2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
10 sys
.path
.append("bin/python")
11 sys
.path
.append("../lib/subunit/python")
13 import samba
.getopt
as options
15 from samba
.auth
import system_session
16 from ldb
import SCOPE_SUBTREE
, SCOPE_ONELEVEL
, SCOPE_BASE
, LdbError
17 from ldb
import ERR_NO_SUCH_OBJECT
, ERR_ATTRIBUTE_OR_VALUE_EXISTS
18 from ldb
import ERR_ENTRY_ALREADY_EXISTS
, ERR_UNWILLING_TO_PERFORM
19 from ldb
import ERR_NOT_ALLOWED_ON_NON_LEAF
, ERR_OTHER
, ERR_INVALID_DN_SYNTAX
20 from ldb
import Message
, Dn
22 from subunit
import SubunitTestRunner
23 from samba
import param
24 from samba
import glue
27 parser
= optparse
.OptionParser("ldap [options] <host>")
28 sambaopts
= options
.SambaOptions(parser
)
29 parser
.add_option_group(sambaopts
)
30 parser
.add_option_group(options
.VersionOptions(parser
))
31 # use command line creds if available
32 credopts
= options
.CredentialsOptions(parser
)
33 parser
.add_option_group(credopts
)
34 opts
, args
= parser
.parse_args()
42 lp
= sambaopts
.get_loadparm()
43 creds
= credopts
.get_credentials(lp
)
45 class BasicTests(unittest
.TestCase
):
46 def delete_force(self
, ldb
, dn
):
49 except LdbError
, (num
, _
):
50 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
52 def find_basedn(self
, ldb
):
53 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
,
54 attrs
=["defaultNamingContext"])
55 self
.assertEquals(len(res
), 1)
56 return res
[0]["defaultNamingContext"][0]
58 def find_configurationdn(self
, ldb
):
59 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["configurationNamingContext"])
60 self
.assertEquals(len(res
), 1)
61 return res
[0]["configurationNamingContext"][0]
63 def find_schemadn(self
, ldb
):
64 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["schemaNamingContext"])
65 self
.assertEquals(len(res
), 1)
66 return res
[0]["schemaNamingContext"][0]
71 self
.base_dn
= self
.find_basedn(ldb
)
72 self
.configuration_dn
= self
.find_configurationdn(ldb
)
73 self
.schema_dn
= self
.find_schemadn(ldb
)
75 print "baseDN: %s\n" % self
.base_dn
77 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
78 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
79 self
.delete_force(self
.ldb
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
80 self
.delete_force(self
.ldb
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
81 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
)
82 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
)
83 self
.delete_force(self
.ldb
, "cn=parentguidtest,cn=users," + self
.base_dn
)
84 self
.delete_force(self
.ldb
, "cn=parentguidtest,cn=testotherusers," + self
.base_dn
)
85 self
.delete_force(self
.ldb
, "cn=testotherusers," + self
.base_dn
)
87 def test_group_add_invalid_member(self
):
88 """Testing group add with invalid member"""
91 "dn": "cn=ldaptestgroup,cn=uSers," + self
.base_dn
,
92 "objectclass": "group",
93 "member": "cn=ldaptestuser,cn=useRs," + self
.base_dn
})
95 except LdbError
, (num
, _
):
96 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
98 def test_parentGUID(self
):
99 """Test parentGUID behaviour"""
100 print "Testing parentGUID behaviour\n"
103 "dn": "cn=parentguidtest,cn=users," + self
.base_dn
,
104 "objectclass":"user",
105 "samaccountname":"parentguidtest"});
106 res1
= ldb
.search(base
="cn=parentguidtest,cn=users," + self
.base_dn
, scope
=SCOPE_BASE
,
107 attrs
=["parentGUID"]);
108 res2
= ldb
.search(base
="cn=users," + self
.base_dn
,scope
=SCOPE_BASE
,
109 attrs
=["objectGUID"]);
110 self
.assertEquals(res1
[0]["parentGUID"], res2
[0]["objectGUID"]);
112 """Test parentGUID behaviour"""
113 print "Testing parentGUID behaviour on rename\n"
116 "dn": "cn=testotherusers," + self
.base_dn
,
117 "objectclass":"container"});
118 res1
= ldb
.search(base
="cn=testotherusers," + self
.base_dn
,scope
=SCOPE_BASE
,
119 attrs
=["objectGUID"]);
120 ldb
.rename("cn=parentguidtest,cn=users," + self
.base_dn
,
121 "cn=parentguidtest,cn=testotherusers," + self
.base_dn
);
122 res2
= ldb
.search(base
="cn=parentguidtest,cn=testotherusers," + self
.base_dn
,
124 attrs
=["parentGUID"]);
125 self
.assertEquals(res1
[0]["objectGUID"], res2
[0]["parentGUID"]);
126 ldb
.delete("cn=parentguidtest,cn=testotherusers," + self
.base_dn
)
127 ldb
.delete("cn=testotherusers," + self
.base_dn
)
129 def test_groupType(self
):
130 """Test groupType behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
131 print "Testing groupType behaviour\n"
133 res1
= ldb
.search(base
=self
.base_dn
, scope
=SCOPE_SUBTREE
,
134 attrs
=["groupType"], expression
="groupType=2147483653");
136 res2
= ldb
.search(base
=self
.base_dn
, scope
=SCOPE_SUBTREE
,
137 attrs
=["groupType"], expression
="groupType=-2147483643");
139 self
.assertEquals(len(res1
), len(res2
))
141 self
.assertTrue(res1
.count
> 0)
143 self
.assertEquals(res1
[0]["groupType"][0], "-2147483643")
145 def test_primary_group_token(self
):
146 """Test the primary group token behaviour (hidden-generated-readonly attribute on groups)"""
147 print "Testing primary group token behaviour\n"
150 "dn": "cn=ldaptestuser,cn=uSers," + self
.base_dn
,
151 "objectclass": ["user", "person"],
152 "cN": "LDAPtestUSER",
157 "dn": "cn=ldaptestgroup,cn=uSers," + self
.base_dn
,
158 "objectclass": "group",
159 "member": "cn=ldaptestuser,cn=useRs," + self
.base_dn
})
161 res1
= ldb
.search("cn=ldaptestuser, cn=users," + self
.base_dn
,
162 scope
=SCOPE_BASE
, attrs
=["primaryGroupToken"])
163 self
.assertTrue(len(res1
) == 1)
164 self
.assertFalse("primaryGroupToken" in res1
[0])
166 res1
= ldb
.search("cn=ldaptestgroup,cn=users," + self
.base_dn
,
168 self
.assertTrue(len(res1
) == 1)
169 self
.assertFalse("primaryGroupToken" in res1
[0])
171 res1
= ldb
.search("cn=ldaptestgroup,cn=users," + self
.base_dn
,
172 scope
=SCOPE_BASE
, attrs
=["primaryGroupToken", "objectSID"])
173 self
.assertTrue(len(res1
) == 1)
174 primary_group_token
= int(res1
[0]["primaryGroupToken"][0])
176 rid
= glue
.dom_sid_to_rid(ldb
.schema_format_value("objectSID", res1
[0]["objectSID"][0]))
177 self
.assertEquals(primary_group_token
, rid
)
179 # Has to wait until we support read-only generated attributes correctly
181 # m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
182 # m["primaryGroupToken"] = "100"
