1 # Unix SMB/CIFS implementation.
2 # Copyright (C) Sean Dague <sdague@linux.vnet.ibm.com> 2011
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 from samba.tests.samba_tool.base import SambaToolCmdTest
28 from samba.ndr import ndr_unpack
29 from samba.dcerpc import drsblobs
30 from samba.compat import get_bytes
31 from samba.compat import get_string
34 class UserCmdTestCase(SambaToolCmdTest):
35 """Tests for samba-tool user subcommands"""
40 super(UserCmdTestCase, self).setUp()
41 self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
42 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
44 self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
45 self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
46 self.users.append(self._randomUser({"name": "sambatool3", "company": "comp2"}))
47 self.users.append(self._randomUser({"name": "sambatool4", "company": "comp2"}))
48 self.users.append(self._randomPosixUser({"name": "posixuser1"}))
49 self.users.append(self._randomPosixUser({"name": "posixuser2"}))
50 self.users.append(self._randomPosixUser({"name": "posixuser3"}))
51 self.users.append(self._randomPosixUser({"name": "posixuser4"}))
53 # setup the 8 users and ensure they are correct
54 for user in self.users:
55 (result, out, err) = user["createUserFn"](user)
57 self.assertCmdSuccess(result, out, err)
58 self.assertEquals(err, "", "Shouldn't be any error messages")
59 self.assertIn("User '%s' created successfully" % user["name"], out)
61 user["checkUserFn"](user)
64 super(UserCmdTestCase, self).tearDown()
65 # clean up all the left over users, just in case
66 for user in self.users:
67 if self._find_user(user["name"]):
68 self.runsubcmd("user", "delete", user["name"])
70 def test_newuser(self):
71 # try to add all the users again, this should fail
72 for user in self.users:
73 (result, out, err) = self._create_user(user)
74 self.assertCmdFail(result, "Ensure that create user fails")
75 self.assertIn("LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS", err)
77 # try to delete all the 4 users we just added
78 for user in self.users:
79 (result, out, err) = self.runsubcmd("user", "delete", user["name"])
80 self.assertCmdSuccess(result, out, err, "Can we delete users")
81 found = self._find_user(user["name"])
82 self.assertIsNone(found)
84 # test adding users with --use-username-as-cn
85 for user in self.users:
86 (result, out, err) = self.runsubcmd("user", "create", user["name"], user["password"],
87 "--use-username-as-cn",
88 "--surname=%s" % user["surname"],
89 "--given-name=%s" % user["given-name"],
90 "--job-title=%s" % user["job-title"],
91 "--department=%s" % user["department"],
92 "--description=%s" % user["description"],
93 "--company=%s" % user["company"],
94 "-H", "ldap://%s" % os.environ["DC_SERVER"],
95 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
97 self.assertCmdSuccess(result, out, err)
98 self.assertEquals(err, "", "Shouldn't be any error messages")
99 self.assertIn("User '%s' created successfully" % user["name"], out)
101 found = self._find_user(user["name"])
103 self.assertEquals("%s" % found.get("cn"), "%(name)s" % user)
104 self.assertEquals("%s" % found.get("name"), "%(name)s" % user)
106 def _verify_supplementalCredentials(self, ldif,
109 msgs = self.samdb.parse_ldif(ldif)
110 (changetype, obj) = next(msgs)
112 self.assertIn("supplementalCredentials", obj, "supplementalCredentials attribute required")
113 sc_blob = obj["supplementalCredentials"][0]
114 sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
116 self.assertGreaterEqual(sc.sub.num_packages,
