2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
10 sys
.path
.append("bin/python")
11 sys
.path
.append("../lib/subunit/python")
13 import samba
.getopt
as options
15 from samba
.auth
import system_session
16 from ldb
import (SCOPE_SUBTREE
, SCOPE_ONELEVEL
, SCOPE_BASE
, LdbError
,
17 LDB_ERR_NO_SUCH_OBJECT
, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
,
18 LDB_ERR_ENTRY_ALREADY_EXISTS
, LDB_ERR_UNWILLING_TO_PERFORM
,
19 LDB_ERR_NOT_ALLOWED_ON_NON_LEAF
, LDB_ERR_OTHER
, LDB_ERR_INVALID_DN_SYNTAX
)
21 from subunit
import SubunitTestRunner
22 from samba
import param
25 parser
= optparse
.OptionParser("ldap [options] <host>")
26 sambaopts
= options
.SambaOptions(parser
)
27 parser
.add_option_group(sambaopts
)
28 parser
.add_option_group(options
.VersionOptions(parser
))
29 # use command line creds if available
30 credopts
= options
.CredentialsOptions(parser
)
31 parser
.add_option_group(credopts
)
32 opts
, args
= parser
.parse_args()
40 lp
= sambaopts
.get_loadparm()
41 creds
= credopts
.get_credentials(lp
)
43 class BasicTests(unittest
.TestCase
):
44 def delete_force(self
, ldb
, dn
):
47 except LdbError
, (num
, _
):
48 self
.assertEquals(num
, LDB_ERR_NO_SUCH_OBJECT
)
50 def find_basedn(self
, ldb
):
51 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
,
52 attrs
=["defaultNamingContext"])
53 self
.assertEquals(len(res
), 1)
54 return res
[0]["defaultNamingContext"][0]
56 def find_configurationdn(self
, ldb
):
57 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["configurationNamingContext"])
58 self
.assertEquals(len(res
), 1)
59 return res
[0]["configurationNamingContext"][0]
61 def find_schemadn(self
, ldb
):
62 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["schemaNamingContext"])
63 self
.assertEquals(len(res
), 1)
64 return res
[0]["schemaNamingContext"][0]
69 self
.base_dn
= self
.find_basedn(ldb
)
70 self
.configuration_dn
= self
.find_configurationdn(ldb
)
71 self
.schema_dn
= self
.find_schemadn(ldb
)
73 print "baseDN: %s\n" % self
.base_dn
75 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
76 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
77 self
.delete_force(self
.ldb
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
78 self
.delete_force(self
.ldb
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
79 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
)
80 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
)
82 def test_group_add_invalid_member(self
):
83 """Testing group add with invalid member"""
86 "dn": "cn=ldaptestgroup,cn=uSers," + self
.base_dn
,
87 "objectclass": "group",
88 "member": "cn=ldaptestuser,cn=useRs," + self
.base_dn
})
90 except LdbError
, (num
, _
):
91 self
.assertEquals(num
, LDB_ERR_NO_SUCH_OBJECT
)
96 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
98 print "Testing user add"
100 "dn": "cn=ldaptestuser,cn=uSers," + self
.base_dn
,
101 "objectclass": ["user", "person"],
102 "cN": "LDAPtestUSER",
107 "dn": "cn=ldaptestgroup,cn=uSers," + self
.base_dn
,
108 "objectclass": "group",
109 "member": "cn=ldaptestuser,cn=useRs," + self
.base_dn
})
111 self
.delete_force(ldb
, "cn=ldaptestcomputer,cn=computers," + self
.base_dn
)
113 "dn": "cn=ldaptestcomputer,cn=computers," + self
.base_dn
,
114 "objectclass": "computer",
115 "cN": "LDAPtestCOMPUTER"})
117 self
.delete_force(self
.ldb
, "cn=ldaptest2computer,cn=computers," + self
.base_dn
)
118 ldb
.add({"dn": "cn=ldaptest2computer,cn=computers," + self
.base_dn
,
119 "objectClass": "computer",
120 "cn": "LDAPtest2COMPUTER",
121 "userAccountControl": "4096",
122 "displayname": "ldap testy"})
124 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
126 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
127 "objectClass": "computer",
128 "cn": "LDAPtest2COMPUTER"
131 except LdbError
, (num
, _
):
132 self
.assertEquals(num
, LDB_ERR_INVALID_DN_SYNTAX
)
134 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
136 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
137 "objectClass": "computer",
138 "cn": "ldaptestcomputer3",
139 "sAMAccountType": "805306368"
142 except LdbError
, (num
, _
):
143 self
.assertEquals(num
, LDB_ERR_UNWILLING_TO_PERFORM
)
145 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
147 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
148 "objectClass": "computer",
149 "cn": "ldaptestcomputer3",
150 "userAccountControl": "0"
153 except LdbError
, (num
, _
):
154 self
.assertEquals(num
, LDB_ERR_UNWILLING_TO_PERFORM
)
156 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
158 ldb
.add({"dn": "cn=ldaptestuser7,cn=users," + self
.base_dn
,
159 "objectClass": "user",
160 "cn": "LDAPtestuser7",
161 "userAccountControl": "0"
164 except LdbError
, (num
, _
):
165 self
.assertEquals(num
, LDB_ERR_UNWILLING_TO_PERFORM
)
167 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
169 ldb
.add({"dn": "cn=ldaptestuser7,cn=users," + self
.base_dn
,
170 "objectClass": "user",
171 "cn": "LDAPtestuser7",
172 "userAccountControl": "2"
175 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
177 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
178 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
179 "objectClass": "computer",
180 "cn": "LDAPtestCOMPUTER3"
183 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
184 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestcomputer3)(objectClass=user))");
185 self
