2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
10 sys
.path
.append("bin/python")
11 sys
.path
.append("../lib/subunit/python")
13 import samba
.getopt
as options
15 from samba
.auth
import system_session
16 from ldb
import SCOPE_SUBTREE
, SCOPE_ONELEVEL
, SCOPE_BASE
, LdbError
17 from ldb
import ERR_NO_SUCH_OBJECT
, ERR_ATTRIBUTE_OR_VALUE_EXISTS
18 from ldb
import ERR_ENTRY_ALREADY_EXISTS
, ERR_UNWILLING_TO_PERFORM
19 from ldb
import ERR_NOT_ALLOWED_ON_NON_LEAF
, ERR_OTHER
, ERR_INVALID_DN_SYNTAX
21 from subunit
import SubunitTestRunner
22 from samba
import param
25 parser
= optparse
.OptionParser("ldap [options] <host>")
26 sambaopts
= options
.SambaOptions(parser
)
27 parser
.add_option_group(sambaopts
)
28 parser
.add_option_group(options
.VersionOptions(parser
))
29 # use command line creds if available
30 credopts
= options
.CredentialsOptions(parser
)
31 parser
.add_option_group(credopts
)
32 opts
, args
= parser
.parse_args()
40 lp
= sambaopts
.get_loadparm()
41 creds
= credopts
.get_credentials(lp
)
43 class BasicTests(unittest
.TestCase
):
44 def delete_force(self
, ldb
, dn
):
47 except LdbError
, (num
, _
):
48 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
50 def find_basedn(self
, ldb
):
51 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
,
52 attrs
=["defaultNamingContext"])
53 self
.assertEquals(len(res
), 1)
54 return res
[0]["defaultNamingContext"][0]
56 def find_configurationdn(self
, ldb
):
57 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["configurationNamingContext"])
58 self
.assertEquals(len(res
), 1)
59 return res
[0]["configurationNamingContext"][0]
61 def find_schemadn(self
, ldb
):
62 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["schemaNamingContext"])
63 self
.assertEquals(len(res
), 1)
64 return res
[0]["schemaNamingContext"][0]
69 self
.base_dn
= self
.find_basedn(ldb
)
70 self
.configuration_dn
= self
.find_configurationdn(ldb
)
71 self
.schema_dn
= self
.find_schemadn(ldb
)
73 print "baseDN: %s\n" % self
.base_dn
75 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
76 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
77 self
.delete_force(self
.ldb
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
78 self
.delete_force(self
.ldb
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
79 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
)
80 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
)
81 self
.delete_force(self
.ldb
, "cn=parentguidtest,cn=users," + self
.base_dn
)
82 self
.delete_force(self
.ldb
, "cn=parentguidtest,cn=testotherusers," + self
.base_dn
)
83 self
.delete_force(self
.ldb
, "cn=testotherusers," + self
.base_dn
)
85 def test_group_add_invalid_member(self
):
86 """Testing group add with invalid member"""
89 "dn": "cn=ldaptestgroup,cn=uSers," + self
.base_dn
,
90 "objectclass": "group",
91 "member": "cn=ldaptestuser,cn=useRs," + self
.base_dn
})
93 except LdbError
, (num
, _
):
94 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
96 def test_parentGUID(self
):
97 """Test parentGUID behaviour"""
98 print "Testing parentGUID behaviour\n"
101 "dn": "cn=parentguidtest,cn=users," + self
.base_dn
,
102 "objectclass":"user",
103 "samaccountname":"parentguidtest"});
104 res1
= ldb
.search(base
="cn=parentguidtest,cn=users," + self
.base_dn
, scope
=SCOPE_BASE
,
105 attrs
=["parentGUID"]);
106 res2
= ldb
.search(base
="cn=users," + self
.base_dn
,scope
=SCOPE_BASE
,
107 attrs
=["objectGUID"]);
108 self
.assertEquals(res1
[0]["parentGUID"], res2
[0]["objectGUID"]);
110 """Test parentGUID behaviour"""
111 print "Testing parentGUID behaviour on rename\n"
114 "dn": "cn=testotherusers," + self
.base_dn
,
115 "objectclass":"container"});
116 res1
= ldb
.search(base
="cn=testotherusers," + self
.base_dn
,scope
=SCOPE_BASE
,
117 attrs
=["objectGUID"]);
118 ldb
.rename("cn=parentguidtest,cn=users," + self
.base_dn
,
119 "cn=parentguidtest,cn=testotherusers," + self
.base_dn
);
120 res2
= ldb
.search(base
="cn=parentguidtest,cn=testotherusers," + self
.base_dn
,
122 attrs
=["parentGUID"]);
123 self
.assertEquals(res1
[0]["objectGUID"], res2
[0]["parentGUID"]);
124 ldb
.delete("cn=parentguidtest,cn=testotherusers," + self
.base_dn
)
125 ldb
.delete("cn=testotherusers," + self
.base_dn
)
127 def test_groupType(self
):
128 """Test groupType behaviour
129 (should appear to be casted to a 32 bit signed integer before comparsion)"""
130 print "Testing groupType behaviour\n"
132 res1
= ldb
.search(base
=self
.base_dn
, scope
=SCOPE_SUBTREE
,
133 attrs
=["groupType"], expression
="groupType=2147483650");
135 res2
= ldb
.search(base
=self
.base_dn
, scope
=SCOPE_SUBTREE
,
136 attrs
=["groupType"], expression
="groupType=-2147483646");
138 self
.assertEquals(len(res1
), len(res2
))
140 self
.assertTrue(res1
.count
> 0)
142 self
.assertEquals(res1
[0]["groupType"][0], "-2147483646")
147 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
149 print "Testing user add"
151 "dn": "cn=ldaptestuser,cn=uSers," + self
.base_dn
,
152 "objectclass": ["user", "person"],
153 "cN": "LDAPtestUSER",
158 "dn": "cn=ldaptestgroup,cn=uSers," + self
.base_dn
,
159 "objectclass": "group",
160 "member": "cn=ldaptestuser,cn=useRs," + self
.base_dn
})
162 self
.delete_force(ldb
, "cn=ldaptestcomputer,cn=computers," + self
.base_dn
)
164 "dn": "cn=ldaptestcomputer,cn=computers," + self
.base_dn
,
165 "objectclass": "computer",
166 "cN": "LDAPtestCOMPUTER"})
168 self
.delete_force(self
.ldb
, "cn=ldaptest2computer,cn=computers," + self
.base_dn
)
169 ldb
.add({"dn": "cn=ldaptest2computer,cn=computers," + self
.base_dn
,
170 "objectClass": "computer",
171 "cn": "LDAPtest2COMPUTER",
172 "userAccountControl": "4096",
173 "displayname": "ldap testy"})
175 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
177 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
178 "objectClass": "computer",
179 "cn": "LDAPtest2COMPUTER"
182 except LdbError
, (num
, _
):
183 self
.assertEquals(num
, ERR_INVALID_DN_SYNTAX
)
185 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
187 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
188 "objectClass": "computer",
189 "cn": "ldaptestcomputer3",
190 "sAMAccountType": "805306368"
193 except LdbError
, (num
, _
):
194 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
196 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
198 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
199 "objectClass": "computer",
200 "cn": "ldaptestcomputer3",
201 "userAccountControl": "0"
204 except LdbError
, (num
, _
):
205 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
207 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
209 ldb
.add({"dn": "cn=ldaptestuser7,cn=users," + self
.base_dn
,
210 "objectClass": "user",
211 "cn": "LDAPtestuser7",
212 "userAccountControl": "0"
215 except LdbError
, (num
, _
):
216 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
218 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
220 ldb
.add({"dn": "cn=ldaptestuser7,cn=users," + self
.base_dn
,
221 "objectClass": "user",
222 "cn": "LDAPtestuser7",
223 "userAccountControl": "2"
226 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
228 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
229 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
230 "objectClass": "computer",
231 "cn": "LDAPtestCOMPUTER3"
234 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
235 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestcomputer3)(objectClass=user))");
236 self
.assertEquals(len(res
), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res
))
238 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestcomputer3,CN=Computers," + self
.base_dn
));
239 self
.assertEquals(res
[0]["cn"][0], "ldaptestcomputer3");
240 self
.assertEquals(res
[0]["name"][0], "ldaptestcomputer3");
241 self
.assertEquals(res
[0]["objectClass"][0], "top");
242 self
.assertEquals(res
[0]["objectClass"][1], "person");
243 self
.assertEquals(res
[0]["objectClass"][2], "organizationalPerson");
244 self
.assertEquals(res
[0]["objectClass"][3], "user");
245 self
.assertEquals(res
[0]["objectClass"][4], "computer");
246 self
.assertTrue("objectGUID" in res
[0])
247 self
.assertTrue("whenCreated" in res
[0])
248 self
.assertEquals(res
[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
));
249 self
.assertEquals(int(res
[0]["primaryGroupID"][0]), 513);
250 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368);
251 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546);
253 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
255 print "Testing attribute or value exists behaviour"
258 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
260 replace: servicePrincipalName
261 servicePrincipalName: host/ldaptest2computer
262 servicePrincipalName: host/ldaptest2computer
263 servicePrincipalName: cifs/ldaptest2computer
266 except LdbError
, (num
, msg
):
267 self
.assertEquals(num
, ERR_ATTRIBUTE_OR_VALUE_EXISTS
)
270 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
272 replace: servicePrincipalName
273 servicePrincipalName: host/ldaptest2computer
274 servicePrincipalName: cifs/ldaptest2computer
278 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
280 add: servicePrincipalName
281 servicePrincipalName: host/ldaptest2computer
284 except LdbError
, (num
, msg
):
285 self
.assertEquals(num
, ERR_ATTRIBUTE_OR_VALUE_EXISTS
)
287 print "Testing ranged results"
289 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
291 replace: servicePrincipalName
295 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
297 add: servicePrincipalName
298 servicePrincipalName: host/ldaptest2computer0
299 servicePrincipalName: host/ldaptest2computer1
300 servicePrincipalName: host/ldaptest2computer2
301 servicePrincipalName: host/ldaptest2computer3
302 servicePrincipalName: host/ldaptest2computer4
303 servicePrincipalName: host/ldaptest2computer5
304 servicePrincipalName: host/ldaptest2computer6
305 servicePrincipalName: host/ldaptest2computer7
306 servicePrincipalName: host/ldaptest2computer8
307 servicePrincipalName: host/ldaptest2computer9
308 servicePrincipalName: host/ldaptest2computer10
309 servicePrincipalName: host/ldaptest2computer11
310 servicePrincipalName: host/ldaptest2computer12
311 servicePrincipalName: host/ldaptest2computer13
312 servicePrincipalName: host/ldaptest2computer14
313 servicePrincipalName: host/ldaptest2computer15
314 servicePrincipalName: host/ldaptest2computer16
315 servicePrincipalName: host/ldaptest2computer17
316 servicePrincipalName: host/ldaptest2computer18
317 servicePrincipalName: host/ldaptest2computer19
318 servicePrincipalName: host/ldaptest2computer20
319 servicePrincipalName: host/ldaptest2computer21
320 servicePrincipalName: host/ldaptest2computer22
321 servicePrincipalName: host/ldaptest2computer23
322 servicePrincipalName: host/ldaptest2computer24
323 servicePrincipalName: host/ldaptest2computer25
324 servicePrincipalName: host/ldaptest2computer26
325 servicePrincipalName: host/ldaptest2computer27
326 servicePrincipalName: host/ldaptest2computer28
327 servicePrincipalName: host/ldaptest2computer29
330 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
,
331 attrs
=["servicePrincipalName;range=0-*"])
332 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
333 #print len(res[0]["servicePrincipalName;range=0-*"])
