search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PY3: change shebang to python3 in source4/torture dir
[Samba.git] / source4 / torture / drs / python / replica_sync.py
blob03292b5780584b6dea70da71130be4666cea7c5b
1 #!/usr/bin/env python3
2 # -*- coding: utf-8 -*-
3 #
4 # Tests various schema replication scenarios
5 #
6 # Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2011
7 #
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
12 #
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
17 #
18 # You should have received a copy of the GNU General Public License
19 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #
21
22 #
23 # Usage:
24 # export DC1=dc1_dns_name
25 # export DC2=dc2_dns_name
26 # export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun
27 # PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN replica_sync -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD"
28 #
29
30 from __future__ import print_function
31 import drs_base
32 import samba.tests
33 import time
34 import ldb
35
36 from ldb import (
37 SCOPE_BASE, LdbError, ERR_NO_SUCH_OBJECT)
38
39
40 class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase):
41 """Intended as a black box test case for DsReplicaSync
42 implementation. It should test the behavior of this
43 case in cases when inbound replication is disabled"""
44
45 def setUp(self):
46 super(DrsReplicaSyncTestCase, self).setUp()
47
48 # This OU avoids this test conflicting with anything
49 # that may already be in the DB
50 self.top_ou = samba.tests.create_test_ou(self.ldb_dc1,
51 "replica_sync")
52 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True)
53 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
54 self.ou1 = None
55 self.ou2 = None
56
57 def tearDown(self):
58 self._cleanup_object(self.ou1)
59 self._cleanup_object(self.ou2)
60 self._cleanup_dn(self.top_ou)
61
62 # re-enable replication
63 self._enable_inbound_repl(self.dnsname_dc1)
64 self._enable_inbound_repl(self.dnsname_dc2)
65
66 super(DrsReplicaSyncTestCase, self).tearDown()
67
68 def _cleanup_dn(self, dn):
69 try:
70 self.ldb_dc2.delete(dn, ["tree_delete:1"])
71 except LdbError as e:
72 (num, _) = e.args
73 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
74 try:
75 self.ldb_dc1.delete(dn, ["tree_delete:1"])
76 except LdbError as e1:
77 (num, _) = e1.args
78 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
79
80 def _cleanup_object(self, guid):
81 """Cleans up a test object, if it still exists"""
82 if guid is not None:
83 self._cleanup_dn('<GUID=%s>' % guid)
84
85 def test_ReplEnabled(self):
86 """Tests we can replicate when replication is enabled"""
87 self._enable_inbound_repl(self.dnsname_dc1)
88 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=False)
89
90 def test_ReplDisabled(self):
91 """Tests we cann't replicate when replication is disabled"""
92 self._disable_inbound_repl(self.dnsname_dc1)
93
94 ccache_name = self.get_creds_ccache_name()
95
96 # Tunnel the command line credentials down to the
97 # subcommand to avoid a new kinit
98 cmdline_auth = "--krb5-ccache=%s" % ccache_name
99
100 # bin/samba-tool drs <drs_command> <cmdline_auth>
101 cmd_list = ["drs", "replicate", cmdline_auth]
102
103 nc_dn = self.domain_dn
104 # bin/samba-tool drs replicate <Dest_DC_NAME> <Src_DC_NAME> <Naming Context>
105 cmd_list += [self.dnsname_dc1, self.dnsname_dc2, nc_dn]
106
107 (result, out, err) = self.runsubcmd(*cmd_list)
108 self.assertCmdFail(result)
109 self.assertTrue('WERR_DS_DRA_SINK_DISABLED' in err)
110
111 def test_ReplDisabledForced(self):
112 """Tests we can force replicate when replication is disabled"""
113 self._disable_inbound_repl(self.dnsname_dc1)
114 out = self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True)
115
116 def test_ReplLocal(self):
117 """Tests we can replicate direct to the local db"""
118 self._enable_inbound_repl(self.dnsname_dc1)
119 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=False, local=True, full_sync=True)
120
121 def _create_ou(self, samdb, name):
122 ldif = """
