search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ldap: Fix test failure that seemed to go unreported previously.
[Samba/eduardoll.git] / source4 / lib / ldb / tests / python / ldap.py
blob798047cee993478916e302fb6095bb36b50d6632
1 #!/usr/bin/python
2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
4
5 import optparse
6 import sys
7 import time
8 import base64
9 import os
10
11 sys.path.append("bin/python")
12
13 import samba.getopt as options
14
15 from samba.auth import system_session
16 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
17 from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
18 from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
19 from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
20 from ldb import ERR_NO_SUCH_ATTRIBUTE
21 from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
22 from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
23 from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
24 from ldb import Message, MessageElement, Dn
25 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
26 from samba import Ldb
27 from samba import UF_NORMAL_ACCOUNT
28 from samba import UF_WORKSTATION_TRUST_ACCOUNT
29 from samba import UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE
30 from samba import ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST
31
32 from subunit.run import SubunitTestRunner
33 import unittest
34
35 from samba.ndr import ndr_pack, ndr_unpack
36 from samba.dcerpc import security
37
38 parser = optparse.OptionParser("ldap [options] <host>")
39 sambaopts = options.SambaOptions(parser)
40 parser.add_option_group(sambaopts)
41 parser.add_option_group(options.VersionOptions(parser))
42 # use command line creds if available
43 credopts = options.CredentialsOptions(parser)
44 parser.add_option_group(credopts)
45 opts, args = parser.parse_args()
46
47 if len(args) < 1:
48 parser.print_usage()
49 sys.exit(1)
50
51 host = args[0]
52
53 lp = sambaopts.get_loadparm()
54 creds = credopts.get_credentials(lp)
55
56 class BasicTests(unittest.TestCase):
57 def delete_force(self, ldb, dn):
58 try:
59 ldb.delete(dn)
60 except LdbError, (num, _):
61 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
62
63 def find_basedn(self, ldb):
64 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
65 attrs=["defaultNamingContext"])
66 self.assertEquals(len(res), 1)
67 return res[0]["defaultNamingContext"][0]
68
69 def find_configurationdn(self, ldb):
70 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
71 self.assertEquals(len(res), 1)
72 return res[0]["configurationNamingContext"][0]
73
74 def find_schemadn(self, ldb):
75 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
76 self.assertEquals(len(res), 1)
77 return res[0]["schemaNamingContext"][0]
78
79 def find_domain_sid(self):
80 res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
81 return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
82
83 def setUp(self):
84 self.ldb = ldb
85 self.gc_ldb = gc_ldb
86 self.base_dn = self.find_basedn(ldb)
87 self.configuration_dn = self.find_configurationdn(ldb)
88 self.schema_dn = self.find_schemadn(ldb)
89 self.domain_sid = self.find_domain_sid()
90
91 print "baseDN: %s\n" % self.base_dn
92
93 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
94 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
95 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
96 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
97 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
98 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
99 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
100 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
101 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
102 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
103 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
104 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
105 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
106 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
107 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
108 self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
109 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
110 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
111 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
112 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
113 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
114
115 def test_system_only(self):
116 """Test systemOnly objects"""
117 print "Test systemOnly objects"""
118
119 try:
120 self.ldb.add({
121 "dn": "cn=ldaptestobject," + self.base_dn,
122 "objectclass": "configuration"})
123 self.fail()
124 except LdbError, (num, _):
125 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
126
127 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
128
129 def test_invalid_parent(self):
130 """Test adding an object with invalid parent"""
131 print "Test adding an object with invalid parent"""
132
133 try:
134 self.ldb.add({
135 "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
136 + self.base_dn,
137 "objectclass": "group"})
138 self.fail()
139 except LdbError, (num, _):
140 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
141
142 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
143 + self.base_dn)
144
145 try:
146 self.ldb.add({
147 "dn": "ou=testou,cn=users," + self.base_dn,
148 "objectclass": "organizationalUnit"})
149 self.fail()
150 except LdbError, (num, _):
151 self.assertEquals(num, ERR_NAMING_VIOLATION)
152
153 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
154
155 def test_invalid_attribute(self):
156 """Test adding invalid attributes (not in schema)"""
157 print "Test adding invalid attributes (not in schema)"""
158
159 try:
160 self.ldb.add({
161 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
162 "objectclass": "group",
163 "thisdoesnotexist": "x"})
164 self.fail()
165 except LdbError, (num, _):
166 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
167
168 self.ldb.add({
169 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
170 "objectclass": "group"})
171
172 m = Message()
173 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
174 m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
175 "thisdoesnotexist")
176 try:
177 ldb.modify(m)
178 self.fail()
179 except LdbError, (num, _):
180 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
181
182 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
183
184 def test_single_valued_attributes(self):
185 """Test single-valued attributes"""
186 print "Test single-valued attributes"""
187
188 try:
189 self.ldb.add({
190 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
191 "objectclass": "group",
192 "sAMAccountName": ["nam1", "nam2"]})
193 self.fail()
194 except LdbError, (num, _):
195 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
196
197 self.ldb.add({
198 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
199 "objectclass": "group"})
200
201 m = Message()
202 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
203 m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
204 "sAMAccountName")
205 try:
206 ldb.modify(m)
207 self.fail()
208 except LdbError, (num, _):
209 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
210
211 m = Message()
212 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
213 m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
214 "sAMAccountName")
215 ldb.modify(m)
216
217 m = Message()
218 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
219 m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
220 "sAMAccountName")
221 try:
222 ldb.modify(m)
223 self.fail()
224 except LdbError, (num, _):
225 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
226
227 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
228
229 def test_multi_valued_attributes(self):
230 """Test multi-valued attributes"""
231 print "Test multi-valued attributes"""
232
233 # TODO: In this test I added some special tests where I got very unusual
234 # results back from a real AD. s4 doesn't match them and I've no idea how to
235 # implement those error cases (maybe there exists a special trigger for
236 # "description" attributes which handle them)
237
238 self.ldb.add({
239 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
240 "description": "desc2",
241 "objectclass": "group",
242 "description": "desc1"})
243
244 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
245
246 self.ldb.add({
247 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
248 "objectclass": "group",
249 "description": ["desc1", "desc2"]})
250
251 # m = Message()
252 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
253 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
254 # "description")
255 # try:
256 # ldb.modify(m)
257 # self.fail()
258 # except LdbError, (num, _):
