2 # -*- coding: utf-8 -*-
3 # This is a port of the original in testprogs/ejs/ldap.js
11 sys.path.append("bin/python")
13 samba.ensure_external_module("subunit", "subunit/python")
14 samba.ensure_external_module("testtools", "testtools")
16 import samba.getopt as options
18 from samba.auth import system_session
19 from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError
20 from ldb import ERR_NO_SUCH_OBJECT, ERR_ATTRIBUTE_OR_VALUE_EXISTS
21 from ldb import ERR_ENTRY_ALREADY_EXISTS, ERR_UNWILLING_TO_PERFORM
22 from ldb import ERR_NOT_ALLOWED_ON_NON_LEAF, ERR_OTHER, ERR_INVALID_DN_SYNTAX
23 from ldb import ERR_NO_SUCH_ATTRIBUTE, ERR_INVALID_ATTRIBUTE_SYNTAX
24 from ldb import ERR_OBJECT_CLASS_VIOLATION, ERR_NOT_ALLOWED_ON_RDN
25 from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
26 from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
27 from ldb import Message, MessageElement, Dn
28 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
30 from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_INTERDOMAIN_TRUST_ACCOUNT,
31 UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT,
32 UF_PARTIAL_SECRETS_ACCOUNT,
33 UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
34 ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE,
35 SYSTEM_FLAG_CONFIG_ALLOW_RENAME, SYSTEM_FLAG_CONFIG_ALLOW_MOVE,
36 SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)
37 from samba.dcerpc.security import (DOMAIN_RID_USERS, DOMAIN_RID_DOMAIN_MEMBERS,
38 DOMAIN_RID_DCS, DOMAIN_RID_READONLY_DCS)
40 from subunit.run import SubunitTestRunner
43 from samba.ndr import ndr_pack, ndr_unpack
44 from samba.dcerpc import security
46 parser = optparse.OptionParser("ldap.py [options] <host>")
47 sambaopts = options.SambaOptions(parser)
48 parser.add_option_group(sambaopts)
49 parser.add_option_group(options.VersionOptions(parser))
50 # use command line creds if available
51 credopts = options.CredentialsOptions(parser)
52 parser.add_option_group(credopts)
53 opts, args = parser.parse_args()
61 lp = sambaopts.get_loadparm()
62 creds = credopts.get_credentials(lp)
64 class BasicTests(unittest.TestCase):
66 def delete_force(self, ldb, dn):
69 except LdbError, (num, _):
70 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
72 def find_basedn(self, ldb):
73 res = ldb.search(base="", expression="", scope=SCOPE_BASE,
74 attrs=["defaultNamingContext"])
75 self.assertEquals(len(res), 1)
76 return res[0]["defaultNamingContext"][0]
78 def find_configurationdn(self, ldb):
79 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
80 self.assertEquals(len(res), 1)
81 return res[0]["configurationNamingContext"][0]
83 def find_schemadn(self, ldb):
84 res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
85 self.assertEquals(len(res), 1)
86 return res[0]["schemaNamingContext"][0]
88 def find_domain_sid(self):
89 res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
90 return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
92 def set_dsheuristics(self, dsheuristics):
94 m.dn = Dn(self.ldb, "CN=Directory Service, CN=Windows NT, CN=Services, "
95 + self.configuration_dn)
96 if dsheuristics is not None:
97 m["dSHeuristics"] = MessageElement(dsheuristics, FLAG_MOD_REPLACE,
100 m["dSHeuristics"] = MessageElement([], FLAG_MOD_DELETE, "dsHeuristics")
104 super(BasicTests, self).setUp()
107 self.base_dn = self.find_basedn(ldb)
108 self.configuration_dn = self.find_configurationdn(ldb)
109 self.schema_dn = self.find_schemadn(ldb)
110 self.domain_sid = self.find_domain_sid()
112 print "baseDN: %s\n" % self.base_dn
114 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
115 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
116 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
117 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
118 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
119 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
120 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
121 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
122 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
123 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
124 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
125 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
126 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
127 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
128 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
129 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
130 self.delete_force(self.ldb, "cn=parentguidtest,cn=users," + self.base_dn)
131 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
132 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
133 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
134 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
135 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
136 self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
138 def test_objectclasses(self):
139 """Test objectClass behaviour"""
140 print "Test objectClass behaviour"""
142 # We cannot create LSA-specific objects (oc "secret" or "trustedDomain")
145 "dn": "cn=testsecret,cn=system," + self.base_dn,
146 "objectClass": "secret" })
148 except LdbError, (num, _):
149 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
151 # Invalid objectclass specified
154 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
157 except LdbError, (num, _):
158 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
160 # Invalid objectclass specified
163 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
164 "objectClass": "X" })
166 except LdbError, (num, _):
167 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
169 # Invalid objectCategory specified
172 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
173 "objectClass": "person",
174 "objectCategory": self.base_dn })
176 except LdbError, (num, _):
177 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
179 # Multi-valued "systemFlags"
182 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
183 "objectClass": "person",
184 "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)] })
186 except LdbError, (num, _):
187 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
189 # We cannot instanciate from an abstract objectclass
192 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
193 "objectClass": "connectionPoint" })
195 except LdbError, (num, _):
196 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
198 # Test allowed system flags
200 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
201 "objectClass": "person",
202 "systemFlags": str(~(SYSTEM_FLAG_CONFIG_ALLOW_RENAME | SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE)) })
204 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
205 scope=SCOPE_BASE, attrs=["systemFlags"])
206 self.assertTrue(len(res) == 1)
207 self.assertEquals(res[0]["systemFlags"][0], "0")
209 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
212 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
213 "objectClass": "person" })
215 # We can remove derivation classes of the structural objectclass
216 # but they're going to be readded afterwards
218 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
219 m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
223 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
224 scope=SCOPE_BASE, attrs=["objectClass"])
225 self.assertTrue(len(res) == 1)
226 self.assertTrue("top" in res[0]["objectClass"])
228 # The top-most structural class cannot be deleted since there are
229 # attributes of it in use
231 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
232 m["objectClass"] = MessageElement("person", FLAG_MOD_DELETE,
237 except LdbError, (num, _):
238 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
240 # We cannot delete classes which weren't specified
242 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
243 m["objectClass"] = MessageElement("computer", FLAG_MOD_DELETE,
248 except LdbError, (num, _):
249 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
251 # An invalid class cannot be added
253 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
254 m["objectClass"] = MessageElement("X", FLAG_MOD_ADD,
259 except LdbError, (num, _):
260 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
262 # The top-most structural class cannot be changed by adding another
265 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
266 m["objectClass"] = MessageElement("user", FLAG_MOD_ADD,
271 except LdbError, (num, _):
272 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
274 # An already specified objectclass cannot be added another time
276 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
277 m["objectClass"] = MessageElement("person", FLAG_MOD_ADD,
282 except LdbError, (num, _):
283 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
285 # Auxiliary classes can always be added
287 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
288 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
292 # It's only possible to replace with the same objectclass combination.
293 # So the replace action on "objectClass" attributes is really useless.
295 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
296 m["objectClass"] = MessageElement(["top", "person", "bootableDevice"],
297 FLAG_MOD_REPLACE, "objectClass")
301 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
302 m["objectClass"] = MessageElement(["person", "bootableDevice"],
303 FLAG_MOD_REPLACE, "objectClass")
307 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
308 m["objectClass"] = MessageElement(["top", "person", "bootableDevice",
309 "connectionPoint"], FLAG_MOD_REPLACE, "objectClass")
313 except LdbError, (num, _):
314 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
316 # We cannot remove all object classes by an empty replace
318 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
319 m["objectClass"] = MessageElement([], FLAG_MOD_REPLACE, "objectClass")
323 except LdbError, (num, _):
324 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
327 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
328 m["objectClass"] = MessageElement(["top", "computer"], FLAG_MOD_REPLACE,
333 except LdbError, (num, _):
334 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
336 # Classes can be removed unless attributes of them are used.
338 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
339 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
343 res = ldb.search("cn=ldaptestuser,cn=users," + self.base_dn,
344 scope=SCOPE_BASE, attrs=["objectClass"])
345 self.assertTrue(len(res) == 1)
346 self.assertFalse("bootableDevice" in res[0]["objectClass"])
349 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
350 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_ADD,
354 # Add an attribute specific to the "bootableDevice" class
356 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
357 m["bootParameter"] = MessageElement("test", FLAG_MOD_ADD,
361 # Classes can be removed unless attributes of them are used. Now there
362 # exist such attributes on the entry.
364 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
365 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
370 except LdbError, (num, _):
371 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
373 # Remove the previously specified attribute
375 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
376 m["bootParameter"] = MessageElement("test", FLAG_MOD_DELETE,
380 # Classes can be removed unless attributes of them are used.
382 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
383 m["objectClass"] = MessageElement("bootableDevice", FLAG_MOD_DELETE,
387 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
389 def test_system_only(self):
390 """Test systemOnly objects"""
391 print "Test systemOnly objects"""
395 "dn": "cn=ldaptestobject," + self.base_dn,
396 "objectclass": "configuration"})
398 except LdbError, (num, _):
399 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
403 "dn": "cn=testsecret,cn=system," + self.base_dn,
404 "objectclass": "secret"})
406 except LdbError, (num, _):
407 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
409 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
410 self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
414 "dn": "cn=ldaptestcontainer," + self.base_dn,
415 "objectclass": "container",
416 "isCriticalSystemObject": "TRUE"})
418 except LdbError, (num, _):
419 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
422 "dn": "cn=ldaptestcontainer," + self.base_dn,
423 "objectclass": "container"})
426 m.dn = Dn(ldb, "cn=ldaptestcontainer," + self.base_dn)
427 m["isCriticalSystemObject"] = MessageElement("TRUE", FLAG_MOD_REPLACE,
428 "isCriticalSystemObject")
432 except LdbError, (num, _):
433 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
435 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
437 # Proof if DC SAM object has "isCriticalSystemObject" set
438 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["serverName"])
439 self.assertTrue(len(res) == 1)
440 self.assertTrue("serverName" in res[0])
441 res = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
442 attrs=["serverReference"])
443 self.assertTrue(len(res) == 1)
444 self.assertTrue("serverReference" in res[0])
445 res = self.ldb.search(res[0]["serverReference"][0], scope=SCOPE_BASE,
446 attrs=["isCriticalSystemObject"])
447 self.assertTrue(len(res) == 1)
448 self.assertTrue("isCriticalSystemObject" in res[0])
449 self.assertEquals(res[0]["isCriticalSystemObject"][0], "TRUE")
451 def test_invalid_parent(self):
452 """Test adding an object with invalid parent"""
453 print "Test adding an object with invalid parent"""
457 "dn": "cn=ldaptestgroup,cn=thisdoesnotexist123,"
459 "objectclass": "group"})
461 except LdbError, (num, _):
462 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
464 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=thisdoesnotexist123,"
469 "dn": "ou=testou,cn=users," + self.base_dn,
470 "objectclass": "organizationalUnit"})
472 except LdbError, (num, _):
473 self.assertEquals(num, ERR_NAMING_VIOLATION)
475 self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
477 def test_invalid_attribute(self):
478 """Test invalid attributes on schema/objectclasses"""
479 print "Test invalid attributes on schema/objectclasses"""
481 # attributes not in schema test
487 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
488 "objectclass": "group",
489 "thisdoesnotexist": "x"})
491 except LdbError, (num, _):
492 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
495 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
496 "objectclass": "group"})
501 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
502 m["thisdoesnotexist"] = MessageElement("x", FLAG_MOD_REPLACE,
507 except LdbError, (num, _):
508 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
510 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
512 # attributes not in objectclasses and mandatory attributes missing test
513 # Use here a non-SAM entry since it doesn't have special triggers
514 # associated which have an impact on the error results.
518 # mandatory attribute missing
521 "dn": "cn=ldaptestobject," + self.base_dn,
522 "objectclass": "ipProtocol"})
524 except LdbError, (num, _):
525 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
527 # inadequate but schema-valid attribute specified
530 "dn": "cn=ldaptestobject," + self.base_dn,
531 "objectclass": "ipProtocol",
532 "ipProtocolNumber": "1",
535 except LdbError, (num, _):
536 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
539 "dn": "cn=ldaptestobject," + self.base_dn,
540 "objectclass": "ipProtocol",
541 "ipProtocolNumber": "1"})
545 # inadequate but schema-valid attribute add trial
547 m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
548 m["uid"] = MessageElement("0", FLAG_MOD_ADD, "uid")
552 except LdbError, (num, _):
553 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
555 # mandatory attribute delete trial
557 m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
558 m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_DELETE,
563 except LdbError, (num, _):
564 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
566 # mandatory attribute delete trial
568 m.dn = Dn(ldb, "cn=ldaptestobject," + self.base_dn)
569 m["ipProtocolNumber"] = MessageElement([], FLAG_MOD_REPLACE,
574 except LdbError, (num, _):
575 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
577 self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
579 def test_single_valued_attributes(self):
580 """Test single-valued attributes"""
581 print "Test single-valued attributes"""
585 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
586 "objectclass": "group",
587 "sAMAccountName": ["nam1", "nam2"]})
589 except LdbError, (num, _):
590 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
593 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
594 "objectclass": "group"})
597 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
598 m["sAMAccountName"] = MessageElement(["nam1","nam2"], FLAG_MOD_REPLACE,
603 except LdbError, (num, _):
604 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
607 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
608 m["sAMAccountName"] = MessageElement("testgroupXX", FLAG_MOD_REPLACE,
613 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
614 m["sAMAccountName"] = MessageElement("testgroupXX2", FLAG_MOD_ADD,
619 except LdbError, (num, _):
620 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
622 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
624 def test_description_attribute(self):
625 """Test description attribute"""
626 print "Test description attribute"""
629 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
630 "description": "desc2",
631 "objectclass": "group",
632 "description": "desc1"})
634 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
635 scope=SCOPE_BASE, attrs=["description"])
636 self.assertTrue(len(res) == 1)
637 self.assertTrue("description" in res[0])
638 self.assertTrue(len(res[0]["description"]) == 1)
639 self.assertEquals(res[0]["description"][0], "desc1")
641 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
644 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
645 "objectclass": "group",
646 "description": ["desc1", "desc2"]})
648 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
649 scope=SCOPE_BASE, attrs=["description"])
650 self.assertTrue(len(res) == 1)
651 self.assertTrue("description" in res[0])
652 self.assertTrue(len(res[0]["description"]) == 2)
653 self.assertTrue(res[0]["description"][0] == "desc1" or
654 res[0]["description"][1] == "desc1")
655 self.assertTrue(res[0]["description"][0] == "desc2" or
656 res[0]["description"][1] == "desc2")
659 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
660 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
665 except LdbError, (num, _):
666 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
669 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
670 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
674 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
677 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
678 "objectclass": "group" })
681 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
682 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
686 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
687 scope=SCOPE_BASE, attrs=["description"])
688 self.assertTrue(len(res) == 1)
689 self.assertTrue("description" in res[0])
690 self.assertTrue(len(res[0]["description"]) == 1)
691 self.assertEquals(res[0]["description"][0], "desc1")
693 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
696 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
697 "objectclass": "group",
698 "description": ["desc1", "desc2"]})
701 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
702 m["description"] = MessageElement("desc1", FLAG_MOD_REPLACE,
706 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
707 scope=SCOPE_BASE, attrs=["description"])
708 self.assertTrue(len(res) == 1)
709 self.assertTrue("description" in res[0])
710 self.assertTrue(len(res[0]["description"]) == 1)
711 self.assertEquals(res[0]["description"][0], "desc1")
714 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
715 m["description"] = MessageElement("desc3", FLAG_MOD_ADD,
720 except LdbError, (num, _):
721 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
724 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
725 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_DELETE,
730 except LdbError, (num, _):
731 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
734 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
735 m["description"] = MessageElement("desc1", FLAG_MOD_DELETE,
738 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
739 scope=SCOPE_BASE, attrs=["description"])
740 self.assertTrue(len(res) == 1)
741 self.assertFalse("description" in res[0])
744 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
745 m["description"] = MessageElement(["desc1","desc2"], FLAG_MOD_REPLACE,
750 except LdbError, (num, _):
751 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
754 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
755 m["description"] = MessageElement(["desc3", "desc4"], FLAG_MOD_ADD,
760 except LdbError, (num, _):
761 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
764 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
765 m["description"] = MessageElement("desc1", FLAG_MOD_ADD,
769 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
770 scope=SCOPE_BASE, attrs=["description"])
771 self.assertTrue(len(res) == 1)
772 self.assertTrue("description" in res[0])
773 self.assertTrue(len(res[0]["description"]) == 1)
774 self.assertEquals(res[0]["description"][0], "desc1")
776 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
778 def test_attribute_ranges(self):
779 """Test attribute ranges"""
780 print "Test attribute ranges"""
785 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
786 "objectClass": "person",
789 except LdbError, (num, _):
790 self.assertEquals(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
795 # "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
796 # "objectClass": "person",
797 # "sn": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" })
799 # except LdbError, (num, _):
800 # self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
803 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
804 "objectClass": "person" })
808 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
809 m["sn"] = MessageElement("", FLAG_MOD_REPLACE, "sn")
813 except LdbError, (num, _):
814 self.assertEquals(num, ERR_INVALID_ATTRIBUTE_SYNTAX)
818 # m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
819 # m["sn"] = MessageElement("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", FLAG_MOD_REPLACE, "sn")
823 # except LdbError, (num, _):
824 # self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
827 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
828 m["sn"] = MessageElement("x", FLAG_MOD_REPLACE, "sn")
831 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
833 def test_empty_messages(self):
