search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ldap.py: Fix syntax error.
[Samba/eduardoll.git] / source4 / lib / ldb / tests / python / ldap.py
blob4f35ead2de18bfd8104dcfdd06293f1e675d8ba8
1 #!/usr/bin/env python
2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
4
5 import optparse
6 import sys
7 import time
8 import base64
9 import os
10
11 sys.path.append("bin/python")
12
13 import samba.getopt as options
14
15 from samba.auth import system_session
16 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
17 from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
18 from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
19 from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
20 from ldb import ERR_NO_SUCH_ATTRIBUTE
21 from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
22 from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
23 from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
24 from ldb import Message, MessageElement, Dn
25 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
26 from samba import Ldb
27 from samba import UF_NORMAL_ACCOUNT
28 from samba import UF_WORKSTATION_TRUST_ACCOUNT
29 from samba import UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE
30 from samba import ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST
31
32 from subunit.run import SubunitTestRunner
33 import unittest
34
35 from samba.ndr import ndr_pack, ndr_unpack
36 from samba.dcerpc import security
37
38 parser = optparse.OptionParser("ldap [options] <host>")
39 sambaopts = options.SambaOptions(parser)
40 parser.add_option_group(sambaopts)
41 parser.add_option_group(options.VersionOptions(parser))
42 # use command line creds if available
43 credopts = options.CredentialsOptions(parser)
44 parser.add_option_group(credopts)
45 opts, args = parser.parse_args()
46
47 if len(args) < 1:
48 parser.print_usage()
49 sys.exit(1)
50
51 host = args[0]
52
53 lp = sambaopts.get_loadparm()
54 creds = credopts.get_credentials(lp)
55
56 class BasicTests(unittest.TestCase):
57
58 def delete_force(self, ldb, dn):
59 try:
60 ldb.delete(dn)
61 except LdbError, (num, _):
62 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
63
64 def find_basedn(self, ldb):
65 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
66 attrs=["defaultNamingContext"])
67 self.assertEquals(len(res), 1)
68 return res[0]["defaultNamingContext"][0]
69
70 def find_configurationdn(self, ldb):
71 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
72 self.assertEquals(len(res), 1)
73 return res[0]["configurationNamingContext"][0]
74
75 def find_schemadn(self, ldb):
76 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
77 self.assertEquals(len(res), 1)
78 return res[0]["schemaNamingContext"][0]
79
80 def find_domain_sid(self):
81 res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
82 return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
83
84 def setUp(self):
85 self.ldb = ldb
86 self.gc_ldb = gc_ldb
87 self.base_dn = self.find_basedn(ldb)
88 self.configuration_dn = self.find_configurationdn(ldb)
89 self.schema_dn = self.find_schemadn(ldb)
90 self.domain_sid = self.find_domain_sid()
91
92 print "baseDN: %s\n" % self.base_dn
93
94 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
95 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
96 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
97 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
98 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
99 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
100 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
101 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
102 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
103 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
104 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
105 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
106 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
107 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
108 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
109 self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
110 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
111 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
112 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
113 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
114 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
115
116 def test_system_only(self):
117 """Test systemOnly objects"""
118 print "Test systemOnly objects"""
119
120 try:
121 self.ldb.add({
122 "dn": "cn=ldaptestobject," + self.base_dn,
123 "objectclass": "configuration"})
124 self.fail()
125 except LdbError, (num, _):
126 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
127
128 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
129
130 def test_invalid_parent(self):
131 """Test adding an object with invalid parent"""
132 print "Test adding an object with invalid parent"""
133
134 try:
135 self.ldb.add({
136 "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
137 + self.base_dn,
138 "objectclass": "group"})
139 self.fail()
140 except LdbError, (num, _):
141 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
142
143 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
144 + self.base_dn)
145
146 try:
147 self.ldb.add({
148 "dn": "ou=testou,cn=users," + self.base_dn,
149 "objectclass": "organizationalUnit"})
150 self.fail()
151 except LdbError, (num, _):
152 self.assertEquals(num, ERR_NAMING_VIOLATION)
153
154 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
155
156 def test_invalid_attribute(self):
157 """Test adding invalid attributes (not in schema)"""
158 print "Test adding invalid attributes (not in schema)"""
159
160 try:
161 self.ldb.add({
162 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
163 "objectclass": "group",
164 "thisdoesnotexist": "x"})
165 self.fail()
166 except LdbError, (num, _):
167 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
168
169 self.ldb.add({
170 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
171 "objectclass": "group"})
172
173 m = Message()
174 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
175 m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
176 "thisdoesnotexist")
177 try:
178 ldb.modify(m)
179 self.fail()
180 except LdbError, (num, _):
181 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
182
183 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
184
185 def test_single_valued_attributes(self):
186 """Test single-valued attributes"""
187 print "Test single-valued attributes"""
188
189 try:
190 self.ldb.add({
191 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
192 "objectclass": "group",
193 "sAMAccountName": ["nam1", "nam2"]})
194 self.fail()
195 except LdbError, (num, _):
196 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
197
198 self.ldb.add({
199 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
200 "objectclass": "group"})
201
202 m = Message()
203 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
204 m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
205 "sAMAccountName")
206 try:
207 ldb.modify(m)
208 self.fail()
209 except LdbError, (num, _):
210 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
211
212 m = Message()
213 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
214 m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
215 "sAMAccountName")
216 ldb.modify(m)
217
218 m = Message()
219 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
220 m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
221 "sAMAccountName")
222 try:
223 ldb.modify(m)
224 self.fail()
225 except LdbError, (num, _):
226 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
227
228 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
229
230 def test_multi_valued_attributes(self):
231 """Test multi-valued attributes"""
232 print "Test multi-valued attributes"""
233
234 # TODO: In this test I added some special tests where I got very unusual
235 # results back from a real AD. s4 doesn't match them and I've no idea how to
236 # implement those error cases (maybe there exists a special trigger for
237 # "description" attributes which handle them)
238
239 self.ldb.add({
240 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
241 "description": "desc2",
242 "objectclass": "group",
243 "description": "desc1"})
244
245 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
246
247 self.ldb.add({
248 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
249 "objectclass": "group",
250 "description": ["desc1", "desc2"]})
251
252 # m = Message()
253 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
254 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
255 # "description")
256 # try:
257 # ldb.modify(m)
258 # self.fail()
259 # except LdbError, (num, _):