123 dn: %s,%s
124 objectClass: organizationalUnit
125 """ % (name, self.top_ou)
126 samdb.add_ldif(ldif)
127 res = samdb.search(base="%s,%s" % (name, self.top_ou),
128 scope=SCOPE_BASE, attrs=["objectGUID"])
129 return self._GUID_string(res[0]["objectGUID"][0])
130
131 def _check_deleted(self, sam_ldb, guid):
132 # search the user by guid as it may be deleted
133 res = sam_ldb.search(base='<GUID=%s>' % guid,
134 controls=["show_deleted:1"],
135 attrs=["isDeleted", "objectCategory", "ou"])
136 self.assertEquals(len(res), 1)
137 ou_cur = res[0]
138 # Deleted Object base DN
139 dodn = self._deleted_objects_dn(sam_ldb)
140 # now check properties of the user
141 name_cur = ou_cur["ou"][0]
142 self.assertEquals(ou_cur["isDeleted"][0], b"TRUE")
143 self.assertTrue(not(b"objectCategory" in ou_cur))
144 self.assertTrue(dodn in str(ou_cur["dn"]),
145 "OU %s is deleted but it is not located under %s!" % (name_cur, dodn))
146
147 def test_ReplConflictsFullSync(self):
148 """Tests that objects created in conflict become conflict DNs (honour full sync override)"""
149
150 # First confirm local replication (so when we test against windows, this fails fast without creating objects)
151 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, local=True, forced=True, full_sync=True)
152
153 self._disable_inbound_repl(self.dnsname_dc1)
154 self._disable_inbound_repl(self.dnsname_dc2)
155
156 # Create conflicting objects on DC1 and DC2, with DC1 object created first
157 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Full Sync")
158 # We have to sleep to ensure that the two objects have different timestamps
159 time.sleep(1)
160 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Full Sync")
161
162 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, local=True, forced=True, full_sync=True)
163
164 # Check that DC2 got the DC1 object, and OU1 was make into conflict
165 res1 = self.ldb_dc2.search(base="<GUID=%s>" % self.ou1,
166 scope=SCOPE_BASE, attrs=["name"])
167 res2 = self.ldb_dc2.search(base="<GUID=%s>" % self.ou2,
168 scope=SCOPE_BASE, attrs=["name"])
169 print(res1[0]["name"][0])
170 print(res2[0]["name"][0])
171 self.assertFalse('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
172 self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
173 self.assertTrue(self._lost_and_found_dn(self.ldb_dc2, self.domain_dn) not in str(res1[0].dn))
174 self.assertTrue(self._lost_and_found_dn(self.ldb_dc2, self.domain_dn) not in str(res2[0].dn))
175 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
176 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
177
178 # Delete both objects by GUID on DC2
179
180 self.ldb_dc2.delete('<GUID=%s>' % self.ou1)
181 self.ldb_dc2.delete('<GUID=%s>' % self.ou2)
182
183 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=True)
184
185 self._check_deleted(self.ldb_dc1, self.ou1)
186 self._check_deleted(self.ldb_dc1, self.ou2)
187 # Check deleted on DC2
188 self._check_deleted(self.ldb_dc2, self.ou1)
189 self._check_deleted(self.ldb_dc2, self.ou2)
190
191 def test_ReplConflictsRemoteWin(self):
192 """Tests that objects created in conflict become conflict DNs"""
193 self._disable_inbound_repl(self.dnsname_dc1)
194 self._disable_inbound_repl(self.dnsname_dc2)
195
196 # Create conflicting objects on DC1 and DC2, with DC1 object created first
197 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Remote Conflict")
198 # We have to sleep to ensure that the two objects have different timestamps
199 time.sleep(1)
200 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Remote Conflict")
201
202 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
203
204 # Check that DC2 got the DC1 object, and OU1 was make into conflict
205 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
206 scope=SCOPE_BASE, attrs=["name"])
207 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
208 scope=SCOPE_BASE, attrs=["name"])
209 print(res1[0]["name"][0])
210 print(res2[0]["name"][0])
211 self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
212 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
