0001-Issue-4747-Remove-unstable-unstatus-tests-from-PRCI-.patch 54.6 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
From 5d730f7e9f1e857bc886556db0229607b8d536d2 Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Thu, 6 May 2021 18:54:20 +0200
Subject: [PATCH 01/12] Issue 4747 - Remove unstable/unstatus tests from PRCI
 (#4748)

Bug description:
	Some tests (17) in the tests suite (dirsrvtest/tests/suites)
	are failing although there is no regression.
	It needs (long) investigations to status if failures
	are due to a bug in the tests or in DS core.
	Until those investigations are completes, test suites
	loose a large part of its value to detect regression.
	Indeed those failing tests may hide a real regression.

Fix description:
	Flag failing tests with pytest.mark.flaky(max_runs=2, min_passes=1)
	Additional action will be to create upstream 17 ticket to
	status on each failing tests

relates: https://github.com/389ds/389-ds-base/issues/4747

Reviewed by: Simon Pichugin, Viktor Ashirov (many thanks for your
reviews and help)

Platforms tested: F33
---
 .github/workflows/pytest.yml                  |  84 +++++
 dirsrvtests/tests/suites/acl/keywords_test.py |  16 +-
 .../tests/suites/clu/dsctl_acceptance_test.py |  56 ---
 .../tests/suites/clu/repl_monitor_test.py     |   2 +
 .../dynamic_plugins/dynamic_plugins_test.py   |   8 +-
 .../suites/fourwaymmr/fourwaymmr_test.py      |   3 +-
 .../suites/healthcheck/health_config_test.py  |   1 +
 .../suites/healthcheck/health_sync_test.py    |   2 +
 .../tests/suites/import/import_test.py        |  23 +-
 .../tests/suites/indexes/regression_test.py   |  63 ++++
 .../paged_results/paged_results_test.py       |   3 +-
 .../tests/suites/password/regression_test.py  |   2 +
 .../tests/suites/plugins/accpol_test.py       |  20 +-
 .../suites/plugins/managed_entry_test.py      | 351 ++++++++++++++++++
 .../tests/suites/plugins/memberof_test.py     |   3 +-
 .../suites/replication/cleanallruv_test.py    |   8 +-
 .../suites/replication/encryption_cl5_test.py |   8 +-
 .../tests/suites/retrocl/basic_test.py        | 292 ---------------
 18 files changed, 576 insertions(+), 369 deletions(-)
 create mode 100644 .github/workflows/pytest.yml
 delete mode 100644 dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py
 create mode 100644 dirsrvtests/tests/suites/plugins/managed_entry_test.py
 delete mode 100644 dirsrvtests/tests/suites/retrocl/basic_test.py

diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml
new file mode 100644
index 000000000..015794d96
--- /dev/null
+++ b/.github/workflows/pytest.yml
@@ -0,0 +1,84 @@
+name: Test
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    container:
+      image: quay.io/389ds/ci-images:test
+    outputs:
+        matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Get a list of all test suites
+        id: set-matrix
+        run: echo "::set-output name=matrix::$(python3 .github/scripts/generate_matrix.py)"
+
+      - name: Build RPMs
+        run: cd $GITHUB_WORKSPACE && SKIP_AUDIT_CI=1 make -f rpm.mk dist-bz2 rpms
+
+      - name: Tar build artifacts
+        run: tar -cvf dist.tar dist/
+
+      - name: Upload RPMs
+        uses: actions/upload-artifact@v2
+        with:
+          name: rpms
+          path: dist.tar
+
+  test:
+    name: Test
+    runs-on: ubuntu-20.04
+    needs: build
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.build.outputs.matrix) }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Install dependencies
+      run: |
+        sudo apt update -y
+        sudo apt install -y docker.io containerd runc
+
+        sudo cp .github/daemon.json /etc/docker/daemon.json
+
+        sudo systemctl unmask docker
+        sudo systemctl start docker
+
+    - name: Download RPMs
+      uses: actions/download-artifact@master
+      with:
+        name: rpms
+    
+    - name: Extract RPMs
+      run: tar xvf dist.tar
+
+    - name: Run pytest in a container
+      run: |
+        set -x
+        CID=$(sudo docker run -d -h server.example.com --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/workspace quay.io/389ds/ci-images:test)
+        sudo docker exec $CID sh -c "dnf install -y -v dist/rpms/*rpm"
+        sudo docker exec $CID py.test  --suppress-no-test-exit-code  -m "not flaky" --junit-xml=pytest.xml -v dirsrvtests/tests/suites/${{ matrix.suite }}
+
+    - name: Make the results file readable by all
+      if: always()
+      run:
+        sudo chmod -f a+r pytest.xml
+
+    - name: Sanitize filename
+      run: echo "PYTEST_SUITE=$(echo ${{ matrix.suite }} | sed -e 's#\/#-#g')" >> $GITHUB_ENV
+      
+    - name: Upload pytest test results
+      if: always()
+      uses: actions/upload-artifact@v2
+      with:
+        name: pytest-${{ env.PYTEST_SUITE }}
+        path: pytest.xml
+ 
diff --git a/dirsrvtests/tests/suites/acl/keywords_test.py b/dirsrvtests/tests/suites/acl/keywords_test.py
index 0174152e3..c5e989f3b 100644
--- a/dirsrvtests/tests/suites/acl/keywords_test.py
+++ b/dirsrvtests/tests/suites/acl/keywords_test.py
@@ -216,7 +216,8 @@ def test_user_binds_without_any_password_and_cannot_access_the_data(topo, add_us
     with pytest.raises(ldap.INSUFFICIENT_ACCESS):
         org.replace("seeAlso", "cn=1")
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_user_can_access_the_data_when_connecting_from_any_machine(
         topo, add_user, aci_of_user
 ):
@@ -245,6 +246,8 @@ def test_user_can_access_the_data_when_connecting_from_any_machine(
     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_user_can_access_the_data_when_connecting_from_internal_ds_network_only(
         topo, add_user, aci_of_user
 ):
@@ -276,7 +279,8 @@ def test_user_can_access_the_data_when_connecting_from_internal_ds_network_only(
     # Perform Operation
     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_user_can_access_the_data_when_connecting_from_some_network_only(
         topo, add_user, aci_of_user
 ):
@@ -306,7 +310,8 @@ def test_user_can_access_the_data_when_connecting_from_some_network_only(
     # Perform Operation
     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_from_an_unauthorized_network(topo, add_user, aci_of_user):
     """User cannot access the data when connecting from an unauthorized network as per the ACI.
 