.assertEquals(len(res
), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res
))
187 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestcomputer3,CN=Computers," + self
.base_dn
));
188 self
.assertEquals(res
[0]["cn"][0], "ldaptestcomputer3");
189 self
.assertEquals(res
[0]["name"][0], "ldaptestcomputer3");
190 self
.assertEquals(res
[0]["objectClass"][0], "top");
191 self
.assertEquals(res
[0]["objectClass"][1], "person");
192 self
.assertEquals(res
[0]["objectClass"][2], "organizationalPerson");
193 self
.assertEquals(res
[0]["objectClass"][3], "user");
194 self
.assertEquals(res
[0]["objectClass"][4], "computer");
195 self
.assertTrue("objectGUID" in res
[0])
196 self
.assertTrue("whenCreated" in res
[0])
197 self
.assertEquals(res
[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
));
198 self
.assertEquals(int(res
[0]["primaryGroupID"][0]), 513);
199 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368);
200 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546);
202 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
204 print "Testing attribute or value exists behaviour"
207 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
209 replace: servicePrincipalName
210 servicePrincipalName: host/ldaptest2computer
211 servicePrincipalName: host/ldaptest2computer
212 servicePrincipalName: cifs/ldaptest2computer
215 except LdbError
, (num
, msg
):
216 self
.assertEquals(num
, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
)
219 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
221 replace: servicePrincipalName
222 servicePrincipalName: host/ldaptest2computer
223 servicePrincipalName: cifs/ldaptest2computer
227 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
229 add: servicePrincipalName
230 servicePrincipalName: host/ldaptest2computer
233 except LdbError
, (num
, msg
):
234 self
.assertEquals(num
, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
)
236 print "Testing ranged results"
238 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
240 replace: servicePrincipalName
244 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
246 add: servicePrincipalName
247 servicePrincipalName: host/ldaptest2computer0
248 servicePrincipalName: host/ldaptest2computer1
249 servicePrincipalName: host/ldaptest2computer2
250 servicePrincipalName: host/ldaptest2computer3
251 servicePrincipalName: host/ldaptest2computer4
252 servicePrincipalName: host/ldaptest2computer5
253 servicePrincipalName: host/ldaptest2computer6
254 servicePrincipalName: host/ldaptest2computer7
255 servicePrincipalName: host/ldaptest2computer8
256 servicePrincipalName: host/ldaptest2computer9
257 servicePrincipalName: host/ldaptest2computer10
258 servicePrincipalName: host/ldaptest2computer11
259 servicePrincipalName: host/ldaptest2computer12
260 servicePrincipalName: host/ldaptest2computer13
261 servicePrincipalName: host/ldaptest2computer14
262 servicePrincipalName: host/ldaptest2computer15
263 servicePrincipalName: host/ldaptest2computer16
264 servicePrincipalName: host/ldaptest2computer17
265 servicePrincipalName: host/ldaptest2computer18
266 servicePrincipalName: host/ldaptest2computer19
267 servicePrincipalName: host/ldaptest2computer20
268 servicePrincipalName: host/ldaptest2computer21
269 servicePrincipalName: host/ldaptest2computer22
270 servicePrincipalName: host/ldaptest2computer23
271 servicePrincipalName: host/ldaptest2computer24
272 servicePrincipalName: host/ldaptest2computer25
273 servicePrincipalName: host/ldaptest2computer26
274 servicePrincipalName: host/ldaptest2computer27
275 servicePrincipalName: host/ldaptest2computer28
276 servicePrincipalName: host/ldaptest2computer29
279 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
,
280 attrs
=["servicePrincipalName;range=0-*"])
281 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
282 #print len(res[0]["servicePrincipalName;range=0-*"])
283 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
285 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-19"])
286 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
287 # print res[0]["servicePrincipalName;range=0-19"].length
288 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-19"]), 20)
291 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-30"])
292 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
293 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
295 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-40"])
296 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
297 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
299 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=30-40"])
300 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
301 self
.assertEquals(len(res
[0]["servicePrincipalName;range=30-*"]), 0)
304 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=10-40"])
305 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
306 self
.assertEquals(len(res
[0]["servicePrincipalName;range=10-*"]), 20)
307 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
309 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=11-40"])
310 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
311 self
.assertEquals(len(res
[0]["servicePrincipalName;range=11-*"]), 19)
312 # print res[0]["servicePrincipalName;range=11-*"][18]
314 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
316 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=11-15"])
317 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
318 self
.assertEquals(len(res
[0]["servicePrincipalName;range=11-15"]), 5)
319 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
321 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName"])
322 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
323 # print res[0]["servicePrincipalName"][18]
325 self
.assertEquals(len(res
[0]["servicePrincipalName"]), 30)
326 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
328 self
.delete_force(self
.ldb
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
330 "dn": "cn=ldaptestuser2,cn=useRs," + self
.base_dn
,
331 "objectClass": ["person", "user"],
332 "cn": "LDAPtestUSER2",
333 "givenname": "testy",
336 print "Testing Ambigious Name Resolution"
337 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
338 res
= ldb
.search(expression
="(&(anr=ldap testy)(objectClass=user))")
339 self
.assertEquals(len(res
), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res
))
341 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
342 res
= ldb
.search(expression
="(&(anr=testy ldap)(objectClass=user))")
343 self
.assertEquals(len(res
), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res
))
345 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
346 res
= ldb
.search(expression
="(&(anr=ldap)(objectClass=user))")
347 self
.assertEquals(len(res
), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res
))
349 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
350 res
= ldb
.search(expression
="(&(anr==ldap)(objectClass=user))")
351 self
.assertEquals(len(res
), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res
))
353 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
354 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
355 self
.assertEquals(res
[0]["name"], "ldaptestuser")
357 # Testing ldb.search for (&(anr=testy)(objectClass=user))
358 res
= ldb
.search(expression
="(&(anr=testy)(objectClass=user))")
359 self
.assertEquals(len(res
), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res
))
361 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
362 res
= ldb
.search(expression
="(&(anr=testy ldap)(objectClass=user))")
363 self
.assertEquals(len(res
), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res
))
365 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
366 # this test disabled for the moment, as anr with == tests are not understood
367 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
368 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
370 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
371 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
372 self
.assertEquals(res
[0]["name"][0], "ldaptestuser")
374 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
375 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
376 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
378 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
379 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
380 self
.assertEquals(res
[0]["name"][0], "ldaptestuser")
382 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
383 res
= ldb
.search(expression
="(&(anr=testy ldap user)(objectClass=user))")
384 self
.assertEquals(len(res
), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
386 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
387 self
.assertEquals(res
[0]["cn"], "ldaptestuser2")
388 self
.assertEquals(res
[0]["name"], "ldaptestuser2")
390 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
391 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
392 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
394 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
395 self
.assertEquals(res
[0]["cn"], "ldaptestuser2")
396 self
.assertEquals(res
[0]["name"], "ldaptestuser2")
398 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
399 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
400 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
402 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
403 self
.assertEquals(res
[0]["cn"], "ldaptestuser2")
404 self
.assertEquals(res
[0]["name"], "ldaptestuser2")
406 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
407 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
408 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
410 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
411 res
= ldb
.search(expression
="(&(anr=not ldap user2)(objectClass=user))")
412 self
.assertEquals(len(res
), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
414 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
415 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
416 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
418 print "Testing Group Modifies"
420 dn: cn=ldaptestgroup,cn=users,""" + self
.base_dn
+ """
423 member: cn=ldaptestuser2,cn=users,""" + self
.base_dn
+ """
424 member: cn=ldaptestcomputer,cn=computers,""" + self
.base_dn
+ """
427 self
.delete_force(ldb
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
429 print "Testing adding non-existent user to a group"
432 dn: cn=ldaptestgroup,cn=users,""" + self
.base_dn
+ """
435 member: cn=ldaptestuser3,cn=users,""" + self
.base_dn
+ """
438 except LdbError
, (num
, _
):
439 self
.assertEquals(num
, LDB_ERR_NO_SUCH_OBJECT
)
441 print "Testing Renames"
443 attrs
= ["objectGUID", "objectSid"]
444 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