117 min_packages, "min_packages check")
118 self.assertLessEqual(sc.sub.num_packages,
119 max_packages, "max_packages check")
121 if max_packages == 0:
124 def find_package(packages, name, start_idx=0):
125 for i in range(start_idx, len(packages)):
126 if packages[i].name == name:
127 return (i, packages[i])
130 # The ordering is this
132 # Primary:Kerberos-Newer-Keys (optional)
135 # Primary:CLEARTEXT (optional)
136 # Primary:SambaGPG (optional)
138 # And the 'Packages' package is insert before the last
142 (pidx, pp) = find_package(sc.sub.packages, "Packages", start_idx=nidx)
143 self.assertIsNotNone(pp, "Packages required")
144 self.assertEqual(pidx + 1, sc.sub.num_packages - 1,
145 "Packages needs to be at num_packages - 1")
147 (knidx, knp) = find_package(sc.sub.packages, "Primary:Kerberos-Newer-Keys",
149 if knidx is not None:
150 self.assertEqual(knidx, nidx, "Primary:Kerberos-Newer-Keys at wrong position")
155 (kidx, kp) = find_package(sc.sub.packages, "Primary:Kerberos",
157 self.assertIsNotNone(pp, "Primary:Kerberos required")
158 self.assertEqual(kidx, nidx, "Primary:Kerberos at wrong position")
163 (widx, wp) = find_package(sc.sub.packages, "Primary:WDigest",
165 self.assertIsNotNone(pp, "Primary:WDigest required")
166 self.assertEqual(widx, nidx, "Primary:WDigest at wrong position")
171 (cidx, cp) = find_package(sc.sub.packages, "Primary:CLEARTEXT",
174 self.assertEqual(cidx, nidx, "Primary:CLEARTEXT at wrong position")
179 (gidx, gp) = find_package(sc.sub.packages, "Primary:SambaGPG",
182 self.assertEqual(gidx, nidx, "Primary:SambaGPG at wrong position")
187 self.assertEqual(nidx, sc.sub.num_packages, "Unknown packages found")
189 def test_setpassword(self):
190 for user in self.users:
191 newpasswd = self.randomPass()
192 (result, out, err) = self.runsubcmd("user", "setpassword",
194 "--newpassword=%s" % newpasswd,
195 "-H", "ldap://%s" % os.environ["DC_SERVER"],
196 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
197 self.assertCmdSuccess(result, out, err, "Ensure setpassword runs")
198 self.assertEquals(err, "", "setpassword with url")
199 self.assertMatch(out, "Changed password OK", "setpassword with url")
201 attributes = "sAMAccountName,unicodePwd,supplementalCredentials,virtualClearTextUTF8,virtualClearTextUTF16,virtualSSHA,virtualSambaGPG"
202 (result, out, err) = self.runsubcmd("user", "syncpasswords",
203 "--cache-ldb-initialize",
204 "--attributes=%s" % attributes,
205 "--decrypt-samba-gpg")
206 self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --cache-ldb-initialize runs")
207 self.assertEqual(err, "", "getpassword without url")
209 "objectClass": {"value": "userSyncPasswords"},
212 "dirsyncAttribute": {},
213 "dirsyncControl": {"value": "dirsync:1:0:0"},
214 "passwordAttribute": {},
215 "decryptSambaGPG": {},
218 for a in cache_attrs.keys():
219 v = cache_attrs[a].get("value", "")
220 self.assertMatch(out, "%s: %s" % (a, v),
221 "syncpasswords --cache-ldb-initialize: %s: %s out[%s]" % (a, v, out))
223 (result, out, err) = self.runsubcmd("user", "syncpasswords", "--no-wait")
224 self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --no-wait runs")
225 self.assertEqual(err, "", "syncpasswords --no-wait")
226 self.assertMatch(out, "dirsync_loop(): results 0",
227 "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
228 for user in self.users:
229 self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
230 "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
232 for user in self.users:
233 newpasswd = self.randomPass()
234 creds = credentials.Credentials()
235 creds.set_anonymous()
236 creds.set_password(newpasswd)
237 nthash = creds.get_nt_hash()
238 unicodePwd = base64.b64encode(creds.get_nt_hash()).decode('utf8')
239 virtualClearTextUTF8 = base64.b64encode(get_bytes(newpasswd)).decode('utf8')
240 virtualClearTextUTF16 = base64.b64encode(get_string(newpasswd).encode('utf-16-le')).decode('utf8')
242 (result, out, err) = self.runsubcmd("user", "setpassword",
244 "--newpassword=%s" % newpasswd)
245 self.assertCmdSuccess(result, out, err, "Ensure setpassword runs")
246 self.assertEquals(err, "", "setpassword without url")
247 self.assertMatch(out, "Changed password OK", "setpassword without url")
249 (result, out, err) = self.runsubcmd("user", "syncpasswords", "--no-wait")
250 self.assertCmdSuccess(result, out, err, "Ensure syncpasswords --no-wait runs")
251 self.assertEqual(err, "", "syncpasswords --no-wait")
252 self.assertMatch(out, "dirsync_loop(): results 0",
253 "syncpasswords --no-wait: 'dirsync_loop(): results 0': out[%s]" % (out))
254 self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
255 "syncpasswords --no-wait: 'sAMAccountName': %s out[%s]" % (user["name"], out))
256 self.assertMatch(out, "# unicodePwd::: REDACTED SECRET ATTRIBUTE",
257 "getpassword '# unicodePwd::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
258 self.assertMatch(out, "unicodePwd:: %s" % unicodePwd,
259 "getpassword unicodePwd: out[%s]" % out)
260 self.assertMatch(out, "# supplementalCredentials::: REDACTED SECRET ATTRIBUTE",
261 "getpassword '# supplementalCredentials::: REDACTED SECRET ATTRIBUTE': out[%s]" % out)
262 self.assertMatch(out, "supplementalCredentials:: ",
263 "getpassword supplementalCredentials: out[%s]" % out)
264 if "virtualSambaGPG:: " in out:
265 self.assertMatch(out, "virtualClearTextUTF8:: %s" % virtualClearTextUTF8,
266 "getpassword virtualClearTextUTF8: out[%s]" % out)
267 self.assertMatch(out, "virtualClearTextUTF16:: %s" % virtualClearTextUTF16,
268 "getpassword virtualClearTextUTF16: out[%s]" % out)
269 self.assertMatch(out, "virtualSSHA: ",
270 "getpassword virtualSSHA: out[%s]" % out)
272 (result, out, err) = self.runsubcmd("user", "getpassword",
274 "--attributes=%s" % attributes,
275 "--decrypt-samba-gpg")
276 self.assertCmdSuccess(result, out, err, "Ensure getpassword runs")
277 self.assertEqual(err, "", "getpassword without url")
278 self.assertMatch(out, "Got password OK", "getpassword without url")
279 self.assertMatch(out, "sAMAccountName: %s" % (user["name"]),
280 "getpassword: 'sAMAccountName': %s out[%s]" % (user["name"], out))
281 self.assertMatch(out, "unicodePwd:: %s" % unicodePwd,
282 "getpassword unicodePwd: out[%s]" % out)
283 self.assertMatch(out, "supplementalCredentials:: ",
284 "getpassword supplementalCredentials: out[%s]" % out)
285 self._verify_supplementalCredentials(out.replace("\nGot password OK\n", ""))
286 if "virtualSambaGPG:: " in out:
287 self.assertMatch(out, "virtualClearTextUTF8:: %s" % virtualClearTextUTF8,
288 "getpassword virtualClearTextUTF8: out[%s]" % out)
289 self.assertMatch(out, "virtualClearTextUTF16:: %s" % virtualClearTextUTF16,
290 "getpassword virtualClearTextUTF16: out[%s]" % out)
291 self.assertMatch(out, "virtualSSHA: ",
292 "getpassword virtualSSHA: out[%s]" % out)
294 for user in self.users:
295 newpasswd = self.randomPass()
296 (result, out, err) = self.runsubcmd("user", "setpassword",
298 "--newpassword=%s" % newpasswd,
299 "--must-change-at-next-login",
300 "-H", "ldap://%s" % os.environ["DC_SERVER"],
301 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