213 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
214 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
215 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
216
217 # Delete both objects by GUID on DC1
218
219 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
220 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
221
222 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
223
224 self._check_deleted(self.ldb_dc1, self.ou1)
225 self._check_deleted(self.ldb_dc1, self.ou2)
226 # Check deleted on DC2
227 self._check_deleted(self.ldb_dc2, self.ou1)
228 self._check_deleted(self.ldb_dc2, self.ou2)
229
230 def test_ReplConflictsLocalWin(self):
231 """Tests that objects created in conflict become conflict DNs"""
232 self._disable_inbound_repl(self.dnsname_dc1)
233 self._disable_inbound_repl(self.dnsname_dc2)
234
235 # Create conflicting objects on DC1 and DC2, with DC2 object created first
236 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Local Conflict")
237 # We have to sleep to ensure that the two objects have different timestamps
238 time.sleep(1)
239 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Local Conflict")
240
241 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
242
243 # Check that DC2 got the DC1 object, and OU2 was make into conflict
244 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
245 scope=SCOPE_BASE, attrs=["name"])
246 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
247 scope=SCOPE_BASE, attrs=["name"])
248 print(res1[0]["name"][0])
249 print(res2[0]["name"][0])
250 self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]), "Got %s for %s" % (str(res2[0]["name"][0]), self.ou2))
251 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
252 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
253 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
254 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
255
256 # Delete both objects by GUID on DC1
257
258 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
259 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
260
261 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
262
263 self._check_deleted(self.ldb_dc1, self.ou1)
264 self._check_deleted(self.ldb_dc1, self.ou2)
265 # Check deleted on DC2
266 self._check_deleted(self.ldb_dc2, self.ou1)
267 self._check_deleted(self.ldb_dc2, self.ou2)
268
269 def test_ReplConflictsRemoteWin_with_child(self):
270 """Tests that objects created in conflict become conflict DNs"""
271 self._disable_inbound_repl(self.dnsname_dc1)
272 self._disable_inbound_repl(self.dnsname_dc2)
273
274 # Create conflicting objects on DC1 and DC2, with DC1 object created first
275 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Parent Remote Conflict")
276 # We have to sleep to ensure that the two objects have different timestamps
277 time.sleep(1)
278 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Parent Remote Conflict")
279 # Create children on DC2
280 ou1_child = self._create_ou(self.ldb_dc1, "OU=Test Child,OU=Test Parent Remote Conflict")
281 ou2_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Test Parent Remote Conflict")
282
283 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
284
285 # Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
286 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
287 scope=SCOPE_BASE, attrs=["name"])
288 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
289 scope=SCOPE_BASE, attrs=["name"])
290 print(res1[0]["name"][0])
291 print(res2[0]["name"][0])
292 self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
293 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
294 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
295 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
296 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
297
298 # Delete both objects by GUID on DC1
299
300 self.ldb_dc1.delete('<GUID=%s>' % self.ou1, ["tree_delete:1"])
301 self.ldb_dc1.delete('<GUID=%s>' % self.ou2, ["tree_delete:1"])
302