259 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
260
261 m = Message()
262 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
263 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
264 "description")
265 ldb.modify(m)
266
267 # m = Message()
268 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
269 # m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
270 # "description")
271 # try:
272 # ldb.modify(m)
273 # self.fail()
274 # except LdbError, (num, _):
275 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
276
277 m = Message()
278 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
279 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
280 "description")
281 try:
282 ldb.modify(m)
283 self.fail()
284 except LdbError, (num, _):
285 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
286
287 m = Message()
288 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
289 m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
290 "description")
291 ldb.modify(m)
292
293 # m = Message()
294 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
295 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
296 # "description")
297 # try:
298 # ldb.modify(m)
299 # self.fail()
300 # except LdbError, (num, _):
301 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
302
303 # m = Message()
304 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
305 # m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
306 # "description")
307 # try:
308 # ldb.modify(m)
309 # self.fail()
310 # except LdbError, (num, _):
311 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
312
313 m = Message()
314 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
315 m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
316 "description")
317 ldb.modify(m)
318
319 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
320
321 def test_empty_messages(self):
322 """Test empty messages"""
323 print "Test empty messages"""
324
325 m = Message()
326 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
327
328 try:
329 ldb.add(m)
330 self.fail()
331 except LdbError, (num, _):
332 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
333
334 try:
335 ldb.modify(m)
336 self.fail()
337 except LdbError, (num, _):
338 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
339
340 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
341
342 def test_empty_attributes(self):
343 """Test empty attributes"""
344 print "Test empty attributes"""
345
346 m = Message()
347 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
348 m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass")
349 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
350
351 try:
352 ldb.add(m)
353 self.fail()
354 except LdbError, (num, _):
355 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
356
357 self.ldb.add({
358 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
359 "objectclass": "group"})
360
361 m = Message()
362 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
363 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
364
365 try:
366 ldb.modify(m)
367 self.fail()
368 except LdbError, (num, _):
369 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
370
371 m = Message()
372 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
373 m["description"] = MessageElement([], FLAG_MOD_REPLACE, "description")
374 ldb.modify(m)
375
376 m = Message()
377 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
378 m["description"] = MessageElement([], FLAG_MOD_DELETE, "description")
379 try:
380 ldb.modify(m)
381 self.fail()
382 except LdbError, (num, _):
383 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
384
385 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
386
387 def test_distinguished_name(self):
388 """Tests the 'distinguishedName' attribute"""
389 print "Tests the 'distinguishedName' attribute"""
390
391 self.ldb.add({
392 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
393 "objectclass": "group"})
394
395 m = Message()
396 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
397 m["distinguishedName"] = MessageElement(
398 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
399 "distinguishedName")
400
401 try:
402 ldb.modify(m)
403 self.fail()
404 except LdbError, (num, _):
405 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
406
407 m = Message()
408 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
409 m["distinguishedName"] = MessageElement(
410 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
411 "distinguishedName")
412
413 try:
414 ldb.modify(m)
415 self.fail()
416 except LdbError, (num, _):
417 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
418
419 m = Message()
420 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
421 m["distinguishedName"] = MessageElement(
422 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
423 "distinguishedName")
424
425 try:
426 ldb.modify(m)
427 self.fail()
428 except LdbError, (num, _):
429 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
430
431 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
432
433 def test_rdn_name(self):
434 """Tests the RDN"""
435 print "Tests the RDN"""
436
437 try:
438 self.ldb.add({
439 "dn": "description=xyz,cn=users," + self.base_dn,
440 "objectclass": "group"})
441 self.fail()
442 except LdbError, (num, _):
443 self.assertEquals(num, ERR_NAMING_VIOLATION)
444
445 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
446
447 self.ldb.add({
448 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
449 "objectclass": "group"})
450
451 m = Message()
452 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
453 m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
454 "name")
455
456 try:
457 ldb.modify(m)
458 self.fail()
459 except LdbError, (num, _):
460 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
461
462 m = Message()
463 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
464 m["cn"] = MessageElement("ldaptestuser",
465 FLAG_MOD_REPLACE, "cn")
466
467 try:
468 ldb.modify(m)
469 self.fail()
470 except LdbError, (num, _):
471 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
472
473 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
474
475
476 # this test needs to be disabled until we really understand
477 # what the rDN length constraints are
478 def DISABLED_test_largeRDN(self):
479 """Testing large rDN (limit 64 characters)"""
480 rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
481 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
482 ldif = """
483 dn: %s,%s""" % (rdn,self.base_dn) + """
484 objectClass: container
485 """
486 self.ldb.add_ldif(ldif)
487 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
488
489 rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
490 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
491 try:
492 ldif = """
493 dn: %s,%s""" % (rdn,self.base_dn) + """
494 objectClass: container
495 """
496 self.ldb.add_ldif(ldif)
497 self.fail()
498 except LdbError, (num, _):
499 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
500 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
501
502 def test_rename(self):
503 """Tests the rename operation"""
504 print "Tests the rename operations"""
505
506 self.ldb.add({
507 "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
508 "objectclass": ["user", "person"] })
509
510 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
511 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
512 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
513 try:
514 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
515 self.fail()
516 except LdbError, (num, _):
517 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
518
519 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
520
521 def test_rename_twice(self):
522 """Tests the rename operation twice - this corresponds to a past bug"""
523 print "Tests the rename twice operation"""
524
525 self.ldb.add({
526 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
527 "objectclass": ["user", "person"] })
528
529 ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
530 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
531 self.ldb.add({
532 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
533 "objectclass": ["user", "person"] })
534 ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
535 res = ldb.search(expression="cn=ldaptestuser5")
536 print "Found %u records" % len(res)
537 self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
538 res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
539 print "Found %u records" % len(res)
540 self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
541 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
542
543 def test_parentGUID(self):
544 """Test parentGUID behaviour"""
545 print "Testing parentGUID behaviour\n"
546
547 # TODO: This seems to fail on Windows Server. Hidden attribute?