834 """Test empty messages"""
835 print "Test empty messages"""
838 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
843 except LdbError, (num, _):
844 self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
849 except LdbError, (num, _):
850 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
852 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
854 def test_empty_attributes(self):
855 """Test empty attributes"""
856 print "Test empty attributes"""
859 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
860 m["objectClass"] = MessageElement("group", FLAG_MOD_ADD, "objectClass")
861 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
866 except LdbError, (num, _):
867 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
870 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
871 "objectclass": "group"})
874 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
875 m["description"] = MessageElement([], FLAG_MOD_ADD, "description")
880 except LdbError, (num, _):
881 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
884 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
885 m["description"] = MessageElement([], FLAG_MOD_REPLACE, "description")
889 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
890 m["description"] = MessageElement([], FLAG_MOD_DELETE, "description")
894 except LdbError, (num, _):
895 self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
897 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
899 def test_instanceType(self):
900 """Tests the 'instanceType' attribute"""
901 print "Tests the 'instanceType' attribute"""
903 # The instance type is single-valued
906 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
907 "objectclass": "group",
908 "instanceType": ["0", "1"]})
910 except LdbError, (num, _):
911 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
913 # The head NC flag cannot be set without the write flag
916 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
917 "objectclass": "group",
918 "instanceType": "1" })
920 except LdbError, (num, _):
921 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
923 # We cannot manipulate NCs without the head NC flag
926 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
927 "objectclass": "group",
928 "instanceType": "32" })
930 except LdbError, (num, _):
931 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
934 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
935 "objectclass": "group"})
938 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
939 m["instanceType"] = MessageElement("0", FLAG_MOD_REPLACE,
944 except LdbError, (num, _):
945 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
948 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
949 m["instanceType"] = MessageElement([], FLAG_MOD_REPLACE,
954 except LdbError, (num, _):
955 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
958 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
959 m["instanceType"] = MessageElement([], FLAG_MOD_DELETE, "instanceType")
963 except LdbError, (num, _):
964 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
966 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
968 def test_distinguished_name(self):
969 """Tests the 'distinguishedName' attribute"""
970 print "Tests the 'distinguishedName' attribute"""
972 # a wrong "distinguishedName" attribute is obviously tolerated
974 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
975 "objectclass": "group",
976 "distinguishedName": "cn=ldaptest,cn=users," + self.base_dn})
978 # proof if the DN has been set correctly
979 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
980 scope=SCOPE_BASE, attrs=["distinguishedName"])
981 self.assertTrue(len(res) == 1)
982 self.assertTrue("distinguishedName" in res[0])
983 self.assertTrue(Dn(ldb, res[0]["distinguishedName"][0])
984 == Dn(ldb, "cn=ldaptestgroup, cn=users," + self.base_dn))
987 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
988 m["distinguishedName"] = MessageElement(
989 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_ADD,
995 except LdbError, (num, _):
996 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
999 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1000 m["distinguishedName"] = MessageElement(
1001 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_REPLACE,
1002 "distinguishedName")
1007 except LdbError, (num, _):
1008 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
1011 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1012 m["distinguishedName"] = MessageElement(
1013 "cn=ldaptestuser,cn=users," + self.base_dn, FLAG_MOD_DELETE,
1014 "distinguishedName")
1019 except LdbError, (num, _):
1020 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
1022 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1024 def test_rdn_name(self):
1026 print "Tests the RDN"""
1030 "dn": "description=xyz,cn=users," + self.base_dn,
1031 "objectclass": "group"})
1033 except LdbError, (num, _):
1034 self.assertEquals(num, ERR_NAMING_VIOLATION)
1036 self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
1038 # a wrong "name" attribute is obviously tolerated
1040 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
1041 "objectclass": "group",
1042 "name": "ldaptestgroupx"})
1044 # proof if the name has been set correctly
1045 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
1046 scope=SCOPE_BASE, attrs=["name"])
1047 self.assertTrue(len(res) == 1)
1048 self.assertTrue("name" in res[0])
1049 self.assertTrue(res[0]["name"][0] == "ldaptestgroup")
1052 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1053 m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE,
1058 except LdbError, (num, _):
1059 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
1062 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1063 m["cn"] = MessageElement("ldaptestuser",
1064 FLAG_MOD_REPLACE, "cn")
1068 except LdbError, (num, _):
1069 self.assertEquals(num, ERR_NOT_ALLOWED_ON_RDN)
1071 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1074 # this test needs to be disabled until we really understand
1075 # what the rDN length constraints are
1076 def DISABLED_test_largeRDN(self):
1077 """Testing large rDN (limit 64 characters)"""
1078 rdn = "CN=a012345678901234567890123456789012345678901234567890123456789012";
1079 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1081 dn: %s,%s""" % (rdn,self.base_dn) + """
1082 objectClass: container
1084 self.ldb.add_ldif(ldif)
1085 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1087 rdn = "CN=a0123456789012345678901234567890123456789012345678901234567890120";
1088 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1091 dn: %s,%s""" % (rdn,self.base_dn) + """
1092 objectClass: container
1094 self.ldb.add_ldif(ldif)
1096 except LdbError, (num, _):
1097 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
1098 self.delete_force(self.ldb, "%s,%s" % (rdn, self.base_dn))
1100 def test_rename(self):
1101 """Tests the rename operation"""
1102 print "Tests the rename operations"""
1105 # cannot rename to be a child of itself
1106 ldb.rename(self.base_dn, "dc=test," + self.base_dn)
1108 except LdbError, (num, _):
1109 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1113 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1115 except LdbError, (num, _):
1116 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1119 "dn": "cn=ldaptestuser2,cn=users," + self.base_dn,
1120 "objectclass": "user" })
1122 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1123 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
1124 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestUSER3,cn=users," + self.base_dn)
1127 # containment problem: a user entry cannot contain user entries
1128 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser4,cn=ldaptestuser3,cn=users," + self.base_dn)
1130 except LdbError, (num, _):
1131 self.assertEquals(num, ERR_NAMING_VIOLATION)
1135 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=people,cn=users," + self.base_dn)
1137 except LdbError, (num, _):
1138 self.assertEquals(num, ERR_OTHER)
1141 # invalid target DN syntax
1142 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, ",cn=users," + self.base_dn)
1144 except LdbError, (num, _):
1145 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
1149 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "ou=ldaptestuser3,cn=users," + self.base_dn)
1151 except LdbError, (num, _):
1152 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1154 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
1156 # Performs some "systemFlags" testing
1158 # Move failing since no "SYSTEM_FLAG_CONFIG_ALLOW_MOVE"
1160 ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers,CN=Services," + self.configuration_dn)
1162 except LdbError, (num, _):
1163 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1165 # Limited move failing since no "SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVE"
1167 ldb.rename("CN=Directory Service,CN=Windows NT,CN=Services," + self.configuration_dn, "CN=Directory Service,CN=RRAS,CN=Services," + self.configuration_dn)
1169 except LdbError, (num, _):
1170 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1172 # Rename failing since no "SYSTEM_FLAG_CONFIG_ALLOW_RENAME"
1174 ldb.rename("CN=DisplaySpecifiers," + self.configuration_dn, "CN=DisplaySpecifiers2," + self.configuration_dn)
1176 except LdbError, (num, _):
1177 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1179 # It's not really possible to test moves on the schema partition since
1180 # there don't exist subcontainers on it.
1182 # Rename failing since "SYSTEM_FLAG_SCHEMA_BASE_OBJECT"
1184 ldb.rename("CN=Top," + self.schema_dn, "CN=Top2," + self.schema_dn)
1186 except LdbError, (num, _):
1187 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1189 # Move failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE"
1191 ldb.rename("CN=Users," + self.base_dn, "CN=Users,CN=Computers," + self.base_dn)
1193 except LdbError, (num, _):
1194 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1196 # Rename failing since "SYSTEM_FLAG_DOMAIN_DISALLOW_RENAME"
1198 ldb.rename("CN=Users," + self.base_dn, "CN=Users2," + self.base_dn)
1200 except LdbError, (num, _):
1201 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1203 # Performs some other constraints testing
1206 ldb.rename("CN=Policies,CN=System," + self.base_dn, "CN=Users2," + self.base_dn)
1208 except LdbError, (num, _):
1209 self.assertEquals(num, ERR_OTHER)
1211 def test_rename_twice(self):
1212 """Tests the rename operation twice - this corresponds to a past bug"""
1213 print "Tests the rename twice operation"""
1216 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
1217 "objectclass": "user" })
1219 ldb.rename("cn=ldaptestuser5,cn=users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
1220 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1222 "dn": "cn=ldaptestuser5,cn=users," + self.base_dn,
1223 "objectclass": "user" })
1224 ldb.rename("cn=ldaptestuser5,cn=Users," + self.base_dn, "cn=ldaptestUSER5,cn=users," + self.base_dn)
1225 res = ldb.search(expression="cn=ldaptestuser5")
1226 print "Found %u records" % len(res)
1227 self.assertEquals(len(res), 1, "Wrong number of hits for cn=ldaptestuser5")
1228 res = ldb.search(expression="(&(cn=ldaptestuser5)(objectclass=user))")
1229 print "Found %u records" % len(res)
1230 self.assertEquals(len(res), 1, "Wrong number of hits for (&(cn=ldaptestuser5)(objectclass=user))")
1231 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
1233 def test_parentGUID(self):
1234 """Test parentGUID behaviour"""
1235 print "Testing parentGUID behaviour\n"
1237 # TODO: This seems to fail on Windows Server. Hidden attribute?