303 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
304
305 self._check_deleted(self.ldb_dc1, self.ou1)
306 self._check_deleted(self.ldb_dc1, self.ou2)
307 # Check deleted on DC2
308 self._check_deleted(self.ldb_dc2, self.ou1)
309 self._check_deleted(self.ldb_dc2, self.ou2)
310
311 self._check_deleted(self.ldb_dc1, ou1_child)
312 self._check_deleted(self.ldb_dc1, ou2_child)
313 # Check deleted on DC2
314 self._check_deleted(self.ldb_dc2, ou1_child)
315 self._check_deleted(self.ldb_dc2, ou2_child)
316
317 def test_ReplConflictsRenamedVsNewRemoteWin(self):
318 """Tests resolving a DN conflict between a renamed object and a new object"""
319 self._disable_inbound_repl(self.dnsname_dc1)
320 self._disable_inbound_repl(self.dnsname_dc2)
321
322 # Create an OU and rename it on DC1
323 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Remote Rename Conflict orig")
324 self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Remote Rename Conflict,%s" % self.top_ou)
325
326 # We have to sleep to ensure that the two objects have different timestamps
327 time.sleep(1)
328
329 # create a conflicting object with the same DN on DC2
330 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Remote Rename Conflict")
331
332 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
333
334 # Check that DC2 got the DC1 object, and SELF.OU1 was made into conflict
335 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
336 scope=SCOPE_BASE, attrs=["name"])
337 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
338 scope=SCOPE_BASE, attrs=["name"])
339 print(res1[0]["name"][0])
340 print(res2[0]["name"][0])
341 self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
342 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
343 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
344 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
345 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
346
347 # Delete both objects by GUID on DC1
348 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
349 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
350
351 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
352
353 self._check_deleted(self.ldb_dc1, self.ou1)
354 self._check_deleted(self.ldb_dc1, self.ou2)
355 # Check deleted on DC2
356 self._check_deleted(self.ldb_dc2, self.ou1)
357 self._check_deleted(self.ldb_dc2, self.ou2)
358
359 def test_ReplConflictsRenamedVsNewLocalWin(self):
360 """Tests resolving a DN conflict between a renamed object and a new object"""
361 self._disable_inbound_repl(self.dnsname_dc1)
362 self._disable_inbound_repl(self.dnsname_dc2)
363
364 # Create conflicting objects on DC1 and DC2, where the DC2 object has been renamed
365 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Rename Local Conflict orig")
366 self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Rename Local Conflict,%s" % self.top_ou)
367 # We have to sleep to ensure that the two objects have different timestamps
368 time.sleep(1)
369 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Rename Local Conflict")
370
371 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
372
373 # Check that DC2 got the DC1 object, and OU2 was made into conflict
374 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
375 scope=SCOPE_BASE, attrs=["name"])
376 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
377 scope=SCOPE_BASE, attrs=["name"])
378 print(res1[0]["name"][0])
379 print(res2[0]["name"][0])
380 self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
381 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
382 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
383 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
384 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
385
386 # Delete both objects by GUID on DC1
387 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
388 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
389
390 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
391
392 self._check_deleted(self.ldb_dc1, self.ou1)
393 self._check_deleted(self.ldb_dc1, self.ou2)
394 # Check deleted on DC2
395 self._check_deleted(self.ldb_dc2, self.ou1)
396 self._check_deleted(self.ldb_dc2, self.ou2)
397
398 def test_ReplConflictsRenameRemoteWin(self):
399 """Tests that objects created in conflict become conflict DNs"""
400 self._disable_inbound_repl(self.dnsname_dc1)
401 self._disable_inbound_repl(self.dnsname_dc2)
402
403 # Create conflicting objects on DC1 and DC2, with DC1 object created first
404 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Remote Rename Conflict")
405 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Remote Rename Conflict 2")
406
407 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
408
409 self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Remote Rename Conflict 3,%s" % self.top_ou)
410 # We have to sleep to ensure that the two objects have different timestamps
411 time.sleep(1)
412 self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Remote Rename Conflict 3,%s" % self.top_ou)
413
414 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
415
416 # Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
417 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
418 scope=SCOPE_BASE, attrs=["name"])
419 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
420 scope=SCOPE_BASE, attrs=["name"])
421 print(res1[0]["name"][0])
422 print(res2[0]["name"][0])
423 self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
424 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
425 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
426 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
427 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
428
429 # Delete both objects by GUID on DC1
430
431 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
432 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
433
434 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
435
436 self._check_deleted(self.ldb_dc1, self.ou1)
437 self._check_deleted(self.ldb_dc1, self.ou2)
438 # Check deleted on DC2
439 self._check_deleted(self.ldb_dc2, self.ou1)
440 self._check_deleted(self.ldb_dc2, self.ou2)
441
442 def test_ReplConflictsRenameRemoteWin_with_child(self):
443 """Tests that objects created in conflict become conflict DNs"""
444 self._disable_inbound_repl(self.dnsname_dc1)
445 self._disable_inbound_repl(self.dnsname_dc2)
446
447 # Create conflicting objects on DC1 and DC2, with DC1 object created first
448 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Parent Remote Rename Conflict")
449 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Parent Remote Rename Conflict 2")
450 # Create children on DC2
451 ou1_child = self._create_ou(self.ldb_dc1, "OU=Test Child,OU=Test Parent Remote Rename Conflict")
452 ou2_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Test Parent Remote Rename Conflict 2")
453
454 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
455
456 self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Parent Remote Rename Conflict 3,%s" % self.top_ou)
457 # We have to sleep to ensure that the two objects have different timestamps
458 time.sleep(1)
459 self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Parent Remote Rename Conflict 3,%s" % self.top_ou)
460
461 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
462
463 # Check that DC2 got the DC1 object, and SELF.OU1 was make into conflict
464 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
465 scope=SCOPE_BASE, attrs=["name"])
466 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
467 scope=SCOPE_BASE, attrs=["name"])
468 print(res1[0]["name"][0])
469 print(res2[0]["name"][0])
470 self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
471 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
472 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
473 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
474 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
475
476 # Delete both objects by GUID on DC1
477
478 self.ldb_dc1.delete('<GUID=%s>' % self.ou1, ["tree_delete:1"])
479 self.ldb_dc1.delete('<GUID=%s>' % self.ou2, ["tree_delete:1"])
480
481 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
482
483 self._check_deleted(self.ldb_dc1, self.ou1)
484 self._check_deleted(self.ldb_dc1, self.ou2)
485 # Check deleted on DC2
486 self._check_deleted(self.ldb_dc2, self.ou1)
487 self._check_deleted(self.ldb_dc2, self.ou2)
488
489 self._check_deleted(self.ldb_dc1, ou1_child)
490 self._check_deleted(self.ldb_dc1, ou2_child)
491 # Check deleted on DC2
492 self._check_deleted(self.ldb_dc2, ou1_child)
493 self._check_deleted(self.ldb_dc2, ou2_child)
494
495 def test_ReplConflictsRenameLocalWin(self):
496 """Tests that objects created in conflict become conflict DNs"""
497 self._disable_inbound_repl(self.dnsname_dc1)
498 self._disable_inbound_repl(self.dnsname_dc2)
499
500 # Create conflicting objects on DC1 and DC2, with DC1 object created first
501 self.ou1 = self._create_ou(self.ldb_dc1, "OU=Test Rename Local Conflict")
502 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Test Rename Local Conflict 2")
503
504 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
505
506 self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Test Rename Local Conflict 3,%s" % self.top_ou)
507 # We have to sleep to ensure that the two objects have different timestamps
508 time.sleep(1)
509 self.ldb_dc1.rename("<GUID=%s>" % self.ou1, "OU=Test Rename Local Conflict 3,%s" % self.top_ou)
510
511 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
512
513 # Check that DC2 got the DC1 object, and OU2 was make into conflict
514 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
515 scope=SCOPE_BASE, attrs=["name"])
516 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
517 scope=SCOPE_BASE, attrs=["name"])
518 print(res1[0]["name"][0])
519 print(res2[0]["name"][0])
520 self.assertTrue('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
521 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res1[0].dn))
522 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) not in str(res2[0].dn))
523 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
524 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
525
526 # Delete both objects by GUID on DC1
527
528 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
529 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
530
531 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
532
533 self._check_deleted(self.ldb_dc1, self.ou1)
534 self._check_deleted(self.ldb_dc1, self.ou2)
535 # Check deleted on DC2
536 self._check_deleted(self.ldb_dc2, self.ou1)
537 self._check_deleted(self.ldb_dc2, self.ou2)
538
539 def test_ReplLostAndFound(self):
540 """Tests that objects created under a OU deleted eleswhere end up in lostAndFound"""
541 self._disable_inbound_repl(self.dnsname_dc1)
542 self._disable_inbound_repl(self.dnsname_dc2)
543
544 # Create two OUs on DC2
545 self.ou1 = self._create_ou(self.ldb_dc2, "OU=Deleted parent")
546 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Deleted parent 2")
547
548 # replicate them from DC2 to DC1
549 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
550
551 # Delete both objects by GUID on DC1
552
553 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
554 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
555
556 # Create children on DC2
557 ou1_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Deleted parent")
558 ou2_child = self._create_ou(self.ldb_dc2, "OU=Test Child,OU=Deleted parent 2")
559
560 # Replicate from DC2
561 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
562
563 # Check the sub-OUs are now in lostAndFound and the first one is a conflict DN
564
565 # Check that DC2 got the DC1 object, and one or other object was make into conflict
566 res1 = self.ldb_dc1.search(base="<GUID=%s>" % ou1_child,
567 scope=SCOPE_BASE, attrs=["name"])
568 res2 = self.ldb_dc1.search(base="<GUID=%s>" % ou2_child,
569 scope=SCOPE_BASE, attrs=["name"])
570 print(res1[0]["name"][0])
571 print(res2[0]["name"][0])
572 self.assertTrue('CNF:%s' % ou1_child in str(res1[0]["name"][0]) or 'CNF:%s' % ou2_child in str(res2[0]["name"][0]))
573 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) in str(res1[0].dn))
574 self.assertTrue(self._lost_and_found_dn(self.ldb_dc1, self.domain_dn) in str(res2[0].dn))
575 self.assertEqual(str(res1[0]["name"][0]), res1[0].dn.get_rdn_value())
576 self.assertEqual(str(res2[0]["name"][0]), res2[0].dn.get_rdn_value())
577
578 # Delete all objects by GUID on DC1
579
580 self.ldb_dc1.delete('<GUID=%s>' % ou1_child)
581 self.ldb_dc1.delete('<GUID=%s>' % ou2_child)
582
583 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
584
585 # Check all deleted on DC1
586 self._check_deleted(self.ldb_dc1, self.ou1)
587 self._check_deleted(self.ldb_dc1, self.ou2)
588 self._check_deleted(self.ldb_dc1, ou1_child)
589 self._check_deleted(self.ldb_dc1, ou2_child)
590 # Check all deleted on DC2
591 self._check_deleted(self.ldb_dc2, self.ou1)
592 self._check_deleted(self.ldb_dc2, self.ou2)
593 self._check_deleted(self.ldb_dc2, ou1_child)
594 self._check_deleted(self.ldb_dc2, ou2_child)
595
596 def test_ReplRenames(self):
597 """Tests that objects created under a OU deleted eleswhere end up in lostAndFound"""
598 self._disable_inbound_repl(self.dnsname_dc1)
599 self._disable_inbound_repl(self.dnsname_dc2)
600
601 # Create two OUs on DC2
602 self.ou1 = self._create_ou(self.ldb_dc2, "OU=Original parent")
603 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Original parent 2")
604
605 # replicate them from DC2 to DC1
606 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
607
608 # Create children on DC1
609 ou1_child = self._create_ou(self.ldb_dc1, "OU=Test Child,OU=Original parent")
610 ou2_child = self._create_ou(self.ldb_dc1, "OU=Test Child 2,OU=Original parent")
611 ou3_child = self._create_ou(self.ldb_dc1, "OU=Test Case Child,OU=Original parent")
612
613 # replicate them from DC1 to DC2
614 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
615
616 self.ldb_dc1.rename("<GUID=%s>" % ou2_child, "OU=Test Child 3,OU=Original parent 2,%s" % self.top_ou)
617 self.ldb_dc1.rename("<GUID=%s>" % ou1_child, "OU=Test Child 2,OU=Original parent 2,%s" % self.top_ou)
618 self.ldb_dc1.rename("<GUID=%s>" % ou2_child, "OU=Test Child,OU=Original parent 2,%s" % self.top_ou)
619 self.ldb_dc1.rename("<GUID=%s>" % ou3_child, "OU=Test CASE Child,OU=Original parent,%s" % self.top_ou)
620 self.ldb_dc2.rename("<GUID=%s>" % self.ou2, "OU=Original parent 3,%s" % self.top_ou)
621 self.ldb_dc2.rename("<GUID=%s>" % self.ou1, "OU=Original parent 2,%s" % self.top_ou)
622
623 # replicate them from DC1 to DC2
624 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
625
626 # Check the sub-OUs are now under Original Parent 3 (original
627 # parent 2 for Test CASE Child), and both have the right names
628
629 # Check that DC2 got the DC1 object, and the renames are all correct
630 res1 = self.ldb_dc2.search(base="<GUID=%s>" % ou1_child,
631 scope=SCOPE_BASE, attrs=["name"])
632 res2 = self.ldb_dc2.search(base="<GUID=%s>" % ou2_child,
633 scope=SCOPE_BASE, attrs=["name"])
634 res3 = self.ldb_dc2.search(base="<GUID=%s>" % ou3_child,
635 scope=SCOPE_BASE, attrs=["name"])
636 print(res1[0].dn)
637 print(res2[0].dn)
638 print(res3[0].dn)
639 self.assertEqual('Test Child 2', str(res1[0]["name"][0]))
640 self.assertEqual('Test Child', str(res2[0]["name"][0]))
641 self.assertEqual('Test CASE Child', str(res3[0]["name"][0]))
642 self.assertEqual(str(res1[0].dn), "OU=Test Child 2,OU=Original parent 3,%s" % self.top_ou)
643 self.assertEqual(str(res2[0].dn), "OU=Test Child,OU=Original parent 3,%s" % self.top_ou)
644 self.assertEqual(str(res3[0].dn), "OU=Test CASE Child,OU=Original parent 2,%s" % self.top_ou)
645
646 # replicate them from DC2 to DC1
647 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
648
649 # Check that DC1 got the DC2 object, and the renames are all correct
650 res1 = self.ldb_dc1.search(base="<GUID=%s>" % ou1_child,
651 scope=SCOPE_BASE, attrs=["name"])
652 res2 = self.ldb_dc1.search(base="<GUID=%s>" % ou2_child,
653 scope=SCOPE_BASE, attrs=["name"])
654 res3 = self.ldb_dc1.search(base="<GUID=%s>" % ou3_child,
