Issue 49761 - Fix CI test suite issues

Description:
Fix various failures on older releases for tier1 tests

Relates https://pagure.io/389-ds-base/issue/49761

Reviewed by: spichugi (Thanks!)

dirsrvtests/tests/suites/automember_plugin/automember_test.py

@@ -140,6 +140,7 @@ def test_adduser(automember_fixture, topo):
     assert group.is_member(user.dn)
     user.delete()
 
[email protected](ds_is_older("1.4.1.2"), reason="Not implemented")
 def test_delete_default_group(automember_fixture, topo):
     """If memberof is enable and a user became member of default group
     because of automember rule then delete the default group should succeeds
@@ -178,6 +179,7 @@ def test_delete_default_group(automember_fixture, topo):
         user_1.delete()
         topo.standalone.setLogLevel(0)
 
[email protected](ds_is_older("1.4.1.2"), reason="Not implemented")
 def test_delete_target_group(automember_fixture, topo):
     """If memberof is enabld and a user became member of target group
     because of automember rule then delete the target group should succeeds

dirsrvtests/tests/suites/ds_tools/replcheck_test.py

@@ -367,16 +367,18 @@ def test_inconsistencies(topo_tls_ldapi):
             assert attr_m1 in result
             assert attr_m2 in result
             assert attr_m1_only in result
-            assert attr_first not in result
-            assert attr_second not in result
+            if ds_is_newer("1.4.1.2"):
+                assert attr_first not in result
+                assert attr_second not in result
             # Ignore some attributes and check the output
             tool_cmd.extend(['-i', '{},{}'.format('description', 'telephonenumber')])
             result = subprocess.check_output(tool_cmd, encoding='utf-8').lower()
             assert attr_m1 not in result
             assert attr_m2 not in result
             assert attr_m1_only not in result
-            assert attr_first not in result
-            assert attr_second not in result
+            if ds_is_newer("1.4.1.2"):
+                assert attr_first not in result
+                assert attr_second not in result
 
     finally:
         topo_tls_ldapi.resume_all_replicas()

dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py

@@ -242,7 +242,7 @@ def test_memory_corruption(topology_m2):
     ############################################################################
     check_replicas(topology_m2)
 
-
+@pytest.mark.tier2
 def test_stress(topology_m2):
     """Test plugins while under a big load. Perform the test 5 times
 

dirsrvtests/tests/suites/import/regression_test.py

@@ -10,8 +10,6 @@ from lib389.backend import Backends
 from lib389.properties import TASK_WAIT
 from lib389.utils import time, ldap, os, logging
 from lib389.topologies import topology_st as topo
-from lib389._constants import BACKEND_NAME, BACKEND_SUFFIX
-
 from lib389.dbgen import dbgen
 
 pytestmark = pytest.mark.tier1
@@ -52,8 +50,8 @@ def test_import_be_default(topo):
     log.info('Adding suffix:{} and backend: {}...'.format(TEST_DEFAULT_SUFFIX,
                                                           TEST_DEFAULT_NAME))
     backends = Backends(topo.standalone)
-    backends.create(properties={BACKEND_SUFFIX: TEST_DEFAULT_SUFFIX,
-                                BACKEND_NAME: TEST_DEFAULT_NAME})
+    backends.create(properties={'nsslapd-suffix': TEST_DEFAULT_SUFFIX,
+                                'name': TEST_DEFAULT_NAME})
 
     log.info('Create LDIF file and import it...')
     ldif_dir = topo.standalone.get_ldif_dir()
@@ -91,7 +89,8 @@ def test_del_suffix_import(topo):
 
     log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX1, TEST_BACKEND1))
     backends = Backends(topo.standalone)
-    backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX1, BACKEND_NAME: TEST_BACKEND1})
+    backend = backends.create(properties={'nsslapd-suffix': TEST_SUFFIX1,
+                                          'name': TEST_BACKEND1})
 
     log.info('Create LDIF file and import it')
     ldif_dir = topo.standalone.get_ldif_dir()
@@ -108,7 +107,8 @@ def test_del_suffix_import(topo):
     backend.delete()
 