260 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
261
262 m = Message()
263 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
264 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
265 "description")
266 ldb.modify(m)
267
268 # m = Message()
269 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
270 # m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
271 # "description")
272 # try:
273 # ldb.modify(m)
274 # self.fail()
275 # except LdbError, (num, _):
276 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
277
278 m = Message()
279 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
280 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
281 "description")
282 try:
283 ldb.modify(m)
284 self.fail()
285 except LdbError, (num, _):
286 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
287
288 m = Message()
289 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
290 m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
291 "description")
292 ldb.modify(m)
293
294 # m = Message()
295 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
296 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
297 # "description")
298 # try:
299 # ldb.modify(m)
300 # self.fail()
301 # except LdbError, (num, _):
302 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
303
304 # m = Message()
305 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
306 # m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
307 # "description")
308 # try:
309 # ldb.modify(m)
310 # self.fail()
311 # except LdbError, (num, _):
312 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
313
314 m = Message()
315 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
316 m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
317 "description")
318 ldb.modify(m)
319
320 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
321
322 def test_empty_messages(self):
323 """Test empty messages"""
324 print "Test empty messages"""
325
326 m = Message()
327 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
328
329 try:
330 ldb.add(m)
331 self.fail()
332 except LdbError, (num, _):
333 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
334
335 try:
336 ldb.modify(m)
337 self.fail()
338 except LdbError, (num, _):
339 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
340
341 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
342
343 def test_empty_attributes(self):
344 """Test empty attributes"""
345 print "Test empty attributes"""
346
347 m = Message()
348 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
349 m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass")
350 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
351
352 try:
353 ldb.add(m)
354 self.fail()
355 except LdbError, (num, _):
356 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
357
358 self.ldb.add({
359 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
360 "objectclass": "group"})
361
362 m = Message()
363 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
364 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
365
366 try:
367 ldb.modify(m)
368 self.fail()
369 except LdbError, (num, _):
370 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
371
372 m = Message()
373 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
374 m["description"] = MessageElement([], FLAG_MOD_REPLACE, "description")
375 ldb.modify(m)
376
377 m = Message()
378 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
379 m["description"] = MessageElement([], FLAG_MOD_DELETE, "description")
380 try:
381 ldb.modify(m)
382 self.fail()
383 except LdbError, (num, _):
384 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
385
386 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
387
388 def test_distinguished_name(self):
389 """Tests the 'distinguishedName' attribute"""
390 print "Tests the 'distinguishedName' attribute"""
391
392 self.ldb.add({
393 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
394 "objectclass": "group"})
395
396 m = Message()
397 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
398 m["distinguishedName"] = MessageElement(
399 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
400 "distinguishedName")
401
402 try:
403 ldb.modify(m)
404 self.fail()
405 except LdbError, (num, _):
406 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
407
408 m = Message()
409 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
410 m["distinguishedName"] = MessageElement(
411 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
412 "distinguishedName")
413
414 try:
415 ldb.modify(m)
416 self.fail()
417 except LdbError, (num, _):
418 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
419
420 m = Message()
421 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
422 m["distinguishedName"] = MessageElement(
423 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
424 "distinguishedName")
425
426 try:
427 ldb.modify(m)
428 self.fail()
429 except LdbError, (num, _):
430 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
431
432 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
433
434 def test_rdn_name(self):
435 """Tests the RDN"""
436 print "Tests the RDN"""
437
438 try:
439 self.ldb.add({
440 "dn": "description=xyz,cn=users," + self.base_dn,
441 "objectclass": "group"})
442 self.fail()
443 except LdbError, (num, _):
444 self.assertEquals(num, ERR_NAMING_VIOLATION)
445
446 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
447
448 self.ldb.add({
449 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
450 "objectclass": "group"})
451
452 m = Message()
453 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
454 m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
455 "name")
456
457 try:
458 ldb.modify(m)
459 self.fail()
460 except LdbError, (num, _):
461 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
462
463 m = Message()
464 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
465 m["cn"] = MessageElement("ldaptestuser",
466 FLAG_MOD_REPLACE, "cn")
467
468 try:
469 ldb.modify(m)
470 self.fail()
471 except LdbError, (num, _):
472 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
473
474 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
475
476
477 # this test needs to be disabled until we really understand
478 # what the rDN length constraints are
479 def DISABLED_test_largeRDN(self):
480 """Testing large rDN (limit 64 characters)"""
481 rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
482 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
483 ldif = """
484 dn: %s,%s""" % (rdn,self.base_dn) + """
485 objectClass: container
486 """
487 self.ldb.add_ldif(ldif)
488 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
489
490 rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
491 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
492 try:
493 ldif = """
494 dn: %s,%s""" % (rdn,self.base_dn) + """
495 objectClass: container
496 """
497 self.ldb.add_ldif(ldif)
498 self.fail()
499 except LdbError, (num, _):
500 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
501 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
502
503 def test_rename(self):
504 """Tests the rename operation"""
505 print "Tests the rename operations"""
506
507 self.ldb.add({
508 "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
509 "objectclass": ["user", "person"] })
510
511 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
512 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
513 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
514 try:
515 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
516 self.fail()
517 except LdbError, (num, _):
518 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
519
520 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
521
522 def test_rename_twice(self):
523 """Tests the rename operation twice - this corresponds to a past bug"""
524 print "Tests the rename twice operation"""
525
526 self.ldb.add({
527 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
528 "objectclass": ["user", "person"] })
529
530 ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
531 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
532 self.ldb.add({
533 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
534 "objectclass": ["user", "person"] })
535 ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
536 res = ldb.search(expression="cn=ldaptestuser5")
537 print "Found %u records" % len(res)
538 self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
539 res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
540 print "Found %u records" % len(res)
541 self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
542 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
543
544 def test_parentGUID(self):
545 """Test parentGUID behaviour"""
546 print "Testing parentGUID behaviour\n"
547
548 # TODO: This seems to fail on Windows Server. Hidden attribute?
549
550 self.ldb.add({
551 "dn": "cn=parentguidtest,cn=users," + self.base_dn,
552 "objectclass":"user",
553 "samaccountname":"parentguidtest"});
554 res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
555 attrs=["parentGUID", "samaccountname"]);
556 res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
557 attrs=["objectGUID"]);
558 res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
559 attrs=["parentGUID"]);
560
561 """Check if the parentGUID is valid """
562 self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
563
564 """Check if it returns nothing when there is no parent object"""
565 has_parentGUID = False
566 for key in res3[0].keys():
567 if key == "parentGUID":
568 has_parentGUID = True
569 break
570 self.assertFalse(has_parentGUID);
571
572 """Ensures that if you look for another object attribute after the constructed
573 parentGUID, it will return correctly"""
574 has_another_attribute = False
575 for key in res1[0].keys():
576 if key == "sAMAccountName":
577 has_another_attribute = True
578 break
579 self.assertTrue(has_another_attribute)
580 self.assertTrue(len(res1[0]["samaccountname"]) == 1)
581 self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest");
582
583 print "Testing parentGUID behaviour on rename\n"
584
585 self.ldb.add({
586 "dn": "cn=testotherusers," + self.base_dn,
587 "objectclass":"container"});
588 res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
589 attrs=["objectGUID"]);
590 ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
591 "cn=parentguidtest,cn=testotherusers," + self.base_dn);
592 res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
593 scope=SCOPE_BASE,
594 attrs=["parentGUID"]);
595 self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
596
597 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
598 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
599
600 def test_groupType_int32(self):
601 """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
602 print "Testing groupType (int32) behaviour\n"
603
604 res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
605 attrs=["groupType"], expression="groupType=2147483653");
606
607 res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
608 attrs=["groupType"], expression="groupType=-2147483643");
609
610 self.assertEquals(len(res1), len(res2))
611
612 self.assertTrue(res1.count > 0)
613
614 self.assertEquals(res1[0]["groupType"][0], "-2147483643")
615
616 def test_groups(self):
617 """This tests the group behaviour (setting, changing) of a user account"""
618 print "Testing group behaviour\n"
619
620 ldb.add({
621 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
622 "objectclass": "group"})
623
624 ldb.add({
625 "dn": "cn=ldaptestgroup2,cn=users," + self.base_dn,
626 "objectclass": "group"})
627
628 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
629 scope=SCOPE_BASE, attrs=["objectSID"])
630 self.assertTrue(len(res1) == 1)
631 group_rid_1 = security.dom_sid(ldb.schema_format_value("objectSID",
632 res1[0]["objectSID"][0])).split()[1]
633
634 res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
635 scope=SCOPE_BASE, attrs=["objectSID"])
636 self.assertTrue(len(res1) == 1)
637 group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
638 res1[0]["objectSID"][0])).split()[1]
639
640 # Try to create a user with an invalid primary group
641 try:
642 ldb.add({
643 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
644 "objectclass": ["user", "person"],
645 "primaryGroupID": "0"})
646 self.fail()
647 except LdbError, (num, _):
648 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
649 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
650
651 # Try to Create a user with a valid primary group
652 # TODO Some more investigation needed here
653 # try:
654 # ldb.add({
655 # "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
656 # "objectclass": ["user", "person"],
657 # "primaryGroupID": str(group_rid_1)})
658 # self.fail()
659 # except LdbError, (num, _):
660 # self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
661 # self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
662
663 ldb.add({
664 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
665 "objectclass": ["user", "person"]})
666
667 # Try to add invalid primary group
668 m = Message()
669 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
670 m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
671 "primaryGroupID")
672 try:
673 ldb.modify(m)
674 self.fail()
675 except LdbError, (num, _):
676 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
677
678 # Try to make group 1 primary - should be denied since it is not yet
679 # secondary
680 m = Message()
681 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
682 m["primaryGroupID"] = MessageElement(str(group_rid_1),
683 FLAG_MOD_REPLACE, "primaryGroupID")
684 try:
685 ldb.modify(m)
686 self.fail()
687 except LdbError, (num, _):
688 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
689
690 # Make group 1 secondary
691 m = Message()
692 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
693 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
694 FLAG_MOD_REPLACE, "member")
695 ldb.modify(m)
696
697 # Make group 1 primary
698 m = Message()
699 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
700 m["primaryGroupID"] = MessageElement(str(group_rid_1),
701 FLAG_MOD_REPLACE, "primaryGroupID")
702 ldb.modify(m)
703
704 # Try to delete group 1 - should be denied
705 try:
706 ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
707 self.fail()
708 except LdbError, (num, _):
709 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
710
711 # Try to add group 1 also as secondary - should be denied
712 m = Message()
713 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
714 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
715 FLAG_MOD_ADD, "member")
716 try:
717 ldb.modify(m)
718 self.fail()
719 except LdbError, (num, _):
720 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
721
722 # Try to add invalid member to group 1 - should be denied
723 m = Message()
724 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
725 m["member"] = MessageElement(
726 "cn=ldaptestuser3,cn=users," + self.base_dn,
727 FLAG_MOD_ADD, "member")
728 try:
729 ldb.modify(m)
730 self.fail()
731 except LdbError, (num, _):
732 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
733
734 # Make group 2 secondary
735 m = Message()
736 m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
737 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
738 FLAG_MOD_ADD, "member")
739 ldb.modify(m)
740
741 # Swap the groups
742 m = Message()
743 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
744 m["primaryGroupID"] = MessageElement(str(group_rid_2),
745 FLAG_MOD_REPLACE, "primaryGroupID")
746 ldb.modify(m)
747
748 # Old primary group should contain a "member" attribute for the user,
749 # the new shouldn't contain anymore one
750 res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
751 scope=SCOPE_BASE, attrs=["member"])
752 self.assertTrue(len(res1) == 1)
753 self.assertTrue(len(res1[0]["member"]) == 1)
754 self.assertEquals(res1[0]["member"][0].lower(),
755 ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
756
757 res1 = ldb.search("cn=ldaptestgroup2, cn=users," + self.base_dn,
758 scope=SCOPE_BASE, attrs=["member"])
759 self.assertTrue(len(res1) == 1)
760 self.assertFalse("member" in res1[0])
761
762 # Also this should be denied
763 try:
764 ldb.add({
765 "dn": "cn=ldaptestuser1,cn=users," + self.base_dn,
766 "objectclass": ["user", "person"],
767 "primaryGroupID": "0"})
768 self.fail()
769 except LdbError, (num, _):
770 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
771
772 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
773 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
774 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
775
776 def test_primary_group_token_constructed(self):
777 """Test the primary group token behaviour (hidden-generated-readonly attribute on groups) and some other constructed attributes"""
778 print "Testing primary group token behaviour and other constructed attributes\n"
779
780 try:
781 ldb.add({
782 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
783 "objectclass": "group",
784 "primaryGroupToken": "100"})
785 self.fail()
786 except LdbError, (num, _):
787 self.assertEquals(num, ERR_UNDEFINED_ATTRIBUTE_TYPE)
788 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
789
790 ldb.add({
791 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
792 "objectclass": ["user", "person"]})
793
794 ldb.add({
795 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
796 "objectclass": "group"})
797
798 # Testing for one invalid, and one valid operational attribute, but also the things they are built from
799 res1 = ldb.search(self.base_dn,
800 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName", "objectClass", "objectSid"])
801 self.assertTrue(len(res1) == 1)
802 self.assertFalse("primaryGroupToken" in res1[0])
803 self.assertTrue("canonicalName" in res1[0])
804 self.assertTrue("objectClass" in res1[0])
805 self.assertTrue("objectSid" in res1[0])
806
807 res1 = ldb.search(self.base_dn,
808 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName"])
809 self.assertTrue(len(res1) == 1)
810 self.assertFalse("primaryGroupToken" in res1[0])
811 self.assertFalse("objectSid" in res1[0])
812 self.assertFalse("objectClass" in res1[0])
813 self.assertTrue("canonicalName" in res1[0])
814
815 res1 = ldb.search("cn=users,"+self.base_dn,
816 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
817 self.assertTrue(len(res1) == 1)
818 self.assertFalse("primaryGroupToken" in res1[0])
819
820 res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
821 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
822 self.assertTrue(len(res1) == 1)
823 self.assertFalse("primaryGroupToken" in res1[0])
824
825 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
826 scope=SCOPE_BASE)
827 self.assertTrue(len(res1) == 1)
828 self.assertFalse("primaryGroupToken" in res1[0])
829
830 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
831 scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
832 self.assertTrue(len(res1) == 1)
833 primary_group_token = int(res1[0]["primaryGroupToken"][0])
834
835 rid = security.dom_sid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])).split()[1]
836 self.assertEquals(primary_group_token, rid)
837
838 m = Message()
839 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
840 m["primaryGroupToken"] = "100"
841 try:
842 ldb.modify(m)
843 self.fail()
844 except LdbError, (num, _):
845 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
846
847 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
848 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
849
850 def test_tokenGroups(self):
851 """Test the tokenGroups behaviour (hidden-generated-readonly attribute on SAM objects)"""
852 print "Testing tokenGroups behaviour\n"
853
854 # The domain object shouldn't contain any "tokenGroups" entry
855 res = ldb.search(self.base_dn, scope=SCOPE_BASE, attrs=["tokenGroups"])
856 self.assertTrue(len(res) == 1)
857 self.assertFalse("tokenGroups" in res[0])
858
859 # The domain administrator should contain "tokenGroups" entries
860 # (the exact number depends on the domain/forest function level and the
861 # DC software versions)
862 res = ldb.search("cn=Administrator,cn=Users," + self.base_dn,
863 scope=SCOPE_BASE, attrs=["tokenGroups"])
864 self.assertTrue(len(res) == 1)
865 self.assertTrue("tokenGroups" in res[0])
866
867 ldb.add({
868 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
869 "objectclass": ["user", "person"]})
870
871 # This testuser should contain at least two "tokenGroups" entries
872 # (exactly two on an unmodified "Domain Users" and "Users" group)
873 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
874 scope=SCOPE_BASE, attrs=["tokenGroups"])
875 self.assertTrue(len(res) == 1)
876 self.assertTrue(len(res[0]["tokenGroups"]) >= 2)
877
878 # one entry which we need to find should point to domains "Domain Users"
879 # group and another entry should point to the builtin "Users"group
880 domain_users_group_found = False
881 users_group_found = False
882 for sid in res[0]["tokenGroups"]:
883 rid = security.dom_sid(ldb.schema_format_value("objectSID", sid)).split()[1]
884 if rid == 513:
885 domain_users_group_found = True
886 if rid == 545:
887 users_group_found = True
888
889 self.assertTrue(domain_users_group_found)
890 self.assertTrue(users_group_found)
891
892 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
893
894 def test_wkguid(self):
895 """Test Well known GUID behaviours (including DN+Binary)"""
896 print "Test Well known GUID behaviours (including DN+Binary)"""
897
898 res = self.ldb.search(base=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self.base_dn), scope=SCOPE_BASE, attrs=[])
899 self.assertEquals(len(res), 1)
900
901 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res[0].dn))
902 self.assertEquals(len(res2), 1)
903
904 # Prove that the matching rule is over the whole DN+Binary
905 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd"))
906 self.assertEquals(len(res2), 0)
907 # Prove that the matching rule is over the whole DN+Binary
908 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=%s") % res[0].dn)
909 self.assertEquals(len(res2), 0)
910
911 def test_subschemasubentry(self):
912 """Test subSchemaSubEntry appears when requested, but not when not requested"""
913 print "Test subSchemaSubEntry"""
914
915 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
916 self.assertEquals(len(res), 1)
917 self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
918
919 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
920 self.assertEquals(len(res), 1)
921 self.assertTrue("subScheamSubEntry" not in res[0])
922
923 def test_all(self):
924 """Basic tests"""
925
926 print "Testing user add"
927
928 ldb.add({
929 "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
930 "objectclass": ["user", "person"],
931 "cN": "LDAPtestUSER",
932 "givenname": "ldap",
933 "sn": "testy"})
934
935 ldb.add({
936 "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
937 "objectclass": "group",
938 "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
939
940 ldb.add({
941 "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
942 "objectclass": "computer",
943 "cN": "LDAPtestCOMPUTER"})
944
945 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
946 "objectClass": "computer",
947 "cn": "LDAPtest2COMPUTER",
948 "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
949 "displayname": "ldap testy"})
950
951 try:
952 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
953 "objectClass": "computer",
954 "cn": "LDAPtest2COMPUTER"
955 })
956 self.fail()
957 except LdbError, (num, _):
958 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
959
960 try:
961 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
962 "objectClass": "computer",
963 "cn": "ldaptestcomputer3",
964 "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
965 })
966 self.fail()
967 except LdbError, (num, _):
968 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
969
970 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
971 "objectClass": "computer",
972 "cn": "LDAPtestCOMPUTER3"
973 })
974
975 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
976 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))");
977 self.assertEquals(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res))
978
979 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn));
980 self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3");
981 self.assertEquals(res[0]["name"][0], "ldaptestcomputer3");
982 self.assertEquals(res[0]["objectClass"][0], "top");
983 self.assertEquals(res[0]["objectClass"][1], "person");
984 self.assertEquals(res[0]["objectClass"][2], "organizationalPerson");
985 self.assertEquals(res[0]["objectClass"][3], "user");
986 self.assertEquals(res[0]["objectClass"][4], "computer");
987 self.assertTrue("objectGUID" in res[0])
988 self.assertTrue("whenCreated" in res[0])
989 self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
990 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
991 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT);
992 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
993
994 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
995
996 print "Testing attribute or value exists behaviour"
997 try:
998 ldb.modify_ldif("""
999 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1000 changetype: modify
1001 replace: servicePrincipalName
1002 servicePrincipalName: host/ldaptest2computer
1003 servicePrincipalName: host/ldaptest2computer
1004 servicePrincipalName: cifs/ldaptest2computer
1005 """)
1006 self.fail()
1007 except LdbError, (num, msg):
1008 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1009
1010 ldb.modify_ldif("""
1011 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1012 changetype: modify
1013 replace: servicePrincipalName
1014 servicePrincipalName: host/ldaptest2computer
1015 servicePrincipalName: cifs/ldaptest2computer
1016 """)
1017 try:
1018 ldb.modify_ldif("""
1019 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1020 changetype: modify
1021 add: servicePrincipalName
1022 servicePrincipalName: host/ldaptest2computer
1023 """)
1024 self.fail()
1025 except LdbError, (num, msg):
1026 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1027
1028 print "Testing ranged results"
1029 ldb.modify_ldif("""
1030 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1031 changetype: modify
1032 replace: servicePrincipalName
1033 """)
1034
1035 ldb.modify_ldif("""
1036 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1037 changetype: modify
1038 add: servicePrincipalName
1039 servicePrincipalName: host/ldaptest2computer0
1040 servicePrincipalName: host/ldaptest2computer1
1041 servicePrincipalName: host/ldaptest2computer2
1042 servicePrincipalName: host/ldaptest2computer3
1043 servicePrincipalName: host/ldaptest2computer4
1044 servicePrincipalName: host/ldaptest2computer5
1045 servicePrincipalName: host/ldaptest2computer6
1046 servicePrincipalName: host/ldaptest2computer7
1047 servicePrincipalName: host/ldaptest2computer8
1048 servicePrincipalName: host/ldaptest2computer9
1049 servicePrincipalName: host/ldaptest2computer10
1050 servicePrincipalName: host/ldaptest2computer11
1051 servicePrincipalName: host/ldaptest2computer12
1052 servicePrincipalName: host/ldaptest2computer13
1053 servicePrincipalName: host/ldaptest2computer14
1054 servicePrincipalName: host/ldaptest2computer15
1055 servicePrincipalName: host/ldaptest2computer16
1056 servicePrincipalName: host/ldaptest2computer17
1057 servicePrincipalName: host/ldaptest2computer18
1058 servicePrincipalName: host/ldaptest2computer19
1059 servicePrincipalName: host/ldaptest2computer20
1060 servicePrincipalName: host/ldaptest2computer21
1061 servicePrincipalName: host/ldaptest2computer22
1062 servicePrincipalName: host/ldaptest2computer23
1063 servicePrincipalName: host/ldaptest2computer24
1064 servicePrincipalName: host/ldaptest2computer25
1065 servicePrincipalName: host/ldaptest2computer26
1066 servicePrincipalName: host/ldaptest2computer27
1067 servicePrincipalName: host/ldaptest2computer28
1068 servicePrincipalName: host/ldaptest2computer29
1069 """)
1070
1071 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
1072 attrs=["servicePrincipalName;range=0-*"])
1073 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1074 #print len(res[0]["servicePrincipalName;range=0-*"])
1075 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1076
1077 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
1078 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1079 # print res[0]["servicePrincipalName;range=0-19"].length
1080 self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
1081
1082
1083 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
1084 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1085 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1086
1087 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
1088 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1089 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1090
1091 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
1092 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1093 self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
1094
1095
1096 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
1097 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1098 self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
1099 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
1100
1101 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
1102 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1103 self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
1104 # print res[0]["servicePrincipalName;range=11-*"][18]
1105 # print pos_11
1106 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
1107
1108 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
1109 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1110 self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
1111 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
1112
1113 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
1114 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1115 # print res[0]["servicePrincipalName"][18]
1116 # print pos_11
1117 self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
1118 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
1119
1120 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1121 ldb.add({
1122 "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
1123 "objectClass": ["person", "user"],
1124 "cn": "LDAPtestUSER2",
1125 "givenname": "testy",
1126 "sn": "ldap user2"})
1127
1128 print "Testing Ambigious Name Resolution"
1129 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
1130 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
1131 self.assertEquals(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
1132
1133 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1134 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1135 self.assertEquals(len(res), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res))
1136
1137 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
1138 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
1139 self.assertEquals(len(res), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res))
1140
1141 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
1142 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
1143 self.assertEquals(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
1144
1145 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1146 self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1147 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1148
1149 # Testing ldb.search for (&(anr=testy)(objectClass=user))
1150 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
1151 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
1152
1153 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1154 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1155 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
1156
1157 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1158 # this test disabled for the moment, as anr with == tests are not understood
1159 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1160 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
1161
1162 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1163 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1164 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1165
1166 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1167 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1168 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
1169
1170 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1171 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1172 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1173
1174 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
1175 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
1176 self.assertEquals(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
1177
1178 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1179 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1180 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1181
1182 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
1183 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
1184 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
1185
1186 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1187 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1188 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1189
1190 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
1191 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
1192 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
1193
1194 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1195 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1196 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1197
1198 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
1199 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
1200 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
1201
1202 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
1203 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
1204 self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
1205
1206 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
1207 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
1208 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
1209
1210 print "Testing Renames"
1211
1212 attrs = ["objectGUID", "objectSid"]
1213 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1214 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1215 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1216
1217 # Check rename works with extended/alternate DN forms
1218 ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
1219
1220 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
1221 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
1222 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
1223
1224 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1225 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1226 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1227
1228 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
1229 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1230 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1231
1232 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1233 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1234 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1235
1236 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
1237 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1238 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1239
1240 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1241 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1242 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1243
1244 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
1245 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1246 self.assertEquals(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1247
1248 # This is a Samba special, and does not exist in real AD
1249 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1250 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1251 # if (res.error != 0 || len(res) != 1) {
1252 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1253 # self.assertEquals(len(res), 1)
1254 # }
1255 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1256 # self.assertEquals(res[0].cn, "ldaptestUSER3")
1257 # self.assertEquals(res[0].name, "ldaptestUSER3")
1258
1259 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1260 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1261 self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1262 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1263 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1264 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1265
1266 # ensure we cannot add it again
1267 try:
1268 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
1269 "objectClass": ["person", "user"],
1270 "cn": "LDAPtestUSER3"})
1271 self.fail()
1272 except LdbError, (num, _):
1273 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1274
1275 # rename back
1276 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1277
1278 # ensure we cannot rename it twice
1279 try:
1280 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn,
1281 "cn=ldaptestuser2,cn=users," + self.base_dn)
1282 self.fail()
1283 except LdbError, (num, _):
1284 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1285
1286 # ensure can now use that name
1287 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
1288 "objectClass": ["person", "user"],
1289 "cn": "LDAPtestUSER3"})
1290
1291 # ensure we now cannot rename
1292 try:
1293 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
1294 self.fail()
1295 except LdbError, (num, _):