548
549 self.ldb.add({
550 "dn": "cn=parentguidtest,cn=users," + self.base_dn,
551 "objectclass":"user",
552 "samaccountname":"parentguidtest"});
553 res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
554 attrs=["parentGUID", "samaccountname"]);
555 res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
556 attrs=["objectGUID"]);
557 res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
558 attrs=["parentGUID"]);
559
560 """Check if the parentGUID is valid """
561 self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
562
563 """Check if it returns nothing when there is no parent object"""
564 has_parentGUID = False
565 for key in res3[0].keys():
566 if key == "parentGUID":
567 has_parentGUID = True
568 break
569 self.assertFalse(has_parentGUID);
570
571 """Ensures that if you look for another object attribute after the constructed
572 parentGUID, it will return correctly"""
573 has_another_attribute = False
574 for key in res1[0].keys():
575 if key == "sAMAccountName":
576 has_another_attribute = True
577 break
578 self.assertTrue(has_another_attribute)
579 self.assertTrue(len(res1[0]["samaccountname"]) == 1)
580 self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest");
581
582 print "Testing parentGUID behaviour on rename\n"
583
584 self.ldb.add({
585 "dn": "cn=testotherusers," + self.base_dn,
586 "objectclass":"container"});
587 res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
588 attrs=["objectGUID"]);
589 ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
590 "cn=parentguidtest,cn=testotherusers," + self.base_dn);
591 res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
592 scope=SCOPE_BASE,
593 attrs=["parentGUID"]);
594 self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
595
596 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
597 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
598
599 def test_groupType_int32(self):
600 """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
601 print "Testing groupType (int32) behaviour\n"
602
603 res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
604 attrs=["groupType"], expression="groupType=2147483653");
605
606 res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
607 attrs=["groupType"], expression="groupType=-2147483643");
608
609 self.assertEquals(len(res1), len(res2))
610
611 self.assertTrue(res1.count > 0)
612
613 self.assertEquals(res1[0]["groupType"][0], "-2147483643")
614
615 def test_groups(self):
616 """This tests the group behaviour (setting, changing) of a user account"""
617 print "Testing group behaviour\n"
618
619 ldb.add({
620 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
621 "objectclass": "group"})
622
623 ldb.add({
624 "dn": "cn=ldaptestgroup2,cn=users," + self.base_dn,
625 "objectclass": "group"})
626
627 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
628 scope=SCOPE_BASE, attrs=["objectSID"])
629 self.assertTrue(len(res1) == 1)
630 group_rid_1 = security.dom_sid(ldb.schema_format_value("objectSID",
631 res1[0]["objectSID"][0])).split()[1]
632
633 res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
634 scope=SCOPE_BASE, attrs=["objectSID"])
635 self.assertTrue(len(res1) == 1)
636 group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
637 res1[0]["objectSID"][0])).split()[1]
638
639 # Try to create a user with an invalid primary group
640 try:
641 ldb.add({
642 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
643 "objectclass": ["user", "person"],
644 "primaryGroupID": "0"})
645 self.fail()
646 except LdbError, (num, _):
647 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
648 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
649
650 # Try to Create a user with a valid primary group
651 # TODO Some more investigation needed here
652 # try:
653 # ldb.add({
654 # "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
655 # "objectclass": ["user", "person"],
656 # "primaryGroupID": str(group_rid_1)})
657 # self.fail()
658 # except LdbError, (num, _):
659 # self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
660 # self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
661
662 ldb.add({
663 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
664 "objectclass": ["user", "person"]})
665
666 # Try to add invalid primary group
667 m = Message()
668 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
669 m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
670 "primaryGroupID")
671 try:
672 ldb.modify(m)
673 self.fail()
674 except LdbError, (num, _):
675 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
676
677 # Try to make group 1 primary - should be denied since it is not yet
678 # secondary
679 m = Message()
680 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
681 m["primaryGroupID"] = MessageElement(str(group_rid_1),
682 FLAG_MOD_REPLACE, "primaryGroupID")
683 try:
684 ldb.modify(m)
685 self.fail()
686 except LdbError, (num, _):
687 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
688
689 # Make group 1 secondary
690 m = Message()
691 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
692 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
693 FLAG_MOD_REPLACE, "member")
694 ldb.modify(m)
695
696 # Make group 1 primary
697 m = Message()
698 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
699 m["primaryGroupID"] = MessageElement(str(group_rid_1),
700 FLAG_MOD_REPLACE, "primaryGroupID")
701 ldb.modify(m)
702
703 # Try to delete group 1 - should be denied
704 try:
705 ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
706 self.fail()
707 except LdbError, (num, _):
708 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
709
710 # Try to add group 1 also as secondary - should be denied
711 m = Message()
712 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
713 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
714 FLAG_MOD_ADD, "member")
715 try:
716 ldb.modify(m)
717 self.fail()
718 except LdbError, (num, _):
719 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
720
721 # Try to add invalid member to group 1 - should be denied
722 m = Message()
723 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
724 m["member"] = MessageElement(
725 "cn=ldaptestuser3,cn=users," + self.base_dn,
726 FLAG_MOD_ADD, "member")
727 try:
728 ldb.modify(m)
729 self.fail()
730 except LdbError, (num, _):
731 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
732
733 # Make group 2 secondary
734 m = Message()
735 m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
736 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
737 FLAG_MOD_ADD, "member")
738 ldb.modify(m)
739
740 # Swap the groups
741 m = Message()
742 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
743 m["primaryGroupID"] = MessageElement(str(group_rid_2),
744 FLAG_MOD_REPLACE, "primaryGroupID")
745 ldb.modify(m)
746
747 # Old primary group should contain a "member" attribute for the user,
748 # the new shouldn't contain anymore one
749 res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
750 scope=SCOPE_BASE, attrs=["member"])
751 self.assertTrue(len(res1) == 1)
752 self.assertTrue(len(res1[0]["member"]) == 1)
753 self.assertEquals(res1[0]["member"][0].lower(),
754 ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
755
756 res1 = ldb.search("cn=ldaptestgroup2, cn=users," + self.base_dn,
757 scope=SCOPE_BASE, attrs=["member"])
758 self.assertTrue(len(res1) == 1)
759 self.assertFalse("member" in res1[0])
760
761 # Also this should be denied
762 try:
763 ldb.add({
764 "dn": "cn=ldaptestuser1,cn=users," + self.base_dn,
765 "objectclass": ["user", "person"],
766 "primaryGroupID": "0"})
767 self.fail()
768 except LdbError, (num, _):
769 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
770
771 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
772 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
773 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
774
775 def test_primary_group_token(self):
776 """Test the primary group token behaviour (hidden-generated-readonly attribute on groups)"""
777 print "Testing primary group token behaviour\n"
778
779 try:
780 ldb.add({
781 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
782 "objectclass": "group",
783 "primaryGroupToken": "100"})
784 self.fail()
785 except LdbError, (num, _):
786 self.assertEquals(num, ERR_UNDEFINED_ATTRIBUTE_TYPE)
787 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
788
789 ldb.add({
790 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
791 "objectclass": ["user", "person"]})
792
793 ldb.add({
794 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
795 "objectclass": "group"})
796
797 # Testing for one invalid, and one valid operational attribute, but also the things they are built from
798 res1 = ldb.search(self.base_dn,
799 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName", "objectClass", "objectSid"])
800 self.assertTrue(len(res1) == 1)
801 self.assertFalse("primaryGroupToken" in res1[0])
802 self.assertTrue("canonicalName" in res1[0])
803 self.assertTrue("objectClass" in res1[0])
804 self.assertTrue("objectSid" in res1[0])
805
806 res1 = ldb.search(self.base_dn,
807 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName"])
808 self.assertTrue(len(res1) == 1)
809 self.assertFalse("primaryGroupToken" in res1[0])
810 self.assertFalse("objectSid" in res1[0])
811 self.assertFalse("objectClass" in res1[0])
812 self.assertTrue("canonicalName" in res1[0])
813
814 res1 = ldb.search("cn=users,"+self.base_dn,
815 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
816 self.assertTrue(len(res1) == 1)
817 self.assertFalse("primaryGroupToken" in res1[0])
818
819 res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
820 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
821 self.assertTrue(len(res1) == 1)
822 self.assertFalse("primaryGroupToken" in res1[0])
823
824 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
825 scope=SCOPE_BASE)
826 self.assertTrue(len(res1) == 1)
827 self.assertFalse("primaryGroupToken" in res1[0])
828
829 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
830 scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
831 self.assertTrue(len(res1) == 1)
832 primary_group_token = int(res1[0]["primaryGroupToken"][0])
833
834 rid = security.dom_sid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])).split()[1]
835 self.assertEquals(primary_group_token, rid)
836
837 m = Message()
838 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
839 m["primaryGroupToken"] = "100"
840 try:
841 ldb.modify(m)
842 self.fail()
843 except LdbError, (num, _):
844 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
845
846 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
847 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
848
849 def test_wkguid(self):
850 """Test Well known GUID behaviours (including DN+Binary)"""
851 print "Test Well known GUID behaviours (including DN+Binary)"""
852
853 res = self.ldb.search(base=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self.base_dn), scope=SCOPE_BASE, attrs=[])
854 self.assertEquals(len(res), 1)
855
856 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res[0].dn))
857 self.assertEquals(len(res2), 1)
858
859 # Prove that the matching rule is over the whole DN+Binary
860 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd"))
861 self.assertEquals(len(res2), 0)
862 # Prove that the matching rule is over the whole DN+Binary
863 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=%s") % res[0].dn)
864 self.assertEquals(len(res2), 0)
865
866 def test_subschemasubentry(self):
867 """Test subSchemaSubEntry appears when requested, but not when not requested"""
868 print "Test subSchemaSubEntry"""
869
870 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
871 self.assertEquals(len(res), 1)
872 self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
873
874 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
875 self.assertEquals(len(res), 1)
876 self.assertTrue("subScheamSubEntry" not in res[0])
877
878 def test_all(self):
879 """Basic tests"""
880
881 print "Testing user add"
882
883 ldb.add({
884 "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
885 "objectclass": ["user", "person"],
886 "cN": "LDAPtestUSER",
887 "givenname": "ldap",
888 "sn": "testy"})
889
890 ldb.add({
891 "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
892 "objectclass": "group",
893 "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
894
895 ldb.add({
896 "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
897 "objectclass": "computer",
898 "cN": "LDAPtestCOMPUTER"})
899
900 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
901 "objectClass": "computer",
902 "cn": "LDAPtest2COMPUTER",
903 "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
904 "displayname": "ldap testy"})
905
906 try:
907 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
908 "objectClass": "computer",
909 "cn": "LDAPtest2COMPUTER"
910 })
911 self.fail()
912 except LdbError, (num, _):
913 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
914
915 try:
916 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
917 "objectClass": "computer",
918 "cn": "ldaptestcomputer3",
919 "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
920 })
921 self.fail()
922 except LdbError, (num, _):
923 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
924
925 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
926 "objectClass": "computer",
927 "cn": "LDAPtestCOMPUTER3"
928 })
929
930 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
931 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))");
932 self.assertEquals(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res))
933
934 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn));
935 self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3");
936 self.assertEquals(res[0]["name"][0], "ldaptestcomputer3");
937 self.assertEquals(res[0]["objectClass"][0], "top");
938 self.assertEquals(res[0]["objectClass"][1], "person");
939 self.assertEquals(res[0]["objectClass"][2], "organizationalPerson");
940 self.assertEquals(res[0]["objectClass"][3], "user");
941 self.assertEquals(res[0]["objectClass"][4], "computer");
942 self.assertTrue("objectGUID" in res[0])
943 self.assertTrue("whenCreated" in res[0])
944 self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
945 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
946 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT);
947 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
948
949 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
950
951 print "Testing attribute or value exists behaviour"
952 try:
953 ldb.modify_ldif("""
954 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
955 changetype: modify
956 replace: servicePrincipalName
957 servicePrincipalName: host/ldaptest2computer
958 servicePrincipalName: host/ldaptest2computer
959 servicePrincipalName: cifs/ldaptest2computer
960 """)
961 self.fail()
962 except LdbError, (num, msg):
963 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
964
965 ldb.modify_ldif("""
966 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
967 changetype: modify
968 replace: servicePrincipalName
969 servicePrincipalName: host/ldaptest2computer
970 servicePrincipalName: cifs/ldaptest2computer
971 """)
972 try:
973 ldb.modify_ldif("""
974 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
975 changetype: modify
976 add: servicePrincipalName
977 servicePrincipalName: host/ldaptest2computer
978 """)
979 self.fail()
980 except LdbError, (num, msg):
981 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
982
983 print "Testing ranged results"
984 ldb.modify_ldif("""
985 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
986 changetype: modify
987 replace: servicePrincipalName
988 """)
989
990 ldb.modify_ldif("""
991 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
992 changetype: modify
993 add: servicePrincipalName
994 servicePrincipalName: host/ldaptest2computer0
995 servicePrincipalName: host/ldaptest2computer1
996 servicePrincipalName: host/ldaptest2computer2
997 servicePrincipalName: host/ldaptest2computer3
998 servicePrincipalName: host/ldaptest2computer4
999 servicePrincipalName: host/ldaptest2computer5
1000 servicePrincipalName: host/ldaptest2computer6
1001 servicePrincipalName: host/ldaptest2computer7
1002 servicePrincipalName: host/ldaptest2computer8
1003 servicePrincipalName: host/ldaptest2computer9
1004 servicePrincipalName: host/ldaptest2computer10
1005 servicePrincipalName: host/ldaptest2computer11
1006 servicePrincipalName: host/ldaptest2computer12
1007 servicePrincipalName: host/ldaptest2computer13
1008 servicePrincipalName: host/ldaptest2computer14
1009 servicePrincipalName: host/ldaptest2computer15
1010 servicePrincipalName: host/ldaptest2computer16
1011 servicePrincipalName: host/ldaptest2computer17
1012 servicePrincipalName: host/ldaptest2computer18
1013 servicePrincipalName: host/ldaptest2computer19
1014 servicePrincipalName: host/ldaptest2computer20
1015 servicePrincipalName: host/ldaptest2computer21
1016 servicePrincipalName: host/ldaptest2computer22
1017 servicePrincipalName: host/ldaptest2computer23
1018 servicePrincipalName: host/ldaptest2computer24
1019 servicePrincipalName: host/ldaptest2computer25
1020 servicePrincipalName: host/ldaptest2computer26
1021 servicePrincipalName: host/ldaptest2computer27
1022 servicePrincipalName: host/ldaptest2computer28
1023 servicePrincipalName: host/ldaptest2computer29
1024 """)
1025
1026 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
1027 attrs=["servicePrincipalName;range=0-*"])
1028 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1029 #print len(res[0]["servicePrincipalName;range=0-*"])
1030 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1031
1032 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
1033 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1034 # print res[0]["servicePrincipalName;range=0-19"].length
1035 self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
1036
1037
1038 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
1039 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1040 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1041
1042 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
1043 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1044 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1045
1046 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
1047 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1048 self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
1049
1050
1051 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
1052 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1053 self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
1054 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
1055
1056 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
