3 # Basic testing of id mapping with idmap_ad
7 echo Usage
: $0 DOMAIN DC_SERVER DC_PASSWORD TRUST_DOMAIN TRUST_SERVER TRUST_PASSWORD
18 wbinfo
="$VALGRIND $BINDIR/wbinfo"
19 ldbmodify
="$VALGRIND $BINDIR/ldbmodify"
20 ldbsearch
="$VALGRIND $BINDIR/ldbsearch"
24 .
`dirname $0`/..
/..
/testprogs
/blackbox
/subunit.sh
26 DOMAIN_SID
=$
($wbinfo -n "$DOMAIN/" | cut
-f 1 -d " ")
27 if [ $?
-ne 0 ] ; then
28 echo "Could not find domain SID" | subunit_fail_test
"test_idmap_ad"
32 TRUST_DOMAIN_SID
=$
($wbinfo -n "$TRUST_DOMAIN/" | cut
-f 1 -d " ")
33 if [ $?
-ne 0 ] ; then
34 echo "Could not find trusted domain SID" | subunit_fail_test
"test_idmap_ad"
38 BASE_DN
=$
($ldbsearch -H ldap
://$DC_SERVER -b "" --scope=base defaultNamingContext |
awk '/^defaultNamingContext/ {print $2}')
39 if [ $?
-ne 0 ] ; then
40 echo "Could not find base DN" | subunit_fail_test
"test_idmap_ad"
44 TRUST_BASE_DN
=$
($ldbsearch -H ldap
://$TRUST_SERVER -b "" --scope=base defaultNamingContext |
awk '/^defaultNamingContext/ {print $2}')
45 if [ $?
-ne 0 ] ; then
46 echo "Could not find trusted base DN" | subunit_fail_test
"test_idmap_ad"
53 cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
54 dn: CN=Administrator,CN=Users,$BASE_DN
60 add: unixHomeDirectory
61 unixHomeDirectory: /home/admin
65 gecos: Administrator Full Name
68 cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
69 dn: CN=Domain Users,CN=Users,$BASE_DN
75 cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
76 dn: CN=Domain Admins,CN=Users,$BASE_DN
83 # Add POSIX ids to trusted domain
85 cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
86 -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
87 dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
93 cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
94 -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
95 dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
101 cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
102 -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
103 dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
110 # Test 1: Test uid of Administrator, should be 2000000
113 out
="$($wbinfo -S $DOMAIN_SID-500)"
114 echo "wbinfo returned: \"$out\", expecting \"2000000\""
115 test "$out" = "2000000"
117 testit
"Test uid of Administrator is 2000000" test $ret -eq 0 || failed
=$
(expr $failed + 1)
120 # Test 2: Test gid of Domain Users, should be 2000001
123 out
="$($wbinfo -Y $DOMAIN_SID-513)"
124 echo "wbinfo returned: \"$out\", expecting \"2000001\""
125 test "$out" = "2000001"
127 testit
"Test uid of Domain Users is 2000001" test $ret -eq 0 || failed
=$
(expr $failed + 1)
130 # Test 3: Test get userinfo for Administrator works
133 out
="$($wbinfo -i $DOMAIN/Administrator)"
134 echo "wbinfo returned: \"$out\", expecting \"$DOMAIN/administrator:*:2000000:2000100:Administrator Full Name:/home/admin:/bin/tcsh\""
135 test "$out" = "$DOMAIN/administrator:*:2000000:2000100:Administrator Full Name:/home/admin:/bin/tcsh"
137 testit
"Test get userinfo for Administrator works" test $ret -eq 0 || failed
=$
(expr $failed + 1)
140 # Test 4: Test lookup from gid to sid
143 out
="$($wbinfo -G 2000002)"
144 echo "wbinfo returned: \"$out\", expecting \"$DOMAIN_SID-512\""
145 test "$out" = "$DOMAIN_SID-512"
147 testit
"Test gid lookup of Domain Admins" test $ret -eq 0 || failed
=$
(expr $failed + 1)
150 # Trusted domain test 1: Test uid of Administrator, should be 2500000
153 out
="$($wbinfo -S $TRUST_DOMAIN_SID-500)"
154 echo "wbinfo returned: \"$out\", expecting \"2500000\""
155 test "$out" = "2500000"
157 testit
"Test uid of Administrator in trusted domain is 2500000" test $ret -eq 0 || failed
=$
(expr $failed + 1)
160 # Trusted domain test 2: Test gid of Domain Users, should be 2500001
163 out
="$($wbinfo -Y $TRUST_DOMAIN_SID-513)"
164 echo "wbinfo returned: \"$out\", expecting \"2500001\""
165 test "$out" = "2500001"
167 testit
"Test uid of Domain Users in trusted domain is 2500001" test $ret -eq 0 || failed
=$
(expr $failed + 1)
170 # Trusted domain test 3: Test get userinfo for Administrator works
173 out
="$($wbinfo -i $TRUST_DOMAIN/Administrator)"
174 echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false\""
175 test "$out" = "$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false"
177 testit
"Test get userinfo for Administrator works" test $ret -eq 0 || failed
=$
(expr $failed + 1)
180 # Trusted domain test 4: Test lookup from gid to sid
183 out
="$($wbinfo -G 2500002)"
184 echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN_SID-512\""
185 test "$out" = "$TRUST_DOMAIN_SID-512"
187 testit
"Test gid lookup of Domain Admins in trusted domain." test $ret -eq 0 || failed
=$
(expr $failed + 1)
190 # Remove POSIX ids from AD
192 cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
193 dn: CN=Administrator,CN=Users,$BASE_DN
199 delete: unixHomeDirectory
200 unixHomeDirectory: /home/admin
202 loginShell: /bin/tcsh
204 gecos: Administrator Full Name
207 cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
208 dn: CN=Domain Users,CN=Users,$BASE_DN
214 cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
215 dn: CN=Domain Admins,CN=Users,$BASE_DN
222 # Remove POSIX ids from trusted domain
224 cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
225 -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
226 dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
232 cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
233 -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
234 dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
240 cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
241 -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
242 dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN