2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
11 sys
.path
.append("bin/python")
13 import samba
.getopt
as options
15 from samba
.auth
import system_session
16 from ldb
import SCOPE_SUBTREE
, SCOPE_ONELEVEL
, SCOPE_BASE
, LdbError
17 from ldb
import ERR_NO_SUCH_OBJECT
, ERR_ATTRIBUTE_OR_VALUE_EXISTS
18 from ldb
import ERR_ENTRY_ALREADY_EXISTS
, ERR_UNWILLING_TO_PERFORM
19 from ldb
import ERR_NOT_ALLOWED_ON_NON_LEAF
, ERR_OTHER
, ERR_INVALID_DN_SYNTAX
20 from ldb
import ERR_NO_SUCH_ATTRIBUTE
21 from ldb
import ERR_OBJECT_CLASS_VIOLATION
, ERR_NOT_ALLOWED_ON_RDN
22 from ldb
import ERR_NAMING_VIOLATION
, ERR_CONSTRAINT_VIOLATION
23 from ldb
import ERR_UNDEFINED_ATTRIBUTE_TYPE
24 from ldb
import Message
, MessageElement
, Dn
25 from ldb
import FLAG_MOD_ADD
, FLAG_MOD_REPLACE
, FLAG_MOD_DELETE
27 from samba
import UF_NORMAL_ACCOUNT
28 from samba
import UF_WORKSTATION_TRUST_ACCOUNT
29 from samba
import UF_PASSWD_NOTREQD
, UF_ACCOUNTDISABLE
30 from samba
import ATYPE_NORMAL_ACCOUNT
, ATYPE_WORKSTATION_TRUST
32 from subunit
.run
import SubunitTestRunner
35 from samba
.ndr
import ndr_pack
, ndr_unpack
36 from samba
.dcerpc
import security
38 parser
= optparse
.OptionParser("ldap [options] <host>")
39 sambaopts
= options
.SambaOptions(parser
)
40 parser
.add_option_group(sambaopts
)
41 parser
.add_option_group(options
.VersionOptions(parser
))
42 # use command line creds if available
43 credopts
= options
.CredentialsOptions(parser
)
44 parser
.add_option_group(credopts
)
45 opts
, args
= parser
.parse_args()
53 lp
= sambaopts
.get_loadparm()
54 creds
= credopts
.get_credentials(lp
)
56 class BasicTests(unittest
.TestCase
):
58 def delete_force(self
, ldb
, dn
):
61 except LdbError
, (num
, _
):
62 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
64 def find_basedn(self
, ldb
):
65 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
,
66 attrs
=["defaultNamingContext"])
67 self
.assertEquals(len(res
), 1)
68 return res
[0]["defaultNamingContext"][0]
70 def find_configurationdn(self
, ldb
):
71 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["configurationNamingContext"])
72 self
.assertEquals(len(res
), 1)
73 return res
[0]["configurationNamingContext"][0]
75 def find_schemadn(self
, ldb
):
76 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["schemaNamingContext"])
77 self
.assertEquals(len(res
), 1)
78 return res
[0]["schemaNamingContext"][0]
80 def find_domain_sid(self
):
81 res
= self
.ldb
.search(base
=self
.base_dn
, expression
="(objectClass=*)", scope
=SCOPE_BASE
)
82 return ndr_unpack( security
.dom_sid
,res
[0]["objectSid"][0])
87 self
.base_dn
= self
.find_basedn(ldb
)
88 self
.configuration_dn
= self
.find_configurationdn(ldb
)
89 self
.schema_dn
= self
.find_schemadn(ldb
)
90 self
.domain_sid
= self
.find_domain_sid()
92 print "baseDN: %s\n" % self
.base_dn
94 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
95 self
.delete_force(self
.ldb
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
96 self
.delete_force(self
.ldb
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
97 self
.delete_force(self
.ldb
, "cn=ldaptestuser4,cn=ldaptestcontainer," + self
.base_dn
)
98 self
.delete_force(self
.ldb
, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self
.base_dn
)
99 self
.delete_force(self
.ldb
, "cn=ldaptestuser5,cn=users," + self
.base_dn
)
100 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
101 self
.delete_force(self
.ldb
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
102 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer,cn=computers," + self
.base_dn
)
103 self
.delete_force(self
.ldb
, "cn=ldaptest2computer,cn=computers," + self
.base_dn
)
104 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
105 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user èùéìòà,cn=users," + self
.base_dn
)
106 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self
.base_dn
)
107 self
.delete_force(self
.ldb
, "cn=ldaptestcontainer," + self
.base_dn
)
108 self
.delete_force(self
.ldb
, "cn=ldaptestcontainer2," + self
.base_dn
)
109 self
.delete_force(self
.ldb
, "cn=parentguidtest,cn=users," + self
.base_dn
)
110 self
.delete_force(self
.ldb
, "cn=parentguidtest,cn=testotherusers," + self
.base_dn
)
111 self
.delete_force(self
.ldb
, "cn=testotherusers," + self
.base_dn
)
112 self
.delete_force(self
.ldb
, "cn=ldaptestobject," + self
.base_dn
)
113 self
.delete_force(self
.ldb
, "description=xyz,cn=users," + self
.base_dn
)
114 self
.delete_force(self
.ldb
, "ou=testou,cn=users," + self
.base_dn
)
116 def test_system_only(self
):
117 """Test systemOnly objects"""
118 print "Test systemOnly objects"""
122 "dn
": "cn
=ldaptestobject
," + self.base_dn,
123 "objectclass
": "configuration
"})
125 except LdbError, (num, _):
126 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
128 self.delete_force(self.ldb, "cn
=ldaptestobject
," + self.base_dn)
130 def test_invalid_parent(self):
131 """Test adding an object with invalid parent"""
132 print "Test adding an
object with invalid parent
"""
136 "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
138 "objectclass": "group"})
140 except LdbError, (num, _):
141 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
143 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
148 "dn": "ou=testou,cn=users," + self.base_dn,
149 "objectclass": "organizationalUnit"})
151 except LdbError, (num, _):
152 self.assertEquals(num, ERR_NAMING_VIOLATION)
154 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
156 def test_invalid_attribute(self):
157 """Test adding invalid
attributes (not in schema
)"""
158 print "Test adding invalid attributes (not in schema)"""
162 "dn": "cn=ldaptestgroup,cn=users," + self
.base_dn
,
163 "objectclass": "group",
164 "thisdoesnotexist": "x"})
166 except LdbError
, (num
, _
):
167 self
.assertEquals(num
, ERR_NO_SUCH_ATTRIBUTE
)
170 "dn": "cn=ldaptestgroup,cn=users," + self
.base_dn
,
171 "objectclass": "group"})
174 m
.dn
= Dn(ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
175 m
["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE
,
180 except LdbError
, (num
, _
):
181 self
.assertEquals(num
, ERR_NO_SUCH_ATTRIBUTE
)
183 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
185 def test_single_valued_attributes(self
):
186 """Test single-valued attributes"""
187 print "Test single-valued attributes"""
191 "dn
": "cn
=ldaptestgroup
,cn
=users
," + self.base_dn,
192 "objectclass
": "group
",
193 "sAMAccountName
": ["nam1
", "nam2
"]})
195 except LdbError, (num, _):
196 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
199 "dn
": "cn
=ldaptestgroup
,cn
=users
," + self.base_dn,
200 "objectclass
": "group
"})
203 m.dn = Dn(ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
204 m["sAMAccountName
"] = MessageElement(["nam1
","nam2
"], FLAG_MOD_REPLACE,
209 except LdbError, (num, _):
210 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
213 m.dn = Dn(ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
214 m["sAMAccountName
"] = MessageElement("testgroupXX
", FLAG_MOD_REPLACE,
219 m.dn = Dn(ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
220 m["sAMAccountName
"] = MessageElement("testgroupXX2
", FLAG_MOD_ADD,
225 except LdbError, (num, _):
226 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
228 self.delete_force(self.ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
230 def test_multi_valued_attributes(self):
231 """Test multi-valued attributes"""
232 print "Test multi
-valued attributes
"""
234 # TODO: In this test I added some special tests where I got very unusual
235 # results back from a real AD. s4 doesn't match them and I've no idea how to
236 # implement those error cases (maybe there exists a special trigger for
237 # "description" attributes which handle them)
240 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
241 "description": "desc2",
242 "objectclass": "group",
243 "description": "desc1"})
245 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
248 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
249 "objectclass": "group",
250 "description": ["desc1", "desc2"]})
253 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
254 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
259 # except LdbError, (num, _):
260 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
263 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
264 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
269 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
270 # m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
275 # except LdbError, (num, _):
276 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
279 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
280 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
285 except LdbError, (num, _):
286 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
289 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
290 m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
295 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
296 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
301 # except LdbError, (num, _):
302 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
305 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
306 # m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
311 # except LdbError, (num, _):
312 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
315 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
316 m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
320 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
322 def test_empty_messages(self):
323 """Test empty messages
"""
324 print "Test empty messages"""
327 m
.dn
= Dn(ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
332 except LdbError
, (num
, _
):
333 self
.assertEquals(num
, ERR_OBJECT_CLASS_VIOLATION
)
338 except LdbError
, (num
, _
):
339 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
341 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
343 def test_empty_attributes(self
):
344 """Test empty attributes"""
345 print "Test empty attributes"""