1057 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1058 self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
1059 # print res[0]["servicePrincipalName;range=11-*"][18]
1060 # print pos_11
1061 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
1062
1063 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
1064 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1065 self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
1066 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
1067
1068 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
1069 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1070 # print res[0]["servicePrincipalName"][18]
1071 # print pos_11
1072 self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
1073 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
1074
1075 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1076 ldb.add({
1077 "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
1078 "objectClass": ["person", "user"],
1079 "cn": "LDAPtestUSER2",
1080 "givenname": "testy",
1081 "sn": "ldap user2"})
1082
1083 print "Testing Ambigious Name Resolution"
1084 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
1085 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
1086 self.assertEquals(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
1087
1088 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1089 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1090 self.assertEquals(len(res), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res))
1091
1092 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
1093 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
1094 self.assertEquals(len(res), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res))
1095
1096 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
1097 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
1098 self.assertEquals(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
1099
1100 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1101 self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1102 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1103
1104 # Testing ldb.search for (&(anr=testy)(objectClass=user))
1105 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
1106 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
1107
1108 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1109 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1110 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
1111
1112 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1113 # this test disabled for the moment, as anr with == tests are not understood
1114 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1115 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
1116
1117 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1118 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1119 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1120
1121 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1122 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1123 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
1124
1125 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1126 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1127 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1128
1129 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
1130 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
1131 self.assertEquals(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
1132
1133 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1134 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1135 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1136
1137 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
1138 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
1139 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
1140
1141 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1142 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1143 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1144
1145 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
1146 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
1147 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
1148
1149 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1150 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1151 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1152
1153 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
1154 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
1155 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
1156
1157 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
1158 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
1159 self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
1160
1161 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
1162 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
1163 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
1164
1165 print "Testing Renames"
1166
1167 attrs = ["objectGUID", "objectSid"]
1168 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1169 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1170 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1171
1172 # Check rename works with extended/alternate DN forms
1173 ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
1174
1175 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
1176 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
1177 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
1178
1179 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1180 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1181 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1182
1183 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
1184 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1185 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1186
1187 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1188 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1189 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1190
1191 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
1192 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1193 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1194
1195 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1196 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1197 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1198
1199 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
1200 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1201 self.assertEquals(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1202
1203 # This is a Samba special, and does not exist in real AD
1204 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1205 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1206 # if (res.error != 0 || len(res) != 1) {
1207 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1208 # self.assertEquals(len(res), 1)
1209 # }
1210 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1211 # self.assertEquals(res[0].cn, "ldaptestUSER3")
1212 # self.assertEquals(res[0].name, "ldaptestUSER3")
1213
1214 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1215 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1216 self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1217 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1218 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1219 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1220
1221 # ensure we cannot add it again
1222 try:
1223 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
1224 "objectClass": ["person", "user"],
1225 "cn": "LDAPtestUSER3"})
1226 self.fail()
1227 except LdbError, (num, _):
1228 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1229
1230 # rename back
1231 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1232
1233 # ensure we cannot rename it twice
1234 try:
1235 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn,
1236 "cn=ldaptestuser2,cn=users," + self.base_dn)
1237 self.fail()
1238 except LdbError, (num, _):
1239 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1240
1241 # ensure can now use that name
1242 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
1243 "objectClass": ["person", "user"],
1244 "cn": "LDAPtestUSER3"})
1245
1246 # ensure we now cannot rename
1247 try:
1248 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
1249 self.fail()
1250 except LdbError, (num, _):
1251 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1252 try:
1253 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
1254 self.fail()
1255 except LdbError, (num, _):
1256 self.assertTrue(num in (71, 64))
1257
1258 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
1259
1260 ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
1261
1262 self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1263
1264 ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1265
1266 print "Testing subtree renames"
1267
1268 ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn,
1269 "objectClass": "container"})
1270
1271 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn,
1272 "objectClass": ["person", "user"],
1273 "cn": "LDAPtestUSER4"})
1274
1275 ldb.modify_ldif("""
1276 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1277 changetype: modify
1278 add: member
1279 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
1280 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
1281 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
1282 """)
1283
1284 print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
1285 ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
1286
1287 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
1288 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
1289 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
1290
1291 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1292 try:
1293 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1294 expression="(&(cn=ldaptestuser4)(objectClass=user))",
1295 scope=SCOPE_SUBTREE)
1296 self.fail(res)
1297 except LdbError, (num, _):
1298 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1299
1300 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1301 try:
1302 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1303 expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
1304 self.fail()
1305 except LdbError, (num, _):
1306 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1307
1308 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
1309 res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
1310 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
1311
1312 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1313 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1314
1315 time.sleep(4)
1316
1317 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
1318 res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
1319 self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
1320
1321 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
1322 try:
1323 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
1324 self.fail()
1325 except LdbError, (num, _):
1326 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1327
1328 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
1329 try:
1330 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
1331 self.fail()
1332 except LdbError, (num, _):
1333 self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
1334
1335 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
1336 try:
1337 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1338 self.fail()
1339 except LdbError, (num, _):
1340 self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
1341
1342 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
1343 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1344 self.assertEquals(len(res), 1)
1345 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1346 self.assertEquals(len(res), 0)
1347
1348 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1349 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
1350 # FIXME: self.assertEquals(len(res), 0)
1351
1352 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1353 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
1354 # FIXME: self.assertEquals(len(res), 0)
1355
1356 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
1357 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1358 print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
1359 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1360
1361 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1362
1363 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1364
1365 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
1366 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
1367 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1368
1369 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1370 self.assertEquals(str(res[0]["cn"]), "ldaptestuser")
1371 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1372 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
1373 self.assertTrue("objectGUID" in res[0])
1374 self.assertTrue("whenCreated" in res[0])
1375 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
1376 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1377 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1378 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1379 self.assertEquals(len(res[0]["memberOf"]), 1)
1380
1381 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
1382 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1383 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1384
1385 self.assertEquals(res[0].dn, res2[0].dn)
1386
1387 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
1388 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1389 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
1390
1391 self.assertEquals(res[0].dn, res3[0].dn)
1392
1393 if gc_ldb is not None:
1394 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
1395 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1396 self.assertEquals(len(res3gc), 1)
1397
1398 self.assertEquals(res[0].dn, res3gc[0].dn)
1399
1400 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
1401
1402 if gc_ldb is not None:
1403 res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1404 self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
1405
1406 self.assertEquals(res[0].dn, res3control[0].dn)
1407
1408 ldb.delete(res[0].dn)
1409
1410 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
1411 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
1412 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1413
1414 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
1415 self.assertEquals(str(res[0]["cn"]), "ldaptestcomputer")
1416 self.assertEquals(str(res[0]["name"]), "ldaptestcomputer")
1417 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
1418 self.assertTrue("objectGUID" in res[0])
1419 self.assertTrue("whenCreated" in res[0])
1420 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
1421 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
1422 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1423 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1424 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1425 self.assertEquals(len(res[0]["memberOf"]), 1)
1426
1427 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
1428 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1429 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1430
1431 self.assertEquals(res[0].dn, res2[0].dn)
1432
1433 if gc_ldb is not None:
1434 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
1435 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1436 self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
1437
1438 self.assertEquals(res[0].dn, res2gc[0].dn)
1439
1440 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
1441 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1442 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1443
1444 self.assertEquals(res[0].dn, res3[0].dn)
1445
1446 if gc_ldb is not None:
1447 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
1448 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1449 self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
1450
1451 self.assertEquals(res[0].dn, res3gc[0].dn)
1452
1453 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
1454 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
1455 self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
1456
1457 self.assertEquals(res[0].dn, res4[0].dn)
1458
1459 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
1460 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
1461 self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
1462
1463 self.assertEquals(res[0].dn, res5[0].dn)
1464
1465 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
1466 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
1467 self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
1468
1469 self.assertEquals(res[0].dn, res6[0].dn)
1470
1471 ldb.delete("<GUID=" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + ">")
1472
1473 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
1474 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
1475 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
1476
1477 self.assertEquals(str(res[0].dn), "CN=ldaptest2computer,CN=Computers," + self.base_dn)
1478 self.assertEquals(str(res[0]["cn"]), "ldaptest2computer")
1479 self.assertEquals(str(res[0]["name"]), "ldaptest2computer")
1480 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
1481 self.assertTrue("objectGUID" in res[0])
1482 self.assertTrue("whenCreated" in res[0])
1483 self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
1484 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
1485 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
1486
1487 ldb.delete("<SID=" + ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) + ">")
1488
1489 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
1490 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1491 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1492 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1493
1494 self.assertEquals(str(res_user[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1495 self.assertEquals(str(res_user[0]["cn"]), "ldaptestuser2")
1496 self.assertEquals(str(res_user[0]["name"]), "ldaptestuser2")
1497 self.assertEquals(list(res_user[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
1498 self.assertTrue("objectSid" in res_user[0])
1499 self.assertTrue("objectGUID" in res_user[0])
1500 self.assertTrue("whenCreated" in res_user[0])
1501 self.assertTrue("nTSecurityDescriptor" in res_user[0])
1502 self.assertTrue("allowedAttributes" in res_user[0])
1503 self.assertTrue("allowedAttributesEffective" in res_user[0])