334 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
336 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-19"])
337 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
338 # print res[0]["servicePrincipalName;range=0-19"].length
339 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-19"]), 20)
342 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-30"])
343 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
344 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
346 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-40"])
347 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
348 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
350 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=30-40"])
351 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
352 self
.assertEquals(len(res
[0]["servicePrincipalName;range=30-*"]), 0)
355 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=10-40"])
356 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
357 self
.assertEquals(len(res
[0]["servicePrincipalName;range=10-*"]), 20)
358 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
360 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=11-40"])
361 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
362 self
.assertEquals(len(res
[0]["servicePrincipalName;range=11-*"]), 19)
363 # print res[0]["servicePrincipalName;range=11-*"][18]
365 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
367 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=11-15"])
368 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
369 self
.assertEquals(len(res
[0]["servicePrincipalName;range=11-15"]), 5)
370 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
372 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName"])
373 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
374 # print res[0]["servicePrincipalName"][18]
376 self
.assertEquals(len(res
[0]["servicePrincipalName"]), 30)
377 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
379 self
.delete_force(self
.ldb
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
381 "dn": "cn=ldaptestuser2,cn=useRs," + self
.base_dn
,
382 "objectClass": ["person", "user"],
383 "cn": "LDAPtestUSER2",
384 "givenname": "testy",
387 print "Testing Ambigious Name Resolution"
388 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
389 res
= ldb
.search(expression
="(&(anr=ldap testy)(objectClass=user))")
390 self
.assertEquals(len(res
), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res
))
392 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
393 res
= ldb
.search(expression
="(&(anr=testy ldap)(objectClass=user))")
394 self
.assertEquals(len(res
), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res
))
396 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
397 res
= ldb
.search(expression
="(&(anr=ldap)(objectClass=user))")
398 self
.assertEquals(len(res
), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res
))
400 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
401 res
= ldb
.search(expression
="(&(anr==ldap)(objectClass=user))")
402 self
.assertEquals(len(res
), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res
))
404 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
405 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
406 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser")
408 # Testing ldb.search for (&(anr=testy)(objectClass=user))
409 res
= ldb
.search(expression
="(&(anr=testy)(objectClass=user))")
410 self
.assertEquals(len(res
), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res
))
412 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
413 res
= ldb
.search(expression
="(&(anr=testy ldap)(objectClass=user))")
414 self
.assertEquals(len(res
), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res
))
416 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
417 # this test disabled for the moment, as anr with == tests are not understood
418 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
419 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
421 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
422 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
423 self
.assertEquals(res
[0]["name"][0], "ldaptestuser")
425 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
426 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
427 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
429 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
430 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
431 self
.assertEquals(res
[0]["name"][0], "ldaptestuser")
433 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
434 res
= ldb
.search(expression
="(&(anr=testy ldap user)(objectClass=user))")
435 self
.assertEquals(len(res
), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
437 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
438 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser2")
439 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser2")
441 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
442 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
443 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
445 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
446 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser2")
447 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser2")
449 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
450 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
451 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
453 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
454 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser2")