1296 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1297 try:
1298 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
1299 self.fail()
1300 except LdbError, (num, _):
1301 self.assertTrue(num in (71, 64))
1302
1303 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
1304
1305 ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
1306
1307 self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1308
1309 ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1310
1311 print "Testing subtree renames"
1312
1313 ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn,
1314 "objectClass": "container"})
1315
1316 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn,
1317 "objectClass": ["person", "user"],
1318 "cn": "LDAPtestUSER4"})
1319
1320 ldb.modify_ldif("""
1321 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1322 changetype: modify
1323 add: member
1324 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
1325 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
1326 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
1327 """)
1328
1329 print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
1330 ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
1331
1332 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
1333 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
1334 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
1335
1336 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1337 try:
1338 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1339 expression="(&(cn=ldaptestuser4)(objectClass=user))",
1340 scope=SCOPE_SUBTREE)
1341 self.fail(res)
1342 except LdbError, (num, _):
1343 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1344
1345 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1346 try:
1347 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1348 expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
1349 self.fail()
1350 except LdbError, (num, _):
1351 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1352
1353 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
1354 res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
1355 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
1356
1357 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1358 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1359
1360 time.sleep(4)
1361
1362 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
1363 res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
1364 self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
1365
1366 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
1367 try:
1368 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
1369 self.fail()
1370 except LdbError, (num, _):
1371 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1372
1373 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
1374 try:
1375 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
1376 self.fail()
1377 except LdbError, (num, _):
1378 self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
1379
1380 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
1381 try:
1382 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1383 self.fail()
1384 except LdbError, (num, _):
1385 self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
1386
1387 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
1388 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1389 self.assertEquals(len(res), 1)
1390 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1391 self.assertEquals(len(res), 0)
1392
1393 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1394 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
1395 # FIXME: self.assertEquals(len(res), 0)
1396
1397 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1398 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
1399 # FIXME: self.assertEquals(len(res), 0)
1400
1401 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
1402 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1403 print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
1404 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1405
1406 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1407
1408 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1409
1410 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
1411 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
1412 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1413
1414 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1415 self.assertEquals(str(res[0]["cn"]), "ldaptestuser")
1416 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1417 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
1418 self.assertTrue("objectGUID" in res[0])
1419 self.assertTrue("whenCreated" in res[0])
1420 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
1421 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1422 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1423 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1424 self.assertEquals(len(res[0]["memberOf"]), 1)
1425
1426 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
1427 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1428 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1429
1430 self.assertEquals(res[0].dn, res2[0].dn)
1431
1432 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
1433 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1434 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
1435
1436 self.assertEquals(res[0].dn, res3[0].dn)
1437
1438 if gc_ldb is not None:
1439 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
1440 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1441 self.assertEquals(len(res3gc), 1)
1442
1443 self.assertEquals(res[0].dn, res3gc[0].dn)
1444
1445 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
1446
1447 if gc_ldb is not None:
1448 res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1449 self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
1450
1451 self.assertEquals(res[0].dn, res3control[0].dn)
1452
1453 ldb.delete(res[0].dn)
1454
1455 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
1456 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
1457 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1458
1459 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
1460 self.assertEquals(str(res[0]["cn"]), "ldaptestcomputer")
1461 self.assertEquals(str(res[0]["name"]), "ldaptestcomputer")
1462 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
1463 self.assertTrue("objectGUID" in res[0])
1464 self.assertTrue("whenCreated" in res[0])
1465 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
1466 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
1467 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1468 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1469 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1470 self.assertEquals(len(res[0]["memberOf"]), 1)
1471
1472 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
1473 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1474 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1475
1476 self.assertEquals(res[0].dn, res2[0].dn)
1477
1478 if gc_ldb is not None:
1479 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
1480 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1481 self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
1482
1483 self.assertEquals(res[0].dn, res2gc[0].dn)
1484
1485 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
1486 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1487 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1488
1489 self.assertEquals(res[0].dn, res3[0].dn)
1490
1491 if gc_ldb is not None:
1492 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
1493 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1494 self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
1495
1496 self.assertEquals(res[0].dn, res3gc[0].dn)
1497
1498 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
1499 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
1500 self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
1501
1502 self.assertEquals(res[0].dn, res4[0].dn)
1503
1504 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
1505 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
1506 self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
1507
1508 self.assertEquals(res[0].dn, res5[0].dn)
1509
1510 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
1511 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
1512 self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
1513
1514 self.assertEquals(res[0].dn, res6[0].dn)
1515
1516 ldb.delete("<GUID=" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + ">")
1517
1518 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
1519 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
1520 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
1521
1522 self.assertEquals(str(res[0].dn), "CN=ldaptest2computer,CN=Computers," + self.base_dn)
1523 self.assertEquals(str(res[0]["cn"]), "ldaptest2computer")
1524 self.assertEquals(str(res[0]["name"]), "ldaptest2computer")
1525 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
1526 self.assertTrue("objectGUID" in res[0])
1527 self.assertTrue("whenCreated" in res[0])
1528 self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
1529 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
1530 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
1531
1532 ldb.delete("<SID=" + ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) + ">")
1533
1534 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
1535 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1536 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1537 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1538