445 res_user
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestUSer2)(objectClass=user))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
446 self
.assertEquals(len(res_user
), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
448 #Check rename works with extended/alternate DN forms
449 ldb
.rename("<SID=" + ldb
.schema_format_value("objectSID", res_user
[0]["objectSID"][0]) + ">" , "cn=ldaptestuser3,cn=users," + self
.base_dn
)
451 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
453 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestUSER3,cn=users," + self
.base_dn
)
455 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
456 res
= ldb
.search(expression
="(&(cn=ldaptestuser3)(objectClass=user))")
457 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
459 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
460 self
.assertEquals(res
[0]["cn"], "ldaptestUSER3")
461 self
.assertEquals(res
[0]["name"], "ldaptestUSER3")
463 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
464 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
465 self
.assertEquals(len(res
), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
467 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
468 self
.assertEquals(res
[0]["cn"], "ldaptestUSER3")
469 self
.assertEquals(res
[0]["name"], "ldaptestUSER3")
471 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
472 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
473 self
.assertEquals(len(res
), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
475 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
476 self
.assertEquals(res
[0]["cn"], "ldaptestUSER3")
477 self
.assertEquals(res
[0]["name"], "ldaptestUSER3")
479 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
480 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
481 self
.assertEquals(len(res
), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
483 # This is a Samba special, and does not exist in real AD
484 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
485 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
486 # if (res.error != 0 || len(res) != 1) {
487 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
488 # self.assertEquals(len(res), 1)
490 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
491 # self.assertEquals(res[0].cn, "ldaptestUSER3")
492 # self.assertEquals(res[0].name, "ldaptestUSER3")
494 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")"
495 res
= ldb
.search(expression
="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")")
496 self
.assertEquals(len(res
), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")")
497 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
498 self
.assertEquals(res
[0]["cn"], "ldaptestUSER3")
499 self
.assertEquals(res
[0]["name"], "ldaptestUSER3")
501 # ensure we cannot add it again
503 ldb
.add({"dn": "cn=ldaptestuser3,cn=userS," + self
.base_dn
,
504 "objectClass": ["person", "user"],
505 "cn": "LDAPtestUSER3"})
507 except LdbError
, (num
, _
):
508 self
.assertEquals(num
, LDB_ERR_ENTRY_ALREADY_EXISTS
)
511 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
513 # ensure we cannnot rename it twice
515 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
,
516 "cn=ldaptestuser2,cn=users," + self
.base_dn
)
518 except LdbError
, (num
, _
):
519 self
.assertEquals(num
, LDB_ERR_NO_SUCH_OBJECT
)
521 # ensure can now use that name
522 ldb
.add({"dn": "cn=ldaptestuser3,cn=users," + self
.base_dn
,
523 "objectClass": ["person", "user"],
524 "cn": "LDAPtestUSER3"})
526 # ensure we now cannnot rename
528 ldb
.rename("cn=ldaptestuser2,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
530 except LdbError
, (num
, _
):
531 self
.assertEquals(num
, LDB_ERR_ENTRY_ALREADY_EXISTS
)
533 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=configuration," + self
.base_dn
)
535 except LdbError
, (num
, _
):
536 self
.assertTrue(num
in (71, 64))
538 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser5,cn=users," + self
.base_dn
)
540 ldb
.delete("cn=ldaptestuser5,cn=users," + self
.base_dn
)
542 self
.delete_force(ldb
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
544 ldb
.rename("cn=ldaptestgroup,cn=users," + self
.base_dn
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
546 print "Testing subtree Renames"
548 ldb
.add({"dn": "cn=ldaptestcontainer," + self
.base_dn
,
549 "objectClass": "container"})
551 self
.delete_force(self
.ldb
, "cn=ldaptestuser4,cn=ldaptestcontainer," + self
.base_dn
)
552 ldb
.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self
.base_dn
,
553 "objectClass": ["person", "user"],
554 "cn": "LDAPtestUSER4"})
557 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
560 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self
.base_dn
+ """
563 print "Testing ldb.rename of cn=ldaptestcontainer," + self
.base_dn
+ " to cn=ldaptestcontainer2," + self
.base_dn
564 ldb
.rename("CN=ldaptestcontainer," + self
.base_dn
, "CN=ldaptestcontainer2," + self
.base_dn
)
566 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
567 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))")
568 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
570 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self
.base_dn
572 ldb
.search("cn=ldaptestcontainer," + self
.base_dn
,
573 expression
="(&(cn=ldaptestuser4)(objectClass=user))",
576 except LdbError