348 m.dn = Dn(ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
349 m["objectClass
"] = MessageElement("group
", FLAG_MOD_ADD, "objectClass
")
350 m["description
"] = MessageElement([], FLAG_MOD_ADD, "description
")
355 except LdbError, (num, _):
356 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
359 "dn
": "cn
=ldaptestgroup
,cn
=users
," + self.base_dn,
360 "objectclass
": "group
"})
363 m.dn = Dn(ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
364 m["description
"] = MessageElement([], FLAG_MOD_ADD, "description
")
369 except LdbError, (num, _):
370 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
373 m.dn = Dn(ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
374 m["description
"] = MessageElement([], FLAG_MOD_REPLACE, "description
")
378 m.dn = Dn(ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
379 m["description
"] = MessageElement([], FLAG_MOD_DELETE, "description
")
383 except LdbError, (num, _):
384 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
386 self.delete_force(self.ldb, "cn
=ldaptestgroup
,cn
=users
," + self.base_dn)
388 def test_distinguished_name(self):
389 """Tests the 'distinguishedName' attribute"""
390 print "Tests the
'distinguishedName' attribute
"""
393 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
394 "objectclass": "group"})
397 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
398 m["distinguishedName"] = MessageElement(
399 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
405 except LdbError, (num, _):
406 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
409 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
410 m["distinguishedName"] = MessageElement(
411 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
417 except LdbError, (num, _):
418 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
421 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
422 m["distinguishedName"] = MessageElement(
423 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
429 except LdbError, (num, _):
430 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
432 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
434 def test_rdn_name(self):
436 print "Tests the RDN"""
440 "dn": "description=xyz,cn=users," + self
.base_dn
,
441 "objectclass": "group"})
443 except LdbError
, (num
, _
):
444 self
.assertEquals(num
, ERR_NAMING_VIOLATION
)
446 self
.delete_force(self
.ldb
, "description=xyz,cn=users," + self
.base_dn
)
449 "dn": "cn=ldaptestgroup,cn=users," + self
.base_dn
,
450 "objectclass": "group"})
453 m
.dn
= Dn(ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
454 m
["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE
,
460 except LdbError
, (num
, _
):
461 self
.assertEquals(num
, ERR_NOT_ALLOWED_ON_RDN
)
464 m
.dn
= Dn(ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
465 m
["cn"] = MessageElement("ldaptestuser",
466 FLAG_MOD_REPLACE
, "cn")
471 except LdbError
, (num
, _
):
472 self
.assertEquals(num
, ERR_NOT_ALLOWED_ON_RDN
)
474 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
477 # this test needs to be disabled until we really understand
478 # what the rDN length constraints are
479 def DISABLED_test_largeRDN(self
):
480 """Testing large rDN (limit 64 characters)"""
481 rdn
= "CN=a012345678901234567890123456789012345678901234567890123456789012";
482 self
.delete_force(self
.ldb
, "%s,%s" % (rdn
, self
.base_dn
))
484 dn: %s,%s""" % (rdn
,self
.base_dn
) + """
485 objectClass: container
487 self
.ldb
.add_ldif(ldif
)
488 self
.delete_force(self
.ldb
, "%s,%s" % (rdn
, self
.base_dn
))
490 rdn
= "CN=a0123456789012345678901234567890123456789012345678901234567890120";
491 self
.delete_force(self
.ldb
, "%s,%s" % (rdn
, self
.base_dn
))
494 dn: %s,%s""" % (rdn
,self
.base_dn
) + """
495 objectClass: container
497 self
.ldb
.add_ldif(ldif
)
499 except LdbError
, (num
, _
):
500 self
.assertEquals(num
, ERR_CONSTRAINT_VIOLATION
)
501 self
.delete_force(self
.ldb
, "%s,%s" % (rdn
, self
.base_dn
))
503 def test_rename(self
):
504 """Tests the rename operation"""
505 print "Tests the rename operations"""
508 "dn
": "cn
=ldaptestuser2
,cn
=users
," + self.base_dn,
509 "objectclass
": ["user
", "person
"] })
511 ldb.rename("cn
=ldaptestuser2
,cn
=users
," + self.base_dn, "cn
=ldaptestuser2
,cn
=users
," + self.base_dn)
512 ldb.rename("cn
=ldaptestuser2
,cn
=users
," + self.base_dn, "cn
=ldaptestuser3
,cn
=users
," + self.base_dn)
513 ldb.rename("cn
=ldaptestuser3
,cn
=users
," + self.base_dn, "cn
=ldaptestUSER3
,cn
=users
," + self.base_dn)
515 ldb.rename("cn
=ldaptestuser3
,cn
=users
," + self.base_dn, ",cn
=users
," + self.base_dn)
517 except LdbError, (num, _):
518 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
520 self.delete_force(self.ldb, "cn
=ldaptestuser3
,cn
=users
," + self.base_dn)
522 def test_rename_twice(self):
523 """Tests the rename operation twice - this corresponds to a past bug"""
524 print "Tests the rename twice operation
"""
527 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
528 "objectclass": ["user", "person"] })
530 ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
531 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
533 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
534 "objectclass": ["user", "person"] })
535 ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
536 res = ldb.search(expression="cn=ldaptestuser5")
537 print "Found %u records" % len(res)
538 self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
539 res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
540 print "Found %u records" % len(res)
541 self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
542 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
544 def test_parentGUID(self):
545 """Test parentGUID behaviour
"""
546 print "Testing parentGUID behaviour\n"
548 # TODO: This seems to fail on Windows Server. Hidden attribute?
551 "dn": "cn=parentguidtest,cn=users," + self.base_dn,
552 "objectclass":"user",
553 "samaccountname":"parentguidtest"});
554 res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
555 attrs=["parentGUID", "samaccountname"]);
556 res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
557 attrs=["objectGUID"]);
558 res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
559 attrs=["parentGUID"]);
561 """Check
if the parentGUID
is valid
"""
562 self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
564 """Check
if it returns nothing when there
is no parent
object"""
565 has_parentGUID = False
566 for key in res3[0].keys():
567 if key == "parentGUID":
568 has_parentGUID = True
570 self.assertFalse(has_parentGUID);
572 """Ensures that
if you look
for another
object attribute after the constructed
573 parentGUID
, it will
return correctly
"""
574 has_another_attribute = False
575 for key in res1[0].keys():
576 if key == "sAMAccountName":
577 has_another_attribute = True
579 self.assertTrue(has_another_attribute)
580 self.assertTrue(len(res1[0]["samaccountname"]) == 1)
581 self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest");
583 print "Testing parentGUID behaviour on rename\n"
586 "dn": "cn=testotherusers," + self.base_dn,
587 "objectclass":"container"});
588 res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
589 attrs=["objectGUID"]);
590 ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
591 "cn=parentguidtest,cn=testotherusers," + self.base_dn);
592 res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
594 attrs=["parentGUID"]);
595 self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
597 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
598 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
600 def test_groupType_int32(self):
601 """Test
groupType (int32
) behaviour (should appear to be casted to a
32 bit signed integer before comparsion
)"""
602 print "Testing groupType (int32) behaviour\n"
604 res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
605 attrs=["groupType"], expression="groupType=2147483653");
607 res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
608 attrs=["groupType"], expression="groupType=-2147483643");
610 self.assertEquals(len(res1), len(res2))
612 self.assertTrue(res1.count > 0)
614 self.assertEquals(res1[0]["groupType"][0], "-2147483643")
616 def test_groups(self):
617 """This tests the group
behaviour (setting
, changing
) of a user account
"""
618 print "Testing group behaviour\n"
621 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
622 "objectclass": "group"})
625 "dn": "cn=ldaptestgroup2,cn=users," + self.base_dn,
626 "objectclass": "group"})
628 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
629 scope=SCOPE_BASE, attrs=["objectSID"])
630 self.assertTrue(len(res1) == 1)
631 group_rid_1 = security.dom_sid(ldb.schema_format_value("objectSID",
632 res1[0]["objectSID"][0])).split()[1]
634 res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
635 scope=SCOPE_BASE, attrs=["objectSID"])
636 self.assertTrue(len(res1) == 1)
637 group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
638 res1[0]["objectSID"][0])).split()[1]
640 # Try to create a user with an invalid primary group
643 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
644 "objectclass": ["user", "person"],
645 "primaryGroupID": "0"})
647 except LdbError, (num, _):
648 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
649 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
651 # Try to Create a user with a valid primary group
652 # TODO Some more investigation needed here
655 # "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
656 # "objectclass": ["user", "person"],
657 # "primaryGroupID": str(group_rid_1)})
659 # except LdbError, (num, _):
660 # self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
661 # self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
664 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
665 "objectclass": ["user", "person"]})
667 # Try to add invalid primary group
669 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
670 m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
675 except LdbError, (num, _):
676 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
678 # Try to make group 1 primary - should be denied since it is not yet
681 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
682 m["primaryGroupID"] = MessageElement(str(group_rid_1),
683 FLAG_MOD_REPLACE, "primaryGroupID")
687 except LdbError, (num, _):
688 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
690 # Make group 1 secondary
692 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
693 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
694 FLAG_MOD_REPLACE, "member")
697 # Make group 1 primary
699 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
700 m["primaryGroupID"] = MessageElement(str(group_rid_1),
701 FLAG_MOD_REPLACE, "primaryGroupID")
704 # Try to delete group 1 - should be denied
706 ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
708 except LdbError, (num, _):
709 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
711 # Try to add group 1 also as secondary - should be denied
713 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
714 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
715 FLAG_MOD_ADD, "member")
719 except LdbError, (num, _):
720 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
722 # Try to add invalid member to group 1 - should be denied
724 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
725 m["member"] = MessageElement(
726 "cn=ldaptestuser3,cn=users," + self.base_dn,
727 FLAG_MOD_ADD, "member")
731 except LdbError, (num, _):
732 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
734 # Make group 2 secondary
736 m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
737 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
738 FLAG_MOD_ADD, "member")
743 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
744 m["primaryGroupID"] = MessageElement(str(group_rid_2),
745 FLAG_MOD_REPLACE, "primaryGroupID")
748 # Old primary group should contain a "member" attribute for the user,
749 # the new shouldn't contain anymore one
750 res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
751 scope=SCOPE_BASE, attrs=["member"])
752 self.assertTrue(len(res1) == 1)
753 self.assertTrue(len(res1[0]["member"]) == 1)
754 self.assertEquals(res1[0]["member"][0].lower(),
755 ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
757 res1 = ldb.search("cn=ldaptestgroup2, cn=users," + self.base_dn,
758 scope=SCOPE_BASE, attrs=["member"])
759 self.assertTrue(len(res1) == 1)
760 self.assertFalse("member" in res1[0])
762 # Also this should be denied
765 "dn": "cn=ldaptestuser1,cn=users," + self.base_dn,
766 "objectclass": ["user", "person"],
767 "primaryGroupID": "0"})
769 except LdbError, (num, _):
770 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
772 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
773 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
774 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
776 def test_primary_group_token_constructed(self):
777 """Test the primary group token
behaviour (hidden
-generated
-readonly attribute on groups
) and some other constructed attributes
"""
778 print "Testing primary group token behaviour and other constructed attributes\n"
782 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
783 "objectclass": "group",
784 "primaryGroupToken": "100"})
786 except LdbError, (num, _):
787 self.assertEquals(num, ERR_UNDEFINED_ATTRIBUTE_TYPE)
788 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
791 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
792 "objectclass": ["user", "person"]})
795 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
796 "objectclass": "group"})
798 # Testing for one invalid, and one valid operational attribute, but also the things they are built from
799 res1 = ldb.search(self.base_dn,
800 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName", "objectClass", "objectSid"])
801 self.assertTrue(len(res1) == 1)
802 self.assertFalse("primaryGroupToken" in res1[0])
803 self.assertTrue("canonicalName" in res1[0])
804 self.assertTrue("objectClass" in res1[0])
805 self.assertTrue("objectSid" in res1[0])
807 res1 = ldb.search(self.base_dn,
808 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName"])
809 self.assertTrue(len(res1) == 1)
810 self.assertFalse("primaryGroupToken" in res1[0])
811 self.assertFalse("objectSid" in res1[0])
812 self.assertFalse("objectClass" in res1[0])
813 self.assertTrue("canonicalName" in res1[0])
815 res1 = ldb.search("cn=users,"+self.base_dn,
816 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
817 self.assertTrue(len(res1) == 1)
818 self.assertFalse("primaryGroupToken" in res1[0])
820 res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
821 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
822 self.assertTrue(len(res1) == 1)
823 self.assertFalse("primaryGroupToken" in res1[0])
825 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
827 self.assertTrue(len(res1) == 1)
828 self.assertFalse("primaryGroupToken" in res1[0])
830 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
831 scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
832 self.assertTrue(len(res1) == 1)
833 primary_group_token = int(res1[0]["primaryGroupToken"][0])
835 rid = security.dom_sid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])).split()[1]
836 self.assertEquals(primary_group_token, rid)
839 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
840 m["primaryGroupToken"] = "100"
844 except LdbError, (num, _):
845 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
847 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
848 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
850 def test_tokenGroups(self):
851 """Test the tokenGroups
behaviour (hidden
-generated
-readonly attribute on SAM objects
)"""
852 print "Testing tokenGroups behaviour\n"
854 # The domain object shouldn't contain any "tokenGroups" entry
855 res = ldb.search(self.base_dn, scope=SCOPE_BASE, attrs=["tokenGroups"])
856 self.assertTrue(len(res) == 1)
857 self.assertFalse("tokenGroups" in res[0])
859 # The domain administrator should contain "tokenGroups" entries
860 # (the exact number depends on the domain/forest function level and the
861 # DC software versions)
862 res = ldb.search("cn=Administrator,cn=Users," + self.base_dn,
863 scope=SCOPE_BASE, attrs=["tokenGroups"])
864 self.assertTrue(len(res) == 1)
865 self.assertTrue("tokenGroups" in res[0])
868 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
869 "objectclass": ["user", "person"]})
871 # This testuser should contain at least two "tokenGroups" entries
872 # (exactly two on an unmodified "Domain Users" and "Users" group)
873 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
874 scope=SCOPE_BASE, attrs=["tokenGroups"])
875 self.assertTrue(len(res) == 1)
876 self.assertTrue(len(res[0]["tokenGroups"]) >= 2)
878 # one entry which we need to find should point to domains "Domain Users"
879 # group and another entry should point to the builtin "Users"group
880 domain_users_group_found = False
881 users_group_found = False
882 for sid in res[0]["tokenGroups"]:
883 rid = security.dom_sid(ldb.schema_format_value("objectSID", sid)).split()[1]
885 domain_users_group_found = True
887 users_group_found = True
889 self.assertTrue(domain_users_group_found)
890 self.assertTrue(users_group_found)
892 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
894 def test_wkguid(self):
895 """Test Well known GUID
behaviours (including DN
+Binary
)"""
896 print "Test Well known GUID behaviours (including DN+Binary)"""
898 res
= self
.ldb
.search(base
=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self
.base_dn
), scope
=SCOPE_BASE
, attrs
=[])
899 self
.assertEquals(len(res
), 1)
901 res2
= self
.ldb
.search(scope
=SCOPE_BASE
, attrs
=["wellKnownObjects"], expression
=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res
[0].dn
))
902 self
.assertEquals(len(res2
), 1)
904 # Prove that the matching rule is over the whole DN+Binary
905 res2
= self
.ldb
.search(scope
=SCOPE_BASE
, attrs
=["wellKnownObjects"], expression
=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd"))
906 self
.assertEquals(len(res2
), 0)
907 # Prove that the matching rule is over the whole DN+Binary
908 res2
= self
.ldb
.search(scope
=SCOPE_BASE
, attrs
=["wellKnownObjects"], expression
=("wellKnownObjects=%s") % res
[0].dn
)
909 self
.assertEquals(len(res2
), 0)
911 def test_subschemasubentry(self
):
912 """Test subSchemaSubEntry appears when requested, but not when not requested"""
913 print "Test subSchemaSubEntry"""
915 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry
"])
916 self.assertEquals(len(res), 1)
917 self.assertEquals(res[0]["subSchemaSubEntry
"][0], "CN
=Aggregate
,"+self.schema_dn)
919 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
920 self.assertEquals(len(res), 1)
921 self.assertTrue("subScheamSubEntry
" not in res[0])
926 print "Testing user add
"
929 "dn
": "cn
=ldaptestuser
,cn
=uSers
," + self.base_dn,
930 "objectclass
": ["user
", "person
"],
931 "cN
": "LDAPtestUSER
",
936 "dn
": "cn
=ldaptestgroup
,cn
=uSers
," + self.base_dn,
937 "objectclass
": "group
",
938 "member
": "cn
=ldaptestuser
,cn
=useRs
," + self.base_dn})
941 "dn
": "cn
=ldaptestcomputer
,cn
=computers
," + self.base_dn,
942 "objectclass
": "computer
",
943 "cN
": "LDAPtestCOMPUTER
"})
945 ldb.add({"dn
": "cn
=ldaptest2computer
,cn
=computers
," + self.base_dn,
946 "objectClass
": "computer
",
947 "cn
": "LDAPtest2COMPUTER
",
948 "userAccountControl
": str(UF_WORKSTATION_TRUST_ACCOUNT),
949 "displayname
": "ldap testy
"})
952 ldb.add({"dn
": "cn
=ldaptestcomputer3
,cn
=computers
," + self.base_dn,
953 "objectClass
": "computer
",
954 "cn
": "LDAPtest2COMPUTER
"
957 except LdbError, (num, _):
958 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
961 ldb.add({"dn
": "cn
=ldaptestcomputer3
,cn
=computers
," + self.base_dn,
962 "objectClass
": "computer
",
963 "cn
": "ldaptestcomputer3
",
964 "sAMAccountType
": str(ATYPE_NORMAL_ACCOUNT)
967 except LdbError, (num, _):
968 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