302 self.assertCmdSuccess(result, out, err, "Ensure setpassword runs")
303 self.assertEquals(err, "", "setpassword with forced change")
304 self.assertMatch(out, "Changed password OK", "setpassword with forced change")
306 def test_setexpiry(self):
307 for user in self.users:
308 twodays = time.time() + (2 * 24 * 60 * 60)
310 (result, out, err) = self.runsubcmd("user", "setexpiry", user["name"],
312 "-H", "ldap://%s" % os.environ["DC_SERVER"],
313 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
314 self.assertCmdSuccess(result, out, err, "Can we run setexpiry with names")
315 self.assertIn("Expiry for user '%s' set to 2 days." % user["name"], out)
317 found = self._find_user(user["name"])
319 expires = nttime2unix(int("%s" % found.get("accountExpires")))
320 self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
322 # TODO: renable this after the filter case is sorted out
323 if "filters are broken, bail now":
326 # now run the expiration based on a filter
327 fourdays = time.time() + (4 * 24 * 60 * 60)
328 (result, out, err) = self.runsubcmd("user", "setexpiry",
329 "--filter", "(&(objectClass=user)(company=comp2))",
331 "-H", "ldap://%s" % os.environ["DC_SERVER"],
332 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
333 self.assertCmdSuccess(result, out, err, "Can we run setexpiry with a filter")
335 for user in self.users:
336 found = self._find_user(user["name"])
337 if ("%s" % found.get("company")) == "comp2":
338 expires = nttime2unix(int("%s" % found.get("accountExpires")))
339 self.assertWithin(expires, fourdays, 5, "Ensure account expires is within 5 seconds of the expected time")
341 expires = nttime2unix(int("%s" % found.get("accountExpires")))
342 self.assertWithin(expires, twodays, 5, "Ensure account expires is within 5 seconds of the expected time")
345 (result, out, err) = self.runsubcmd("user", "list",
346 "-H", "ldap://%s" % os.environ["DC_SERVER"],
347 "-U%s%%%s" % (os.environ["DC_USERNAME"],
348 os.environ["DC_PASSWORD"]))
349 self.assertCmdSuccess(result, out, err, "Error running list")
351 search_filter = ("(&(objectClass=user)(userAccountControl:%s:=%u))" %
352 (ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT))
354 userlist = self.samdb.search(base=self.samdb.domain_dn(),
355 scope=ldb.SCOPE_SUBTREE,
356 expression=search_filter,
357 attrs=["samaccountname"])
359 self.assertTrue(len(userlist) > 0, "no users found in samdb")
361 for userobj in userlist:
362 name = str(userobj.get("samaccountname", idx=0))
363 found = self.assertMatch(out, name,
364 "user '%s' not found" % name)
367 for user in self.users:
368 (result, out, err) = self.runsubcmd(
369 "user", "show", user["name"],
370 "--attributes=sAMAccountName,company",
371 "-H", "ldap://%s" % os.environ["DC_SERVER"],
372 "-U%s%%%s" % (os.environ["DC_USERNAME"],
373 os.environ["DC_PASSWORD"]))
374 self.assertCmdSuccess(result, out, err, "Error running show")
376 expected_out = """dn: CN=%s %s,CN=Users,%s
380 """ % (user["given-name"], user["surname"], self.samdb.domain_dn(),
381 user["company"], user["name"])
383 self.assertEqual(out, expected_out,
384 "Unexpected show output for user '%s'" %
388 full_ou_dn = str(self.samdb.normalize_dn_in_domain("OU=movetest"))
389 (result, out, err) = self.runsubcmd("ou", "create", full_ou_dn)
390 self.assertCmdSuccess(result, out, err)
391 self.assertEquals(err, "", "There shouldn't be any error message")
392 self.assertIn('Created ou "%s"' % full_ou_dn, out)
394 for user in self.users:
395 (result, out, err) = self.runsubcmd(