1240 "dn": "cn=parentguidtest,cn=users," + self.base_dn,
1241 "objectclass":"user",
1242 "samaccountname":"parentguidtest"});
1243 res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE,
1244 attrs=["parentGUID", "samaccountname"]);
1245 res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE,
1246 attrs=["objectGUID"]);
1247 res3 = ldb.search(base=self.base_dn, scope=SCOPE_BASE,
1248 attrs=["parentGUID"]);
1249 res4 = ldb.search(base=self.configuration_dn, scope=SCOPE_BASE,
1250 attrs=["parentGUID"]);
1251 res5 = ldb.search(base=self.schema_dn, scope=SCOPE_BASE,
1252 attrs=["parentGUID"]);
1254 """Check if the parentGUID is valid """
1255 self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]);
1257 """Check if it returns nothing when there is no parent object - default NC"""
1258 has_parentGUID = False
1259 for key in res3[0].keys():
1260 if key == "parentGUID":
1261 has_parentGUID = True
1263 self.assertFalse(has_parentGUID);
1265 """Check if it returns nothing when there is no parent object - configuration NC"""
1266 has_parentGUID = False
1267 for key in res4[0].keys():
1268 if key == "parentGUID":
1269 has_parentGUID = True
1271 self.assertFalse(has_parentGUID);
1273 """Check if it returns nothing when there is no parent object - schema NC"""
1274 has_parentGUID = False
1275 for key in res5[0].keys():
1276 if key == "parentGUID":
1277 has_parentGUID = True
1279 self.assertFalse(has_parentGUID);
1281 """Ensures that if you look for another object attribute after the constructed
1282 parentGUID, it will return correctly"""
1283 has_another_attribute = False
1284 for key in res1[0].keys():
1285 if key == "sAMAccountName":
1286 has_another_attribute = True
1288 self.assertTrue(has_another_attribute)
1289 self.assertTrue(len(res1[0]["samaccountname"]) == 1)
1290 self.assertEquals(res1[0]["samaccountname"][0], "parentguidtest");
1292 print "Testing parentGUID behaviour on rename\n"
1295 "dn": "cn=testotherusers," + self.base_dn,
1296 "objectclass":"container"});
1297 res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE,
1298 attrs=["objectGUID"]);
1299 ldb.rename("cn=parentguidtest,cn=users," + self.base_dn,
1300 "cn=parentguidtest,cn=testotherusers," + self.base_dn);
1301 res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn,
1303 attrs=["parentGUID"]);
1304 self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]);
1306 self.delete_force(self.ldb, "cn=parentguidtest,cn=testotherusers," + self.base_dn)
1307 self.delete_force(self.ldb, "cn=testotherusers," + self.base_dn)
1309 def test_groupType_int32(self):
1310 """Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
1311 print "Testing groupType (int32) behaviour\n"
1313 res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
1314 attrs=["groupType"], expression="groupType=2147483653");
1316 res2 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
1317 attrs=["groupType"], expression="groupType=-2147483643");
1319 self.assertEquals(len(res1), len(res2))
1321 self.assertTrue(res1.count > 0)
1323 self.assertEquals(res1[0]["groupType"][0], "-2147483643")
1325 def test_linked_attributes(self):
1326 """This tests the linked attribute behaviour"""
1327 print "Testing linked attribute behaviour\n"
1330 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
1331 "objectclass": "group"})
1333 # This should not work since "memberOf" is linked to "member"
1336 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
1337 "objectclass": "user",
1338 "memberOf": "cn=ldaptestgroup,cn=users," + self.base_dn})
1339 except LdbError, (num, _):
1340 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1343 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
1344 "objectclass": "user"})
1347 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1348 m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
1349 FLAG_MOD_ADD, "memberOf")
1353 except LdbError, (num, _):
1354 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1357 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1358 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
1359 FLAG_MOD_ADD, "member")
1363 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1364 m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
1365 FLAG_MOD_REPLACE, "memberOf")
1369 except LdbError, (num, _):
1370 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1373 m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1374 m["memberOf"] = MessageElement("cn=ldaptestgroup,cn=users," + self.base_dn,
1375 FLAG_MOD_DELETE, "memberOf")
1379 except LdbError, (num, _):
1380 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1383 m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1384 m["member"] = MessageElement("cn=ldaptestuser,cn=users," + self.base_dn,
1385 FLAG_MOD_DELETE, "member")
1388 # This should yield no results since the member attribute for
1389 # "ldaptestuser" should have been deleted
1390 res1 = ldb.search("cn=ldaptestgroup, cn=users," + self.base_dn,
1392 expression="(member=cn=ldaptestuser,cn=users," + self.base_dn + ")",
1394 self.assertTrue(len(res1) == 0)
1396 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1399 "dn": "cn=ldaptestgroup,cn=users," + self.base_dn,
1400 "objectclass": "group",
1401 "member": "cn=ldaptestuser,cn=users," + self.base_dn})
1403 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
1405 # Make sure that the "member" attribute for "ldaptestuser" has been
1407 res = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
1408 scope=SCOPE_BASE, attrs=["member"])
1409 self.assertTrue(len(res) == 1)
1410 self.assertFalse("member" in res[0])
1412 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
1414 def test_wkguid(self):
1415 """Test Well known GUID behaviours (including DN+Binary)"""
1416 print "Test Well known GUID behaviours (including DN+Binary)"""
1418 res = self.ldb.search(base=("<WKGUID=ab1d30f3768811d1aded00c04fd8d5cd,%s>" % self.base_dn), scope=SCOPE_BASE, attrs=[])
1419 self.assertEquals(len(res), 1)
1421 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd:%s" % res[0].dn))
1422 self.assertEquals(len(res2), 1)
1424 # Prove that the matching rule is over the whole DN+Binary
1425 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=B:32:ab1d30f3768811d1aded00c04fd8d5cd"))
1426 self.assertEquals(len(res2), 0)
1427 # Prove that the matching rule is over the whole DN+Binary
1428 res2 = self.ldb.search(scope=SCOPE_BASE, attrs=["wellKnownObjects"], expression=("wellKnownObjects=%s") % res[0].dn)
1429 self.assertEquals(len(res2), 0)
1431 def test_subschemasubentry(self):
1432 """Test subSchemaSubEntry appears when requested, but not when not requested"""
1433 print "Test subSchemaSubEntry"""
1435 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["subSchemaSubEntry"])
1436 self.assertEquals(len(res), 1)
1437 self.assertEquals(res[0]["subSchemaSubEntry"][0], "CN=Aggregate,"+self.schema_dn)
1439 res = self.ldb.search(base=self.base_dn, scope=SCOPE_BASE, attrs=["*"])
1440 self.assertEquals(len(res), 1)
1441 self.assertTrue("subScheamSubEntry" not in res[0])
1446 print "Testing user add"
1449 "dn": "cn=ldaptestuser,cn=uSers," + self.base_dn,
1450 "objectclass": "user",
1451 "cN": "LDAPtestUSER",
1452 "givenname": "ldap",
1456 "dn": "cn=ldaptestgroup,cn=uSers," + self.base_dn,
1457 "objectclass": "group",
1458 "member": "cn=ldaptestuser,cn=useRs," + self.base_dn})
1461 "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
1462 "objectclass": "computer",
1463 "cN": "LDAPtestCOMPUTER"})
1465 ldb.add({"dn": "cn=ldaptest2computer,cn=computers," + self.base_dn,
1466 "objectClass": "computer",
1467 "cn": "LDAPtest2COMPUTER",
1468 "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT),
1469 "displayname": "ldap testy"})
1472 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1473 "objectClass": "computer",
1474 "cn": "LDAPtest2COMPUTER"
1477 except LdbError, (num, _):
1478 self.assertEquals(num, ERR_INVALID_DN_SYNTAX)
1481 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1482 "objectClass": "computer",
1483 "cn": "ldaptestcomputer3",
1484 "sAMAccountType": str(ATYPE_NORMAL_ACCOUNT)
1487 except LdbError, (num, _):
1488 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1490 ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn,
1491 "objectClass": "computer",
1492 "cn": "LDAPtestCOMPUTER3"
1495 print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))";
1496 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))");
1497 self.assertEquals(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res))
1499 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn));
1500 self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3");
1501 self.assertEquals(res[0]["name"][0], "ldaptestcomputer3");
1502 self.assertEquals(res[0]["objectClass"][0], "top");
1503 self.assertEquals(res[0]["objectClass"][1], "person");
1504 self.assertEquals(res[0]["objectClass"][2], "organizationalPerson");
1505 self.assertEquals(res[0]["objectClass"][3], "user");
1506 self.assertEquals(res[0]["objectClass"][4], "computer");
1507 self.assertTrue("objectGUID" in res[0])
1508 self.assertTrue("whenCreated" in res[0])
1509 self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn));
1510 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513);
1511 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT);
1512 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE);
1514 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
1516 print "Testing attribute or value exists behaviour"
1519 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1521 replace: servicePrincipalName
1522 servicePrincipalName: host/ldaptest2computer
1523 servicePrincipalName: host/ldaptest2computer
1524 servicePrincipalName: cifs/ldaptest2computer
1527 except LdbError, (num, msg):
1528 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1531 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1533 replace: servicePrincipalName
1534 servicePrincipalName: host/ldaptest2computer
1535 servicePrincipalName: cifs/ldaptest2computer
1539 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1541 add: servicePrincipalName
1542 servicePrincipalName: host/ldaptest2computer
1545 except LdbError, (num, msg):
1546 self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
1548 print "Testing ranged results"
1550 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1552 replace: servicePrincipalName
1556 dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """
1558 add: servicePrincipalName
1559 servicePrincipalName: host/ldaptest2computer0
1560 servicePrincipalName: host/ldaptest2computer1
1561 servicePrincipalName: host/ldaptest2computer2
1562 servicePrincipalName: host/ldaptest2computer3
1563 servicePrincipalName: host/ldaptest2computer4
1564 servicePrincipalName: host/ldaptest2computer5
1565 servicePrincipalName: host/ldaptest2computer6
1566 servicePrincipalName: host/ldaptest2computer7
1567 servicePrincipalName: host/ldaptest2computer8
1568 servicePrincipalName: host/ldaptest2computer9
1569 servicePrincipalName: host/ldaptest2computer10
1570 servicePrincipalName: host/ldaptest2computer11
1571 servicePrincipalName: host/ldaptest2computer12
1572 servicePrincipalName: host/ldaptest2computer13
1573 servicePrincipalName: host/ldaptest2computer14
1574 servicePrincipalName: host/ldaptest2computer15
1575 servicePrincipalName: host/ldaptest2computer16
1576 servicePrincipalName: host/ldaptest2computer17