186 # except LdbError, (num, msg):
189 self
.delete_force(self
.ldb
, "cn=ldaptestgroup,cn=users," + self
.base_dn
)
190 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
195 self
.delete_force(self
.ldb
, "cn=ldaptestuser,cn=users," + self
.base_dn
)
197 print "Testing user add"
199 "dn": "cn=ldaptestuser,cn=uSers," + self
.base_dn
,
200 "objectclass": ["user", "person"],
201 "cN": "LDAPtestUSER",
206 "dn": "cn=ldaptestgroup,cn=uSers," + self
.base_dn
,
207 "objectclass": "group",
208 "member": "cn=ldaptestuser,cn=useRs," + self
.base_dn
})
210 self
.delete_force(ldb
, "cn=ldaptestcomputer,cn=computers," + self
.base_dn
)
212 "dn": "cn=ldaptestcomputer,cn=computers," + self
.base_dn
,
213 "objectclass": "computer",
214 "cN": "LDAPtestCOMPUTER"})
216 self
.delete_force(self
.ldb
, "cn=ldaptest2computer,cn=computers," + self
.base_dn
)
217 ldb
.add({"dn": "cn=ldaptest2computer,cn=computers," + self
.base_dn
,
218 "objectClass": "computer",
219 "cn": "LDAPtest2COMPUTER",
220 "userAccountControl": "4096",
221 "displayname": "ldap testy"})
223 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
225 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
226 "objectClass": "computer",
227 "cn": "LDAPtest2COMPUTER"
230 except LdbError
, (num
, _
):
231 self
.assertEquals(num
, ERR_INVALID_DN_SYNTAX
)
233 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
235 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
236 "objectClass": "computer",
237 "cn": "ldaptestcomputer3",
238 "sAMAccountType": "805306368"
241 except LdbError
, (num
, _
):
242 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
244 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
246 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
247 "objectClass": "computer",
248 "cn": "ldaptestcomputer3",
249 "userAccountControl": "0"
252 except LdbError
, (num
, _
):
253 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
255 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
257 ldb
.add({"dn": "cn=ldaptestuser7,cn=users," + self
.base_dn
,
258 "objectClass": "user",
259 "cn": "LDAPtestuser7",
260 "userAccountControl": "0"
263 except LdbError
, (num
, _
):
264 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
266 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
268 ldb
.add({"dn": "cn=ldaptestuser7,cn=users," + self
.base_dn
,
269 "objectClass": "user",
270 "cn": "LDAPtestuser7",
271 "userAccountControl": "2"
274 self
.delete_force(self
.ldb
, "cn=ldaptestuser7,cn=users," + self
.base_dn
)
276 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
277 ldb
.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
,
278 "objectClass": "computer",
279 "cn": "LDAPtestCOMPUTER3"
282 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
283 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestcomputer3)(objectClass=user))");
284 self
.assertEquals(len(res
), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res
))
286 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestcomputer3,CN=Computers," + self
.base_dn
));
287 self
.assertEquals(res
[0]["cn"][0], "ldaptestcomputer3");
288 self
.assertEquals(res
[0]["name"][0], "ldaptestcomputer3");
289 self
.assertEquals(res
[0]["objectClass"][0], "top");
290 self
.assertEquals(res
[0]["objectClass"][1], "person");
291 self
.assertEquals(res
[0]["objectClass"][2], "organizationalPerson");
292 self
.assertEquals(res
[0]["objectClass"][3], "user");
293 self
.assertEquals(res
[0]["objectClass"][4], "computer");
294 self
.assertTrue("objectGUID" in res
[0])
295 self
.assertTrue("whenCreated" in res
[0])
296 self
.assertEquals(res
[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
));
297 self
.assertEquals(int(res
[0]["primaryGroupID"][0]), 513);
298 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368);
299 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546);
301 self
.delete_force(self
.ldb
, "cn=ldaptestcomputer3,cn=computers," + self
.base_dn
)
303 print "Testing attribute or value exists behaviour"
306 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
308 replace: servicePrincipalName
309 servicePrincipalName: host/ldaptest2computer
310 servicePrincipalName: host/ldaptest2computer
311 servicePrincipalName: cifs/ldaptest2computer
314 except LdbError
, (num
, msg
):
315 self
.assertEquals(num
, ERR_ATTRIBUTE_OR_VALUE_EXISTS
)
318 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
320 replace: servicePrincipalName
321 servicePrincipalName: host/ldaptest2computer
322 servicePrincipalName: cifs/ldaptest2computer
326 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
328 add: servicePrincipalName
329 servicePrincipalName: host/ldaptest2computer
332 except LdbError
, (num
, msg
):
333 self
.assertEquals(num
, ERR_ATTRIBUTE_OR_VALUE_EXISTS
)
335 print "Testing ranged results"
337 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
339 replace: servicePrincipalName
343 dn: cn=ldaptest2computer,cn=computers,""" + self
.base_dn
+ """
345 add: servicePrincipalName
346 servicePrincipalName: host/ldaptest2computer0
347 servicePrincipalName: host/ldaptest2computer1
348 servicePrincipalName: host/ldaptest2computer2
349 servicePrincipalName: host/ldaptest2computer3
350 servicePrincipalName: host/ldaptest2computer4
351 servicePrincipalName: host/ldaptest2computer5
352 servicePrincipalName: host/ldaptest2computer6
353 servicePrincipalName: host/ldaptest2computer7
354 servicePrincipalName: host/ldaptest2computer8
355 servicePrincipalName: host/ldaptest2computer9
356 servicePrincipalName: host/ldaptest2computer10
357 servicePrincipalName: host/ldaptest2computer11
358 servicePrincipalName: host/ldaptest2computer12
359 servicePrincipalName: host/ldaptest2computer13
360 servicePrincipalName: host/ldaptest2computer14
361 servicePrincipalName: host/ldaptest2computer15
362 servicePrincipalName: host/ldaptest2computer16
363 servicePrincipalName: host/ldaptest2computer17
364 servicePrincipalName: host/ldaptest2computer18
365 servicePrincipalName: host/ldaptest2computer19
366 servicePrincipalName: host/ldaptest2computer20
367 servicePrincipalName: host/ldaptest2computer21
368 servicePrincipalName: host/ldaptest2computer22
369 servicePrincipalName: host/ldaptest2computer23
370 servicePrincipalName: host/ldaptest2computer24