, (num
, _
):
577 self
.assertEquals(num
, LDB_ERR_NO_SUCH_OBJECT
)
579 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self
.base_dn
581 res
= ldb
.search("cn=ldaptestcontainer," + self
.base_dn
,
582 expression
="(&(cn=ldaptestuser4)(objectClass=user))", scope
=SCOPE_ONELEVEL
)
584 except LdbError
, (num
, _
):
585 self
.assertEquals(num
, LDB_ERR_NO_SUCH_OBJECT
)
587 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
588 res
= ldb
.search("cn=ldaptestcontainer2," + self
.base_dn
, expression
="(&(cn=ldaptestuser4)(objectClass=user))", scope
=SCOPE_SUBTREE
)
589 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self
.base_dn
)
591 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
))
592 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
596 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group)) to check subtree renames and linked attributes"
597 res
= ldb
.search(self
.base_dn
, expression
="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group))", scope
=SCOPE_SUBTREE
)
598 self
.assertEquals(len(res
), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
600 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self
.base_dn
+ " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self
.base_dn
602 ldb
.rename("cn=ldaptestcontainer2," + self
.base_dn
, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self
.base_dn
)
604 except LdbError
, (num
, _
):
605 self
.assertEquals(num
, LDB_ERR_UNWILLING_TO_PERFORM
)
607 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self
.base_dn
+ " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self
.base_dn
609 ldb
.rename("cn=ldaptestcontainer2," + self
.base_dn
, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self
.base_dn
)
611 except LdbError
, (num
, _
):
612 self
.assertTrue(num
in (LDB_ERR_UNWILLING_TO_PERFORM
, LDB_ERR_OTHER
))
614 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self
.base_dn
616 ldb
.delete("cn=ldaptestcontainer2," + self
.base_dn
)
618 except LdbError
, (num
, _
):
619 self
.assertEquals(num
, LDB_ERR_NOT_ALLOWED_ON_NON_LEAF
)
621 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
622 res
= ldb
.search(expression
="(objectclass=*)", base
=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_BASE
)
623 self
.assertEquals(len(res
), 1)
624 res
= ldb
.search(expression
="(cn=ldaptestuser40)", base
=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_BASE
)
625 self
.assertEquals(len(res
), 0)
627 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self
.base_dn
628 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))", base
=("cn=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_ONELEVEL
)
629 # FIXME: self.assertEquals(len(res), 0)
631 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self
.base_dn
632 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))", base
=("cn=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_SUBTREE
)
633 # FIXME: self.assertEquals(len(res), 0)
635 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
)
636 ldb
.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
))
637 print "Testing delete of renamed cn=ldaptestcontainer2," + self
.base_dn
638 ldb
.delete("cn=ldaptestcontainer2," + self
.base_dn
)
640 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
)
641 ldb
.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
, "objectClass": "user"})
643 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
)
644 ldb
.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
, "objectClass": "user"})
646 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
647 res
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectClass=user))")
648 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
650 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
651 self
.assertEquals(res
[0]["cn"], "ldaptestuser")
652 self
.assertEquals(res
[0]["name"], "ldaptestuser")
653 self
.assertEquals(res
[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
654 self
.assertTrue("objectGUID" in res
[0])
655 self
.assertTrue("whenCreated" in res
[0])
656 self
.assertEquals(res
[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + self
.base_dn
))
657 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368)
658 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546)
659 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
660 self
.assertEquals(len(res
[0]["memberOf"]), 1)
662 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))"
663 res2
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))")
664 self
.assertEquals(len(res2
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))")
666 self
.assertEquals(res
[0].dn
, res2
[0].dn
)
668 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
669 res3
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))")
670 self
.assertEquals(len(res3
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3
))
672 self
.assertEquals(res
[0].dn
, res3
[0].dn
)
674 if gc_ldb
is not None:
675 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
676 res3gc
= gc_ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))")
677 self
.assertEquals(len(res3gc
), 1)
679 self
.assertEquals(res
[0].dn
, res3gc
[0].dn
)
681 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
683 res3control
= gc_ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:2"])
684 self
.assertEquals(len(res3control
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
686 self
.assertEquals(res
[0].dn
, res3control
[0].dn
)
688 ldb
.delete(res
[0].dn
)
690 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
691 res
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectClass=user))")
692 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
694 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestcomputer,CN=Computers," + self
.base_dn
))
695 self
.assertEquals(res
[0]["cn"], "ldaptestcomputer")
696 self
.assertEquals(res
[0]["name"], "ldaptestcomputer")
697 self
.assertEquals(res
[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
698 self
.assertTrue("objectGUID" in res
[0])
699 self
.assertTrue("whenCreated" in res
[0])
700 self
.assertEquals(res
[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
))
701 self
.assertEquals(int(res
[0]["primaryGroupID"][0]), 513)
702 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368)
703 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546)
704 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
705 self
.assertEquals(len(res
[0]["memberOf"]), 1)
707 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))"
708 res2
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
709 self
.assertEquals(len(res2
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
711 self
.assertEquals(res
[0].dn
, res2
[0].dn
)
713 if gc_ldb
is not None:
714 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ ")) in Global Catlog"
715 res2gc
= gc_ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
716 self
.assertEquals(len(res2gc
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ ")) in Global Catlog")
718 self
.assertEquals(res
[0].dn
, res2gc
[0].dn
)
720 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
721 res3
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
722 self
.assertEquals(len(res3
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
724 self
.assertEquals(res
[0].dn
, res3
[0].dn
)
726 if gc_ldb
is not None:
727 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
728 res3gc
= gc_ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
729 self
.assertEquals(len(res3gc
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
731 self
.assertEquals(res
[0].dn
, res3gc
[0].dn
)
733 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
734 res4
= ldb
.search(expression
="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
735 self
.assertEquals(len(res4
), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
737 self
.assertEquals(res
[0].dn
, res4
[0].dn
)
739 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
740 res5
= ldb
.search(expression
="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
741 self
.assertEquals(len(res5
), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
743 self
.assertEquals(res
[0].dn
, res5
[0].dn
)
745 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
746 res6
= ldb
.search(expression
="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
747 self
.assertEquals(len(res6
), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
749 self
.assertEquals(res
[0].dn
, res6
[0].dn
)
751 ldb
.delete("<GUID=" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + ">")
753 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
754 res
= ldb
.search(expression
="(&(cn=ldaptest2computer)(objectClass=user))")
755 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
757 self
.assertEquals(res
[0].dn
, ("CN=ldaptest2computer,CN=Computers," + self
.base_dn
))
758 self
.assertEquals(res
[0]["cn"], "ldaptest2computer")
759 self
.assertEquals(res
[0]["name"], "ldaptest2computer")
760 self
.assertEquals(res
[0]["objectClass"], ["top", "person", "organizationalPerson", "user", "computer"])
761 self
.assertTrue("objectGUID" in res
[0])
762 self
.assertTrue("whenCreated" in res
[0])
763 self
.assertEquals(res
[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
)
764 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306369)
765 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 4096)
767 ldb
.delete("<SID=" + ldb
.schema_format_value("objectSID", res
[0]["objectSID"][0]) + ">")
769 attrs
= ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
770 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
771 res_user
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestUSer2)(objectClass=user))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
772 self
.assertEquals(len(res_user
), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
774 self
.assertEquals(res_user
[0].dn
, ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
775 self
.assertEquals(res_user
[0]["cn"], "ldaptestuser2")
776 self
.assertEquals(res_user
[0]["name"], "ldaptestuser2")
777 self
.assertEquals(res_user
[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
778 self
.assertTrue("objectSid" in res_user
[0])
779 self
.assertTrue("objectGUID" in res_user
[0])
780 self
.assertTrue("whenCreated" in res_user
[0])
781 self
.assertTrue("nTSecurityDescriptor" in res_user
[0])
782 self
.assertTrue("allowedAttributes" in res_user
[0])
783 self
.assertTrue("allowedAttributesEffective" in res_user
[0])
784 self
.assertEquals(res_user
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
786 ldaptestuser2_sid
= res_user
[0]["objectSid"][0]
787 ldaptestuser2_guid
= res_user
[0]["objectGUID"][0]
789 attrs
= ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
790 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
