search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb:common: Use C99 initializer for 'struct ifreq'
[Samba.git] / lib / ldb-samba / tests / match_rules.py
blob0ad375653f694c607e91beeefc9662a9ff0c37ae
1 #!/usr/bin/env python3
2
3 import optparse
4 import sys
5 import os
6 import samba
7 import samba.getopt as options
8
9 from samba.tests.subunitrun import SubunitOptions, TestProgram
10
11 from samba.samdb import SamDB
12 from samba.auth import system_session
13 from ldb import Message, MessageElement, Dn, LdbError
14 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
15 from ldb import SCOPE_BASE, SCOPE_SUBTREE, SCOPE_ONELEVEL
16
17 # TODO I'm ignoring case in these tests for now.
18 # This should be fixed to work inline with Windows.
19 # The literal strings are in the case Windows uses.
20 # Windows appear to preserve casing of the RDN and uppercase the other keys.
21
22
23 class MatchRulesTests(samba.tests.TestCase):
24 def setUp(self):
25 super(MatchRulesTests, self).setUp()
26 self.lp = lp
27 self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
28 self.base_dn = self.ldb.domain_dn()
29 self.ou = "OU=matchrulestest,%s" % self.base_dn
30 self.ou_users = "OU=users,%s" % self.ou
31 self.ou_groups = "OU=groups,%s" % self.ou
32 self.ou_computers = "OU=computers,%s" % self.ou
33
34 # Add a organizational unit to create objects
35 self.ldb.add({
36 "dn": self.ou,
37 "objectclass": "organizationalUnit"})
38
39 # Add the following OU hierarchy and set otherWellKnownObjects,
40 # which has BinaryDN syntax:
41 #
42 # o1
43 # |--> o2
44 # | |--> o3
45 # | | |-->o4
46
47 self.ldb.add({
48 "dn": "OU=o1,%s" % self.ou,
49 "objectclass": "organizationalUnit"})
50 self.ldb.add({
51 "dn": "OU=o2,OU=o1,%s" % self.ou,
52 "objectclass": "organizationalUnit"})
53 self.ldb.add({
54 "dn": "OU=o3,OU=o2,OU=o1,%s" % self.ou,
55 "objectclass": "organizationalUnit"})
56 self.ldb.add({
57 "dn": "OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou,
58 "objectclass": "organizationalUnit"})
59
60 m = Message()
61 m.dn = Dn(self.ldb, self.ou)
62 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000001:OU=o1,%s" % self.ou,
63 FLAG_MOD_ADD, "otherWellKnownObjects")
64 self.ldb.modify(m)
65
66 m = Message()
67 m.dn = Dn(self.ldb, "OU=o1,%s" % self.ou)
68 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000002:OU=o2,OU=o1,%s" % self.ou,
69 FLAG_MOD_ADD, "otherWellKnownObjects")
70 self.ldb.modify(m)
71
72 m = Message()
73 m.dn = Dn(self.ldb, "OU=o2,OU=o1,%s" % self.ou)
74 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000003:OU=o3,OU=o2,OU=o1,%s" % self.ou,
75 FLAG_MOD_ADD, "otherWellKnownObjects")
76 self.ldb.modify(m)
77
78 m = Message()
79 m.dn = Dn(self.ldb, "OU=o3,OU=o2,OU=o1,%s" % self.ou)
80 m["otherWellKnownObjects"] = MessageElement("B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou,
81 FLAG_MOD_ADD, "otherWellKnownObjects")
82 self.ldb.modify(m)
83
84 # Create OU for users and groups
85 self.ldb.add({
86 "dn": self.ou_users,
87 "objectclass": "organizationalUnit"})
88 self.ldb.add({
89 "dn": self.ou_groups,
90 "objectclass": "organizationalUnit"})
91 self.ldb.add({
92 "dn": self.ou_computers,
93 "objectclass": "organizationalUnit"})
94
95 # Add four groups
96 self.ldb.add({
97 "dn": "cn=g1,%s" % self.ou_groups,
98 "objectclass": "group"})
99 self.ldb.add({
100 "dn": "cn=g2,%s" % self.ou_groups,
101 "objectclass": "group"})
102 self.ldb.add({
103 "dn": "cn=g4,%s" % self.ou_groups,
104 "objectclass": "group"})
105 self.ldb.add({
106 "dn": "cn=g3,%s" % self.ou_groups,
107 "objectclass": "group"})
108
109 # Add four users
110 self.ldb.add({
111 "dn": "cn=u1,%s" % self.ou_users,
112 "objectclass": "user"})
113 self.ldb.add({
114 "dn": "cn=u2,%s" % self.ou_users,
115 "objectclass": "user"})
116 self.ldb.add({
117 "dn": "cn=u3,%s" % self.ou_users,
118 "objectclass": "user"})
119 self.ldb.add({
120 "dn": "cn=u4,%s" % self.ou_users,
121 "objectclass": "user"})
122
123 # Add computers to test Object(DN-Binary) syntax
124 self.ldb.add({
125 "dn": "cn=c1,%s" % self.ou_computers,
126 "objectclass": "computer",
127 "dNSHostName": "c1.%s" % self.lp.get("realm").lower(),
128 "servicePrincipalName": ["HOST/c1"],
129 "sAMAccountName": "c1$",
130 "userAccountControl": "83890178"})
131
132 self.ldb.add({
133 "dn": "cn=c2,%s" % self.ou_computers,
134 "objectclass": "computer",
135 "dNSHostName": "c2.%s" % self.lp.get("realm").lower(),
136 "servicePrincipalName": ["HOST/c2"],
137 "sAMAccountName": "c2$",
138 "userAccountControl": "83890178"})
139
140 self.ldb.add({
141 "dn": "cn=c3,%s" % self.ou_computers,
142 "objectclass": "computer",
143 "dNSHostName": "c3.%s" % self.lp.get("realm").lower(),
144 "servicePrincipalName": ["HOST/c3"],
145 "sAMAccountName": "c3$",
146 "userAccountControl": "83890178"})
147
148 # Create the following hierarchy:
149 # g4
150 # |--> u4
151 # |--> g3
152 # | |--> u3
153 # | |--> g2
154 # | | |--> u2
155 # | | |--> g1
156 # | | | |--> u1
157
158 # u1 member of g1
159 m = Message()
160 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
161 m["member"] = MessageElement("CN=u1,%s" % self.ou_users,
162 FLAG_MOD_ADD, "member")
163 self.ldb.modify(m)
164
165 # u2 member of g2
166 m = Message()
167 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
168 m["member"] = MessageElement("cn=u2,%s" % self.ou_users,
169 FLAG_MOD_ADD, "member")
170 self.ldb.modify(m)
171
172 # u3 member of g3
173 m = Message()
174 m.dn = Dn(self.ldb, "cn=g3,%s" % self.ou_groups)
175 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
176 FLAG_MOD_ADD, "member")
177 self.ldb.modify(m)
178
179 # u4 member of g4
180 m = Message()
181 m.dn = Dn(self.ldb, "cn=g4,%s" % self.ou_groups)
182 m["member"] = MessageElement("cn=u4,%s" % self.ou_users,
183 FLAG_MOD_ADD, "member")
184 self.ldb.modify(m)
185
186 # g3 member of g4
187 m = Message()
188 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
189 m["member"] = MessageElement("cn=g3,%s" % self.ou_groups,
190 FLAG_MOD_ADD, "member")
191 self.ldb.modify(m)
192
193 # g2 member of g3
194 m = Message()
195 m.dn = Dn(self.ldb, "cn=g3,%s" % self.ou_groups)
196 m["member"] = MessageElement("CN=g2,%s" % self.ou_groups,
197 FLAG_MOD_ADD, "member")
198 self.ldb.modify(m)
199
200 # g1 member of g2
201 m = Message()
202 m.dn = Dn(self.ldb, "cn=g2,%s" % self.ou_groups)
203 m["member"] = MessageElement("cn=g1,%s" % self.ou_groups,
204 FLAG_MOD_ADD, "member")
205 self.ldb.modify(m)
206
207 # The msDS-RevealedUsers is owned by system and cannot be modified
208 # directly. Set the schemaUpgradeInProgress flag as workaround
209 # and create this hierarchy:
210 # ou=computers
211 # |-> c1
212 # | |->c2
213 # | | |->u1
214
215 #
216 # While appropriate for this test, this is NOT a good practice
217 # in general. This is only done here because the alternative
218 # is to make a schema modification.
219 #
220 # IF/WHEN Samba protects this attribute better, this
221 # particular part of the test can be removed, as the same code
222 # is covered by the addressBookRoots2 case well enough.
223 #
224 m = Message()
225 m.dn = Dn(self.ldb, "")
226 m["e1"] = MessageElement("1", FLAG_MOD_REPLACE, "schemaUpgradeInProgress")
227 self.ldb.modify(m)
228
229 m = Message()
230 m.dn = Dn(self.ldb, "cn=c2,%s" % self.ou_computers)
231 m["e1"] = MessageElement("B:8:01010101:cn=c3,%s" % self.ou_computers,
232 FLAG_MOD_ADD, "msDS-RevealedUsers")
233 self.ldb.modify(m)
234
235 m = Message()
236 m.dn = Dn(self.ldb, "cn=c1,%s" % self.ou_computers)
237 m["e1"] = MessageElement("B:8:01010101:cn=c2,%s" % self.ou_computers,
238 FLAG_MOD_ADD, "msDS-RevealedUsers")
239 self.ldb.modify(m)
240
241 m = Message()
242 m.dn = Dn(self.ldb, "")
243 m["e1"] = MessageElement("0", FLAG_MOD_REPLACE, "schemaUpgradeInProgress")
244 self.ldb.modify(m)
245
246 # Add a couple of ms-Exch-Configuration-Container to test forward-link
247 # attributes without backward link (addressBookRoots2)
248 # e1
249 # |--> e2
250 # | |--> c1
251 self.ldb.add({
252 "dn": "cn=e1,%s" % self.ou,
253 "objectclass": "msExchConfigurationContainer"})
254 self.ldb.add({
255 "dn": "cn=e2,%s" % self.ou,
256 "objectclass": "msExchConfigurationContainer"})
257
258 m = Message()
259 m.dn = Dn(self.ldb, "cn=e2,%s" % self.ou)
260 m["e1"] = MessageElement("cn=c1,%s" % self.ou_computers,
261 FLAG_MOD_ADD, "addressBookRoots2")
262 self.ldb.modify(m)
263
264 m = Message()
265 m.dn = Dn(self.ldb, "cn=e1,%s" % self.ou)
266 m["e1"] = MessageElement("cn=e2,%s" % self.ou,
267 FLAG_MOD_ADD, "addressBookRoots2")
268 self.ldb.modify(m)
269
270 def tearDown(self):
271 super(MatchRulesTests, self).tearDown()
272 self.ldb.delete(self.ou, controls=['tree_delete:0'])
273
274 def test_u1_member_of_g4(self):
275 # Search without transitive match must return 0 results
276 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
277 scope=SCOPE_BASE,
278 expression="member=cn=u1,%s" % self.ou_users)
279 self.assertEqual(len(res1), 0)
280
281 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
282 scope=SCOPE_BASE,
283 expression="memberOf=cn=g4,%s" % self.ou_groups)
284 self.assertEqual(len(res1), 0)
285
286 # Search with transitive match must return 1 results
287 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
288 scope=SCOPE_BASE,
289 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
290 self.assertEqual(len(res1), 1)
291 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
292
293 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
294 scope=SCOPE_BASE,
295 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
296 self.assertEqual(len(res1), 1)
297 self.assertEqual(str(res1[0].dn).lower(), ("CN=u1,%s" % self.ou_users).lower())
298
299 def test_g1_member_of_g4(self):
300 # Search without transitive match must return 0 results
301 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
302 scope=SCOPE_BASE,
303 expression="member=cn=g1,%s" % self.ou_groups)
304 self.assertEqual(len(res1), 0)
305
306 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
307 scope=SCOPE_BASE,
308 expression="memberOf=cn=g4,%s" % self.ou_groups)
309 self.assertEqual(len(res1), 0)
310
311 # Search with transitive match must return 1 results
312 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
313 scope=SCOPE_BASE,
314 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
315 self.assertEqual(len(res1), 1)
316 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
317
318 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
319 scope=SCOPE_BASE,
320 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
321 self.assertEqual(len(res1), 1)
322 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
323
324 def test_u1_groups(self):
325 res1 = self.ldb.search(self.ou_groups,
326 scope=SCOPE_SUBTREE,
327 expression="member=cn=u1,%s" % self.ou_users)
328 self.assertEqual(len(res1), 1)
329 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
330
331 res1 = self.ldb.search(self.ou_users,
332 scope=SCOPE_SUBTREE,
333 expression="member=cn=u1,%s" % self.ou_users)
334 self.assertEqual(len(res1), 0)
335
336 res1 = self.ldb.search(self.ou_groups,
337 scope=SCOPE_SUBTREE,
338 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
339 self.assertEqual(len(res1), 4)
340 dn_list = [str(res.dn).lower() for res in res1]
341 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
342 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
343 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
344 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
345
346 res1 = self.ldb.search(self.ou_users,
347 scope=SCOPE_SUBTREE,
348 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
349 self.assertEqual(len(res1), 0)
350
351 def test_u2_groups(self):
352 res1 = self.ldb.search(self.ou_groups,
353 scope=SCOPE_SUBTREE,
354 expression="member=cn=u2,%s" % self.ou_users)
355 self.assertEqual(len(res1), 1)
356 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
357
358 res1 = self.ldb.search(self.ou_users,
359 scope=SCOPE_SUBTREE,
360 expression="member=cn=u2,%s" % self.ou_users)
361 self.assertEqual(len(res1), 0)
362
363 res1 = self.ldb.search(self.ou_groups,
364 scope=SCOPE_SUBTREE,
365 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
366 self.assertEqual(len(res1), 3)
367 dn_list = [str(res.dn).lower() for res in res1]
368 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
369 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
370 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
371
372 res1 = self.ldb.search(self.ou_users,
373 scope=SCOPE_SUBTREE,
374 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
375 self.assertEqual(len(res1), 0)
376
377 def test_u3_groups(self):
378 res1 = self.ldb.search(self.ou_groups,
379 scope=SCOPE_SUBTREE,
380 expression="member=cn=u3,%s" % self.ou_users)
381 self.assertEqual(len(res1), 1)
382 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
383
384 res1 = self.ldb.search(self.ou_users,
385 scope=SCOPE_SUBTREE,
386 expression="member=cn=u3,%s" % self.ou_users)
387 self.assertEqual(len(res1), 0)
388
389 res1 = self.ldb.search(self.ou_groups,
390 scope=SCOPE_SUBTREE,
391 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
392 self.assertEqual(len(res1), 2)
393 dn_list = [str(res.dn).lower() for res in res1]
394 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
395 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
396
397 res1 = self.ldb.search(self.ou_users,
398 scope=SCOPE_SUBTREE,
399 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
400 self.assertEqual(len(res1), 0)
401
402 def test_u4_groups(self):
403 res1 = self.ldb.search(self.ou_groups,
404 scope=SCOPE_SUBTREE,
405 expression="member=cn=u4,%s" % self.ou_users)
406 self.assertEqual(len(res1), 1)
407 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
408
409 res1 = self.ldb.search(self.ou_users,
410 scope=SCOPE_SUBTREE,
411 expression="member=cn=u4,%s" % self.ou_users)
412 self.assertEqual(len(res1), 0)
413
414 res1 = self.ldb.search(self.ou_groups,
415 scope=SCOPE_SUBTREE,
416 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
417 self.assertEqual(len(res1), 1)
418 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
419
420 res1 = self.ldb.search(self.ou_users,
421 scope=SCOPE_SUBTREE,
422 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
423 self.assertEqual(len(res1), 0)
424
425 def test_extended_dn_u1(self):
426 res1 = self.ldb.search("cn=u1,%s" % self.ou_users,
427 scope=SCOPE_BASE,
428 expression="objectClass=*",
429 attrs=['objectSid', 'objectGUID'])
430 self.assertEqual(len(res1), 1)
431 self.assertEqual(str(res1[0].dn).lower(), ("cn=u1,%s" % self.ou_users).lower())
432
433 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0]).decode('utf8')
434 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0]).decode('utf8')
435
436 res1 = self.ldb.search(self.ou_groups,
437 scope=SCOPE_SUBTREE,
438 expression="member=<SID=%s>" % sid)
439 self.assertEqual(len(res1), 1)
440 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
441
442 res1 = self.ldb.search(self.ou_groups,
443 scope=SCOPE_SUBTREE,
444 expression="member=<GUID=%s>" % guid)
445 self.assertEqual(len(res1), 1)
446 self.assertEqual(str(res1[0].dn).lower(), ("CN=g1,%s" % self.ou_groups).lower())
447
448 res1 = self.ldb.search(self.ou_groups,
449 scope=SCOPE_SUBTREE,
450 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
451 self.assertEqual(len(res1), 4)
452 dn_list = [str(res.dn).lower() for res in res1]
453 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
454 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
455 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
456 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
457
458 res1 = self.ldb.search(self.ou_groups,
459 scope=SCOPE_ONELEVEL,
460 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
