| blob | ecd50c3097b95f03eff561b8df20c486002cb886 |
1 #!/bin/sh
2 exec smbscript "$0" ${1+"$@"}
3 /*
4 test certin LDAP behaviours
5 */
7 var ldb = ldb_init();
8 var gc_ldb = ldb_init();
10 var options = GetOptions(ARGV,
11 "POPT_AUTOHELP",
12 "POPT_COMMON_SAMBA",
13 "POPT_COMMON_CREDENTIALS");
14 if (options == undefined) {
15 println("Failed to parse options");
16 return -1;
17 }
19 libinclude("base.js");
21 if (options.ARGV.length != 1) {
22 println("Usage: ldap.js <HOST>");
23 return -1;
24 }
26 var host = options.ARGV[0];
28 function basic_tests(ldb, gc_ldb, base_dn, configuration_dn)
29 {
30 println("Running basic tests");
32 ldb.del("cn=ldaptestuser,cn=users," + base_dn);
34 var ok = ldb.add("
35 dn: cn=ldaptestuser,cn=users," + base_dn + "
36 objectClass: user
37 objectClass: person
38 cn: LDAPtestUSER
39 ");
40 if (ok.error != 0) {
41 ok = ldb.del("cn=ldaptestuser,cn=users," + base_dn);
42 if (ok.error != 0) {
43 println(ok.errstr);
44 assert(ok.error == 0);
45 }
46 ok = ldb.add("
47 dn: cn=ldaptestuser,cn=users," + base_dn + "
48 objectClass: user
49 objectClass: person
50 cn: LDAPtestUSER
51 ");
52 if (ok.error != 0) {
53 println(ok.errstr);
54 assert(ok.error == 0);
55 }
56 }
58 var ok = ldb.add("
59 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
60 objectClass: computer
61 cn: LDAPtestCOMPUTER
62 ");
63 if (ok.error != 0) {
64 ok = ldb.del("cn=ldaptestcomputer,cn=computers," + base_dn);
65 if (ok.error != 0) {
66 println(ok.errstr);
67 assert(ok.error == 0);
68 }
69 ok = ldb.add("
70 dn: cn=ldaptestcomputer,cn=computers," + base_dn + "
71 objectClass: computer
72 cn: LDAPtestCOMPUTER
73 ");
74 if (ok.error != 0) {
75 println(ok.errstr);
76 assert(ok.error == 0);
77 }
78 }
80 var ok = ldb.add("
81 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
82 objectClass: computer
83 cn: LDAPtest2COMPUTER
84 userAccountControl: 4096
85 ");
86 if (ok.error != 0) {
87 ok = ldb.del("cn=ldaptest2computer,cn=computers," + base_dn);
88 if (ok.error != 0) {
89 println(ok.errstr);
90 assert(ok.error == 0);
91 }
92 ok = ldb.add("
93 dn: cn=ldaptest2computer,cn=computers," + base_dn + "
94 objectClass: computer
95 cn: LDAPtest2COMPUTER
96 userAccountControl: 4096
97 ");
98 if (ok.error != 0) {
99 println(ok.errstr);
100 assert(ok.error == 0);
101 }
102 }
104 ok = ldb.add("
105 dn: cn=ldaptestuser2,cn=users," + base_dn + "
106 objectClass: person
107 objectClass: user
108 cn: LDAPtestUSER2
109 ");
110 if (ok.error != 0) {
111 ok = ldb.del("cn=ldaptestuser2,cn=users," + base_dn);
112 if (ok.error != 0) {
113 println(ok.errstr);
114 assert(ok.error == 0);
115 }
116 ok = ldb.add("
117 dn: cn=ldaptestuser2,cn=users," + base_dn + "
118 objectClass: person
119 objectClass: user
120 cn: LDAPtestUSER2
121 ");
122 if (ok.error != 0) {
123 println(ok.errstr);
124 assert(ok.error == 0);
125 }
126 }
128 ok = ldb.add("
129 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
130 objectClass: user
131 ");
132 if (ok.error != 0) {
133 ok = ldb.del("cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn);
134 if (ok.error != 0) {
135 println(ok.errstr);
136 assert(ok.error == 0);
137 }
138 ok = ldb.add("
139 dn: cn=ldaptestutf8user èùéìòà ,cn=users," + base_dn + "
140 objectClass: user
141 ");
142 if (ok.error != 0) {
143 println(ok.errstr);
144 assert(ok.error == 0);
145 }
146 }
148 ok = ldb.add("
149 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
150 objectClass: user
151 ");
152 if (ok.error != 0) {
153 ok = ldb.del("cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn);
154 if (ok.error != 0) {
155 println(ok.errstr);
156 assert(ok.error == 0);
157 }
158 ok = ldb.add("
159 dn: cn=ldaptestutf8user2 èùéìòà ,cn=users," + base_dn + "
160 objectClass: user
161 ");
162 if (ok.error != 0) {
163 println(ok.errstr);
164 assert(ok.error == 0);
165 }
166 }
168 println("Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))");
169 var res = ldb.search("(&(cn=ldaptestuser)(objectClass=user))");
170 if (res.error != 0 || res.msgs.length != 1) {
171 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
172 assert(res.error == 0);
173 assert(res.msgs.length == 1);
174 }
176 assert(res.msgs[0].dn == "cn=ldaptestuser,cn=users," + base_dn);
177 assert(res.msgs[0].cn == "ldaptestuser");
178 assert(res.msgs[0].name == "ldaptestuser");
179 assert(res.msgs[0].objectClass[0] == "top");
180 assert(res.msgs[0].objectClass[1] == "person");
181 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
182 assert(res.msgs[0].objectClass[3] == "user");
183 assert(res.msgs[0].objectGUID != undefined);
184 assert(res.msgs[0].whenCreated != undefined);
185 assert(res.msgs[0].objectCategory == "cn=Person,cn=Schema,cn=Configuration," + base_dn);
186 assert(res.msgs[0].sAMAccountType == 805306368);
187 // assert(res[0].userAccountControl == 546);
189 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
190 var res2 = ldb.search("(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
191 if (res2.error != 0 || res2.msgs.length != 1) {
192 println("Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + base_dn + "))");
193 assert(res2.error == 0);
194 assert(res2.msgs.length == 1);
195 }
197 assert(res.msgs[0].dn == res2.msgs[0].dn);
199 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))");
200 var res3 = ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
201 if (res3.error != 0) {
202 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): " + res3.errstr);
203 assert(res3.error == 0);
204 } else if (res3.msgs.length != 1) {
205 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched " + res3.msgs.length);
206 assert(res3.msgs.length == 1);
207 }
209 assert(res.msgs[0].dn == res3.msgs[0].dn);
211 if (gc_ldb != undefined) {
212 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
213 var res3gc = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))");
214 if (res3gc.error != 0) {
215 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: " + res3gc.errstr);
216 assert(res3gc.error == 0);
217 } else if (res3gc.msgs.length != 1) {
218 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog: matched " + res3gc.msgs.length);
219 assert(res3gc.msgs.length == 1);
220 }
222 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
223 }
225 println("Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control");
226 var attrs = new Array("cn");
227 var controls = new Array("search_options:1:2");
228 var res3control = gc_ldb.search("(&(cn=ldaptestuser)(objectCategory=PerSon))", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
229 if (res3control.error != 0 || res3control.msgs.length != 1) {
230 println("Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog");
231 assert(res3control.error == 0);
232 assert(res3control.msgs.length == 1);
233 }
235 assert(res.msgs[0].dn == res3control.msgs[0].dn);
237 ok = ldb.del(res.msgs[0].dn);
238 if (ok.error != 0) {
239 println(ok.errstr);
240 assert(ok.error == 0);
241 }
243 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))");
244 var res = ldb.search("(&(cn=ldaptestcomputer)(objectClass=user))");
245 if (res.error != 0 || res.msgs.length != 1) {
246 println("Could not find (&(cn=ldaptestuser)(objectClass=user))");
247 assert(res.error == 0);
248 assert(res.msgs.length == 1);
249 }
251 assert(res.msgs[0].dn == "cn=ldaptestcomputer,cn=computers," + base_dn);
252 assert(res.msgs[0].cn == "ldaptestcomputer");
253 assert(res.msgs[0].name == "ldaptestcomputer");