970 ldb.add({"dn
": "cn
=ldaptestcomputer3
,cn
=computers
," + self.base_dn,
971 "objectClass
": "computer
",
972 "cn
": "LDAPtestCOMPUTER3
"
975 print "Testing ldb
.search
for (&(cn
=ldaptestcomputer3
)(objectClass
=user
))";
976 res = ldb.search(self.base_dn, expression="(&(cn
=ldaptestcomputer3
)(objectClass
=user
))");
977 self.assertEquals(len(res), 1, "Found only
%d for (&(cn
=ldaptestcomputer3
)(objectClass
=user
))" % len(res))
979 self.assertEquals(str(res[0].dn), ("CN
=ldaptestcomputer3
,CN
=Computers
," + self.base_dn));
980 self.assertEquals(res[0]["cn
"][0], "ldaptestcomputer3
");
981 self.assertEquals(res[0]["name
"][0], "ldaptestcomputer3
");
982 self.assertEquals(res[0]["objectClass
"][0], "top
");
983 self.assertEquals(res[0]["objectClass
"][1], "person
");
984 self.assertEquals(res[0]["objectClass
"][2], "organizationalPerson
");
985 self.assertEquals(res[0]["objectClass
"][3], "user
");
986 self.assertEquals(res[0]["objectClass
"][4], "computer
");
987 self.assertTrue("objectGUID
" in res[0])
988 self.assertTrue("whenCreated
" in res[0])
989 self.assertEquals(res[0]["objectCategory
"][0], ("CN
=Computer
,CN
=Schema
,CN
=Configuration
," + self.base_dn));
990 self.assertEquals(int(res[0]["primaryGroupID
"][0]), 513);
991 self.assertEquals(int(res[0]["sAMAccountType
"][0]), ATYPE_NORMAL_ACCOUNT);
992 self.assertEquals(int(res[0]["userAccountControl
"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
994 self.delete_force(self.ldb, "cn
=ldaptestcomputer3
,cn
=computers
," + self.base_dn)
996 print "Testing attribute
or value exists behaviour
"
999 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1001 replace: servicePrincipalName
1002 servicePrincipalName: host/ldaptest2computer
1003 servicePrincipalName: host/ldaptest2computer
1004 servicePrincipalName: cifs/ldaptest2computer
1007 except LdbError, (num, msg):
1008 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1011 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1013 replace: servicePrincipalName
1014 servicePrincipalName: host/ldaptest2computer
1015 servicePrincipalName: cifs/ldaptest2computer
1019 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1021 add: servicePrincipalName
1022 servicePrincipalName: host/ldaptest2computer
1025 except LdbError, (num, msg):
1026 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1028 print "Testing ranged results
"
1030 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1032 replace: servicePrincipalName
1036 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1038 add: servicePrincipalName
1039 servicePrincipalName: host/ldaptest2computer0
1040 servicePrincipalName: host/ldaptest2computer1
1041 servicePrincipalName: host/ldaptest2computer2
1042 servicePrincipalName: host/ldaptest2computer3
1043 servicePrincipalName: host/ldaptest2computer4
1044 servicePrincipalName: host/ldaptest2computer5
1045 servicePrincipalName: host/ldaptest2computer6
1046 servicePrincipalName: host/ldaptest2computer7
1047 servicePrincipalName: host/ldaptest2computer8
1048 servicePrincipalName: host/ldaptest2computer9
1049 servicePrincipalName: host/ldaptest2computer10
1050 servicePrincipalName: host/ldaptest2computer11
1051 servicePrincipalName: host/ldaptest2computer12
1052 servicePrincipalName: host/ldaptest2computer13
1053 servicePrincipalName: host/ldaptest2computer14
1054 servicePrincipalName: host/ldaptest2computer15
1055 servicePrincipalName: host/ldaptest2computer16
1056 servicePrincipalName: host/ldaptest2computer17
1057 servicePrincipalName: host/ldaptest2computer18
1058 servicePrincipalName: host/ldaptest2computer19
1059 servicePrincipalName: host/ldaptest2computer20
1060 servicePrincipalName: host/ldaptest2computer21
1061 servicePrincipalName: host/ldaptest2computer22
1062 servicePrincipalName: host/ldaptest2computer23
1063 servicePrincipalName: host/ldaptest2computer24
1064 servicePrincipalName: host/ldaptest2computer25
1065 servicePrincipalName: host/ldaptest2computer26
1066 servicePrincipalName: host/ldaptest2computer27
1067 servicePrincipalName: host/ldaptest2computer28
1068 servicePrincipalName: host/ldaptest2computer29
1071 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE,
1072 attrs=["servicePrincipalName
;range=0-*"])
1073 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1074 #print len(res[0]["servicePrincipalName
;range=0-*"])
1075 self.assertEquals(len(res[0]["servicePrincipalName
;range=0-*"]), 30)
1077 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
;range=0-19"])
1078 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1079 # print res[0]["servicePrincipalName
;range=0-19"].length
1080 self.assertEquals(len(res[0]["servicePrincipalName
;range=0-19"]), 20)
1083 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
;range=0-30"])
1084 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1085 self.assertEquals(len(res[0]["servicePrincipalName
;range=0-*"]), 30)
1087 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
;range=0-40"])
1088 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1089 self.assertEquals(len(res[0]["servicePrincipalName
;range=0-*"]), 30)
1091 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
;range=30-40"])
1092 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1093 self.assertEquals(len(res[0]["servicePrincipalName
;range=30-*"]), 0)
1096 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
;range=10-40"])
1097 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1098 self.assertEquals(len(res[0]["servicePrincipalName
;range=10-*"]), 20)
1099 # pos_11 = res[0]["servicePrincipalName
;range=10-*"][18]
1101 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
;range=11-40"])
1102 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1103 self.assertEquals(len(res[0]["servicePrincipalName
;range=11-*"]), 19)
1104 # print res[0]["servicePrincipalName
;range=11-*"][18]
1106 # self.assertEquals((res[0]["servicePrincipalName
;range=11-*"][18]), pos_11)
1108 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
;range=11-15"])
1109 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1110 self.assertEquals(len(res[0]["servicePrincipalName
;range=11-15"]), 5)
1111 # self.assertEquals(res[0]["servicePrincipalName
;range=11-15"][4], pos_11)
1113 res = ldb.search(self.base_dn, expression="(cn
=ldaptest2computer
))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName
"])
1114 self.assertEquals(len(res), 1, "Could
not find (cn
=ldaptest2computer
)")
1115 # print res[0]["servicePrincipalName
"][18]
1117 self.assertEquals(len(res[0]["servicePrincipalName
"]), 30)
1118 # self.assertEquals(res[0]["servicePrincipalName
"][18], pos_11)
1120 self.delete_force(self.ldb, "cn
=ldaptestuser2
,cn
=users
," + self.base_dn)
1122 "dn
": "cn
=ldaptestuser2
,cn
=useRs
," + self.base_dn,
1123 "objectClass
": ["person
", "user
"],
1124 "cn
": "LDAPtestUSER2
",
1125 "givenname
": "testy
",
1126 "sn
": "ldap user2
"})
1128 print "Testing Ambigious Name Resolution
"
1129 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
1130 res = ldb.search(expression="(&(anr
=ldap testy
)(objectClass
=user
))")
1131 self.assertEquals(len(res), 3, "Found only
%d of
3 for (&(anr
=ldap testy
)(objectClass
=user
))" % len(res))
1133 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1134 res = ldb.search(expression="(&(anr
=testy ldap
)(objectClass
=user
))")
1135 self.assertEquals(len(res), 2, "Found only
%d of
2 for (&(anr
=testy ldap
)(objectClass
=user
))" % len(res))
1137 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
1138 res = ldb.search(expression="(&(anr
=ldap
)(objectClass
=user
))")
1139 self.assertEquals(len(res), 4, "Found only
%d of
4 for (&(anr
=ldap
)(objectClass
=user
))" % len(res))
1141 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
1142 res = ldb.search(expression="(&(anr
==ldap
)(objectClass
=user
))")
1143 self.assertEquals(len(res), 1, "Could
not find (&(anr
==ldap
)(objectClass
=user
)). Found only
%d for (&(anr
=ldap
)(objectClass
=user
))" % len(res))
1145 self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser
,CN
=Users
," + self.base_dn))
1146 self.assertEquals(res[0]["cn
"][0], "ldaptestuser
")
1147 self.assertEquals(str(res[0]["name
"]), "ldaptestuser
")
1149 # Testing ldb.search for (&(anr=testy)(objectClass=user))
1150 res = ldb.search(expression="(&(anr
=testy
)(objectClass
=user
))")
1151 self.assertEquals(len(res), 2, "Found only
%d for (&(anr
=testy
)(objectClass
=user
))" % len(res))
1153 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1154 res = ldb.search(expression="(&(anr
=testy ldap
)(objectClass
=user
))")
1155 self.assertEquals(len(res), 2, "Found only
%d for (&(anr
=testy ldap
)(objectClass
=user
))" % len(res))
1157 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1158 # this test disabled for the moment, as anr with == tests are not understood
1159 # res = ldb.search(expression="(&(anr
==testy ldap
)(objectClass
=user
))")
1160 # self.assertEquals(len(res), 1, "Found only
%d for (&(anr
==testy ldap
)(objectClass
=user
))" % len(res))
1162 # self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser
,CN
=Users
," + self.base_dn))
1163 # self.assertEquals(res[0]["cn
"][0], "ldaptestuser
")
1164 # self.assertEquals(res[0]["name
"][0], "ldaptestuser
")
1166 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1167 # res = ldb.search(expression="(&(anr
==testy ldap
)(objectClass
=user
))")
1168 # self.assertEquals(len(res), 1, "Could
not find (&(anr
==testy ldap
)(objectClass
=user
))")
1170 # self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser
,CN
=Users
," + self.base_dn))
1171 # self.assertEquals(res[0]["cn
"][0], "ldaptestuser
")
1172 # self.assertEquals(res[0]["name
"][0], "ldaptestuser
")
1174 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
1175 res = ldb.search(expression="(&(anr
=testy ldap user
)(objectClass
=user
))")
1176 self.assertEquals(len(res), 1, "Could
not find (&(anr
=testy ldap user
)(objectClass
=user
))")
1178 self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser2
,CN
=Users
," + self.base_dn))