461 self.assertEqual(len(res1), 4)
462 dn_list = [str(res.dn).lower() for res in res1]
463 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
464 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
465 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
466 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
467
468 res1 = self.ldb.search(self.ou_groups,
469 scope=SCOPE_SUBTREE,
470 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
471 self.assertEqual(len(res1), 4)
472 dn_list = [str(res.dn).lower() for res in res1]
473 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
474 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
475 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
476 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
477
478 res1 = self.ldb.search(self.ou_groups,
479 scope=SCOPE_ONELEVEL,
480 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
481 self.assertEqual(len(res1), 4)
482 dn_list = [str(res.dn).lower() for res in res1]
483 self.assertTrue(("CN=g1,%s" % self.ou_groups).lower() in dn_list)
484 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
485 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
486 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
487
488 def test_extended_dn_u2(self):
489 res1 = self.ldb.search("cn=u2,%s" % self.ou_users,
490 scope=SCOPE_BASE,
491 expression="objectClass=*",
492 attrs=['objectSid', 'objectGUID'])
493 self.assertEqual(len(res1), 1)
494 self.assertEqual(str(res1[0].dn).lower(), ("cn=u2,%s" % self.ou_users).lower())
495
496 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0]).decode('utf8')
497 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0]).decode('utf8')
498
499 res1 = self.ldb.search(self.ou_groups,
500 scope=SCOPE_SUBTREE,
501 expression="member=<SID=%s>" % sid)
502 self.assertEqual(len(res1), 1)
503 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
504
505 res1 = self.ldb.search(self.ou_groups,
506 scope=SCOPE_SUBTREE,
507 expression="member=<GUID=%s>" % guid)
508 self.assertEqual(len(res1), 1)
509 self.assertEqual(str(res1[0].dn).lower(), ("CN=g2,%s" % self.ou_groups).lower())
510
511 res1 = self.ldb.search(self.ou_groups,
512 scope=SCOPE_SUBTREE,
513 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
514 self.assertEqual(len(res1), 3)
515 dn_list = [str(res.dn).lower() for res in res1]
516 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
517 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
518 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
519
520 res1 = self.ldb.search(self.ou_groups,
521 scope=SCOPE_ONELEVEL,
522 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
523 self.assertEqual(len(res1), 3)
524 dn_list = [str(res.dn).lower() for res in res1]
525 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
526 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
527 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
528
529 res1 = self.ldb.search(self.ou_groups,
530 scope=SCOPE_SUBTREE,
531 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
532 self.assertEqual(len(res1), 3)
533 dn_list = [str(res.dn).lower() for res in res1]
534 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
535 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
536 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
537
538 res1 = self.ldb.search(self.ou_groups,
539 scope=SCOPE_ONELEVEL,
540 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
541 self.assertEqual(len(res1), 3)
542 dn_list = [str(res.dn).lower() for res in res1]
543 self.assertTrue(("CN=g2,%s" % self.ou_groups).lower() in dn_list)
544 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
545 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
546
547 def test_extended_dn_u3(self):
548 res1 = self.ldb.search("cn=u3,%s" % self.ou_users,
549 scope=SCOPE_BASE,
550 expression="objectClass=*",
551 attrs=['objectSid', 'objectGUID'])
552 self.assertEqual(len(res1), 1)
553 self.assertEqual(str(res1[0].dn).lower(), ("cn=u3,%s" % self.ou_users).lower())
554
555 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0]).decode('utf8')
556 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0]).decode('utf8')
557
558 res1 = self.ldb.search(self.ou_groups,
559 scope=SCOPE_SUBTREE,
560 expression="member=<SID=%s>" % sid)
561 self.assertEqual(len(res1), 1)
562 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
563
564 res1 = self.ldb.search(self.ou_groups,
565 scope=SCOPE_SUBTREE,
566 expression="member=<GUID=%s>" % guid)
567 self.assertEqual(len(res1), 1)
568 self.assertEqual(str(res1[0].dn).lower(), ("CN=g3,%s" % self.ou_groups).lower())
569
570 res1 = self.ldb.search(self.ou_groups,
571 scope=SCOPE_SUBTREE,
572 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
573 self.assertEqual(len(res1), 2)
574 dn_list = [str(res.dn).lower() for res in res1]
575 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
576 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
577
578 res1 = self.ldb.search(self.ou_groups,
579 scope=SCOPE_ONELEVEL,
580 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
581 self.assertEqual(len(res1), 2)
582 dn_list = [str(res.dn).lower() for res in res1]
583 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
584 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
585
586 res1 = self.ldb.search(self.ou_groups,
587 scope=SCOPE_SUBTREE,
588 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
589 self.assertEqual(len(res1), 2)
590 dn_list = [str(res.dn).lower() for res in res1]
591 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
592 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
593
594 res1 = self.ldb.search(self.ou_groups,
595 scope=SCOPE_ONELEVEL,
596 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
597 self.assertEqual(len(res1), 2)
598 dn_list = [str(res.dn).lower() for res in res1]
599 self.assertTrue(("CN=g3,%s" % self.ou_groups).lower() in dn_list)
600 self.assertTrue(("CN=g4,%s" % self.ou_groups).lower() in dn_list)
601
602 def test_extended_dn_u4(self):
603 res1 = self.ldb.search("cn=u4,%s" % self.ou_users,
604 scope=SCOPE_BASE,
605 expression="objectClass=*",
606 attrs=['objectSid', 'objectGUID'])
607 self.assertEqual(len(res1), 1)
608 self.assertEqual(str(res1[0].dn).lower(), ("cn=u4,%s" % self.ou_users).lower())
609
610 sid = self.ldb.schema_format_value("objectSid", res1[0]["objectSid"][0]).decode('utf8')
611 guid = self.ldb.schema_format_value("objectGUID", res1[0]['objectGUID'][0]).decode('utf8')
612
613 res1 = self.ldb.search(self.ou_groups,
614 scope=SCOPE_SUBTREE,
615 expression="member=<SID=%s>" % sid)
616 self.assertEqual(len(res1), 1)
617 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
618
619 res1 = self.ldb.search(self.ou_groups,
620 scope=SCOPE_SUBTREE,
621 expression="member=<GUID=%s>" % guid)
622 self.assertEqual(len(res1), 1)
623 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
624
625 res1 = self.ldb.search(self.ou_groups,
626 scope=SCOPE_ONELEVEL,
627 expression="member=<GUID=%s>" % guid)
628 self.assertEqual(len(res1), 1)
629 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
630
631 res1 = self.ldb.search(self.ou_groups,
632 scope=SCOPE_SUBTREE,
633 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
634 self.assertEqual(len(res1), 1)
635 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
636
637 res1 = self.ldb.search(self.ou_groups,
638 scope=SCOPE_ONELEVEL,
639 expression="member:1.2.840.113556.1.4.1941:=<SID=%s>" % sid)
640 self.assertEqual(len(res1), 1)
641 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
642
643 res1 = self.ldb.search(self.ou_groups,
644 scope=SCOPE_SUBTREE,
645 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
646 self.assertEqual(len(res1), 1)
647 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
648
649 res1 = self.ldb.search(self.ou_groups,
650 scope=SCOPE_ONELEVEL,
651 expression="member:1.2.840.113556.1.4.1941:=<GUID=%s>" % guid)
652 self.assertEqual(len(res1), 1)
653 self.assertEqual(str(res1[0].dn).lower(), ("CN=g4,%s" % self.ou_groups).lower())
654
655 def test_object_dn_binary(self):
656 res1 = self.ldb.search(self.ou_computers,
657 scope=SCOPE_SUBTREE,
658 expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
659 self.assertEqual(len(res1), 1)
660 self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
661
662 res1 = self.ldb.search(self.ou_computers,
663 scope=SCOPE_ONELEVEL,
664 expression="msDS-RevealedUsers=B:8:01010101:cn=c3,%s" % self.ou_computers)
665 self.assertEqual(len(res1), 1)
666 self.assertEqual(str(res1[0].dn).lower(), ("CN=c2,%s" % self.ou_computers).lower())
667
668 res1 = self.ldb.search(self.ou_computers,
669 scope=SCOPE_SUBTREE,
670 expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
671 self.assertEqual(len(res1), 2)