254 assert(res.msgs[0].objectClass[0] == "top");
255 assert(res.msgs[0].objectClass[1] == "person");
256 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
257 assert(res.msgs[0].objectClass[3] == "user");
258 assert(res.msgs[0].objectClass[4] == "computer");
259 assert(res.msgs[0].objectGUID != undefined);
260 assert(res.msgs[0].whenCreated != undefined);
261 assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn);
262 // assert(res.msgs[0].sAMAccountType == 805306368);
263 // assert(res.msgs[0].userAccountControl == 546);
265 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
266 var res2 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
267 if (res2.error != 0 || res2.msgs.length != 1) {
268 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
269 assert(res2.error == 0);
270 assert(res2.msgs.length == 1);
271 }
273 assert(res.msgs[0].dn == res2.msgs[0].dn);
275 if (gc_ldb != undefined) {
276 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
277 var res2gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + "))");
278 if (res2gc.error != 0 || res2gc.msgs.length != 1) {
279 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + base_dn + ")) in Global Catlog");
280 assert(res2gc.error == 0);
281 assert(res2gc.msgs.length == 1);
282 }
284 assert(res.msgs[0].dn == res2gc.msgs[0].dn);
285 }
287 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
288 var res3 = ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
289 if (res3.error != 0 || res3.msgs.length != 1) {
290 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))");
291 assert(res3.error == 0);
292 assert(res3.msgs.length == 1);
293 }
295 assert(res.msgs[0].dn == res3.msgs[0].dn);
297 if (gc_ldb != undefined) {
298 println("Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
299 var res3gc = gc_ldb.search("(&(cn=ldaptestcomputer)(objectCategory=compuTER))");
300 if (res3gc.error != 0 || res3gc.msgs.length != 1) {
301 println("Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog");
302 assert(res3gc.error == 0);
303 assert(res3gc.msgs.length == 1);
304 }
306 assert(res.msgs[0].dn == res3gc.msgs[0].dn);
307 }
309 println("Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
310 var res4 = ldb.search("(&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
311 if (res4.error != 0 || res4.msgs.length != 1) {
312 println("Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))");
313 assert(res4.error == 0);
314 assert(res4.msgs.length == 1);
315 }
317 assert(res.msgs[0].dn == res4.msgs[0].dn);
319 println("Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
320 var res5 = ldb.search("(&(cn=ldaptestcomput*)(objectCategory=compuTER))");
321 if (res5.error != 0 || res5.msgs.length != 1) {
322 println("Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))");
323 assert(res5.error == 0);
324 assert(res5.msgs.length == 1);
325 }
327 assert(res.msgs[0].dn == res5.msgs[0].dn);
329 println("Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))");
330 var res6 = ldb.search("(&(cn=*daptestcomputer)(objectCategory=compuTER))");
331 if (res6.error != 0 || res6.msgs.length != 1) {
332 println("Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))");
333 assert(res6.error == 0);
334 assert(res6.msgs.length == 1);
335 }
337 assert(res.msgs[0].dn == res6.msgs[0].dn);
339 ok = ldb.del(res.msgs[0].dn);
340 if (ok.error != 0) {
341 println(ok.errstr);
342 assert(ok.error == 0);
343 }
345 println("Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))");
346 var res = ldb.search("(&(cn=ldaptest2computer)(objectClass=user))");
347 if (res.error != 0 || res.msgs.length != 1) {
348 println("Could not find (&(cn=ldaptest2computer)(objectClass=user))");
349 assert(res.error == 0);
350 assert(res.msgs.length == 1);
351 }
353 assert(res.msgs[0].dn == "cn=ldaptest2computer,cn=computers," + base_dn);
354 assert(res.msgs[0].cn == "ldaptest2computer");
355 assert(res.msgs[0].name == "ldaptest2computer");
356 assert(res.msgs[0].objectClass[0] == "top");
357 assert(res.msgs[0].objectClass[1] == "person");
358 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
359 assert(res.msgs[0].objectClass[3] == "user");
360 assert(res.msgs[0].objectClass[4] == "computer");
361 assert(res.msgs[0].objectGUID != undefined);
362 assert(res.msgs[0].whenCreated != undefined);
363 assert(res.msgs[0].objectCategory == "cn=Computer,cn=Schema,cn=Configuration," + base_dn);
364 assert(res.msgs[0].sAMAccountType == 805306369);
365 // assert(res.msgs[0].userAccountControl == 4098);
368 println("Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))");
369 var res = ldb.search("(&(cn=ldaptestUSer2)(objectClass=user))");
370 if (res.error != 0 || res.msgs.length != 1) {
371 println("Could not find (&(cn=ldaptestUSer2)(objectClass=user))");
372 assert(res.error == 0);
373 assert(res.msgs.length == 1);
374 }
376 assert(res.msgs[0].dn == "cn=ldaptestuser2,cn=users," + base_dn);
377 assert(res.msgs[0].cn == "ldaptestuser2");
378 assert(res.msgs[0].name == "ldaptestuser2");
379 assert(res.msgs[0].objectClass[0] == "top");
380 assert(res.msgs[0].objectClass[1] == "person");
381 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
382 assert(res.msgs[0].objectClass[3] == "user");
383 assert(res.msgs[0].objectGUID != undefined);
384 assert(res.msgs[0].whenCreated != undefined);
386 ok = ldb.del(res.msgs[0].dn);
387 if (ok.error != 0) {
388 println(ok.errstr);
389 assert(ok.error == 0);
390 }
392 println("Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
393 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
395 if (res.error != 0 || res.msgs.length != 1) {
396 println("Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
397 assert(res.error == 0);
398 assert(res.msgs.length == 1);
399 }
401 assert(res.msgs[0].dn == "cn=ldaptestutf8user èùéìòà,cn=users," + base_dn);
402 assert(res.msgs[0].cn == "ldaptestutf8user èùéìòà");
403 assert(res.msgs[0].name == "ldaptestutf8user èùéìòà");
404 assert(res.msgs[0].objectClass[0] == "top");
405 assert(res.msgs[0].objectClass[1] == "person");
406 assert(res.msgs[0].objectClass[2] == "organizationalPerson");
407 assert(res.msgs[0].objectClass[3] == "user");
408 assert(res.msgs[0].objectGUID != undefined);
409 assert(res.msgs[0].whenCreated != undefined);
411 ok = ldb.del(res.msgs[0].dn);
412 if (ok.error != 0) {
413 println(ok.errstr);
414 assert(ok.error == 0);
415 }
417 println("Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
418 var res = ldb.search("(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))");
420 if (res.error != 0 || res.msgs.length != 1) {
421 println("Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))");
422 } else {
423 assert(res.msgs[0].dn == "cn=ldaptestutf8user2 èùéìòà,cn=users," + base_dn);
424 assert(res.msgs[0].cn == "ldaptestutf8user2 èùéìòà");
425 }
427 println("Testing that we can't get at the configuration DN from the main search base");
428 var attrs = new Array("cn");
429 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
430 assert(res.error == 0);
431 if (res.msgs.length != 0) {
432 println("Got configuration DN " + res.msgs[0].dn + " which should not be able to be seen from main search base");
433 }
434 assert(res.msgs.length == 0);
436 println("Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control");
437 var attrs = new Array("cn");
438 var controls = new Array("search_options:1:2");
439 var res = ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs, controls);
440 assert(res.error == 0);
441 assert(res.msgs.length > 0);
443 if (gc_ldb != undefined) {
444 println("Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0");
445 var attrs = new Array("cn");
446 var controls = new Array("search_options:1:0");
447 var res = gc_ldb.search("objectClass=crossRef", base_dn, gc_ldb.SCOPE_SUBTREE, attrs, controls);
448 assert(res.error == 0);
449 assert(res.msgs.length > 0);
451 println("Testing that we do find configuration elements in the global catlog");
452 var attrs = new Array("cn");
453 var res = gc_ldb.search("objectClass=crossRef", base_dn, ldb.SCOPE_SUBTREE, attrs);
454 assert(res.error == 0);
455 assert (res.msgs.length > 0);
457 println("Testing that we do find configuration elements and user elements at the same time");
458 var attrs = new Array("cn");
459 var res = gc_ldb.search("(|(objectClass=crossRef)(objectClass=person))", base_dn, ldb.SCOPE_SUBTREE, attrs);
460 assert(res.error == 0);
461 assert (res.msgs.length > 0);
463 println("Testing that we do find configuration elements in the global catlog, with the configuration basedn");
464 var attrs = new Array("cn");
465 var res = gc_ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
466 assert(res.error == 0);
467 assert (res.msgs.length > 0);
468 }
470 println("Testing that we can get at the configuration DN on the main LDAP port");
471 var attrs = new Array("cn");
472 var res = ldb.search("objectClass=crossRef", configuration_dn, ldb.SCOPE_SUBTREE, attrs);
473 assert(res.error == 0);
474 assert (res.msgs.length > 0);
476 }
478 function basedn_tests(ldb, gc_ldb)
479 {
480 println("Testing for all rootDSE attributes");
481 var attrs = new Array();
482 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
483 assert(res.error == 0);
484 assert(res.msgs.length == 1);
486 println("Testing for highestCommittedUSN");
487 var attrs = new Array("highestCommittedUSN");
488 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
489 assert(res.error == 0);
490 assert(res.msgs.length == 1);
491 assert(res.msgs[0].highestCommittedUSN != undefined);
492 assert(res.msgs[0].highestCommittedUSN != 0);
494 println("Testing for netlogon via LDAP");
495 var attrs = new Array("netlogon");
496 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
497 assert(res.error == 0);
498 assert(res.msgs.length == 0);
500 println("Testing for netlogon and highestCommittedUSN via LDAP");
501 var attrs = new Array("netlogon", "highestCommittedUSN");
502 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
503 assert(res.error == 0);
504 assert(res.msgs.length == 0);
505 }
507 function find_basedn(ldb)
508 {
509 var attrs = new Array("defaultNamingContext");
510 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
511 assert(res.error == 0);
512 assert(res.msgs.length == 1);
513 return res.msgs[0].defaultNamingContext;
514 }
516 function find_configurationdn(ldb)
517 {
518 var attrs = new Array("configurationNamingContext");
519 var res = ldb.search("", "", ldb.SCOPE_BASE, attrs);
520 assert(res.error == 0);
521 assert(res.msgs.length == 1);
522 return res.msgs[0].configurationNamingContext;
523 }
525 /* use command line creds if available */
526 ldb.credentials = options.get_credentials();
527 gc_ldb.credentials = options.get_credentials();
529 var ok = ldb.connect("ldap://" + host);
530 var base_dn = find_basedn(ldb);
531 var configuration_dn = find_configurationdn(ldb);
533 printf("baseDN: %s\n", base_dn);
535 var ok = gc_ldb.connect("ldap://" + host + ":3268");
536 if (!ok) {
537 gc_ldb = undefined;
538 }
540 basic_tests(ldb, gc_ldb, base_dn, configuration_dn)
542 basedn_tests(ldb, gc_ldb)
544 return 0;