@@ -332,7 +337,8 @@ def test_from_an_unauthorized_network(topo, add_user, aci_of_user):
     # Perform Operation
     OrganizationalUnit(conn, DNS_OU_KEY).replace("seeAlso", "cn=1")
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_user_cannot_access_the_data_when_connecting_from_an_unauthorized_network_2(
         topo, add_user, aci_of_user):
     """User cannot access the data when connecting from an unauthorized network as per the ACI.
@@ -418,6 +424,8 @@ def test_dnsalias_keyword_test_nodns_cannot(topo, add_user, aci_of_user):
     with pytest.raises(ldap.INSUFFICIENT_ACCESS):
         org.replace("seeAlso", "cn=1")
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 @pytest.mark.ds50378
 @pytest.mark.bz1710848
 @pytest.mark.parametrize("ip_addr", ['127.0.0.1', "[::1]"])
diff --git a/dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py b/dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py
deleted file mode 100644
index a0f89defd..000000000
--- a/dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py
+++ /dev/null
@@ -1,56 +0,0 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2021 Red Hat, Inc.
-# All rights reserved.
-#
-# License: GPL (version 3 or any later version).
-# See LICENSE for details.
-# --- END COPYRIGHT BLOCK ---
-
-import logging
-import pytest
-import os
-from lib389._constants import *
-from lib389.topologies import topology_st as topo
-
-log = logging.getLogger(__name__)
-
-
-def test_custom_path(topo):
-    """Test that a custom path, backup directory, is correctly used by lib389
-    when the server is stopped.
-
-    :id: 8659e209-ee83-477e-8183-1d2f555669ea
-    :setup: Standalone Instance
-    :steps:
-        1. Get the LDIF directory
-        2. Change the server's backup directory to the LDIF directory
-        3. Stop the server, and perform a backup
-        4. Backup was written to LDIF directory
-    :expectedresults:
-        1. Success
-        2. Success
-        3. Success
-        4. Success
-    """
-
-    # Get LDIF dir
-    ldif_dir = topo.standalone.get_ldif_dir()
-
-    # Set backup directory to LDIF directory
-    topo.standalone.config.replace('nsslapd-bakdir', ldif_dir)
-
-    # Stop the server and take a backup
-    topo.standalone.stop()
-    topo.standalone.db2bak(None)
-
-    # Verify backup was written to LDIF directory
-    backups = os.listdir(ldif_dir)
-    assert len(backups)
-
-
-if __name__ == '__main__':
-    # Run isolated
-    # -s for DEBUG mode
-    CURRENT_FILE = os.path.realpath(__file__)
-    pytest.main(["-s", CURRENT_FILE])
-
diff --git a/dirsrvtests/tests/suites/clu/repl_monitor_test.py b/dirsrvtests/tests/suites/clu/repl_monitor_test.py
index 9428edb26..3cf6343c8 100644
--- a/dirsrvtests/tests/suites/clu/repl_monitor_test.py
+++ b/dirsrvtests/tests/suites/clu/repl_monitor_test.py
@@ -90,6 +90,8 @@ def get_hostnames_from_log(port1, port2):
         host_m2 = match.group(2)
     return (host_m1, host_m2)
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 @pytest.mark.ds50545
 @pytest.mark.bz1739718
 @pytest.mark.skipif(ds_is_older("1.4.0"), reason="Not implemented")
diff --git a/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py b/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py
index b61daed74..7558cc03d 100644
--- a/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py
+++ b/dirsrvtests/tests/suites/dynamic_plugins/dynamic_plugins_test.py
@@ -68,7 +68,8 @@ def check_replicas(topology_m2):
 
     log.info('Data is consistent across the replicas.\n')
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_acceptance(topology_m2):
     """Exercise each plugin and its main features, while
     changing the configuration without restarting the server.
@@ -140,7 +141,8 @@ def test_acceptance(topology_m2):
     ############################################################################
     check_replicas(topology_m2)
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_memory_corruption(topology_m2):
     """Check the plugins for memory corruption issues while
     dynamic plugins option is enabled
@@ -242,6 +244,8 @@ def test_memory_corruption(topology_m2):
     ############################################################################
     check_replicas(topology_m2)
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 @pytest.mark.tier2
 def test_stress(topology_m2):
     """Test plugins while under a big load. Perform the test 5 times
diff --git a/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py b/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py
index 5b0754a2e..c5a746ebb 100644
--- a/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py
+++ b/dirsrvtests/tests/suites/fourwaymmr/fourwaymmr_test.py
@@ -144,7 +144,8 @@ def test_delete_a_few_entries_in_m4(topo_m4, _cleanupentris):
         topo_m4.ms["supplier4"], topo_m4.ms["supplier3"], 30
     )
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_replicated_multivalued_entries(topo_m4):
     """
     Replicated multivalued entries are ordered the same way on all consumers
diff --git a/dirsrvtests/tests/suites/healthcheck/health_config_test.py b/dirsrvtests/tests/suites/healthcheck/health_config_test.py
index 3d102e859..f470c05c6 100644
--- a/dirsrvtests/tests/suites/healthcheck/health_config_test.py
+++ b/dirsrvtests/tests/suites/healthcheck/health_config_test.py
@@ -337,6 +337,7 @@ def test_healthcheck_low_disk_space(topology_st):
     os.remove(file)
 
 
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 @pytest.mark.ds50791
 @pytest.mark.bz1843567
 @pytest.mark.xfail(ds_is_older("1.4.3.8"), reason="Not implemented")
diff --git a/dirsrvtests/tests/suites/healthcheck/health_sync_test.py b/dirsrvtests/tests/suites/healthcheck/health_sync_test.py
index 75bbfd35c..74df1b322 100644
--- a/dirsrvtests/tests/suites/healthcheck/health_sync_test.py
+++ b/dirsrvtests/tests/suites/healthcheck/health_sync_test.py
@@ -70,6 +70,8 @@ def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searc
 @pytest.mark.ds50873
 @pytest.mark.bz1685160
 @pytest.mark.xfail(ds_is_older("1.4.1"), reason="Not implemented")
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_healthcheck_replication_out_of_sync_not_broken(topology_m3):
     """Check if HealthCheck returns DSREPLLE0003 code
 
diff --git a/dirsrvtests/tests/suites/import/import_test.py b/dirsrvtests/tests/suites/import/import_test.py
index defe447d5..119b097f1 100644
--- a/dirsrvtests/tests/suites/import/import_test.py
+++ b/dirsrvtests/tests/suites/import/import_test.py
@@ -14,6 +14,7 @@ import os
 import pytest
 import time
 import glob
+import logging
 from lib389.topologies import topology_st as topo
 from lib389._constants import DEFAULT_SUFFIX, TaskWarning
 from lib389.dbgen import dbgen_users
@@ -28,6 +29,12 @@ from lib389.idm.account import Accounts
 
 pytestmark = pytest.mark.tier1
 
+DEBUGGING = os.getenv("DEBUGGING", default=False)
+if DEBUGGING:
+    logging.getLogger(__name__).setLevel(logging.DEBUG)
+else:
+    logging.getLogger(__name__).setLevel(logging.INFO)
+log = logging.getLogger(__name__)
 
 def _generate_ldif(topo, no_no):
     """
@@ -349,7 +356,8 @@ def _toggle_private_import_mem(request, topo):
             ('nsslapd-db-private-import-mem', 'off'))
     request.addfinalizer(finofaci)
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):
     """With nsslapd-db-private-import-mem: on is faster import.
 
@@ -381,16 +389,19 @@ def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):
     # Let's set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: 0
     config = LDBMConfig(topo.standalone)
     # Measure offline import time duration total_time1
-    total_time1 = _import_offline(topo, 20)
+    total_time1 = _import_offline(topo, 1000)
     # Now nsslapd-db-private-import-mem:off
     config.replace('nsslapd-db-private-import-mem', 'off')
     accounts = Accounts(topo.standalone, DEFAULT_SUFFIX)
     for i in accounts.filter('(uid=*)'):
         UserAccount(topo.standalone, i.dn).delete()
     # Measure offline import time duration total_time2
-    total_time2 = _import_offline(topo, 20)
+    total_time2 = _import_offline(topo, 1000)
     # total_time1 < total_time2
+    log.info("total_time1 = %f" % total_time1)
+    log.info("total_time2 = %f" % total_time2)
     assert total_time1 < total_time2
+
     # Set nsslapd-db-private-import-mem:on, nsslapd-import-cache-autosize: -1
     config.replace_many(
         ('nsslapd-db-private-import-mem', 'on'),
@@ -398,14 +409,16 @@ def test_fast_slow_import(topo, _toggle_private_import_mem, _import_clean):
     for i in accounts.filter('(uid=*)'):
         UserAccount(topo.standalone, i.dn).delete()
     # Measure offline import time duration total_time1
-    total_time1 = _import_offline(topo, 20)
+    total_time1 = _import_offline(topo, 1000)
     # Now nsslapd-db-private-import-mem:off
     config.replace('nsslapd-db-private-import-mem', 'off')
     for i in accounts.filter('(uid=*)'):
         UserAccount(topo.standalone, i.dn).delete()
     # Measure offline import time duration total_time2
-    total_time2 = _import_offline(topo, 20)
+    total_time2 = _import_offline(topo, 1000)
     # total_time1 < total_time2
+    log.info("toral_time1 = %f" % total_time1)
+    log.info("total_time2 = %f" % total_time2)
     assert total_time1 < total_time2
 
 
diff --git a/dirsrvtests/tests/suites/indexes/regression_test.py b/dirsrvtests/tests/suites/indexes/regression_test.py
index 1a71f16e9..ed0c8885f 100644
--- a/dirsrvtests/tests/suites/indexes/regression_test.py
+++ b/dirsrvtests/tests/suites/indexes/regression_test.py
@@ -19,6 +19,68 @@ from lib389.topologies import topology_st as topo
 pytestmark = pytest.mark.tier1
 
 
+@pytest.fixture(scope="function")
+def add_a_group_with_users(request, topo):
+    """
+    Add a group and users, which are members of this group.
+    """
+    groups = Groups(topo.standalone, DEFAULT_SUFFIX, rdn=None)
+    group = groups.create(properties={'cn': 'test_group'})
+    users_list = []
+    users_num = 100
+    users = UserAccounts(topo.standalone, DEFAULT_SUFFIX, rdn=None)
+    for num in range(users_num):
+        USER_NAME = f'test_{num}'
+        user = users.create(properties={
+            'uid': USER_NAME,
+            'sn': USER_NAME,
+            'cn': USER_NAME,
+            'uidNumber': f'{num}',
+            'gidNumber': f'{num}',
+            'homeDirectory': f'/home/{USER_NAME}'
+        })
+        users_list.append(user)
+        group.add_member(user.dn)
+
+    def fin():
+        """
+        Removes group and users.
+        """
+        # If the server crashed, start it again to do the cleanup
+        if not topo.standalone.status():
+            topo.standalone.start()
+        for user in users_list:
+            user.delete()
+        group.delete()
+
+    request.addfinalizer(fin)
+
+
+@pytest.fixture(scope="function")
+def set_small_idlistscanlimit(request, topo):
+    """
+    Set nsslapd-idlistscanlimit to a smaller value to accelerate the reproducer
+    """
+    db_cfg = DatabaseConfig(topo.standalone)
+    old_idlistscanlimit = db_cfg.get_attr_vals_utf8('nsslapd-idlistscanlimit')
+    db_cfg.set([('nsslapd-idlistscanlimit', '100')])
+    topo.standalone.restart()
+
+    def fin():
+        """
+        Set nsslapd-idlistscanlimit back to the default value
+        """
+        # If the server crashed, start it again to do the cleanup
+        if not topo.standalone.status():
+            topo.standalone.start()
+        db_cfg.set([('nsslapd-idlistscanlimit', old_idlistscanlimit)])
+        topo.standalone.restart()
+
+    request.addfinalizer(fin)
+
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
+@pytest.mark.skipif(ds_is_older("1.4.4.4"), reason="Not implemented")
 def test_reindex_task_creates_abandoned_index_file(topo):
     """
     Recreating an index for the same attribute but changing
@@ -123,3 +185,4 @@ if __name__ == "__main__":
     # -s for DEBUG mode
     CURRENT_FILE = os.path.realpath(__file__)
     pytest.main("-s %s" % CURRENT_FILE)
+
diff --git a/dirsrvtests/tests/suites/paged_results/paged_results_test.py b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
index 9fdceb165..0b45b7d96 100644
--- a/dirsrvtests/tests/suites/paged_results/paged_results_test.py
+++ b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
@@ -506,7 +506,8 @@ def test_search_with_timelimit(topology_st, create_user):
     finally:
         del_users(users_list)
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 @pytest.mark.parametrize('aci_subject',
                          ('dns = "{}"'.format(HOSTNAME),
                           'ip = "{}"'.format(IP_ADDRESS)))
diff --git a/dirsrvtests/tests/suites/password/regression_test.py b/dirsrvtests/tests/suites/password/regression_test.py
index 251834421..8f1facb6d 100644
--- a/dirsrvtests/tests/suites/password/regression_test.py
+++ b/dirsrvtests/tests/suites/password/regression_test.py
@@ -215,6 +215,8 @@ def test_global_vs_local(topo, passw_policy, create_user, user_pasw):
     # reset password
     create_user.set('userPassword', PASSWORD)
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 @pytest.mark.ds49789
 def test_unhashed_pw_switch(topo_supplier):
     """Check that nsslapd-unhashed-pw-switch works corrently
diff --git a/dirsrvtests/tests/suites/plugins/accpol_test.py b/dirsrvtests/tests/suites/plugins/accpol_test.py
index 73e2e54d1..77975c747 100644
--- a/dirsrvtests/tests/suites/plugins/accpol_test.py
+++ b/dirsrvtests/tests/suites/plugins/accpol_test.py
@@ -520,7 +520,8 @@ def test_glinact_limit(topology_st, accpol_global):
     modify_attr(topology_st, ACCP_CONF, 'accountInactivityLimit', '12')
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_glnologin_attr(topology_st, accpol_global):
     """Verify if user account is inactivated based on createTimeStamp attribute, no lastLoginTime attribute present
 
@@ -610,7 +611,8 @@ def test_glnologin_attr(topology_st, accpol_global):
     account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled")
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_glnoalt_stattr(topology_st, accpol_global):
     """Verify if user account can be inactivated based on lastLoginTime attribute, altstateattrname set to 1.1
 
@@ -656,6 +658,8 @@ def test_glnoalt_stattr(topology_st, accpol_global):
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_glattr_modtime(topology_st, accpol_global):
     """Verify if user account can be inactivated based on modifyTimeStamp attribute
 
@@ -705,6 +709,8 @@ def test_glattr_modtime(topology_st, accpol_global):
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_glnoalt_nologin(topology_st, accpol_global):
     """Verify if account policy plugin works if we set altstateattrname set to 1.1 and alwaysrecordlogin to NO
 
@@ -763,6 +769,8 @@ def test_glnoalt_nologin(topology_st, accpol_global):
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_glinact_nsact(topology_st, accpol_global):
     """Verify if user account can be activated using ns-activate.pl script.
 