1179 self.assertEquals(str(res[0]["cn
"]), "ldaptestuser2
")
1180 self.assertEquals(str(res[0]["name
"]), "ldaptestuser2
")
1182 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
1183 # res = ldb.search(expression="(&(anr
==testy ldap user2
)(objectClass
=user
))")
1184 # self.assertEquals(len(res), 1, "Could
not find (&(anr
==testy ldap user2
)(objectClass
=user
))")
1186 self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser2
,CN
=Users
," + self.base_dn))
1187 self.assertEquals(str(res[0]["cn
"]), "ldaptestuser2
")
1188 self.assertEquals(str(res[0]["name
"]), "ldaptestuser2
")
1190 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
1191 # res = ldb.search(expression="(&(anr
==ldap user2
)(objectClass
=user
))")
1192 # self.assertEquals(len(res), 1, "Could
not find (&(anr
==ldap user2
)(objectClass
=user
))")
1194 self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser2
,CN
=Users
," + self.base_dn))
1195 self.assertEquals(str(res[0]["cn
"]), "ldaptestuser2
")
1196 self.assertEquals(str(res[0]["name
"]), "ldaptestuser2
")
1198 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
1199 # res = ldb.search(expression="(&(anr
==not ldap user2
)(objectClass
=user
))")
1200 # self.assertEquals(len(res), 0, "Must
not find (&(anr
==not ldap user2
)(objectClass
=user
))")
1202 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
1203 res = ldb.search(expression="(&(anr
=not ldap user2
)(objectClass
=user
))")
1204 self.assertEquals(len(res), 0, "Must
not find (&(anr
=not ldap user2
)(objectClass
=user
))")
1206 # Testing ldb.search for (&(anr="testy ldap
")(objectClass=user)) (ie, with quotes)
1207 # res = ldb.search(expression="(&(anr
==\"testy ldap
\")(objectClass
=user
))")
1208 # self.assertEquals(len(res), 0, "Found (&(anr
==\"testy ldap
\")(objectClass
=user
))")
1210 print "Testing Renames
"
1212 attrs = ["objectGUID
", "objectSid
"]
1213 print "Testing ldb
.search
for (&(cn
=ldaptestUSer2
)(objectClass
=user
))"
1214 res_user = ldb.search(self.base_dn, expression="(&(cn
=ldaptestUSer2
)(objectClass
=user
))", scope=SCOPE_SUBTREE, attrs=attrs)
1215 self.assertEquals(len(res_user), 1, "Could
not find (&(cn
=ldaptestUSer2
)(objectClass
=user
))")
1217 # Check rename works with extended/alternate DN forms
1218 ldb.rename("<SID
=" + ldb.schema_format_value("objectSID
", res_user[0]["objectSID
"][0]) + ">" , "cn
=ldaptestUSER3
,cn
=users
," + self.base_dn)
1220 print "Testing ldb
.search
for (&(cn
=ldaptestuser3
)(objectClass
=user
))"
1221 res = ldb.search(expression="(&(cn
=ldaptestuser3
)(objectClass
=user
))")
1222 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestuser3
)(objectClass
=user
))")
1224 self.assertEquals(str(res[0].dn), ("CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn))
1225 self.assertEquals(str(res[0]["cn
"]), "ldaptestUSER3
")
1226 self.assertEquals(str(res[0]["name
"]), "ldaptestUSER3
")
1228 #"Testing ldb
.search
for (&(&(cn
=ldaptestuser3
)(userAccountControl
=*))(objectClass
=user
))"
1229 res = ldb.search(expression="(&(&(cn
=ldaptestuser3
)(userAccountControl
=*))(objectClass
=user
))")
1230 self.assertEquals(len(res), 1, "(&(&(cn
=ldaptestuser3
)(userAccountControl
=*))(objectClass
=user
))")
1232 self.assertEquals(str(res[0].dn), ("CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn))
1233 self.assertEquals(str(res[0]["cn
"]), "ldaptestUSER3
")
1234 self.assertEquals(str(res[0]["name
"]), "ldaptestUSER3
")
1236 #"Testing ldb
.search
for (&(&(cn
=ldaptestuser3
)(userAccountControl
=546))(objectClass
=user
))"
1237 res = ldb.search(expression="(&(&(cn
=ldaptestuser3
)(userAccountControl
=546))(objectClass
=user
))")
1238 self.assertEquals(len(res), 1, "(&(&(cn
=ldaptestuser3
)(userAccountControl
=546))(objectClass
=user
))")
1240 self.assertEquals(str(res[0].dn), ("CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn))
1241 self.assertEquals(str(res[0]["cn
"]), "ldaptestUSER3
")
1242 self.assertEquals(str(res[0]["name
"]), "ldaptestUSER3
")
1244 #"Testing ldb
.search
for (&(&(cn
=ldaptestuser3
)(userAccountControl
=547))(objectClass
=user
))"
1245 res = ldb.search(expression="(&(&(cn
=ldaptestuser3
)(userAccountControl
=547))(objectClass
=user
))")
1246 self.assertEquals(len(res), 0, "(&(&(cn
=ldaptestuser3
)(userAccountControl
=547))(objectClass
=user
))")
1248 # This is a Samba special, and does not exist in real AD
1249 # print "Testing ldb
.search
for (dn
=CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn + ")"
1250 # res = ldb.search("(dn
=CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn + ")")
1251 # if (res.error != 0 || len(res) != 1) {
1252 # print "Could
not find (dn
=CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn + ")"
1253 # self.assertEquals(len(res), 1)
1255 # self.assertEquals(res[0].dn, ("CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn))
1256 # self.assertEquals(res[0].cn, "ldaptestUSER3
")
1257 # self.assertEquals(res[0].name, "ldaptestUSER3
")
1259 print "Testing ldb
.search
for (distinguishedName
=CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn + ")"
1260 res = ldb.search(expression="(distinguishedName
=CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn + ")")
1261 self.assertEquals(len(res), 1, "Could
not find (dn
=CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn + ")")
1262 self.assertEquals(str(res[0].dn), ("CN
=ldaptestUSER3
,CN
=Users
," + self.base_dn))
1263 self.assertEquals(str(res[0]["cn
"]), "ldaptestUSER3
")
1264 self.assertEquals(str(res[0]["name
"]), "ldaptestUSER3
")
1266 # ensure we cannot add it again
1268 ldb.add({"dn
": "cn
=ldaptestuser3
,cn
=userS
," + self.base_dn,
1269 "objectClass
": ["person
", "user
"],
1270 "cn
": "LDAPtestUSER3
"})
1272 except LdbError, (num, _):
1273 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1276 ldb.rename("cn
=ldaptestuser3
,cn
=users
," + self.base_dn, "cn
=ldaptestuser2
,cn
=users
," + self.base_dn)
1278 # ensure we cannot rename it twice
1280 ldb.rename("cn
=ldaptestuser3
,cn
=users
," + self.base_dn,
1281 "cn
=ldaptestuser2
,cn
=users
," + self.base_dn)
1283 except LdbError, (num, _):
1284 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1286 # ensure can now use that name
1287 ldb.add({"dn
": "cn
=ldaptestuser3
,cn
=users
," + self.base_dn,
1288 "objectClass
": ["person
", "user
"],
1289 "cn
": "LDAPtestUSER3
"})
1291 # ensure we now cannot rename
1293 ldb.rename("cn
=ldaptestuser2
,cn
=users
," + self.base_dn, "cn
=ldaptestuser3
,cn
=users
," + self.base_dn)
1295 except LdbError, (num, _):
1296 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1298 ldb.rename("cn
=ldaptestuser3
,cn
=users
," + self.base_dn, "cn
=ldaptestuser3
,cn
=configuration
," + self.base_dn)
1300 except LdbError, (num, _):
1301 self.assertTrue(num in (71, 64))
1303 ldb.rename("cn
=ldaptestuser3
,cn
=users
," + self.base_dn, "cn
=ldaptestuser5
,cn
=users
," + self.base_dn)
1305 ldb.delete("cn
=ldaptestuser5
,cn
=users
," + self.base_dn)
1307 self.delete_force(ldb, "cn
=ldaptestgroup2
,cn
=users
," + self.base_dn)
1309 ldb.rename("cn
=ldaptestgroup
,cn
=users
," + self.base_dn, "cn
=ldaptestgroup2
,cn
=users
," + self.base_dn)
1311 print "Testing subtree renames
"
1313 ldb.add({"dn
": "cn
=ldaptestcontainer
," + self.base_dn,
1314 "objectClass
": "container
"})
1316 ldb.add({"dn
": "CN
=ldaptestuser4
,CN
=ldaptestcontainer
," + self.base_dn,
1317 "objectClass
": ["person
", "user
"],
1318 "cn
": "LDAPtestUSER4
"})
1321 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1324 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
1325 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
1326 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
1329 print "Testing ldb
.rename of cn
=ldaptestcontainer
," + self.base_dn + " to cn
=ldaptestcontainer2
," + self.base_dn
1330 ldb.rename("CN
=ldaptestcontainer
," + self.base_dn, "CN
=ldaptestcontainer2
," + self.base_dn)
1332 print "Testing ldb
.search
for (&(cn
=ldaptestuser4
)(objectClass
=user
))"
1333 res = ldb.search(expression="(&(cn
=ldaptestuser4
)(objectClass
=user
))")
1334 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestuser4
)(objectClass
=user
))")
1336 print "Testing subtree ldb
.search
for (&(cn
=ldaptestuser4
)(objectClass
=user
)) in (just renamed
from) cn
=ldaptestcontainer
," + self.base_dn
1338 res = ldb.search("cn
=ldaptestcontainer
," + self.base_dn,
1339 expression="(&(cn
=ldaptestuser4
)(objectClass
=user
))",
1340 scope=SCOPE_SUBTREE)
1342 except LdbError, (num, _):
1343 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1345 print "Testing one
-level ldb
.search
for (&(cn
=ldaptestuser4
)(objectClass
=user
)) in (just renamed
from) cn
=ldaptestcontainer
," + self.base_dn
1347 res = ldb.search("cn
=ldaptestcontainer
," + self.base_dn,
1348 expression="(&(cn
=ldaptestuser4
)(objectClass
=user
))", scope=SCOPE_ONELEVEL)
1350 except LdbError, (num, _):
1351 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1353 print "Testing ldb
.search
for (&(cn
=ldaptestuser4
)(objectClass
=user
)) in renamed container
"
1354 res = ldb.search("cn
=ldaptestcontainer2
," + self.base_dn, expression="(&(cn
=ldaptestuser4
)(objectClass
=user
))", scope=SCOPE_SUBTREE)
1355 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestuser4
)(objectClass
=user
)) under cn
=ldaptestcontainer2
," + self.base_dn)
1357 self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn))
1358 self.assertEquals(res[0]["memberOf
"][0].upper(), ("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn).upper())
1362 print "Testing ldb
.search
for (&(member
=CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn + ")(objectclass
=group
)) to check subtree renames
and linked attributes
"
1363 res = ldb.search(self.base_dn, expression="(&(member
=CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn + ")(objectclass
=group
))", scope=SCOPE_SUBTREE)
1364 self.assertEquals(len(res), 1, "Could
not find (&(member
=CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn + ")(objectclass
=group
)), perhaps linked attributes are
not consistant with subtree renames?
")
1366 print "Testing ldb
.rename (into itself
) of cn
=ldaptestcontainer2
," + self.base_dn + " to cn
=ldaptestcontainer
,cn
=ldaptestcontainer2
," + self.base_dn
1368 ldb.rename("cn
=ldaptestcontainer2
," + self.base_dn, "cn
=ldaptestcontainer
,cn
=ldaptestcontainer2
," + self.base_dn)
1370 except LdbError, (num, _):
1371 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1373 print "Testing ldb
.rename (into non
-existent container
) of cn
=ldaptestcontainer2
," + self.base_dn + " to cn
=ldaptestcontainer
,cn
=ldaptestcontainer3
," + self.base_dn
1375 ldb.rename("cn
=ldaptestcontainer2
," + self.base_dn, "cn
=ldaptestcontainer
,cn
=ldaptestcontainer3
," + self.base_dn)
1377 except LdbError, (num, _):
1378 self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
1380 print "Testing
delete (should fail
, not a leaf node
) of renamed cn
=ldaptestcontainer2
," + self.base_dn
1382 ldb.delete("cn
=ldaptestcontainer2
," + self.base_dn)
1384 except LdbError, (num, _):
1385 self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
1387 print "Testing base ldb
.search
for CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn
1388 res = ldb.search(expression="(objectclass
=*)", base=("CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn), scope=SCOPE_BASE)
1389 self.assertEquals(len(res), 1)
1390 res = ldb.search(expression="(cn
=ldaptestuser40
)", base=("CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn), scope=SCOPE_BASE)
1391 self.assertEquals(len(res), 0)
1393 print "Testing one
-level ldb
.search
for (&(cn
=ldaptestuser4
)(objectClass
=user
)) in cn
=ldaptestcontainer2
," + self.base_dn
1394 res = ldb.search(expression="(&(cn
=ldaptestuser4
)(objectClass
=user
))", base=("cn
=ldaptestcontainer2
," + self.base_dn), scope=SCOPE_ONELEVEL)
1395 # FIXME: self.assertEquals(len(res), 0)
1397 print "Testing one
-level ldb
.search
for (&(cn
=ldaptestuser4
)(objectClass
=user
)) in cn
=ldaptestcontainer2
," + self.base_dn
1398 res = ldb.search(expression="(&(cn
=ldaptestuser4
)(objectClass
=user
))", base=("cn
=ldaptestcontainer2
," + self.base_dn), scope=SCOPE_SUBTREE)
1399 # FIXME: self.assertEquals(len(res), 0)
1401 print "Testing delete of subtree renamed
"+("CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn)
1402 ldb.delete(("CN
=ldaptestuser4
,CN
=ldaptestcontainer2
," + self.base_dn))
1403 print "Testing delete of renamed cn
=ldaptestcontainer2
," + self.base_dn
1404 ldb.delete("cn
=ldaptestcontainer2
," + self.base_dn)
1406 ldb.add({"dn
": "cn
=ldaptestutf8user èùéìòà
,cn
=users
," + self.base_dn, "objectClass
": "user
"})
1408 ldb.add({"dn
": "cn
=ldaptestutf8user2 èùéìòà
,cn
=users
," + self.base_dn, "objectClass
": "user
"})
1410 print "Testing ldb
.search
for (&(cn
=ldaptestuser
)(objectClass
=user
))"
1411 res = ldb.search(expression="(&(cn
=ldaptestuser
)(objectClass
=user
))")
1412 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestuser
)(objectClass
=user
))")
1414 self.assertEquals(str(res[0].dn), ("CN
=ldaptestuser
,CN
=Users
," + self.base_dn))
1415 self.assertEquals(str(res[0]["cn
"]), "ldaptestuser
")
1416 self.assertEquals(str(res[0]["name
"]), "ldaptestuser
")
1417 self.assertEquals(set(res[0]["objectClass
"]), set(["top
", "person
", "organizationalPerson
", "user
"]))
1418 self.assertTrue("objectGUID
" in res[0])
1419 self.assertTrue("whenCreated
" in res[0])
1420 self.assertEquals(str(res[0]["objectCategory
"]), ("CN
=Person
,CN
=Schema
,CN
=Configuration
," + self.base_dn))
1421 self.assertEquals(int(res[0]["sAMAccountType
"][0]), ATYPE_NORMAL_ACCOUNT)
1422 self.assertEquals(int(res[0]["userAccountControl
"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1423 self.assertEquals(res[0]["memberOf
"][0].upper(), ("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn).upper())
1424 self.assertEquals(len(res[0]["memberOf
"]), 1)
1426 print "Testing ldb
.search
for (&(cn
=ldaptestuser
)(objectCategory
=cn
=person
,cn
=schema
,cn
=configuration
," + self.base_dn + "))"
1427 res2 = ldb.search(expression="(&(cn
=ldaptestuser
)(objectCategory
=cn
=person
,cn
=schema
,cn
=configuration
," + self.base_dn + "))")
1428 self.assertEquals(len(res2), 1, "Could
not find (&(cn
=ldaptestuser
)(objectCategory
=cn
=person
,cn
=schema
,cn
=configuration
," + self.base_dn + "))")
1430 self.assertEquals(res[0].dn, res2[0].dn)
1432 print "Testing ldb
.search
for (&(cn
=ldaptestuser
)(objectCategory
=PerSon
))"
1433 res3 = ldb.search(expression="(&(cn
=ldaptestuser
)(objectCategory
=PerSon
))")
1434 self.assertEquals(len(res3), 1, "Could
not find (&(cn
=ldaptestuser
)(objectCategory
=PerSon
)): matched
%d" % len(res3))
1436 self.assertEquals(res[0].dn, res3[0].dn)
1438 if gc_ldb is not None:
1439 print "Testing ldb
.search
for (&(cn
=ldaptestuser
)(objectCategory
=PerSon
)) in Global Catalog
"
1440 res3gc = gc_ldb.search(expression="(&(cn
=ldaptestuser
)(objectCategory
=PerSon
))")
1441 self.assertEquals(len(res3gc), 1)
1443 self.assertEquals(res[0].dn, res3gc[0].dn)
1445 print "Testing ldb
.search
for (&(cn
=ldaptestuser
)(objectCategory
=PerSon
)) in with
'phantom root' control
"
1447 if gc_ldb is not None:
1448 res3control = gc_ldb.search(self.base_dn, expression="(&(cn
=ldaptestuser
)(objectCategory
=PerSon
))", scope=SCOPE_SUBTREE, attrs=["cn
"], controls=["search_options
:1:2"])
1449 self.assertEquals(len(res3control), 1, "Could
not find (&(cn
=ldaptestuser
)(objectCategory
=PerSon
)) in Global Catalog
")
1451 self.assertEquals(res[0].dn, res3control[0].dn)
1453 ldb.delete(res[0].dn)
1455 print "Testing ldb
.search
for (&(cn
=ldaptestcomputer
)(objectClass
=user
))"
1456 res = ldb.search(expression="(&(cn
=ldaptestcomputer
)(objectClass
=user
))")
1457 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestuser
)(objectClass
=user
))")
1459 self.assertEquals(str(res[0].dn), ("CN
=ldaptestcomputer
,CN
=Computers
," + self.base_dn))
1460 self.assertEquals(str(res[0]["cn
"]), "ldaptestcomputer
")
1461 self.assertEquals(str(res[0]["name
"]), "ldaptestcomputer
")
1462 self.assertEquals(set(res[0]["objectClass
"]), set(["top
", "person
", "organizationalPerson
", "user
", "computer
"]))
1463 self.assertTrue("objectGUID
" in res[0])
1464 self.assertTrue("whenCreated
" in res[0])
1465 self.assertEquals(str(res[0]["objectCategory
"]), ("CN
=Computer
,CN
=Schema
,CN
=Configuration
," + self.base_dn))
1466 self.assertEquals(int(res[0]["primaryGroupID
"][0]), 513)
1467 self.assertEquals(int(res[0]["sAMAccountType
"][0]), ATYPE_NORMAL_ACCOUNT)
1468 self.assertEquals(int(res[0]["userAccountControl
"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1469 self.assertEquals(res[0]["memberOf
"][0].upper(), ("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn).upper())
1470 self.assertEquals(len(res[0]["memberOf
"]), 1)
1472 print "Testing ldb
.search
for (&(cn
=ldaptestcomputer
)(objectCategory
=cn
=computer
,cn
=schema
,cn
=configuration
," + self.base_dn + "))"
1473 res2 = ldb.search(expression="(&(cn
=ldaptestcomputer
)(objectCategory
=cn
=computer
,cn
=schema
,cn
=configuration
," + self.base_dn + "))")
1474 self.assertEquals(len(res2), 1, "Could
not find (&(cn
=ldaptestcomputer
)(objectCategory
=cn
=computer
,cn
=schema
,cn
=configuration
," + self.base_dn + "))")
1476 self.assertEquals(res[0].dn, res2[0].dn)
1478 if gc_ldb is not None:
1479 print "Testing ldb
.search
for (&(cn
=ldaptestcomputer
)(objectCategory
=cn
=computer
,cn
=schema
,cn
=configuration
," + self.base_dn + ")) in Global Catlog
"
1480 res2gc = gc_ldb.search(expression="(&(cn
=ldaptestcomputer
)(objectCategory
=cn
=computer
,cn
=schema
,cn
=configuration
," + self.base_dn + "))")
1481 self.assertEquals(len(res2gc), 1, "Could
not find (&(cn
=ldaptestcomputer
)(objectCategory
=cn
=computer
,cn
=schema
,cn
=configuration
," + self.base_dn + ")) in Global Catlog
")
1483 self.assertEquals(res[0].dn, res2gc[0].dn)
1485 print "Testing ldb
.search
for (&(cn
=ldaptestcomputer
)(objectCategory
=compuTER
))"
1486 res3 = ldb.search(expression="(&(cn
=ldaptestcomputer
)(objectCategory
=compuTER
))")
1487 self.assertEquals(len(res3), 1, "Could
not find (&(cn
=ldaptestcomputer
)(objectCategory
=compuTER
))")
1489 self.assertEquals(res[0].dn, res3[0].dn)
1491 if gc_ldb is not None:
1492 print "Testing ldb
.search
for (&(cn
=ldaptestcomputer
)(objectCategory
=compuTER
)) in Global Catalog
"
1493 res3gc = gc_ldb.search(expression="(&(cn
=ldaptestcomputer
)(objectCategory
=compuTER
))")
1494 self.assertEquals(len(res3gc), 1, "Could
not find (&(cn
=ldaptestcomputer
)(objectCategory
=compuTER
)) in Global Catalog
")
1496 self.assertEquals(res[0].dn, res3gc[0].dn)
1498 print "Testing ldb
.search
for (&(cn
=ldaptestcomp
*r
)(objectCategory
=compuTER
))"
1499 res4 = ldb.search(expression="(&(cn
=ldaptestcomp
*r
)(objectCategory
=compuTER
))")
1500 self.assertEquals(len(res4), 1, "Could
not find (&(cn
=ldaptestcomp
*r
)(objectCategory
=compuTER
))")
1502 self.assertEquals(res[0].dn, res4[0].dn)
1504 print "Testing ldb
.search
for (&(cn
=ldaptestcomput
*)(objectCategory
=compuTER
))"
1505 res5 = ldb.search(expression="(&(cn
=ldaptestcomput
*)(objectCategory
=compuTER
))")
1506 self.assertEquals(len(res5), 1, "Could
not find (&(cn
=ldaptestcomput
*)(objectCategory
=compuTER
))")
1508 self.assertEquals(res[0].dn, res5[0].dn)
1510 print "Testing ldb
.search
for (&(cn
=*daptestcomputer
)(objectCategory
=compuTER
))"
1511 res6 = ldb.search(expression="(&(cn
=*daptestcomputer
)(objectCategory
=compuTER
))")
1512 self.assertEquals(len(res6), 1, "Could
not find (&(cn
=*daptestcomputer
)(objectCategory
=compuTER
))")
1514 self.assertEquals(res[0].dn, res6[0].dn)
1516 ldb.delete("<GUID
=" + ldb.schema_format_value("objectGUID
", res[0]["objectGUID
"][0]) + ">")
1518 print "Testing ldb
.search
for (&(cn
=ldaptest2computer
)(objectClass
=user
))"
1519 res = ldb.search(expression="(&(cn
=ldaptest2computer
)(objectClass
=user
))")
1520 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptest2computer
)(objectClass
=user
))")
1522 self.assertEquals(str(res[0].dn), "CN
=ldaptest2computer
,CN
=Computers
," + self.base_dn)
1523 self.assertEquals(str(res[0]["cn
"]), "ldaptest2computer
")
1524 self.assertEquals(str(res[0]["name
"]), "ldaptest2computer
")