455 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser2")
457 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
458 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
459 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
461 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
462 res
= ldb
.search(expression
="(&(anr=not ldap user2)(objectClass=user))")
463 self
.assertEquals(len(res
), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
465 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
466 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
467 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
469 print "Testing Group Modifies"
471 dn: cn=ldaptestgroup,cn=users,""" + self
.base_dn
+ """
474 member: cn=ldaptestuser2,cn=users,""" + self
.base_dn
+ """
475 member: cn=ldaptestcomputer,cn=computers,""" + self
.base_dn
+ """
478 self
.delete_force(ldb
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
480 print "Testing adding non-existent user to a group"
483 dn: cn=ldaptestgroup,cn=users,""" + self
.base_dn
+ """
486 member: cn=ldaptestuser3,cn=users,""" + self
.base_dn
+ """
489 except LdbError
, (num
, _
):
490 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
492 print "Testing Renames"
494 attrs
= ["objectGUID", "objectSid"]
495 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
496 res_user
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestUSer2)(objectClass=user))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
497 self
.assertEquals(len(res_user
), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
499 #Check rename works with extended/alternate DN forms
500 ldb
.rename("<SID=" + ldb
.schema_format_value("objectSID", res_user
[0]["objectSID"][0]) + ">" , "cn=ldaptestuser3,cn=users," + self
.base_dn
)
502 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
504 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestUSER3,cn=users," + self
.base_dn
)
506 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
507 res
= ldb
.search(expression
="(&(cn=ldaptestuser3)(objectClass=user))")
508 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
510 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
511 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
512 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
514 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
515 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
516 self
.assertEquals(len(res
), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
518 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
519 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
520 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
522 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
523 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
524 self
.assertEquals(len(res
), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
526 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
527 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
528 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
530 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
531 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
532 self
.assertEquals(len(res
), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
534 # This is a Samba special, and does not exist in real AD
535 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
536 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
537 # if (res.error != 0 || len(res) != 1) {
538 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
539 # self.assertEquals(len(res), 1)
541 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
542 # self.assertEquals(res[0].cn, "ldaptestUSER3")
543 # self.assertEquals(res[0].name, "ldaptestUSER3")
545 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")"
546 res
= ldb
.search(expression
="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")")
547 self
.assertEquals(len(res
), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")")
548 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
549 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
550 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
552 # ensure we cannot add it again
554 ldb
.add({"dn": "cn=ldaptestuser3,cn=userS," + self
.base_dn
,
555 "objectClass": ["person", "user"],
556 "cn": "LDAPtestUSER3"})
558 except LdbError
, (num
, _
):
559 self
.assertEquals(num
, ERR_ENTRY_ALREADY_EXISTS
)
562 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
564 # ensure we cannnot rename it twice
566 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
,
567 "cn=ldaptestuser2,cn=users," + self
.base_dn
)
569 except LdbError
, (num
, _
):
570 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
572 # ensure can now use that name
573 ldb
.add({"dn": "cn=ldaptestuser3,cn=users," + self
.base_dn
,
574 "objectClass": ["person", "user"],
575 "cn": "LDAPtestUSER3"})
577 # ensure we now cannnot rename
579 ldb
.rename("cn=ldaptestuser2,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
581 except LdbError
, (num
, _
):
582 self
.assertEquals(num
, ERR_ENTRY_ALREADY_EXISTS
)
584 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=configuration," + self
.base_dn
)
586 except LdbError
, (num
, _
):
587 self
.assertTrue(num
in (71, 64))
589 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser5,cn=users," + self
.base_dn
)
591 ldb
.delete("cn=ldaptestuser5,cn=users," + self
.base_dn
)
593 self
.delete_force(ldb
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
595 ldb
.rename("cn=ldaptestgroup,cn=users," + self
.base_dn
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