@@ -812,6 +820,8 @@ def test_glinact_nsact(topology_st, accpol_global):
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_glinact_acclock(topology_st, accpol_global):
     """Verify if user account is activated when account is unlocked by passwordlockoutduration.
 
@@ -868,6 +878,8 @@ def test_glinact_acclock(topology_st, accpol_global):
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_glnact_pwexp(topology_st, accpol_global):
     """Verify if user account is activated when password is reset after password is expired
 
@@ -951,6 +963,8 @@ def test_glnact_pwexp(topology_st, accpol_global):
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_locact_inact(topology_st, accpol_local):
     """Verify if user account is inactivated when accountInactivityLimit is exceeded.
 
@@ -995,6 +1009,8 @@ def test_locact_inact(topology_st, accpol_local):
     del_users(topology_st, suffix, subtree, userid, nousrs)
 
 
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_locinact_modrdn(topology_st, accpol_local):
     """Verify if user account is inactivated when moved from ou=groups to ou=people subtree.
 
diff --git a/dirsrvtests/tests/suites/plugins/managed_entry_test.py b/dirsrvtests/tests/suites/plugins/managed_entry_test.py
new file mode 100644
index 000000000..662044ccd
--- /dev/null
+++ b/dirsrvtests/tests/suites/plugins/managed_entry_test.py
@@ -0,0 +1,351 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2020 Red Hat, Inc.
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+#
+import pytest
+import time
+from lib389.topologies import topology_st as topo
+from lib389.idm.user import UserAccount, UserAccounts
+from lib389.idm.account import Account, Accounts
+from lib389._constants import DEFAULT_SUFFIX
+from lib389.idm.group import Groups
+from lib389.config import Config
+from lib389.idm.organizationalunit import OrganizationalUnits, OrganizationalUnit
+from lib389.plugins import MEPTemplates, MEPConfigs, ManagedEntriesPlugin, MEPTemplate
+from lib389.idm.nscontainer import nsContainers
+from lib389.idm.domain import Domain
+from lib389.tasks import Entry
+import ldap
+
+pytestmark = pytest.mark.tier1
+USER_PASSWORD = 'password'
+
+
+@pytest.fixture(scope="module")
+def _create_inital(topo):
+    """
+    Will create entries for this module
+    """
+    meps = MEPTemplates(topo.standalone, DEFAULT_SUFFIX)
+    mep_template1 = meps.create(
+        properties={'cn': 'UPG Template', 'mepRDNAttr': 'cn', 'mepStaticAttr': 'objectclass: posixGroup',
+                    'mepMappedAttr': 'cn: $uid|gidNumber: $gidNumber|description: User private group for $uid'.split(
+                        '|')})
+    conf_mep = MEPConfigs(topo.standalone)
+    conf_mep.create(properties={'cn': 'UPG Definition1', 'originScope': f'cn=Users,{DEFAULT_SUFFIX}',
+                                             'originFilter': 'objectclass=posixaccount',
+                                             'managedBase': f'cn=Groups,{DEFAULT_SUFFIX}',
+                                             'managedTemplate': mep_template1.dn})
+    container = nsContainers(topo.standalone, DEFAULT_SUFFIX)
+    for cn in ['Users', 'Groups']:
+        container.create(properties={'cn': cn})
+
+
+def test_binddn_tracking(topo, _create_inital):
+    """Test Managed Entries basic functionality
+
+    :id: ea2ddfd4-aaec-11ea-8416-8c16451d917b
+    :setup: Standalone Instance
+    :steps:
+        1. Set nsslapd-plugin-binddn-tracking attribute under cn=config
+        2. Add user
+        3. Managed Entry Plugin runs against managed entries upon any update without validating
+        4. verify creation of User Private Group with its time stamp value
+        5. Modify the SN attribute which is not mapped with managed entry
+        6. run ModRDN operation and check the User Private group
+        7. Check the time stamp of UPG should be changed now
+        8. Check the creatorsname should be user dn and internalCreatorsname should be plugin name
+        9. Check if a managed group entry was created
+    :expected results:
+        1. Success
+        2. Success
+        3. Success
+        4. Success
+        5. Success
+        6. Success
+        7. Success
+        8. Success
+        9. Success
+    """
+    config = Config(topo.standalone)
+    # set nsslapd-plugin-binddn-tracking attribute under cn=config
+    config.replace('nsslapd-plugin-binddn-tracking', 'on')
+    # Add user
+    user = UserAccounts(topo.standalone, f'cn=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}'
+    entry = Account(topo.standalone, f'cn=test_user_1000,cn=Groups,{DEFAULT_SUFFIX}')
+    # Managed Entry Plugin runs against managed entries upon any update without validating
+    # verify creation of User Private Group with its time stamp value
+    stamp1 = entry.get_attr_val_utf8('modifyTimestamp')
+    user.replace('sn', 'NewSN_modified')
+    stamp2 = entry.get_attr_val_utf8('modifyTimestamp')
+    # Modify the SN attribute which is not mapped with managed entry
+    # Check the time stamp of UPG should not be changed
+    assert stamp1 == stamp2
+    time.sleep(1)
+    # run ModRDN operation and check the User Private group
+    user.rename(new_rdn='uid=UserNewRDN', newsuperior='cn=Users,dc=example,dc=com')
+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}'
+    entry = Account(topo.standalone, f'cn=UserNewRDN,cn=Groups,{DEFAULT_SUFFIX}')
+    stamp3 = entry.get_attr_val_utf8('modifyTimestamp')
+    # Check the time stamp of UPG should be changed now
+    assert stamp2 != stamp3
+    time.sleep(1)
+    user.replace('gidNumber', '1')
+    stamp4 = entry.get_attr_val_utf8('modifyTimestamp')
+    assert stamp4 != stamp3
+    # Check the creatorsname should be user dn and internalCreatorsname should be plugin name
+    assert entry.get_attr_val_utf8('creatorsname') == 'cn=directory manager'
+    assert entry.get_attr_val_utf8('internalCreatorsname') == 'cn=Managed Entries,cn=plugins,cn=config'
+    assert entry.get_attr_val_utf8('modifiersname') == 'cn=directory manager'
+    user.delete()
+    config.replace('nsslapd-plugin-binddn-tracking', 'off')
+
+
+class WithObjectClass(Account):
+    def __init__(self, instance, dn=None):
+        super(WithObjectClass, self).__init__(instance, dn)
+        self._rdn_attribute = 'uid'
+        self._create_objectclasses = ['top', 'person', 'inetorgperson']
+
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
+def test_mentry01(topo, _create_inital):
+    """Test Managed Entries basic functionality
+
+    :id: 9b87493b-0493-46f9-8364-6099d0e5d806
+    :setup: Standalone Instance
+    :steps:
+        1. Check the plug-in status
+        2. Add Template and definition entry
+        3. Add our org units
+        4. Add users with PosixAccount ObjectClass and verify creation of User Private Group
+        5. Disable the plug-in and check the status
+        6. Enable the plug-in and check the status the plug-in is disabled and creation of UPG should fail
+        7. Add users with PosixAccount ObjectClass and verify creation of User Private Group
+        8. Add users, run ModRDN operation and check the User Private group
+        9. Add users, run LDAPMODIFY to change the gidNumber and check the User Private group
+        10. Checking whether creation of User Private group fails for existing group entry
+        11. Checking whether adding of posixAccount objectClass to existing user creates UPG
+        12. Running ModRDN operation and checking the user private groups mepManagedBy attribute
+        13. Deleting mepManagedBy attribute and running ModRDN operation to check if it creates a new UPG
+        14. Change the RDN of template entry, DSA Unwilling to perform error expected
+        15. Change the RDN of cn=Users to cn=TestUsers and check UPG are deleted
+    :expected results:
+        1. Success
+        2. Success
+        3. Success
+        4. Success
+        5. Success
+        6. Success
+        7. Success
+        8. Success
+        9. Success
+        10. Success
+        11. Success
+        12. Success
+        13. Success
+        14. Fail(Unwilling to perform )
+        15. Success
+    """
+    # Check the plug-in status
+    mana = ManagedEntriesPlugin(topo.standalone)
+    assert mana.status()
+    # Add Template and definition entry
+    org1 = OrganizationalUnits(topo.standalone, DEFAULT_SUFFIX).create(properties={'ou': 'Users'})
+    org2 = OrganizationalUnit(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}')
+    meps = MEPTemplates(topo.standalone, DEFAULT_SUFFIX)
+    mep_template1 = meps.create(properties={
+        'cn': 'UPG Template1',
+        'mepRDNAttr': 'cn',
+        'mepStaticAttr': 'objectclass: posixGroup',
+        'mepMappedAttr': 'cn: $uid|gidNumber: $gidNumber|description: User private group for $uid'.split('|')})
+    conf_mep = MEPConfigs(topo.standalone)
+    mep_config = conf_mep.create(properties={
+        'cn': 'UPG Definition2',
+        'originScope': org1.dn,
+        'originFilter': 'objectclass=posixaccount',
+        'managedBase': org2.dn,
+        'managedTemplate': mep_template1.dn})
+    # Add users with PosixAccount ObjectClass and verify creation of User Private Group
+    user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}'
+    # Disable the plug-in and check the status
+    mana.disable()
+    user.delete()
+    topo.standalone.restart()
+    # Add users with PosixAccount ObjectClass when the plug-in is disabled and creation of UPG should fail
+    user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
+    assert not user.get_attr_val_utf8('mepManagedEntry')
+    # Enable the plug-in and check the status
+    mana.enable()
+    user.delete()
+    topo.standalone.restart()
+    # Add users with PosixAccount ObjectClass and verify creation of User Private Group
+    user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=test_user_1000,ou=Groups,{DEFAULT_SUFFIX}'
+    # Add users, run ModRDN operation and check the User Private group
+    # Add users, run LDAPMODIFY to change the gidNumber and check the User Private group
+    user.rename(new_rdn='uid=UserNewRDN', newsuperior='ou=Users,dc=example,dc=com')
+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}'
+    user.replace('gidNumber', '20209')
+    entry = Account(topo.standalone, f'cn=UserNewRDN,ou=Groups,{DEFAULT_SUFFIX}')
+    assert entry.get_attr_val_utf8('gidNumber') == '20209'
+    user.replace_many(('sn', 'new_modified_sn'), ('gidNumber', '31309'))
+    assert entry.get_attr_val_utf8('gidNumber') == '31309'
+    user.delete()
+    # Checking whether creation of User Private group fails for existing group entry
+    grp = Groups(topo.standalone, f'ou=Groups,{DEFAULT_SUFFIX}', rdn=None).create(properties={'cn': 'MENTRY_14'})
+    user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
+    with pytest.raises(ldap.NO_SUCH_OBJECT):
+        entry.status()
+    user.delete()
+    # Checking whether adding of posixAccount objectClass to existing user creates UPG
+    # Add Users without posixAccount objectClass
+    users = WithObjectClass(topo.standalone, f'uid=test_test, ou=Users,{DEFAULT_SUFFIX}')
+    user_properties1 = {'uid': 'test_test', 'cn': 'test', 'sn': 'test', 'mail': 'sasa@sasa.com', 'telephoneNumber': '123'}
+    user = users.create(properties=user_properties1)
+    assert not user.get_attr_val_utf8('mepManagedEntry')
+    # Add posixAccount objectClass
+    user.replace_many(('objectclass', ['top', 'person', 'inetorgperson', 'posixAccount']),
+                      ('homeDirectory', '/home/ok'),
+                      ('uidNumber', '61603'), ('gidNumber', '61603'))
+    assert not user.get_attr_val_utf8('mepManagedEntry')
+    user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
+    entry = Account(topo.standalone, 'cn=test_user_1000,ou=Groups,dc=example,dc=com')
+    # Add inetuser objectClass
+    user.replace_many(
+        ('objectclass', ['top', 'account', 'posixaccount', 'inetOrgPerson',
+                         'organizationalPerson', 'nsMemberOf', 'nsAccount',
+                         'person', 'mepOriginEntry', 'inetuser']),
+        ('memberOf', entry.dn))
+    assert entry.status()