1577 servicePrincipalName: host/ldaptest2computer18
1578 servicePrincipalName: host/ldaptest2computer19
1579 servicePrincipalName: host/ldaptest2computer20
1580 servicePrincipalName: host/ldaptest2computer21
1581 servicePrincipalName: host/ldaptest2computer22
1582 servicePrincipalName: host/ldaptest2computer23
1583 servicePrincipalName: host/ldaptest2computer24
1584 servicePrincipalName: host/ldaptest2computer25
1585 servicePrincipalName: host/ldaptest2computer26
1586 servicePrincipalName: host/ldaptest2computer27
1587 servicePrincipalName: host/ldaptest2computer28
1588 servicePrincipalName: host/ldaptest2computer29
1591 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE,
1592 attrs=["servicePrincipalName;range=0-*"])
1593 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1594 #print len(res[0]["servicePrincipalName;range=0-*"])
1595 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1597 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"])
1598 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1599 # print res[0]["servicePrincipalName;range=0-19"].length
1600 self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20)
1603 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"])
1604 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1605 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1607 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"])
1608 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1609 self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30)
1611 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"])
1612 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1613 self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0)
1616 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"])
1617 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1618 self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20)
1619 # pos_11 = res[0]["servicePrincipalName;range=10-*"][18]
1621 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"])
1622 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1623 self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19)
1624 # print res[0]["servicePrincipalName;range=11-*"][18]
1626 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11)
1628 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"])
1629 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1630 self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5)
1631 # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11)
1633 res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"])
1634 self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)")
1635 # print res[0]["servicePrincipalName"][18]
1637 self.assertEquals(len(res[0]["servicePrincipalName"]), 30)
1638 # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11)
1640 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
1642 "dn": "cn=ldaptestuser2,cn=useRs," + self.base_dn,
1643 "objectClass": ["person", "user"],
1644 "cn": "LDAPtestUSER2",
1645 "givenname": "testy",
1646 "sn": "ldap user2"})
1648 print "Testing Ambigious Name Resolution"
1649 # Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
1650 res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
1651 self.assertEquals(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
1653 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1654 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1655 self.assertEquals(len(res), 2, "Found only %d of 2 for (&(anr=testy ldap)(objectClass=user))" % len(res))
1657 # Testing ldb.search for (&(anr=ldap)(objectClass=user))
1658 res = ldb.search(expression="(&(anr=ldap)(objectClass=user))")
1659 self.assertEquals(len(res), 4, "Found only %d of 4 for (&(anr=ldap)(objectClass=user))" % len(res))
1661 # Testing ldb.search for (&(anr==ldap)(objectClass=user))
1662 res = ldb.search(expression="(&(anr==ldap)(objectClass=user))")
1663 self.assertEquals(len(res), 1, "Could not find (&(anr==ldap)(objectClass=user)). Found only %d for (&(anr=ldap)(objectClass=user))" % len(res))
1665 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1666 self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1667 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1669 # Testing ldb.search for (&(anr=testy)(objectClass=user))
1670 res = ldb.search(expression="(&(anr=testy)(objectClass=user))")
1671 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy)(objectClass=user))" % len(res))
1673 # Testing ldb.search for (&(anr=testy ldap)(objectClass=user))
1674 res = ldb.search(expression="(&(anr=testy ldap)(objectClass=user))")
1675 self.assertEquals(len(res), 2, "Found only %d for (&(anr=testy ldap)(objectClass=user))" % len(res))
1677 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1678 # this test disabled for the moment, as anr with == tests are not understood
1679 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1680 # self.assertEquals(len(res), 1, "Found only %d for (&(anr==testy ldap)(objectClass=user))" % len(res))
1682 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1683 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1684 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1686 # Testing ldb.search for (&(anr==testy ldap)(objectClass=user))
1687 # res = ldb.search(expression="(&(anr==testy ldap)(objectClass=user))")
1688 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap)(objectClass=user))")
1690 # self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1691 # self.assertEquals(res[0]["cn"][0], "ldaptestuser")
1692 # self.assertEquals(res[0]["name"][0], "ldaptestuser")
1694 # Testing ldb.search for (&(anr=testy ldap user)(objectClass=user))
1695 res = ldb.search(expression="(&(anr=testy ldap user)(objectClass=user))")
1696 self.assertEquals(len(res), 1, "Could not find (&(anr=testy ldap user)(objectClass=user))")
1698 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1699 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1700 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1702 # Testing ldb.search for (&(anr==testy ldap user2)(objectClass=user))
1703 # res = ldb.search(expression="(&(anr==testy ldap user2)(objectClass=user))")
1704 # self.assertEquals(len(res), 1, "Could not find (&(anr==testy ldap user2)(objectClass=user))")
1706 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1707 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1708 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1710 # Testing ldb.search for (&(anr==ldap user2)(objectClass=user))
1711 # res = ldb.search(expression="(&(anr==ldap user2)(objectClass=user))")
1712 # self.assertEquals(len(res), 1, "Could not find (&(anr==ldap user2)(objectClass=user))")
1714 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
1715 self.assertEquals(str(res[0]["cn"]), "ldaptestuser2")
1716 self.assertEquals(str(res[0]["name"]), "ldaptestuser2")
1718 # Testing ldb.search for (&(anr==not ldap user2)(objectClass=user))
1719 # res = ldb.search(expression="(&(anr==not ldap user2)(objectClass=user))")
1720 # self.assertEquals(len(res), 0, "Must not find (&(anr==not ldap user2)(objectClass=user))")
1722 # Testing ldb.search for (&(anr=not ldap user2)(objectClass=user))
1723 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))")
1724 self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))")
1726 # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes)
1727 # res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))")
1728 # self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))")
1730 print "Testing Renames"
1732 attrs = ["objectGUID", "objectSid"]
1733 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
1734 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
1735 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
1737 # Check rename works with extended/alternate DN forms
1738 ldb.rename("<SID=" + ldb.schema_format_value("objectSID", res_user[0]["objectSID"][0]) + ">" , "cn=ldaptestUSER3,cn=users," + self.base_dn)
1740 print "Testing ldb.search for (&(cn=ldaptestuser3)(objectClass=user))"
1741 res = ldb.search(expression="(&(cn=ldaptestuser3)(objectClass=user))")
1742 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser3)(objectClass=user))")
1744 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1745 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1746 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1748 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))"
1749 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1750 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))")
1752 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1753 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1754 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1756 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))"
1757 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1758 self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))")
1760 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1761 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1762 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1764 #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))"
1765 res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1766 self.assertEquals(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))")
1768 # This is a Samba special, and does not exist in real AD
1769 # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1770 # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1771 # if (res.error != 0 || len(res) != 1) {
1772 # print "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1773 # self.assertEquals(len(res), 1)
1775 # self.assertEquals(res[0].dn, ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1776 # self.assertEquals(res[0].cn, "ldaptestUSER3")
1777 # self.assertEquals(res[0].name, "ldaptestUSER3")
1779 print "Testing ldb.search for (distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")"
1780 res = ldb.search(expression="(distinguishedName=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1781 self.assertEquals(len(res), 1, "Could not find (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")")
1782 self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn))
1783 self.assertEquals(str(res[0]["cn"]), "ldaptestUSER3")
1784 self.assertEquals(str(res[0]["name"]), "ldaptestUSER3")
1786 # ensure we cannot add it again
1788 ldb.add({"dn": "cn=ldaptestuser3,cn=userS," + self.base_dn,
1789 "objectClass": ["person", "user"],
1790 "cn": "LDAPtestUSER3"})
1792 except LdbError, (num, _):
1793 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1796 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser2,cn=users," + self.base_dn)
1798 # ensure we cannot rename it twice
1800 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn,
1801 "cn=ldaptestuser2,cn=users," + self.base_dn)
1803 except LdbError, (num, _):
1804 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1806 # ensure can now use that name
1807 ldb.add({"dn": "cn=ldaptestuser3,cn=users," + self.base_dn,
1808 "objectClass": ["person", "user"],
1809 "cn": "LDAPtestUSER3"})
1811 # ensure we now cannot rename
1813 ldb.rename("cn=ldaptestuser2,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=users," + self.base_dn)
1815 except LdbError, (num, _):
1816 self.assertEquals(num, ERR_ENTRY_ALREADY_EXISTS)
1818 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser3,cn=configuration," + self.base_dn)