     log.info('Adding the same database-{} after deleting it'.format(TEST_BACKEND1))
-    backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX1, BACKEND_NAME: TEST_BACKEND1})
+    backends.create(properties={'nsslapd-suffix': TEST_SUFFIX1,
+                                'name': TEST_BACKEND1})
 
 
 def test_del_suffix_backend(topo):
@@ -127,7 +127,8 @@ def test_del_suffix_backend(topo):
 
     log.info('Adding suffix:{} and backend: {}'.format(TEST_SUFFIX2, TEST_BACKEND2))
     backends = Backends(topo.standalone)
-    backend = backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX2, BACKEND_NAME: TEST_BACKEND2})
+    backend = backends.create(properties={'nsslapd-suffix': TEST_SUFFIX2,
+                                           'name': TEST_BACKEND2})
 
     log.info('Create LDIF file and import it')
     ldif_dir = topo.standalone.get_ldif_dir()
@@ -141,7 +142,8 @@ def test_del_suffix_backend(topo):
     backend.delete()
 
     log.info('Adding the same database-{} after deleting it'.format(TEST_BACKEND2))
-    backends.create(properties={BACKEND_SUFFIX: TEST_SUFFIX2, BACKEND_NAME: TEST_BACKEND2})
+    backends.create(properties={'nsslapd-suffix': TEST_SUFFIX2,
+                                'name': TEST_BACKEND2})
     log.info('Checking if server can be restarted after re-adding the same database')
     topo.standalone.restart()
     assert not topo.standalone.detectDisorderlyShutdown()

dirsrvtests/tests/suites/password/pwp_history_test.py

@@ -183,35 +183,36 @@ def test_basic(topology_st):
         log.fatal('Failed to attempt to change password: ' + str(e))
         assert False
 
-    #
-    # Test passwordInHistory to 0
-    #
-    try:
-        topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
-    except ldap.LDAPError as e:
-        log.fatal('Failed to bind as rootDN: ' + str(e))
-        assert False
+    if ds_is_newer("1.4.1.2"):
+        #
+        # Test passwordInHistory to 0
+        #
+        try:
+            topology_st.standalone.simple_bind_s(DN_DM, PASSWORD)
+        except ldap.LDAPError as e:
+            log.fatal('Failed to bind as rootDN: ' + str(e))
+            assert False
 
-    try:
-        topology_st.standalone.config.replace('passwordInHistory', '0')
-        log.info('Configured passwordInHistory to 0.')
-    except ldap.LDAPError as e:
-        log.fatal('Failed to configure password policy (passwordInHistory to 0): ' + str(e))
-        assert False
+        try:
+            topology_st.standalone.config.replace('passwordInHistory', '0')
+            log.info('Configured passwordInHistory to 0.')
+        except ldap.LDAPError as e:
+            log.fatal('Failed to configure password policy (passwordInHistory to 0): ' + str(e))
+            assert False
 
-    # Verify the older passwords in the entry (passwordhistory) are ignored
-    user.rebind('password-reset')
-    user.set('userpassword', 'password4')
-    try:
+        # Verify the older passwords in the entry (passwordhistory) are ignored
+        user.rebind('password-reset')
         user.set('userpassword', 'password4')
-        log.fatal('Incorrectly able to to set password to current password4.')
-        log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
-        assert False
-    except ldap.CONSTRAINT_VIOLATION:
-        log.info('Password change correctly rejected')
-    except ldap.LDAPError as e:
-        log.fatal('Failed to attempt to change password: ' + str(e))
-        assert False
+        try:
+            user.set('userpassword', 'password4')
+            log.fatal('Incorrectly able to to set password to current password4.')
+            log.error('password history: ' + str(user.get_attr_vals('passwordhistory')))
+            assert False
+        except ldap.CONSTRAINT_VIOLATION:
+            log.info('Password change correctly rejected')
+        except ldap.LDAPError as e:
+            log.fatal('Failed to attempt to change password: ' + str(e))
+            assert False
 