791 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
792 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
794 self
.assertEquals(res
[0].dn
, ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
795 self
.assertEquals(res
[0]["cn"], "ldaptestgroup2")
796 self
.assertEquals(res
[0]["name"], "ldaptestgroup2")
797 self
.assertEquals(res
[0]["objectClass"], ["top", "group"])
798 self
.assertTrue("objectGUID" in res
[0])
799 self
.assertTrue("objectSid" in res
[0])
800 self
.assertTrue("whenCreated" in res
[0])
801 self
.assertTrue("nTSecurityDescriptor" in res
[0])
802 self
.assertTrue("allowedAttributes" in res
[0])
803 self
.assertTrue("allowedAttributesEffective" in res
[0])
805 for m
in res
[0]["member"]:
806 memberUP
.append(m
.upper())
807 self
.assertTrue(("CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper() in memberUP
)
809 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
, controls
=["extended_dn:1:1"])
810 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
812 print res
[0]["member"]
814 for m
in res
[0]["member"]:
815 memberUP
.append(m
.upper())
816 print ("<GUID=" + ldb
.schema_format_value("objectGUID", ldaptestuser2_guid
) + ">;<SID=" + ldb
.schema_format_value("objectSid", ldaptestuser2_sid
) + ">;CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper()
818 self
.assertTrue(("<GUID=" + ldb
.schema_format_value("objectGUID", ldaptestuser2_guid
) + ">;<SID=" + ldb
.schema_format_value("objectSid", ldaptestuser2_sid
) + ">;CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper() in memberUP
)
820 print "Testing Linked attribute behaviours"
822 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
825 member: CN=ldaptestuser2,CN=Users,""" + self
.base_dn
+ """
826 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
830 dn: <GUID=""" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + """>
833 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
837 dn: <SID=""" + ldb
.schema_format_value("objectSid", res
[0]["objectSid"][0]) + """>
843 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
846 member: <GUID=""" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + """>
847 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
851 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
857 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
860 member: <SID=""" + ldb
.schema_format_value("objectSid", res_user
[0]["objectSid"][0]) + """>
861 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
865 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
868 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
871 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
872 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
874 self
.assertEquals(res
[0].dn
, ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
875 self
.assertEquals(res
[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
876 self
.assertEquals(len(res
[0]["member"]), 1)
878 ldb
.delete(("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
882 attrs
= ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
883 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
884 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
885 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
887 self
.assertEquals(res
[0].dn
, ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
888 self
.assertTrue("member" not in res
[0])
890 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
891 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
892 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
894 self
.assertEquals(res
[0].dn
, ("CN=ldaptestutf8user èùéìòà,CN=Users," + self
.base_dn
))
895 self
.assertEquals(res
[0]["cn"], "ldaptestutf8user èùéìòà")
896 self
.assertEquals(res
[0]["name"], "ldaptestutf8user èùéìòà")
897 self
.assertEquals(res
[0]["objectClass"], ["top", "person", "organizationalPerson", "user"])
898 self
.assertTrue("objectGUID" in res
[0])
899 self
.assertTrue("whenCreated" in res
[0])
901 ldb
.delete(res
[0].dn
)
903 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
904 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user2*)(objectClass=user))")
905 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
907 ldb
.delete(res
[0].dn
)
909 ldb
.delete(("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
911 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
912 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
914 #FIXME: self.assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
916 print "Testing that we can't get at the configuration DN from the main search base"
917 res
= ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
918 self
.assertEquals(len(res
), 0)
920 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
921 res
= ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:2"])
922 self
.assertTrue(len(res
) > 0)
924 if gc_ldb
is not None:
925 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
927 res
= gc_ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:0"])
928 self
.assertTrue(len(res
) > 0)
930 print "Testing that we do find configuration elements in the global catlog"
931 res
= gc_ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
932 self
.assertTrue(len(res
) > 0)
934 print "Testing that we do find configuration elements and user elements at the same time"
935 res
= gc_ldb
.search(self
.base_dn
, expression
="(|(objectClass=crossRef)(objectClass=person))", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
936 self
.assertTrue(len(res
) > 0)
938 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
939 res
= gc_ldb
.search(self
.configuration_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
940 self
.assertTrue(len(res
) > 0)
942 print "Testing that we can get at the configuration DN on the main LDAP port"
943 res
= ldb
.search(self
.configuration_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
944 self
.assertTrue(len(res
) > 0)
946 print "Testing objectCategory canonacolisation"
947 res
= ldb
.search(self
.configuration_dn
, expression
="objectCategory=ntDsDSA", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
948 self
.assertTrue(len(res
) > 0, "Didn't find any records with objectCategory=ntDsDSA")
949 self
.assertTrue(len(res
) != 0)
951 res
= ldb
.search(self
.configuration_dn
, expression
="objectCategory=CN=ntDs-DSA," + self
.schema_dn
, scope
=SCOPE_SUBTREE
, attrs
=["cn"])
952 self
.assertTrue(len(res
) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self
.schema_dn
)
953 self
.assertTrue(len(res
) != 0)
955 print "Testing objectClass attribute order on "+ self
.base_dn
956 res
= ldb
.search(expression
="objectClass=domain", base
=self
.base_dn
,
957 scope
=SCOPE_BASE
, attrs
=["objectClass"])
958 self
.assertEquals(len(res
), 1)
960 self
.assertEquals(res
[0]["objectClass"], ["top", "domain", "domainDNS"])
964 print "Testing ldb.search for objectCategory=person"
965 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=person", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
966 self
.assertTrue(len(res
) > 0)
968 print "Testing ldb.search for objectCategory=person with domain scope control"
969 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=person", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
970 self
.assertTrue(len(res
) > 0)
972 print "Testing ldb.search for objectCategory=user"
973 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=user", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
974 self
.assertTrue(len(res
) > 0)
976 print "Testing ldb.search for objectCategory=user with domain scope control"
977 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=user", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
978 self
.assertTrue(len(res
) > 0)
980 print "Testing ldb.search for objectCategory=group"
981 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=group", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
982 self
.assertTrue(len(res
) > 0)
984 print "Testing ldb.search for objectCategory=group with domain scope control"
985 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=group", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
986 self
.assertTrue(len(res
) > 0)
989 class BaseDnTests(unittest
.TestCase
):
993 def test_rootdse_attrs(self
):
994 """Testing for all rootDSE attributes"""
995 res
= self
.ldb
.search(scope
=SCOPE_BASE
, attrs
=[])
996 self
.assertEquals(len(res
), 1)
998 def test_highestcommittedusn(self
):
999 """Testing for highestCommittedUSN"""
1000 res
= self
.ldb
.search("", scope
=SCOPE_BASE
, attrs
=["highestCommittedUSN"])
1001 self
.assertEquals(len(res
), 1)
1002 self
.assertTrue(int(res
[0]["highestCommittedUSN"][0]) != 0)
1004 def test_netlogon(self
):
1005 """Testing for netlogon via LDAP"""
1006 res
= self
.ldb
.search("", scope
=SCOPE_BASE
, attrs
=["netlogon"])
1007 self
.assertEquals(len(res
), 0)
1009 def test_netlogon_highestcommitted_usn(self
):
1010 """Testing for netlogon and highestCommittedUSN via LDAP"""
1011 res
= self
.ldb
.search("", scope
=SCOPE_BASE
,
1012 attrs
=["netlogon", "highestCommittedUSN"])
1013 self
.assertEquals(len(res
), 0)
1015 class SchemaTests(unittest
.TestCase
):
1016 def find_schemadn(self
, ldb
):
1017 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["schemaNamingContext"])
1018 self
.assertEquals(len(res
), 1)
1019 return res
[0]["schemaNamingContext"][0]
1023 self
.schema_dn
= self
.find_schemadn(ldb
)
1025 def test_generated_schema(self
):
1026 """Testing we can read the generated schema via LDAP"""
1027 res
= self
.ldb
.search("cn=aggregate,"+self
.schema_dn
, scope
=SCOPE_BASE
,
1028 attrs
=["objectClasses", "attributeTypes", "dITContentRules"])
1029 self
.assertEquals(len(res
), 1)
1030 self
.assertTrue("dITContentRules" in res
[0])
1031 self
.assertTrue("objectClasses" in res
[0])
1032 self
.assertTrue("attributeTypes" in res
[0])
1034 def test_generated_schema_is_operational(self
):
1035 """Testing we don't get the generated schema via LDAP by default"""
1036 res
= self
.ldb
.search("cn=aggregate,"+self
.schema_dn
, scope
=SCOPE_BASE
,
1038 self
.assertEquals(len(res
), 1)
1039 self
.assertFalse("dITContentRules" in res
[0])
1040 self
.assertFalse("objectClasses" in res
[0])
1041 self
.assertFalse("attributeTypes" in res
[0])
1043 if not "://" in host
:
1044 host
= "ldap://%s" % host
1046 ldb
= Ldb(host
, credentials
=creds
, session_info
=system_session(), lp
=lp
)
1047 gc_ldb
= Ldb("%s:3268" % host
, credentials
=creds
,
1048 session_info
=system_session(), lp
=lp
)
1050 runner
= SubunitTestRunner()
1052 if not runner
.run(unittest
.makeSuite(BaseDnTests
)).wasSuccessful():
1054 if not runner
.run(unittest
.makeSuite(BasicTests
)).wasSuccessful():
1056 if not runner
.run(unittest
.makeSuite(SchemaTests
)).wasSuccessful():