396 "user", "move", user["name"], full_ou_dn)
397 self.assertCmdSuccess(result, out, err, "Error running move")
398 self.assertIn('Moved user "%s" into "%s"' %
399 (user["name"], full_ou_dn), out)
401 # Should fail as users objects are in OU
402 (result, out, err) = self.runsubcmd("ou", "delete", full_ou_dn)
403 self.assertCmdFail(result)
404 self.assertIn(("subtree_delete: Unable to delete a non-leaf node "
405 "(it has %d children)!") % len(self.users), err)
407 for user in self.users:
408 new_dn = "CN=Users,%s" % self.samdb.domain_dn()
409 (result, out, err) = self.runsubcmd(
410 "user", "move", user["name"], new_dn)
411 self.assertCmdSuccess(result, out, err, "Error running move")
412 self.assertIn('Moved user "%s" into "%s"' %
413 (user["name"], new_dn), out)
415 (result, out, err) = self.runsubcmd("ou", "delete", full_ou_dn)
416 self.assertCmdSuccess(result, out, err,
417 "Failed to delete ou '%s'" % full_ou_dn)
419 def test_getpwent(self):
423 self.skipTest("Skipping getpwent test, no 'pwd' module available")
426 # get the current user's data for the test
429 u = pwd.getpwuid(uid)
431 self.skipTest("Skipping getpwent test, current EUID not found in NSS")
435 # samba-tool user create command didn't support users with empty gecos if none is
436 # specified on the command line and the user hasn't one in the passwd file it
437 # will fail, so let's add some contents
440 if (gecos is None or len(gecos) == 0):
442 user = self._randomPosixUser({
450 # check if --rfc2307-from-nss sets the same values as we got from pwd.getpwuid()
451 (result, out, err) = self.runsubcmd("user", "create", user["name"], user["password"],
452 "--surname=%s" % user["surname"],
453 "--given-name=%s" % user["given-name"],
454 "--job-title=%s" % user["job-title"],
455 "--department=%s" % user["department"],
456 "--description=%s" % user["description"],
457 "--company=%s" % user["company"],
458 "--gecos=%s" % user["gecos"],
459 "--rfc2307-from-nss",
460 "-H", "ldap://%s" % os.environ["DC_SERVER"],
461 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
463 self.assertCmdSuccess(result, out, err)
464 self.assertEquals(err, "", "Shouldn't be any error messages")
465 self.assertIn("User '%s' created successfully" % user["name"], out)
467 self._check_posix_user(user)
468 self.runsubcmd("user", "delete", user["name"])
470 # Check if overriding the attributes from NSS with explicit values works
472 # get a user with all random posix attributes
473 user = self._randomPosixUser({"name": u[0]})
474 # create a user with posix attributes from nss but override all of them with the
475 # random ones just obtained
476 (result, out, err) = self.runsubcmd("user", "create", user["name"], user["password"],
477 "--surname=%s" % user["surname"],
478 "--given-name=%s" % user["given-name"],
479 "--job-title=%s" % user["job-title"],
480 "--department=%s" % user["department"],
481 "--description=%s" % user["description"],
482 "--company=%s" % user["company"],
483 "--rfc2307-from-nss",
484 "--gecos=%s" % user["gecos"],
485 "--login-shell=%s" % user["loginShell"],
486 "--uid=%s" % user["uid"],
487 "--uid-number=%s" % user["uidNumber"],
488 "--gid-number=%s" % user["gidNumber"],
489 "-H", "ldap://%s" % os.environ["DC_SERVER"],
490 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
492 self.assertCmdSuccess(result, out, err)
493 self.assertEquals(err, "", "Shouldn't be any error messages")
494 self.assertIn("User '%s' created successfully" % user["name"], out)
496 self._check_posix_user(user)
497 self.runsubcmd("user", "delete", user["name"])