     # Need to make one successful update so history list is reset
     user.set('userpassword', 'password5')

dirsrvtests/tests/suites/plugins/acceptance_test.py

@@ -465,8 +465,7 @@ def test_automember(topo, args=None):
     # If args is None then we run the test suite as pytest standalone and it's not dynamic
     if args is None:
         inst.restart()
-
-    task = plugin.fixup(branch2.dn, 'objectclass=top')
+    task = plugin.fixup(branch2.dn, _filter='objectclass=top')
     task.wait()
 
     # Verify the fixup task worked
@@ -774,7 +773,7 @@ def test_linkedattrs(topo, args=None):
         inst.restart()
 
     # Add the task again
-    task = plugin.fixup(DEFAULT_SUFFIX, 'objectclass=top')
+    task = plugin.fixup(la_config.dn)
     task.wait()
 
     # Check if user2 now has a manager attribute now

dirsrvtests/tests/suites/plugins/dna_test.py

@@ -60,7 +60,7 @@ def test_dnatype_only_valid(topology_st):
 
     log.info("Creating DNA shared config entry...")
     shared_configs = DNAPluginSharedConfigs(inst, ou_ranges.dn)
-    shared_configs.create(properties={'dnaHostName': str(inst.host),
+    shared_configs.create(properties={'dnaHostname': str(inst.host),
                                       'dnaPortNum': str(inst.port),
                                       'dnaRemainingValues': '9501'})
 

dirsrvtests/tests/suites/plugins/pluginpath_validation_test.py

@@ -10,8 +10,7 @@ import pytest
 from lib389.tasks import *
 from lib389.utils import *
 from lib389.topologies import topology_st
-
-from lib389._constants import DEFAULT_SUFFIX, PLUGIN_WHOAMI
+from lib389.plugins import WhoamiPlugin
 
 pytestmark = pytest.mark.tier1
 
@@ -20,6 +19,7 @@ log = logging.getLogger(__name__)
 
 
 @pytest.mark.ds47384
[email protected]
 def test_pluginpath_validation(topology_st):
     """Test pluginpath validation: relative and absolute paths
     With the inclusion of ticket 47601 - we do allow plugin paths
@@ -44,15 +44,12 @@ def test_pluginpath_validation(topology_st):
          5. This should fail
     """
 
-    if os.geteuid() != 0:
-        log.warning('This script must be run as root')
-        return
-
-    os.system('setenforce 0')
-
-    PLUGIN_DN = 'cn=%s,cn=plugins,cn=config' % PLUGIN_WHOAMI
-    tmp_dir = topology_st.standalone.get_tmp_dir()
-    plugin_dir = topology_st.standalone.get_plugin_dir()
+    inst = topology_st.standalone
+    whoami = WhoamiPlugin(inst)
+    # /tmp nowadays comes with noexec bit set on some systems
+    # so instead let's write somewhere where dirsrv user has access
+    tmp_dir = inst.get_bak_dir()
+    plugin_dir = inst.get_plugin_dir()
 
     # Copy the library to our tmp directory
     try:
@@ -61,34 +58,37 @@ def test_pluginpath_validation(topology_st):
         log.fatal('Failed to copy %s/libwhoami-plugin.so to the tmp directory %s, error: %s' % (
         plugin_dir, tmp_dir, e.strerror))
         assert False
-    try:
-        shutil.copy('%s/libwhoami-plugin.la' % plugin_dir, tmp_dir)
-    except IOError as e:
-        log.warning('Failed to copy ' + plugin_dir +
-                 '/libwhoami-plugin.la to the tmp directory, error: '
-                 + e.strerror)
 
     #
     # Test adding valid plugin paths
     #
     # Try using the absolute path to the current library
-    topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
-                                                 'nsslapd-pluginPath', ensure_bytes('%s/libwhoami-plugin' % plugin_dir))])
+    whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % plugin_dir)
 
     # Try using new remote location
-    topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
-                                                 'nsslapd-pluginPath', ensure_bytes('%s/libwhoami-plugin' % tmp_dir))])
+    # If SELinux is enabled, plugin can't be loaded as it's not labeled properly
+    if selinux_present:
+        import selinux
+        if selinux.is_selinux_enabled():
+            with pytest.raises(ldap.UNWILLING_TO_PERFORM):
+                whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % tmp_dir)
+            # Label it with lib_t, so it can be executed
+            # We can't use selinux.setfilecon() here, because py.test needs to have mac_admin capability
+            # Instead we can call chcon directly:
+            subprocess.check_call(['/usr/bin/chcon', '-t', 'lib_t', '%s/libwhoami-plugin.so' % tmp_dir])
+    # And try to change the path again
+        whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % tmp_dir)
+    else:
+        whoami.replace('nsslapd-pluginPath', '%s/libwhoami-plugin' % tmp_dir)
 