371 servicePrincipalName: host/ldaptest2computer25
372 servicePrincipalName: host/ldaptest2computer26
373 servicePrincipalName: host/ldaptest2computer27
374 servicePrincipalName: host/ldaptest2computer28
375 servicePrincipalName: host/ldaptest2computer29
378 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
,
379 attrs
=["servicePrincipalName;range=0-*"])
380 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
381 #print len(res[0]["servicePrincipalName;range=0-*"])
382 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
384 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-19"])
385 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
386 # print res[0]["servicePrincipalName;range=0-19"].length
387 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-19"]), 20)
390 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-30"])
391 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
392 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
394 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=0-40"])
395 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
396 self
.assertEquals(len(res
[0]["servicePrincipalName;range=0-*"]), 30)
398 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=30-40"])
399 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
400 self
.assertEquals(len(res
[0]["servicePrincipalName;range=30-*"]), 0)
403 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=10-40"])
404 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
405 self
.assertEquals(len(res
[0]["servicePrincipalName;range=10-*"]), 20)
406 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
408 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=11-40"])
409 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
410 self
.assertEquals(len(res
[0]["servicePrincipalName;range=11-*"]), 19)
411 # print res[0]["servicePrincipalName;range=11-*"][18]
413 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
415 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName;range=11-15"])
416 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
417 self
.assertEquals(len(res
[0]["servicePrincipalName;range=11-15"]), 5)
418 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
420 res
= ldb
.search(self
.base_dn
, expression
="(cn=ldaptest2computer))", scope
=SCOPE_SUBTREE
, attrs
=["servicePrincipalName"])
421 self
.assertEquals(len(res
), 1, "Could not find (cn=ldaptest2computer)")
422 # print res[0]["servicePrincipalName"][18]
424 self
.assertEquals(len(res
[0]["servicePrincipalName"]), 30)
425 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
427 self
.delete_force(self
.ldb
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
429 "dn": "cn=ldaptestuser2,cn=useRs," + self
.base_dn
,
430 "objectClass": ["person", "user"],
431 "cn": "LDAPtestUSER2",
432 "givenname": "testy",
435 print "Testing Ambigious Name Resolution"
436 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
437 res
= ldb
.search(expression
="(&(anr=ldap testy)(objectClass=user))")
438 self
.assertEquals(len(res
), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res
))
440 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
441 res
= ldb
.search(expression
="(&(anr=testy ldap)(objectClass=user))")
442 self
.assertEquals(len(res
), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res
))
444 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
445 res
= ldb
.search(expression
="(&(anr=ldap)(objectClass=user))")
446 self
.assertEquals(len(res
), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res
))
448 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
449 res
= ldb
.search(expression
="(&(anr==ldap)(objectClass=user))")
450 self
.assertEquals(len(res
), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res
))
452 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
453 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
454 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser")
456 # Testing ldb.search for (&(anr=testy)(objectClass=user))
457 res
= ldb
.search(expression
="(&(anr=testy)(objectClass=user))")
458 self
.assertEquals(len(res
), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res
))
460 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
461 res
= ldb
.search(expression
="(&(anr=testy ldap)(objectClass=user))")
462 self
.assertEquals(len(res
), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res
))
464 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
465 # this test disabled for the moment, as anr with == tests are not understood
466 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
467 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
469 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
470 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
471 self
.assertEquals(res
[0]["name"][0], "ldaptestuser")
473 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
474 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
475 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
477 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
478 self
.assertEquals(res
[0]["cn"][0], "ldaptestuser")
479 self
.assertEquals(res
[0]["name"][0], "ldaptestuser")
481 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
482 res
= ldb
.search(expression
="(&(anr=testy ldap user)(objectClass=user))")
483 self
.assertEquals(len(res
), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
485 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
486 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser2")
487 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser2")
489 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
490 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
491 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
493 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
494 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser2")
495 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser2")
497 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
498 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
499 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
501 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
502 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser2")
503 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser2")