1504 self.assertEquals(res_user[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1505
1506 ldaptestuser2_sid = res_user[0]["objectSid"][0]
1507 ldaptestuser2_guid = res_user[0]["objectGUID"][0]
1508
1509 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
1510 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
1511 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1512 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1513
1514 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1515 self.assertEquals(str(res[0]["cn"]), "ldaptestgroup2")
1516 self.assertEquals(str(res[0]["name"]), "ldaptestgroup2")
1517 self.assertEquals(list(res[0]["objectClass"]), ["top", "group"])
1518 self.assertTrue("objectGUID" in res[0])
1519 self.assertTrue("objectSid" in res[0])
1520 self.assertTrue("whenCreated" in res[0])
1521 self.assertTrue("nTSecurityDescriptor" in res[0])
1522 self.assertTrue("allowedAttributes" in res[0])
1523 self.assertTrue("allowedAttributesEffective" in res[0])
1524 memberUP = []
1525 for m in res[0]["member"]:
1526 memberUP.append(m.upper())
1527 self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
1528
1529 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn:1:1"])
1530 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1531
1532 print res[0]["member"]
1533 memberUP = []
1534 for m in res[0]["member"]:
1535 memberUP.append(m.upper())
1536 print ("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper()
1537
1538 self.assertTrue(("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
1539
1540 print "Testing Linked attribute behaviours"
1541 ldb.modify_ldif("""
1542 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1543 changetype: modify
1544 replace: member
1545 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
1546 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1547 """)
1548
1549 ldb.modify_ldif("""
1550 dn: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
1551 changetype: modify
1552 replace: member
1553 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1554 """)
1555
1556 ldb.modify_ldif("""
1557 dn: <SID=""" + ldb.schema_format_value("objectSid", res[0]["objectSid"][0]) + """>
1558 changetype: modify
1559 delete: member
1560 """)
1561
1562 ldb.modify_ldif("""
1563 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1564 changetype: modify
1565 add: member
1566 member: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
1567 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1568 """)
1569
1570 ldb.modify_ldif("""
1571 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1572 changetype: modify
1573 replace: member
1574 """)
1575
1576 ldb.modify_ldif("""
1577 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1578 changetype: modify
1579 add: member
1580 member: <SID=""" + ldb.schema_format_value("objectSid", res_user[0]["objectSid"][0]) + """>
1581 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1582 """)
1583
1584 ldb.modify_ldif("""
1585 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1586 changetype: modify
1587 delete: member
1588 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1589 """)
1590
1591 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1592 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1593
1594 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1595 self.assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1596 self.assertEquals(len(res[0]["member"]), 1)
1597
1598 ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
1599
1600 time.sleep(4)
1601
1602 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
1603 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
1604 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1605 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
1606
1607 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1608 self.assertTrue("member" not in res[0])
1609
1610 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
1611 # TODO UTF8 users don't seem to work fully anymore
1612 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1613 res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))")
1614 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1615
1616 self.assertEquals(str(res[0].dn), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
1617 self.assertEquals(str(res[0]["cn"]), "ldaptestutf8user èùéìòà")
1618 self.assertEquals(str(res[0]["name"]), "ldaptestutf8user èùéìòà")
1619 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
1620 self.assertTrue("objectGUID" in res[0])
1621 self.assertTrue("whenCreated" in res[0])
1622
1623 ldb.delete(res[0].dn)
1624
1625 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
1626 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
1627 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
1628
1629 ldb.delete(res[0].dn)
1630
1631 ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1632
1633 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
1634 # TODO UTF8 users don't seem to work fully anymore
1635 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1636 # self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1637
1638 print "Testing that we can't get at the configuration DN from the main search base"
1639 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1640 self.assertEquals(len(res), 0)
1641
1642 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
1643 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1644 self.assertTrue(len(res) > 0)
1645
1646 if gc_ldb is not None:
1647 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
1648
1649 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
1650 self.assertTrue(len(res) > 0)
1651
1652 print "Testing that we do find configuration elements in the global catlog"
1653 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1654 self.assertTrue(len(res) > 0)
1655
1656 print "Testing that we do find configuration elements and user elements at the same time"
1657 res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
1658 self.assertTrue(len(res) > 0)
1659
1660 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
1661 res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1662 self.assertTrue(len(res) > 0)
1663
1664 print "Testing that we can get at the configuration DN on the main LDAP port"
1665 res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1666 self.assertTrue(len(res) > 0)
1667
1668 print "Testing objectCategory canonacolisation"
1669 res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
1670 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
1671 self.assertTrue(len(res) != 0)
1672
1673 res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
1674 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
1675 self.assertTrue(len(res) != 0)
1676
1677 print "Testing objectClass attribute order on "+ self.base_dn
1678 res = ldb.search(expression="objectClass=domain", base=self.base_dn,
1679 scope=SCOPE_BASE, attrs=["objectClass"])
1680 self.assertEquals(len(res), 1)
1681
1682 self.assertEquals(list(res[0]["objectClass"]), ["top", "domain", "domainDNS"])
1683
1684 # check enumeration
1685
1686 print "Testing ldb.search for objectCategory=person"
1687 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
1688 self.assertTrue(len(res) > 0)
1689
1690 print "Testing ldb.search for objectCategory=person with domain scope control"
1691 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1692 self.assertTrue(len(res) > 0)
1693
1694 print "Testing ldb.search for objectCategory=user"
1695 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
1696 self.assertTrue(len(res) > 0)
1697
1698 print "Testing ldb.search for objectCategory=user with domain scope control"
1699 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1700 self.assertTrue(len(res) > 0)
1701
1702 print "Testing ldb.search for objectCategory=group"
1703 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
1704 self.assertTrue(len(res) > 0)
1705
1706 print "Testing ldb.search for objectCategory=group with domain scope control"
1707 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1708 self.assertTrue(len(res) > 0)
1709
1710 print "Testing creating a user with the posixAccount objectClass"
1711 self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
1712 objectClass: top
1713 objectClass: person
1714 objectClass: posixAccount
1715 objectClass: user
1716 objectClass: organizationalPerson
1717 cn: posixuser
1718 uid: posixuser
1719 sn: posixuser
1720 uidNumber: 10126
1721 gidNumber: 10126
1722 homeDirectory: /home/posixuser
1723 loginShell: /bin/bash
1724 gecos: Posix User;;;
1725 description: A POSIX user"""% (self.base_dn))
1726
1727 print "Testing removing the posixAccount objectClass from an existing user"
1728 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1729 changetype: modify
1730 delete: objectClass
1731 objectClass: posixAccount"""% (self.base_dn))
1732
1733 print "Testing adding the posixAccount objectClass to an existing user"
1734 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1735 changetype: modify
1736 add: objectClass
1737 objectClass: posixAccount"""% (self.base_dn))
1738
1739 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
1740 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1741 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1742 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
1743 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