     # Set plugin path back to the default
-    topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
-                                                 'nsslapd-pluginPath', b'libwhoami-plugin')])
+    whoami.replace('nsslapd-pluginPath', 'libwhoami-plugin')
 
     #
     # Test invalid path (no library present)
     #
     with pytest.raises(ldap.UNWILLING_TO_PERFORM):
-        topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
-                                                     'nsslapd-pluginPath', b'/bin/libwhoami-plugin')])
+        whoami.replace('nsslapd-pluginPath', '/bin/libwhoami-plugin')
         # No exception?! This is an error
         log.error('Invalid plugin path was incorrectly accepted by the server!')
 
@@ -96,8 +96,7 @@ def test_pluginpath_validation(topology_st):
     # Test invalid relative path (no library present)
     #
     with pytest.raises(ldap.UNWILLING_TO_PERFORM):
-        topology_st.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE,
-                                                     'nsslapd-pluginPath', b'../libwhoami-plugin')])
+        whoami.replace('nsslapd-pluginPath', '../libwhoami-plugin')
         # No exception?! This is an error
         log.error('Invalid plugin path was incorrectly accepted by the server!')
 

dirsrvtests/tests/suites/replication/regression_test.py

@@ -627,7 +627,7 @@ def test_online_reinit_may_hang(topo_with_sigkill):
     M1 = topo_with_sigkill.ms["master1"]
     M2 = topo_with_sigkill.ms["master2"]
     M1.stop()
-    ldif_file = '/tmp/master1.ldif'
+    ldif_file = '%s/master1.ldif' % M1.get_ldif_dir()
     M1.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX],
                excludeSuffixes=None, repl_data=True,
                outputfile=ldif_file, encrypt=False)

dirsrvtests/tests/suites/resource_limits/fdlimits_test.py

@@ -4,6 +4,7 @@ import os
 import ldap
 from lib389._constants import *
 from lib389.topologies import topology_st
+from lib389.utils import ds_is_older
 
 pytestmark = pytest.mark.tier1
 
@@ -16,7 +17,7 @@ CUSTOM_VAL = "9000"
 TOO_HIGH_VAL = "65536"
 TOO_LOW_VAL = "0"
 
-
+@pytest.mark.skipif(ds_is_older("1.4.1.2"), reason="Not implemented")
 def test_fd_limits(topology_st):
     """Test the default limits, and custom limits
 

dirsrvtests/tests/suites/sasl/regression_test.py

@@ -14,6 +14,7 @@ from lib389.tasks import *
 from lib389.utils import *
 from lib389.topologies import topology_m2
 from lib389._constants import *
+from lib389.replica import ReplicationManager
 
 pytestmark = [pytest.mark.tier1,
               pytest.mark.skipif(ds_is_older('1.3.5'), reason="Not implemented")]
@@ -43,25 +44,6 @@ def add_entry(server, name, rdntmpl, start, num):
                                  'sn': 'user%d' % (ii)})))
 