505 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
506 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
507 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
509 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
510 res
= ldb
.search(expression
="(&(anr=not ldap user2)(objectClass=user))")
511 self
.assertEquals(len(res
), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
513 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
514 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
515 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
517 print "Testing Group Modifies"
519 dn: cn=ldaptestgroup,cn=users,""" + self
.base_dn
+ """
522 member: cn=ldaptestuser2,cn=users,""" + self
.base_dn
+ """
523 member: cn=ldaptestcomputer,cn=computers,""" + self
.base_dn
+ """
526 self
.delete_force(ldb
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
528 print "Testing adding non-existent user to a group"
531 dn: cn=ldaptestgroup,cn=users,""" + self
.base_dn
+ """
534 member: cn=ldaptestuser3,cn=users,""" + self
.base_dn
+ """
537 except LdbError
, (num
, _
):
538 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
540 print "Testing Renames"
542 attrs
= ["objectGUID", "objectSid"]
543 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
544 res_user
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestUSer2)(objectClass=user))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
545 self
.assertEquals(len(res_user
), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
547 #Check rename works with extended/alternate DN forms
548 ldb
.rename("<SID=" + ldb
.schema_format_value("objectSID", res_user
[0]["objectSID"][0]) + ">" , "cn=ldaptestuser3,cn=users," + self
.base_dn
)
550 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
552 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestUSER3,cn=users," + self
.base_dn
)
554 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
555 res
= ldb
.search(expression
="(&(cn=ldaptestuser3)(objectClass=user))")
556 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
558 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
559 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
560 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
562 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
563 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
564 self
.assertEquals(len(res
), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
566 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
567 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
568 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
570 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
571 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
572 self
.assertEquals(len(res
), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
574 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
575 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
576 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
578 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
579 res
= ldb
.search(expression
="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
580 self
.assertEquals(len(res
), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
582 # This is a Samba special, and does not exist in real AD
583 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
584 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
585 # if (res.error != 0 || len(res) != 1) {
586 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
587 # self.assertEquals(len(res), 1)
589 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
590 # self.assertEquals(res[0].cn, "ldaptestUSER3")
591 # self.assertEquals(res[0].name, "ldaptestUSER3")
593 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")"
594 res
= ldb
.search(expression
="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")")
595 self
.assertEquals(len(res
), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self
.base_dn
+ ")")
596 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestUSER3,CN=Users," + self
.base_dn
))
597 self
.assertEquals(str(res
[0]["cn"]), "ldaptestUSER3")
598 self
.assertEquals(str(res
[0]["name"]), "ldaptestUSER3")
600 # ensure we cannot add it again
602 ldb
.add({"dn": "cn=ldaptestuser3,cn=userS," + self
.base_dn
,
603 "objectClass": ["person", "user"],
604 "cn": "LDAPtestUSER3"})
606 except LdbError
, (num
, _
):
607 self
.assertEquals(num
, ERR_ENTRY_ALREADY_EXISTS
)
610 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser2,cn=users," + self
.base_dn
)
612 # ensure we cannnot rename it twice
614 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
,
615 "cn=ldaptestuser2,cn=users," + self
.base_dn
)
617 except LdbError
, (num
, _
):
618 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
620 # ensure can now use that name
621 ldb
.add({"dn": "cn=ldaptestuser3,cn=users," + self
.base_dn
,
622 "objectClass": ["person", "user"],
623 "cn": "LDAPtestUSER3"})
625 # ensure we now cannnot rename
627 ldb
.rename("cn=ldaptestuser2,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=users," + self
.base_dn
)
629 except LdbError
, (num
, _
):
630 self
.assertEquals(num
, ERR_ENTRY_ALREADY_EXISTS
)
632 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser3,cn=configuration," + self
.base_dn
)
634 except LdbError
, (num
, _
):
635 self
.assertTrue(num
in (71, 64))
637 ldb
.rename("cn=ldaptestuser3,cn=users," + self
.base_dn
, "cn=ldaptestuser5,cn=users," + self
.base_dn
)
639 ldb
.delete("cn=ldaptestuser5,cn=users," + self
.base_dn
)
641 self
.delete_force(ldb
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
643 ldb
.rename("cn=ldaptestgroup,cn=users," + self
.base_dn
, "cn=ldaptestgroup2,cn=users," + self
.base_dn
)
645 print "Testing subtree Renames"
647 ldb
.add({"dn": "cn=ldaptestcontainer," + self
.base_dn
,
648 "objectClass": "container"})
650 self
.delete_force(self
.ldb
, "cn=ldaptestuser4,cn=ldaptestcontainer," + self
.base_dn
)
651 ldb
.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self
.base_dn
,
652 "objectClass": ["person", "user"],
653 "cn": "LDAPtestUSER4"})
656 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
659 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self
.base_dn
+ """
662 print "Testing ldb.rename of cn=ldaptestcontainer," + self
.base_dn
+ " to cn=ldaptestcontainer2," + self
.base_dn
663 ldb
.rename("CN=ldaptestcontainer," + self
.base_dn
, "CN=ldaptestcontainer2," + self
.base_dn
)
665 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
666 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))")
667 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
669 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self
.base_dn
671 res
= ldb
.search("cn=ldaptestcontainer," + self
.base_dn
,
672 expression
="(&(cn=ldaptestuser4)(objectClass=user))",
675 except LdbError
, (num
, _
):
676 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
678 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self
.base_dn
680 res
= ldb
.search("cn=ldaptestcontainer," + self
.base_dn
,
681 expression
="(&(cn=ldaptestuser4)(objectClass=user))", scope
=SCOPE_ONELEVEL
)
683 except LdbError
, (num
, _
):
684 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
686 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
687 res
= ldb
.search("cn=ldaptestcontainer2," + self
.base_dn
, expression
="(&(cn=ldaptestuser4)(objectClass=user))", scope
=SCOPE_SUBTREE
)
688 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self
.base_dn
)
690 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
))
691 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
695 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group)) to check subtree renames and linked attributes"
696 res
= ldb
.search(self
.base_dn
, expression
="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group))", scope
=SCOPE_SUBTREE
)
697 self
.assertEquals(len(res
), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
+ ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
699 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self
.base_dn
+ " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self
.base_dn
701 ldb
.rename("cn=ldaptestcontainer2," + self
.base_dn
, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self
.base_dn
)
703 except LdbError
, (num
, _
):
704 self
.assertEquals(num
, ERR_UNWILLING_TO_PERFORM
)
706 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self
.base_dn
+ " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self
.base_dn
708 ldb
.rename("cn=ldaptestcontainer2," + self
.base_dn
, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self
.base_dn
)
710 except LdbError
, (num
, _
):
711 self
.assertTrue(num
in (ERR_UNWILLING_TO_PERFORM
, ERR_OTHER
))
713 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self
.base_dn
715 ldb
.delete("cn=ldaptestcontainer2," + self
.base_dn
)
717 except LdbError
, (num
, _
):
718 self
.assertEquals(num
, ERR_NOT_ALLOWED_ON_NON_LEAF
)
720 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
721 res
= ldb
.search(expression
="(objectclass=*)", base
=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_BASE
)
722 self
.assertEquals(len(res
), 1)
723 res
= ldb
.search(expression
="(cn=ldaptestuser40)", base
=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_BASE
)
724 self
.assertEquals(len(res
), 0)
726 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self
.base_dn
727 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))", base
=("cn=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_ONELEVEL
)
728 # FIXME: self.assertEquals(len(res), 0)
730 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self
.base_dn
731 res
= ldb
.search(expression
="(&(cn=ldaptestuser4)(objectClass=user))", base
=("cn=ldaptestcontainer2," + self
.base_dn
), scope
=SCOPE_SUBTREE
)
732 # FIXME: self.assertEquals(len(res), 0)
734 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
)
735 ldb
.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self
.base_dn
))
736 print "Testing delete of renamed cn=ldaptestcontainer2," + self
.base_dn
737 ldb
.delete("cn=ldaptestcontainer2," + self
.base_dn
)
739 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
)
740 ldb
.add({"dn": "cn=ldaptestutf8user èùéìòà ,cn=users," + self
.base_dn
, "objectClass": "user"})
742 self
.delete_force(self
.ldb
, "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
)
743 ldb
.add({"dn": "cn=ldaptestutf8user2 èùéìòà ,cn=users," + self
.base_dn
, "objectClass": "user"})
745 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
746 res
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectClass=user))")
747 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
749 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestuser,CN=Users," + self
.base_dn
))
750 self
.assertEquals(str(res
[0]["cn"]), "ldaptestuser")
751 self
.assertEquals(str(res
[0]["name"]), "ldaptestuser")
752 self
.assertEquals(set(res
[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
753 self
.assertTrue("objectGUID" in res
[0])
754 self
.assertTrue("whenCreated" in res
[0])
755 self
.assertEquals(str(res
[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self
.base_dn
))
756 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368)
757 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546)
758 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
759 self
.assertEquals(len(res
[0]["memberOf"]), 1)
761 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))"
762 res2
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))")
763 self
.assertEquals(len(res2
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self
.base_dn
+ "))")
765 self
.assertEquals(res
[0].dn
, res2
[0].dn
)
767 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
768 res3
= ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))")
769 self
.assertEquals(len(res3
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3
))
771 self
.assertEquals(res
[0].dn
, res3
[0].dn
)
773 if gc_ldb
is not None:
774 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
775 res3gc
= gc_ldb
.search(expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))")
776 self
.assertEquals(len(res3gc
), 1)
778 self
.assertEquals(res
[0].dn
, res3gc
[0].dn
)
780 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
782 res3control
= gc_ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:2"])
783 self
.assertEquals(len(res3control
), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
785 self
.assertEquals(res
[0].dn
, res3control
[0].dn
)
787 ldb
.delete(res
[0].dn
)
789 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
790 res
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectClass=user))")
791 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
793 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestcomputer,CN=Computers," + self
.base_dn
))
794 self
.assertEquals(str(res
[0]["cn"]), "ldaptestcomputer")
795 self
.assertEquals(str(res
[0]["name"]), "ldaptestcomputer")
796 self
.assertEquals(set(res
[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
797 self
.assertTrue("objectGUID" in res
[0])
798 self
.assertTrue("whenCreated" in res
[0])
799 self
.assertEquals(str(res
[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
))
800 self
.assertEquals(int(res
[0]["primaryGroupID"][0]), 513)
801 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306368)
802 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 546)
803 self
.assertEquals(res
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
804 self
.assertEquals(len(res
[0]["memberOf"]), 1)
806 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))"
807 res2
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
808 self
.assertEquals(len(res2
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
810 self
.assertEquals(res
[0].dn
, res2
[0].dn
)
812 if gc_ldb
is not None:
813 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ ")) in Global Catlog"
814 res2gc
= gc_ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ "))")
815 self
.assertEquals(len(res2gc
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self
.base_dn
+ ")) in Global Catlog")
817 self
.assertEquals(res
[0].dn
, res2gc
[0].dn
)
819 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
820 res3
= ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
821 self
.assertEquals(len(res3
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
823 self
.assertEquals(res
[0].dn
, res3
[0].dn
)
825 if gc_ldb
is not None:
826 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
827 res3gc
= gc_ldb
.search(expression
="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
828 self
.assertEquals(len(res3gc
), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
830 self
.assertEquals(res
[0].dn
, res3gc
[0].dn
)
832 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
833 res4
= ldb
.search(expression
="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
834 self
.assertEquals(len(res4
), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
836 self
.assertEquals(res
[0].dn
, res4
[0].dn
)
838 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
839 res5
= ldb
.search(expression
="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
840 self
.assertEquals(len(res5
), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
842 self
.assertEquals(res
[0].dn
, res5
[0].dn
)
844 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
845 res6
= ldb
.search(expression
="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
846 self
.assertEquals(len(res6
), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
848 self
.assertEquals(res
[0].dn
, res6
[0].dn
)
850 ldb
.delete("<GUID=" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + ">")
852 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
853 res
= ldb
.search(expression
="(&(cn=ldaptest2computer)(objectClass=user))")
854 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
856 self
.assertEquals(str(res
[0].dn
), "CN=ldaptest2computer,CN=Computers," + self
.base_dn
)
857 self
.assertEquals(str(res
[0]["cn"]), "ldaptest2computer")
858 self
.assertEquals(str(res
[0]["name"]), "ldaptest2computer")
859 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
860 self
.assertTrue("objectGUID" in res
[0])
861 self
.assertTrue("whenCreated" in res
[0])
862 self
.assertEquals(res
[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self
.base_dn
)
863 self
.assertEquals(int(res
[0]["sAMAccountType"][0]), 805306369)
864 self
.assertEquals(int(res
[0]["userAccountControl"][0]), 4096)
866 ldb
.delete("<SID=" + ldb
.schema_format_value("objectSID", res
[0]["objectSID"][0]) + ">")
868 attrs
= ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
869 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
870 res_user
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestUSer2)(objectClass=user))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
871 self
.assertEquals(len(res_user
), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
873 self
.assertEquals(str(res_user
[0].dn
), ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
874 self
.assertEquals(str(res_user
[0]["cn"]), "ldaptestuser2")
875 self
.assertEquals(str(res_user
[0]["name"]), "ldaptestuser2")
876 self
.assertEquals(list(res_user
[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
877 self
.assertTrue("objectSid" in res_user
[0])
878 self
.assertTrue("objectGUID" in res_user
[0])
879 self
.assertTrue("whenCreated" in res_user
[0])
880 self
.assertTrue("nTSecurityDescriptor" in res_user
[0])
881 self
.assertTrue("allowedAttributes" in res_user
[0])
882 self
.assertTrue("allowedAttributesEffective" in res_user
[0])
883 self
.assertEquals(res_user
[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
).upper())
885 ldaptestuser2_sid
= res_user
[0]["objectSid"][0]
886 ldaptestuser2_guid
= res_user
[0]["objectGUID"][0]
888 attrs
= ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
889 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
890 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
891 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
893 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
894 self
.assertEquals(str(res
[0]["cn"]), "ldaptestgroup2")
895 self
.assertEquals(str(res
[0]["name"]), "ldaptestgroup2")
896 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "group"])
897 self
.assertTrue("objectGUID" in res
[0])
898 self
.assertTrue("objectSid" in res
[0])
899 self
.assertTrue("whenCreated" in res
[0])
900 self
.assertTrue("nTSecurityDescriptor" in res
[0])
901 self
.assertTrue("allowedAttributes" in res
[0])
902 self
.assertTrue("allowedAttributesEffective" in res
[0])
904 for m
in res
[0]["member"]:
905 memberUP
.append(m
.upper())
906 self
.assertTrue(("CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper() in memberUP
)
908 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
, controls
=["extended_dn:1:1"])
909 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
911 print res
[0]["member"]
913 for m
in res
[0]["member"]:
914 memberUP
.append(m
.upper())
915 print ("<GUID=" + ldb
.schema_format_value("objectGUID", ldaptestuser2_guid
) + ">;<SID=" + ldb
.schema_format_value("objectSid", ldaptestuser2_sid
) + ">;CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper()
917 self
.assertTrue(("<GUID=" + ldb
.schema_format_value("objectGUID", ldaptestuser2_guid
) + ">;<SID=" + ldb
.schema_format_value("objectSid", ldaptestuser2_sid
) + ">;CN=ldaptestuser2,CN=Users," + self
.base_dn
).upper() in memberUP
)
919 print "Testing Linked attribute behaviours"
921 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
924 member: CN=ldaptestuser2,CN=Users,""" + self
.base_dn
+ """
925 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
929 dn: <GUID=""" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + """>
932 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
936 dn: <SID=""" + ldb
.schema_format_value("objectSid", res
[0]["objectSid"][0]) + """>
942 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
945 member: <GUID=""" + ldb
.schema_format_value("objectGUID", res
[0]["objectGUID"][0]) + """>
946 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
950 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
956 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
959 member: <SID=""" + ldb
.schema_format_value("objectSid", res_user
[0]["objectSid"][0]) + """>
960 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
964 dn: cn=ldaptestgroup2,cn=users,""" + self
.base_dn
+ """
967 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self
.base_dn
+ """
970 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
971 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
973 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
974 self
.assertEquals(res
[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
975 self
.assertEquals(len(res
[0]["member"]), 1)
977 ldb
.delete(("CN=ldaptestuser2,CN=Users," + self
.base_dn
))
981 attrs
= ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
982 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
983 res
= ldb
.search(self
.base_dn
, expression
="(&(cn=ldaptestgroup2)(objectClass=group))", scope
=SCOPE_SUBTREE
, attrs
=attrs
)
984 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
986 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
987 self
.assertTrue("member" not in res
[0])
989 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
990 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
991 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
993 self
.assertEquals(str(res
[0].dn
), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self
.base_dn
))
994 self
.assertEquals(str(res
[0]["cn"]), "ldaptestutf8user èùéìòà")
995 self
.assertEquals(str(res
[0]["name"]), "ldaptestutf8user èùéìòà")
996 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
997 self
.assertTrue("objectGUID" in res
[0])
998 self
.assertTrue("whenCreated" in res
[0])
1000 ldb
.delete(res
[0].dn
)
1002 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
1003 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user2*)(objectClass=user))")
1004 self
.assertEquals(len(res
), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
1006 ldb
.delete(res
[0].dn
)
1008 ldb
.delete(("CN=ldaptestgroup2,CN=Users," + self
.base_dn
))
1010 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
1011 res
= ldb
.search(expression
="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
1013 #FIXME: self.assert len(res) == 1, "Could not find (expect space collapse, win2k3 fails) (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
1015 print "Testing that we can't get at the configuration DN from the main search base"
1016 res
= ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1017 self
.assertEquals(len(res
), 0)
1019 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
1020 res
= ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:2"])
1021 self
.assertTrue(len(res
) > 0)
1023 if gc_ldb
is not None:
1024 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
1026 res
= gc_ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["search_options:1:0"])
1027 self
.assertTrue(len(res
) > 0)
1029 print "Testing that we do find configuration elements in the global catlog"
1030 res
= gc_ldb
.search(self
.base_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1031 self
.assertTrue(len(res
) > 0)
1033 print "Testing that we do find configuration elements and user elements at the same time"
1034 res
= gc_ldb
.search(self
.base_dn
, expression
="(|(objectClass=crossRef)(objectClass=person))", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1035 self
.assertTrue(len(res
) > 0)
1037 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
1038 res
= gc_ldb
.search(self
.configuration_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1039 self
.assertTrue(len(res
) > 0)
1041 print "Testing that we can get at the configuration DN on the main LDAP port"
1042 res
= ldb
.search(self
.configuration_dn
, expression
="objectClass=crossRef", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1043 self
.assertTrue(len(res
) > 0)
1045 print "Testing objectCategory canonacolisation"
1046 res
= ldb
.search(self
.configuration_dn
, expression
="objectCategory=ntDsDSA", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1047 self
.assertTrue(len(res
) > 0, "Didn't find any records with objectCategory=ntDsDSA")
1048 self
.assertTrue(len(res
) != 0)
1050 res
= ldb
.search(self
.configuration_dn
, expression
="objectCategory=CN=ntDs-DSA," + self
.schema_dn
, scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1051 self
.assertTrue(len(res
) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self
.schema_dn
)
1052 self
.assertTrue(len(res
) != 0)
1054 print "Testing objectClass attribute order on "+ self
.base_dn
1055 res
= ldb
.search(expression
="objectClass=domain", base
=self
.base_dn
,
1056 scope
=SCOPE_BASE
, attrs
=["objectClass"])
1057 self
.assertEquals(len(res
), 1)
1059 self
.assertEquals(list(res
[0]["objectClass"]), ["top", "domain", "domainDNS"])