1820 except LdbError, (num, _):
1821 self.assertTrue(num in (71, 64))
1823 ldb.rename("cn=ldaptestuser3,cn=users," + self.base_dn, "cn=ldaptestuser5,cn=users," + self.base_dn)
1825 ldb.delete("cn=ldaptestuser5,cn=users," + self.base_dn)
1827 self.delete_force(ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1829 ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, "cn=ldaptestgroup2,cn=users," + self.base_dn)
1831 print "Testing subtree renames"
1833 ldb.add({"dn": "cn=ldaptestcontainer," + self.base_dn,
1834 "objectClass": "container"})
1836 ldb.add({"dn": "CN=ldaptestuser4,CN=ldaptestcontainer," + self.base_dn,
1837 "objectClass": ["person", "user"],
1838 "cn": "LDAPtestUSER4"})
1841 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
1844 member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
1845 member: cn=ldaptestcomputer,cn=computers,""" + self.base_dn + """
1846 member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
1849 print "Testing ldb.rename of cn=ldaptestcontainer," + self.base_dn + " to cn=ldaptestcontainer2," + self.base_dn
1850 ldb.rename("CN=ldaptestcontainer," + self.base_dn, "CN=ldaptestcontainer2," + self.base_dn)
1852 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user))"
1853 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))")
1854 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user))")
1856 print "Testing subtree ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1858 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1859 expression="(&(cn=ldaptestuser4)(objectClass=user))",
1860 scope=SCOPE_SUBTREE)
1862 except LdbError, (num, _):
1863 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1865 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in (just renamed from) cn=ldaptestcontainer," + self.base_dn
1867 res = ldb.search("cn=ldaptestcontainer," + self.base_dn,
1868 expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_ONELEVEL)
1870 except LdbError, (num, _):
1871 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
1873 print "Testing ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in renamed container"
1874 res = ldb.search("cn=ldaptestcontainer2," + self.base_dn, expression="(&(cn=ldaptestuser4)(objectClass=user))", scope=SCOPE_SUBTREE)
1875 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser4)(objectClass=user)) under cn=ldaptestcontainer2," + self.base_dn)
1877 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1878 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1882 print "Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
1883 res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
1884 self.assertEquals(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
1886 print "Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
1888 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn)
1890 except LdbError, (num, _):
1891 self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
1893 print "Testing ldb.rename (into non-existent container) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn
1895 ldb.rename("cn=ldaptestcontainer2," + self.base_dn, "cn=ldaptestcontainer,cn=ldaptestcontainer3," + self.base_dn)
1897 except LdbError, (num, _):
1898 self.assertTrue(num in (ERR_UNWILLING_TO_PERFORM, ERR_OTHER))
1900 print "Testing delete (should fail, not a leaf node) of renamed cn=ldaptestcontainer2," + self.base_dn
1902 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1904 except LdbError, (num, _):
1905 self.assertEquals(num, ERR_NOT_ALLOWED_ON_NON_LEAF)
1907 print "Testing base ldb.search for CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn
1908 res = ldb.search(expression="(objectclass=*)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1909 self.assertEquals(len(res), 1)
1910 res = ldb.search(expression="(cn=ldaptestuser40)", base=("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn), scope=SCOPE_BASE)
1911 self.assertEquals(len(res), 0)
1913 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1914 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_ONELEVEL)
1915 # FIXME: self.assertEquals(len(res), 0)
1917 print "Testing one-level ldb.search for (&(cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2," + self.base_dn
1918 res = ldb.search(expression="(&(cn=ldaptestuser4)(objectClass=user))", base=("cn=ldaptestcontainer2," + self.base_dn), scope=SCOPE_SUBTREE)
1919 # FIXME: self.assertEquals(len(res), 0)
1921 print "Testing delete of subtree renamed "+("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn)
1922 ldb.delete(("CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn))
1923 print "Testing delete of renamed cn=ldaptestcontainer2," + self.base_dn
1924 ldb.delete("cn=ldaptestcontainer2," + self.base_dn)
1926 ldb.add({"dn": "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1928 ldb.add({"dn": "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn, "objectClass": "user"})
1930 print "Testing ldb.search for (&(cn=ldaptestuser)(objectClass=user))"
1931 res = ldb.search(expression="(&(cn=ldaptestuser)(objectClass=user))")
1932 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1934 self.assertEquals(str(res[0].dn), ("CN=ldaptestuser,CN=Users," + self.base_dn))
1935 self.assertEquals(str(res[0]["cn"]), "ldaptestuser")
1936 self.assertEquals(str(res[0]["name"]), "ldaptestuser")
1937 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user"]))
1938 self.assertTrue("objectGUID" in res[0])
1939 self.assertTrue("whenCreated" in res[0])
1940 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn))
1941 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1942 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1943 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1944 self.assertEquals(len(res[0]["memberOf"]), 1)
1946 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))"
1947 res2 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1948 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=cn=person,cn=schema,cn=configuration," + self.base_dn + "))")
1950 self.assertEquals(res[0].dn, res2[0].dn)
1952 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon))"
1953 res3 = ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1954 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)): matched %d" % len(res3))
1956 self.assertEquals(res[0].dn, res3[0].dn)
1958 if gc_ldb is not None:
1959 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog"
1960 res3gc = gc_ldb.search(expression="(&(cn=ldaptestuser)(objectCategory=PerSon))")
1961 self.assertEquals(len(res3gc), 1)
1963 self.assertEquals(res[0].dn, res3gc[0].dn)
1965 print "Testing ldb.search for (&(cn=ldaptestuser)(objectCategory=PerSon)) in with 'phantom root' control"
1967 if gc_ldb is not None:
1968 res3control = gc_ldb.search(self.base_dn, expression="(&(cn=ldaptestuser)(objectCategory=PerSon))", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
1969 self.assertEquals(len(res3control), 1, "Could not find (&(cn=ldaptestuser)(objectCategory=PerSon)) in Global Catalog")
1971 self.assertEquals(res[0].dn, res3control[0].dn)
1973 ldb.delete(res[0].dn)
1975 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectClass=user))"
1976 res = ldb.search(expression="(&(cn=ldaptestcomputer)(objectClass=user))")
1977 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestuser)(objectClass=user))")
1979 self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer,CN=Computers," + self.base_dn))
1980 self.assertEquals(str(res[0]["cn"]), "ldaptestcomputer")
1981 self.assertEquals(str(res[0]["name"]), "ldaptestcomputer")
1982 self.assertEquals(set(res[0]["objectClass"]), set(["top", "person", "organizationalPerson", "user", "computer"]))
1983 self.assertTrue("objectGUID" in res[0])
1984 self.assertTrue("whenCreated" in res[0])
1985 self.assertEquals(str(res[0]["objectCategory"]), ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn))
1986 self.assertEquals(int(res[0]["primaryGroupID"][0]), 513)
1987 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_NORMAL_ACCOUNT)
1988 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD | UF_ACCOUNTDISABLE)
1989 self.assertEquals(res[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
1990 self.assertEquals(len(res[0]["memberOf"]), 1)
1992 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))"
1993 res2 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1994 self.assertEquals(len(res2), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
1996 self.assertEquals(res[0].dn, res2[0].dn)
1998 if gc_ldb is not None:
1999 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog"
2000 res2gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + "))")
2001 self.assertEquals(len(res2gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=cn=computer,cn=schema,cn=configuration," + self.base_dn + ")) in Global Catlog")
2003 self.assertEquals(res[0].dn, res2gc[0].dn)
2005 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER))"
2006 res3 = ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
2007 self.assertEquals(len(res3), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER))")
2009 self.assertEquals(res[0].dn, res3[0].dn)
2011 if gc_ldb is not None:
2012 print "Testing ldb.search for (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog"
2013 res3gc = gc_ldb.search(expression="(&(cn=ldaptestcomputer)(objectCategory=compuTER))")
2014 self.assertEquals(len(res3gc), 1, "Could not find (&(cn=ldaptestcomputer)(objectCategory=compuTER)) in Global Catalog")
2016 self.assertEquals(res[0].dn, res3gc[0].dn)
2018 print "Testing ldb.search for (&(cn=ldaptestcomp*r)(objectCategory=compuTER))"
2019 res4 = ldb.search(expression="(&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
2020 self.assertEquals(len(res4), 1, "Could not find (&(cn=ldaptestcomp*r)(objectCategory=compuTER))")
2022 self.assertEquals(res[0].dn, res4[0].dn)
2024 print "Testing ldb.search for (&(cn=ldaptestcomput*)(objectCategory=compuTER))"
2025 res5 = ldb.search(expression="(&(cn=ldaptestcomput*)(objectCategory=compuTER))")
2026 self.assertEquals(len(res5), 1, "Could not find (&(cn=ldaptestcomput*)(objectCategory=compuTER))")
2028 self.assertEquals(res[0].dn, res5[0].dn)
2030 print "Testing ldb.search for (&(cn=*daptestcomputer)(objectCategory=compuTER))"
2031 res6 = ldb.search(expression="(&(cn=*daptestcomputer)(objectCategory=compuTER))")
2032 self.assertEquals(len(res6), 1, "Could not find (&(cn=*daptestcomputer)(objectCategory=compuTER))")
2034 self.assertEquals(res[0].dn, res6[0].dn)
2036 ldb.delete("<GUID=" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + ">")
2038 print "Testing ldb.search for (&(cn=ldaptest2computer)(objectClass=user))"
2039 res = ldb.search(expression="(&(cn=ldaptest2computer)(objectClass=user))")
2040 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptest2computer)(objectClass=user))")
2042 self.assertEquals(str(res[0].dn), "CN=ldaptest2computer,CN=Computers," + self.base_dn)
2043 self.assertEquals(str(res[0]["cn"]), "ldaptest2computer")
2044 self.assertEquals(str(res[0]["name"]), "ldaptest2computer")
2045 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user", "computer"])
2046 self.assertTrue("objectGUID" in res[0])
2047 self.assertTrue("whenCreated" in res[0])
2048 self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)
2049 self.assertEquals(int(res[0]["sAMAccountType"][0]), ATYPE_WORKSTATION_TRUST)