597 print "Testing subtree Renames"
599 ldb
.add({"dn": "cn=ldaptestcontainer," + self
.base_dn
,
600 "objectClass": "container"})
602 self
.delete_force(self
.ldb
, "cn=ldaptestuser4,cn=ldaptestcontainer," + self
.base_dn
)
603 ldb
.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self
.base_dn
,
604 "objectClass": ["person", "user"],
605 "cn": "LDAPtestUSER4"})
608 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
611 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self
.base_dn
+ """
614 print "Testing ldb.rename of cn=ldaptestcontainer," + self
.base_dn
+ " to cn=ldaptestcontainer2," + self
.base_dn
615 ldb
.rename("CN=ldaptestcontainer," + self
.base_dn
, "CN=ldaptestcontainer2," + self
.base_dn
)
617 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
618 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))")
619 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
621 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self
.base_dn
623 res
= ldb
.search("cn=ldaptestcontainer," + self
.base_dn
,
624 expression
="(&(cn=ldaptestuser4)(objectClass=user))",
627 except LdbError
, (num
, _
):
628 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
630 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self
.base_dn
632 res
= ldb
.search("cn=ldaptestcontainer," + self
.base_dn
,
633 expression
="(&(cn=ldaptestuser4)(objectClass=user))", scope
=SCOPE_ONELEVEL
)
635 except LdbError
, (num
, _
):
636 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
638 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
639 res
= ldb
.search("cn=ldaptestcontainer2," + self
.base_dn
, expression
="(&(cn=ldaptestuser4)(objectClass=user))", scope
=SCOPE_SUBTREE
)
640 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self
.base_dn
)
642 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
))
643 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
647 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group)) to check subtree renames and linked attributes"
648 res
= ldb
.search(self
.base_dn
, expression
="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group))", scope
=SCOPE_SUBTREE
)
649 self
.assertEquals(len(res
), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
651 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self
.base_dn
+ " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self
.base_dn
653 ldb
.rename("cn=ldaptestcontainer2," + self
.base_dn
, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self
.base_dn
)
655 except LdbError
, (num
, _
):
656 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
658 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self
.base_dn
+ " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self
.base_dn
660 ldb
.rename("cn=ldaptestcontainer2," + self
.base_dn
, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self
.base_dn
)
662 except LdbError
, (num
, _
):
663 self
.assertTrue(num
in (ERR_UNWILLING_TO_PERFORM
, ERR_OTHER
))
665 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self
.base_dn
667 ldb
.delete("cn=ldaptestcontainer2," + self
.base_dn
)
669 except LdbError
, (num
, _
):
670 self
.assertEquals(num
, ERR_NOT_ALLOWED_ON_NON_LEAF
)
672 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
673 res
= ldb
.search(expression
="(objectclass=*)", base
=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_BASE
)
674 self
.assertEquals(len(res
), 1)
675 res
= ldb
.search(expression
="(cn=ldaptestuser40)", base
=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_BASE
)
676 self
.assertEquals(len(res
), 0)
678 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self
.base_dn
679 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))", base
=("cn=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_ONELEVEL
)
680 # FIXME: self.assertEquals(len(res), 0)
682 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self
.base_dn
683 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))", base
=("cn=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_SUBTREE
)
684 # FIXME: self.assertEquals(len(res), 0)
686 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
)
687 ldb
.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
))
688 print "Testing delete of renamed cn=ldaptestcontainer2," + self
.base_dn
689 ldb
.delete("cn=ldaptestcontainer2," + self
.base_dn
)
691 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
)
692 ldb
.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
, "objectClass": "user"})
694 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
)
695 ldb
.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
, "objectClass": "user"})
697 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
698 res
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectClass=user))")
699 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
701 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
702 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser")
703 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser")
704 self
.assertEquals(set(res
[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
705 self
.assertTrue("objectGUID" in res
[0])
706 self
.assertTrue("whenCreated" in res
[0])
707 self
.assertEquals(str(res
[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self
.base_dn
))
708 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368)
709 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546)
710 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
711 self
.assertEquals(len(res
[0]["memberOf"]), 1)
713 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))"
714 res2
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))")
715 self