1525 self.assertEquals(list(res[0]["objectClass
"]), ["top
", "person
", "organizationalPerson
", "user
", "computer
"])
1526 self.assertTrue("objectGUID
" in res[0])
1527 self.assertTrue("whenCreated
" in res[0])
1528 self.assertEquals(res[0]["objectCategory
"][0], "CN
=Computer
,CN
=Schema
,CN
=Configuration
," + self.base_dn)
1529 self.assertEquals(int(res[0]["sAMAccountType
"][0]), ATYPE_WORKSTATION_TRUST)
1530 self.assertEquals(int(res[0]["userAccountControl
"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
1532 ldb.delete("<SID
=" + ldb.schema_format_value("objectSID
", res[0]["objectSID
"][0]) + ">")
1534 attrs = ["cn
", "name
", "objectClass
", "objectGUID
", "objectSID
", "whenCreated
", "nTSecurityDescriptor
", "memberOf
", "allowedAttributes
", "allowedAttributesEffective
"]
1535 print "Testing ldb
.search
for (&(cn
=ldaptestUSer2
)(objectClass
=user
))"
1536 res_user = ldb.search(self.base_dn, expression="(&(cn
=ldaptestUSer2
)(objectClass
=user
))", scope=SCOPE_SUBTREE, attrs=attrs)
1537 self.assertEquals(len(res_user), 1, "Could
not find (&(cn
=ldaptestUSer2
)(objectClass
=user
))")
1539 self.assertEquals(str(res_user[0].dn), ("CN
=ldaptestuser2
,CN
=Users
," + self.base_dn))
1540 self.assertEquals(str(res_user[0]["cn
"]), "ldaptestuser2
")
1541 self.assertEquals(str(res_user[0]["name
"]), "ldaptestuser2
")
1542 self.assertEquals(list(res_user[0]["objectClass
"]), ["top
", "person
", "organizationalPerson
", "user
"])
1543 self.assertTrue("objectSid
" in res_user[0])
1544 self.assertTrue("objectGUID
" in res_user[0])
1545 self.assertTrue("whenCreated
" in res_user[0])
1546 self.assertTrue("nTSecurityDescriptor
" in res_user[0])
1547 self.assertTrue("allowedAttributes
" in res_user[0])
1548 self.assertTrue("allowedAttributesEffective
" in res_user[0])
1549 self.assertEquals(res_user[0]["memberOf
"][0].upper(), ("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn).upper())
1551 ldaptestuser2_sid = res_user[0]["objectSid
"][0]
1552 ldaptestuser2_guid = res_user[0]["objectGUID
"][0]
1554 attrs = ["cn
", "name
", "objectClass
", "objectGUID
", "objectSID
", "whenCreated
", "nTSecurityDescriptor
", "member
", "allowedAttributes
", "allowedAttributesEffective
"]
1555 print "Testing ldb
.search
for (&(cn
=ldaptestgroup2
)(objectClass
=group
))"
1556 res = ldb.search(self.base_dn, expression="(&(cn
=ldaptestgroup2
)(objectClass
=group
))", scope=SCOPE_SUBTREE, attrs=attrs)
1557 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestgroup2
)(objectClass
=group
))")
1559 self.assertEquals(str(res[0].dn), ("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn))
1560 self.assertEquals(str(res[0]["cn
"]), "ldaptestgroup2
")
1561 self.assertEquals(str(res[0]["name
"]), "ldaptestgroup2
")
1562 self.assertEquals(list(res[0]["objectClass
"]), ["top
", "group
"])
1563 self.assertTrue("objectGUID
" in res[0])
1564 self.assertTrue("objectSid
" in res[0])
1565 self.assertTrue("whenCreated
" in res[0])
1566 self.assertTrue("nTSecurityDescriptor
" in res[0])
1567 self.assertTrue("allowedAttributes
" in res[0])
1568 self.assertTrue("allowedAttributesEffective
" in res[0])
1570 for m in res[0]["member
"]:
1571 memberUP.append(m.upper())
1572 self.assertTrue(("CN
=ldaptestuser2
,CN
=Users
," + self.base_dn).upper() in memberUP)
1574 res = ldb.search(self.base_dn, expression="(&(cn
=ldaptestgroup2
)(objectClass
=group
))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn
:1:1"])
1575 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestgroup2
)(objectClass
=group
))")
1577 print res[0]["member
"]
1579 for m in res[0]["member
"]:
1580 memberUP.append(m.upper())
1581 print ("<GUID
=" + ldb.schema_format_value("objectGUID
", ldaptestuser2_guid) + ">;<SID
=" + ldb.schema_format_value("objectSid
", ldaptestuser2_sid) + ">;CN
=ldaptestuser2
,CN
=Users
," + self.base_dn).upper()
1583 self.assertTrue(("<GUID
=" + ldb.schema_format_value("objectGUID
", ldaptestuser2_guid) + ">;<SID
=" + ldb.schema_format_value("objectSid
", ldaptestuser2_sid) + ">;CN
=ldaptestuser2
,CN
=Users
," + self.base_dn).upper() in memberUP)
1585 print "Testing Linked attribute behaviours
"
1587 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1590 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
1591 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1595 dn: <GUID=""" + ldb.schema_format_value("objectGUID
", res[0]["objectGUID
"][0]) + """>
1598 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1602 dn: <SID=""" + ldb.schema_format_value("objectSid
", res[0]["objectSid
"][0]) + """>
1608 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1611 member: <GUID=""" + ldb.schema_format_value("objectGUID
", res[0]["objectGUID
"][0]) + """>
1612 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1616 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1622 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1625 member: <SID=""" + ldb.schema_format_value("objectSid
", res_user[0]["objectSid
"][0]) + """>
1626 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1630 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1633 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1636 res = ldb.search(self.base_dn, expression="(&(cn
=ldaptestgroup2
)(objectClass
=group
))", scope=SCOPE_SUBTREE, attrs=attrs)
1637 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestgroup2
)(objectClass
=group
))")
1639 self.assertEquals(str(res[0].dn), ("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn))
1640 self.assertEquals(res[0]["member
"][0], ("CN
=ldaptestuser2
,CN
=Users
," + self.base_dn))
1641 self.assertEquals(len(res[0]["member
"]), 1)
1643 ldb.delete(("CN
=ldaptestuser2
,CN
=Users
," + self.base_dn))
1647 attrs = ["cn
", "name
", "objectClass
", "objectGUID
", "whenCreated
", "nTSecurityDescriptor
", "member
"]
1648 print "Testing ldb
.search
for (&(cn
=ldaptestgroup2
)(objectClass
=group
)) to check linked delete
"
1649 res = ldb.search(self.base_dn, expression="(&(cn
=ldaptestgroup2
)(objectClass
=group
))", scope=SCOPE_SUBTREE, attrs=attrs)
1650 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestgroup2
)(objectClass
=group
)) to check linked delete
")
1652 self.assertEquals(str(res[0].dn), ("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn))
1653 self.assertTrue("member
" not in res[0])
1655 print "Testing ldb
.search
for (&(cn
=ldaptestutf8user ÈÙÉÌÒÀ
)(objectClass
=user
))"
1656 # TODO UTF8 users don't seem to work fully anymore
1657 # res = ldb.search(expression="(&(cn
=ldaptestutf8user ÈÙÉÌÒÀ
)(objectClass
=user
))")
1658 res = ldb.search(expression="(&(cn
=ldaptestutf8user èùéìòà
)(objectclass
=user
))")
1659 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestutf8user ÈÙÉÌÒÀ
)(objectClass
=user
))")
1661 self.assertEquals(str(res[0].dn), ("CN
=ldaptestutf8user èùéìòà
,CN
=Users
," + self.base_dn))
1662 self.assertEquals(str(res[0]["cn
"]), "ldaptestutf8user èùéìòà
")
1663 self.assertEquals(str(res[0]["name
"]), "ldaptestutf8user èùéìòà
")
1664 self.assertEquals(list(res[0]["objectClass
"]), ["top
", "person
", "organizationalPerson
", "user
"])
1665 self.assertTrue("objectGUID
" in res[0])
1666 self.assertTrue("whenCreated
" in res[0])
1668 ldb.delete(res[0].dn)
1670 print "Testing ldb
.search
for (&(cn
=ldaptestutf8user2
*)(objectClass
=user
))"
1671 res = ldb.search(expression="(&(cn
=ldaptestutf8user2
*)(objectClass
=user
))")
1672 self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestutf8user2
*)(objectClass
=user
))")
1674 ldb.delete(res[0].dn)
1676 ldb.delete(("CN
=ldaptestgroup2
,CN
=Users
," + self.base_dn))
1678 print "Testing ldb
.search
for (&(cn
=ldaptestutf8user2 ÈÙÉÌÒÀ
)(objectClass
=user
))"
1679 # TODO UTF8 users don't seem to work fully anymore
1680 # res = ldb.search(expression="(&(cn
=ldaptestutf8user ÈÙÉÌÒÀ
)(objectClass
=user
))")
1681 # self.assertEquals(len(res), 1, "Could
not find (&(cn
=ldaptestutf8user ÈÙÉÌÒÀ
)(objectClass
=user
))")
1683 print "Testing that we can
't get at the configuration DN from the main search base"
1684 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1685 self.assertEquals(len(res), 0)
1687 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root
' search_options control"
1688 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1689 self.assertTrue(len(res) > 0)
1691 if gc_ldb is not None:
1692 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
1694 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
1695 self.assertTrue(len(res) > 0)
1697 print "Testing that we do find configuration elements in the global catlog"
1698 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1699 self.assertTrue(len(res) > 0)
1701 print "Testing that we do find configuration elements and user elements at the same time"
1702 res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
1703 self.assertTrue(len(res) > 0)
1705 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
1706 res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1707 self.assertTrue(len(res) > 0)
1709 print "Testing that we can get at the configuration DN on the main LDAP port"
1710 res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1711 self.assertTrue(len(res) > 0)
1713 print "Testing objectCategory canonacolisation"
1714 res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
1715 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory
=ntDsDSA
")
1716 self.assertTrue(len(res) != 0)
1718 res = ldb.search(self.configuration_dn, expression="objectCategory
=CN
=ntDs
-DSA
," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn
"])
1719 self.assertTrue(len(res) > 0, "Didn
't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
1720 self.assertTrue(len(res) != 0)
1722 print "Testing objectClass attribute order on "+ self.base_dn
1723 res = ldb.search(expression="objectClass=domain", base=self.base_dn,
1724 scope=SCOPE_BASE, attrs=["objectClass"])
1725 self.assertEquals(len(res), 1)
1727 self.assertEquals(list(res[0]["objectClass"]), ["top", "domain", "domainDNS"])
1731 print "Testing ldb.search for objectCategory=person"
1732 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
1733 self.assertTrue(len(res) > 0)
1735 print "Testing ldb.search for objectCategory=person with domain scope control"