1744 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
1745 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1746 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1747 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1748 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
1749 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
1750 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
1751 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
1752 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
1753 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
1754 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
1755
1756 def test_security_descriptor_add(self):
1757 """ Testing ldb.add_ldif() for nTSecurityDescriptor """
1758 user_name = "testdescriptoruser1"
1759 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1760 #
1761 # Test add_ldif() with SDDL security descriptor input
1762 #
1763 self.delete_force(self.ldb, user_dn)
1764 try:
1765 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1766 self.ldb.add_ldif("""
1767 dn: """ + user_dn + """
1768 objectclass: user
1769 sAMAccountName: """ + user_name + """
1770 nTSecurityDescriptor: """ + sddl)
1771 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1772 desc = res[0]["nTSecurityDescriptor"][0]
1773 desc = ndr_unpack( security.descriptor, desc )
1774 desc_sddl = desc.as_sddl( self.domain_sid )
1775 self.assertEqual(desc_sddl, sddl)
1776 finally:
1777 self.delete_force(self.ldb, user_dn)
1778 #
1779 # Test add_ldif() with BASE64 security descriptor
1780 #
1781 try:
1782 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1783 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1784 desc_binary = ndr_pack(desc)
1785 desc_base64 = base64.b64encode(desc_binary)
1786 self.ldb.add_ldif("""
1787 dn: """ + user_dn + """
1788 objectclass: user
1789 sAMAccountName: """ + user_name + """
1790 nTSecurityDescriptor:: """ + desc_base64)
1791 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1792 desc = res[0]["nTSecurityDescriptor"][0]
1793 desc = ndr_unpack(security.descriptor, desc)
1794 desc_sddl = desc.as_sddl(self.domain_sid)
1795 self.assertEqual(desc_sddl, sddl)
1796 finally:
1797 self.delete_force(self.ldb, user_dn)
1798
1799 def test_security_descriptor_add_neg(self):
1800 """Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
1801 Negative test
1802 """
1803 user_name = "testdescriptoruser1"
1804 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1805 self.delete_force(self.ldb, user_dn)
1806 try:
1807 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1808 desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
1809 desc_base64 = base64.b64encode( ndr_pack(desc) )
1810 self.ldb.add_ldif("""
1811 dn: """ + user_dn + """
1812 objectclass: user
1813 sAMAccountName: """ + user_name + """
1814 nTSecurityDescriptor:: """ + desc_base64)
1815 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1816 self.assertTrue("nTSecurityDescriptor" in res[0])
1817 finally:
1818 self.delete_force(self.ldb, user_dn)
1819
1820 def test_security_descriptor_modify(self):
1821 """ Testing ldb.modify_ldif() for nTSecurityDescriptor """
1822 user_name = "testdescriptoruser2"
1823 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1824 #
1825 # Delete user object and test modify_ldif() with SDDL security descriptor input
1826 # Add ACE to the original descriptor test
1827 #
1828 try:
1829 self.delete_force(self.ldb, user_dn)
1830 self.ldb.add_ldif("""
1831 dn: """ + user_dn + """
1832 objectclass: user
1833 sAMAccountName: """ + user_name)
1834 # Modify descriptor
1835 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1836 desc = res[0]["nTSecurityDescriptor"][0]
1837 desc = ndr_unpack(security.descriptor, desc)
1838 desc_sddl = desc.as_sddl(self.domain_sid)
1839 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
1840 mod = """
1841 dn: """ + user_dn + """
1842 changetype: modify
1843 replace: nTSecurityDescriptor
1844 nTSecurityDescriptor: """ + sddl
1845 self.ldb.modify_ldif(mod)
1846 # Read modified descriptor
1847 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1848 desc = res[0]["nTSecurityDescriptor"][0]
1849 desc = ndr_unpack(security.descriptor, desc)
1850 desc_sddl = desc.as_sddl(self.domain_sid)
1851 self.assertEqual(desc_sddl, sddl)
1852 finally:
1853 self.delete_force(self.ldb, user_dn)
1854 #
1855 # Test modify_ldif() with SDDL security descriptor input
1856 # New desctiptor test
1857 #
1858 try:
1859 self.ldb.add_ldif("""
1860 dn: """ + user_dn + """
1861 objectclass: user
1862 sAMAccountName: """ + user_name)
1863 # Modify descriptor
1864 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1865 mod = """
1866 dn: """ + user_dn + """
1867 changetype: modify
1868 replace: nTSecurityDescriptor
1869 nTSecurityDescriptor: """ + sddl
1870 self.ldb.modify_ldif(mod)
1871 # Read modified descriptor
1872 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1873 desc = res[0]["nTSecurityDescriptor"][0]
1874 desc = ndr_unpack(security.descriptor, desc)
1875 desc_sddl = desc.as_sddl(self.domain_sid)
1876 self.assertEqual(desc_sddl, sddl)
1877 finally:
1878 self.delete_force(self.ldb, user_dn)
1879 #
1880 # Test modify_ldif() with BASE64 security descriptor input
1881 # Add ACE to the original descriptor test
1882 #
1883 try:
1884 self.ldb.add_ldif("""
1885 dn: """ + user_dn + """
1886 objectclass: user
1887 sAMAccountName: """ + user_name)
1888 # Modify descriptor
1889 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1890 desc = res[0]["nTSecurityDescriptor"][0]
1891 desc = ndr_unpack(security.descriptor, desc)
1892 desc_sddl = desc.as_sddl(self.domain_sid)
1893 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
1894 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1895 desc_base64 = base64.b64encode(ndr_pack(desc))
1896 mod = """
1897 dn: """ + user_dn + """
1898 changetype: modify
1899 replace: nTSecurityDescriptor
1900 nTSecurityDescriptor:: """ + desc_base64
1901 self.ldb.modify_ldif(mod)
1902 # Read modified descriptor
1903 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1904 desc = res[0]["nTSecurityDescriptor"][0]
1905 desc = ndr_unpack(security.descriptor, desc)
1906 desc_sddl = desc.as_sddl(self.domain_sid)
1907 self.assertEqual(desc_sddl, sddl)
1908 finally:
1909 self.delete_force(self.ldb, user_dn)
1910 #
1911 # Test modify_ldif() with BASE64 security descriptor input
1912 # New descriptor test
1913 #
1914 try:
1915 self.delete_force(self.ldb, user_dn)
1916 self.ldb.add_ldif("""
1917 dn: """ + user_dn + """
1918 objectclass: user
1919 sAMAccountName: """ + user_name)
1920 # Modify descriptor
1921 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1922 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1923 desc_base64 = base64.b64encode(ndr_pack(desc))
1924 mod = """
1925 dn: """ + user_dn + """
1926 changetype: modify
1927 replace: nTSecurityDescriptor
1928 nTSecurityDescriptor:: """ + desc_base64
1929 self.ldb.modify_ldif(mod)
1930 # Read modified descriptor
1931 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1932 desc = res[0]["nTSecurityDescriptor"][0]
1933 desc = ndr_unpack(security.descriptor, desc)
1934 desc_sddl = desc.as_sddl(self.domain_sid)
1935 self.assertEqual(desc_sddl, sddl)
1936 finally:
1937 self.delete_force(self.ldb, user_dn)
1938
1939 class BaseDnTests(unittest.TestCase):
1940 def setUp(self):
1941 self.ldb = ldb
1942
1943 def test_rootdse_attrs(self):
1944 """Testing for all rootDSE attributes"""
1945 res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
1946 self.assertEquals(len(res), 1)
1947
1948 def test_highestcommittedusn(self):
1949 """Testing for highestCommittedUSN"""
1950 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
1951 self.assertEquals(len(res), 1)
1952 self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
1953
1954 def test_netlogon(self):
1955 """Testing for netlogon via LDAP"""
1956 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
1957 self.assertEquals(len(res), 0)
1958
1959 def test_netlogon_highestcommitted_usn(self):
1960 """Testing for netlogon and highestCommittedUSN via LDAP"""
1961 res = self.ldb.search("", scope=SCOPE_BASE,
1962 attrs=["netlogon", "highestCommittedUSN"])
1963 self.assertEquals(len(res), 0)
1964
1965 def test_namingContexts(self):
1966 """Testing for namingContexts in rootDSE"""
1967 res = self.ldb.search("", scope=SCOPE_BASE,
1968 attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
1969 self.assertEquals(len(res), 1)
1970
1971 ncs = set([])
1972 for nc in res[0]["namingContexts"]:
1973 self.assertTrue(nc not in ncs)
1974 ncs.add(nc)
1975
1976 self.assertTrue(res[0]["defaultNamingContext"][0] in ncs)
1977 self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
1978 self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
1979
1980
1981 if not "://" in host:
1982 if os.path.isfile(host):
1983 host = "tdb://%s" % host
1984 else:
1985 host = "ldap://%s" % host
1986
1987 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
1988 if not "tdb://" in host:
1989 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
1990 session_info=system_session(), lp=lp)
1991 else:
1992 gc_ldb = None
1993
1994 runner = SubunitTestRunner()
1995 rc = 0
1996 if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful():
1997 rc = 1
1998 if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful():
1999 rc = 1
2000 sys.exit(rc)
Eduardo's samba4 branches