 
-def enable_ssl(server, ldapsport, mycert):
-    log.info("\n######################### Enabling SSL LDAPSPORT %s ######################\n" % ldapsport)
-    server.simple_bind_s(DN_DM, PASSWORD)
-    server.encryption.apply_mods([(ldap.MOD_REPLACE, 'nsSSL3', 'off'),
-                                  (ldap.MOD_REPLACE, 'nsTLS1', 'on'),
-                                  (ldap.MOD_REPLACE, 'nsSSLClientAuth', 'allowed'),
-                                  (ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all')])
-
-    server.config.apply_mods([(ldap.MOD_REPLACE, 'nsslapd-security', 'on'),
-                              (ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', 'off'),
-                              (ldap.MOD_REPLACE, 'nsslapd-secureport', ldapsport)])
-
-    server.rsa.ensure_state(properties={'objectclass': "top nsEncryptionModule".split(),
-                                        'cn': 'RSA',
-                                        'nsSSLPersonalitySSL': mycert,
-                                        'nsSSLToken': 'internal (software)',
-                                        'nsSSLActivation': 'on'})
-
-
 def check_pems(confdir, mycacert, myservercert, myserverkey, notexist):
     log.info("\n######################### Check PEM files (%s, %s, %s)%s in %s ######################\n"
              % (mycacert, myservercert, myserverkey, notexist, confdir))
@@ -107,253 +89,6 @@ def check_pems(confdir, mycacert, myservercert, myserverkey, notexist):
             log.info('%s is correctly not generated.' % serverkey)
 
