search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-lsa: Fix static list of luids in our privileges implementation.
[Samba/ekacnet.git] / source4 / lib / ldb / tests / python / ldap.py
blob156a42fe174d91a78c6122c98b58000c230e8520
1 #!/usr/bin/env python
2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
4
5 import optparse
6 import sys
7 import time
8 import base64
9 import os
10
11 sys.path.append("bin/python")
12
13 import samba.getopt as options
14
15 from samba.auth import system_session
16 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
17 from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
18 from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
19 from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
20 from ldb import ERR_NO_SUCH_ATTRIBUTE
21 from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
22 from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
23 from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
24 from ldb import Message, MessageElement, Dn
25 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
26 from samba import Ldb
27 from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT,
28 UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
29 ATYPE_WORKSTATION_TRUST)
30
31 from subunit.run import SubunitTestRunner
32 import unittest
33
34 from samba.ndr import ndr_pack, ndr_unpack
35 from samba.dcerpc import security
36
37 parser = optparse.OptionParser("ldap [options] <host>")
38 sambaopts = options.SambaOptions(parser)
39 parser.add_option_group(sambaopts)
40 parser.add_option_group(options.VersionOptions(parser))
41 # use command line creds if available
42 credopts = options.CredentialsOptions(parser)
43 parser.add_option_group(credopts)
44 opts, args = parser.parse_args()
45
46 if len(args) < 1:
47 parser.print_usage()
48 sys.exit(1)
49
50 host = args[0]
51
52 lp = sambaopts.get_loadparm()
53 creds = credopts.get_credentials(lp)
54
55 class BasicTests(unittest.TestCase):
56
57 def delete_force(self, ldb, dn):
58 try:
59 ldb.delete(dn)
60 except LdbError, (num, _):
61 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
62
63 def find_basedn(self, ldb):
64 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
65 attrs=["defaultNamingContext"])
66 self.assertEquals(len(res), 1)
67 return res[0]["defaultNamingContext"][0]
68
69 def find_configurationdn(self, ldb):
70 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
71 self.assertEquals(len(res), 1)
72 return res[0]["configurationNamingContext"][0]
73
74 def find_schemadn(self, ldb):
75 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
76 self.assertEquals(len(res), 1)
77 return res[0]["schemaNamingContext"][0]
78
79 def find_domain_sid(self):
80 res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
81 return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
82
83 def setUp(self):
84 self.ldb = ldb
85 self.gc_ldb = gc_ldb
86 self.base_dn = self.find_basedn(ldb)
87 self.configuration_dn = self.find_configurationdn(ldb)
88 self.schema_dn = self.find_schemadn(ldb)
89 self.domain_sid = self.find_domain_sid()
90
91 print "baseDN: %s\n" % self.base_dn
92
93 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
94 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
95 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
96 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
97 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
98 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
99 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
100 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
101 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
102 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
103 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
104 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
105 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
106 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
107 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
108 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
109 self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
110 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
111 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
112 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
113 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
114 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
115
116 def test_system_only(self):
117 """Test systemOnly objects"""
118 print "Test systemOnly objects"""
119
120 try:
121 self.ldb.add({
122 "dn": "cn=ldaptestobject," + self.base_dn,
123 "objectclass": "configuration"})
124 self.fail()
125 except LdbError, (num, _):
126 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
127
128 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
129
130 def test_invalid_parent(self):
131 """Test adding an object with invalid parent"""
132 print "Test adding an object with invalid parent"""
133
134 try:
135 self.ldb.add({
136 "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
137 + self.base_dn,
138 "objectclass": "group"})
139 self.fail()
140 except LdbError, (num, _):
141 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
142
143 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
144 + self.base_dn)
145
146 try:
147 self.ldb.add({
148 "dn": "ou=testou,cn=users," + self.base_dn,
149 "objectclass": "organizationalUnit"})
150 self.fail()
151 except LdbError, (num, _):
152 self.assertEquals(num, ERR_NAMING_VIOLATION)
153
154 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
155
156 def test_invalid_attribute(self):
157 """Test adding invalid attributes (not in schema)"""
158 print "Test adding invalid attributes (not in schema)"""
159
160 try:
161 self.ldb.add({
162 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
163 "objectclass": "group",
164 "thisdoesnotexist": "x"})
165 self.fail()
166 except LdbError, (num, _):
167 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
168
169 self.ldb.add({
170 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
171 "objectclass": "group"})
172
173 m = Message()
174 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
175 m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
176 "thisdoesnotexist")
177 try:
178 ldb.modify(m)
179 self.fail()
180 except LdbError, (num, _):
181 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
182
183 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
184
185 def test_single_valued_attributes(self):
186 """Test single-valued attributes"""
187 print "Test single-valued attributes"""
188
189 try:
190 self.ldb.add({
191 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
192 "objectclass": "group",
193 "sAMAccountName": ["nam1", "nam2"]})
194 self.fail()
195 except LdbError, (num, _):
196 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
197
198 self.ldb.add({
199 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
200 "objectclass": "group"})
201
202 m = Message()
203 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
204 m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
205 "sAMAccountName")
206 try:
207 ldb.modify(m)
208 self.fail()
209 except LdbError, (num, _):
210 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
211
212 m = Message()
213 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
214 m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
215 "sAMAccountName")
216 ldb.modify(m)
217
218 m = Message()
219 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
220 m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
221 "sAMAccountName")
222 try:
223 ldb.modify(m)
224 self.fail()
225 except LdbError, (num, _):
226 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
227
228 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
229
230 def test_multi_valued_attributes(self):
231 """Test multi-valued attributes"""
232 print "Test multi-valued attributes"""
233
234 # TODO: In this test I added some special tests where I got very unusual
235 # results back from a real AD. s4 doesn't match them and I've no idea how to
236 # implement those error cases (maybe there exists a special trigger for
237 # "description" attributes which handle them)
238
239 self.ldb.add({
240 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
241 "description": "desc2",
242 "objectclass": "group",
243 "description": "desc1"})
244
245 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
246
247 self.ldb.add({
248 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
249 "objectclass": "group",
250 "description": ["desc1", "desc2"]})
251
252 # m = Message()
253 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
254 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
255 # "description")
256 # try:
257 # ldb.modify(m)
258 # self.fail()
259 # except LdbError, (num, _):
260 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
261
262 m = Message()
263 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
264 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
265 "description")
266 ldb.modify(m)
267
268 # m = Message()
269 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
270 # m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
271 # "description")
272 # try:
273 # ldb.modify(m)
274 # self.fail()
275 # except LdbError, (num, _):
276 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
277
278 m = Message()
279 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
280 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
281 "description")
282 try:
283 ldb.modify(m)
284 self.fail()
285 except LdbError, (num, _):
286 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
287
288 m = Message()
289 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
290 m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
291 "description")
292 ldb.modify(m)
293
294 # m = Message()
295 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
296 # m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
297 # "description")
298 # try:
299 # ldb.modify(m)
300 # self.fail()