.assertEquals(len(res2
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))")
717 self
.assertEquals(res
[0].dn
, res2
[0].dn
)
719 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
720 res3
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))")
721 self
.assertEquals(len(res3
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3
))
723 self
.assertEquals(res
[0].dn
, res3
[0].dn
)
725 if gc_ldb
is not None:
726 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
727 res3gc
= gc_ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))")
728 self
.assertEquals(len(res3gc
), 1)
730 self
.assertEquals(res
[0].dn
, res3gc
[0].dn
)
732 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
734 res3control
= gc_ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:2"])
735 self
.assertEquals(len(res3control
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
737 self
.assertEquals(res
[0].dn
, res3control
[0].dn
)
739 ldb
.delete(res
[0].dn
)
741 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
742 res
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectClass=user))")
743 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
745 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestcomputer,CN=Computers," + self
.base_dn
))
746 self
.assertEquals(str(res
[0]["cn"]), "ldaptestcomputer")
747 self
.assertEquals(str(res
[0]["name"]), "ldaptestcomputer")
748 self
.assertEquals(set(res
[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
749 self
.assertTrue("objectGUID" in res
[0])
750 self
.assertTrue("whenCreated" in res
[0])
751 self
.assertEquals(str(res
[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
))
752 self
.assertEquals(int(res
[0]["primaryGroupID"][0]), 513)
753 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368)
754 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546)
755 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
756 self
.assertEquals(len(res
[0]["memberOf"]), 1)
758 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))"
759 res2
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
760 self
.assertEquals(len(res2
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
762 self
.assertEquals(res
[0].dn
, res2
[0].dn
)
764 if gc_ldb
is not None:
765 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ ")) in Global Catlog"
766 res2gc
= gc_ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
767 self
.assertEquals(len(res2gc
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ ")) in Global Catlog")
769 self
.assertEquals(res
[0].dn
, res2gc
[0].dn
)
771 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
772 res3
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
773 self
.assertEquals(len(res3
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
775 self
.assertEquals(res
[0].dn
, res3
[0].dn
)
777 if gc_ldb
is not None:
778 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
779 res3gc
= gc_ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
780 self
.assertEquals(len(res3gc
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
782 self
.assertEquals(res
[0].dn
, res3gc
[0].dn
)
784 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
785 res4
= ldb
.search(expression
="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
786 self
.assertEquals(len(res4
), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
788 self
.assertEquals(res
[0].dn
, res4
[0].dn
)
790 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
791 res5
= ldb
.search(expression
="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
792 self
.assertEquals(len(res5
), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
794 self
.assertEquals(res
[0].dn
, res5
[0].dn
)
796 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
797 res6
= ldb
.search(expression
="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
798 self
.assertEquals(len(res6
), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
800 self
.assertEquals(res
[0].dn
, res6
[0].dn
)
802 ldb
.delete("<GUID=" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + ">")
804 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
805 res
= ldb
.search(expression
="(&(cn=ldaptest2computer)(objectClass=user))")
806 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
808 self
.assertEquals(str(res
[0].dn
), "CN=ldaptest2computer,CN=Computers," + self
.base_dn
)
809 self
.assertEquals(str(res
[0]["cn"]), "ldaptest2computer")
810 self
.assertEquals(str(res
[0]["name"]), "ldaptest2computer")
811 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
812 self
.assertTrue("objectGUID" in res
[0])
813 self
.assertTrue("whenCreated" in res
[0])
814 self
.assertEquals(res
[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
)
815 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306369)
816 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 4096)
818 ldb
.delete("<SID=" + ldb
.schema_format_value("objectSID", res
[0]["objectSID"][0]) + ">")
820 attrs
= ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
821 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
822 res_user
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestUSer2)(objectClass=user))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
823 self
.assertEquals(len(res_user
), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
825 self
.assertEquals(str(res_user
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
826 self
.assertEquals(str(res_user
[0]["cn"]), "ldaptestuser2")
827 self
.assertEquals(str(res_user
[0]["name"]), "ldaptestuser2")
828 self
.assertEquals(list(res_user
[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
829 self
.assertTrue("objectSid" in res_user