 
-def doAndPrintIt(cmdline):
-    proc = subprocess.Popen(cmdline, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    log.info("      OUT:")
-    while True:
-        l = ensure_str(proc.stdout.readline())
-        if l == "":
-            break
-        log.info("      %s" % l)
-    log.info("      ERR:")
-    while True:
-        l = ensure_str(proc.stderr.readline())
-        if l == "" or l == "\n":
-            break
-        log.info("      <%s>" % l)
-        assert False
-
-
-def create_keys_certs(topology_m2):
-    log.info("\n######################### Creating SSL Keys and Certs ######################\n")
-
-    for inst in topology_m2:
-        log.info("##### Ensure that nsslapd-extract-pemfiles is 'off' on {}".format(inst.serverid))
-        inst.config.set('nsslapd-extract-pemfiles', 'off')
-        log.info("##### restart {}".format(inst.serverid))
-        inst.restart()
-
-    global m1confdir
-    m1confdir = topology_m2.ms["master1"].confdir
-    global m2confdir
-    m2confdir = topology_m2.ms["master2"].confdir
-
-    log.info("##### shutdown master1")
-    topology_m2.ms["master1"].stop()
-
-    log.info("##### Creating a password file")
-    pwdfile = '%s/pwdfile.txt' % (m1confdir)
-    os.system('rm -f %s' % pwdfile)
-    opasswd = os.popen("(ps -ef ; w ) | sha1sum | awk '{print $1}'", "r")
-    passwd = opasswd.readline()
-    pwdfd = open(pwdfile, "w")
-    pwdfd.write(passwd)
-    pwdfd.close()
-
-    log.info("##### create the pin file")
-    m1pinfile = '%s/pin.txt' % (m1confdir)
-    m2pinfile = '%s/pin.txt' % (m2confdir)
-    os.system('rm -f %s' % m1pinfile)
-    os.system('rm -f %s' % m2pinfile)
-    pintxt = 'Internal (Software) Token:%s' % passwd
-    pinfd = open(m1pinfile, "w")
-    pinfd.write(pintxt)
-    pinfd.close()
-    os.system('chmod 400 %s' % m1pinfile)
-
-    log.info("##### Creating a noise file")
-    noisefile = '%s/noise.txt' % (m1confdir)
-    noise = os.popen("(w ; ps -ef ; date ) | sha1sum | awk '{print $1}'", "r")
-    noisewdfd = open(noisefile, "w")
-    noisewdfd.write(noise.readline())
-    noisewdfd.close()
-    time.sleep(1)
-
-    cmdline = ['certutil', '-N', '-d', m1confdir, '-f', pwdfile]
-    log.info("##### Create key3.db and cert8.db database (master1): %s" % cmdline)
-    doAndPrintIt(cmdline)
-
-    cmdline = ['certutil', '-G', '-d', m1confdir, '-z', noisefile, '-f', pwdfile]
-    log.info("##### Creating encryption key for CA (master1): %s" % cmdline)
-    # os.system('certutil -G -d %s -z %s -f %s' % (m1confdir, noisefile, pwdfile))
-    doAndPrintIt(cmdline)
-
-    time.sleep(2)
-
-    log.info("##### Creating self-signed CA certificate (master1) -- nickname %s" % CACERT)
-    os.system(
-        '( echo y ; echo ; echo y ) | certutil -S -n "%s" -s "%s" -x -t "CT,," -m 1000 -v 120 -d %s -z %s -f %s -2' % (
-        CACERT, ISSUER, m1confdir, noisefile, pwdfile))
-
-    global M1SUBJECT
-    cmdline = ['certutil', '-S', '-n', M1SERVERCERT, '-s', M1SUBJECT, '-c', CACERT, '-t', ',,', '-m', '1001', '-v',
-               '120', '-d', m1confdir, '-z', noisefile, '-f', pwdfile]
-    log.info("##### Creating Server certificate -- nickname %s: %s" % (M1SERVERCERT, cmdline))
-    doAndPrintIt(cmdline)
-
-    time.sleep(2)
-
-    global M2SUBJECT
-    cmdline = ['certutil', '-S', '-n', M2SERVERCERT, '-s', M2SUBJECT, '-c', CACERT, '-t', ',,', '-m', '1002', '-v',
-               '120', '-d', m1confdir, '-z', noisefile, '-f', pwdfile]
-    log.info("##### Creating Server certificate -- nickname %s: %s" % (M2SERVERCERT, cmdline))
-    doAndPrintIt(cmdline)
-
-    time.sleep(2)
-
-    log.info("##### start master1")
-    topology_m2.ms["master1"].start()
-
-    log.info("##### enable SSL in master1 with all ciphers")
-    enable_ssl(topology_m2.ms["master1"], M1LDAPSPORT, M1SERVERCERT)
-
-    cmdline = ['certutil', '-L', '-d', m1confdir]
-    log.info("##### Check the cert db: %s" % cmdline)
-    doAndPrintIt(cmdline)
-
-    log.info("##### restart master1")
-    topology_m2.ms["master1"].restart()
-
-    log.info("##### Check PEM files of master1 (before setting nsslapd-extract-pemfiles")
-    check_pems(m1confdir, CACERT, M1SERVERCERT, M1SERVERCERT + '-Key', " not")
-
-    log.info("##### Set on to nsslapd-extract-pemfiles")
-    topology_m2.ms["master1"].config.set('nsslapd-extract-pemfiles', 'on')
-
-    log.info("##### restart master1")
-    topology_m2.ms["master1"].restart()
-
-    log.info("##### Check PEM files of master1 (after setting nsslapd-extract-pemfiles")
-    check_pems(m1confdir, CACERT, M1SERVERCERT, M1SERVERCERT + '-Key', "")
-
-    global mytmp
-    mytmp = '/tmp'
-    m2pk12file = '%s/%s.pk12' % (mytmp, M2SERVERCERT)
-    cmd = 'pk12util -o %s -n "%s" -d %s -w %s -k %s' % (m2pk12file, M2SERVERCERT, m1confdir, pwdfile, pwdfile)
-    log.info("##### Extract PK12 file for master2: %s" % cmd)
-    os.system(cmd)
-
-    log.info("##### Check PK12 files")
-    if os.path.isfile(m2pk12file):
-        log.info('%s is successfully extracted.' % m2pk12file)
-    else:
-        log.fatal('%s was not extracted.' % m2pk12file)
-        assert False
-
-    log.info("##### stop master2")
-    topology_m2.ms["master2"].stop()
-
-    log.info("##### Initialize Cert DB for master2")