2050 self.assertEquals(int(res[0]["userAccountControl"][0]), UF_WORKSTATION_TRUST_ACCOUNT)
2052 ldb.delete("<SID=" + ldb.schema_format_value("objectSID", res[0]["objectSID"][0]) + ">")
2054 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "memberOf", "allowedAttributes", "allowedAttributesEffective"]
2055 print "Testing ldb.search for (&(cn=ldaptestUSer2)(objectClass=user))"
2056 res_user = ldb.search(self.base_dn, expression="(&(cn=ldaptestUSer2)(objectClass=user))", scope=SCOPE_SUBTREE, attrs=attrs)
2057 self.assertEquals(len(res_user), 1, "Could not find (&(cn=ldaptestUSer2)(objectClass=user))")
2059 self.assertEquals(str(res_user[0].dn), ("CN=ldaptestuser2,CN=Users," + self.base_dn))
2060 self.assertEquals(str(res_user[0]["cn"]), "ldaptestuser2")
2061 self.assertEquals(str(res_user[0]["name"]), "ldaptestuser2")
2062 self.assertEquals(list(res_user[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
2063 self.assertTrue("objectSid" in res_user[0])
2064 self.assertTrue("objectGUID" in res_user[0])
2065 self.assertTrue("whenCreated" in res_user[0])
2066 self.assertTrue("nTSecurityDescriptor" in res_user[0])
2067 self.assertTrue("allowedAttributes" in res_user[0])
2068 self.assertTrue("allowedAttributesEffective" in res_user[0])
2069 self.assertEquals(res_user[0]["memberOf"][0].upper(), ("CN=ldaptestgroup2,CN=Users," + self.base_dn).upper())
2071 ldaptestuser2_sid = res_user[0]["objectSid"][0]
2072 ldaptestuser2_guid = res_user[0]["objectGUID"][0]
2074 attrs = ["cn", "name", "objectClass", "objectGUID", "objectSID", "whenCreated", "nTSecurityDescriptor", "member", "allowedAttributes", "allowedAttributesEffective"]
2075 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group))"
2076 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
2077 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
2079 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2080 self.assertEquals(str(res[0]["cn"]), "ldaptestgroup2")
2081 self.assertEquals(str(res[0]["name"]), "ldaptestgroup2")
2082 self.assertEquals(list(res[0]["objectClass"]), ["top", "group"])
2083 self.assertTrue("objectGUID" in res[0])
2084 self.assertTrue("objectSid" in res[0])
2085 self.assertTrue("whenCreated" in res[0])
2086 self.assertTrue("nTSecurityDescriptor" in res[0])
2087 self.assertTrue("allowedAttributes" in res[0])
2088 self.assertTrue("allowedAttributesEffective" in res[0])
2090 for m in res[0]["member"]:
2091 memberUP.append(m.upper())
2092 self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
2094 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs, controls=["extended_dn:1:1"])
2095 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
2097 print res[0]["member"]
2099 for m in res[0]["member"]:
2100 memberUP.append(m.upper())
2101 print ("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper()
2103 self.assertTrue(("<GUID=" + ldb.schema_format_value("objectGUID", ldaptestuser2_guid) + ">;<SID=" + ldb.schema_format_value("objectSid", ldaptestuser2_sid) + ">;CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
2105 print "Quicktest for linked attributes"
2107 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2110 member: CN=ldaptestuser2,CN=Users,""" + self.base_dn + """
2111 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2115 dn: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
2118 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2122 dn: <SID=""" + ldb.schema_format_value("objectSid", res[0]["objectSid"][0]) + """>
2128 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2131 member: <GUID=""" + ldb.schema_format_value("objectGUID", res[0]["objectGUID"][0]) + """>
2132 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2136 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2142 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2145 member: <SID=""" + ldb.schema_format_value("objectSid", res_user[0]["objectSid"][0]) + """>
2146 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2150 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
2153 member: CN=ldaptestutf8user èùéìòà,CN=Users,""" + self.base_dn + """
2156 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
2157 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group))")
2159 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2160 self.assertEquals(res[0]["member"][0], ("CN=ldaptestuser2,CN=Users," + self.base_dn))
2161 self.assertEquals(len(res[0]["member"]), 1)
2163 ldb.delete(("CN=ldaptestuser2,CN=Users," + self.base_dn))
2167 attrs = ["cn", "name", "objectClass", "objectGUID", "whenCreated", "nTSecurityDescriptor", "member"]
2168 print "Testing ldb.search for (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete"
2169 res = ldb.search(self.base_dn, expression="(&(cn=ldaptestgroup2)(objectClass=group))", scope=SCOPE_SUBTREE, attrs=attrs)
2170 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestgroup2)(objectClass=group)) to check linked delete")
2172 self.assertEquals(str(res[0].dn), ("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2173 self.assertTrue("member" not in res[0])
2175 print "Testing ldb.search for (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))"
2176 # TODO UTF8 users don't seem to work fully anymore
2177 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2178 res = ldb.search(expression="(&(cn=ldaptestutf8user èùéìòà)(objectclass=user))")
2179 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2181 self.assertEquals(str(res[0].dn), ("CN=ldaptestutf8user èùéìòà,CN=Users," + self.base_dn))
2182 self.assertEquals(str(res[0]["cn"]), "ldaptestutf8user èùéìòà")
2183 self.assertEquals(str(res[0]["name"]), "ldaptestutf8user èùéìòà")
2184 self.assertEquals(list(res[0]["objectClass"]), ["top", "person", "organizationalPerson", "user"])
2185 self.assertTrue("objectGUID" in res[0])
2186 self.assertTrue("whenCreated" in res[0])
2188 ldb.delete(res[0].dn)
2190 print "Testing ldb.search for (&(cn=ldaptestutf8user2*)(objectClass=user))"
2191 res = ldb.search(expression="(&(cn=ldaptestutf8user2*)(objectClass=user))")
2192 self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user2*)(objectClass=user))")
2194 ldb.delete(res[0].dn)
2196 ldb.delete(("CN=ldaptestgroup2,CN=Users," + self.base_dn))
2198 print "Testing ldb.search for (&(cn=ldaptestutf8user2 ÈÙÉÌÒÀ)(objectClass=user))"
2199 # TODO UTF8 users don't seem to work fully anymore
2200 # res = ldb.search(expression="(&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2201 # self.assertEquals(len(res), 1, "Could not find (&(cn=ldaptestutf8user ÈÙÉÌÒÀ)(objectClass=user))")
2203 print "Testing that we can't get at the configuration DN from the main search base"
2204 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2205 self.assertEquals(len(res), 0)
2207 print "Testing that we can get at the configuration DN from the main search base on the LDAP port with the 'phantom root' search_options control"
2208 res = ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:2"])
2209 self.assertTrue(len(res) > 0)
2211 if gc_ldb is not None:
2212 print "Testing that we can get at the configuration DN from the main search base on the GC port with the search_options control == 0"
2214 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["search_options:1:0"])
2215 self.assertTrue(len(res) > 0)
2217 print "Testing that we do find configuration elements in the global catlog"
2218 res = gc_ldb.search(self.base_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2219 self.assertTrue(len(res) > 0)
2221 print "Testing that we do find configuration elements and user elements at the same time"
2222 res = gc_ldb.search(self.base_dn, expression="(|(objectClass=crossRef)(objectClass=person))", scope=SCOPE_SUBTREE, attrs=["cn"])
2223 self.assertTrue(len(res) > 0)
2225 print "Testing that we do find configuration elements in the global catlog, with the configuration basedn"
2226 res = gc_ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2227 self.assertTrue(len(res) > 0)
2229 print "Testing that we can get at the configuration DN on the main LDAP port"
2230 res = ldb.search(self.configuration_dn, expression="objectClass=crossRef", scope=SCOPE_SUBTREE, attrs=["cn"])
2231 self.assertTrue(len(res) > 0)
2233 print "Testing objectCategory canonacolisation"
2234 res = ldb.search(self.configuration_dn, expression="objectCategory=ntDsDSA", scope=SCOPE_SUBTREE, attrs=["cn"])
2235 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=ntDsDSA")
2236 self.assertTrue(len(res) != 0)
2238 res = ldb.search(self.configuration_dn, expression="objectCategory=CN=ntDs-DSA," + self.schema_dn, scope=SCOPE_SUBTREE, attrs=["cn"])
2239 self.assertTrue(len(res) > 0, "Didn't find any records with objectCategory=CN=ntDs-DSA," + self.schema_dn)
2240 self.assertTrue(len(res) != 0)
2242 print "Testing objectClass attribute order on "+ self.base_dn
2243 res = ldb.search(expression="objectClass=domain", base=self.base_dn,
2244 scope=SCOPE_BASE, attrs=["objectClass"])
2245 self.assertEquals(len(res), 1)
2247 self.assertEquals(list(res[0]["objectClass"]), ["top", "domain", "domainDNS"])
2251 print "Testing ldb.search for objectCategory=person"
2252 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"])
2253 self.assertTrue(len(res) > 0)
2255 print "Testing ldb.search for objectCategory=person with domain scope control"
2256 res = ldb.search(self.base_dn, expression="objectCategory=person", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
2257 self.assertTrue(len(res) > 0)
2259 print "Testing ldb.search for objectCategory=user"
2260 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"])
2261 self.assertTrue(len(res) > 0)
2263 print "Testing ldb.search for objectCategory=user with domain scope control"
2264 res = ldb.search(self.base_dn, expression="objectCategory=user", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
2265 self.assertTrue(len(res) > 0)
2267 print "Testing ldb.search for objectCategory=group"
2268 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"])
2269 self.assertTrue(len(res) > 0)
2271 print "Testing ldb.search for objectCategory=group with domain scope control"
2272 res = ldb.search(self.base_dn, expression="objectCategory=group", scope=SCOPE_SUBTREE, attrs=["cn"], controls=["domain_scope:1"])
2273 self.assertTrue(len(res) > 0)
2275 print "Testing creating a user with the posixAccount objectClass"
2276 self.ldb.add_ldif("""dn: cn=posixuser,CN=Users,%s
2279 objectClass: posixAccount
2281 objectClass: organizationalPerson
2287 homeDirectory: /home/posixuser
2288 loginShell: /bin/bash
2289 gecos: Posix User;;;
2290 description: A POSIX user"""% (self.base_dn))
2292 print "Testing removing the posixAccount objectClass from an existing user"
2293 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
2296 objectClass: posixAccount"""% (self.base_dn))
2298 print "Testing adding the posixAccount objectClass to an existing user"
2299 self.ldb.modify_ldif("""dn: cn=posixuser,CN=Users,%s
2302 objectClass: posixAccount"""% (self.base_dn))
2304 self.delete_force(self.ldb, "cn=posixuser,cn=users," + self.base_dn)
2305 self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
2306 self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
2307 self.delete_force(self.ldb, "cn=ldaptestuser3,cn=users," + self.base_dn)
2308 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer," + self.base_dn)
2309 self.delete_force(self.ldb, "cn=ldaptestuser4,cn=ldaptestcontainer2," + self.base_dn)