1063 print "Testing ldb.search for objectCategory=person"
1064 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=person", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1065 self
.assertTrue(len(res
) > 0)
1067 print "Testing ldb.search for objectCategory=person with domain scope control"
1068 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=person", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
1069 self
.assertTrue(len(res
) > 0)
1071 print "Testing ldb.search for objectCategory=user"
1072 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=user", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1073 self
.assertTrue(len(res
) > 0)
1075 print "Testing ldb.search for objectCategory=user with domain scope control"
1076 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=user", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
1077 self
.assertTrue(len(res
) > 0)
1079 print "Testing ldb.search for objectCategory=group"
1080 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=group", scope
=SCOPE_SUBTREE
, attrs
=["cn"])
1081 self
.assertTrue(len(res
) > 0)
1083 print "Testing ldb.search for objectCategory=group with domain scope control"
1084 res
= ldb
.search(self
.base_dn
, expression
="objectCategory=group", scope
=SCOPE_SUBTREE
, attrs
=["cn"], controls
=["domain_scope:1"])
1085 self
.assertTrue(len(res
) > 0)
1088 class BaseDnTests(unittest
.TestCase
):
1092 def test_rootdse_attrs(self
):
1093 """Testing for all rootDSE attributes"""
1094 res
= self
.ldb
.search(scope
=SCOPE_BASE
, attrs
=[])
1095 self
.assertEquals(len(res
), 1)
1097 def test_highestcommittedusn(self
):
1098 """Testing for highestCommittedUSN"""
1099 res
= self
.ldb
.search("", scope
=SCOPE_BASE
, attrs
=["highestCommittedUSN"])
1100 self
.assertEquals(len(res
), 1)
1101 self
.assertTrue(int(res
[0]["highestCommittedUSN"][0]) != 0)
1103 def test_netlogon(self
):
1104 """Testing for netlogon via LDAP"""
1105 res
= self
.ldb
.search("", scope
=SCOPE_BASE
, attrs
=["netlogon"])
1106 self
.assertEquals(len(res
), 0)
1108 def test_netlogon_highestcommitted_usn(self
):
1109 """Testing for netlogon and highestCommittedUSN via LDAP"""
1110 res
= self
.ldb
.search("", scope
=SCOPE_BASE
,
1111 attrs
=["netlogon", "highestCommittedUSN"])
1112 self
.assertEquals(len(res
), 0)
1114 class SchemaTests(unittest
.TestCase
):
1115 def delete_force(self
, ldb
, dn
):
1118 except LdbError
, (num
, _
):
1119 self
.assertEquals(num
, ERR_NO_SUCH_OBJECT
)
1121 def find_schemadn(self
, ldb
):
1122 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
, attrs
=["schemaNamingContext"])
1123 self
.assertEquals(len(res
), 1)
1124 return res
[0]["schemaNamingContext"][0]
1126 def find_basedn(self
, ldb
):
1127 res
= ldb
.search(base
="", expression
="", scope
=SCOPE_BASE
,
1128 attrs
=["defaultNamingContext"])
1129 self
.assertEquals(len(res
), 1)
1130 return res
[0]["defaultNamingContext"][0]
1134 self
.schema_dn
= self
.find_schemadn(ldb
)
1135 self
.base_dn
= self
.find_basedn(ldb
)
1137 def test_generated_schema(self
):
1138 """Testing we can read the generated schema via LDAP"""
1139 res
= self
.ldb
.search("cn=aggregate,"+self
.schema_dn
, scope
=SCOPE_BASE
,
1140 attrs
=["objectClasses", "attributeTypes", "dITContentRules"])
1141 self
.assertEquals(len(res
), 1)
1142 self
.assertTrue("dITContentRules" in res
[0])
1143 self
.assertTrue("objectClasses" in res
[0])
1144 self
.assertTrue("attributeTypes" in res
[0])
1146 def test_generated_schema_is_operational(self
):
1147 """Testing we don't get the generated schema via LDAP by default"""
1148 res
= self
.ldb
.search("cn=aggregate,"+self
.schema_dn
, scope
=SCOPE_BASE
,
1150 self
.assertEquals(len(res
), 1)
1151 self
.assertFalse("dITContentRules" in res
[0])
1152 self
.assertFalse("objectClasses" in res
[0])
1153 self
.assertFalse("attributeTypes" in res
[0])
1155 def test_schemaUpdateNow(self
):
1156 """Testing schemaUpdateNow"""
1157 class_name
= "test-class" + time
.strftime("%s", time
.gmtime())
1158 class_ldap_display_name
= class_name
.replace("-", "")
1159 object_name
= "obj" + time
.strftime("%s", time
.gmtime())
1162 dn: CN=%s,%s""" % (class_name
, self
.schema_dn
) + """
1163 lDAPDisplayName: """ + class_ldap_display_name
+ """
1165 objectClass: classSchema
1166 adminDescription: """ + class_name
+ """
1167 adminDisplayName: """ + class_name
+ """
1168 cn: """ + class_name
+ """
1169 objectCategory: CN=Class-Schema,""" + self
.schema_dn
+ """
1170 defaultObjectCategory: CN=%s,%s""" % (class_name
, self
.schema_dn
) + """
1171 distinguishedName: CN=%s,%s""" % (class_name
, self
.schema_dn
) + """
1172 governsID: 1.2.840.""" + time
.strftime("%s", time
.gmtime())[3:] + """.1.5.9939
1174 name: """ + class_name
+ """
1175 objectClassCategory: 1
1176 subClassOf: organizationalPerson
1179 systemMustContain: cn
1182 self
.ldb
.add_ldif(ldif
)
1186 add: schemaUpdateNow
1189 self
.ldb
.modify_ldif(ldif
)
1191 dn: CN=%s,CN=Users,%s"""% (object_name
, self
.base_dn
) + """
1192 objectClass: organizationalPerson
1194 objectClass: """ + class_ldap_display_name
+ """
1196 cn: """ + object_name
+ """
1198 objectCategory: CN=%s,%s"""% (class_name
, self
.schema_dn
) + """
1199 distinguishedName: CN=%s,CN=Users,%s"""% (object_name
, self
.base_dn
) + """
1200 name: """ + object_name
+ """
1202 self
.ldb
.add_ldif(ldif
)
1203 # Search for created objectClass
1205 res
= self
.ldb
.search("cn=%s,%s" % (class_name
, self
.schema_dn
), scope
=SCOPE_BASE
, attrs
=["*"])
1206 self
.assertNotEqual(res
, [])
1209 res
= self
.ldb
.search("cn=%s,cn=Users,%s" % (object_name
, self
.base_dn
), scope
=SCOPE_BASE
, attrs
=["*"])
1210 self
.assertNotEqual(res
, [])
1212 self
.delete_force(self
.ldb
, "cn=%s,cn=Users,%s" % (object_name
, self
.base_dn
))
1214 if not "://" in host
:
1215 host
= "ldap://%s" % host
1217 ldb
= Ldb(host
, credentials
=creds
, session_info
=system_session(), lp
=lp
)
1218 gc_ldb
= Ldb("%s:3268" % host
, credentials
=creds
,
1219 session_info
=system_session(), lp
=lp
)
1221 runner
= SubunitTestRunner()
1223 if not runner
.run(unittest
.makeSuite(BaseDnTests
)).wasSuccessful():
1225 if not runner
.run(unittest
.makeSuite(BasicTests
)).wasSuccessful():
1227 if not runner
.run(unittest
.makeSuite(SchemaTests
)).wasSuccessful():