-    cmdline = ['certutil', '-N', '-d', m2confdir, '-f', pwdfile]
-    log.info("##### Create key3.db and cert8.db database (master2): %s" % cmdline)
-    doAndPrintIt(cmdline)
-
-    log.info("##### Import certs to master2")
-    log.info('Importing %s' % CACERT)
-    global cacert
-    os.system('certutil -A -n "%s" -t "CT,," -f %s -d %s -a -i %s' % (CACERT, pwdfile, m2confdir, cacert))
-    cmd = 'pk12util -i %s -n "%s" -d %s -w %s -k %s' % (m2pk12file, M2SERVERCERT, m2confdir, pwdfile, pwdfile)
-    log.info('##### Importing %s to master2: %s' % (M2SERVERCERT, cmd))
-    os.system(cmd)
-    log.info('copy %s to %s' % (m1pinfile, m2pinfile))
-    os.system('cp %s %s' % (m1pinfile, m2pinfile))
-    os.system('chmod 400 %s' % m2pinfile)
-
-    log.info("##### start master2")
-    topology_m2.ms["master2"].start()
-
-    log.info("##### enable SSL in master2 with all ciphers")
-    enable_ssl(topology_m2.ms["master2"], M2LDAPSPORT, M2SERVERCERT)
-
-    log.info("##### restart master2")
-    topology_m2.ms["master2"].restart()
-
-    log.info("##### Check PEM files of master2 (before setting nsslapd-extract-pemfiles")
-    check_pems(m2confdir, CACERT, M2SERVERCERT, M2SERVERCERT + '-Key', " not")
-
-    log.info("##### Set on to nsslapd-extract-pemfiles")
-    topology_m2.ms["master2"].config.set('nsslapd-extract-pemfiles', 'on')
-
-    log.info("##### restart master2")
-    topology_m2.ms["master2"].restart()
-
-    log.info("##### Check PEM files of master2 (after setting nsslapd-extract-pemfiles")
-    check_pems(m2confdir, CACERT, M2SERVERCERT, M2SERVERCERT + '-Key', "")
-
-    log.info("##### restart master1")
-    topology_m2.ms["master1"].restart()
-
-    log.info("\n######################### Creating SSL Keys and Certs Done ######################\n")
-
-
-def config_tls_agreements(topology_m2):
-    log.info("######################### Configure SSL/TLS agreements ######################")
-    log.info("######################## master1 -- startTLS -> master2 #####################")
-    log.info("##################### master1 <- tls_clientAuth -- master2 ##################")
-
-    log.info("##### Update the agreement of master1")
-    m1 = topology_m2.ms["master1"]
-    m1_m2_agmt = m1.agreement.list(suffix=DEFAULT_SUFFIX)[0].dn
-
-    m1.agreement.setProperties(agmnt_dn=m1_m2_agmt, properties={RA_TRANSPORT_PROT: 'TLS'})
-
-    log.info("##### Add the cert to the repl manager on master1")
-    global mytmp
-    global m2confdir
-    m2servercert = '%s/%s.pem' % (m2confdir, M2SERVERCERT)
-    m2sc = open(m2servercert, "r")
-    m2servercertstr = ''
-    for l in m2sc.readlines():
-        if ((l == "") or l.startswith('This file is auto-generated') or
-                l.startswith('Do not edit') or l.startswith('Issuer:') or
-                l.startswith('Subject:') or l.startswith('-----')):
-            continue
-        m2servercertstr = "%s%s" % (m2servercertstr, l.rstrip())
-    m2sc.close()
-
-    log.info('##### master2 Server Cert in base64 format: %s' % m2servercertstr)
-
-    replmgr = defaultProperties[REPLICATION_BIND_DN]
-    rentry = m1.search_s(replmgr, ldap.SCOPE_BASE, 'objectclass=*')
-    log.info('##### Replication manager on master1: %s' % replmgr)
-    oc = 'ObjectClass'
-    log.info('      %s:' % oc)
-    if rentry:
-        for val in rentry[0].getValues(oc):
-            log.info('                 : %s' % val)
-    m1.modify_s(replmgr, [(ldap.MOD_ADD, oc, b'extensibleObject')])
-
-    global M2SUBJECT
-    m1.modify_s(replmgr, [(ldap.MOD_ADD, 'userCertificate;binary', base64.b64decode(m2servercertstr)),
-                          (ldap.MOD_ADD, 'description', ensure_bytes(M2SUBJECT))])
-
-    log.info("##### Modify the certmap.conf on master1")
-    m1certmap = '%s/certmap.conf' % (m1confdir)
-    os.system('chmod 660 %s' % m1certmap)
-    m1cm = open(m1certmap, "w")
-    m1cm.write('certmap Example %s\n' % ISSUER)
-    m1cm.write('Example:DNComps cn\n')
-    m1cm.write('Example:FilterComps\n')
-    m1cm.write('Example:verifycert  on\n')
-    m1cm.write('Example:CmapLdapAttr    description')
-    m1cm.close()
-    os.system('chmod 440 %s' % m1certmap)
-
-    log.info("##### Update the agreement of master2")
-    m2 = topology_m2.ms["master2"]
-    m2_m1_agmt = m2.agreement.list(suffix=DEFAULT_SUFFIX)[0].dn
-
-    m2.agreement.setProperties(agmnt_dn=m2_m1_agmt, properties={RA_TRANSPORT_PROT: 'TLS',
-                                                                RA_METHOD: 'SSLCLIENTAUTH'})
-
-    m1.stop()
-    m2.stop()
-    m1.start()
-    m2.start()
-
-    log.info("\n######################### Configure SSL/TLS agreements Done ######################\n")
-
-
 def relocate_pem_files(topology_m2):
     log.info("######################### Relocate PEM files on master1 ######################")
     mycacert = 'MyCA'
@@ -364,9 +99,10 @@ def relocate_pem_files(topology_m2):
                                               (ldap.MOD_REPLACE, 'ServerKeyExtractFile', myserverkey)])
     log.info("##### restart master1")
     topology_m2.ms["master1"].restart()
+    m1confdir = topology_m2.ms["master1"].confdir
     check_pems(m1confdir, mycacert, myservercert, myserverkey, "")
 