1539 self.assertEquals(str(res_user[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1540 self.assertEquals(str(res_user[0]["cn"]), "ldaptestuser2")
1541 self.assertEquals(str(res_user[0]["name"]), "ldaptestuser2")
1542 self.assertEquals(list(res_user[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
1543 self.assertTrue("objectSid" in res_user[0])
1544 self.assertTrue("objectGUID" in res_user[0])
1545 self.assertTrue("whenCreated" in res_user[0])
1546 self.assertTrue("nTSecurityDescriptor" in res_user[0])
1547 self.assertTrue("allowedAttributes" in res_user[0])
1548 self.assertTrue("allowedAttributesEffective" in res_user[0])
1549 self.assertEquals(res_user[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1550
1551 ldaptestuser2_sid = res_user[0]["objectSid"][0]
1552 ldaptestuser2_guid = res_user[0]["objectGUID"][0]
1553
1554 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
1555 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
1556 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1557 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1558
1559 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1560 self.assertEquals(str(res[0]["cn"]), "ldaptestgroup2")
1561 self.assertEquals(str(res[0]["name"]), "ldaptestgroup2")
1562 self.assertEquals(list(res[0]["objectClass"]), ["top", "group"])
1563 self.assertTrue("objectGUID" in res[0])
1564 self.assertTrue("objectSid" in res[0])
1565 self.assertTrue("whenCreated" in res[0])
1566 self.assertTrue("nTSecurityDescriptor" in res[0])
1567 self.assertTrue("allowedAttributes" in res[0])
1568 self.assertTrue("allowedAttributesEffective" in res[0])
1569 memberUP = []
1570 for m in res[0]["member"]:
1571 memberUP.append(m.upper())
1572 self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
1573
1574 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn:1:1"])
1575 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1576
1577 print res[0]["member"]
1578 memberUP = []
1579 for m in res[0]["member"]:
1580 memberUP.append(m.upper())
1581 print ("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper()
1582
1583 self.assertTrue(("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
1584
1585 print "Testing Linked attribute behaviours"
1586 ldb.modify_ldif("""
1587 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1588 changetype: modify
1589 replace: member
1590 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
1591 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1592 """)
1593
1594 ldb.modify_ldif("""
1595 dn: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
1596 changetype: modify
1597 replace: member
1598 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1599 """)
1600
1601 ldb.modify_ldif("""
1602 dn: <SID=""" + ldb.schema_format_value("objectSid", res[0]["objectSid"][0]) + """>
1603 changetype: modify
1604 delete: member
1605 """)
1606
1607 ldb.modify_ldif("""
1608 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1609 changetype: modify
1610 add: member
1611 member: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
1612 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1613 """)
1614
1615 ldb.modify_ldif("""
1616 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1617 changetype: modify
1618 replace: member
1619 """)
1620
1621 ldb.modify_ldif("""
1622 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1623 changetype: modify
1624 add: member
1625 member: <SID=""" + ldb.schema_format_value("objectSid", res_user[0]["objectSid"][0]) + """>
1626 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1627 """)
1628
1629 ldb.modify_ldif("""
1630 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1631 changetype: modify
1632 delete: member
1633 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1634 """)
1635
1636 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1637 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1638
1639 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1640 self.assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1641 self.assertEquals(len(res[0]["member"]), 1)
1642
1643 ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
1644
1645 time.sleep(4)
1646
1647 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
1648 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
1649 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1650 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
1651
1652 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1653 self.assertTrue("member" not in res[0])
1654
1655 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
1656 # TODO UTF8 users don't seem to work fully anymore
1657 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1658 res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))")
1659 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1660
1661 self.assertEquals(str(res[0].dn), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
1662 self.assertEquals(str(res[0]["cn"]), "ldaptestutf8user èùéìòà")
1663 self.assertEquals(str(res[0]["name"]), "ldaptestutf8user èùéìòà")
1664 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
1665 self.assertTrue("objectGUID" in res[0])
1666 self.assertTrue("whenCreated" in res[0])
1667
1668 ldb.delete(res[0].dn)
1669
1670 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
1671 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
1672 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
1673
1674 ldb.delete(res[0].dn)
1675
1676 ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1677
1678 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
1679 # TODO UTF8 users don't seem to work fully anymore
1680 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1681 # self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1682
1683 print "Testing that we can't get at the configuration DN from the main search base"
1684 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1685 self.assertEquals(len(res), 0)
1686
1687 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
1688 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1689 self.assertTrue(len(res) > 0)
1690
1691 if gc_ldb is not None:
1692 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
1693
1694 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
1695 self.assertTrue(len(res) > 0)
1696
1697 print "Testing that we do find configuration elements in the global catlog"
1698 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1699 self.assertTrue(len(res) > 0)
1700
1701 print "Testing that we do find configuration elements and user elements at the same time"
1702 res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
1703 self.assertTrue(len(res) > 0)
1704
1705 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
1706 res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1707 self.assertTrue(len(res) > 0)
1708
1709 print "Testing that we can get at the configuration DN on the main LDAP port"
1710 res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1711 self.assertTrue(len(res) > 0)
1712
1713 print "Testing objectCategory canonacolisation"
1714 res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
1715 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
1716 self.assertTrue(len(res) != 0)
1717
1718 res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
1719 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
1720 self.assertTrue(len(res) != 0)
1721
1722 print "Testing objectClass attribute order on "+ self.base_dn
1723 res = ldb.search(expression="objectClass=domain", base=self.base_dn,
1724 scope=SCOPE_BASE, attrs=["objectClass"])
1725 self.assertEquals(len(res), 1)
1726
1727 self.assertEquals(list(res[0]["objectClass"]), ["top", "domain", "domainDNS"])
1728
1729 # check enumeration
1730
1731 print "Testing ldb.search for objectCategory=person"
1732 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
1733 self.assertTrue(len(res) > 0)
1734
1735 print "Testing ldb.search for objectCategory=person with domain scope control"
1736 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1737 self.assertTrue(len(res) > 0)
1738
1739 print "Testing ldb.search for objectCategory=user"
1740 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
1741 self.assertTrue(len(res) > 0)
1742
1743 print "Testing ldb.search for objectCategory=user with domain scope control"
1744 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1745 self.assertTrue(len(res) > 0)
1746
1747 print "Testing ldb.search for objectCategory=group"
1748 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
1749 self.assertTrue(len(res) > 0)
1750
1751 print "Testing ldb.search for objectCategory=group with domain scope control"
1752 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1753 self.assertTrue(len(res) > 0)
1754
1755 print "Testing creating a user with the posixAccount objectClass"
1756 self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
1757 objectClass: top
1758 objectClass: person
1759 objectClass: posixAccount
1760 objectClass: user
1761 objectClass: organizationalPerson
1762 cn: posixuser
1763 uid: posixuser
1764 sn: posixuser
1765 uidNumber: 10126
1766 gidNumber: 10126
1767 homeDirectory: /home/posixuser
1768 loginShell: /bin/bash
1769 gecos: Posix User;;;
1770 description: A POSIX user"""% (self.base_dn))
1771
1772 print "Testing removing the posixAccount objectClass from an existing user"
1773 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1774 changetype: modify
1775 delete: objectClass
1776 objectClass: posixAccount"""% (self.base_dn))
1777
1778 print "Testing adding the posixAccount objectClass to an existing user"
1779 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1780 changetype: modify
1781 add: objectClass
1782 objectClass: posixAccount"""% (self.base_dn))
1783
1784 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
1785 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1786 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1787 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
1788 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
1789 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
1790 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1791 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1792 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1793 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
1794 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
1795 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
1796 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
1797 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
1798 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
1799 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
1800
1801 def test_security_descriptor_add(self):
1802 """ Testing ldb.add_ldif() for nTSecurityDescriptor """
1803 user_name = "testdescriptoruser1"
1804 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1805 #
1806 # Test add_ldif() with SDDL security descriptor input
1807 #
1808 self.delete_force(self.ldb, user_dn)
1809 try:
1810 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1811 self.ldb.add_ldif("""
1812 dn: """ + user_dn + """
1813 objectclass: user
1814 sAMAccountName: """ + user_name + """
1815 nTSecurityDescriptor: """ + sddl)
1816 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1817 desc = res[0]["nTSecurityDescriptor"][0]
1818 desc = ndr_unpack( security.descriptor, desc )
1819 desc_sddl = desc.as_sddl( self.domain_sid )
1820 self.assertEqual(desc_sddl, sddl)
1821 finally:
1822 self.delete_force(self.ldb, user_dn)
1823 #
1824 # Test add_ldif() with BASE64 security descriptor
1825 #
1826 try:
1827 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1828 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1829 desc_binary = ndr_pack(desc)
1830 desc_base64 = base64.b64encode(desc_binary)
1831 self.ldb.add_ldif("""
1832 dn: """ + user_dn + """
1833 objectclass: user
1834 sAMAccountName: """ + user_name + """
1835 nTSecurityDescriptor:: """ + desc_base64)
1836 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1837 desc = res[0]["nTSecurityDescriptor"][0]
1838 desc = ndr_unpack(security.descriptor, desc)
1839 desc_sddl = desc.as_sddl(self.domain_sid)
1840 self.assertEqual(desc_sddl, sddl)
1841 finally:
1842 self.delete_force(self.ldb, user_dn)
1843
1844 def test_security_descriptor_add_neg(self):
1845 """Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
1846 Negative test
1847 """
1848 user_name = "testdescriptoruser1"
1849 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1850 self.delete_force(self.ldb, user_dn)
1851 try:
1852 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1853 desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
1854 desc_base64 = base64.b64encode( ndr_pack(desc) )
1855 self.ldb.add_ldif("""
1856 dn: """ + user_dn + """
1857 objectclass: user
1858 sAMAccountName: """ + user_name + """
1859 nTSecurityDescriptor:: """ + desc_base64)
1860 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1861 self.assertTrue("nTSecurityDescriptor" in res[0])
1862 finally:
1863 self.delete_force(self.ldb, user_dn)
1864
1865 def test_security_descriptor_modify(self):
1866 """ Testing ldb.modify_ldif() for nTSecurityDescriptor """
1867 user_name = "testdescriptoruser2"
1868 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1869 #
1870 # Delete user object and test modify_ldif() with SDDL security descriptor input
1871 # Add ACE to the original descriptor test
1872 #
1873 try:
1874 self.delete_force(self.ldb, user_dn)
1875 self.ldb.add_ldif("""
1876 dn: """ + user_dn + """
1877 objectclass: user
1878 sAMAccountName: """ + user_name)
1879 # Modify descriptor
1880 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1881 desc = res[0]["nTSecurityDescriptor"][0]
1882 desc = ndr_unpack(security.descriptor, desc)
1883 desc_sddl = desc.as_sddl(self.domain_sid)
1884 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
1885 mod = """
1886 dn: """ + user_dn + """
1887 changetype: modify
1888 replace: nTSecurityDescriptor
1889 nTSecurityDescriptor: """ + sddl
1890 self.ldb.modify_ldif(mod)
1891 # Read modified descriptor
1892 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1893 desc = res[0]["nTSecurityDescriptor"][0]
1894 desc = ndr_unpack(security.descriptor, desc)
1895 desc_sddl = desc.as_sddl(self.domain_sid)
1896 self.assertEqual(desc_sddl, sddl)
1897 finally:
1898 self.delete_force(self.ldb, user_dn)
1899 #
1900 # Test modify_ldif() with SDDL security descriptor input
1901 # New desctiptor test
1902 #
1903 try:
1904 self.ldb.add_ldif("""
1905 dn: """ + user_dn + """
1906 objectclass: user
1907 sAMAccountName: """ + user_name)
1908 # Modify descriptor
1909 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1910 mod = """
1911 dn: """ + user_dn + """
1912 changetype: modify
1913 replace: nTSecurityDescriptor
1914 nTSecurityDescriptor: """ + sddl
1915 self.ldb.modify_ldif(mod)
1916 # Read modified descriptor
1917 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1918 desc = res[0]["nTSecurityDescriptor"][0]
1919 desc = ndr_unpack(security.descriptor, desc)
1920 desc_sddl = desc.as_sddl(self.domain_sid)
1921 self.assertEqual(desc_sddl, sddl)
1922 finally:
1923 self.delete_force(self.ldb, user_dn)
1924 #
1925 # Test modify_ldif() with BASE64 security descriptor input
1926 # Add ACE to the original descriptor test
1927 #
1928 try:
1929 self.ldb.add_ldif("""
1930 dn: """ + user_dn + """
1931 objectclass: user
1932 sAMAccountName: """ + user_name)
1933 # Modify descriptor
1934 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1935 desc = res[0]["nTSecurityDescriptor"][0]
1936 desc = ndr_unpack(security.descriptor, desc)
1937 desc_sddl = desc.as_sddl(self.domain_sid)
1938 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
1939 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1940 desc_base64 = base64.b64encode(ndr_pack(desc))
1941 mod = """
1942 dn: """ + user_dn + """
1943 changetype: modify
1944 replace: nTSecurityDescriptor
1945 nTSecurityDescriptor:: """ + desc_base64
1946 self.ldb.modify_ldif(mod)
1947 # Read modified descriptor
1948 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1949 desc = res[0]["nTSecurityDescriptor"][0]
1950 desc = ndr_unpack(security.descriptor, desc)
1951 desc_sddl = desc.as_sddl(self.domain_sid)
1952 self.assertEqual(desc_sddl, sddl)
1953 finally:
1954 self.delete_force(self.ldb, user_dn)
1955 #
1956 # Test modify_ldif() with BASE64 security descriptor input
1957 # New descriptor test
1958 #
1959 try:
1960 self.delete_force(self.ldb, user_dn)
1961 self.ldb.add_ldif("""
1962 dn: """ + user_dn + """
1963 objectclass: user
1964 sAMAccountName: """ + user_name)
1965 # Modify descriptor
1966 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1967 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1968 desc_base64 = base64.b64encode(ndr_pack(desc))
1969 mod = """
1970 dn: """ + user_dn + """
1971 changetype: modify
1972 replace: nTSecurityDescriptor
1973 nTSecurityDescriptor:: """ + desc_base64
1974 self.ldb.modify_ldif(mod)
1975 # Read modified descriptor
1976 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1977 desc = res[0]["nTSecurityDescriptor"][0]
1978 desc = ndr_unpack(security.descriptor, desc)
1979 desc_sddl = desc.as_sddl(self.domain_sid)
1980 self.assertEqual(desc_sddl, sddl)
1981 finally:
1982 self.delete_force(self.ldb, user_dn)
1983
1984 class BaseDnTests(unittest.TestCase):
1985 def setUp(self):
1986 self.ldb = ldb
1987
1988 def test_rootdse_attrs(self):
1989 """Testing for all rootDSE attributes"""
1990 res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
1991 self.assertEquals(len(res), 1)
1992
1993 def test_highestcommittedusn(self):
1994 """Testing for highestCommittedUSN"""
1995 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
1996 self.assertEquals(len(res), 1)
1997 self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
1998
1999 def test_netlogon(self):
2000 """Testing for netlogon via LDAP"""
2001 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
2002 self.assertEquals(len(res), 0)
2003
2004 def test_netlogon_highestcommitted_usn(self):
2005 """Testing for netlogon and highestCommittedUSN via LDAP"""
2006 res = self.ldb.search("", scope=SCOPE_BASE,
2007 attrs=["netlogon", "highestCommittedUSN"])
2008 self.assertEquals(len(res), 0)
2009
2010 def test_namingContexts(self):
2011 """Testing for namingContexts in rootDSE"""
2012 res = self.ldb.search("", scope=SCOPE_BASE,
2013 attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
2014 self.assertEquals(len(res), 1)
2015
2016 ncs = set([])
2017 for nc in res[0]["namingContexts"]:
2018 self.assertTrue(nc not in ncs)
2019 ncs.add(nc)
2020
2021 self.assertTrue(res[0]["defaultNamingContext"][0] in ncs)
2022 self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
2023 self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
2024
2025
2026 if not "://" in host:
2027 if os.path.isfile(host):
2028 host = "tdb://%s" % host
2029 else:
2030 host = "ldap://%s" % host
2031
2032 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
2033 if not "tdb://" in host:
2034 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
2035 session_info=system_session(), lp=lp)
2036 else:
2037 gc_ldb = None
2038
2039 runner = SubunitTestRunner()
2040 rc = 0
2041 if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful():
2042 rc = 1
2043 if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful():
2044 rc = 1
2045 sys.exit(rc)
Eduardo's samba4 branches