499 def _randomUser(self, base={}):
500 """create a user with random attribute values, you can specify base attributes"""
502 "name": self.randomName(),
503 "password": self.randomPass(),
504 "surname": self.randomName(),
505 "given-name": self.randomName(),
506 "job-title": self.randomName(),
507 "department": self.randomName(),
508 "company": self.randomName(),
509 "description": self.randomName(count=100),
510 "createUserFn": self._create_user,
511 "checkUserFn": self._check_user,
516 def _randomPosixUser(self, base={}):
517 """create a user with random attribute values and additional RFC2307
518 attributes, you can specify base attributes"""
519 user = self._randomUser({})
522 "uid": self.randomName(),
523 "loginShell": self.randomName(),
524 "gecos": self.randomName(),
525 "uidNumber": self.randomXid(),
526 "gidNumber": self.randomXid(),
527 "createUserFn": self._create_posix_user,
528 "checkUserFn": self._check_posix_user,
530 user.update(posixAttributes)
534 def _check_user(self, user):
535 """ check if a user from SamDB has the same attributes as its template """
536 found = self._find_user(user["name"])
538 self.assertEquals("%s" % found.get("name"), "%(given-name)s %(surname)s" % user)
539 self.assertEquals("%s" % found.get("title"), user["job-title"])
540 self.assertEquals("%s" % found.get("company"), user["company"])
541 self.assertEquals("%s" % found.get("description"), user["description"])
542 self.assertEquals("%s" % found.get("department"), user["department"])
544 def _check_posix_user(self, user):
545 """ check if a posix_user from SamDB has the same attributes as its template """
546 found = self._find_user(user["name"])
548 self.assertEquals("%s" % found.get("loginShell"), user["loginShell"])
549 self.assertEquals("%s" % found.get("gecos"), user["gecos"])
550 self.assertEquals("%s" % found.get("uidNumber"), "%s" % user["uidNumber"])
551 self.assertEquals("%s" % found.get("gidNumber"), "%s" % user["gidNumber"])
552 self.assertEquals("%s" % found.get("uid"), user["uid"])
553 self._check_user(user)
555 def _create_user(self, user):
556 return self.runsubcmd("user", "create", user["name"], user["password"],
557 "--surname=%s" % user["surname"],
558 "--given-name=%s" % user["given-name"],
559 "--job-title=%s" % user["job-title"],
560 "--department=%s" % user["department"],
561 "--description=%s" % user["description"],
562 "--company=%s" % user["company"],
563 "-H", "ldap://%s" % os.environ["DC_SERVER"],
564 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
566 def _create_posix_user(self, user):
567 """ create a new user with RFC2307 attributes """
568 return self.runsubcmd("user", "create", user["name"], user["password"],
569 "--surname=%s" % user["surname"],
570 "--given-name=%s" % user["given-name"],
571 "--job-title=%s" % user["job-title"],
572 "--department=%s" % user["department"],
573 "--description=%s" % user["description"],
574 "--company=%s" % user["company"],
575 "--gecos=%s" % user["gecos"],
576 "--login-shell=%s" % user["loginShell"],
577 "--uid=%s" % user["uid"],
578 "--uid-number=%s" % user["uidNumber"],
579 "--gid-number=%s" % user["gidNumber"],
580 "-H", "ldap://%s" % os.environ["DC_SERVER"],
581 "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
583 def _find_user(self, name):
584 search_filter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(name), "CN=Person,CN=Schema,CN=Configuration", self.samdb.domain_dn())
585 userlist = self.samdb.search(base=self.samdb.domain_dn(),
586 scope=ldb.SCOPE_SUBTREE,
587 expression=search_filter, attrs=[])