-
+@pytest.mark.ds47536
 def test_openldap_no_nss_crypto(topology_m2):
     """Check that we allow usage of OpenLDAP libraries
     that don't use NSS for crypto
@@ -397,39 +133,43 @@ def test_openldap_no_nss_crypto(topology_m2):
 
     log.info("Ticket 47536 - Allow usage of OpenLDAP libraries that don't use NSS for crypto")
 
-    create_keys_certs(topology_m2)
-    config_tls_agreements(topology_m2)
-
-    add_entry(topology_m2.ms["master1"], 'master1', 'uid=m1user', 0, 5)
-    add_entry(topology_m2.ms["master2"], 'master2', 'uid=m2user', 0, 5)
+    m1 = topology_m2.ms["master1"]
+    m2 = topology_m2.ms["master2"]
+    [i.enable_tls() for i in topology_m2]
+    repl = ReplicationManager(DEFAULT_SUFFIX)
+    repl.test_replication(m1, m2)
 
-    time.sleep(5)
+    add_entry(m1, 'master1', 'uid=m1user', 0, 5)
+    add_entry(m2, 'master2', 'uid=m2user', 0, 5)
+    repl.wait_for_replication(m1, m2)
+    repl.wait_for_replication(m2, m1)
 
     log.info('##### Searching for entries on master1...')
-    entries = topology_m2.ms["master1"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
+    entries = m1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
     assert 10 == len(entries)
 
     log.info('##### Searching for entries on master2...')
-    entries = topology_m2.ms["master2"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
+    entries = m2.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
     assert 10 == len(entries)
 
     relocate_pem_files(topology_m2)
 
-    add_entry(topology_m2.ms["master1"], 'master1', 'uid=m1user', 10, 5)
-    add_entry(topology_m2.ms["master2"], 'master2', 'uid=m2user', 10, 5)
+    add_entry(m1, 'master1', 'uid=m1user', 10, 5)
+    add_entry(m2, 'master2', 'uid=m2user', 10, 5)
 
-    time.sleep(10)
+    repl.wait_for_replication(m1, m2)
+    repl.wait_for_replication(m2, m1)
 
     log.info('##### Searching for entries on master1...')
-    entries = topology_m2.ms["master1"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
+    entries = m1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
     assert 20 == len(entries)
 
     log.info('##### Searching for entries on master2...')
-    entries = topology_m2.ms["master2"].search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
+    entries = m2.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
     assert 20 == len(entries)
 
-    output_file = os.path.join(topology_m2.ms["master1"].get_ldif_dir(), "master1.ldif")
-    topology_m2.ms["master1"].tasks.exportLDIF(benamebase='userRoot', output_file=output_file, args={'wait': True})
+    output_file = os.path.join(m1.get_ldif_dir(), "master1.ldif")
+    m1.tasks.exportLDIF(benamebase='userRoot', output_file=output_file, args={'wait': True})
 
     log.info("Ticket 47536 - PASSED")