+    user.delete()
+    user = UserAccounts(topo.standalone, f'ou=Users,{DEFAULT_SUFFIX}', rdn=None).create_test_user()
+    entry = Account(topo.standalone, 'cn=test_user_1000,ou=Groups,dc=example,dc=com')
+    # Add groupofNames objectClass
+    user.replace_many(
+        ('objectclass', ['top', 'account', 'posixaccount', 'inetOrgPerson',
+                         'organizationalPerson', 'nsMemberOf', 'nsAccount',
+                         'person', 'mepOriginEntry', 'groupofNames']),
+        ('memberOf', user.dn))
+    assert entry.status()
+    # Running ModRDN operation and checking the user private groups mepManagedBy attribute
+    user.replace('mepManagedEntry', f'uid=CheckModRDN,ou=Users,{DEFAULT_SUFFIX}')
+    user.rename(new_rdn='uid=UserNewRDN', newsuperior='ou=Users,dc=example,dc=com')
+    assert user.get_attr_val_utf8('mepManagedEntry') == f'uid=CheckModRDN,ou=Users,{DEFAULT_SUFFIX}'
+    # Deleting mepManagedBy attribute and running ModRDN operation to check if it creates a new UPG
+    user.remove('mepManagedEntry', f'uid=CheckModRDN,ou=Users,{DEFAULT_SUFFIX}')
+    user.rename(new_rdn='uid=UserNewRDN1', newsuperior='ou=Users,dc=example,dc=com')
+    assert user.get_attr_val_utf8('mepManagedEntry') == f'cn=UserNewRDN1,ou=Groups,{DEFAULT_SUFFIX}'
+    # Change the RDN of template entry, DSA Unwilling to perform error expected
+    mep = MEPTemplate(topo.standalone, f'cn=UPG Template,{DEFAULT_SUFFIX}')
+    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
+        mep.rename(new_rdn='cn=UPG Template2', newsuperior='dc=example,dc=com')
+    # Change the RDN of cn=Users to cn=TestUsers and check UPG are deleted
+    before = user.get_attr_val_utf8('mepManagedEntry')
+    user.rename(new_rdn='uid=Anuj', newsuperior='ou=Users,dc=example,dc=com')
+    assert user.get_attr_val_utf8('mepManagedEntry') != before
+
+
+def test_managed_entry_removal(topo):
+    """Check that we can't remove managed entry manually
+
+    :id: cf9c5be5-97ef-46fc-b199-8346acf4c296
+    :setup: Standalone Instance
+    :steps:
+        1. Enable the plugin
+        2. Restart the instance
+        3. Add our org units
+        4. Set up config entry and template entry for the org units
+        5. Add an entry that meets the MEP scope
+        6. Check if a managed group entry was created
+        7. Try to remove the entry while bound as Admin (non-DM)
+        8. Remove the entry while bound as DM
+        9. Check that the managing entry can be deleted too
+    :expectedresults:
+        1. Success
+        2. Success
+        3. Success
+        4. Success
+        5. Success
+        6. Success
+        7. Should fail
+        8. Success
+        9. Success
+    """
+
+    inst = topo.standalone
+
+    # Add ACI so we can test that non-DM user can't delete managed entry
+    domain = Domain(inst, DEFAULT_SUFFIX)
+    ACI_TARGET = f"(target = \"ldap:///{DEFAULT_SUFFIX}\")"
+    ACI_TARGETATTR = "(targetattr = *)"
+    ACI_ALLOW = "(version 3.0; acl \"Admin Access\"; allow (all) "
+    ACI_SUBJECT = "(userdn = \"ldap:///anyone\");)"
+    ACI_BODY = ACI_TARGET + ACI_TARGETATTR + ACI_ALLOW + ACI_SUBJECT
+    domain.add('aci', ACI_BODY)
+
+    # stop the plugin, and start it
+    plugin = ManagedEntriesPlugin(inst)
+    plugin.disable()
+    plugin.enable()
+
+    # Add our org units
+    ous = OrganizationalUnits(inst, DEFAULT_SUFFIX)
+    ou_people = ous.create(properties={'ou': 'managed_people'})
+    ou_groups = ous.create(properties={'ou': 'managed_groups'})
+
+    mep_templates = MEPTemplates(inst, DEFAULT_SUFFIX)
+    mep_template1 = mep_templates.create(properties={
+        'cn': 'MEP template',
+        'mepRDNAttr': 'cn',
+        'mepStaticAttr': 'objectclass: groupOfNames|objectclass: extensibleObject'.split('|'),
+        'mepMappedAttr': 'cn: $cn|uid: $cn|gidNumber: $uidNumber'.split('|')
+    })
+    mep_configs = MEPConfigs(inst)
+    mep_configs.create(properties={'cn': 'config',
+                                   'originScope': ou_people.dn,
+                                   'originFilter': 'objectclass=posixAccount',
+                                   'managedBase': ou_groups.dn,
+                                   'managedTemplate': mep_template1.dn})
+    inst.restart()
+
+    # Add an entry that meets the MEP scope
+    test_users_m1 = UserAccounts(inst, DEFAULT_SUFFIX, rdn='ou={}'.format(ou_people.rdn))
+    managing_entry = test_users_m1.create_test_user(1001)
+    managing_entry.reset_password(USER_PASSWORD)
+    user_bound_conn = managing_entry.bind(USER_PASSWORD)
+
+    # Get the managed entry
+    managed_groups = Groups(inst, ou_groups.dn, rdn=None)
+    managed_entry = managed_groups.get(managing_entry.rdn)
+
+    # Check that the managed entry was created
+    assert managed_entry.exists()
+
+    # Try to remove the entry while bound as Admin (non-DM)
+    managed_groups_user_conn = Groups(user_bound_conn, ou_groups.dn, rdn=None)
+    managed_entry_user_conn = managed_groups_user_conn.get(managed_entry.rdn)
+    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
+        managed_entry_user_conn.delete()
+    assert managed_entry_user_conn.exists()
+
+    # Remove the entry while bound as DM
+    managed_entry.delete()
+    assert not managed_entry.exists()
+
+    # Check that the managing entry can be deleted too
+    managing_entry.delete()
+    assert not managing_entry.exists()
+
+
+if __name__ == '__main__':
+    # Run isolated
+    # -s for DEBUG mode
+    CURRENT_FILE = os.path.realpath(__file__)
+    pytest.main("-s %s" % CURRENT_FILE)
diff --git a/dirsrvtests/tests/suites/plugins/memberof_test.py b/dirsrvtests/tests/suites/plugins/memberof_test.py
index bc99eef7d..d3b32c856 100644
--- a/dirsrvtests/tests/suites/plugins/memberof_test.py
+++ b/dirsrvtests/tests/suites/plugins/memberof_test.py
@@ -2655,7 +2655,8 @@ def test_complex_group_scenario_9(topology_st):
     verify_post_025(topology_st, memofegrp020_1, memofegrp020_2, memofegrp020_3, memofegrp020_4, memofegrp020_5,
                     memofuser1, memofuser2, memofuser3, memofuser4)
 