655 scope=SCOPE_BASE, attrs=["name"])
656 print(res1[0].dn)
657 print(res2[0].dn)
658 print(res3[0].dn)
659 self.assertEqual('Test Child 2', str(res1[0]["name"][0]))
660 self.assertEqual('Test Child', str(res2[0]["name"][0]))
661 self.assertEqual('Test CASE Child', str(res3[0]["name"][0]))
662 self.assertEqual(str(res1[0].dn), "OU=Test Child 2,OU=Original parent 3,%s" % self.top_ou)
663 self.assertEqual(str(res2[0].dn), "OU=Test Child,OU=Original parent 3,%s" % self.top_ou)
664 self.assertEqual(str(res3[0].dn), "OU=Test CASE Child,OU=Original parent 2,%s" % self.top_ou)
665
666 # Delete all objects by GUID on DC1
667
668 self.ldb_dc1.delete('<GUID=%s>' % ou1_child)
669 self.ldb_dc1.delete('<GUID=%s>' % ou2_child)
670 self.ldb_dc1.delete('<GUID=%s>' % ou3_child)
671 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
672 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
673
674 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
675
676 # Check all deleted on DC1
677 self._check_deleted(self.ldb_dc1, self.ou1)
678 self._check_deleted(self.ldb_dc1, self.ou2)
679 self._check_deleted(self.ldb_dc1, ou1_child)
680 self._check_deleted(self.ldb_dc1, ou2_child)
681 self._check_deleted(self.ldb_dc1, ou3_child)
682 # Check all deleted on DC2
683 self._check_deleted(self.ldb_dc2, self.ou1)
684 self._check_deleted(self.ldb_dc2, self.ou2)
685 self._check_deleted(self.ldb_dc2, ou1_child)
686 self._check_deleted(self.ldb_dc2, ou2_child)
687 self._check_deleted(self.ldb_dc2, ou3_child)
688
689 def reanimate_object(self, samdb, guid, new_dn):
690 """Re-animates a deleted object"""
691 res = samdb.search(base="<GUID=%s>" % guid, attrs=["isDeleted"],
692 controls=['show_deleted:1'], scope=SCOPE_BASE)
693 if len(res) != 1:
694 return
695
696 msg = ldb.Message()
697 msg.dn = res[0].dn
698 msg["isDeleted"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE, "isDeleted")
699 msg["distinguishedName"] = ldb.MessageElement([new_dn], ldb.FLAG_MOD_REPLACE, "distinguishedName")
700 samdb.modify(msg, ["show_deleted:1"])
701
702 def test_ReplReanimationConflict(self):
703 """
704 Checks that if a reanimated object conflicts with a new object, then
705 the conflict is resolved correctly.
706 """
707
708 self._disable_inbound_repl(self.dnsname_dc1)
709 self._disable_inbound_repl(self.dnsname_dc2)
710
711 # create an object, "accidentally" delete it, and replicate the changes to both DCs
712 self.ou1 = self._create_ou(self.ldb_dc2, "OU=Conflict object")
713 self.ldb_dc2.delete('<GUID=%s>' % self.ou1)
714 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
715
716 # Now pretend that the admin for one DC resolves the problem by
717 # re-animating the object...
718 self.reanimate_object(self.ldb_dc1, self.ou1, "OU=Conflict object,%s" % self.top_ou)
719
720 # ...whereas another admin just creates a user with the same name
721 # again on a different DC
722 time.sleep(1)
723 self.ou2 = self._create_ou(self.ldb_dc2, "OU=Conflict object")
724
725 # Now sync the DCs to resolve the conflict
726 self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True, full_sync=False)
727
728 # Check the latest change won and SELF.OU1 was made into a conflict
729 res1 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou1,
730 scope=SCOPE_BASE, attrs=["name"])
731 res2 = self.ldb_dc1.search(base="<GUID=%s>" % self.ou2,
732 scope=SCOPE_BASE, attrs=["name"])
733 print(res1[0]["name"][0])
734 print(res2[0]["name"][0])
735 self.assertTrue('CNF:%s' % self.ou1 in str(res1[0]["name"][0]))
736 self.assertFalse('CNF:%s' % self.ou2 in str(res2[0]["name"][0]))
737
738 # Delete both objects by GUID on DC1
739 self.ldb_dc1.delete('<GUID=%s>' % self.ou1)
740 self.ldb_dc1.delete('<GUID=%s>' % self.ou2)
741
742 self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True, full_sync=False)
743
744 self._check_deleted(self.ldb_dc1, self.ou1)
745 self._check_deleted(self.ldb_dc1, self.ou2)
746 # Check deleted on DC2
747 self._check_deleted(self.ldb_dc2, self.ou1)
748 self._check_deleted(self.ldb_dc2, self.ou2)
Samba GIT mirror