301 # except LdbError, (num, _):
302 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
303
304 # m = Message()
305 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
306 # m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
307 # "description")
308 # try:
309 # ldb.modify(m)
310 # self.fail()
311 # except LdbError, (num, _):
312 # self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
313
314 m = Message()
315 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
316 m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
317 "description")
318 ldb.modify(m)
319
320 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
321
322 def test_empty_messages(self):
323 """Test empty messages"""
324 print "Test empty messages"""
325
326 m = Message()
327 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
328
329 try:
330 ldb.add(m)
331 self.fail()
332 except LdbError, (num, _):
333 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
334
335 try:
336 ldb.modify(m)
337 self.fail()
338 except LdbError, (num, _):
339 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
340
341 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
342
343 def test_empty_attributes(self):
344 """Test empty attributes"""
345 print "Test empty attributes"""
346
347 m = Message()
348 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
349 m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass")
350 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
351
352 try:
353 ldb.add(m)
354 self.fail()
355 except LdbError, (num, _):
356 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
357
358 self.ldb.add({
359 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
360 "objectclass": "group"})
361
362 m = Message()
363 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
364 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
365
366 try:
367 ldb.modify(m)
368 self.fail()
369 except LdbError, (num, _):
370 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
371
372 m = Message()
373 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
374 m["description"] = MessageElement([], FLAG_MOD_REPLACE, "description")
375 ldb.modify(m)
376
377 m = Message()
378 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
379 m["description"] = MessageElement([], FLAG_MOD_DELETE, "description")
380 try:
381 ldb.modify(m)
382 self.fail()
383 except LdbError, (num, _):
384 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
385
386 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
387
388 def test_distinguished_name(self):
389 """Tests the 'distinguishedName' attribute"""
390 print "Tests the 'distinguishedName' attribute"""
391
392 self.ldb.add({
393 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
394 "objectclass": "group"})
395
396 m = Message()
397 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
398 m["distinguishedName"] = MessageElement(
399 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
400 "distinguishedName")
401
402 try:
403 ldb.modify(m)
404 self.fail()
405 except LdbError, (num, _):
406 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
407
408 m = Message()
409 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
410 m["distinguishedName"] = MessageElement(
411 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
412 "distinguishedName")
413
414 try:
415 ldb.modify(m)
416 self.fail()
417 except LdbError, (num, _):
418 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
419
420 m = Message()
421 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
422 m["distinguishedName"] = MessageElement(
423 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
424 "distinguishedName")
425
426 try:
427 ldb.modify(m)
428 self.fail()
429 except LdbError, (num, _):
430 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
431
432 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
433
434 def test_rdn_name(self):
435 """Tests the RDN"""
436 print "Tests the RDN"""
437
438 try:
439 self.ldb.add({
440 "dn": "description=xyz,cn=users," + self.base_dn,
441 "objectclass": "group"})
442 self.fail()
443 except LdbError, (num, _):
444 self.assertEquals(num, ERR_NAMING_VIOLATION)
445
446 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
447
448 # a wrong "name" attribute is obviously tolerated
449 self.ldb.add({
450 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
451 "objectclass": "group",
452 "name": "ldaptestgroupx"})
453
454 m = Message()
455 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
456 m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
457 "name")
458
459 try:
460 ldb.modify(m)
461 self.fail()
462 except LdbError, (num, _):
463 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
464
465 m = Message()
466 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
467 m["cn"] = MessageElement("ldaptestuser",
468 FLAG_MOD_REPLACE, "cn")
469
470 try:
471 ldb.modify(m)
472 self.fail()
473 except LdbError, (num, _):
474 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
475
476 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
477
478
479 # this test needs to be disabled until we really understand
480 # what the rDN length constraints are
481 def DISABLED_test_largeRDN(self):
482 """Testing large rDN (limit 64 characters)"""
483 rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
484 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
485 ldif = """
486 dn: %s,%s""" % (rdn,self.base_dn) + """
487 objectClass: container
488 """
489 self.ldb.add_ldif(ldif)
490 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
491
492 rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
493 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
494 try:
495 ldif = """
496 dn: %s,%s""" % (rdn,self.base_dn) + """
497 objectClass: container
498 """
499 self.ldb.add_ldif(ldif)
500 self.fail()
501 except LdbError, (num, _):
502 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
503 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
504
505 def test_rename(self):
506 """Tests the rename operation"""
507 print "Tests the rename operations"""
508
509 self.ldb.add({
510 "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
511 "objectclass": ["user", "person"] })
512
513 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
514 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
515 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
516 try:
517 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
518 self.fail()
519 except LdbError, (num, _):
520 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
521
522 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
523
524 def test_rename_twice(self):
525 """Tests the rename operation twice - this corresponds to a past bug"""
526 print "Tests the rename twice operation"""
527
528 self.ldb.add({
529 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
530 "objectclass": ["user", "person"] })
531
532 ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
533 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
534 self.ldb.add({
535 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
536 "objectclass": ["user", "person"] })
537 ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
538 res = ldb.search(expression="cn=ldaptestuser5")
539 print "Found %u records" % len(res)
540 self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
541 res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
542 print "Found %u records" % len(res)
543 self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
544 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
545
546 def test_parentGUID(self):
547 """Test parentGUID behaviour"""
548 print "Testing parentGUID behaviour\n"
549
550 # TODO: This seems to fail on Windows Server. Hidden attribute?
551
552 self.ldb.add({
553 "dn": "cn=parentguidtest,cn=users," + self.base_dn,
554 "objectclass":"user",
555 "samaccountname":"parentguidtest"});
556 res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
557 attrs=["parentGUID", "samaccountname"]);
558 res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
559 attrs=["objectGUID"]);
560 res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
561 attrs=["parentGUID"]);
562
563 """Check if the parentGUID is valid """
564 self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
565
566 """Check if it returns nothing when there is no parent object"""
567 has_parentGUID = False
568 for key in res3[0].keys():
569 if key == "parentGUID":
570 has_parentGUID = True
571 break
572 self.assertFalse(has_parentGUID);
573
574 """Ensures that if you look for another object attribute after the constructed
575 parentGUID, it will return correctly"""
576 has_another_attribute = False
577 for key in res1[0].keys():
578 if key == "sAMAccountName":
579 has_another_attribute = True
580 break
581 self.assertTrue(has_another_attribute)
582 self.assertTrue(len(res1[0]["samaccountname"]) == 1)
583 self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest");
584
585 print "Testing parentGUID behaviour on rename\n"
586
587 self.ldb.add({
588 "dn": "cn=testotherusers," + self.base_dn,
589 "objectclass":"container"});
590 res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
591 attrs=["objectGUID"]);
592 ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
593 "cn=parentguidtest,cn=testotherusers," + self.base_dn);
594 res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
595 scope=SCOPE_BASE,
596 attrs=["parentGUID"]);
597 self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
598
599 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
600 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
601
602 def test_groupType_int32(self):
603 """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
604 print "Testing groupType (int32) behaviour\n"
605
606 res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
607 attrs=["groupType"], expression="groupType=2147483653");
608
609 res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
610 attrs=["groupType"], expression="groupType=-2147483643");
611
612 self.assertEquals(len(res1), len(res2))
613
614 self.assertTrue(res1.count > 0)
615
616 self.assertEquals(res1[0]["groupType"][0], "-2147483643")
617
618 def test_groups(self):
619 """This tests the group behaviour (setting, changing) of a user account"""
620 print "Testing group behaviour\n"
621
622 ldb.add({
623 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
624 "objectclass": "group"})
625
626 ldb.add({
627 "dn": "cn=ldaptestgroup2,cn=users," + self.base_dn,
628 "objectclass": "group"})
629
630 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
631 scope=SCOPE_BASE, attrs=["objectSID"])
632 self.assertTrue(len(res1) == 1)
633 group_rid_1 = security.dom_sid(ldb.schema_format_value("objectSID",
634 res1[0]["objectSID"][0])).split()[1]
635
636 res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
637 scope=SCOPE_BASE, attrs=["objectSID"])
638 self.assertTrue(len(res1) == 1)
639 group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
640 res1[0]["objectSID"][0])).split()[1]
641
642 # Try to create a user with an invalid primary group
643 try:
644 ldb.add({
645 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
646 "objectclass": ["user", "person"],
647 "primaryGroupID": "0"})
648 self.fail()
649 except LdbError, (num, _):
650 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
651 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
652
653 # Try to Create a user with a valid primary group
654 # TODO Some more investigation needed here
655 # try:
656 # ldb.add({
657 # "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
658 # "objectclass": ["user", "person"],
659 # "primaryGroupID": str(group_rid_1)})
660 # self.fail()
661 # except LdbError, (num, _):
662 # self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
663 # self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
664
665 # Test to see how we should behave when the user account doesn't
666 # exist
667 m = Message()
668 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
669 m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
670 "primaryGroupID")
671 try:
672 ldb.modify(m)
673 self.fail()
674 except LdbError, (num, _):
675 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
676
677 # Test to see how we should behave when the account isn't a user
678 m = Message()
679 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
680 m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
681 "primaryGroupID")
682 try:
683 ldb.modify(m)
684 self.fail()
685 except LdbError, (num, _):
686 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
687
688 ldb.add({
689 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
690 "objectclass": ["user", "person"]})
691
692 # Try to add invalid primary group
693 m = Message()
694 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
695 m["primaryGroupID"] = MessageElement("0", FLAG_MOD_REPLACE,
696 "primaryGroupID")
697 try:
698 ldb.modify(m)
699 self.fail()
700 except LdbError, (num, _):
701 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
702
703 # Try to make group 1 primary - should be denied since it is not yet
704 # secondary
705 m = Message()
706 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
707 m["primaryGroupID"] = MessageElement(str(group_rid_1),
708 FLAG_MOD_REPLACE, "primaryGroupID")
709 try:
710 ldb.modify(m)
711 self.fail()
712 except LdbError, (num, _):
713 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
714
715 # Make group 1 secondary
716 m = Message()
717 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
718 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
719 FLAG_MOD_REPLACE, "member")
720 ldb.modify(m)
721
722 # Make group 1 primary
723 m = Message()
724 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
725 m["primaryGroupID"] = MessageElement(str(group_rid_1),
726 FLAG_MOD_REPLACE, "primaryGroupID")
727 ldb.modify(m)
728
729 # Try to delete group 1 - should be denied
730 try:
731 ldb.delete("cn=ldaptestgroup,cn=users," + self.base_dn)
732 self.fail()
733 except LdbError, (num, _):
734 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
735
736 # Try to add group 1 also as secondary - should be denied
737 m = Message()
738 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
739 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
740 FLAG_MOD_ADD, "member")
741 try:
742 ldb.modify(m)
743 self.fail()
744 except LdbError, (num, _):
745 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
746
747 # Try to add invalid member to group 1 - should be denied
748 m = Message()
749 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
750 m["member"] = MessageElement(
751 "cn=ldaptestuser3,cn=users," + self.base_dn,
752 FLAG_MOD_ADD, "member")
753 try:
754 ldb.modify(m)
755 self.fail()
756 except LdbError, (num, _):
757 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
758
759 # Make group 2 secondary
760 m = Message()
761 m.dn = Dn(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
762 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
763 FLAG_MOD_ADD, "member")
764 ldb.modify(m)
765
766 # Swap the groups
767 m = Message()
768 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
769 m["primaryGroupID"] = MessageElement(str(group_rid_2),
770 FLAG_MOD_REPLACE, "primaryGroupID")
771 ldb.modify(m)
772
773 # Old primary group should contain a "member" attribute for the user,
774 # the new shouldn't contain anymore one
775 res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
776 scope=SCOPE_BASE, attrs=["member"])
777 self.assertTrue(len(res1) == 1)
778 self.assertTrue(len(res1[0]["member"]) == 1)
779 self.assertEquals(res1[0]["member"][0].lower(),
780 ("cn=ldaptestuser,cn=users," + self.base_dn).lower())
781
782 res1 = ldb.search("cn=ldaptestgroup2, cn=users," + self.base_dn,
783 scope=SCOPE_BASE, attrs=["member"])
784 self.assertTrue(len(res1) == 1)
785 self.assertFalse("member" in res1[0])
786
787 # Also this should be denied
788 try:
789 ldb.add({
790 "dn": "cn=ldaptestuser1,cn=users," + self.base_dn,
791 "objectclass": ["user", "person"],
792 "primaryGroupID": "0"})
793 self.fail()
794 except LdbError, (num, _):
795 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
796
797 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
798 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
799 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
800
801 def test_sam_attributes(self):
802 """Test the behaviour of special attributes of SAM objects"""
803 print "Testing the behaviour of special attributes of SAM objects\n"""
804
805 ldb.add({
806 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
807 "objectclass": ["user", "person"]})
808 ldb.add({
809 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
810 "objectclass": "group"})
811
812 m = Message()
813 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
814 m["groupType"] = MessageElement("0", FLAG_MOD_ADD,
815 "groupType")
816 try:
817 ldb.modify(m)
818 self.fail()
819 except LdbError, (num, _):
820 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
821
822 m = Message()
823 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
824 m["groupType"] = MessageElement([], FLAG_MOD_DELETE,
825 "groupType")
826 try:
827 ldb.modify(m)
828 self.fail()
829 except LdbError, (num, _):
830 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
831
832 m = Message()
833 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
834 m["primaryGroupID"] = MessageElement("0", FLAG_MOD_ADD,
835 "primaryGroupID")
836 try:
837 ldb.modify(m)
838 self.fail()
839 except LdbError, (num, _):
840 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
841
842 m = Message()
843 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
844 m["primaryGroupID"] = MessageElement([], FLAG_MOD_DELETE,
845 "primaryGroupID")
846 try:
847 ldb.modify(m)
848 self.fail()
849 except LdbError, (num, _):
850 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
851
852 m = Message()
853 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
854 m["userAccountControl"] = MessageElement("0", FLAG_MOD_ADD,
855 "userAccountControl")
856 try:
857 ldb.modify(m)
858 self.fail()
859 except LdbError, (num, _):
860 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
861
862 m = Message()
863 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
864 m["userAccountControl"] = MessageElement([], FLAG_MOD_DELETE,
865 "userAccountControl")
866 try:
867 ldb.modify(m)
868 self.fail()
869 except LdbError, (num, _):
870 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
871
872 m = Message()
873 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
874 m["sAMAccountType"] = MessageElement("0", FLAG_MOD_ADD,
875 "sAMAccountType")
876 try:
877 ldb.modify(m)
878 self.fail()
879 except LdbError, (num, _):
880 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
881
882 m = Message()
883 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
884 m["sAMAccountType"] = MessageElement([], FLAG_MOD_REPLACE,
885 "sAMAccountType")
886 try:
887 ldb.modify(m)
888 self.fail()
889 except LdbError, (num, _):
890 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
891
892 m = Message()
893 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
894 m["sAMAccountType"] = MessageElement([], FLAG_MOD_DELETE,
895 "sAMAccountType")
896 try:
897 ldb.modify(m)
898 self.fail()
899 except LdbError, (num, _):
900 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
901
902 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
903 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
904
905 def test_primary_group_token_constructed(self):
906 """Test the primary group token behaviour (hidden-generated-readonly attribute on groups) and some other constructed attributes"""
907 print "Testing primary group token behaviour and other constructed attributes\n"
908
909 try:
910 ldb.add({
911 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
912 "objectclass": "group",
913 "primaryGroupToken": "100"})
914 self.fail()
915 except LdbError, (num, _):
916 self.assertEquals(num, ERR_UNDEFINED_ATTRIBUTE_TYPE)
917 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
918
919 ldb.add({
920 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
921 "objectclass": ["user", "person"]})
922
923 ldb.add({
924 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
925 "objectclass": "group"})
926
927 # Testing for one invalid, and one valid operational attribute, but also the things they are built from
928 res1 = ldb.search(self.base_dn,
929 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName", "objectClass", "objectSid"])
930 self.assertTrue(len(res1) == 1)
931 self.assertFalse("primaryGroupToken" in res1[0])
932 self.assertTrue("canonicalName" in res1[0])
933 self.assertTrue("objectClass" in res1[0])
934 self.assertTrue("objectSid" in res1[0])
935
936 res1 = ldb.search(self.base_dn,
937 scope=SCOPE_BASE, attrs=["primaryGroupToken", "canonicalName"])
938 self.assertTrue(len(res1) == 1)
939 self.assertFalse("primaryGroupToken" in res1[0])
940 self.assertFalse("objectSid" in res1[0])
941 self.assertFalse("objectClass" in res1[0])
942 self.assertTrue("canonicalName" in res1[0])
943
944 res1 = ldb.search("cn=users,"+self.base_dn,
945 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
946 self.assertTrue(len(res1) == 1)
947 self.assertFalse("primaryGroupToken" in res1[0])
948
949 res1 = ldb.search("cn=ldaptestuser, cn=users," + self.base_dn,
950 scope=SCOPE_BASE, attrs=["primaryGroupToken"])
951 self.assertTrue(len(res1) == 1)
952 self.assertFalse("primaryGroupToken" in res1[0])
953
954 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
955 scope=SCOPE_BASE)
956 self.assertTrue(len(res1) == 1)
957 self.assertFalse("primaryGroupToken" in res1[0])
958
959 res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
960 scope=SCOPE_BASE, attrs=["primaryGroupToken", "objectSID"])
961 self.assertTrue(len(res1) == 1)
962 primary_group_token = int(res1[0]["primaryGroupToken"][0])
963
964 rid = security.dom_sid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])).split()[1]
965 self.assertEquals(primary_group_token, rid)
966
967 m = Message()
968 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
969 m["primaryGroupToken"] = "100"
970 try:
971 ldb.modify(m)
972 self.fail()
973 except LdbError, (num, _):
974 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
975
976 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
977 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
978
979 def test_tokenGroups(self):
980 """Test the tokenGroups behaviour (hidden-generated-readonly attribute on SAM objects)"""
981 print "Testing tokenGroups behaviour\n"
982
983 # The domain object shouldn't contain any "tokenGroups" entry
984 res = ldb.search(self.base_dn, scope=SCOPE_BASE, attrs=["tokenGroups"])
985 self.assertTrue(len(res) == 1)
986 self.assertFalse("tokenGroups" in res[0])
987
988 # The domain administrator should contain "tokenGroups" entries
989 # (the exact number depends on the domain/forest function level and the
990 # DC software versions)
991 res = ldb.search("cn=Administrator,cn=Users," + self.base_dn,
992 scope=SCOPE_BASE, attrs=["tokenGroups"])
993 self.assertTrue(len(res) == 1)
994 self.assertTrue("tokenGroups" in res[0])
995
996 ldb.add({
997 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
998 "objectclass": ["user", "person"]})
999
1000 # This testuser should contain at least two "tokenGroups" entries
1001 # (exactly two on an unmodified "Domain Users" and "Users" group)
1002 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
1003 scope=SCOPE_BASE, attrs=["tokenGroups"])
1004 self.assertTrue(len(res) == 1)
1005 self.assertTrue(len(res[0]["tokenGroups"]) >= 2)
1006
1007 # one entry which we need to find should point to domains "Domain Users"
1008 # group and another entry should point to the builtin "Users"group
1009 domain_users_group_found = False
1010 users_group_found = False
1011 for sid in res[0]["tokenGroups"]:
1012 rid = security.dom_sid(ldb.schema_format_value("objectSID", sid)).split()[1]
1013 if rid == 513:
1014 domain_users_group_found = True
1015 if rid == 545:
1016 users_group_found = True
1017
1018 self.assertTrue(domain_users_group_found)
1019 self.assertTrue(users_group_found)
1020
1021 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1022
1023 def test_wkguid(self):
1024 """Test Well known GUID behaviours (including DN+Binary)"""
1025 print "Test Well known GUID behaviours (including DN+Binary)"""
1026
1027 res = self.ldb.search(base=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self.base_dn), scope=SCOPE_BASE, attrs=[])
1028 self.assertEquals(len(res), 1)
1029
1030 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res[0].dn))
1031 self.assertEquals(len(res2), 1)
1032
1033 # Prove that the matching rule is over the whole DN+Binary
1034 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd"))
1035 self.assertEquals(len(res2), 0)
1036 # Prove that the matching rule is over the whole DN+Binary
1037 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=%s") % res[0].dn)
1038 self.assertEquals(len(res2), 0)
1039
1040 def test_subschemasubentry(self):
1041 """Test subSchemaSubEntry appears when requested, but not when not requested"""
1042 print "Test subSchemaSubEntry"""
1043
1044 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
1045 self.assertEquals(len(res), 1)
1046 self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
1047
1048 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
1049 self.assertEquals(len(res), 1)
1050 self.assertTrue("subScheamSubEntry" not in res[0])
1051
1052 def test_all(self):
1053 """Basic tests"""
1054
1055 print "Testing user add"
1056
1057 ldb.add({
1058 "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
1059 "objectclass": ["user", "person"],
1060 "cN": "LDAPtestUSER",
1061 "givenname": "ldap",
1062 "sn": "testy"})
1063
1064 ldb.add({
1065 "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
1066 "objectclass": "group",
1067 "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
1068
1069 ldb.add({
1070 "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
1071 "objectclass": "computer",
1072 "cN": "LDAPtestCOMPUTER"})
1073
1074 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
1075 "objectClass": "computer",
1076 "cn": "LDAPtest2COMPUTER",
1077 "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
1078 "displayname": "ldap testy"})
1079
1080 try:
1081 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1082 "objectClass": "computer",
1083 "cn": "LDAPtest2COMPUTER"
1084 })
1085 self.fail()
1086 except LdbError, (num, _):
1087 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
1088
1089 try:
1090 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1091 "objectClass": "computer",
1092 "cn": "ldaptestcomputer3",
1093 "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
1094 })
1095 self.fail()
1096 except LdbError, (num, _):
1097 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1098
1099 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1100 "objectClass": "computer",
1101 "cn": "LDAPtestCOMPUTER3"
1102 })
1103
1104 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
1105 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))");
1106 self.assertEquals(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res))
1107
1108 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn));
1109 self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3");
1110 self.assertEquals(res[0]["name"][0], "ldaptestcomputer3");
1111 self.assertEquals(res[0]["objectClass"][0], "top");
1112 self.assertEquals(res[0]["objectClass"][1], "person");
1113 self.assertEquals(res[0]["objectClass"][2], "organizationalPerson");
1114 self.assertEquals(res[0]["objectClass"][3], "user");
1115 self.assertEquals(res[0]["objectClass"][4], "computer");
1116 self.assertTrue("objectGUID" in res[0])
1117 self.assertTrue("whenCreated" in res[0])
1118 self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
1119 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
1120 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT);
1121 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
1122
1123 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
1124
1125 print "Testing attribute or value exists behaviour"
1126 try:
1127 ldb.modify_ldif("""
1128 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1129 changetype: modify
1130 replace: servicePrincipalName
1131 servicePrincipalName: host/ldaptest2computer
1132 servicePrincipalName: host/ldaptest2computer
1133 servicePrincipalName: cifs/ldaptest2computer
1134 """)
1135 self.fail()
1136 except LdbError, (num, msg):
1137 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1138
1139 ldb.modify_ldif("""
1140 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1141 changetype: modify
1142 replace: servicePrincipalName
1143 servicePrincipalName: host/ldaptest2computer
1144 servicePrincipalName: cifs/ldaptest2computer
1145 """)
1146 try:
1147 ldb.modify_ldif("""
1148 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1149 changetype: modify
1150 add: servicePrincipalName
1151 servicePrincipalName: host/ldaptest2computer
1152 """)
1153 self.fail()
1154 except LdbError, (num, msg):
1155 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1156
1157 print "Testing ranged results"
1158 ldb.modify_ldif("""
1159 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1160 changetype: modify
1161 replace: servicePrincipalName
1162 """)
1163
1164 ldb.modify_ldif("""
1165 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1166 changetype: modify
1167 add: servicePrincipalName
1168 servicePrincipalName: host/ldaptest2computer0
1169 servicePrincipalName: host/ldaptest2computer1
1170 servicePrincipalName: host/ldaptest2computer2
1171 servicePrincipalName: host/ldaptest2computer3
1172 servicePrincipalName: host/ldaptest2computer4
1173 servicePrincipalName: host/ldaptest2computer5
1174 servicePrincipalName: host/ldaptest2computer6
1175 servicePrincipalName: host/ldaptest2computer7
1176 servicePrincipalName: host/ldaptest2computer8
1177 servicePrincipalName: host/ldaptest2computer9
1178 servicePrincipalName: host/ldaptest2computer10
1179 servicePrincipalName: host/ldaptest2computer11
1180 servicePrincipalName: host/ldaptest2computer12
1181 servicePrincipalName: host/ldaptest2computer13
1182 servicePrincipalName: host/ldaptest2computer14
1183 servicePrincipalName: host/ldaptest2computer15
1184 servicePrincipalName: host/ldaptest2computer16
1185 servicePrincipalName: host/ldaptest2computer17
1186 servicePrincipalName: host/ldaptest2computer18
1187 servicePrincipalName: host/ldaptest2computer19
1188 servicePrincipalName: host/ldaptest2computer20
1189 servicePrincipalName: host/ldaptest2computer21
1190 servicePrincipalName: host/ldaptest2computer22
1191 servicePrincipalName: host/ldaptest2computer23
1192 servicePrincipalName: host/ldaptest2computer24
1193 servicePrincipalName: host/ldaptest2computer25
1194 servicePrincipalName: host/ldaptest2computer26
1195 servicePrincipalName: host/ldaptest2computer27
1196 servicePrincipalName: host/ldaptest2computer28
1197 servicePrincipalName: host/ldaptest2computer29
1198 """)
1199
1200 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
1201 attrs=["servicePrincipalName;range=0-*"])
1202 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1203 #print len(res[0]["servicePrincipalName;range=0-*"])
1204 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1205
1206 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
1207 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1208 # print res[0]["servicePrincipalName;range=0-19"].length
1209 self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
1210
1211
1212 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
1213 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1214 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1215
1216 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
1217 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1218 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1219
1220 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
1221 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1222 self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
1223
1224
1225 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
1226 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1227 self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
1228 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
1229
1230 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
1231 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1232 self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
1233 # print res[0]["servicePrincipalName;range=11-*"][18]
1234 # print pos_11
1235 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
1236
1237 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
1238 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1239 self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
1240 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
1241
1242 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
1243 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1244 # print res[0]["servicePrincipalName"][18]
1245 # print pos_11
1246 self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
1247 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
1248
1249 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1250 ldb.add({
1251 "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
1252 "objectClass": ["person", "user"],
1253 "cn": "LDAPtestUSER2",
1254 "givenname": "testy",
1255 "sn": "ldap user2"})
1256
1257 print "Testing Ambigious Name Resolution"
1258 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
1259 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
1260 self.assertEquals(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
1261
1262 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1263 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1264 self.assertEquals(len(res), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res))
1265
1266 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
1267 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
1268 self.assertEquals(len(res), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res))
1269
1270 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
1271 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
1272 self.assertEquals(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
1273
1274 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1275 self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1276 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1277
1278 # Testing ldb.search for (&(anr=testy)(objectClass=user))
1279 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
1280 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
1281
1282 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1283 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1284 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
1285
1286 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1287 # this test disabled for the moment, as anr with == tests are not understood
1288 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1289 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
1290
1291 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1292 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1293 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1294
1295 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1296 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1297 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
1298
1299 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1300 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1301 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1302
1303 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
1304 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
1305 self.assertEquals(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
1306
1307 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1308 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1309 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1310
1311 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
1312 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
1313 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
1314
1315 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1316 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1317 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1318
1319 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
1320 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
1321 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
1322
1323 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1324 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1325 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1326
1327 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
1328 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
1329 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
1330
1331 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
1332 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
1333 self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
1334
1335 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
1336 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
1337 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
1338
1339 print "Testing Renames"
1340
1341 attrs = ["objectGUID", "objectSid"]
1342 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1343 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1344 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1345
1346 # Check rename works with extended/alternate DN forms
1347 ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
1348
1349 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
1350 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
1351 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
1352
1353 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1354 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1355 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1356
1357 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
1358 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1359 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1360
1361 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1362 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1363 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1364
1365 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
1366 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1367 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1368
1369 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1370 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1371 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1372
1373 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
1374 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1375 self.assertEquals(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1376
1377 # This is a Samba special, and does not exist in real AD
1378 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1379 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1380 # if (res.error != 0 || len(res) != 1) {
1381 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1382 # self.assertEquals(len(res), 1)
1383 # }
1384 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1385 # self.assertEquals(res[0].cn, "ldaptestUSER3")
1386 # self.assertEquals(res[0].name, "ldaptestUSER3")
1387
1388 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1389 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1390 self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1391 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1392 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1393 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1394
1395 # ensure we cannot add it again
1396 try:
1397 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
1398 "objectClass": ["person", "user"],
1399 "cn": "LDAPtestUSER3"})
1400 self.fail()
1401 except LdbError, (num, _):
1402 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1403
1404 # rename back
1405 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1406
1407 # ensure we cannot rename it twice
1408 try:
1409 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn,
1410 "cn=ldaptestuser2,cn=users," + self.base_dn)
1411 self.fail()
1412 except LdbError, (num, _):
1413 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1414
1415 # ensure can now use that name
1416 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
1417 "objectClass": ["person", "user"],
1418 "cn": "LDAPtestUSER3"})
1419
1420 # ensure we now cannot rename
1421 try:
1422 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
1423 self.fail()
1424 except LdbError, (num, _):
1425 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1426 try:
1427 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
1428 self.fail()
1429 except LdbError, (num, _):
1430 self.assertTrue(num in (71, 64))
1431
1432 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
1433
1434 ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
1435
1436 self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1437
1438 ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1439
1440 print "Testing subtree renames"
1441
1442 ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn,
1443 "objectClass": "container"})
1444
1445 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn,
1446 "objectClass": ["person", "user"],
1447 "cn": "LDAPtestUSER4"})
1448
1449 ldb.modify_ldif("""
1450 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1451 changetype: modify
1452 add: member
1453 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
1454 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
1455 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
1456 """)
1457
1458 print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
1459 ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
1460
1461 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
1462 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
1463 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
1464
1465 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1466 try:
1467 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1468 expression="(&(cn=ldaptestuser4)(objectClass=user))",
1469 scope=SCOPE_SUBTREE)
1470 self.fail(res)
1471 except LdbError, (num, _):
1472 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1473
1474 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1475 try:
1476 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1477 expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
1478 self.fail()
1479 except LdbError, (num, _):
1480 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1481
1482 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
1483 res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
1484 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
1485
1486 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1487 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1488
1489 time.sleep(4)
1490
1491 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
1492 res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
1493 self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
1494
1495 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
1496 try:
1497 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
1498 self.fail()
1499 except LdbError, (num, _):
1500 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1501
1502 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
1503 try:
1504 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
1505 self.fail()
1506 except LdbError, (num, _):
1507 self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
1508
1509 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
1510 try:
1511 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1512 self.fail()
1513 except LdbError, (num, _):
1514 self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
1515
1516 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
1517 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1518 self.assertEquals(len(res), 1)
1519 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1520 self.assertEquals(len(res), 0)
1521
1522 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1523 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
1524 # FIXME: self.assertEquals(len(res), 0)
1525
1526 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1527 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
1528 # FIXME: self.assertEquals(len(res), 0)
1529
1530 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
1531 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1532 print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
1533 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1534
1535 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1536
1537 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1538
1539 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
1540 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
1541 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1542
1543 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1544 self.assertEquals(str(res[0]["cn"]), "ldaptestuser")
1545 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1546 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
1547 self.assertTrue("objectGUID" in res[0])
1548 self.assertTrue("whenCreated" in res[0])
1549 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
1550 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1551 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1552 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1553 self.assertEquals(len(res[0]["memberOf"]), 1)
1554
1555 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
1556 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1557 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1558
1559 self.assertEquals(res[0].dn, res2[0].dn)
1560
1561 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
1562 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1563 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
1564
1565 self.assertEquals(res[0].dn, res3[0].dn)
1566
1567 if gc_ldb is not None:
1568 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
1569 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1570 self.assertEquals(len(res3gc), 1)
1571
1572 self.assertEquals(res[0].dn, res3gc[0].dn)
1573
1574 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
1575
1576 if gc_ldb is not None:
1577 res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1578 self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
1579
1580 self.assertEquals(res[0].dn, res3control[0].dn)
1581
1582 ldb.delete(res[0].dn)
1583
1584 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
1585 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
1586 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1587
1588 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
1589 self.assertEquals(str(res[0]["cn"]), "ldaptestcomputer")
1590 self.assertEquals(str(res[0]["name"]), "ldaptestcomputer")
1591 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
1592 self.assertTrue("objectGUID" in res[0])
1593 self.assertTrue("whenCreated" in res[0])
1594 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
1595 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
1596 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1597 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1598 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1599 self.assertEquals(len(res[0]["memberOf"]), 1)
1600
1601 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
1602 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1603 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1604
1605 self.assertEquals(res[0].dn, res2[0].dn)
1606
1607 if gc_ldb is not None:
1608 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
1609 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1610 self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
1611
1612 self.assertEquals(res[0].dn, res2gc[0].dn)
1613
1614 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
1615 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1616 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1617
1618 self.assertEquals(res[0].dn, res3[0].dn)
1619
1620 if gc_ldb is not None:
1621 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
1622 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
1623 self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
1624
1625 self.assertEquals(res[0].dn, res3gc[0].dn)
1626
1627 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
1628 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
1629 self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
1630
1631 self.assertEquals(res[0].dn, res4[0].dn)
1632
1633 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
1634 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
1635 self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
1636
1637 self.assertEquals(res[0].dn, res5[0].dn)
1638
1639 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
1640 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
1641 self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
1642
1643 self.assertEquals(res[0].dn, res6[0].dn)
1644
1645 ldb.delete("<GUID=" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + ">")
1646
1647 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
1648 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
1649 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
1650
1651 self.assertEquals(str(res[0].dn), "CN=ldaptest2computer,CN=Computers," + self.base_dn)
1652 self.assertEquals(str(res[0]["cn"]), "ldaptest2computer")
1653 self.assertEquals(str(res[0]["name"]), "ldaptest2computer")
1654 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