-
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_memberof_auto_add_oc(topology_st):
     """Test the auto add objectclass (OC) feature. The plugin should add a predefined
     objectclass that will allow memberOf to be added to an entry.
diff --git a/dirsrvtests/tests/suites/replication/cleanallruv_test.py b/dirsrvtests/tests/suites/replication/cleanallruv_test.py
index 5610e3c19..f0cd99cfc 100644
--- a/dirsrvtests/tests/suites/replication/cleanallruv_test.py
+++ b/dirsrvtests/tests/suites/replication/cleanallruv_test.py
@@ -223,7 +223,7 @@ def test_clean(topology_m4, m4rid):
 
     log.info('test_clean PASSED, restoring supplier 4...')
 
-
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_clean_restart(topology_m4, m4rid):
     """Check that cleanallruv task works properly after a restart
 
@@ -295,6 +295,7 @@ def test_clean_restart(topology_m4, m4rid):
     log.info('test_clean_restart PASSED, restoring supplier 4...')
 
 
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_clean_force(topology_m4, m4rid):
     """Check that multiple tasks with a 'force' option work properly
 
@@ -353,6 +354,7 @@ def test_clean_force(topology_m4, m4rid):
     log.info('test_clean_force PASSED, restoring supplier 4...')
 
 
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_abort(topology_m4, m4rid):
     """Test the abort task basic functionality
 
@@ -408,6 +410,7 @@ def test_abort(topology_m4, m4rid):
     log.info('test_abort PASSED, restoring supplier 4...')
 
 
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_abort_restart(topology_m4, m4rid):
     """Test the abort task can handle a restart, and then resume
 
@@ -486,6 +489,7 @@ def test_abort_restart(topology_m4, m4rid):
     log.info('test_abort_restart PASSED, restoring supplier 4...')
 
 
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_abort_certify(topology_m4, m4rid):
     """Test the abort task with a replica-certify-all option
 
@@ -555,6 +559,7 @@ def test_abort_certify(topology_m4, m4rid):
     log.info('test_abort_certify PASSED, restoring supplier 4...')
 
 
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_stress_clean(topology_m4, m4rid):
     """Put each server(m1 - m4) under a stress, and perform the entire clean process
 
@@ -641,6 +646,7 @@ def test_stress_clean(topology_m4, m4rid):
     ldbm_config.set('nsslapd-readonly', 'off')
 
 
+@pytest.mark.flaky(max_runs=2, min_passes=1)
 def test_multiple_tasks_with_force(topology_m4, m4rid):
     """Check that multiple tasks with a 'force' option work properly
 
diff --git a/dirsrvtests/tests/suites/replication/encryption_cl5_test.py b/dirsrvtests/tests/suites/replication/encryption_cl5_test.py
index 7ae7e1b13..b69863f53 100644
--- a/dirsrvtests/tests/suites/replication/encryption_cl5_test.py
+++ b/dirsrvtests/tests/suites/replication/encryption_cl5_test.py
@@ -73,10 +73,10 @@ def _check_unhashed_userpw_encrypted(inst, change_type, user_dn, user_pw, is_enc
                 assert user_pw_attr in entry, 'Changelog entry does not contain clear text password'
     assert count, 'Operation type and DN of the entry not matched in changelog'
 
-
-@pytest.mark.parametrize("encryption", ["AES", "3DES"])
-def test_algorithm_unhashed(topology_with_tls, encryption):
-    """Check encryption algowithm AES and 3DES.
+#unstable or unstatus tests, skipped for now
+@pytest.mark.flaky(max_runs=2, min_passes=1)
+def test_algorithm_unhashed(topology_with_tls):
+    """Check encryption algorithm AES
     And check unhashed#user#password attribute for encryption.
 
