2 exec smbscript "$0" ${1+"$@"}
4 test certin LDAP behaviours
8 var gc_ldb = ldb_init();
10 var options = GetOptions(ARGV,
13 "POPT_COMMON_CREDENTIALS");
14 if (options == undefined) {
15 println("Failed to parse options");
19 libinclude("base.js");
21 if (options.ARGV.length != 1) {
22 println("Usage: ldap.js <HOST>");
26 var host = options.ARGV[0];
28 function basic_tests(ldb, gc_ldb, base_dn, configuration_dn)
30 println("Running basic tests");
32 ldb.del("cn=ldaptestuser,cn=users," + base_dn);
35 dn: cn=ldaptestuser,cn=users," + base_dn + "
41 ok = ldb.del("cn=ldaptestuser,cn=users," + base_dn);
44 assert(ok.error == 0);
47 dn: cn=ldaptestuser,cn=users," + base_dn + "
54 assert(ok.error == 0);
59 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
64 ok = ldb.del("cn=ldaptestcomputer,cn=computers," + base_dn);
67 assert(ok.error == 0);
70 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
76 assert(ok.error == 0);
81 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
84 userAccountControl: 4096
87 ok = ldb.del("cn=ldaptest2computer,cn=computers," + base_dn);
90 assert(ok.error == 0);
93 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
96 userAccountControl: 4096
100 assert(ok.error == 0);
105 dn: cn=ldaptestuser2,cn=users," + base_dn + "
111 ok = ldb.del("cn=ldaptestuser2,cn=users," + base_dn);
114 assert(ok.error == 0);
117 dn: cn=ldaptestuser2,cn=users," + base_dn + "
124 assert(ok.error == 0);
129 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
133 ok = ldb.del("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn);
136 assert(ok.error == 0);
139 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
144 assert(ok.error == 0);
149 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
153 ok = ldb.del("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn);
156 assert(ok.error == 0);
159 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
164 assert(ok.error == 0);
168 println("Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))");
169 var res = ldb.search("(&(cn=ldaptestuser)(objectClass=user))");
170 if (res.error != 0 || res.msgs.length != 1) {
171 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
172 assert(res.error == 0);
173 assert(res.msgs.length == 1);
176 assert(res.msgs[0].dn == "cn=ldaptestuser,cn=users," + base_dn);
177 assert(res.msgs[0].cn == "ldaptestuser");
178 assert(res.msgs[0].name == "ldaptestuser");
179 assert(res.msgs[0].objectClass[0] == "top");
180 assert(res.msgs[0].objectClass[1] == "person");
181 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
182 assert(res.msgs[0].objectClass[3] == "user");
183 assert(res.msgs[0].objectGUID != undefined);
184 assert(res.msgs[0].whenCreated != undefined);
185 assert(res.msgs[0].objectCategory == "cn=Person,cn=Schema,cn=Configuration," + base_dn);
186 assert(res.msgs[0].sAMAccountType == 805306368);
187 // assert(res[0].userAccountControl == 546);
189 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
190 var res2 = ldb.search("(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
191 if (res2.error != 0 || res2.msgs.length != 1) {
192 println("Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
193 assert(res2.error == 0);
194 assert(res2.msgs.length == 1);
197 assert(res.msgs[0].dn == res2.msgs[0].dn);
199 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))");
200 var res3 = ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
201 if (res3.error != 0) {
202 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): " + res3.errstr);
203 assert(res3.error == 0);
204 } else if (res3.msgs.length != 1) {
205 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + res3.msgs.length);
206 assert(res3.msgs.length == 1);
209 assert(res.msgs[0].dn == res3.msgs[0].dn);
211 if (gc_ldb != undefined) {
212 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
213 var res3gc = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
214 if (res3gc.error != 0) {
215 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: " + res3gc.errstr);
216 assert(res3gc.error == 0);
217 } else if (res3gc.msgs.length != 1) {
218 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: matched " + res3gc.msgs.length);
219 assert(res3gc.msgs.length == 1);
222 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
225 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control");
226 var attrs = new Array("cn");
227 var controls = new Array("search_options:1:2");
228 var res3control = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
229 if (res3control.error != 0 || res3control.msgs.length != 1) {
230 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
231 assert(res3control.error == 0);
232 assert(res3control.msgs.length == 1);
235 assert(res.msgs[0].dn == res3control.msgs[0].dn);
237 ok = ldb.del(res.msgs[0].dn);
240 assert(ok.error == 0);
243 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))");
244 var res = ldb.search("(&(cn=ldaptestcomputer)(objectClass=user))");
245 if (res.error != 0 || res.msgs.length != 1) {
246 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
247 assert(res.error == 0);
248 assert(res.msgs.length == 1);
251 assert(res.msgs[0].dn == "cn=ldaptestcomputer,cn=computers," + base_dn);
252 assert(res.msgs[0].cn == "ldaptestcomputer");
253 assert(res.msgs[0].name == "ldaptestcomputer");
254 assert(res.msgs[0].objectClass[0] == "top");
255 assert(res.msgs[0].objectClass[1] == "person");
256 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
257 assert(res.msgs[0].objectClass[3] == "user");
258 assert(res.msgs[0].objectClass[4] == "computer");
259 assert(res.msgs[0].objectGUID != undefined);
260 assert(res.msgs[0].whenCreated != undefined);
261 assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn);
262 // assert(res.msgs[0].sAMAccountType == 805306368);
263 // assert(res.msgs[0].userAccountControl == 546);
265 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
266 var res2 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
267 if (res2.error != 0 || res2.msgs.length != 1) {
268 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
269 assert(res2.error == 0);
270 assert(res2.msgs.length == 1);
273 assert(res.msgs[0].dn == res2.msgs[0].dn);
275 if (gc_ldb != undefined) {
276 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
277 var res2gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
278 if (res2gc.error != 0 || res2gc.msgs.length != 1) {
279 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
280 assert(res2gc.error == 0);
281 assert(res2gc.msgs.length == 1);
284 assert(res.msgs[0].dn == res2gc.msgs[0].dn);
287 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
288 var res3 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
289 if (res3.error != 0 || res3.msgs.length != 1) {
290 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
291 assert(res3.error == 0);
292 assert(res3.msgs.length == 1);
295 assert(res.msgs[0].dn == res3.msgs[0].dn);
297 if (gc_ldb != undefined) {
298 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
299 var res3gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
300 if (res3gc.error != 0 || res3gc.msgs.length != 1) {
301 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
302 assert(res3gc.error == 0);
303 assert(res3gc.msgs.length == 1);
306 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
309 println("Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
310 var res4 = ldb.search("(&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
311 if (res4.error != 0 || res4.msgs.length != 1) {
312 println("Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
313 assert(res4.error == 0);
314 assert(res4.msgs.length == 1);
317 assert(res.msgs[0].dn == res4.msgs[0].dn);
319 println("Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
320 var res5 = ldb.search("(&(cn=ldaptestcomput*)(objectCategory=compuTER))");
321 if (res5.error != 0 || res5.msgs.length != 1) {
322 println("Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
323 assert(res5.error == 0);
324 assert(res5.msgs.length == 1);
327 assert(res.msgs[0].dn == res5.msgs[0].dn);
329 println("Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))");
330 var res6 = ldb.search("(&(cn=*daptestcomputer)(objectCategory=compuTER))");
331 if (res6.error != 0 || res6.msgs.length != 1) {
332 println("Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))");
333 assert(res6.error == 0);
334 assert(res6.msgs.length == 1);
337 assert(res.msgs[0].dn == res6.msgs[0].dn);
339 ok = ldb.del(res.msgs[0].dn);
342 assert(ok.error == 0);
345 println("Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))");
346 var res = ldb.search("(&(cn=ldaptest2computer)(objectClass=user))");
347 if (res.error != 0 || res.msgs.length != 1) {
348 println("Could not find (&(cn=ldaptest2computer)(objectClass=user))");
349 assert(res.error == 0);
350 assert(res.msgs.length == 1);
353 assert(res.msgs[0].dn == "cn=ldaptest2computer,cn=computers," + base_dn);
354 assert(res.msgs[0].cn == "ldaptest2computer");
355 assert(res.msgs[0].name == "ldaptest2computer");
356 assert(res.msgs[0].objectClass[0] == "top");
357 assert(res.msgs[0].objectClass[1] == "person");
358 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
359 assert(res.msgs[0].objectClass[3] == "user");
360 assert(res.msgs[0].objectClass[4] == "computer");
361 assert(res.msgs[0].objectGUID != undefined);
362 assert(res.msgs[0].whenCreated != undefined);
363 assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn);
364 assert(res.msgs[0].sAMAccountType == 805306369);
365 // assert(res.msgs[0].userAccountControl == 4098);
368 println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))");
369 var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))");
370 if (res.error != 0 || res.msgs.length != 1) {
371 println("Could not find (&(cn=ldaptestUSer2)(objectClass=user))");
372 assert(res.error == 0);
373 assert(res.msgs.length == 1);
376 assert(res.msgs[0].dn == "cn=ldaptestuser2,cn=users," + base_dn);
377 assert(res.msgs[0].cn == "ldaptestuser2");
378 assert(res.msgs[0].name == "ldaptestuser2");
379 assert(res.msgs[0].objectClass[0] == "top");
380 assert(res.msgs[0].objectClass[1] == "person");
381 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
382 assert(res.msgs[0].objectClass[3] == "user");
383 assert(res.msgs[0].objectGUID != undefined);
384 assert(res.msgs[0].whenCreated != undefined);
386 ok = ldb.del(res.msgs[0].dn);
389 assert(ok.error == 0);
392 println("Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
393 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
395 if (res.error != 0 || res.msgs.length != 1) {
396 println("Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
397 assert(res.error == 0);
398 assert(res.msgs.length == 1);
401 assert(res.msgs[0].dn == "cn=ldaptestutf8user èùéìòà,cn=users," + base_dn);
402 assert(res.msgs[0].cn == "ldaptestutf8user èùéìòà");
403 assert(res.msgs[0].name == "ldaptestutf8user èùéìòà");
404 assert(res.msgs[0].objectClass[0] == "top");
405 assert(res.msgs[0].objectClass[1] == "person");
406 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
407 assert(res.msgs[0].objectClass[3] == "user");
408 assert(res.msgs[0].objectGUID != undefined);
409 assert(res.msgs[0].whenCreated != undefined);
411 ok = ldb.del(res.msgs[0].dn);
414 assert(ok.error == 0);
417 println("Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
418 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
420 if (res.error != 0 || res.msgs.length != 1) {
421 println("Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
423 assert(res.msgs[0].dn == "cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn);
424 assert(res.msgs[0].cn == "ldaptestutf8user2 èùéìòà");
427 println("Testing that we can't get at the configuration DN from the main search base");
428 var attrs = new Array("cn");
429 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
430 assert(res.error == 0);
431 if (res.msgs.length != 0) {
432 println("Got configuration DN " + res.msgs[0].dn + " which should not be able to be seen from main search base");
434 assert(res.msgs.length == 0);
436 println("Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control");
437 var attrs = new Array("cn");
438 var controls = new Array("search_options:1:2");
439 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
440 assert(res.error == 0);
441 assert(res.msgs.length > 0);
443 if (gc_ldb != undefined) {
444 println("Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0");
445 var attrs = new Array("cn");
446 var controls = new Array("search_options:1:0");
447 var res = gc_ldb.search("objectClass=crossRef", base_dn, gc_ldb.SCOPE_SUBTREE, attrs, controls);
448 assert(res.error == 0);
449 assert(res.msgs.length > 0);
451 println("Testing that we do find configuration elements in the global catlog");
452 var attrs = new Array("cn");
453 var res = gc_ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
454 assert(res.error == 0);
455 assert (res.msgs.length > 0);
457 println("Testing that we do find configuration elements and user elements at the same time");
458 var attrs = new Array("cn");
459 var res = gc_ldb.search("(|(objectClass=crossRef)(objectClass=person))", base_dn, ldb.SCOPE_SUBTREE, attrs);
460 assert(res.error == 0);
461 assert (res.msgs.length > 0);
463 println("Testing that we do find configuration elements in the global catlog, with the configuration basedn");
464 var attrs = new Array("cn");
465 var res = gc_ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
466 assert(res.error == 0);
467 assert (res.msgs.length > 0);
470 println("Testing that we can get at the configuration DN on the main LDAP port");
471 var attrs = new Array("cn");
472 var res = ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
473 assert(res.error == 0);
474 assert (res.msgs.length > 0);
478 function basedn_tests(ldb, gc_ldb)
480 println("Testing for all rootDSE attributes");
481 var attrs = new Array();
482 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
483 assert(res.error == 0);
484 assert(res.msgs.length == 1);
486 println("Testing for highestCommittedUSN");
487 var attrs = new Array("highestCommittedUSN");
488 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
489 assert(res.error == 0);
490 assert(res.msgs.length == 1);
491 assert(res.msgs[0].highestCommittedUSN != undefined);
492 assert(res.msgs[0].highestCommittedUSN != 0);
494 println("Testing for netlogon via LDAP");
495 var attrs = new Array("netlogon");
496 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
497 assert(res.error == 0);
498 assert(res.msgs.length == 0);
500 println("Testing for netlogon and highestCommittedUSN via LDAP");
501 var attrs = new Array("netlogon", "highestCommittedUSN");
502 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
503 assert(res.error == 0);
504 assert(res.msgs.length == 0);
507 function find_basedn(ldb)
509 var attrs = new Array("defaultNamingContext");
510 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
511 assert(res.error == 0);
512 assert(res.msgs.length == 1);
513 return res.msgs[0].defaultNamingContext;
516 function find_configurationdn(ldb)
518 var attrs = new Array("configurationNamingContext");
519 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
520 assert(res.error == 0);
521 assert(res.msgs.length == 1);
522 return res.msgs[0].configurationNamingContext;
525 /* use command line creds if available */
526 ldb.credentials = options.get_credentials();
527 gc_ldb.credentials = options.get_credentials();
529 var ok = ldb.connect("ldap://" + host);
530 var base_dn = find_basedn(ldb);
531 var configuration_dn = find_configurationdn(ldb);
533 printf("baseDN: %s\n", base_dn);
535 var ok = gc_ldb.connect("ldap://" + host + ":3268");
540 basic_tests(ldb, gc_ldb, base_dn, configuration_dn)
542 basedn_tests(ldb, gc_ldb)