[0])
830 self
.assertTrue("objectGUID" in res_user
[0])
831 self
.assertTrue("whenCreated" in res_user
[0])
832 self
.assertTrue("nTSecurityDescriptor" in res_user
[0])
833 self
.assertTrue("allowedAttributes" in res_user
[0])
834 self
.assertTrue("allowedAttributesEffective" in res_user
[0])
835 self
.assertEquals(res_user
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
837 ldaptestuser2_sid
= res_user
[0]["objectSid"][0]
838 ldaptestuser2_guid
= res_user
[0]["objectGUID"][0]
840 attrs
= ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
841 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
842 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
843 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
845 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
846 self
.assertEquals(str(res
[0]["cn"]), "ldaptestgroup2")
847 self
.assertEquals(str(res
[0]["name"]), "ldaptestgroup2")
848 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "group"])
849 self
.assertTrue("objectGUID" in res
[0])
850 self
.assertTrue("objectSid" in res
[0])
851 self
.assertTrue("whenCreated" in res
[0])
852 self
.assertTrue("nTSecurityDescriptor" in res
[0])
853 self
.assertTrue("allowedAttributes" in res
[0])
854 self
.assertTrue("allowedAttributesEffective" in res
[0])
856 for m
in res
[0]["member"]:
857 memberUP
.append(m
.upper())
858 self
.assertTrue(("CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper() in memberUP
)
860 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
, controls
=["extended_dn:1:1"])
861 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
863 print res
[0]["member"]
865 for m
in res
[0]["member"]:
866 memberUP
.append(m
.upper())
867 print ("<GUID=" + ldb
.schema_format_value("objectGUID", ldaptestuser2_guid
) + ">;<SID=" + ldb
.schema_format_value("objectSid", ldaptestuser2_sid
) + ">;CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper()
869 self
.assertTrue(("<GUID=" + ldb
.schema_format_value("objectGUID", ldaptestuser2_guid
) + ">;<SID=" + ldb
.schema_format_value("objectSid", ldaptestuser2_sid
) + ">;CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper() in memberUP
)
871 print "Testing Linked attribute behaviours"
873 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
876 member: CN=ldaptestuser2,CN=Users,""" + self
.base_dn
+ """
877 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
881 dn: <GUID=""" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + """>
884 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
888 dn: <SID=""" + ldb
.schema_format_value("objectSid", res
[0]["objectSid"][0]) + """>
894 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
897 member: <GUID=""" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + """>
898 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
902 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
908 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
911 member: <SID=""" + ldb
.schema_format_value("objectSid", res_user
[0]["objectSid"][0]) + """>
912 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
916 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
919 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
922 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
923 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
925 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
926 self
.assertEquals(res
[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
927 self
.assertEquals(len(res
[0]["member"]), 1)
929 ldb
.delete(("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
933 attrs
= ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
934 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
935 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
936 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
938 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
939 self
.assertTrue("member" not in res
[0])
941 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
942 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
943 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
945 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self
.base_dn
))
946 self
.assertEquals(str(res
[0]["cn"]), "ldaptestutf8user èùéìòà")
947 self
.assertEquals(str(res
[0]["name"]), "ldaptestutf8user èùéìòà")
948 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
949 self
.assertTrue("objectGUID" in res
[0])
950 self
.assertTrue("whenCreated" in res
[0])
952 ldb
.delete(res
[0].dn
)
954 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
955 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user2*)(objectClass=user))")
956 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
958 ldb
.delete(res
[0].dn
)
960 ldb
.delete(("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
962 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
963 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
965 #FIXME: self.assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
967 print "Testing that we can't get at the configuration DN from the main search base"
968 res
= ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
969 self
.assertEquals(len(res
), 0)
971 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
972 res
= ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:2"])
973 self
.assertTrue(len(res
) > 0)
975 if gc_ldb
is not None:
976 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
978 res
= gc_ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:0"])
979 self
.assertTrue(len(res
) > 0)
981 print "Testing that we do find configuration elements in the global catlog"
982 res
= gc_ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