     :id: b7a37bf8-4b2e-4dbd-9891-70117d67558c
diff --git a/dirsrvtests/tests/suites/retrocl/basic_test.py b/dirsrvtests/tests/suites/retrocl/basic_test.py
deleted file mode 100644
index 112c73cb9..000000000
--- a/dirsrvtests/tests/suites/retrocl/basic_test.py
+++ /dev/null
@@ -1,292 +0,0 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2021 Red Hat, Inc.
-# All rights reserved.
-#
-# License: GPL (version 3 or any later version).
-# See LICENSE for details.
-# --- END COPYRIGHT BLOCK ---
-
-import logging
-import ldap
-import time
-import pytest
-from lib389.topologies import topology_st
-from lib389.plugins import RetroChangelogPlugin
-from lib389._constants import *
-from lib389.utils import *
-from lib389.tasks import *
-from lib389.cli_base import FakeArgs, connect_instance, disconnect_instance
-from lib389.cli_base.dsrc import dsrc_arg_concat
-from lib389.cli_conf.plugins.retrochangelog import retrochangelog_add
-from lib389.idm.user import UserAccount, UserAccounts, nsUserAccounts
-
-pytestmark = pytest.mark.tier1
-
-USER1_DN = 'uid=user1,ou=people,'+ DEFAULT_SUFFIX
-USER2_DN = 'uid=user2,ou=people,'+ DEFAULT_SUFFIX
-USER_PW = 'password'
-ATTR_HOMEPHONE = 'homePhone'
-ATTR_CARLICENSE = 'carLicense'
-
-log = logging.getLogger(__name__)
-
-def test_retrocl_exclude_attr_add(topology_st):
-    """ Test exclude attribute feature of the retrocl plugin for add operation
-
-    :id: 3481650f-2070-45ef-9600-2500cfc51559
-
-    :setup: Standalone instance
-
-    :steps:
-        1. Enable dynamic plugins
-        2. Confige retro changelog plugin
-        3. Add an entry
-        4. Ensure entry attrs are in the changelog
-        5. Exclude an attr
-        6. Add another entry
-        7. Ensure excluded attr is not in the changelog
-
-    :expectedresults:
-        1. Success
-        2. Success
-        3. Success
-        4. Success
-        5. Success
-        6. Success
-        7. Success
-    """
-
-    st = topology_st.standalone
-
-    log.info('Enable dynamic plugins')
-    try:
-        st.config.set('nsslapd-dynamic-plugins', 'on')
-    except ldap.LDAPError as e:
-        ldap.error('Failed to enable dynamic plugins ' + e.args[0]['desc'])
-        assert False
-
-    log.info('Configure retrocl plugin')
-    rcl = RetroChangelogPlugin(st)
-    rcl.disable()
-    rcl.enable()
-    rcl.replace('nsslapd-attribute', 'nsuniqueid:targetUniqueId')
-
-    log.info('Restarting instance')
-    try:
-        st.restart()
-    except ldap.LDAPError as e:
-        ldap.error('Failed to restart instance ' + e.args[0]['desc'])
-        assert False
-
-    users = UserAccounts(st, DEFAULT_SUFFIX)
-
-    log.info('Adding user1')
-    try:
-        user1 = users.create(properties={
-            'sn': '1',
-            'cn': 'user 1',
-            'uid': 'user1',
-            'uidNumber': '11',
-            'gidNumber': '111',
-            'givenname': 'user1',
-            'homePhone': '0861234567',
-            'carLicense': '131D16674',
-            'mail': 'user1@whereever.com',
-            'homeDirectory': '/home/user1',
-            'userpassword': USER_PW})
-    except ldap.ALREADY_EXISTS:
-        pass
-    except ldap.LDAPError as e:
-        log.error("Failed to add user1")
-
-    log.info('Verify homePhone and carLicense attrs are in the changelog changestring')
-    try:
-        cllist = st.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(targetDn=%s)' % USER1_DN)
-    except ldap.LDAPError as e:
-        log.fatal("Changelog search failed, error: " +str(e))
-        assert False
-    assert len(cllist) > 0
-    if  cllist[0].hasAttr('changes'):
-        clstr = (cllist[0].getValue('changes')).decode()
-        assert ATTR_HOMEPHONE in clstr
-        assert ATTR_CARLICENSE in clstr
-
-    log.info('Excluding attribute ' + ATTR_HOMEPHONE)
-    args = FakeArgs()
-    args.connections = [st.host + ':' + str(st.port) + ':' + DN_DM + ':' + PW_DM]
-    args.instance = 'standalone1'
-    args.basedn = None
-    args.binddn = None
-    args.starttls = False
-    args.pwdfile = None
-    args.bindpw = None
-    args.prompt = False
-    args.exclude_attrs = ATTR_HOMEPHONE
-    args.func = retrochangelog_add
-    dsrc_inst = dsrc_arg_concat(args, None)
-    inst = connect_instance(dsrc_inst, False, args)
-    result = args.func(inst, None, log, args)
-    disconnect_instance(inst)
-    assert result is None
-
-    log.info("5s delay for retrocl plugin to restart")
-    time.sleep(5)
-
-    log.info('Adding user2')
-    try:
-        user2 = users.create(properties={
-            'sn': '2',
-            'cn': 'user 2',
-            'uid': 'user2',
-            'uidNumber': '22',
-            'gidNumber': '222',
-            'givenname': 'user2',
-            'homePhone': '0879088363',
-            'carLicense': '04WX11038',
-            'mail': 'user2@whereever.com',
-            'homeDirectory': '/home/user2',
-            'userpassword': USER_PW})
-    except ldap.ALREADY_EXISTS:
-        pass
-    except ldap.LDAPError as e:
-        log.error("Failed to add user2")
-
-    log.info('Verify homePhone attr is not in the changelog changestring')
-    try:
-        cllist = st.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(targetDn=%s)' % USER2_DN)
-        assert len(cllist) > 0
-        if  cllist[0].hasAttr('changes'):
-            clstr = (cllist[0].getValue('changes')).decode()
-            assert ATTR_HOMEPHONE not in clstr
-            assert ATTR_CARLICENSE in clstr
-    except ldap.LDAPError as e:
-        log.fatal("Changelog search failed, error: " +str(e))
-        assert False
-
-def test_retrocl_exclude_attr_mod(topology_st):
-    """ Test exclude attribute feature of the retrocl plugin for mod operation
-
-    :id: f6bef689-685b-4f86-a98d-f7e6b1fcada3
-
-    :setup: Standalone instance
-
-    :steps:
-        1. Enable dynamic plugins
-        2. Confige retro changelog plugin
-        3. Add user1 entry
-        4. Ensure entry attrs are in the changelog
-        5. Exclude an attr
-        6. Modify user1 entry
-        7. Ensure excluded attr is not in the changelog
-
-    :expectedresults:
-        1. Success
-        2. Success
-        3. Success
-        4. Success
-        5. Success
-        6. Success
-        7. Success
-    """
-
-    st = topology_st.standalone
-
-    log.info('Enable dynamic plugins')
-    try:
-        st.config.set('nsslapd-dynamic-plugins', 'on')
-    except ldap.LDAPError as e:
-        ldap.error('Failed to enable dynamic plugins ' + e.args[0]['desc'])
-        assert False
-
-    log.info('Configure retrocl plugin')
-    rcl = RetroChangelogPlugin(st)
-    rcl.disable()
-    rcl.enable()
-    rcl.replace('nsslapd-attribute', 'nsuniqueid:targetUniqueId')
-
-    log.info('Restarting instance')
-    try:
-        st.restart()
-    except ldap.LDAPError as e:
-        ldap.error('Failed to restart instance ' + e.args[0]['desc'])
-        assert False
-
-    users = UserAccounts(st, DEFAULT_SUFFIX)
-
-    log.info('Adding user1')
-    try:
-        user1 = users.create(properties={
-            'sn': '1',
-            'cn': 'user 1',
-            'uid': 'user1',
-            'uidNumber': '11',
-            'gidNumber': '111',
-            'givenname': 'user1',
-            'homePhone': '0861234567',
-            'carLicense': '131D16674',
-            'mail': 'user1@whereever.com',
-            'homeDirectory': '/home/user1',
-            'userpassword': USER_PW})
-    except ldap.ALREADY_EXISTS:
-        pass
-    except ldap.LDAPError as e:
-        log.error("Failed to add user1")
-
-    log.info('Verify homePhone and carLicense attrs are in the changelog changestring')
-    try:
-        cllist = st.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(targetDn=%s)' % USER1_DN)
-    except ldap.LDAPError as e:
-        log.fatal("Changelog search failed, error: " +str(e))
-        assert False
-    assert len(cllist) > 0
-    if  cllist[0].hasAttr('changes'):
-        clstr = (cllist[0].getValue('changes')).decode()
-        assert ATTR_HOMEPHONE in clstr
-        assert ATTR_CARLICENSE in clstr
-
-    log.info('Excluding attribute ' + ATTR_CARLICENSE)
-    args = FakeArgs()
-    args.connections = [st.host + ':' + str(st.port) + ':' + DN_DM + ':' + PW_DM]
-    args.instance = 'standalone1'
-    args.basedn = None
-    args.binddn = None
-    args.starttls = False
-    args.pwdfile = None
-    args.bindpw = None
-    args.prompt = False
-    args.exclude_attrs = ATTR_CARLICENSE
-    args.func = retrochangelog_add
-    dsrc_inst = dsrc_arg_concat(args, None)
-    inst = connect_instance(dsrc_inst, False, args)
-    result = args.func(inst, None, log, args)
-    disconnect_instance(inst)
-    assert result is None
-
-    log.info("5s delay for retrocl plugin to restart")
-    time.sleep(5)
-
-    log.info('Modify user1 carLicense attribute')
-    try:
-        st.modify_s(USER1_DN, [(ldap.MOD_REPLACE, ATTR_CARLICENSE, b"123WX321")])
-    except ldap.LDAPError as e:
-        log.fatal('test_retrocl_exclude_attr_mod: Failed to update user1 attribute: error ' + e.message['desc'])
-        assert False
-
-    log.info('Verify carLicense attr is not in the changelog changestring')
-    try:
-        cllist = st.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(targetDn=%s)' % USER1_DN)
-        assert len(cllist) > 0
-        # There will be 2 entries in the changelog for this user, we are only
-        #interested in the second one, the modify operation.
-        if  cllist[1].hasAttr('changes'):
-            clstr = (cllist[1].getValue('changes')).decode()
-            assert ATTR_CARLICENSE not in clstr
-    except ldap.LDAPError as e:
-        log.fatal("Changelog search failed, error: " +str(e))
-        assert False
-
-if __name__ == '__main__':
-    # Run isolated
-    # -s for DEBUG mode
-    CURRENT_FILE = os.path.realpath(__file__)
-    pytest.main("-s %s" % CURRENT_FILE)
-- 
2.26.3