1655 self.assertTrue("objectGUID" in res[0])
1656 self.assertTrue("whenCreated" in res[0])
1657 self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
1658 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
1659 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
1660
1661 ldb.delete("<SID=" + ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) + ">")
1662
1663 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
1664 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1665 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1666 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1667
1668 self.assertEquals(str(res_user[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1669 self.assertEquals(str(res_user[0]["cn"]), "ldaptestuser2")
1670 self.assertEquals(str(res_user[0]["name"]), "ldaptestuser2")
1671 self.assertEquals(list(res_user[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
1672 self.assertTrue("objectSid" in res_user[0])
1673 self.assertTrue("objectGUID" in res_user[0])
1674 self.assertTrue("whenCreated" in res_user[0])
1675 self.assertTrue("nTSecurityDescriptor" in res_user[0])
1676 self.assertTrue("allowedAttributes" in res_user[0])
1677 self.assertTrue("allowedAttributesEffective" in res_user[0])
1678 self.assertEquals(res_user[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1679
1680 ldaptestuser2_sid = res_user[0]["objectSid"][0]
1681 ldaptestuser2_guid = res_user[0]["objectGUID"][0]
1682
1683 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
1684 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
1685 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1686 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1687
1688 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1689 self.assertEquals(str(res[0]["cn"]), "ldaptestgroup2")
1690 self.assertEquals(str(res[0]["name"]), "ldaptestgroup2")
1691 self.assertEquals(list(res[0]["objectClass"]), ["top", "group"])
1692 self.assertTrue("objectGUID" in res[0])
1693 self.assertTrue("objectSid" in res[0])
1694 self.assertTrue("whenCreated" in res[0])
1695 self.assertTrue("nTSecurityDescriptor" in res[0])
1696 self.assertTrue("allowedAttributes" in res[0])
1697 self.assertTrue("allowedAttributesEffective" in res[0])
1698 memberUP = []
1699 for m in res[0]["member"]:
1700 memberUP.append(m.upper())
1701 self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
1702
1703 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn:1:1"])
1704 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1705
1706 print res[0]["member"]
1707 memberUP = []
1708 for m in res[0]["member"]:
1709 memberUP.append(m.upper())
1710 print ("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper()
1711
1712 self.assertTrue(("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
1713
1714 print "Testing Linked attribute behaviours"
1715 ldb.modify_ldif("""
1716 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1717 changetype: modify
1718 replace: member
1719 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
1720 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1721 """)
1722
1723 ldb.modify_ldif("""
1724 dn: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
1725 changetype: modify
1726 replace: member
1727 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1728 """)
1729
1730 ldb.modify_ldif("""
1731 dn: <SID=""" + ldb.schema_format_value("objectSid", res[0]["objectSid"][0]) + """>
1732 changetype: modify
1733 delete: member
1734 """)
1735
1736 ldb.modify_ldif("""
1737 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1738 changetype: modify
1739 add: member
1740 member: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
1741 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1742 """)
1743
1744 ldb.modify_ldif("""
1745 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1746 changetype: modify
1747 replace: member
1748 """)
1749
1750 ldb.modify_ldif("""
1751 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1752 changetype: modify
1753 add: member
1754 member: <SID=""" + ldb.schema_format_value("objectSid", res_user[0]["objectSid"][0]) + """>
1755 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1756 """)
1757
1758 ldb.modify_ldif("""
1759 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1760 changetype: modify
1761 delete: member
1762 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
1763 """)
1764
1765 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1766 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
1767
1768 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1769 self.assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1770 self.assertEquals(len(res[0]["member"]), 1)
1771
1772 ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
1773
1774 time.sleep(4)
1775
1776 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
1777 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
1778 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
1779 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
1780
1781 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1782 self.assertTrue("member" not in res[0])
1783
1784 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
1785 # TODO UTF8 users don't seem to work fully anymore
1786 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1787 res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))")
1788 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1789
1790 self.assertEquals(str(res[0].dn), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
1791 self.assertEquals(str(res[0]["cn"]), "ldaptestutf8user èùéìòà")
1792 self.assertEquals(str(res[0]["name"]), "ldaptestutf8user èùéìòà")
1793 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
1794 self.assertTrue("objectGUID" in res[0])
1795 self.assertTrue("whenCreated" in res[0])
1796
1797 ldb.delete(res[0].dn)
1798
1799 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
1800 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
1801 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
1802
1803 ldb.delete(res[0].dn)
1804
1805 ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
1806
1807 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
1808 # TODO UTF8 users don't seem to work fully anymore
1809 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1810 # self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1811
1812 print "Testing that we can't get at the configuration DN from the main search base"
1813 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1814 self.assertEquals(len(res), 0)
1815
1816 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
1817 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1818 self.assertTrue(len(res) > 0)
1819
1820 if gc_ldb is not None:
1821 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
1822
1823 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
1824 self.assertTrue(len(res) > 0)
1825
1826 print "Testing that we do find configuration elements in the global catlog"
1827 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1828 self.assertTrue(len(res) > 0)
1829
1830 print "Testing that we do find configuration elements and user elements at the same time"
1831 res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
1832 self.assertTrue(len(res) > 0)
1833
1834 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
1835 res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1836 self.assertTrue(len(res) > 0)
1837
1838 print "Testing that we can get at the configuration DN on the main LDAP port"
1839 res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
1840 self.assertTrue(len(res) > 0)
1841
1842 print "Testing objectCategory canonacolisation"
1843 res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
1844 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
1845 self.assertTrue(len(res) != 0)
1846
1847 res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
1848 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
1849 self.assertTrue(len(res) != 0)
1850
1851 print "Testing objectClass attribute order on "+ self.base_dn
1852 res = ldb.search(expression="objectClass=domain", base=self.base_dn,
1853 scope=SCOPE_BASE, attrs=["objectClass"])
1854 self.assertEquals(len(res), 1)
1855
1856 self.assertEquals(list(res[0]["objectClass"]), ["top", "domain", "domainDNS"])
1857
1858 # check enumeration
1859
1860 print "Testing ldb.search for objectCategory=person"
1861 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
1862 self.assertTrue(len(res) > 0)
1863
1864 print "Testing ldb.search for objectCategory=person with domain scope control"
1865 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1866 self.assertTrue(len(res) > 0)
1867
1868 print "Testing ldb.search for objectCategory=user"
1869 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
1870 self.assertTrue(len(res) > 0)
1871
1872 print "Testing ldb.search for objectCategory=user with domain scope control"
1873 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1874 self.assertTrue(len(res) > 0)
1875
1876 print "Testing ldb.search for objectCategory=group"
1877 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
1878 self.assertTrue(len(res) > 0)
1879
1880 print "Testing ldb.search for objectCategory=group with domain scope control"
1881 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
1882 self.assertTrue(len(res) > 0)
1883
1884 print "Testing creating a user with the posixAccount objectClass"
1885 self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
1886 objectClass: top
1887 objectClass: person
1888 objectClass: posixAccount
1889 objectClass: user
1890 objectClass: organizationalPerson
1891 cn: posixuser
1892 uid: posixuser
1893 sn: posixuser
1894 uidNumber: 10126
1895 gidNumber: 10126
1896 homeDirectory: /home/posixuser
1897 loginShell: /bin/bash
1898 gecos: Posix User;;;
1899 description: A POSIX user"""% (self.base_dn))
1900
1901 print "Testing removing the posixAccount objectClass from an existing user"
1902 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1903 changetype: modify
1904 delete: objectClass
1905 objectClass: posixAccount"""% (self.base_dn))
1906
1907 print "Testing adding the posixAccount objectClass to an existing user"
1908 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
1909 changetype: modify
1910 add: objectClass
1911 objectClass: posixAccount"""% (self.base_dn))
1912
1913 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
1914 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1915 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1916 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
1917 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
1918 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
1919 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1920 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1921 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1922 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
1923 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
1924 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
1925 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
1926 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
1927 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
1928 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
1929
1930 def test_security_descriptor_add(self):
1931 """ Testing ldb.add_ldif() for nTSecurityDescriptor """
1932 user_name = "testdescriptoruser1"
1933 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1934 #
1935 # Test add_ldif() with SDDL security descriptor input
1936 #
1937 self.delete_force(self.ldb, user_dn)
1938 try:
1939 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1940 self.ldb.add_ldif("""
1941 dn: """ + user_dn + """
1942 objectclass: user
1943 sAMAccountName: """ + user_name + """
1944 nTSecurityDescriptor: """ + sddl)
1945 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1946 desc = res[0]["nTSecurityDescriptor"][0]
1947 desc = ndr_unpack( security.descriptor, desc )
1948 desc_sddl = desc.as_sddl( self.domain_sid )
1949 self.assertEqual(desc_sddl, sddl)
1950 finally:
1951 self.delete_force(self.ldb, user_dn)
1952 #
1953 # Test add_ldif() with BASE64 security descriptor
1954 #
1955 try:
1956 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1957 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
1958 desc_binary = ndr_pack(desc)
1959 desc_base64 = base64.b64encode(desc_binary)
1960 self.ldb.add_ldif("""
1961 dn: """ + user_dn + """
1962 objectclass: user
1963 sAMAccountName: """ + user_name + """
1964 nTSecurityDescriptor:: """ + desc_base64)
1965 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1966 desc = res[0]["nTSecurityDescriptor"][0]
1967 desc = ndr_unpack(security.descriptor, desc)
1968 desc_sddl = desc.as_sddl(self.domain_sid)
1969 self.assertEqual(desc_sddl, sddl)
1970 finally:
1971 self.delete_force(self.ldb, user_dn)
1972
1973 def test_security_descriptor_add_neg(self):
1974 """Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
1975 Negative test
1976 """
1977 user_name = "testdescriptoruser1"
1978 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1979 self.delete_force(self.ldb, user_dn)
1980 try:
1981 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
1982 desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
1983 desc_base64 = base64.b64encode( ndr_pack(desc) )
1984 self.ldb.add_ldif("""
1985 dn: """ + user_dn + """
1986 objectclass: user
1987 sAMAccountName: """ + user_name + """
1988 nTSecurityDescriptor:: """ + desc_base64)
1989 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
1990 self.assertTrue("nTSecurityDescriptor" in res[0])
1991 finally:
1992 self.delete_force(self.ldb, user_dn)
1993
1994 def test_security_descriptor_modify(self):
1995 """ Testing ldb.modify_ldif() for nTSecurityDescriptor """
1996 user_name = "testdescriptoruser2"
1997 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
1998 #
1999 # Delete user object and test modify_ldif() with SDDL security descriptor input
2000 # Add ACE to the original descriptor test
2001 #
2002 try:
2003 self.delete_force(self.ldb, user_dn)
2004 self.ldb.add_ldif("""
2005 dn: """ + user_dn + """
2006 objectclass: user
2007 sAMAccountName: """ + user_name)
2008 # Modify descriptor
2009 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2010 desc = res[0]["nTSecurityDescriptor"][0]
2011 desc = ndr_unpack(security.descriptor, desc)
2012 desc_sddl = desc.as_sddl(self.domain_sid)
2013 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
2014 mod = """
2015 dn: """ + user_dn + """
2016 changetype: modify
2017 replace: nTSecurityDescriptor
2018 nTSecurityDescriptor: """ + sddl
2019 self.ldb.modify_ldif(mod)
2020 # Read modified descriptor
2021 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2022 desc = res[0]["nTSecurityDescriptor"][0]
2023 desc = ndr_unpack(security.descriptor, desc)
2024 desc_sddl = desc.as_sddl(self.domain_sid)
2025 self.assertEqual(desc_sddl, sddl)
2026 finally:
2027 self.delete_force(self.ldb, user_dn)
2028 #
2029 # Test modify_ldif() with SDDL security descriptor input
2030 # New desctiptor test
2031 #
2032 try:
2033 self.ldb.add_ldif("""
2034 dn: """ + user_dn + """
2035 objectclass: user
2036 sAMAccountName: """ + user_name)
2037 # Modify descriptor
2038 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2039 mod = """
2040 dn: """ + user_dn + """
2041 changetype: modify
2042 replace: nTSecurityDescriptor
2043 nTSecurityDescriptor: """ + sddl
2044 self.ldb.modify_ldif(mod)
2045 # Read modified descriptor
2046 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2047 desc = res[0]["nTSecurityDescriptor"][0]
2048 desc = ndr_unpack(security.descriptor, desc)
2049 desc_sddl = desc.as_sddl(self.domain_sid)
2050 self.assertEqual(desc_sddl, sddl)
2051 finally:
2052 self.delete_force(self.ldb, user_dn)
2053 #
2054 # Test modify_ldif() with BASE64 security descriptor input
2055 # Add ACE to the original descriptor test
2056 #
2057 try:
2058 self.ldb.add_ldif("""
2059 dn: """ + user_dn + """
2060 objectclass: user
2061 sAMAccountName: """ + user_name)
2062 # Modify descriptor
2063 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2064 desc = res[0]["nTSecurityDescriptor"][0]
2065 desc = ndr_unpack(security.descriptor, desc)
2066 desc_sddl = desc.as_sddl(self.domain_sid)
2067 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
2068 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2069 desc_base64 = base64.b64encode(ndr_pack(desc))
2070 mod = """
2071 dn: """ + user_dn + """
2072 changetype: modify
2073 replace: nTSecurityDescriptor
2074 nTSecurityDescriptor:: """ + desc_base64
2075 self.ldb.modify_ldif(mod)
2076 # Read modified descriptor
2077 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2078 desc = res[0]["nTSecurityDescriptor"][0]
2079 desc = ndr_unpack(security.descriptor, desc)
2080 desc_sddl = desc.as_sddl(self.domain_sid)
2081 self.assertEqual(desc_sddl, sddl)
2082 finally:
2083 self.delete_force(self.ldb, user_dn)
2084 #
2085 # Test modify_ldif() with BASE64 security descriptor input
2086 # New descriptor test
2087 #
2088 try:
2089 self.delete_force(self.ldb, user_dn)
2090 self.ldb.add_ldif("""
2091 dn: """ + user_dn + """
2092 objectclass: user
2093 sAMAccountName: """ + user_name)
2094 # Modify descriptor
2095 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2096 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2097 desc_base64 = base64.b64encode(ndr_pack(desc))
2098 mod = """
2099 dn: """ + user_dn + """
2100 changetype: modify
2101 replace: nTSecurityDescriptor
2102 nTSecurityDescriptor:: """ + desc_base64
2103 self.ldb.modify_ldif(mod)
2104 # Read modified descriptor
2105 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2106 desc = res[0]["nTSecurityDescriptor"][0]
2107 desc = ndr_unpack(security.descriptor, desc)
2108 desc_sddl = desc.as_sddl(self.domain_sid)
2109 self.assertEqual(desc_sddl, sddl)
2110 finally:
2111 self.delete_force(self.ldb, user_dn)
2112
2113 class BaseDnTests(unittest.TestCase):
2114 def setUp(self):
2115 self.ldb = ldb
2116
2117 def test_rootdse_attrs(self):
2118 """Testing for all rootDSE attributes"""
2119 res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
2120 self.assertEquals(len(res), 1)
2121
2122 def test_highestcommittedusn(self):
2123 """Testing for highestCommittedUSN"""
2124 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
2125 self.assertEquals(len(res), 1)
2126 self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
2127
2128 def test_netlogon(self):
2129 """Testing for netlogon via LDAP"""
2130 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
2131 self.assertEquals(len(res), 0)
2132
2133 def test_netlogon_highestcommitted_usn(self):
2134 """Testing for netlogon and highestCommittedUSN via LDAP"""
2135 res = self.ldb.search("", scope=SCOPE_BASE,
2136 attrs=["netlogon", "highestCommittedUSN"])
2137 self.assertEquals(len(res), 0)
2138
2139 def test_namingContexts(self):
2140 """Testing for namingContexts in rootDSE"""
2141 res = self.ldb.search("", scope=SCOPE_BASE,
2142 attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
2143 self.assertEquals(len(res), 1)
2144
2145 ncs = set([])
2146 for nc in res[0]["namingContexts"]:
2147 self.assertTrue(nc not in ncs)
2148 ncs.add(nc)
2149
2150 self.assertTrue(res[0]["defaultNamingContext"][0] in ncs)
2151 self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
2152 self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
2153
2154
2155 if not "://" in host:
2156 if os.path.isfile(host):
2157 host = "tdb://%s" % host
2158 else:
2159 host = "ldap://%s" % host
2160
2161 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
2162 if not "tdb://" in host:
2163 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
2164 session_info=system_session(), lp=lp)
2165 else:
2166 gc_ldb = None
2167
2168 runner = SubunitTestRunner()
2169 rc = 0
2170 if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful():
2171 rc = 1
2172 if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful():
2173 rc = 1
2174 sys.exit(rc)