983 self
.assertTrue(len(res
) > 0)
985 print "Testing that we do find configuration elements and user elements at the same time"
986 res
= gc_ldb
.search(self
.base_dn
, expression
="(|(objectClass=crossRef)(objectClass=person))", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
987 self
.assertTrue(len(res
) > 0)
989 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
990 res
= gc_ldb
.search(self
.configuration_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
991 self
.assertTrue(len(res
) > 0)
993 print "Testing that we can get at the configuration DN on the main LDAP port"
994 res
= ldb
.search(self
.configuration_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
995 self
.assertTrue(len(res
) > 0)
997 print "Testing objectCategory canonacolisation"
998 res
= ldb
.search(self
.configuration_dn
, expression
="objectCategory=ntDsDSA", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
999 self
.assertTrue(len(res
) > 0, "Didn't find any records with objectCategory=ntDsDSA")
1000 self
.assertTrue(len(res
) != 0)
1002 res
= ldb
.search(self
.configuration_dn
, expression
="objectCategory=CN=ntDs-DSA," + self
.schema_dn
, scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1003 self
.assertTrue(len(res
) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self
.schema_dn
)
1004 self
.assertTrue(len(res
) != 0)
1006 print "Testing objectClass attribute order on "+ self
.base_dn
1007 res
= ldb
.search(expression
="objectClass=domain", base
=self
.base_dn
,
1008 scope
=SCOPE_BASE
, attrs
=["objectClass"])
1009 self
.assertEquals(len(res
), 1)
1011 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "domain", "domainDNS"])
1015 print "Testing ldb.search for objectCategory=person"
1016 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=person", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1017 self
.assertTrue(len(res
) > 0)
1019 print "Testing ldb.search for objectCategory=person with domain scope control"
1020 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=person", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
1021 self
.assertTrue(len(res
) > 0)
1023 print "Testing ldb.search for objectCategory=user"
1024 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=user", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1025 self
.assertTrue(len(res
) > 0)
1027 print "Testing ldb.search for objectCategory=user with domain scope control"
1028 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=user", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
1029 self
.assertTrue(len(res
) > 0)
1031 print "Testing ldb.search for objectCategory=group"
1032 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=group", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1033 self
.assertTrue(len(res
) > 0)
1035 print "Testing ldb.search for objectCategory=group with domain scope control"
1036 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=group", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
1037 self
.assertTrue(len(res
) > 0)
1040 class BaseDnTests(unittest
.TestCase
):
1044 def test_rootdse_attrs(self
):
1045 """Testing for all rootDSE attributes"""
1046 res
= self
.ldb
.search(scope
=SCOPE_BASE
, attrs
=[])
1047 self
.assertEquals(len(res
), 1)
1049 def test_highestcommittedusn(self
):
1050 """Testing for highestCommittedUSN"""
1051 res
= self
.ldb
.search("", scope
=SCOPE_BASE
, attrs
=["highestCommittedUSN"])
1052 self
.assertEquals(len(res
), 1)
1053 self
.assertTrue(int(res
[0]["highestCommittedUSN"][0]) != 0)
1055 def test_netlogon(self
):
1056 """Testing for netlogon via LDAP"""
1057 res
= self
.ldb
.search("", scope
=SCOPE_BASE
, attrs
=["netlogon"])
1058 self
.assertEquals(len(res
), 0)
1060 def test_netlogon_highestcommitted_usn(self
):
1061 """Testing for netlogon and highestCommittedUSN via LDAP"""
1062 res
= self
.ldb
.search("", scope
=SCOPE_BASE
,
1063 attrs
=["netlogon", "highestCommittedUSN"])
1064 self
.assertEquals(len(res
), 0)
1066 class SchemaTests(unittest
.TestCase
):
1067 def find_schemadn(self
, ldb
):
1068 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["schemaNamingContext"])
1069 self
.assertEquals(len(res
), 1)
1070 return res
[0]["schemaNamingContext"][0]
1074 self
.schema_dn
= self
.find_schemadn(ldb
)
1076 def test_generated_schema(self
):
1077 """Testing we can read the generated schema via LDAP"""
1078 res
= self
.ldb
.search("cn=aggregate,"+self
.schema_dn
, scope
=SCOPE_BASE
,
1079 attrs
=["objectClasses", "attributeTypes", "dITContentRules"])
1080 self
.assertEquals(len(res
), 1)
1081 self
.assertTrue("dITContentRules" in res
[0])
1082 self
.assertTrue("objectClasses" in res
[0])
1083 self
.assertTrue("attributeTypes" in res
[0])
1085 def test_generated_schema_is_operational(self
):
1086 """Testing we don't get the generated schema via LDAP by default"""
1087 res
= self
.ldb
.search("cn=aggregate,"+self
.schema_dn
, scope
=SCOPE_BASE
,
1089 self
.assertEquals(len(res
), 1)
1090 self
.assertFalse("dITContentRules" in res
[0])
1091 self
.assertFalse("objectClasses" in res
[0])
1092 self
.assertFalse("attributeTypes" in res
[0])
1094 if not "://" in host
:
1095 host
= "ldap://%s" % host
1097 ldb
= Ldb(host
, credentials
=creds
, session_info
=system_session(), lp
=lp
)
1098 gc_ldb
= Ldb("%s:3268" % host
, credentials
=creds
,
1099 session_info
=system_session(), lp
=lp
)
1101 runner
= SubunitTestRunner()
1103 if not runner
.run(unittest
.makeSuite(BaseDnTests
)).wasSuccessful():
1105 if not runner
.run(unittest
.makeSuite(BasicTests
)).wasSuccessful():
1107 if not runner
.run(unittest
.makeSuite(SchemaTests
)).wasSuccessful():