa.create(properties={'objectclass': "top nsEncryptionModule".split(),
-                                  'cn': 'RSA',
-                                  'nsSSLPersonalitySSL': mycert,
-                                  'nsSSLToken': 'internal (software)',
-                                  'nsSSLActivation': 'on'})
+    server.rsa.ensure_state(properties={'objectclass': "top nsEncryptionModule".split(),
+                                        'cn': 'RSA',
+                                        'nsSSLPersonalitySSL': mycert,
+                                        'nsSSLToken': 'internal (software)',
+                                        'nsSSLActivation': 'on'})
 
 
 def check_pems(confdir, mycacert, myservercert, myserverkey, notexist):
@@ -126,6 +126,12 @@ def doAndPrintIt(cmdline):
 def create_keys_certs(topology_m2):
     log.info("\n######################### Creating SSL Keys and Certs ######################\n")
 
+    for inst in topology_m2:
+        log.info("##### Ensure that nsslapd-extract-pemfiles is 'off' on {}".format(inst.serverid))
+        inst.config.set('nsslapd-extract-pemfiles', 'off')
+        log.info("##### restart {}".format(inst.serverid))
+        inst.restart()
+
     global m1confdir
     m1confdir = topology_m2.ms["master1"].confdir
     global m2confdir

ldap/admin/src/scripts/ds-replcheck

@@ -110,6 +110,14 @@ def convert_entries(entries):
     for entry in entries:
         new_entry = Entry(entry)
         new_entry.data = {k.lower(): v for k, v in list(new_entry.data.items())}
+
+        # Decode nscpentrywsi bytes values for future use
+        nscpentrywsi_list = []
+        if 'nscpentrywsi' in new_entry.data:
+            for val in map(bytes.decode, new_entry.data['nscpentrywsi']):
+                nscpentrywsi_list.append(val)
+            new_entry.data['nscpentrywsi'] = nscpentrywsi_list
+
         if new_entry.dn.endswith("cn=mapping tree,cn=config"):
             '''Skip replica entry (ldapsearch brings this in because the filter
             we use triggers an internal operation to return the config entry - so

ldap/servers/slapd/config.c

@@ -36,6 +36,15 @@ extern char *localuser;
 char *rel2abspath(char *);
 
 static char *bootstrap_plugins[] = {
+    "dn: cn=PBKDF2_SHA256,cn=Password Storage Schemes,cn=plugins,cn=config\n"
+    "objectclass: top\n"
+    "objectclass: nsSlapdPlugin\n"
+    "cn: PBKDF2_SHA256\n"
+    "nsslapd-pluginpath: libpwdstorage-plugin\n"
+    "nsslapd-plugininitfunc: pbkdf2_sha256_pwd_storage_scheme_init\n"
+    "nsslapd-plugintype: pwdstoragescheme\n"
+    "nsslapd-pluginenabled: on",
+
     NULL
 };