2310 self.delete_force(self.ldb, "cn=ldaptestuser5,cn=users," + self.base_dn)
2311 self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
2312 self.delete_force(self.ldb, "cn=ldaptestgroup2,cn=users," + self.base_dn)
2313 self.delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
2314 self.delete_force(self.ldb, "cn=ldaptest2computer,cn=computers," + self.base_dn)
2315 self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn)
2316 self.delete_force(self.ldb, "cn=ldaptestutf8user èùéìòà,cn=users," + self.base_dn)
2317 self.delete_force(self.ldb, "cn=ldaptestutf8user2 èùéìòà,cn=users," + self.base_dn)
2318 self.delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
2319 self.delete_force(self.ldb, "cn=ldaptestcontainer2," + self.base_dn)
2321 def test_security_descriptor_add(self):
2322 """ Testing ldb.add_ldif() for nTSecurityDescriptor """
2323 user_name = "testdescriptoruser1"
2324 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
2326 # Test add_ldif() with SDDL security descriptor input
2328 self.delete_force(self.ldb, user_dn)
2330 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2331 self.ldb.add_ldif("""
2332 dn: """ + user_dn + """
2334 sAMAccountName: """ + user_name + """
2335 nTSecurityDescriptor: """ + sddl)
2336 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2337 desc = res[0]["nTSecurityDescriptor"][0]
2338 desc = ndr_unpack( security.descriptor, desc )
2339 desc_sddl = desc.as_sddl( self.domain_sid )
2340 self.assertEqual(desc_sddl, sddl)
2342 self.delete_force(self.ldb, user_dn)
2344 # Test add_ldif() with BASE64 security descriptor
2347 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2348 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2349 desc_binary = ndr_pack(desc)
2350 desc_base64 = base64.b64encode(desc_binary)
2351 self.ldb.add_ldif("""
2352 dn: """ + user_dn + """
2354 sAMAccountName: """ + user_name + """
2355 nTSecurityDescriptor:: """ + desc_base64)
2356 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2357 desc = res[0]["nTSecurityDescriptor"][0]
2358 desc = ndr_unpack(security.descriptor, desc)
2359 desc_sddl = desc.as_sddl(self.domain_sid)
2360 self.assertEqual(desc_sddl, sddl)
2362 self.delete_force(self.ldb, user_dn)
2364 def test_security_descriptor_add_neg(self):
2365 """Test add_ldif() with BASE64 security descriptor input using WRONG domain SID
2368 user_name = "testdescriptoruser1"
2369 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
2370 self.delete_force(self.ldb, user_dn)
2372 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2373 desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
2374 desc_base64 = base64.b64encode( ndr_pack(desc) )
2375 self.ldb.add_ldif("""
2376 dn: """ + user_dn + """
2378 sAMAccountName: """ + user_name + """
2379 nTSecurityDescriptor:: """ + desc_base64)
2380 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2381 self.assertTrue("nTSecurityDescriptor" in res[0])
2383 self.delete_force(self.ldb, user_dn)
2385 def test_security_descriptor_modify(self):
2386 """ Testing ldb.modify_ldif() for nTSecurityDescriptor """
2387 user_name = "testdescriptoruser2"
2388 user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
2390 # Delete user object and test modify_ldif() with SDDL security descriptor input
2391 # Add ACE to the original descriptor test
2394 self.delete_force(self.ldb, user_dn)
2395 self.ldb.add_ldif("""
2396 dn: """ + user_dn + """
2398 sAMAccountName: """ + user_name)
2400 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2401 desc = res[0]["nTSecurityDescriptor"][0]
2402 desc = ndr_unpack(security.descriptor, desc)
2403 desc_sddl = desc.as_sddl(self.domain_sid)
2404 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
2406 dn: """ + user_dn + """
2408 replace: nTSecurityDescriptor
2409 nTSecurityDescriptor: """ + sddl
2410 self.ldb.modify_ldif(mod)
2411 # Read modified descriptor
2412 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2413 desc = res[0]["nTSecurityDescriptor"][0]
2414 desc = ndr_unpack(security.descriptor, desc)
2415 desc_sddl = desc.as_sddl(self.domain_sid)
2416 self.assertEqual(desc_sddl, sddl)
2418 self.delete_force(self.ldb, user_dn)
2420 # Test modify_ldif() with SDDL security descriptor input
2421 # New desctiptor test
2424 self.ldb.add_ldif("""
2425 dn: """ + user_dn + """
2427 sAMAccountName: """ + user_name)
2429 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2431 dn: """ + user_dn + """
2433 replace: nTSecurityDescriptor
2434 nTSecurityDescriptor: """ + sddl
2435 self.ldb.modify_ldif(mod)
2436 # Read modified descriptor
2437 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2438 desc = res[0]["nTSecurityDescriptor"][0]
2439 desc = ndr_unpack(security.descriptor, desc)
2440 desc_sddl = desc.as_sddl(self.domain_sid)
2441 self.assertEqual(desc_sddl, sddl)
2443 self.delete_force(self.ldb, user_dn)
2445 # Test modify_ldif() with BASE64 security descriptor input
2446 # Add ACE to the original descriptor test
2449 self.ldb.add_ldif("""
2450 dn: """ + user_dn + """
2452 sAMAccountName: """ + user_name)
2454 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2455 desc = res[0]["nTSecurityDescriptor"][0]
2456 desc = ndr_unpack(security.descriptor, desc)
2457 desc_sddl = desc.as_sddl(self.domain_sid)
2458 sddl = desc_sddl[:desc_sddl.find("(")] + "(A;;RPWP;;;AU)" + desc_sddl[desc_sddl.find("("):]
2459 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2460 desc_base64 = base64.b64encode(ndr_pack(desc))
2462 dn: """ + user_dn + """
2464 replace: nTSecurityDescriptor
2465 nTSecurityDescriptor:: """ + desc_base64
2466 self.ldb.modify_ldif(mod)
2467 # Read modified descriptor
2468 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2469 desc = res[0]["nTSecurityDescriptor"][0]
2470 desc = ndr_unpack(security.descriptor, desc)
2471 desc_sddl = desc.as_sddl(self.domain_sid)
2472 self.assertEqual(desc_sddl, sddl)
2474 self.delete_force(self.ldb, user_dn)
2476 # Test modify_ldif() with BASE64 security descriptor input
2477 # New descriptor test
2480 self.delete_force(self.ldb, user_dn)
2481 self.ldb.add_ldif("""
2482 dn: """ + user_dn + """
2484 sAMAccountName: """ + user_name)
2486 sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
2487 desc = security.descriptor.from_sddl(sddl, self.domain_sid)
2488 desc_base64 = base64.b64encode(ndr_pack(desc))
2490 dn: """ + user_dn + """
2492 replace: nTSecurityDescriptor
2493 nTSecurityDescriptor:: """ + desc_base64
2494 self.ldb.modify_ldif(mod)
2495 # Read modified descriptor
2496 res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
2497 desc = res[0]["nTSecurityDescriptor"][0]
2498 desc = ndr_unpack(security.descriptor, desc)
2499 desc_sddl = desc.as_sddl(self.domain_sid)
2500 self.assertEqual(desc_sddl, sddl)
2502 self.delete_force(self.ldb, user_dn)
2504 def test_dsheuristics(self):
2505 """Tests the 'dSHeuristics' attribute"""
2506 print "Tests the 'dSHeuristics' attribute"""
2508 # Get the current value to restore it later
2509 res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
2510 + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
2511 if "dSHeuristics" in res[0]:
2512 dsheuristics = res[0]["dSHeuristics"][0]
2515 # Should not be longer than 18 chars?
2517 self.set_dsheuristics("123ABC-+!1asdfg@#^12")
2518 except LdbError, (num, _):
2519 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
2520 # If it is >= 10 chars, tenthChar should be 1
2522 self.set_dsheuristics("00020000000002")
2523 except LdbError, (num, _):
2524 self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
2525 # apart from the above, all char values are accepted
2526 self.set_dsheuristics("123ABC-+!1asdfg@#^")
2527 res = self.ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
2528 + self.configuration_dn, scope=SCOPE_BASE, attrs=["dSHeuristics"])
2529 self.assertTrue("dSHeuristics" in res[0])
2530 self.assertEquals(res[0]["dSHeuristics"][0], "123ABC-+!1asdfg@#^")
2532 self.set_dsheuristics(dsheuristics)
2535 class BaseDnTests(unittest.TestCase):
2538 super(BaseDnTests, self).setUp()
2541 def test_rootdse_attrs(self):
2542 """Testing for all rootDSE attributes"""
2543 res = self.ldb.search(scope=SCOPE_BASE, attrs=[])
2544 self.assertEquals(len(res), 1)
2546 def test_highestcommittedusn(self):
2547 """Testing for highestCommittedUSN"""
2548 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["highestCommittedUSN"])
2549 self.assertEquals(len(res), 1)
2550 self.assertTrue(int(res[0]["highestCommittedUSN"][0]) != 0)
2552 def test_netlogon(self):
2553 """Testing for netlogon via LDAP"""
2554 res = self.ldb.search("", scope=SCOPE_BASE, attrs=["netlogon"])
2555 self.assertEquals(len(res), 0)
2557 def test_netlogon_highestcommitted_usn(self):
2558 """Testing for netlogon and highestCommittedUSN via LDAP"""
2559 res = self.ldb.search("", scope=SCOPE_BASE,
2560 attrs=["netlogon", "highestCommittedUSN"])
2561 self.assertEquals(len(res), 0)
2563 def test_namingContexts(self):
2564 """Testing for namingContexts in rootDSE"""
2565 res = self.ldb.search("", scope=SCOPE_BASE,
2566 attrs=["namingContexts", "defaultNamingContext", "schemaNamingContext", "configurationNamingContext"])
2567 self.assertEquals(len(res), 1)
2570 for nc in res[0]["namingContexts"]:
2571 self.assertTrue(nc not in ncs)
2574 self.assertTrue(res[0]["defaultNamingContext"][0] in ncs)
2575 self.assertTrue(res[0]["configurationNamingContext"][0] in ncs)
2576 self.assertTrue(res[0]["schemaNamingContext"][0] in ncs)
2578 def test_serverPath(self):
2579 """Testing the server paths in rootDSE"""
2580 res = self.ldb.search("", scope=SCOPE_BASE,
2581 attrs=["dsServiceName", "serverName"])
2582 self.assertEquals(len(res), 1)
2584 self.assertTrue("CN=Servers" in res[0]["dsServiceName"][0])
2585 self.assertTrue("CN=Sites" in res[0]["dsServiceName"][0])
2586 self.assertTrue("CN=NTDS Settings" in res[0]["dsServiceName"][0])
2587 self.assertTrue("CN=Servers" in res[0]["serverName"][0])
2588 self.assertTrue("CN=Sites" in res[0]["serverName"][0])
2589 self.assertFalse("CN=NTDS Settings" in res[0]["serverName"][0])
2591 def test_dnsHostname(self):
2592 """Testing the DNS hostname in rootDSE"""
2593 res = self.ldb.search("", scope=SCOPE_BASE,
2594 attrs=["dnsHostName", "serverName"])
2595 self.assertEquals(len(res), 1)
2597 res2 = self.ldb.search(res[0]["serverName"][0], scope=SCOPE_BASE,
2598 attrs=["dNSHostName"])
2599 self.assertEquals(len(res2), 1)
2601 self.assertEquals(res[0]["dnsHostName"][0], res2[0]["dNSHostName"][0])
2603 def test_ldapServiceName(self):
2604 """Testing the ldap service name in rootDSE"""
2605 res = self.ldb.search("", scope=SCOPE_BASE,
2606 attrs=["ldapServiceName", "dNSHostName"])
2607 self.assertEquals(len(res), 1)
2609 (hostname, _, dns_domainname) = res[0]["dNSHostName"][0].partition(".")
2610 self.assertTrue(":%s$@%s" % (hostname, dns_domainname.upper())
2611 in res[0]["ldapServiceName"][0])
2613 if not "://" in host:
2614 if os.path.isfile(host):
2615 host = "tdb://%s" % host
2617 host = "ldap://%s" % host
2619 ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp)
2620 if not "tdb://" in host:
2621 gc_ldb = Ldb("%s:3268" % host, credentials=creds,
2622 session_info=system_session(), lp=lp)
2626 runner = SubunitTestRunner()
2628 if not runner.run(unittest.makeSuite(BaseDnTests)).wasSuccessful():
2630 if not runner.run(unittest.makeSuite(BasicTests)).wasSuccessful():