672 dn_list = [str(res.dn).lower() for res in res1]
673 self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
674 self.assertTrue(("CN=c2,%s" % self.ou_computers).lower() in dn_list)
675
676 res1 = self.ldb.search(self.ou_computers,
677 scope=SCOPE_ONELEVEL,
678 expression="msDS-RevealedUsers:1.2.840.113556.1.4.1941:=B:8:01010101:cn=c3,%s" % self.ou_computers)
679 self.assertEqual(len(res1), 2)
680 dn_list = [str(res.dn).lower() for res in res1]
681 self.assertTrue(("CN=c1,%s" % self.ou_computers).lower() in dn_list)
682 self.assertTrue(("CN=c2,%s" % self.ou_computers).lower() in dn_list)
683
684 def test_one_way_links(self):
685 res1 = self.ldb.search(self.ou,
686 scope=SCOPE_SUBTREE,
687 expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
688 self.assertEqual(len(res1), 1)
689 self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
690
691 res1 = self.ldb.search(self.ou,
692 scope=SCOPE_ONELEVEL,
693 expression="addressBookRoots2=cn=c1,%s" % self.ou_computers)
694 self.assertEqual(len(res1), 1)
695 self.assertEqual(str(res1[0].dn).lower(), ("CN=e2,%s" % self.ou).lower())
696
697 res1 = self.ldb.search(self.ou,
698 scope=SCOPE_SUBTREE,
699 expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
700 self.assertEqual(len(res1), 2)
701 dn_list = [str(res.dn).lower() for res in res1]
702 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
703 self.assertTrue(("CN=e2,%s" % self.ou).lower() in dn_list)
704
705 res1 = self.ldb.search(self.ou,
706 scope=SCOPE_ONELEVEL,
707 expression="addressBookRoots2:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
708 self.assertEqual(len(res1), 2)
709 dn_list = [str(res.dn).lower() for res in res1]
710 self.assertTrue(("CN=e1,%s" % self.ou).lower() in dn_list)
711 self.assertTrue(("CN=e2,%s" % self.ou).lower() in dn_list)
712
713 def test_not_linked_attrs(self):
714 res1 = self.ldb.search(self.base_dn,
715 scope=SCOPE_BASE,
716 expression="wellKnownObjects=B:32:aa312825768811d1aded00c04fd8d5cd:CN=computers,%s" % self.base_dn)
717 self.assertEqual(len(res1), 1)
718 self.assertEqual(str(res1[0].dn).lower(), self.base_dn.lower())
719
720 def test_invalid_basedn(self):
721 res1 = self.ldb.search(self.base_dn,
722 scope=SCOPE_SUBTREE,
723 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c1,ou=computers,ou=matchrulestest,%sXX" % self.base_dn)
724 self.assertEqual(len(res1), 0)
725
726 res1 = self.ldb.search(self.base_dn,
727 scope=SCOPE_SUBTREE,
728 expression="memberOf:1.2.840.113556.1.4.1941:=cn=XX,ou=computers,ou=matchrulestest,%s" % self.base_dn)
729 self.assertEqual(len(res1), 0)
730
731 def test_subtree(self):
732 res1 = self.ldb.search(self.ou,
733 scope=SCOPE_SUBTREE,
734 expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
735 self.assertEqual(len(res1), 1)
736 self.assertEqual(str(res1[0].dn).lower(), ("OU=o3,OU=o2,OU=o1,%s" % self.ou).lower())
737
738 res1 = self.ldb.search(self.ou,
739 scope=SCOPE_ONELEVEL,
740 expression="otherWellKnownObjects=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
741 self.assertEqual(len(res1), 0)
742
743 res1 = self.ldb.search(self.ou,
744 scope=SCOPE_SUBTREE,
745 expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
746 self.assertEqual(len(res1), 0)
747
748 res1 = self.ldb.search(self.ou,
749 scope=SCOPE_ONELEVEL,
750 expression="otherWellKnownObjects:1.2.840.113556.1.4.1941:=B:32:00000000000000000000000000000004:OU=o4,OU=o3,OU=o2,OU=o1,%s" % self.ou)
751 self.assertEqual(len(res1), 0)
752
753 def test_unknown_oid(self):
754 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
755 scope=SCOPE_BASE,
756 expression="member:2.4.681.226012.2.8.3882:=cn=u1,%s" % self.ou_users)
757 self.assertEqual(len(res1), 0)
758
759 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
760 scope=SCOPE_BASE,
761 expression="member:8.16.8720.1008448.8.32.15528:=cn=u1,%s" % self.ou_users)
762 self.assertEqual(len(res1), 0)
763
764 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
765 scope=SCOPE_BASE,
766 expression="member:1.2.3.4:=cn=u1,%s" % self.ou_users)
767 self.assertEqual(len(res1), 0)
768
769 def test_nul_text(self):
770 self.assertRaises((ValueError,TypeError),
771 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
772 scope=SCOPE_BASE,
773 expression="\00member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
774 self.assertRaises((ValueError,TypeError),
775 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
776 scope=SCOPE_BASE,
777 expression="member:1.2.840\00.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
778 self.assertRaises((ValueError,TypeError),
779 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
780 scope=SCOPE_BASE,
781 expression="member:1.2.840.113556.1.4.1941:=cn=u1\00,%s" % self.ou_users))
782 self.assertRaises(LdbError,
783 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
784 scope=SCOPE_BASE,
785 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users))
786 self.assertRaises(LdbError,
787 lambda: self.ldb.search("cn=g4,%s" % self.ou_groups,
788 scope=SCOPE_BASE,
789 expression="member:1.2.840.113556.1.4.1941:"))
790 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
791 scope=SCOPE_BASE,
792 expression="member:1.2.840.113556.1.4.1941:=")
793 self.assertEqual(len(res1), 0)
794 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
795 scope=SCOPE_BASE,
796 expression="member=")
797 self.assertEqual(len(res1), 0)
798 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
799 scope=SCOPE_BASE,
800 expression="member:1.2.840.113556.1.4.1941:=nonexistent")
801 self.assertEqual(len(res1), 0)
802 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
803 scope=SCOPE_BASE,
804 expression="member=nonexistent")
805 self.assertEqual(len(res1), 0)
806 self.assertRaises(LdbError,
807 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
808 scope=SCOPE_BASE,
809 expression="member:1.2.840.113556.1.4.1941:cn=u1,%s" % self.ou_users))
810 self.assertRaises(LdbError,
811 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
812 scope=SCOPE_BASE,
813 expression="member:1.2.840.113556.1.4.1941:=cn=u1"))
814 self.assertRaises(LdbError,
815 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
816 scope=SCOPE_BASE,
817 expression="member:1.2.840.113556.1.4.1941:=cn="))
818 self.assertRaises(LdbError,
819 lambda: self.ldb.search("cn=\00g4,%s" % self.ou_groups,
820 scope=SCOPE_BASE,
821 expression="member::=cn=u1,%s" % self.ou_users))
822
823 def test_misc_matches(self):
824 res1 = self.ldb.search(self.ou_groups,
825 scope=SCOPE_BASE,
826 expression="member=cn=g1,%s" % self.ou_groups)
827 self.assertEqual(len(res1), 0)
828
829 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
830 scope=SCOPE_BASE,
831 expression="member=cn=g1,%s" % self.ou_groups)
832 self.assertEqual(len(res1), 0)
833
834 res1 = self.ldb.search(self.ou_groups,
835 scope=SCOPE_SUBTREE,
836 expression="member=cn=g1,%s" % self.ou_groups)
837 self.assertEqual(len(res1), 1)
838 self.assertEqual(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
839
840 res1 = self.ldb.search(self.ou_groups,
841 scope=SCOPE_ONELEVEL,
842 expression="member=cn=g1,%s" % self.ou_groups)
843 self.assertEqual(len(res1), 1)
844 self.assertEqual(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
845
846 res1 = self.ldb.search(self.ou_groups,
847 scope=SCOPE_BASE,
848 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
849 self.assertEqual(len(res1), 0)
850
851 res1 = self.ldb.search("cn=g1,%s" % self.ou_groups,
852 scope=SCOPE_BASE,
853 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
854 self.assertEqual(len(res1), 0)
855
856 res1 = self.ldb.search(self.ou_groups,
857 scope=SCOPE_SUBTREE,
858 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
859 self.assertEqual(len(res1), 3)
860 dn_list = [str(res.dn) for res in res1]
861 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
862 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
863 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
864
865 res1 = self.ldb.search(self.ou_groups,
866 scope=SCOPE_ONELEVEL,
867 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
868 self.assertEqual(len(res1), 3)
869 dn_list = [str(res.dn) for res in res1]
870 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
871 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
872 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
873
874 res1 = self.ldb.search(self.ou_groups,
875 scope=SCOPE_SUBTREE,
876 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
877 self.assertEqual(len(res1), 0)
878
879 res1 = self.ldb.search(self.ou_groups,
880 scope=SCOPE_ONELEVEL,
881 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
882 self.assertEqual(len(res1), 0)
883
884 res1 = self.ldb.search(self.ou_groups,
885 scope=SCOPE_BASE,
886 expression="memberOf=cn=g4,%s" % self.ou_groups)
887 self.assertEqual(len(res1), 0)
888
889 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
890 scope=SCOPE_BASE,
891 expression="memberOf=cn=g4,%s" % self.ou_groups)
892 self.assertEqual(len(res1), 0)
893
894 res1 = self.ldb.search(self.ou_groups,
895 scope=SCOPE_SUBTREE,
896 expression="memberOf=cn=g4,%s" % self.ou_groups)
897 self.assertEqual(len(res1), 1)
898 self.assertEqual(str(res1[0].dn), ("CN=g3,%s" % self.ou_groups))
899
900 res1 = self.ldb.search(self.ou_groups,
901 scope=SCOPE_ONELEVEL,
902 expression="memberOf=cn=g4,%s" % self.ou_groups)
903 self.assertEqual(len(res1), 1)
904 self.assertEqual(str(res1[0].dn), ("CN=g3,%s" % self.ou_groups))
905
906 res1 = self.ldb.search(self.ou_groups,
907 scope=SCOPE_BASE,
908 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
909 self.assertEqual(len(res1), 0)
910
911 res1 = self.ldb.search("cn=g4,%s" % self.ou_groups,
912 scope=SCOPE_BASE,
913 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
914 self.assertEqual(len(res1), 0)
915
916 res1 = self.ldb.search(self.ou_groups,
917 scope=SCOPE_SUBTREE,
918 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
919 self.assertEqual(len(res1), 3)
920 dn_list = [str(res.dn) for res in res1]
921 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
922 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
923 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
924
925 res1 = self.ldb.search(self.ou_groups,
926 scope=SCOPE_ONELEVEL,
927 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
928 self.assertEqual(len(res1), 3)
929 dn_list = [str(res.dn) for res in res1]
930 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
931 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
932 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
933
934 res1 = self.ldb.search(self.ou_groups,
935 scope=SCOPE_SUBTREE,
936 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
937 self.assertEqual(len(res1), 0)
938
939 res1 = self.ldb.search(self.ou_groups,
940 scope=SCOPE_SUBTREE,
941 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
942 self.assertEqual(len(res1), 0)
943
944
945 class MatchRuleConditionTests(samba.tests.TestCase):
946 def setUp(self):
947 super(MatchRuleConditionTests, self).setUp()
948 self.lp = lp
949 self.ldb = SamDB(host, credentials=creds, session_info=system_session(lp), lp=lp)
950 self.base_dn = self.ldb.domain_dn()
951 self.ou = "OU=matchruleconditiontests,%s" % self.base_dn
952 self.ou_users = "OU=users,%s" % self.ou
953 self.ou_groups = "OU=groups,%s" % self.ou
954 self.ou_computers = "OU=computers,%s" % self.ou
955
956 # Add a organizational unit to create objects
957 self.ldb.add({
958 "dn": self.ou,
959 "objectclass": "organizationalUnit"})
960
961 # Create users, groups, and computers
962 self.ldb.add({
963 "dn": self.ou_users,
964 "objectclass": "organizationalUnit"})
965 self.ldb.add({
966 "dn": self.ou_groups,
967 "objectclass": "organizationalUnit"})
968 self.ldb.add({
969 "dn": self.ou_computers,
970 "objectclass": "organizationalUnit"})
971
972 self.ldb.add({
973 "dn": "cn=g1,%s" % self.ou_groups,
974 "objectclass": "group"})
975 self.ldb.add({
976 "dn": "cn=g2,%s" % self.ou_groups,
977 "objectclass": "group"})
978 self.ldb.add({
979 "dn": "cn=g3,%s" % self.ou_groups,
980 "objectclass": "group"})
981 self.ldb.add({
982 "dn": "cn=g4,%s" % self.ou_groups,
983 "objectclass": "group"})
984
985 self.ldb.add({
986 "dn": "cn=u1,%s" % self.ou_users,
987 "objectclass": "group"})
988 self.ldb.add({
989 "dn": "cn=u2,%s" % self.ou_users,
990 "objectclass": "group"})
991 self.ldb.add({
992 "dn": "cn=u3,%s" % self.ou_users,
993 "objectclass": "group"})
994 self.ldb.add({
995 "dn": "cn=u4,%s" % self.ou_users,
996 "objectclass": "group"})
997
998 self.ldb.add({
999 "dn": "cn=c1,%s" % self.ou_computers,
1000 "objectclass": "user"})
1001
1002 self.ldb.add({
1003 "dn": "cn=c2,%s" % self.ou_computers,
1004 "objectclass": "user"})
1005
1006 self.ldb.add({
1007 "dn": "cn=c3,%s" % self.ou_computers,
1008 "objectclass": "user"})
1009
1010 self.ldb.add({
1011 "dn": "cn=c4,%s" % self.ou_computers,
1012 "objectclass": "user"})
1013
1014 # Assign groups according to the following structure:
1015 # g1-->g2---->g3 --g4
1016 # \ | / | / / |
1017 # u1- >u2-- | u3<- | u4
1018 # \ \ \ \ |
1019 # c1* >c2 ->c3 c4
1020 # *c1 is a member of u1, u2, u3, and u4
1021
1022 # u2 is a member of g1 and g2
1023 m = Message()
1024 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
1025 m["member"] = MessageElement("CN=u2,%s" % self.ou_users,
1026 FLAG_MOD_ADD, "member")
1027 self.ldb.modify(m)
1028
1029 m = Message()
1030 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
1031 m["member"] = MessageElement("CN=u2,%s" % self.ou_users,
1032 FLAG_MOD_ADD, "member")
1033 self.ldb.modify(m)
1034
1035 # g2 is a member of g1
1036 m = Message()
1037 m.dn = Dn(self.ldb, "CN=g1,%s" % self.ou_groups)
1038 m["member"] = MessageElement("CN=g2,%s" % self.ou_groups,
1039 FLAG_MOD_ADD, "member")
1040 self.ldb.modify(m)
1041
1042 # g3 is a member of g2
1043 m = Message()
1044 m.dn = Dn(self.ldb, "CN=g2,%s" % self.ou_groups)
1045 m["member"] = MessageElement("CN=g3,%s" % self.ou_groups,
1046 FLAG_MOD_ADD, "member")
1047 self.ldb.modify(m)
1048
1049 # u3 is a member of g3 and g4
1050 m = Message()
1051 m.dn = Dn(self.ldb, "CN=g3,%s" % self.ou_groups)
1052 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
1053 FLAG_MOD_ADD, "member")
1054 self.ldb.modify(m)
1055
1056 m = Message()
1057 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1058 m["member"] = MessageElement("CN=u3,%s" % self.ou_users,
1059 FLAG_MOD_ADD, "member")
1060 self.ldb.modify(m)
1061
1062 # u4 is a member of g4
1063 m = Message()
1064 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1065 m["member"] = MessageElement("CN=u4,%s" % self.ou_users,
1066 FLAG_MOD_ADD, "member")
1067 self.ldb.modify(m)
1068
1069 # c1 is a member of u1, u2, u3, and u4
1070 m = Message()
1071 m.dn = Dn(self.ldb, "CN=u1,%s" % self.ou_users)
1072 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1073 FLAG_MOD_ADD, "member")
1074 self.ldb.modify(m)
1075
1076 m = Message()
1077 m.dn = Dn(self.ldb, "CN=u2,%s" % self.ou_users)
1078 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1079 FLAG_MOD_ADD, "member")
1080 self.ldb.modify(m)
1081
1082 m = Message()
1083 m.dn = Dn(self.ldb, "CN=u3,%s" % self.ou_users)
1084 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1085 FLAG_MOD_ADD, "member")
1086 self.ldb.modify(m)
1087
1088 m = Message()
1089 m.dn = Dn(self.ldb, "CN=u4,%s" % self.ou_users)
1090 m["member"] = MessageElement("CN=c1,%s" % self.ou_computers,
1091 FLAG_MOD_ADD, "member")
1092 self.ldb.modify(m)
1093
1094 # c2 is a member of u1
1095 m = Message()
1096 m.dn = Dn(self.ldb, "CN=u1,%s" % self.ou_users)
1097 m["member"] = MessageElement("CN=c2,%s" % self.ou_computers,
1098 FLAG_MOD_ADD, "member")
1099 self.ldb.modify(m)
1100
1101 # c3 is a member of u2 and g3
1102 m = Message()
1103 m.dn = Dn(self.ldb, "CN=u2,%s" % self.ou_users)
1104 m["member"] = MessageElement("CN=c3,%s" % self.ou_computers,
1105 FLAG_MOD_ADD, "member")
1106 self.ldb.modify(m)
1107
1108 m = Message()
1109 m.dn = Dn(self.ldb, "CN=g3,%s" % self.ou_groups)
1110 m["member"] = MessageElement("CN=c3,%s" % self.ou_computers,
1111 FLAG_MOD_ADD, "member")
1112 self.ldb.modify(m)
1113
1114 # c4 is a member of u4 and g4
1115 m = Message()
1116 m.dn = Dn(self.ldb, "CN=u4,%s" % self.ou_users)
1117 m["member"] = MessageElement("CN=c4,%s" % self.ou_computers,
1118 FLAG_MOD_ADD, "member")
1119 self.ldb.modify(m)
1120
1121 m = Message()
1122 m.dn = Dn(self.ldb, "CN=g4,%s" % self.ou_groups)
1123 m["member"] = MessageElement("CN=c4,%s" % self.ou_computers,
1124 FLAG_MOD_ADD, "member")
1125 self.ldb.modify(m)
1126
1127 def tearDown(self):
1128 super(MatchRuleConditionTests, self).tearDown()
1129 self.ldb.delete(self.ou, controls=['tree_delete:0'])
1130
1131 def test_g1_members(self):
1132 res1 = self.ldb.search(self.ou,
1133 scope=SCOPE_SUBTREE,
1134 expression="memberOf=cn=g1,%s" % self.ou_groups)
1135 self.assertEquals(len(res1), 2)
1136 dn_list = [str(res.dn) for res in res1]
1137 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1138 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1139
1140 res1 = self.ldb.search(self.ou,
1141 scope=SCOPE_SUBTREE,
1142 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
1143 self.assertEquals(len(res1), 6)
1144 dn_list = [str(res.dn) for res in res1]
1145 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1146 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1147 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1148 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1149 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1150 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1151
1152 res1 = self.ldb.search(self.ou,
1153 scope=SCOPE_SUBTREE,
1154 expression="member=cn=g1,%s" % self.ou_groups)
1155 self.assertEquals(len(res1), 0)
1156
1157 res1 = self.ldb.search(self.ou,
1158 scope=SCOPE_SUBTREE,
1159 expression="member:1.2.840.113556.1.4.1941:=cn=g1,%s" % self.ou_groups)
1160 self.assertEquals(len(res1), 0)
1161
1162 def test_g2_members(self):
1163 res1 = self.ldb.search(self.ou,
1164 scope=SCOPE_SUBTREE,
1165 expression="memberOf=cn=g2,%s" % self.ou_groups)
1166 self.assertEquals(len(res1), 2)
1167 dn_list = [str(res.dn) for res in res1]
1168 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1169 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1170
1171 res1 = self.ldb.search(self.ou,
1172 scope=SCOPE_SUBTREE,
1173 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s" % self.ou_groups)
1174 self.assertEquals(len(res1), 5)
1175 dn_list = [str(res.dn) for res in res1]
1176 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1177 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1178 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1179 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1180 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1181
1182 res1 = self.ldb.search(self.ou,
1183 scope=SCOPE_SUBTREE,
1184 expression="member=cn=g2,%s" % self.ou_groups)
1185 self.assertEquals(len(res1), 1)
1186 self.assertEquals(str(res1[0].dn), "CN=g1,%s" % self.ou_groups)
1187
1188 res1 = self.ldb.search(self.ou,
1189 scope=SCOPE_SUBTREE,
1190 expression="member:1.2.840.113556.1.4.1941:=cn=g2,%s" % self.ou_groups)
1191 self.assertEquals(len(res1), 1)
1192 self.assertEquals(str(res1[0].dn), "CN=g1,%s" % self.ou_groups)
1193
1194 def test_g3_members(self):
1195 res1 = self.ldb.search(self.ou,
1196 scope=SCOPE_SUBTREE,
1197 expression="memberOf=cn=g3,%s" % self.ou_groups)
1198 self.assertEquals(len(res1), 2)
1199 dn_list = [str(res.dn) for res in res1]
1200 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1201 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1202
1203 res1 = self.ldb.search(self.ou,
1204 scope=SCOPE_SUBTREE,
1205 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s" % self.ou_groups)
1206 self.assertEquals(len(res1), 3)
1207 dn_list = [str(res.dn) for res in res1]
1208 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1209 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1210 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1211
1212 res1 = self.ldb.search(self.ou,
1213 scope=SCOPE_SUBTREE,
1214 expression="member=cn=g3,%s" % self.ou_groups)
1215 self.assertEquals(len(res1), 1)
1216 self.assertEquals(str(res1[0].dn), "CN=g2,%s" % self.ou_groups)
1217
1218 res1 = self.ldb.search(self.ou,
1219 scope=SCOPE_SUBTREE,
1220 expression="member:1.2.840.113556.1.4.1941:=cn=g3,%s" % self.ou_groups)
1221 self.assertEquals(len(res1), 2)
1222 dn_list = [str(res.dn) for res in res1]
1223 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1224 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1225
1226 def test_g4_members(self):
1227 res1 = self.ldb.search(self.ou,
1228 scope=SCOPE_SUBTREE,
1229 expression="memberOf=cn=g4,%s" % self.ou_groups)
1230 self.assertEquals(len(res1), 3)
1231 dn_list = [str(res.dn) for res in res1]
1232 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1233 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1234 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1235
1236 res1 = self.ldb.search(self.ou,
1237 scope=SCOPE_SUBTREE,
1238 expression="memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
1239 self.assertEquals(len(res1), 4)
1240 dn_list = [str(res.dn) for res in res1]
1241 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1242 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1243 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1244 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1245
1246 res1 = self.ldb.search(self.ou,
1247 scope=SCOPE_SUBTREE,
1248 expression="member=cn=g4,%s" % self.ou_groups)
1249 self.assertEquals(len(res1), 0)
1250
1251 res1 = self.ldb.search(self.ou,
1252 scope=SCOPE_SUBTREE,
1253 expression="member:1.2.840.113556.1.4.1941:=cn=g4,%s" % self.ou_groups)
1254 self.assertEquals(len(res1), 0)
1255
1256 def test_u1_members(self):
1257 res1 = self.ldb.search(self.ou,
1258 scope=SCOPE_SUBTREE,
1259 expression="memberOf=cn=u1,%s" % self.ou_users)
1260 self.assertEqual(len(res1), 2)
1261 dn_list = [str(res.dn) for res in res1]
1262 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1263 self.assertTrue("CN=c2,%s" % self.ou_computers in dn_list)
1264
1265 res1 = self.ldb.search(self.ou,
1266 scope=SCOPE_SUBTREE,
1267 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
1268 self.assertEqual(len(res1), 2)
1269 dn_list = [str(res.dn) for res in res1]
1270 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1271 self.assertTrue("CN=c2,%s" % self.ou_computers in dn_list)
1272
1273 res1 = self.ldb.search(self.ou,
1274 scope=SCOPE_SUBTREE,
1275 expression="member=cn=u1,%s" % self.ou_users)
1276 self.assertEqual(len(res1), 0)
1277
1278 res1 = self.ldb.search(self.ou,
1279 scope=SCOPE_SUBTREE,
1280 expression="member:1.2.840.113556.1.4.1941:=cn=u1,%s" % self.ou_users)
1281 self.assertEqual(len(res1), 0)
1282
1283 def test_u2_members(self):
1284 res1 = self.ldb.search(self.ou,
1285 scope=SCOPE_SUBTREE,
1286 expression="memberOf=cn=u2,%s" % self.ou_users)
1287 self.assertEqual(len(res1), 2)
1288 dn_list = [str(res.dn) for res in res1]
1289 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1290 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1291
1292 res1 = self.ldb.search(self.ou,
1293 scope=SCOPE_SUBTREE,
1294 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
1295 self.assertEqual(len(res1), 2)
1296 dn_list = [str(res.dn) for res in res1]
1297 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1298 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1299
1300 res1 = self.ldb.search(self.ou,
1301 scope=SCOPE_SUBTREE,
1302 expression="member=cn=u2,%s" % self.ou_users)
1303 self.assertEqual(len(res1), 2)
1304 dn_list = [str(res.dn) for res in res1]
1305 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1306 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1307
1308 res1 = self.ldb.search(self.ou,
1309 scope=SCOPE_SUBTREE,
1310 expression="member:1.2.840.113556.1.4.1941:=cn=u2,%s" % self.ou_users)
1311 self.assertEqual(len(res1), 2)
1312 dn_list = [str(res.dn) for res in res1]
1313 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1314 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1315
1316 def test_u3_members(self):
1317 res1 = self.ldb.search(self.ou,
1318 scope=SCOPE_SUBTREE,
1319 expression="member=cn=u3,%s" % self.ou_users)
1320 self.assertEqual(len(res1), 2)
1321 dn_list = [str(res.dn) for res in res1]
1322 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1323 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1324
1325 res1 = self.ldb.search(self.ou,
1326 scope=SCOPE_SUBTREE,
1327 expression="member:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
1328 self.assertEqual(len(res1), 4)
1329 dn_list = [str(res.dn) for res in res1]
1330 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1331 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1332 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1333 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1334
1335 res1 = self.ldb.search(self.ou,
1336 scope=SCOPE_SUBTREE,
1337 expression="memberOf=cn=u3,%s" % self.ou_users)
1338 self.assertEqual(len(res1), 1)
1339 self.assertEqual(str(res1[0].dn), "CN=c1,%s" % self.ou_computers)
1340
1341 res1 = self.ldb.search(self.ou,
1342 scope=SCOPE_SUBTREE,
1343 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u3,%s" % self.ou_users)
1344 self.assertEqual(len(res1), 1)
1345 self.assertEqual(str(res1[0].dn), "CN=c1,%s" % self.ou_computers)
1346
1347 def test_u4_members(self):
1348 res1 = self.ldb.search(self.ou,
1349 scope=SCOPE_SUBTREE,
1350 expression="member=cn=u4,%s" % self.ou_users)
1351 self.assertEqual(len(res1), 1)
1352 self.assertEqual(str(res1[0].dn), "CN=g4,%s" % self.ou_groups)
1353
1354 res1 = self.ldb.search(self.ou,
1355 scope=SCOPE_SUBTREE,
1356 expression="member:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
1357 self.assertEqual(len(res1), 1)
1358 self.assertEqual(str(res1[0].dn), "CN=g4,%s" % self.ou_groups)
1359
1360 res1 = self.ldb.search(self.ou,
1361 scope=SCOPE_SUBTREE,
1362 expression="memberOf=cn=u4,%s" % self.ou_users)
1363 self.assertEqual(len(res1), 2)
1364 dn_list = [str(res.dn) for res in res1]
1365 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1366 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1367
1368 res1 = self.ldb.search(self.ou,
1369 scope=SCOPE_SUBTREE,
1370 expression="memberOf:1.2.840.113556.1.4.1941:=cn=u4,%s" % self.ou_users)
1371 self.assertEqual(len(res1), 2)
1372 dn_list = [str(res.dn) for res in res1]
1373 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1374 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1375
1376 def test_c1_members(self):
1377 res1 = self.ldb.search(self.ou,
1378 scope=SCOPE_SUBTREE,
1379 expression="member=cn=c1,%s" % self.ou_computers)
1380 self.assertEqual(len(res1), 4)
1381 dn_list = [str(res.dn) for res in res1]
1382 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1383 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1384 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1385 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1386
1387 res1 = self.ldb.search(self.ou,
1388 scope=SCOPE_SUBTREE,
1389 expression="member:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
1390 self.assertEqual(len(res1), 8)
1391 dn_list = [str(res.dn) for res in res1]
1392 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1393 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1394 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1395 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1396 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1397 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1398 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1399 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1400
1401 res1 = self.ldb.search(self.ou,
1402 scope=SCOPE_SUBTREE,
1403 expression="memberOf=cn=c1,%s" % self.ou_computers)
1404 self.assertEqual(len(res1), 0)
1405
1406 res1 = self.ldb.search(self.ou,
1407 scope=SCOPE_SUBTREE,
1408 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c1,%s" % self.ou_computers)
1409 self.assertEqual(len(res1), 0)
1410
1411 def test_c2_members(self):
1412 res1 = self.ldb.search(self.ou,
1413 scope=SCOPE_SUBTREE,
1414 expression="member=cn=c2,%s" % self.ou_computers)
1415 self.assertEqual(len(res1), 1)
1416 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1417
1418 res1 = self.ldb.search(self.ou,
1419 scope=SCOPE_SUBTREE,
1420 expression="member:1.2.840.113556.1.4.1941:=cn=c2,%s" % self.ou_computers)
1421 self.assertEqual(len(res1), 1)
1422 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1423
1424 res1 = self.ldb.search(self.ou,
1425 scope=SCOPE_SUBTREE,
1426 expression="memberOf=cn=c2,%s" % self.ou_computers)
1427 self.assertEqual(len(res1), 0)
1428
1429 res1 = self.ldb.search(self.ou,
1430 scope=SCOPE_SUBTREE,
1431 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c2,%s" % self.ou_computers)
1432 self.assertEqual(len(res1), 0)
1433
1434 def test_c3_members(self):
1435 res1 = self.ldb.search(self.ou,
1436 scope=SCOPE_SUBTREE,
1437 expression="member=cn=c3,%s" % self.ou_computers)
1438 self.assertEqual(len(res1), 2)
1439 dn_list = [str(res.dn) for res in res1]
1440 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1441 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1442
1443 res1 = self.ldb.search(self.ou,
1444 scope=SCOPE_SUBTREE,
1445 expression="member:1.2.840.113556.1.4.1941:=cn=c3,%s" % self.ou_computers)
1446 self.assertEqual(len(res1), 4)
1447 dn_list = [str(res.dn) for res in res1]
1448 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1449 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1450 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1451 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1452
1453 res1 = self.ldb.search(self.ou,
1454 scope=SCOPE_SUBTREE,
1455 expression="memberOf=cn=c3,%s" % self.ou_computers)
1456 self.assertEqual(len(res1), 0)
1457
1458 res1 = self.ldb.search(self.ou,
1459 scope=SCOPE_SUBTREE,
1460 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c3,%s" % self.ou_computers)
1461 self.assertEqual(len(res1), 0)
1462
1463 def test_c4_members(self):
1464 res1 = self.ldb.search(self.ou,
1465 scope=SCOPE_SUBTREE,
1466 expression="member=cn=c4,%s" % self.ou_computers)
1467 self.assertEqual(len(res1), 2)
1468 dn_list = [str(res.dn) for res in res1]
1469 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1470 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1471
1472 res1 = self.ldb.search(self.ou,
1473 scope=SCOPE_SUBTREE,
1474 expression="member:1.2.840.113556.1.4.1941:=cn=c4,%s" % self.ou_computers)
1475 self.assertEqual(len(res1), 2)
1476 dn_list = [str(res.dn) for res in res1]
1477 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1478 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1479
1480 res1 = self.ldb.search(self.ou,
1481 scope=SCOPE_SUBTREE,
1482 expression="memberOf=cn=c4,%s" % self.ou_computers)
1483 self.assertEqual(len(res1), 0)
1484
1485 res1 = self.ldb.search(self.ou,
1486 scope=SCOPE_SUBTREE,
1487 expression="memberOf:1.2.840.113556.1.4.1941:=cn=c4,%s" % self.ou_computers)
1488 self.assertEqual(len(res1), 0)
1489
1490 def test_or_member_queries(self):
1491 res1 = self.ldb.search(self.ou,
1492 scope=SCOPE_SUBTREE,
1493 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1494 "(member:1.2.840.113556.1.4.1941:=cn=c2,%s))") % (
1495 self.ou_computers, self.ou_computers))
1496 self.assertEqual(len(res1), 8)
1497 dn_list = [str(res.dn) for res in res1]
1498 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1499 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1500 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1501 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1502 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1503 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1504 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1505 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1506
1507 res1 = self.ldb.search(self.ou,
1508 scope=SCOPE_SUBTREE,
1509 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1510 "(member:1.2.840.113556.1.4.1941:=cn=c3,%s))") % (
1511 self.ou_computers, self.ou_computers))
1512 self.assertEqual(len(res1), 5)
1513 dn_list = [str(res.dn) for res in res1]
1514 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1515 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1516 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1517 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1518 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1519
1520 res1 = self.ldb.search(self.ou,
1521 scope=SCOPE_SUBTREE,
1522 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1523 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1524 self.ou_computers, self.ou_computers))
1525 self.assertEqual(len(res1), 3)
1526 dn_list = [str(res.dn) for res in res1]
1527 self.assertTrue("CN=u1,%s" % self.ou_users in dn_list)
1528 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1529 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1530
1531 res1 = self.ldb.search(self.ou,
1532 scope=SCOPE_SUBTREE,
1533 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=c3,%s)"
1534 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1535 self.ou_computers, self.ou_computers))
1536 self.assertEqual(len(res1), 6)
1537 dn_list = [str(res.dn) for res in res1]
1538 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1539 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1540 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1541 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1542 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1543 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1544
1545 res1 = self.ldb.search(self.ou,
1546 scope=SCOPE_SUBTREE,
1547 expression=("(|(member:1.2.840.113556.1.4.1941:=cn=u1,%s)"
1548 "(member:1.2.840.113556.1.4.1941:=cn=c4,%s))") % (
1549 self.ou_users, self.ou_computers))
1550 self.assertEqual(len(res1), 2)
1551 dn_list = [str(res.dn) for res in res1]
1552 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1553 self.assertTrue("CN=g4,%s" % self.ou_groups in dn_list)
1554
1555 def test_and_member_queries(self):
1556 res1 = self.ldb.search(self.ou,
1557 scope=SCOPE_SUBTREE,
1558 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1559 "(member:1.2.840.113556.1.4.1941:=cn=c2,%s))") % (
1560 self.ou_computers, self.ou_computers))
1561 self.assertEqual(len(res1), 1)
1562 self.assertEqual(str(res1[0].dn), "CN=u1,%s" % self.ou_users)
1563
1564 res1 = self.ldb.search(self.ou,
1565 scope=SCOPE_SUBTREE,
1566 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c2,%s)"
1567 "(member:1.2.840.113556.1.4.1941:=cn=c3,%s))") % (
1568 self.ou_computers, self.ou_computers))
1569 self.assertEqual(len(res1), 0)
1570
1571 res1 = self.ldb.search(self.ou,
1572 scope=SCOPE_SUBTREE,
1573 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c3,%s)"
1574 "(member:1.2.840.113556.1.4.1941:=cn=u3,%s))") % (
1575 self.ou_computers, self.ou_users))
1576 self.assertEqual(len(res1), 3)
1577 dn_list = [str(res.dn) for res in res1]
1578 self.assertTrue("CN=g1,%s" % self.ou_groups in dn_list)
1579 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1580 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1581
1582 res1 = self.ldb.search(self.ou,
1583 scope=SCOPE_SUBTREE,
1584 expression=("(&(member:1.2.840.113556.1.4.1941:=cn=c1,%s)"
1585 "(member:1.2.840.113556.1.4.1941:=cn=u4,%s))") % (
1586 self.ou_computers, self.ou_computers))
1587 self.assertEqual(len(res1), 0)
1588
1589 def test_or_memberOf_queries(self):
1590 res1 = self.ldb.search(self.ou,
1591 scope=SCOPE_SUBTREE,
1592 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1593 "(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s))") % (
1594 self.ou_groups, self.ou_groups))
1595 self.assertEqual(len(res1), 6)
1596 dn_list = [str(res.dn) for res in res1]
1597 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1598 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1599 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1600 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1601 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1602 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1603
1604 res1 = self.ldb.search(self.ou,
1605 scope=SCOPE_SUBTREE,
1606 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1607 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1608 self.ou_groups, self.ou_groups))
1609 self.assertEqual(len(res1), 6)
1610 dn_list = [str(res.dn) for res in res1]
1611 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1612 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1613 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1614 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1615 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1616 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1617
1618 res1 = self.ldb.search(self.ou,
1619 scope=SCOPE_SUBTREE,
1620 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1621 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1622 self.ou_groups, self.ou_groups))
1623 self.assertEqual(len(res1), 8)
1624 dn_list = [str(res.dn) for res in res1]
1625 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1626 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1627 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1628 self.assertTrue("CN=g2,%s" % self.ou_groups in dn_list)
1629 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1630 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1631 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1632 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1633
1634 res1 = self.ldb.search(self.ou,
1635 scope=SCOPE_SUBTREE,
1636 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1637 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") %
1638 (self.ou_groups, self.ou_groups))
1639 self.assertEqual(len(res1), 5)
1640 dn_list = [str(res.dn) for res in res1]
1641 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1642 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1643 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1644 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1645 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1646
1647 res1 = self.ldb.search(self.ou,
1648 scope=SCOPE_SUBTREE,
1649 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1650 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1651 self.ou_groups, self.ou_groups))
1652 self.assertEqual(len(res1), 7)
1653 dn_list = [str(res.dn) for res in res1]
1654 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1655 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1656 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1657 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1658 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1659 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1660 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1661
1662 res1 = self.ldb.search(self.ou,
1663 scope=SCOPE_SUBTREE,
1664 expression=("(|(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s)"
1665 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1666 self.ou_groups, self.ou_groups))
1667 self.assertEqual(len(res1), 5)
1668 dn_list = [str(res.dn) for res in res1]
1669 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1670 self.assertTrue("CN=u4,%s" % self.ou_users in dn_list)
1671 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1672 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1673 self.assertTrue("CN=c4,%s" % self.ou_computers in dn_list)
1674
1675 def test_and_memberOf_queries(self):
1676 res1 = self.ldb.search(self.ou,
1677 scope=SCOPE_SUBTREE,
1678 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1679 "(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s))") % (
1680 self.ou_groups, self.ou_groups))
1681 self.assertEqual(len(res1), 5)
1682 dn_list = [str(res.dn) for res in res1]
1683 self.assertTrue("CN=u2,%s" % self.ou_users in dn_list)
1684 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1685 self.assertTrue("CN=g3,%s" % self.ou_groups in dn_list)
1686 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1687 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1688
1689 res1 = self.ldb.search(self.ou,
1690 scope=SCOPE_SUBTREE,
1691 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1692 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1693 self.ou_groups, self.ou_groups))
1694 self.assertEqual(len(res1), 3)
1695 dn_list = [str(res.dn) for res in res1]
1696 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1697 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1698 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1699
1700 res1 = self.ldb.search(self.ou,
1701 scope=SCOPE_SUBTREE,
1702 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1703 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1704 self.ou_groups, self.ou_groups))
1705 self.assertEqual(len(res1), 2)
1706 dn_list = [str(res.dn) for res in res1]
1707 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1708 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1709
1710 res1 = self.ldb.search(self.ou,
1711 scope=SCOPE_SUBTREE,
1712 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1713 "(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s))") % (
1714 self.ou_groups, self.ou_groups))
1715 self.assertEqual(len(res1), 3)
1716 dn_list = [str(res.dn) for res in res1]
1717 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1718 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1719 self.assertTrue("CN=c3,%s" % self.ou_computers in dn_list)
1720
1721 res1 = self.ldb.search(self.ou,
1722 scope=SCOPE_SUBTREE,
1723 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g2,%s)"
1724 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1725 self.ou_groups, self.ou_groups))
1726 self.assertEqual(len(res1), 2)
1727 dn_list = [str(res.dn) for res in res1]
1728 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1729 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1730
1731 res1 = self.ldb.search(self.ou,
1732 scope=SCOPE_SUBTREE,
1733 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g3,%s)"
1734 "(memberOf:1.2.840.113556.1.4.1941:=cn=g4,%s))") % (
1735 self.ou_groups, self.ou_groups))
1736 self.assertEqual(len(res1), 2)
1737 dn_list = [str(res.dn) for res in res1]
1738 self.assertTrue("CN=u3,%s" % self.ou_users in dn_list)
1739 self.assertTrue("CN=c1,%s" % self.ou_computers in dn_list)
1740
1741 res1 = self.ldb.search(self.ou,
1742 scope=SCOPE_SUBTREE,
1743 expression=("(&(memberOf:1.2.840.113556.1.4.1941:=cn=g1,%s)"
1744 "(memberOf:1.2.840.113556.1.4.1941:=cn=c1,%s))") % (
1745 self.ou_groups, self.ou_computers))
1746 self.assertEqual(len(res1), 0)
1747
1748
1749 parser = optparse.OptionParser("match_rules.py [options] <host>")
1750 sambaopts = options.SambaOptions(parser)
1751 parser.add_option_group(sambaopts)
1752 parser.add_option_group(options.VersionOptions(parser))
1753
1754 # use command line creds if available
1755 credopts = options.CredentialsOptions(parser)
1756 parser.add_option_group(credopts)
1757 opts, args = parser.parse_args()
1758 subunitopts = SubunitOptions(parser)
1759 parser.add_option_group(subunitopts)
1760
1761 if len(args) < 1:
1762 parser.print_usage()
1763 sys.exit(1)
1764
1765 host = args[0]
1766
1767 lp = sambaopts.get_loadparm()
1768 creds = credopts.get_credentials(lp)
1769
1770 if "://" not in host:
1771 if os.path.isfile(host):
1772 host = "tdb://%s" % host
1773 else:
1774 host = "ldap://%s" % host
1775
1776 TestProgram(module=__name__, opts=subunitopts)
Samba GIT mirror