1736 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1737 self.assertTrue(len(res) > 0)
1739 print "Testing ldb.search for objectCategory=user"
1740 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
1741 self.assertTrue(len(res) > 0)
1743 print "Testing ldb.search for objectCategory=user with domain scope control"
1744 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1745 self.assertTrue(len(res) > 0)
1747 print "Testing ldb.search for objectCategory=group"
1748 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
1749 self.assertTrue(len(res) > 0)
1751 print "Testing ldb.search for objectCategory=group with domain scope control"
1752 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1753 self.assertTrue(len(res) > 0)
1755 print "Testing creating a user with the posixAccount objectClass"
1756 self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
1759 objectClass: posixAccount
1761 objectClass: organizationalPerson
1767 homeDirectory: /home/posixuser
1768 loginShell: /bin/bash
1769 gecos: Posix User;;;
1770 description: A POSIX user"""% (self.base_dn))
1772 print "Testing removing the posixAccount objectClass from an existing user"
1773 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1776 objectClass: posixAccount"""% (self.base_dn))
1778 print "Testing adding the posixAccount objectClass to an existing user"
1779 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1782 objectClass: posixAccount"""% (self.base_dn))
1784 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
1785 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1786 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1787 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
1788 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
1789 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
1790 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1791 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1792 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1793 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
1794 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
1795 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
1796 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
1797 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
1798 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
1799 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
1801 def test_security_descriptor_add(self):
1802 """ Testing ldb.add_ldif() for nTSecurityDescriptor """
1803 user_name = "testdescriptoruser1"
1804 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1806 # Test add_ldif() with SDDL security descriptor input
1808 self.delete_force(self.ldb, user_dn)
1810 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1811 self.ldb.add_ldif("""
1812 dn: """ + user_dn + """
1814 sAMAccountName: """ + user_name + """
1815 nTSecurityDescriptor: """ + sddl)
1816 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1817 desc = res[0]["nTSecurityDescriptor"][0]
1818 desc = ndr_unpack( security.descriptor, desc )
1819 desc_sddl = desc.as_sddl( self.domain_sid )
1820 self.assertEqual(desc_sddl, sddl)
1822 self.delete_force(self.ldb, user_dn)
1824 # Test add_ldif() with BASE64 security descriptor
1827 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1828 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1829 desc_binary = ndr_pack(desc)
1830 desc_base64 = base64.b64encode(desc_binary)
1831 self.ldb.add_ldif("""
1832 dn: """ + user_dn + """
1834 sAMAccountName: """ + user_name + """
1835 nTSecurityDescriptor:: """ + desc_base64)
1836 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1837 desc = res[0]["nTSecurityDescriptor"][0]
1838 desc = ndr_unpack(security.descriptor, desc)
1839 desc_sddl = desc.as_sddl(self.domain_sid)
1840 self.assertEqual(desc_sddl, sddl)
1842 self.delete_force(self.ldb, user_dn)
1844 def test_security_descriptor_add_neg(self):
1845 """Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
1848 user_name = "testdescriptoruser1"
1849 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1850 self.delete_force(self.ldb, user_dn)
1852 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1853 desc = security.descriptor.from_sddl(sddl, security.dom_sid('S
-1-5-21'))
1854 desc_base64 = base64.b64encode( ndr_pack(desc) )
1855 self.ldb.add_ldif("""
1856 dn: """ + user_dn + """
1858 sAMAccountName: """ + user_name + """
1859 nTSecurityDescriptor:: """ + desc_base64)
1860 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1861 self.assertTrue("nTSecurityDescriptor" in res[0])
1863 self.delete_force(self.ldb, user_dn)
1865 def test_security_descriptor_modify(self):
1866 """ Testing ldb.modify_ldif() for nTSecurityDescriptor """
1867 user_name = "testdescriptoruser2"
1868 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1870 # Delete user object and test modify_ldif() with SDDL security descriptor input
1871 # Add ACE to the original descriptor test
1874 self.delete_force(self.ldb, user_dn)
1875 self.ldb.add_ldif("""
1876 dn: """ + user_dn + """
1878 sAMAccountName: """ + user_name)
1880 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1881 desc = res[0]["nTSecurityDescriptor"][0]
1882 desc = ndr_unpack(security.descriptor, desc)
1883 desc_sddl = desc.as_sddl(self.domain_sid)
1884 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
1886 dn: """ + user_dn + """
1888 replace: nTSecurityDescriptor
1889 nTSecurityDescriptor: """ + sddl
1890 self.ldb.modify_ldif(mod)
1891 # Read modified descriptor
1892 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1893 desc = res[0]["nTSecurityDescriptor"][0]
1894 desc = ndr_unpack(security.descriptor, desc)
1895 desc_sddl = desc.as_sddl(self.domain_sid)
1896 self.assertEqual(desc_sddl, sddl)
1898 self.delete_force(self.ldb, user_dn)
1900 # Test modify_ldif() with SDDL security descriptor input
1901 # New desctiptor test
1904 self.ldb.add_ldif("""
1905 dn: """ + user_dn + """
1907 sAMAccountName: """ + user_name)
1909 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1911 dn: """ + user_dn + """
1913 replace: nTSecurityDescriptor
1914 nTSecurityDescriptor: """ + sddl
1915 self.ldb.modify_ldif(mod)
1916 # Read modified descriptor
1917 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1918 desc = res[0]["nTSecurityDescriptor"][0]
1919 desc = ndr_unpack(security.descriptor, desc)
1920 desc_sddl = desc.as_sddl(self.domain_sid)
1921 self.assertEqual(desc_sddl, sddl)
1923 self.delete_force(self.ldb, user_dn)
1925 # Test modify_ldif() with BASE64 security descriptor input
1926 # Add ACE to the original descriptor test
1929 self.ldb.add_ldif("""
1930 dn: """ + user_dn + """
1932 sAMAccountName: """ + user_name)
1934 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1935 desc = res[0]["nTSecurityDescriptor"][0]
1936 desc = ndr_unpack(security.descriptor, desc)
1937 desc_sddl = desc.as_sddl(self.domain_sid)
1938 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
1939 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1940 desc_base64 = base64.b64encode(ndr_pack(desc))
1942 dn: """ + user_dn + """
1944 replace: nTSecurityDescriptor
1945 nTSecurityDescriptor:: """ + desc_base64
1946 self.ldb.modify_ldif(mod)
1947 # Read modified descriptor
1948 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1949 desc = res[0]["nTSecurityDescriptor"][0]
1950 desc = ndr_unpack(security.descriptor, desc)
1951 desc_sddl = desc.as_sddl(self.domain_sid)
1952 self.assertEqual(desc_sddl, sddl)
1954 self.delete_force(self.ldb, user_dn)
1956 # Test modify_ldif() with BASE64 security descriptor input
1957 # New descriptor test
1960 self.delete_force(self.ldb, user_dn)
1961 self.ldb.add_ldif("""
1962 dn: """ + user_dn + """
1964 sAMAccountName: """ + user_name)
1966 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1967 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1968 desc_base64 = base64.b64encode(ndr_pack(desc))
1970 dn: """ + user_dn + """
1972 replace: nTSecurityDescriptor
1973 nTSecurityDescriptor:: """ + desc_base64
1974 self.ldb.modify_ldif(mod)
1975 # Read modified descriptor
1976 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1977 desc = res[0]["nTSecurityDescriptor"][0]
1978 desc = ndr_unpack(security.descriptor, desc)
1979 desc_sddl = desc.as_sddl(self.domain_sid)
1980 self.assertEqual(desc_sddl, sddl)
1982 self.delete_force(self.ldb, user_dn)
1984 class BaseDnTests(unittest.TestCase):
1988 def test_rootdse_attrs(self):
1989 """Testing for all rootDSE attributes"""
1990 res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
1991 self.assertEquals(len(res), 1)
1993 def test_highestcommittedusn(self):
1994 """Testing for highestCommittedUSN"""
1995 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
1996 self.assertEquals(len(res), 1)
1997 self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
1999 def test_netlogon(self):
2000 """Testing for netlogon via LDAP"""
2001 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
2002 self.assertEquals(len(res), 0)
2004 def test_netlogon_highestcommitted_usn(self):
2005 """Testing for netlogon and highestCommittedUSN via LDAP"""
2006 res = self.ldb.search("", scope=SCOPE_BASE,
2007 attrs=["netlogon", "highestCommittedUSN"])
2008 self.assertEquals(len(res), 0)
2010 def test_namingContexts(self):
2011 """Testing for namingContexts in rootDSE"""
2012 res = self.ldb.search("", scope=SCOPE_BASE,
2013 attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
2014 self.assertEquals(len(res), 1)
2017 for nc in res[0]["namingContexts"]:
2018 self.assertTrue(nc not in ncs)
2021 self.assertTrue(res[0]["defaultNamingContext"][0] in ncs)
2022 self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
2023 self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
2026 if not "://" in host:
2027 if os.path.isfile(host):
2028 host = "tdb://%s" % host
2030 host = "ldap://%s" % host
2032 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
2033 if not "tdb://" in host:
2034 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
2035 session_info=system_session(), lp=lp)
2039 runner = SubunitTestRunner()
2041 if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful():
2043 if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful():